X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=fde7e5e8298f58fe31332fd9420ae80ec8e8eed7;hp=904135b7d4fd28fee0be01650ce56934ad7dc4af;hb=8cdfbf5aeb365378deb2ff2b5f18a83a2fcfe82c;hpb=ec6fd189ee94eb5fb8f969ff71b9ffae9e13a37c diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 904135b7d..fde7e5e82 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -63,6 +63,8 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); +my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE"); + my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -100,71 +102,70 @@ my @protocols; #### JAVA SCRIPT #### print< - \$(document).ready(function() { - // Hide sourceport area when no sourceport is used - if (! \$("#USE_SRC_PORT").attr("checked")) { - toggle_elements('#srcport'); + var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"]; + + var update_protocol = function() { + var protocol = \$("#protocol").val(); + + if (protocol === undefined) + return; + + // Check if a template is/should be used. + if (protocol === "template") { + \$("#PROTOCOL_TEMPLATE").show(); + } else { + \$("#PROTOCOL_TEMPLATE").hide(); } - // Hide targetport area when no targetport is used - if (! \$("#USESRV").attr("checked")) { - toggle_elements('#targetport'); + + // Check if we are dealing with a protocol, that knows ports. + if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) { + \$("#PROTOCOL_PORTS").show(); + } else { + \$("#PROTOCOL_PORTS").hide(); } - // When nat not used, hide it - if (! \$("#nat").attr("checked")) { - toggle_elements('#natpart'); + + // Handle ICMP. + if (protocol === "ICMP") { + \$("#PROTOCOL_ICMP_TYPES").show(); + } else { + \$("#PROTOCOL_ICMP_TYPES").hide(); } - // When protocol dropdown is changed, check if we selected icmp - then show icmp-types - \$("#prt").change(function(){ - if ( \$("#PROT").val() === 'ICMP' ){ - \$('#PROTOKOLL').show(); - } - else{ - \$('#PROTOKOLL').hide(); - } - }); - // When Prot not icmp, hide icmp-types - if ( ! \$("#PROT").val() == 'ICMP') { - \$('#PROTOKOLL').hide(); + }; + + \$(document).ready(function() { + \$("#protocol").change(update_protocol); + update_protocol(); + + // When nat not used, hide it + if (! \$("#USE_NAT").attr("checked")) { + \$(".NAT").hide(); } // Show NAT area when "use nat" checkbox is clicked - \$( "#nat" ).change(function() { - toggle_elements('#natpart'); + \$("#USE_NAT").change(function() { + \$(".NAT").toggle(); }); - // Show Sourceport area when "use sourceport" checkbox is clicked - \$( "#spt" ).change(function() { - toggle_elements('#srcport'); - }); - // Show Targetport area when "use Targetport" checkbox is clicked - \$( "#tpt" ).change(function() { - toggle_elements('#targetport'); + + // Time constraints + if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) { + \$("#TIME_CONSTRAINTS").hide(); + } + \$("#USE_TIME_CONSTRAINTS").change(function() { + \$("#TIME_CONSTRAINTS").toggle(); }); + // Automatically select radio buttons when corresponding // dropdown menu changes. \$("select").change(function() { var id = \$(this).attr("name"); - //When using SNAT or DNAT, check "USE NAT" Checkbox - if ( id === 'snat' || id === 'dnat') { + + // When using SNAT or DNAT, check "USE NAT" Checkbox + if (id === 'snat' || id === 'dnat') { \$('#USE_NAT').prop('checked', true); } \$('#' + id).prop("checked", true); }); }); -function checkradio(a){ - \$(a).attr('checked', true); -} -function toggle_elements( id ) { - \$(id).toggle(); - if(! \$("targetport:visible") && \$("#PROT").val() === 'ICMP' ) - { - \$('#PROTOKOLL').show(); - } - if(\$("targetport:visible") && \$("#PROT").val() === 'ICMP' ) - { - \$('#PROTOKOLL').hide(); - } - return true; -} END @@ -175,6 +176,23 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); &General::readhasharray("$configoutgoing", \%configoutgoingfw); + #Set Variables according to the JQuery code in protocol section + if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') + { + if ($fwdfwsettings{'SRC_PORT'} ne '') + { + $fwdfwsettings{'USE_SRC_PORT'} = 'ON'; + } + if ($fwdfwsettings{'TGT_PORT'} ne '') + { + $fwdfwsettings{'USESRV'} = 'ON'; + $fwdfwsettings{'grp3'} = 'TGT_PORT'; + } + } + if ($fwdfwsettings{'PROT'} eq 'template') + { + $fwdfwsettings{'USESRV'} = 'ON'; + } $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} @@ -367,7 +385,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &newrule; }else{ if($fwdfwsettings{'nosave2'} ne 'on'){ - &rules; + &General::firewall_config_changed(); } &base; } @@ -386,7 +404,7 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) @@ -399,12 +417,12 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'}) { - &reread_rules; + &General::firewall_reload(); &base; } if ($fwdfwsettings{'ACTION'} eq 'editrule') @@ -439,14 +457,32 @@ if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset') sub addrule { &error; - if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; - } + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'}); - print "
"; - print ""; - print ""; - print"
"; + print < + + + + +
+ + +END + + if (&General::firewall_needs_reload()) { + print < +END + } + + print < +
+ + +
+END &Header::closebox(); &viewtablerule; } @@ -559,10 +595,6 @@ sub checktarget #check DNAT settings (has to be single Host and single Port or portrange) if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ - if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){ - $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; - return $errormessage; - } #check if manual ip is a single Host (if set) if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}}); @@ -830,7 +862,7 @@ sub checkrule return; } #when icmp selected, no targetport allowed - if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ + if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ $errormessage.=$Lang::tr{'fwdfw err prot_port'}; return; } @@ -881,6 +913,12 @@ sub checkrule $fwdfwsettings{'ICMP_TYPES'}=''; $fwdfwsettings{'USESRV'}=''; $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){ $fwdfwsettings{'ICMP_TYPES'}=''; $fwdfwsettings{'PROT'} = ''; @@ -970,7 +1008,7 @@ sub deleterule delete $delhash{$last_key}; &General::writehasharray($fwdfwsettings{'config'}, \%delhash); - &rules; + &General::firewall_config_changed(); if($fwdfwsettings{'nobase'} ne 'on'){ &base; @@ -986,7 +1024,7 @@ sub disable_rule } } &General::writehasharray("$configfwdfw", \%configfwdfw); - &rules; + &General::firewall_config_changed(); } sub dec_counter { @@ -1614,11 +1652,18 @@ END #---SNAT / DNAT ------------------------------------------------ &Header::openbox('100%', 'left', 'NAT'); print< -
$Lang::tr{'fwdfw use nat'}
-
- - + +
+
$Lang::tr{'fwdfw dnat'}
+ + + + END print""; - $fwdfwsettings{'dnatport'}=~ tr/|/,/; - print""; - print""; #SNAT print""; print"
+ + $Lang::tr{'fwdfw dnat'}Firewall:
Port:

$Lang::tr{'fwdfw snat'}Firewall:
"; - print"

"; + print""; &Header::closebox(); #---TARGET------------------------------------------------------ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'}); @@ -1677,30 +1719,50 @@ END &Header::closebox; #---PROTOCOL------------------------------------------------------ &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'}); + #Fix Protocol for JQuery + if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ + $fwdfwsettings{'PROT'} = 'template'; + } print< -
+ +
+
"; print< + +
$Lang::tr{'fwhost icmptype'} +
+ + +
+ + + + -
$Lang::tr{'fwhost icmptype'} +



-END - #SOURCEPORT - print<
-
- -
$Lang::tr{'fwdfw use srcport'}
-
- -END - $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g; - print< -
$Lang::tr{'fwdfw man port'}

+ + print < + + + + END - #TARGETPORT - print<
-
-
$Lang::tr{'fwdfw use srv'}
-
+ +
$Lang::tr{'fwhost cust service'} + + + + + + + + + + + + + + + + +
+ $Lang::tr{'fwdfw use srcport'} + + + + + $Lang::tr{'fwdfw use srv'} + + +
$Lang::tr{'fwdfw external port nat'}: + +
+ + +
+ + + + - + + + + - -END - $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g; - print< -
+ + $Lang::tr{'fwhost cust service'} + +
$Lang::tr{'fwhost cust srvgrp'} +
+ + $Lang::tr{'fwhost cust srvgrp'} + +
$Lang::tr{'fwdfw man port'}

+ +
+
+ +


END + &Header::closebox; + + $checked{"RULE_ACTION"} = (); + foreach ("ACCEPT", "DROP", "REJECT") { + $checked{"RULE_ACTION"}{$_} = ""; + } + + if($fwdfwsettings{'updatefwrule'} eq 'on') { + $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked"; + } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') { + $checked{"RULE_ACTION"}{"ACCEPT"} = "checked"; + } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') { + $checked{"RULE_ACTION"}{"DROP"} = "checked"; + } + + print <
+ +
+ + + + + + + + + + + +
+  
  + 		+  
  + 		+  
  +
+ + + + + +
+
+ +
+END + #---Activate/logging/remark------------------------------------- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'}); print< - $Lang::tr{'fwdfw rule action'}"; print"$Lang::tr{'remark'}:"; if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){ print "$Lang::tr{'fwdfw rulepos'}:$Lang::tr{'fwdfw rule activate'} - $Lang::tr{'fwdfw log rule'} -
+ + + END - &Header::closebox(); - #---ADD TIMEFRAME----------------------------------------------- - &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'}); - print< - - - - - - - - - - - - - - - - - - + +END + } else { + print < + + +END + } + + print < + + + + + + + + + + + +
$Lang::tr{'fwdfw timeframe'}
 
$Lang::tr{'time'}: $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}$Lang::tr{'advproxy from'}$Lang::tr{'advproxy to'}
+ $Lang::tr{'fwdfw rule activate'}
+ + $Lang::tr{'fwdfw log rule'}
+ + $Lang::tr{'fwdfw timeframe'}
+ + + + + + + + + + + + + + + + + + + + + + -
 $Lang::tr{'advproxy monday'}$Lang::tr{'advproxy tuesday'}$Lang::tr{'advproxy wednesday'}$Lang::tr{'advproxy thursday'}$Lang::tr{'advproxy friday'}$Lang::tr{'advproxy saturday'}$Lang::tr{'advproxy sunday'} 
  + ‐ +

+ +
+ + + +
END + #---ACTION------------------------------------------------------ if($fwdfwsettings{'updatefwrule'} ne 'on'){ print< $fwdfwsettings{'oldrulenumber'}){ my %tmp=(); my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'}; @@ -2124,7 +2294,7 @@ sub saverule $fwdfwsettings{'oldrulenumber'}++; } &General::writehasharray("$config", $hash); - &rules; + &General::firewall_config_changed(); } } } @@ -2176,9 +2346,34 @@ sub viewtablenew my $tooltip; my @tmpsrc=(); my $coloryellow=''; - print"$title1
"; - print""; - print""; + print <$title1 +
+ +
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'fwdfw action'}
+ + + + + + + + + +END + foreach my $key (sort {$a <=> $b} keys %$hash){ $tdcolor=''; @tmpsrc=(); @@ -2229,11 +2424,13 @@ sub viewtablenew $color="$color{'color20'}"; } } - print""; - #KEY print<$key   + + END + #RULETYPE (A,R,D) if ($$hash{$key}[0] eq 'ACCEPT'){ $ruletype='A'; @@ -2248,7 +2445,13 @@ END $tooltip='REJECT'; $rulecolor=$color{'color16'}; } - print""; + + print < +    + +END + #Get Protocol my $prot; if ($$hash{$key}[8]){ @@ -2260,6 +2463,7 @@ END }else{ push (@protocols,$Lang::tr{'all'}); } + my $protz=join(",",@protocols); if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); @@ -2313,17 +2517,20 @@ END } #LOGGING print< - + + END #TARGET &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost); print< + - - - + + + + END if (exists $$hash{$key-1}){ print<
- - - - + END }else{ - print""; + print""; } + if (exists $$hash{$key+1}){ print<
- - - - + + END }else{ - print""; + print""; } #REMARK if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){ - print""; - print""; + print < + + + + +END } + if ($$hash{$key}[18] eq 'ON'){ #TIMEFRAME if ($$hash{$key}[18] eq 'ON'){ @@ -2430,7 +2665,7 @@ END my $weekdays=join(",",@days); if (@days){ print""; - print""; + print""; } } }
+ # + + $Lang::tr{'protocol'} + + $Lang::tr{'fwdfw source'} + + Log + + $Lang::tr{'fwdfw target'} + + $Lang::tr{'fwdfw action'} +
+ $key  + $ruletype
- - - -
+
+ + + + +
+ 		END #Is this a DNAT rule? if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){ @@ -2332,7 +2539,7 @@ END $$hash{$key}[30]=~ tr/|/,/; print": $$hash{$key}[30]"; } - print"
->"; + print"
->"; } if ($$hash{$key}[5] eq 'ipfire'){ $ipfireiface='Interface'; @@ -2368,54 +2575,82 @@ END $gif="/images/off.gif" } print<
- - - -
- - - -
- - - -
- - - -
+
+ + + + +
+ 		+
+ + + + +
+ 		+
+ + + + +
+ 		+
+ + + + +
+ 		+
+ + + + +
+
+
+ + + + +
+
   $$hash{$key}[16]
  +   $$hash{$key}[16] +
   $weekdays   $$hash{$key}[26] - $$hash{$key}[27]
   $weekdays   $$hash{$key}[26] - $$hash{$key}[27]