my $configinput = "${General::swroot}/forward/input";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $netsettings = "${General::swroot}/ethernet/settings";
my $errormessage='';
+my $orange;
+my $green;
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW";
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configfwdfw, \%configfwdfw);
&General::readhasharray($configinput, \%configinputfw);
&General::readhasharray($configgrp, \%customgrp);
&p2pblock;
system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
- &p2pblock;
- system ("/usr/sbin/firewall-forward-policy");
- system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
- }elsif($fwdfwsettings{'POLICY'} eq 'MODE0'){
- system ("/usr/sbin/firewall-forward-policy");
+ if ($defaultNetworks{'ORANGE_DEV'}){
+ $defaultNetworks{'ORANGE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'ORANGE_NETMASK'});
+ $defaultNetworks{'GREEN_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'GREEN_NETMASK'});
+ $orange="$defaultNetworks{'ORANGE_ADDRESS'}/$defaultNetworks{'ORANGE_NETMASK'}";
+ $green="$defaultNetworks{'GREEN_ADDRESS'}/$defaultNetworks{'GREEN_NETMASK'}";
+ #set default rules for DMZ
+ system ("iptables -A $CHAIN -s $orange -d $green -j RETURN");
+ &p2pblock;
+ }
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
+ system ("/usr/sbin/firewall-forward-policy");
}
}
}
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
- #check if net or broadcast
+ #check if net
my @tmp= split (/\./,$ip);
- if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+ if ($tmp[3] eq "0")
{
$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
}
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
- if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
}else{
- if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
+ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) && $tcidr ne '32' ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
-
-
- if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
$errormessage.=$Lang::tr{'fwdfw err prot'};
}
#check source and destination protocol if source manual and dest servicegrp