Forward Firewall: added new files
authorAlexander Marx <amarx@ipfire.org>
Fri, 28 Dec 2012 07:26:07 +0000 (08:26 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:02:21 +0000 (14:02 +0200)
config/forwardfw/firewall-lib.pl [new file with mode: 0644]
config/forwardfw/rules.pl [new file with mode: 0755]
config/fwhosts/icmp-types [new file with mode: 0644]
html/cgi-bin/forwardfw.cgi [new file with mode: 0755]
html/cgi-bin/fwhosts.cgi [new file with mode: 0755]

diff --git a/config/forwardfw/firewall-lib.pl b/config/forwardfw/firewall-lib.pl
new file mode 100644 (file)
index 0000000..24b990c
--- /dev/null
@@ -0,0 +1,252 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2012                                                                                                             #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+
+use strict;
+no warnings 'uninitialized';
+
+package fwlib;
+
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %ipsecsettings=();
+my %netsettings=();
+my %ovpnsettings=();
+
+require '/var/ipfire/general-functions.pl';
+
+my $confignet          = "${General::swroot}/fwhosts/customnetworks";
+my $confighost         = "${General::swroot}/fwhosts/customhosts";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configsrv          = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost      = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec                = "${General::swroot}/vpn/config";
+my $configovpn         = "${General::swroot}/ovpn/settings";
+my $val;
+my $field;
+
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
+&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+
+
+&General::readhasharray("$confignet", \%customnetwork);
+&General::readhasharray("$confighost", \%customhost);
+&General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configccdnet", \%ccdnet);
+&General::readhasharray("$configccdhost", \%ccdhost);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhasharray("$configsrv", \%customservice);
+&General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+sub get_srv_prot
+{
+       my $val=shift;
+       foreach my $key (sort keys %customservice){
+               if($customservice{$key}[0] eq $val){
+                       if ($customservice{$key}[0] eq $val){
+                               return $customservice{$key}[2];
+                       }
+               }
+       }
+}
+sub get_srvgrp_prot
+{
+       my $val=shift;
+       my @ips=();
+       my $tcp;
+       my $udp;
+       my $icmp;
+       foreach my $key (sort keys %customservicegrp){
+               if($customservicegrp{$key}[0] eq $val){
+                       if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ 
+                               $tcp=1;
+                       }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ 
+                               $udp=1;
+                       }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
+                               $icmp=1;
+                       } 
+               }
+       }
+       if ($tcp eq '1'){push (@ips,'TCP');}
+       if ($udp eq '1'){push (@ips,'UDP');}
+       if ($icmp eq '1'){push (@ips,'ICMP');}
+       my $back=join(",",@ips);
+       return $back;
+       
+}
+
+
+sub get_srv_port
+{
+       my $val=shift;
+       my $field=shift;
+       my $prot=shift;
+       foreach my $key (sort keys %customservice){
+               if($customservice{$key}[0] eq $val){
+                       if($customservice{$key}[2] eq $prot){
+                               return $customservice{$key}[$field];
+                       }
+               }
+       }
+}
+sub get_srvgrp_port
+{
+       my $val=shift;
+       my $prot=shift;
+       my $back;
+       my $value;
+       my @ips=();
+       foreach my $key (sort keys %customservicegrp){
+               if($customservicegrp{$key}[0] eq $val){
+                       if ($prot ne 'ICMP'){
+                               $value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
+                       }elsif ($prot eq 'ICMP'){
+                               $value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
+                       }
+                       push (@ips,$value) if ($value ne '') ;
+               }
+       }
+       if($prot ne 'ICMP'){
+               if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
+       }elsif ($prot eq 'ICMP'){
+               $back="--icmp-type ";
+       }
+       
+       $back.=join(",",@ips);
+       return $back;
+}
+sub get_ipsec_net_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort keys %ipsecconf){
+               if($ipsecconf{$key}[1] eq $val){
+                       return $ipsecconf{$key}[$field];
+               }
+       }
+}
+sub get_ipsec_host_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort keys %ipsecconf){
+               if($ipsecconf{$key}[1] eq $val){
+                       return $ipsecconf{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_n2n_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort keys %ccdhost){
+               if($ccdhost{$key}[1] eq $val){
+                       return $ccdhost{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_host_ip
+{
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort keys %ccdhost){
+               if($ccdhost{$key}[1] eq $val){
+                       return $ccdhost{$key}[$field];
+               }
+       }
+}
+sub get_ovpn_net_ip
+{
+       
+       my $val=shift;
+       my $field=shift;
+       foreach my $key (sort keys %ccdnet){
+               if($ccdnet{$key}[0] eq $val){
+                       return $ccdnet{$key}[$field];
+               }
+       }
+}
+sub get_grp_ip
+{
+       my $val=shift;
+       my $src=shift;
+       foreach my $key (sort keys %customgrp){
+               if ($customgrp{$key}[0] eq $val){
+                       &get_address($customgrp{$key}[3],$src);
+               }
+       }               
+       
+}
+sub get_std_net_ip
+{
+       my $val=shift;
+       if ($val eq 'ALL'){
+               return "0.0.0.0/0.0.0.0";
+       }elsif($val eq 'GREEN'){
+               return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+       }elsif($val eq 'ORANGE'){
+               return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+       }elsif($val eq 'BLUE'){
+               return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+       }elsif($val =~ /OpenVPN/i){
+               return "$ovpnsettings{'DOVPN_SUBNET'}";
+       }elsif($val =~ /IPsec/i){
+               return "$ipsecsettings{'RW_NET'}";
+       }
+}
+sub get_net_ip
+{
+       my $val=shift;
+       foreach my $key (sort keys %customnetwork){
+               if($customnetwork{$key}[0] eq $val){
+                       return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
+               }  
+       }
+}
+sub get_host_ip
+{
+       my $val=shift;
+       my $src=shift;
+       foreach my $key (sort keys %customhost){
+               if($customhost{$key}[0] eq $val){
+                       if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
+                       return "-m mac --mac-source $customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
+                               return "$customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
+                               return "$customhost{$key}[2]";
+                       }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
+                               return "none";
+                       }
+               }  
+       }
+}
+
+return 1;
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
new file mode 100755 (executable)
index 0000000..d6bd3c9
--- /dev/null
@@ -0,0 +1,334 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2012                                                                                                             #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                                                                                                        #
+# Hi folks! I hope this code is useful for all. I needed something to handle  #
+# my VPN Connections in a comfortable way.                                                               #
+# This script builds firewallrules from the webinterface                      #
+###############################################################################
+
+
+use strict;
+no warnings 'uninitialized';
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+my %fwdfwsettings=();
+my %defaultNetworks=();
+my %configfwdfw=();
+my %color=();
+my %icmptypes=();
+my %ovpnSettings=();
+my %customgrp=();
+our %sourcehash=();
+our %targethash=();
+my @timeframe=();
+my %configinputfw=();
+my %aliases=();
+my @DPROT=();
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+my $configfwdfw                = "${General::swroot}/forward/config";
+my $configinput            = "${General::swroot}/forward/input";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $errormessage='';
+my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
+my $CHAIN="FORWARDFW";
+
+
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhasharray($configfwdfw, \%configfwdfw);
+&General::readhasharray($configinput, \%configinputfw);
+&General::readhasharray($configgrp, \%customgrp);
+&General::get_aliases(\%aliases);
+
+################################
+#    DEBUG/TEST                #
+################################
+my $MODE=0;     # 0 - normal operation
+                               # 1 - print configline and rules to console     
+                               # 
+################################               
+my $param=shift;
+
+if($param eq 'flush'){
+       if ($MODE eq '1'){
+               print " Flushing chains...\n";
+       }
+       &flush;
+}else{
+       if ($MODE eq '1'){
+               print " Flushing chains...\n";
+       }
+       &flush;
+       if ($MODE eq '1'){
+               print " Preparing rules...\n";
+       }
+       &preparerules;
+       if($MODE eq '0'){
+               if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+                       system ("iptables -A $CHAIN -j DROP"); 
+               }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
+                       system ("iptables -A $CHAIN -j ACCEPT");
+               }
+       }
+}
+
+sub flush
+{
+       system ("iptables -F FORWARDFW");
+       system ("iptables -F INPUTFW");
+}                      
+sub preparerules
+{
+       if (! -z  "${General::swroot}/forward/config"){
+               &buildrules(\%configfwdfw);
+       }
+       if (! -z  "${General::swroot}/forward/input"){
+               &buildrules(\%configinputfw);
+       }
+}
+sub buildrules
+{
+       my $hash=shift;
+       foreach my $key (sort keys %$hash){
+               if($$hash{$key}[2] eq 'ON'){
+                       #get source ip's
+                       if ($$hash{$key}[3] eq 'cust_grp_src'){
+                               foreach my $grp (sort keys %customgrp){
+                                               if($customgrp{$grp}[0] eq $$hash{$key}[4]){
+                                               &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
+                                       }
+                               }
+                       }else{
+                               &get_address($$hash{$key}[3],$$hash{$key}[4],"src");
+                       }
+                       #get target ip's
+                       if ($$hash{$key}[5] eq 'cust_grp_tgt'){
+                               foreach my $grp (sort keys %customgrp){
+                                       if($customgrp{$grp}[0] eq $$hash{$key}[6]){
+                                               &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
+                                       }
+                               }
+                       }elsif($$hash{$key}[5] eq 'ipfire'){
+                               
+                               if($$hash{$key}[6] eq 'Default IP'){
+                                       open(FILE, "/var/ipfire/red/local-ipaddress") or die 'Unable to open config file.';
+                                       $targethash{$key}[0]= <FILE>;
+                                       close(FILE);
+                               }else{
+                                       foreach my $alias (sort keys %aliases){
+                                               if ($$hash{$key}[6] eq $alias){
+                                                       $targethash{$key}[0]=$aliases{$alias}{'IPT'};
+                                               }
+                                       }
+                               }
+                       }else{
+                               &get_address($$hash{$key}[5],$$hash{$key}[6],"tgt");
+                       }
+                       
+                       ##get source prot and port
+                       $SRC_TGT='SRC';
+                       $SPROT = &get_prot($hash,$key);
+                       $SPORT = &get_port($hash,$key);
+                       $SRC_TGT='';
+                       
+                       ##get target prot and port
+                       $DPROT=&get_prot($hash,$key);
+                                       
+                       if ($DPROT eq ''){$DPROT=' ';}                          
+                       @DPROT=split(",",$DPROT);
+                               
+                                               
+                       #get time if defined
+                       if($$hash{$key}[18] eq 'ON'){
+                               if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
+                               if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");}
+                               if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");}
+                               if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");}
+                               if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");}
+                               if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
+                               if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
+                               $TIME=join(",",@timeframe);
+                               $TIMEFROM="--timestart $$hash{$key}[26] ";
+                               $TIMETILL="--timestop $$hash{$key}[27] ";
+                               $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
+                       }
+                                       
+                       if ($MODE eq '1'){      
+                               print "NR:$key ";
+                               foreach my $i (0 .. $#{$$hash{$key}}){
+                                       print "$i: $$hash{$key}[$i]  ";
+                               }
+                               print "\n";
+                               print"##################################\n";
+                               #print rules to console
+                               
+                               foreach my $DPROT (@DPROT){
+                                       $DPORT = &get_port($hash,$key,$DPROT);
+                                       if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+                                       $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+                                       foreach my $a (sort keys %sourcehash){
+                                               foreach my $b (sort keys %targethash){
+                                                       if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
+                                                               if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                               print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+                                                                       }
+                                                                       print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n"; 
+                                                               }                               
+                                                       }
+                                               }
+                                       }
+                                       print"\n";
+                               }
+                       
+                       }elsif($MODE eq '0'){
+                               foreach my $DPROT (@DPROT){
+                                       $DPORT = &get_port($hash,$key,$DPROT);
+                                       if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+                                       $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+                                       foreach my $a (sort keys %sourcehash){
+                                               foreach my $b (sort keys %targethash){
+                                                       if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
+                                                               if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                               system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
+                                                                       }
+                                                                       system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]"); 
+                                                               }                               
+                                                       }
+                                               }
+                                       }
+                                       print"\n";
+                               }
+                       }
+               }
+               %sourcehash=();
+               %targethash=();
+               undef $TIME;
+               undef $TIMEFROM;
+               undef $TIMETILL;
+       }
+}
+sub get_address
+{
+       my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
+       my $base2=shift;
+       my $type=shift; #src or tgt
+       my $hash;
+       if ($type eq 'src'){
+               $hash=\%sourcehash;     
+       }else{
+               $hash=\%targethash;
+       }
+       my $key = &General::findhasharraykey($hash);
+       if($base eq 'src_addr' || $base eq 'tgt_addr' ){
+               $$hash{$key}[0] = $configfwdfw{$key}[4];
+       }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
+               $$hash{$key}[0]=&fwlib::get_std_net_ip($base2);
+       }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
+               $$hash{$key}[0]=&fwlib::get_net_ip($base2);
+       }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){
+               $$hash{$key}[0]=&fwlib::get_host_ip($base2,$type);
+       }elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1);
+       }elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33);
+       }elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){
+               $$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,27);
+       }elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
+               $$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+       }
+}
+sub get_prot
+{
+       my $hash=shift;
+       my $key=shift;
+       if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+               if ($$hash{$key}[10] ne ''){
+                       return"$$hash{$key}[8]";
+               }elsif($$hash{$key}[9] ne ''){
+                       return"$$hash{$key}[8]";
+               }else{
+                       return "$$hash{$key}[8]";
+               }
+       }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+               if ($$hash{$key}[14] eq 'TGT_PORT'){
+                       if ($$hash{$key}[15] ne ''){
+                               return "$$hash{$key}[12]";
+                       }elsif($$hash{$key}[13] ne ''){
+                               return "$$hash{$key}[12]";
+                       }else{
+                               return "$$hash{$key}[12]";
+                       }
+               }elsif($$hash{$key}[14] eq 'cust_srv'){
+                       return &fwlib::get_srv_prot($$hash{$key}[15]);
+                       
+               }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+                       return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+               }
+       }
+}
+sub get_port
+{
+       my $hash=shift;
+       my $key=shift;
+       my $prot=shift;
+       if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+               if ($$hash{$key}[10] ne ''){
+                       return "--sport $$hash{$key}[10] ";
+               }elsif($$hash{$key}[9] ne ''){
+                       return "--icmp-type $$hash{$key}[9] ";
+               }
+       }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+               
+               if($$hash{$key}[14] eq 'TGT_PORT'){
+                       if ($$hash{$key}[15] ne ''){
+                               return "--dport $$hash{$key}[15] ";
+                       }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
+                               return "--icmp-type $$hash{$key}[13] ";
+                       }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
+                               return;
+                       }
+               }elsif($$hash{$key}[14] eq 'cust_srv'){
+                       if ($prot ne 'ICMP'){
+                               return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+                       }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
+                               return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
+                       }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
+                               return;
+                       }
+               }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+                       if      ($prot ne 'ICMP'){
+                               return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+                       }
+                       elsif($prot eq 'ICMP'){
+                               return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+                       }
+                       
+                       
+               }
+       }
+}
diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types
new file mode 100644 (file)
index 0000000..d41cdbf
--- /dev/null
@@ -0,0 +1,36 @@
+0,echo-reply (pong),0
+1,destination-unreachable,3
+2,network-unreachable,3/0
+3,host-unreachable,3/1
+4,protocol-unreachable,3/2
+5,port-unreachable,3/3
+6,fragmentation-needed,3/4
+7,source-route-failed,3/5
+8,network-unknown,3/6
+9,host-unknown,3/7
+10,network-prohibited,3/9
+11,host-prohibited,3/10
+12,TOS-network-unreachable,3/11
+13,TOS-host-unreachable,3/12
+14,communication-prohibited,3/13
+15,host-precedence-violation,3/14
+16,precedence-cutoff,3/15
+17,source-quench,4
+18,redirect,5
+19,network-redirect,5/0
+20,host-redirect,5/1
+21,TOS-network-redirect,5/2
+22,TOS-host-redirect,5/3
+23,echo-request (ping),8
+24,router-advertisement,9
+25,router-solicitation,10
+26,time-exceeded (ttl-exceeded),11
+27,ttl-zero-during-transit,11/0
+28,ttl-zero-during-reassembly,11/1
+29,parameter-problem,12
+30,ip-header-bad,12/0
+31,required-option-missing,12/1
+32,timestamp-request,13
+33,timestamp-reply,14
+34,address-mask-request,17
+35,address-mask-reply,18
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
new file mode 100755 (executable)
index 0000000..be2f0cf
--- /dev/null
@@ -0,0 +1,1772 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2012                                                                                                 #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                                                                                                        #
+# Hi folks! I hope this code is useful for all. I needed something to handle  #
+# my VPN Connections in a comfortable way. As a prerequisite i needed            #
+# something that makes sure the vpn roadwarrior are able to have a fixed         #
+# ip-address. So i developed the ccd extension for the vpn server.                       #
+#                                                                                                                                                        #
+# Now that the ccd extension is ready i am able to develop the main request.  #
+# Any feedback is appreciated.                                                                                           #
+#                                                                                                                                                        #
+#                                                                                                                                                        #
+###############################################################################
+
+use strict;
+no warnings 'uninitialized';
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+unless (-d "${General::swroot}/forward")                       { system("mkdir ${General::swroot}/forward"); }
+unless (-e "${General::swroot}/forward/settings")   { system("touch ${General::swroot}/forward/settings"); }
+unless (-e "${General::swroot}/forward/config")        { system("touch ${General::swroot}/forward/config"); }
+unless (-e "${General::swroot}/forward/input")         { system("touch ${General::swroot}/forward/input"); }
+
+my %fwdfwsettings=();
+my %selected=() ;
+my %defaultNetworks=();
+my %netsettings=();
+my %customhost=();
+my %customgrp=();
+my %customnetworks=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %customnetwork=();
+my %ccdhost=();
+my %configfwdfw=();
+my %configinputfw=();
+my %ipsecconf=();
+my %color=();
+my %mainsettings=();
+my %checked=();
+my %icmptypes=();
+my %ovpnsettings=();
+my %ipsecsettings=();
+my %aliases=();
+my $color;
+my $confignet          = "${General::swroot}/fwhosts/customnetworks";
+my $confighost         = "${General::swroot}/fwhosts/customhosts";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configsrv          = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost      = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec                = "${General::swroot}/vpn/config";
+my $configipsecrw      = "${General::swroot}/vpn/settings";
+my $configfwdfw                = "${General::swroot}/forward/config";
+my $configinput                = "${General::swroot}/forward/input";
+my $configovpn         = "${General::swroot}/ovpn/settings";
+
+my $errormessage='';
+my $hint='';
+my $ipgrp="${General::swroot}/outgoing/groups";
+
+
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+&Header::getcgihash(\%fwdfwsettings);
+&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openbigbox('100%', 'center',$errormessage);
+####  ACTION  #####
+
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'})
+{
+       my $MODE = $fwdfwsettings{'POLICY'};
+       %fwdfwsettings = ();
+       $fwdfwsettings{'POLICY'} = "$MODE";
+       &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+       &reread_rules;
+}
+if ($fwdfwsettings{'ACTION'} eq 'saverule')
+{
+       &General::readhasharray("$configfwdfw", \%configfwdfw);
+       &General::readhasharray("$configinput", \%configinputfw);
+       $errormessage=&checksource;
+       if(!$errormessage){&checktarget;}
+       if(!$errormessage){&checkrule;}
+               
+       #check if we change an forward rule to an external access
+       if(     $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
+               $fwdfwsettings{'updatefwrule'}='';
+               $fwdfwsettings{'config'}=$configfwdfw;
+               $fwdfwsettings{'nobase'}='on';
+               &deleterule;
+       }
+               
+       #check if we change an external access rule to an forward
+       if(     $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
+               $fwdfwsettings{'updatefwrule'}='';
+               $fwdfwsettings{'config'}=$configinput;
+               $fwdfwsettings{'nobase'}='on';
+               &deleterule;
+       }       
+               
+       #INPUT part
+       if($fwdfwsettings{'grp2'} eq 'ipfire'){
+               $fwdfwsettings{'chain'} = 'INPUTFW';
+               #check if we have an identical rule already
+               foreach my $key (sort keys %configinputfw){
+                       if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" 
+                               eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+                                $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+                       }               
+               }       
+               
+                       &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+                       if ($fwdfwsettings{'nobase'} ne 'on'){
+                               &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+                       }
+                       
+                       if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
+                               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+                       }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+                               &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+                       }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+                               &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+                       }
+                       
+                       if ($fwdfwsettings{'nobase'} eq 'on'){
+                               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+                       }
+                       
+               
+               &saverule(\%configinputfw,$configinput);
+               
+               #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+               #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
+               #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+               #print "Dienst:  $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+               #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
+               #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
+               #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
+               #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
+               #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
+               #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
+               #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
+               #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
+               #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
+               #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
+               #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
+               #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
+               #print "<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'}       NEU:    $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'}       NEU:    $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'}       NEU:    $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+               #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'}  DIENSTE Checkneu:$fwdfwsettings{'USESRV'}    DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'}   DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+       
+               
+               
+       }else{
+               $fwdfwsettings{'chain'} = 'FORWARDFW';
+               #check if we have an identical rule already
+               foreach my $key (sort keys %configfwdfw){
+                                       
+                       if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" 
+                               eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
+                                       $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+                       }               
+               }       
+               #increase counters
+               &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               
+               &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+               
+               if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
+                       &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+               }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+               }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+               }
+               
+               if ($fwdfwsettings{'nobase'} eq 'on'){
+                       &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+               }
+               
+               
+               &saverule(\%configfwdfw,$configfwdfw);
+                               
+               #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+               #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
+               #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+               #print "Dienst:  $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+               #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}<br>";
+               #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}<br>";
+               #print " Regel LOG: $fwdfwsettings{'LOG'}<br>";
+               #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}<br>";
+               #print " MO: $fwdfwsettings{'TIME_MON'}<br>";
+               #print " DI: $fwdfwsettings{'TIME_TUE'}<br>";
+               #print " MI: $fwdfwsettings{'TIME_WED'}<br>";
+               #print " DO: $fwdfwsettings{'TIME_THU'}<br>";
+               #print " FR: $fwdfwsettings{'TIME_FRI'}<br>";
+               #print " SA: $fwdfwsettings{'TIME_SAT'}<br>";
+               #print " SO: $fwdfwsettings{'TIME_SUN'}<br>";
+               #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}<br>";
+               #print "<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'}       NEU:    $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'}       NEU:    $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
+               #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'}       NEU:    $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+               #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'}  DIENSTE Checkneu:$fwdfwsettings{'USESRV'}    DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'}   DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
+       
+               
+               
+       }
+       if ($errormessage){
+               &newrule;
+       }else{
+               &rules;
+               &base;
+       }
+       
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
+{
+       &General::readhasharray("$configfwdfw", \%configfwdfw);
+       foreach my $key (sort keys %configfwdfw){
+               &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,);
+               &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,);
+               &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,);
+       }
+               &General::readhasharray("$configinput", \%configinputfw);
+       foreach my $key (sort keys %configinputfw){
+               &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,);
+               &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,);
+               &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,);
+       }
+       $fwdfwsettings{'POLICY'}='MODE0';
+       system("rm ${General::swroot}/forward/config");
+       system("rm ${General::swroot}/forward/input");
+       %fwdfwsettings = ();
+       
+       &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+       unless (-e "${General::swroot}/forward/config")         { system("touch ${General::swroot}/forward/config"); }
+       unless (-e "${General::swroot}/forward/input")          { system("touch ${General::swroot}/forward/input"); }
+       
+       &reread_rules;
+
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
+{
+       &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
+{
+       my %togglehash=();
+       &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+       foreach my $key (sort keys %togglehash){
+               if ($key eq $fwdfwsettings{'key'}){
+                       if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
+               }
+       }
+       &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+       &rules;
+       &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
+{
+       my %togglehash=();
+       &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+       foreach my $key (sort keys %togglehash){
+               if ($key eq $fwdfwsettings{'key'}){
+                       if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
+               }
+       }
+       &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+       &rules;
+       &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+       &reread_rules;
+       &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'editrule')
+{
+       $fwdfwsettings{'updatefwrule'}='on';
+       &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'deleterule')
+{
+       &deleterule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'moveup')
+{
+       &pos_up;
+       &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'movedown')
+{
+       &pos_down;
+       &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'copyrule')
+{
+       $fwdfwsettings{'copyfwrule'}='on';
+       #$fwdfwsettings{'updatefwrule'}='on';
+       &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq '')
+{
+       &base;
+}
+###  Functions  ####
+sub pos_up
+{
+       my %uphash=();
+       my %tmp=();
+       &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
+       foreach my $key (sort keys %uphash){
+               if ($key eq $fwdfwsettings{'key'}) {
+                       my $last = $key -1;
+                       if (exists $uphash{$last}){
+                               #save rule last
+                               foreach my $y (0 .. $#{$uphash{$last}}) {
+                                               $tmp{0}[$y] = $uphash{$last}[$y];
+                               }
+                               #copy active rule to last
+                               foreach my $i (0 .. $#{$uphash{$last}}) {
+                                       $uphash{$last}[$i] = $uphash{$key}[$i];
+                               }
+                               #copy saved rule to actual position
+                               foreach my $x (0 .. $#{$tmp{0}}) {
+                                               $uphash{$key}[$x] = $tmp{0}[$x];
+                               }
+                       }
+               }
+       }
+       &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
+       &rules;
+}
+sub pos_down
+{
+       my %downhash=();
+       my %tmp=();
+       &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
+       foreach my $key (sort keys %downhash){
+               if ($key eq $fwdfwsettings{'key'}) {
+                       my $next = $key + 1;
+                       if (exists $downhash{$next}){
+                               #save rule next
+                               foreach my $y (0 .. $#{$downhash{$next}}) {
+                                               $tmp{0}[$y] = $downhash{$next}[$y];
+                               }
+                               #copy active rule to next
+                               foreach my $i (0 .. $#{$downhash{$next}}) {
+                                       $downhash{$next}[$i] = $downhash{$key}[$i];
+                               }
+                               #copy saved rule to actual position
+                               foreach my $x (0 .. $#{$tmp{0}}) {
+                                               $downhash{$key}[$x] = $tmp{0}[$x];
+                               }
+                       }
+               }
+       }
+       &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
+       &rules;
+}
+sub checkcounter
+{
+       my ($base1,$val1,$base2,$val2) = @_;
+               
+       if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
+               &dec_counter($confignet,\%customnetwork,$val1);
+       }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
+               &dec_counter($confighost,\%customhost,$val1);
+       }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
+               &dec_counter($configgrp,\%customgrp,$val1);
+       }elsif($base1 eq 'cust_srv'){
+               &dec_counter($configsrv,\%customservice,$val1);
+       }elsif($base1 eq 'cust_srvgrp'){
+               &dec_counter($configsrvgrp,\%customservicegrp,$val1);   
+       }
+       
+       if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
+               &inc_counter($confignet,\%customnetwork,$val2);
+       }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
+               &inc_counter($confighost,\%customhost,$val2);
+       }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
+               &inc_counter($configgrp,\%customgrp,$val2);
+       }elsif($base2 eq 'cust_srv'){
+               &inc_counter($configsrv,\%customservice,$val2);
+       }elsif($base2 eq 'cust_srvgrp'){
+               &inc_counter($configsrvgrp,\%customservicegrp,$val2);   
+       }
+}
+sub inc_counter
+{
+       my $config=shift;
+       my %hash=%{(shift)};
+       my $val=shift;
+       my $pos;
+       
+       &General::readhasharray($config, \%hash);
+       foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash){
+               if($hash{$key}[0] eq $val){
+                       $pos=$#{$hash{$key}};
+                       $hash{$key}[$pos] = $hash{$key}[$pos]+1;
+                       
+               }
+       }
+       &General::writehasharray($config, \%hash);
+}
+sub dec_counter
+{
+       my $config=shift;
+       my %hash=%{(shift)};
+       my $val=shift;
+       my $pos;
+       #$errormessage.="ALT:config: $config , verringert wird $val <br>";
+       &General::readhasharray($config, \%hash);
+       foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash){
+               if($hash{$key}[0] eq $val){
+                       $pos=$#{$hash{$key}};
+                       $hash{$key}[$pos] = $hash{$key}[$pos]-1;
+                       
+               }
+       }
+       &General::writehasharray($config, \%hash);
+}
+sub base
+{
+       
+       if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
+       if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
+       if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
+       
+       &hint;
+       if ($fwdfwsettings{'POLICY'} ne 'MODE0'  && $fwdfwsettings{'POLICY'} ne '') {
+               &addrule;
+       }
+       
+       #print"<table width='100' border='1'><tr>";
+       #foreach (0 .. 40){
+               #my $i="color".$_;
+               #print"<td bgcolor='$color{$i}'>$_</td>";
+       #}
+       #print"</tr></table>";
+       &Header::openbox('100%', 'center', 'Policy');
+print <<END;
+       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+       <table width='100%'>
+               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
+               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
+               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
+               <tr><td colspan='3'><hr /></td></tr>
+               <tr><td width='10%' align='left'>       <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
+                   <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
+                   <td width='45%' align='left'>
+END
+       if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) {
+               print "$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />";
+       }
+print "</table></form>";
+       &Header::closebox();
+}
+sub addrule
+{
+       &error;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+       
+       print "<form method='post'>";
+       print "<table border='0'>";
+       print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
+       if (-f "${General::swroot}/forward/reread"){
+               print "<td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}'></td>";
+       }
+               print"</tr></table></form><hr>";        
+
+       &Header::closebox();
+       &viewtablerule;
+       
+}
+sub deleterule
+{
+       my %delhash=();
+       &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
+       foreach my $key (sort keys %delhash){
+               if ($key eq $fwdfwsettings{'key'}){
+                       #check hosts/net and groups
+                       &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
+                       &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
+                       #check services and groups
+                       if ($delhash{$key}[11] eq 'ON'){
+                               &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
+                       }
+               }
+               
+               if ($key ge $fwdfwsettings{'key'}) {
+                       my $next = $key + 1;
+                       if (exists $delhash{$next}) {
+                               foreach my $i (0 .. $#{$configfwdfw{$next}}) {
+                                       $delhash{$key}[$i] = $delhash{$next}[$i];
+                               }
+                       }
+               }
+       }
+       # Remove the very last entry.
+       my $last_key = (sort keys %delhash)[-1];
+       delete $delhash{$last_key};
+
+       &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
+       &rules;
+       if($fwdfwsettings{'nobase'} ne 'on'){
+               &base;
+       }
+}
+sub disable_rule
+{
+       my $key1=shift;
+       &General::readhasharray("$configfwdfw", \%configfwdfw);
+       foreach my $key (sort keys %configfwdfw){
+                       if ($key eq $key1 ){
+                       if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
+               }
+       }
+       &General::writehasharray("$configfwdfw", \%configfwdfw);
+       &rules;
+       
+}
+sub checksource
+{
+       my ($ip,$subnet);
+       
+       #check ip-address if manual
+       if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
+               #check if ip with subnet
+               if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
+                       ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
+                       $subnet = &General::iporsubtocidr($subnet);
+               }
+               #check if only ip
+               if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+                       $ip=$fwdfwsettings{'src_addr'};
+                       $subnet = '32';
+               }
+               #check and form valid IP
+               $ip=&General::ip2dec($ip);
+               $ip=&General::dec2ip($ip);
+               #check if net or broadcast
+               my @tmp= split (/\./,$ip);
+               if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+               {
+                       $errormessage=$Lang::tr{'fwhost err hostip'};
+               }
+               $fwdfwsettings{'src_addr'}="$ip/$subnet";
+                               
+               if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+                       $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+               }
+       }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
+               $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
+               return $errormessage;
+       }
+               
+       #check empty fields
+       if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
+       #check icmp source
+               if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
+                       $fwdfwsettings{'SRC_PORT'}='';
+                       &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+                       foreach my $key (keys %icmptypes){
+                               if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
+                                       $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
+                               }
+                       }
+               }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
+                       $fwdfwsettings{'ICMP_TYPES'}='';
+               }else{
+                       $fwdfwsettings{'ICMP_TYPES'}='';
+                       $fwdfwsettings{'SRC_PORT'}='';
+                       $fwdfwsettings{'PROT'}='';
+               }
+               
+       if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
+               #change dashes with :
+               $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
+                       
+               if ($fwdfwsettings{'SRC_PORT'} eq "*") {
+                       $fwdfwsettings{'SRC_PORT'} = "1:65535";
+               }
+               if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) {
+                       $fwdfwsettings{'SRC_PORT'} = "1:$2";
+               }
+               if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
+                       $fwdfwsettings{'SRC_PORT'} = "$1:65535";
+               }
+               
+               $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
+       }
+       return $errormessage;
+}
+sub checktarget
+{
+       my ($ip,$subnet);
+       
+               
+       if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
+               #check if ip with subnet
+               if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
+                       ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
+                       $subnet = &General::iporsubtocidr($subnet);
+               }
+               #check if only ip
+               if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+                       $ip=$fwdfwsettings{'tgt_addr'};
+                       $subnet='32';
+               }
+               #check and form valid IP
+               $ip=&General::ip2dec($ip);
+               $ip=&General::dec2ip($ip);
+               
+               #check if net or broadcast
+               my @tmp= split (/\./,$ip);
+               if (($tmp[3] eq "0") || ($tmp[3] eq "255"))
+               {
+                       $errormessage=$Lang::tr{'fwhost err hostip'};
+               }
+               $fwdfwsettings{'tgt_addr'}=$ip."/".$subnet;
+                               
+               if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
+                       $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+               }
+               
+       }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
+               $errormessage.=$Lang::tr{'fwdfw err notgtip'};
+               return $errormessage;
+       }
+               
+       #check empty fields
+       if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
+       
+       #check tgt services
+       if ($fwdfwsettings{'USESRV'} eq 'ON'){
+               if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+                       $fwdfwsettings{'TGT_PROT'}='';
+                       $fwdfwsettings{'ICMP_TGT'}='';
+               }
+               if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+                       $fwdfwsettings{'TGT_PROT'}='';
+                       $fwdfwsettings{'ICMP_TGT'}='';
+                       #check target service
+                       if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
+                               $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
+                       }
+               }
+               if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+                       if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+                               if ($fwdfwsettings{'TGT_PORT'} ne ''){
+                                       #change dashes with :
+                                       $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
+                                       if ($fwdfwsettings{'TGT_PORT'} eq "*") {
+                                               $fwdfwsettings{'TGT_PORT'} = "1:65535";
+                                       }
+                                       if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) {
+                                               $fwdfwsettings{'TGT_PORT'} = "1:$2";
+                                       }
+                                       if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) {
+                                               $fwdfwsettings{'TGT_PORT'} = "$1:65535";
+                                       }
+                                       $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
+                               }
+                       }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+                               &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+                               foreach my $key (keys %icmptypes){
+                                       
+                                       if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
+                                               
+                                               $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
+                                       }
+                               }
+                       }
+               }
+       }
+       
+       #check targetport
+       if ($fwdfwsettings{'USESRV'} ne 'ON'){
+               $fwdfwsettings{'grp3'}='';
+               $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
+               $fwdfwsettings{'TGT_PROT'}='';
+               $fwdfwsettings{'ICMP_TGT'}='';
+       }
+               
+               
+       #check timeframe
+       if($fwdfwsettings{'TIME'} eq 'ON'){
+               if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
+                       $errormessage=$Lang::tr{'fwdfw err time'};
+               }
+       }
+       
+       
+       
+       return $errormessage;
+}
+sub checkrule
+{
+       #check valid remark
+       if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+               $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
+       }
+       #check if source and target identical
+       if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){
+               $errormessage.=$Lang::tr{'fwdfw err same'};
+               return $errormessage;
+       }
+               
+       #get source and targetip address if possible
+       my ($sip,$scidr,$tip,$tcidr);
+       ($sip,$scidr)=&get_ip("src","grp1");
+       ($tip,$tcidr)=&get_ip("tgt","grp2");
+       
+       
+       
+       #check same iprange in source and target
+       if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
+               
+               my $networkip1=&General::getnetworkip($sip,$scidr);
+               my $networkip2=&General::getnetworkip($tip,$tcidr);
+               if ($scidr gt $tcidr){
+                       if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){
+                               $errormessage.=$Lang::tr{'fwdfw err samesub'};
+                       }
+               }elsif($scidr eq $tcidr && $scidr eq '32'){
+                       my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
+                       my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+                               if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
+                                       $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
+                                       $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target:$networkip2/$tcidr<br>";
+                               }
+               
+               }else{
+                       if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
+                       $errormessage.=$Lang::tr{'fwdfw err samesub'};
+                       }
+               }
+       }
+               
+       #check source and destination protocol if manual
+       if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
+               if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+                       $errormessage.=$Lang::tr{'fwdfw err prot'};
+               }
+               #check source and destination protocol if source manual and dest servicegrp
+               if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+                       &General::readhasharray("$configsrv", \%customservice);
+                       foreach my $key (sort keys %customservice){
+                               if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+                                       if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+                                               $errormessage.=$Lang::tr{'fwdfw err prot'};
+                                               last;
+                                       }
+                               }
+                       }
+               }
+       }
+       
+}
+sub get_ip
+{
+       my $val=shift;
+       my $grp =shift;
+       my $a;
+       my $b;
+       &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+       if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
+               if ($fwdfwsettings{$grp} eq $val.'_addr'){
+                       ($a,$b)   = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
+               }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
+                       if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+                               $a=$netsettings{'GREEN_NETADDRESS'};
+                               $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
+                       }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+                               $a=$netsettings{'ORANGE_NETADDRESS'};
+                               $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
+                       }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+                               $a=$netsettings{'BLUE_NETADDRESS'};
+                               $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
+                       }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+                               &General::readhash("$configovpn",\%ovpnsettings);
+                               ($a,$b)   = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
+                               $b=&General::iporsubtocidr($b);
+                       }
+               }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
+                       &General::readhasharray("$confignet", \%customnetwork);
+                       foreach my $key (keys %customnetwork){
+                               if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+                                       $a=$customnetwork{$key}[1];
+                                       $b=&General::iporsubtocidr($customnetwork{$key}[2]);
+                               }
+                       }
+               }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
+                       &General::readhasharray("$confighost", \%customhost);
+                       foreach my $key (keys %customhost){
+                               if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+                                       if ($customhost{$key}[1] eq 'ip'){
+                                               ($a,$b)=split (/\//,$customhost{$key}[2]);
+                                               $b=&General::iporsubtocidr($b);
+                                       }else{
+                                               if ($grp eq 'grp2'){
+                                                       $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
+                                               }
+                                       }
+                               }
+                       }
+               }
+       }
+       
+       return $a,$b;
+}
+sub newrule
+{
+       &error;
+       &General::setup_default_networks(\%defaultNetworks);
+       #read all configfiles
+       &General::readhasharray("$configccdnet", \%ccdnet);
+       &General::readhasharray("$confignet", \%customnetwork);
+       &General::readhasharray("$configccdhost", \%ccdhost);
+       &General::readhasharray("$confighost", \%customhost);
+       &General::readhasharray("$configccdhost", \%ccdhost);
+       &General::readhasharray("$configgrp", \%customgrp);
+       &General::readhasharray("$configipsec", \%ipsecconf);
+       &General::get_aliases(\%aliases);
+       
+               
+       my %checked=();
+       my $helper;
+       if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
+       my $config=$fwdfwsettings{'config'};
+       my %hash=();
+               
+       $checked{'grp1'}{$fwdfwsettings{'grp1'}}                                = 'CHECKED';
+       $checked{'grp2'}{$fwdfwsettings{'grp2'}}                                = 'CHECKED';
+       $checked{'grp3'}{$fwdfwsettings{'grp3'}}                                = 'CHECKED';
+       $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+       $checked{'USESRV'}{$fwdfwsettings{'USESRV'}}                    = 'CHECKED';
+       $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}}                    = 'CHECKED';
+       $checked{'LOG'}{$fwdfwsettings{'LOG'}}                                  = 'CHECKED';
+       $checked{'TIME'}{$fwdfwsettings{'TIME'}}                                = 'CHECKED';
+       $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}}                = 'CHECKED';
+       $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}}                = 'CHECKED';
+       $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}}                = 'CHECKED';
+       $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}}                = 'CHECKED';
+       $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}}                = 'CHECKED';
+       $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}}                = 'CHECKED';
+       $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}}                = 'CHECKED';
+       $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}             = 'selected';
+       $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}                 = 'selected';
+       $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+       
+       #check if update and get values
+       if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
+               &General::readhasharray("$config", \%hash);
+               foreach my $key (sort keys %hash){
+                       if ($key eq $fwdfwsettings{'key'}){
+                               $fwdfwsettings{'RULE_ACTION'}                   = $hash{$key}[0];
+                               $fwdfwsettings{'ACTIVE'}                                = $hash{$key}[2];
+                               $fwdfwsettings{'grp1'}                                  = $hash{$key}[3];   
+                               $fwdfwsettings{$fwdfwsettings{'grp1'}}  = $hash{$key}[4];   
+                               $fwdfwsettings{'grp2'}                                  = $hash{$key}[5];   
+                               $fwdfwsettings{$fwdfwsettings{'grp2'}}  = $hash{$key}[6];   
+                               $fwdfwsettings{'USE_SRC_PORT'}                  = $hash{$key}[7];
+                               $fwdfwsettings{'PROT'}                                  = $hash{$key}[8];
+                           $fwdfwsettings{'ICMP_TYPES'}                        = $hash{$key}[9];
+                           $fwdfwsettings{'SRC_PORT'}                          = $hash{$key}[10];
+                           $fwdfwsettings{'USESRV'}                            = $hash{$key}[11];
+                           $fwdfwsettings{'TGT_PROT'}                          = $hash{$key}[12];
+                           $fwdfwsettings{'ICMP_TGT'}                          = $hash{$key}[13];
+                           $fwdfwsettings{'grp3'}                                      = $hash{$key}[14];
+                           $fwdfwsettings{$fwdfwsettings{'grp3'}}      = $hash{$key}[15];
+                           $fwdfwsettings{'ruleremark'}                        = $hash{$key}[16];
+                           $fwdfwsettings{'LOG'}                                       = $hash{$key}[17];
+                           $fwdfwsettings{'TIME'}                                      = $hash{$key}[18];
+                               $fwdfwsettings{'TIME_MON'}                              = $hash{$key}[19];
+                               $fwdfwsettings{'TIME_TUE'}                              = $hash{$key}[20];
+                               $fwdfwsettings{'TIME_WED'}                              = $hash{$key}[21];
+                               $fwdfwsettings{'TIME_THU'}                              = $hash{$key}[22];
+                               $fwdfwsettings{'TIME_FRI'}                              = $hash{$key}[23];
+                               $fwdfwsettings{'TIME_SAT'}                              = $hash{$key}[24];
+                               $fwdfwsettings{'TIME_SUN'}                              = $hash{$key}[25];
+                               $fwdfwsettings{'TIME_FROM'}                             = $hash{$key}[26];
+                               $fwdfwsettings{'TIME_TO'}                               = $hash{$key}[27];
+                                
+                               $checked{'grp1'}{$fwdfwsettings{'grp1'}}                                = 'CHECKED';
+                               $checked{'grp2'}{$fwdfwsettings{'grp2'}}                                = 'CHECKED';
+                               $checked{'grp3'}{$fwdfwsettings{'grp3'}}                                = 'CHECKED';
+                               $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+                               $checked{'USESRV'}{$fwdfwsettings{'USESRV'}}                    = 'CHECKED';
+                               $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}}                    = 'CHECKED';
+                               $checked{'LOG'}{$fwdfwsettings{'LOG'}}                                  = 'CHECKED';
+                               $checked{'TIME'}{$fwdfwsettings{'TIME'}}                                = 'CHECKED';
+                               $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}}                = 'CHECKED';
+                               $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}}                = 'CHECKED';
+                               $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}}                = 'CHECKED';
+                               $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}}                = 'CHECKED';
+                               $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}}                = 'CHECKED';
+                               $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}}                = 'CHECKED';
+                               $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}}                = 'CHECKED';
+                               $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}             = 'selected';
+                               $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}                 = 'selected';
+                               $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+                       }
+               }
+               $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+               $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+               $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+               $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+               $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+               $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+               $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+       }else{
+               $fwdfwsettings{'ACTIVE'}='ON';
+               $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+       }
+       
+       &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+       
+print <<END;
+       <form method="post">
+       <table border='0'>
+       <tr><td nowrap>$Lang::tr{'fwdfw rule action'}</td><td><select name='RULE_ACTION'>
+END
+       foreach ("ACCEPT","DROP","REJECT")
+       {
+               if($fwdfwsettings{'POLICY'} eq 'MODE2'){
+                       $fwdfwsettings{'RULE_ACTION'} = 'DROP';
+               }
+                       
+               if ($_ eq $fwdfwsettings{'RULE_ACTION'})
+               {
+                       print"<option selected>$_</option>";
+               }else{
+                       print"<option>$_</option>";
+               }
+       }
+       print"</select></td></tr></table><hr>"; 
+
+
+       &Header::closebox();
+       &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
+       
+       
+       #------SOURCE-------------------------------------------------------
+       print<<END;
+               <table width='100%' border='0'>
+               <tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
+               <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
+               <tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
+               
+END
+               foreach my $network (sort keys %defaultNetworks)
+               {
+                       next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+                       print "<option value='$defaultNetworks{$network}{'NAME'}'";
+                       print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
+                       print ">$network</option>";
+               }
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_net_src'  $checked{'grp1'}{'ovpn_net_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_src' style='min-width:185px;'>
+END
+               &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               print<<END;
+               </select></td></tr>
+               <tr><td><input type='radio' name='grp1' value='cust_net_src' $checked{'grp1'}{'cust_net_src'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_src' style='min-width:185px;'>
+END
+               &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_host_src' $checked{'grp1'}{'ovpn_host_src'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_src' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+               {
+                       if ($ccdhost{$key}[33] ne ''){
+                               
+                               print "<option value='$ccdhost{$key}[1]'";
+                               print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
+                               print ">$ccdhost{$key}[1]</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+               <tr><td valign='top'><input type='radio' name='grp1' value='cust_host_src' $checked{'grp1'}{'cust_host_src'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_src' style='min-width:185px;'>
+END
+               &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp1' value='ovpn_n2n_src' $checked{'grp1'}{'ovpn_n2n_src'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_src' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+                       if($ccdhost{$key}[3] eq 'net'){
+                               print"<option ";
+                               print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ccdhost{$key}[1]);
+                               print ">$ccdhost{$key}[1]</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+               
+               <tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
+                       if($helper ne $customgrp{$key}[0]){
+                               print"<option ";
+                               print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
+                               print ">$customgrp{$key}[0]</option>";
+                               
+                       
+                       }
+                       $helper=$customgrp{$key}[0];
+               }
+               print<<END;
+               </select></td>
+               <td valign='top'><input type='radio' name='grp1' value='ipsec_net_src' $checked{'grp1'}{'ipsec_net_src'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_src' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+                       if ($ipsecconf{$key}[3] eq 'net'){
+                               print "<option ";
+                               print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
+                               print ">$ipsecconf{$key}[1]</option>";
+                       }
+               }
+               #sourceport
+               print<<END;
+               </select></td></tr>
+END
+               
+#              <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
+#END
+#              foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+#                      if ($ipsecconf{$key}[3] eq 'host'){
+#                              print "<option ";
+#                              print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $ipsecconf{$key}[1]);
+#                              print ">$ipsecconf{$key}[1]</option>";
+#                      }
+#              }
+               print<<END;
+       
+               <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
+               
+               
+               <table width='100%' border='0'>
+               <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
+               <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
+END
+               foreach ("TCP","UDP","GRE","ICMP")
+               {
+                       if ($_ eq $fwdfwsettings{'PROT'})
+                       {
+                               print"<option selected>$_</option>";
+                       }else{
+                               print"<option>$_</option>";
+                       }
+               }
+               print<<END;
+               </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='11' size='9' ></td></tr>
+               <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES'>
+END
+               &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+               print"<option>All ICMP-Types</option>";
+               foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) } keys %icmptypes){
+                       if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+                               print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+                       }else{
+                               print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr></table><hr>
+END
+               &Header::closebox();
+
+               #---TARGET------------------------------------------------------
+               &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
+               print<<END;
+               <table width='100%' border='0'> 
+               <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
+END
+               print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
+               
+               foreach my $alias (sort keys %aliases)
+               {
+                       print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+               }
+                               
+               print<<END;
+               </td></tr>
+               <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
+               <tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
+               
+END
+               
+               foreach my $network (sort keys %defaultNetworks)
+               {
+                       print "<option value='$defaultNetworks{$network}{'NAME'}'";
+                       print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $defaultNetworks{$network}{'NAME'});
+                       print ">$network</option>";
+               }
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt'  $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
+END
+               &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+               
+               print<<END;
+               </select></td></tr>
+               <tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
+END
+               &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_host_tgt' $checked{'grp2'}{'ovpn_host_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_host_tgt' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+               {
+                       if ($ccdhost{$key}[33] ne ''){
+                               print "<option value='$ccdhost{$key}[1]' ";
+                               print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[33]);
+                               print ">$ccdhost{$key}[1]</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+               <tr><td valign='top'><input type='radio' name='grp2' value='cust_host_tgt' $checked{'grp2'}{'cust_host_tgt'}></td><td>$Lang::tr{'fwhost cust addr'}</td><td><select name='cust_host_tgt' style='min-width:185px;'>
+END
+               &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+               print<<END;
+               </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_n2n_tgt' $checked{'grp2'}{'ovpn_n2n_tgt'}></td><td >$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='ovpn_n2n_tgt' style='min-width:185px;'>
+END
+               foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+                       if($ccdhost{$key}[3] eq 'net'){
+                               print "<option ";
+                               print "selected='selected'" if($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ccdhost{$key}[1]);
+                               print ">$ccdhost{$key}[1]</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+               
+               <tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
+END
+               $helper='';
+               foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
+                       if($helper ne $customgrp{$key}[0]){
+                               print"<option ";
+                               print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq  $customgrp{$key}[0]);
+                               print">$customgrp{$key}[0]</option>";
+                       }
+                       $helper=$customgrp{$key}[0];
+               }
+               print<<END;
+               </select></td>
+               <td valign='top'><input type='radio' name='grp2' value='ipsec_net_tgt' $checked{'grp2'}{'ipsec_net_tgt'}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td><select name='ipsec_net_tgt' style='min-width:185px;'>
+END
+               foreach my $key (sort  { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+                       if ($ipsecconf{$key}[3] eq 'net'){
+                               print"<option ";
+                               print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
+                               print">$ipsecconf{$key}[1]</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+END
+               
+#              <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
+#END
+#              foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
+#                      if ($ipsecconf{$key}[3] eq 'host'){
+#                              print"<option ";
+#                              print"selected='Selected'" if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $ipsecconf{$key}[1]);
+#                              print">$ipsecconf{$key}[1]</option>";
+#                      }
+#              }
+               print<<END;
+               </table>
+               <b>$Lang::tr{'fwhost attention'}:</b><br>
+               $Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
+               
+               <table width='100%' border='0'>
+               <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
+END
+               &General::readhasharray("$configsrv", \%customservice);
+               foreach my $key (sort keys %customservice){
+                       print"<option ";
+                       print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
+                       print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
+               }       
+               print<<END;
+               </select></td></tr>
+               <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}:</td><td colspan='2'><select name='cust_srvgrp'style='min-width:230px;' >
+END
+               &General::readhasharray("$configsrvgrp", \%customservicegrp);
+               my $helper;
+               foreach my $key (sort keys %customservicegrp){
+                       if ($helper ne $customservicegrp{$key}[0]){
+                               print"<option ";
+                               print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
+                               print">$customservicegrp{$key}[0]</option>";
+                       }
+                       $helper=$customservicegrp{$key}[0];
+               }       
+               print<<END;
+               </select></td></tr>
+               <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
+END
+               foreach ("TCP","UDP","GRE","ICMP")
+               {
+                       if ($_ eq $fwdfwsettings{'TGT_PROT'})
+                       {
+                               print"<option selected>$_</option>";
+                       }else{
+                               print"<option>$_</option>";
+                       }
+               }
+               print<<END;
+               </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='11' size='9' ></td></tr>
+               <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT'>
+END
+               &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+               print"<option>All ICMP-Types</option>";
+               foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
+                       if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
+                               print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+                       }else{
+                               print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+                       }
+               }
+               print<<END;
+               </select></td></tr>
+               </table><hr><br><br>
+               
+END
+               #---Activate/logging/remark-------------------------------------
+               &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
+               print<<END;
+               <table width='100%' border='0'>
+               <tr><td colspan='2' >$Lang::tr{'remark'}:<input type='text' name='ruleremark' size='40' value='$fwdfwsettings{'ruleremark'}'></td></tr>
+               <tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
+               <tr><td width='1%'><input type='checkbox' name='LOG' value='ON'  $checked{'LOG'}{'ON'}  ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
+               </table><hr><br>
+END
+               &Header::closebox();
+               #---ADD TIMEFRAME-----------------------------------------------
+               &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'});
+               print<<END;
+               <table width='70%' border='0'>
+               <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='4'>$Lang::tr{'fwdfw timeframe'}</td></tr>
+               <tr><td colspan='7'>&nbsp</td></tr>
+               <tr>
+                       <td  align='left'>$Lang::tr{'time'}:</td>
+                       <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
+                       
+                       <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
+                       <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
+               </tr>
+               <tr>
+                       <td  align='right'></td>
+                       <td width='30%' align='left'>
+                               <input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} />
+                               <input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} />
+                               <input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} />
+                               <input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} />
+                               <input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} />
+                               <input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
+                               <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
+                       </td>
+                       
+                       <td><select name='TIME_FROM'>
+END
+               for (my $i=0;$i<=23;$i++) {
+                       $i = sprintf("%02s",$i);
+                       for (my $j=0;$j<=45;$j+=15) {
+                               $j = sprintf("%02s",$j);
+                               my $time = $i.":".$j;
+                               print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+                       }
+               }
+               print<<END;     
+                       </select></td>
+                       <td><select name='TIME_TO'>
+END
+               for (my $i=0;$i<=23;$i++) {
+                       $i = sprintf("%02s",$i);
+                       for (my $j=0;$j<=45;$j+=15) {
+                               $j = sprintf("%02s",$j);
+                               my $time = $i.":".$j;
+                               print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+                       }
+               }
+               print<<END;     
+               </select></td></tr>
+               </table><hr>
+END
+               &Header::closebox();
+               #---ACTION------------------------------------------------------
+               if($fwdfwsettings{'updatefwrule'} ne 'on'){
+                       print<<END;
+                       <table border='0' width='100%'>
+                       <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
+                       <input type='hidden' name='config' value='$config' >
+                       <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+                       </table></form>
+END
+               }else{
+                       print<<END;
+                       <table border='0' width='100%'>
+                       <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
+                       <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
+                       <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
+                       <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
+                       <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
+                       <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
+                       <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
+                       <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
+                       
+                       <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+                       
+                       </table></form>
+END
+               }
+               &Header::closebox();
+}
+sub saverule
+{
+       
+       my $hash=shift;
+       my $config=shift;
+       &General::readhasharray("$config", $hash);
+       if (!$errormessage){
+               if ($fwdfwsettings{'updatefwrule'} ne 'on' ){
+                       my $key = &General::findhasharraykey ($hash);
+                       $$hash{$key}[0]  = $fwdfwsettings{'RULE_ACTION'};
+                       $$hash{$key}[1]  = $fwdfwsettings{'chain'};
+                       $$hash{$key}[2]  = $fwdfwsettings{'ACTIVE'};
+                       $$hash{$key}[3]  = $fwdfwsettings{'grp1'};
+                       $$hash{$key}[4]  = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+                       $$hash{$key}[5]  = $fwdfwsettings{'grp2'};
+                       $$hash{$key}[6]  = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+                       $$hash{$key}[7]  = $fwdfwsettings{'USE_SRC_PORT'};
+                       $$hash{$key}[8]  = $fwdfwsettings{'PROT'};
+                       $$hash{$key}[9]  = $fwdfwsettings{'ICMP_TYPES'};
+                       $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+                       $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+                       $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+                       $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+                       $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+                       $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+                       $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+                       $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+                       $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+                       $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+                       $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+                       $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+                       $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+                       $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+                       $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+                       $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+                       $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+                       $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+                       &General::writehasharray("$config", $hash);
+               }else{
+                       foreach my $key (sort keys %$hash){
+                               if($key eq $fwdfwsettings{'key'}){
+                                       $$hash{$key}[0]  = $fwdfwsettings{'RULE_ACTION'};
+                                       $$hash{$key}[1]  = $fwdfwsettings{'chain'};
+                                       $$hash{$key}[2]  = $fwdfwsettings{'ACTIVE'};
+                                       $$hash{$key}[3]  = $fwdfwsettings{'grp1'};
+                                       $$hash{$key}[4]  = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+                                       $$hash{$key}[5]  = $fwdfwsettings{'grp2'};
+                                       $$hash{$key}[6]  = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+                                       $$hash{$key}[7]  = $fwdfwsettings{'USE_SRC_PORT'};
+                                       $$hash{$key}[8]  = $fwdfwsettings{'PROT'};
+                                       $$hash{$key}[9]  = $fwdfwsettings{'ICMP_TYPES'};
+                                       $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+                                       $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+                                       $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+                                       $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+                                       $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+                                       $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+                                       $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+                                       $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+                                       $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+                                       $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+                                       $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+                                       $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+                                       $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+                                       $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+                                       $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+                                       $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+                                       $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+                                       $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+                                       last;
+                               }
+                       }
+                       &General::writehasharray("$config", $hash);
+               }
+       }
+}
+sub error
+{
+       if ($errormessage) {
+               &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+               print "<class name='base'>$errormessage\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+               print"<hr>";
+       }
+}
+sub hint
+{
+       if ($hint) {
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+               print "<class name='base'>$hint\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+               print"<hr>";
+       }
+}
+sub get_name
+{
+       my $val=shift;
+       &General::setup_default_networks(\%defaultNetworks);
+       foreach my $network (sort keys %defaultNetworks)
+       {
+               return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+       }       
+}
+sub validremark
+{
+       # Checks a hostname against RFC1035
+        my $remark = $_[0];
+
+       # Each part should be at least two characters in length
+       # but no more than 63 characters
+       if (length ($remark) < 1 || length ($remark) > 63) {
+               return 0;}
+       # Only valid characters are a-z, A-Z, 0-9 and -
+       if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
+               return 0;}
+       # First character can only be a letter or a digit
+       if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
+               return 0;}
+       # Last character can only be a letter or a digit
+       if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
+               return 0;}
+       return 1;
+}
+sub getsrcport
+{
+       my %hash=%{(shift)};
+       my $key=shift;
+       if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){
+               print" : ($hash{$key}[8]) $hash{$key}[10]";
+       }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
+               print" : ($hash{$key}[8]) <br> $hash{$key}[9]";
+       }
+}
+sub gettgtport
+{
+       my %hash=%{(shift)};
+       my $key=shift;
+       my $service;
+       my $prot;
+       
+       if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
+               if($hash{$key}[14] eq 'cust_srv'){
+                       &General::readhasharray("$configsrv", \%customservice);
+                       foreach my $i (sort keys %customservice){
+                               #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15]<br>";
+                               if($customservice{$i}[0] eq $hash{$key}[15]){
+                                       $prot = $hash{$key}[12];
+                                       $service = $customservice{$i}[0];
+                               }
+                       }
+               }elsif($hash{$key}[14] eq 'cust_srvgrp'){
+                       
+                       $service=$hash{$key}[15];
+               }elsif($hash{$key}[14] eq 'TGT_PORT'){
+                       $service=$hash{$key}[15];
+                       $prot=$hash{$key}[12];
+               }
+       }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
+               print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
+       }
+       
+       if ($prot ne '' || $service ne ''){
+               print" :";
+               if ($prot ne ''){
+                       print"($prot) ";
+               }
+               print" $service";
+       }
+}
+sub viewtablerule
+{
+       &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
+       &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
+}
+sub viewtablenew
+{
+       my $hash=shift;
+       my $config=shift;
+       my $title=shift;
+       my $title1=shift;
+       
+       if ( ! -z "$config"){
+               &Header::openbox('100%', 'left',$title);
+               my $count=0;
+               my ($gif,$log);
+               my $ruletype;
+               my $rulecolor;
+               my $tooltip;
+               my @tmpsrc=();
+               my $coloryellow='';
+               &General::readhasharray("$config", $hash);
+               print"<b>$title1</b><br>";
+               print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
+               print"<tr><td align='center' width='1%'><b>#</td><td></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3'><b>$Lang::tr{'fwdfw action'}</td></tr>";
+               foreach my $key (sort keys %$hash){
+                       @tmpsrc=();
+                       #check if vpn hosts/nets have been deleted
+                       if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+                               push (@tmpsrc,$$hash{$key}[4]);
+                       }
+                       if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+                               push (@tmpsrc,$$hash{$key}[6]);
+                       }
+               
+                       foreach my $host (@tmpsrc){
+                               if($$hash{$key}[3] eq  'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
+                                               if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+                                               $coloryellow='on';
+                                               &disable_rule($key);
+                                               $$hash{$key}[2]='';
+                                               
+                                       }
+                               }elsif($$hash{$key}[3] eq  'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
+                                       if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
+                                               $coloryellow='on';
+                                               &disable_rule($key);
+                                               $$hash{$key}[2]='';
+                                       }
+                               }elsif($$hash{$key}[3] eq  'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
+                                       if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
+                                               $coloryellow='on';
+                                               &disable_rule($key);
+                                               $$hash{$key}[2]='';
+                                       }
+                               }elsif($$hash{$key}[3] eq  'ovpn_host_src' || $$hash{$key}[5] eq 'ovpn_host_tgt'){
+                                       if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
+                                               $coloryellow='on';
+                                               &disable_rule($key);
+                                               $$hash{$key}[2]='';
+                                       }
+                               }
+                               $$hash{$key}[3]='';
+                               $$hash{$key}[5]='';
+                       }
+                       
+                       $$hash{'ACTIVE'}=$$hash{$key}[2];
+                       $count++;
+                       
+                       if($coloryellow eq 'on'){
+                               print"<tr bgcolor='$color{'color14'}' >";
+                               $coloryellow='';
+                       }elsif($coloryellow eq ''){
+                               if ($count % 2){ 
+                                       print"<tr bgcolor='$color{'color22'}' >";
+                               }
+                               else{
+                                       print"<tr bgcolor='$color{'color20'}' >";
+                               }
+                       }
+                       
+                       print<<END;
+                       <td align='right'>$key</td>
+END
+                       if ($$hash{$key}[0] eq 'ACCEPT'){
+                               $ruletype='A';
+                               $tooltip='ACCEPT';
+                               $rulecolor=$color{'color17'};
+                       }elsif($$hash{$key}[0] eq 'DROP'){
+                               $ruletype='D';
+                               $tooltip='DROP';
+                               $rulecolor=$color{'color25'};
+                       }elsif($$hash{$key}[0] eq 'REJECT'){
+                               $ruletype='R';
+                               $tooltip='REJECT';
+                               $rulecolor=$color{'color16'};
+                       }
+                       print"<td bgcolor='$rulecolor' width='2%' align='center'><span title='$tooltip'><b>$ruletype</b></span></td>";
+                       print"<td align='center'>";
+                       if ($$hash{$key}[3] eq 'std_net_src'){
+                               print &get_name($$hash{$key}[4]);
+                       }else{
+                               print $$hash{$key}[4];
+                       }
+                       &getsrcport(\%$hash,$key);
+                       if ($$hash{$key}[17] eq 'ON'){
+                               $log="/images/on.gif";
+                       }else{
+                               $log="/images/off.gif";
+                       }
+                       print<<END;
+                       </td>
+                       
+                       <form method='post'>
+                       <td width='1%'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'/>
+                       <input type='hidden' name='key' value='$key' />
+                       <input type='hidden' name='config' value='$config' />
+                       <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
+                       </td></form>
+END
+               
+                       print<<END;
+                       <td align='center'>
+END
+                       if ($$hash{$key}[5] eq 'std_net_tgt'){
+                               print &get_name($$hash{$key}[6]);
+                       }else{
+                               print $$hash{$key}[6];
+                       }
+                       &gettgtport(\%$hash,$key);
+       ################################################################################
+                       print"</td><td width='20%'>$$hash{$key}[16]</td>";
+                       
+                       if($$hash{$key}[2] eq 'ON'){
+                               $gif="/images/on.gif"
+                               
+                       }else{
+                               $gif="/images/off.gif"
+                               
+                       }
+                       print<<END;
+                       <form method='post'>
+                       <td width='1%'><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+                       <input type='hidden' name='key' value='$key' />
+                       <input type='hidden' name='config' value='$config' />
+                       <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
+                       </td></form>
+                       
+                       <form method='post'>
+                       <td  width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'  />
+                       <input type='hidden' name='key' value='$key' />
+                       <input type='hidden' name='config' value='$config' />
+                       <input type='hidden' name='ACTION' value='editrule' />
+                       </td></form></td>
+                       
+                       <form method='post'>
+                       <td  width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+                       <input type='hidden' name='key' value='$key' />
+                       <input type='hidden' name='config' value='$config' />
+                       <input type='hidden' name='ACTION' value='copyrule' />
+                       </td></form></td>
+                       
+                       
+                       <form method='post'>
+                       <td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'   />
+                       <input type='hidden' name='key' value='$key' />
+                       <input type='hidden' name='config' value='$config' />
+                       <input type='hidden' name='ACTION' value='deleterule' />
+                       </td></form></td>
+END
+                       if (exists $$hash{$key-1}){
+                               print<<END;
+                               <form method='post'>
+                               <td width='1%'><input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}'  style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'  />
+                               <input type='hidden' name='key' value='$key' />
+                               <input type='hidden' name='config' value='$config' />
+                               <input type='hidden' name='ACTION' value='moveup' />
+                               </td></form></td>
+END
+                       }else{
+                               print"<td></td>";
+                       }
+               
+                       if (exists $$hash{$key+1}){
+                               print<<END;
+                               <form method='post'>
+                               <td  width='1%' ><input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'  />
+                               <input type='hidden' name='key' value='$key' />
+                               <input type='hidden' name='config' value='$config' />
+                               <input type='hidden' name='ACTION' value='movedown' />
+                               </td></form></td></tr>
+END
+                       }else{
+                               print"<td></td></tr>";
+                       }
+                       #if timeframe set, print new line in table
+                       if ($$hash{$key}[18] eq 'ON'){
+                               my @days=();
+                               if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+                               if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+                               if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+                               if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+                               if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+                               if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+                               if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+                       
+                               my $weekdays=join(",",@days);
+                                                       
+                               if (@days){
+                                       print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
+                                       print"$weekdays";
+                                       print "&nbsp $Lang::tr{'fwdfw from'} $$hash{$key}[26] &nbsp $Lang::tr{'fwdfw till'} $$hash{$key}[27]</td><td colspan='8'></d></tr>";
+                               }
+                       }
+               }
+               print"</table>";
+               &Header::closebox();
+       }
+       
+}
+sub fillselect
+{
+       my %hash=%{(shift)};
+       my $val=shift;
+       my $key;
+       foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash)
+               {
+                       if($hash{$key}[0] eq $val){
+                               print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+                       }else{
+                               print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
+                       }
+               }
+}
+sub rules
+{
+       if (!-f "${General::swroot}/forward/reread"){
+               system("touch ${General::swroot}/forward/reread");
+       }
+}
+sub reread_rules
+{
+       system("/usr/local/bin/forwardfwctrl");
+       system("rm ${General::swroot}/forward/reread");
+}
+&Header::closebigbox();
+&Header::closepage();
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
new file mode 100755 (executable)
index 0000000..8fe281b
--- /dev/null
@@ -0,0 +1,1970 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2011  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+# New function for forwarding firewall. To make it comfortable to create         #
+# rules, we need "spelling names" for single Hosts. If you have any questions #
+# <amarx@ipfire.org>                                                                                                             #
+###############################################################################
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+no warnings 'uninitialized';
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %fwhostsettings=();
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %icmptypes=();
+my %color=();
+my %defaultNetworks=();
+my %mainsettings=();
+my %ownnet=();
+my %ipsecsettings=();
+
+my $errormessage;
+my $hint;
+my $update=0;
+my $confignet          = "${General::swroot}/fwhosts/customnetworks";
+my $confighost         = "${General::swroot}/fwhosts/customhosts";
+my $configgrp          = "${General::swroot}/fwhosts/customgroups";
+my $configccdnet       = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost      = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec                = "${General::swroot}/vpn/config";
+my $configsrv          = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+
+unless (-e $confignet)    { system("touch $confignet"); }
+unless (-e $confighost)   { system("touch $confighost"); }
+unless (-e $configgrp)    { system("touch $configgrp"); }
+unless (-e $configsrv)    { system("touch $configsrv"); }
+unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&Header::getcgihash(\%fwhostsettings);
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'fwhost hosts'}, 1, '');
+&Header::openbigbox('100%', 'center');
+
+## ACTION ####
+# Update
+if ($fwhostsettings{'ACTION'} eq 'updatenet' )
+{
+       &General::readhasharray("$confignet", \%customnetwork);
+       foreach my $key (keys %customnetwork)
+       {
+               if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'})
+               {
+                       $fwhostsettings{'orgname'}              = $customnetwork{$key}[0];
+                       $fwhostsettings{'orgip'}                = $customnetwork{$key}[1];
+                       $fwhostsettings{'orgsub'}               = $customnetwork{$key}[2];
+                       $fwhostsettings{'count'}                = $customnetwork{$key}[3];
+                       delete $customnetwork{$key};
+                       
+               }
+       }
+       &General::writehasharray("$confignet", \%customnetwork);
+       $fwhostsettings{'actualize'} = 'on';
+       $fwhostsettings{'ACTION'} = 'savenet';
+}
+if ($fwhostsettings{'ACTION'} eq 'updatehost')
+{
+       my ($ip,$subnet);
+       &General::readhasharray("$confighost", \%customhost);
+       foreach my $key (keys %customhost)
+       {
+               if($customhost{$key}[0] eq $fwhostsettings{'orgname'})
+               {
+                       $fwhostsettings{'orgname'} = $customhost{$key}[0];
+                       if ($customhost{$key}[1] eq 'ip'){
+                               ($ip,$subnet) = split (/\//,$customhost{$key}[2]);
+                       }else{
+                               $ip = $customhost{$key}[2];
+                       }
+                       $fwhostsettings{'orgip'} = $ip;
+                       $fwhostsettings{'count'} = $customhost{$key}[3];
+                       delete $customhost{$key};
+               }
+       }
+       &General::writehasharray("$confighost", \%customhost);
+       $fwhostsettings{'actualize'} = 'on';
+       $fwhostsettings{'ACTION'} = 'savehost';
+}
+if ($fwhostsettings{'ACTION'} eq 'updateservice')
+{
+       my $count=0;
+       my $needrules=0;
+       $errormessage=&checkports(\%customservice);
+       
+       if (!$errormessage){
+               &General::readhasharray("$configsrv", \%customservice);
+               foreach my $key (keys %customservice)
+               {
+                       if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'})
+                       {
+                               $count=$customservice{$key}[4];
+                               delete $customservice{$key};
+                               &General::writehasharray("$configsrv", \%customservice);
+                               last;
+                       }
+               }
+               if ($fwhostsettings{'PROT'} ne 'ICMP'){
+                       $fwhostsettings{'ICMP_TYPES'}='BLANK';
+               }
+               my $key1 = &General::findhasharraykey(\%customservice);
+               foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
+               $customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
+               $customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
+               $customservice{$key1}[2] = $fwhostsettings{'PROT'};
+               $customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'};
+               $customservice{$key1}[4] = $count;
+               &General::writehasharray("$configsrv", \%customservice);
+               if($fwhostsettings{'updatesrv'} eq 'on'){
+                       if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){
+                               $needrules='on';
+                       }
+                       if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
+                               $needrules='on';
+                       }
+               }
+               $fwhostsettings{'SRV_NAME'}     = '';
+               $fwhostsettings{'SRV_PORT'}     = '';
+               $fwhostsettings{'PROT'}         = '';
+               
+       }else{
+               $fwhostsettings{'SRV_NAME'}     = $fwhostsettings{'oldsrvname'};
+               $fwhostsettings{'SRV_PORT'}     = $fwhostsettings{'oldsrvport'};
+               $fwhostsettings{'PROT'}         = $fwhostsettings{'oldsrvprot'};
+               $fwhostsettings{'updatesrv'}= 'on';
+       }
+       
+       if($needrules eq 'on'){
+               $errormessage="reread!";
+               &rules;
+       }
+       
+       &addservice;
+}
+# save
+if ($fwhostsettings{'ACTION'} eq 'savenet' )
+{
+       my $count=0;
+       my $needrules=0;
+       if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+       
+       #check if all fields are set
+       if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+       {
+               $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+               &addnet;
+               &viewtablenet;
+       }else{
+               #check valid ip 
+               if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'}))
+               {
+                       $errormessage=$errormessage.$Lang::tr{'fwhost err addr'};
+                       $fwhostsettings{'BLK_HOST'}     ='readonly';
+                       $fwhostsettings{'NOCHECK'}      ='false';
+                       $fwhostsettings{'error'}        ='on';
+               }
+               #check if subnet is sigle host
+               if(&General::iporsubtocidr($fwhostsettings{'SUBNET'}) eq '32')
+               {
+                       $errormessage=$errormessage.$Lang::tr{'fwhost err sub32'};
+                       
+               }
+               if($fwhostsettings{'error'} ne 'on'){
+                       #check if we use one of ipfire's networks (green,orange,blue)
+                       if (($ownnet{'GREEN_NETADDRESS'}        ne '' && $ownnet{'GREEN_NETADDRESS'}    ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
+                       { 
+                               $errormessage=$errormessage.$Lang::tr{'ccd err green'}."<br>";
+                               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+                       }
+                       if (($ownnet{'ORANGE_NETADDRESS'}       ne '' && $ownnet{'ORANGE_NETADDRESS'}   ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
+                       { 
+                               $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."<br>";
+                               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+                       }
+                       if (($ownnet{'BLUE_NETADDRESS'}         ne '' && $ownnet{'BLUE_NETADDRESS'}     ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
+                       { 
+                               $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."<br>";
+                               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+                       }
+                       if (($ownnet{'RED_NETADDRESS'}  ne '' && $ownnet{'RED_NETADDRESS'}              ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'RED_NETADDRESS'},$ownnet{'RED_NETMASK'}))
+                       { 
+                               $errormessage=$errormessage.$Lang::tr{'ccd err red'}."<br>";
+                               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+                       }
+               }
+               #only check plausi when no error till now
+               if (!$errormessage){
+                       &plausicheck("editnet");
+               }
+               
+               #check if network ip is part of an already used one 
+               if(&checksubnet(\%customnetwork))
+               {
+                       $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'};
+                       $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+               }                               
+               
+               if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage)
+               {
+                       $fwhostsettings{'actualize'} = '';
+                       my $key = &General::findhasharraykey (\%customnetwork);
+                       foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
+                       $customnetwork{$key}[0] = $fwhostsettings{'orgname'} ;
+                       $customnetwork{$key}[1] = $fwhostsettings{'orgip'} ;
+                       $customnetwork{$key}[2] = $fwhostsettings{'orgsub'};
+                       $customnetwork{$key}[3] = $fwhostsettings{'count'};
+                       &General::writehasharray("$confignet", \%customnetwork);
+                       undef %customnetwork;
+               }                       
+                                               
+               if (!$errormessage){
+                       &General::readhasharray("$confignet", \%customnetwork);
+                       if ($fwhostsettings{'ACTION'} eq 'updatenet'){
+                               if ($fwhostsettings{'update'} == '0'){
+                                       foreach my $key (keys %customnetwork) {
+                                               if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){
+                                                       $count=$customnetwork{$key}[3];
+                                                       delete $customnetwork{$key};
+                                                       last;
+                                               }
+                                       }
+                               }
+                       }
+                       #get count if actualize is 'on'
+                       if($fwhostsettings{'actualize'} eq 'on'){
+                               $fwhostsettings{'actualize'} = '';
+                               $count=$fwhostsettings{'count'};
+                               #check if we need to reload rules
+                               if($fwhostsettings{'orgip'}  ne $fwhostsettings{'IP'}  && $count gt '0'){
+                                       $needrules='on';
+                               }
+                               if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+                                       #check if we need to update groups
+                                       &General::readhasharray("$configgrp", \%customgrp);
+                                       foreach my $key (sort keys %customgrp){
+                                               if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+                                                       $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+                                                       last;
+                                               }
+                                       }
+                                       &General::writehasharray("$configgrp", \%customgrp);
+                               }
+                       }                                       
+                       my $key = &General::findhasharraykey (\%customnetwork);
+                       foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
+                       $fwhostsettings{'SUBNET'}       = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
+                       $customnetwork{$key}[0]         = $fwhostsettings{'HOSTNAME'};
+                       #convert ip when leading '0' in byte
+                       $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'});
+                       $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'});
+                       $customnetwork{$key}[1]         = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ;
+                       $customnetwork{$key}[2]         = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ;
+                       if($fwhostsettings{'newnet'} eq 'on'){$count=0;}
+                       $customnetwork{$key}[3]         = $count;
+                       &General::writehasharray("$confignet", \%customnetwork);
+                       $fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+                       undef %customnetwork;
+                       $fwhostsettings{'HOSTNAME'}='';
+                       $fwhostsettings{'IP'}='';
+                       $fwhostsettings{'SUBNET'}='';
+                       #check if an edited net affected groups and need to reload rules
+                       if ($needrules eq 'on'){
+                               &rules;
+                       }
+                       &addnet;
+                       &viewtablenet;
+               }else
+               {
+                       &addnet;
+                       &viewtablenet;
+               }
+       }
+       
+}
+if ($fwhostsettings{'ACTION'} eq 'savehost')
+{
+       my $count=0;
+       my $needrules=0;
+       if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+       
+       $fwhostsettings{'SUBNET'}='32';
+               
+       #check if all fields are set
+       if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+       {
+               $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+               $fwhostsettings{'ACTION'} = 'edithost';
+       }else{
+       
+               if($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){
+                       $fwhostsettings{'type'} = 'mac';
+               }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+                       $fwhostsettings{'type'} = 'ip';
+               }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){
+                       $fwhostsettings{'type'} = 'mac';
+               }elsif($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+                       $fwhostsettings{'type'} = 'ip';
+               }else{
+                       $fwhostsettings{'type'} = '';
+                       $errormessage=$Lang::tr{'fwhost err ipmac'};
+               }
+               
+               if($fwhostsettings{'type'} eq 'mac' )
+               {
+                       if ($fwhostsettings{'IP'}!~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/ )
+                       {
+                               $errormessage=$Lang::tr{'fwhost err mac'};
+                               
+                       }
+               }
+               #CHECK IP-PART
+               if ($fwhostsettings{'type'} eq 'ip'){
+                       #check for subnet
+                       if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){
+                               if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32"))
+                                       {
+                                               $errormessage.=$errormessage.$Lang::tr{'fwhost err ip'};
+                                               $fwhostsettings{'error'}='on';
+                                       }
+                               
+                       }elsif(rindex($fwhostsettings{'IP'},'/') ne '-1' ){
+                               $errormessage=$errormessage.$Lang::tr{'fwhost err ipwithsub'};
+                               $fwhostsettings{'error'}='on';
+                       }
+                       #check if net or broadcast
+                       my @tmp= split (/\./,$fwhostsettings{'IP'});
+                       if (($tmp[3] eq "0") || ($tmp[3] eq "255")){
+                               $errormessage=$Lang::tr{'fwhost err hostip'};
+                       }
+               }
+                       
+               
+               
+               #only check plausi when no error till now
+               if (!$errormessage){    
+                       &plausicheck("edithost");
+               }
+                               
+               if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){
+                       $fwhostsettings{'actualize'} = '';
+                       my $key = &General::findhasharraykey (\%customhost);
+                       foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
+                       $customhost{$key}[0] = $fwhostsettings{'orgname'} ;
+                       $customhost{$key}[1] = $fwhostsettings{'type'} ;
+                       if($customhost{$key}[1] eq 'ip'){
+                               $customhost{$key}[2] = $fwhostsettings{'orgip'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+                       }else{
+                               $customhost{$key}[2] = $fwhostsettings{'orgip'};
+                       }
+                       $customhost{$key}[3] = $fwhostsettings{'count'};
+                       &General::writehasharray("$confighost", \%customhost);
+                       undef %customhost;
+                               
+               } 
+               
+               if (!$errormessage){
+                       #get count if host was edited
+                       if($fwhostsettings{'actualize'} eq 'on'){
+                               $count=$fwhostsettings{'count'};
+                               if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){
+                                       $needrules='on';
+                               }
+                               if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+                                       #check if we need to update groups
+                                       &General::readhasharray("$configgrp", \%customgrp);
+                                       foreach my $key (sort keys %customgrp){
+                                               if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+                                                       $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+                                                       last;
+                                               }
+                                       }
+                                       &General::writehasharray("$configgrp", \%customgrp);
+                               }
+                               
+                               
+                       }
+                       my $key = &General::findhasharraykey (\%customhost);
+                       foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
+                       $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ;
+                       $customhost{$key}[1] = $fwhostsettings{'type'} ;
+                       if ($fwhostsettings{'type'} eq 'ip'){
+                               #convert ip when leading '0' in byte
+                               $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'});
+                               $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'});
+                               $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+                       }else{
+                               $customhost{$key}[2] = $fwhostsettings{'IP'};
+                       }
+                       if($fwhostsettings{'newhost'} eq 'on'){$count=0;}
+                       $customhost{$key}[3] = $count;
+                       &General::writehasharray("$confighost", \%customhost);
+                       
+                       #$fwhostsettings{'IP'} = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+                       undef %customhost;
+                       $fwhostsettings{'HOSTNAME'}='';
+                       $fwhostsettings{'IP'}='';
+                       $fwhostsettings{'type'}='';
+                       #check if we need to update rules while host was edited
+                       if($needrules eq 'on'){
+                               &rules;
+                       }
+                       &addhost;
+                       &viewtablehost;
+               }else{
+                       &addhost;
+                       &viewtablehost;
+               }
+       
+       }
+
+}
+if ($fwhostsettings{'ACTION'} eq 'savegrp')
+{
+       my $grp;
+       my $rem=$fwhostsettings{'remark'};
+       my $count;
+       my $type;
+       my $updcounter='off';
+       my @target;
+       my @newgrp;
+       &General::readhasharray("$configgrp", \%customgrp);
+       &General::readhasharray("$confignet", \%customnetwork);
+       &General::readhasharray("$confighost", \%customhost);
+       $grp=$fwhostsettings{'grp_name'};
+       
+       if (!&General::validhostname($grp)){$errormessage=$errormessage.$Lang::tr{'fwhost err name'};}
+       
+       ###check standard networks
+       if ($fwhostsettings{'grp2'} eq 'std_net'){
+               @target=$fwhostsettings{'DEFAULT_SRC_ADR'};
+               $type='Standard Network';       
+       }
+       ##check custom networks
+       if ($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} ne ''){
+               @target=$fwhostsettings{'CUST_SRC_NET'};
+               $updcounter='net';
+               $type='Custom Network';
+       }elsif($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       #check custom addresses
+       if ($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} ne ''){
+               @target=$fwhostsettings{'CUST_SRC_HOST'};
+               $updcounter='host';
+               $type='Custom Host';
+       }elsif($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       #get address from  ovpn ccd static net
+       if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
+               @target=$fwhostsettings{'OVPN_CCD_NET'};
+               $type='OpenVPN static network';
+       }elsif($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'};
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       #get address from ovpn ccd static host
+       if ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} ne ''){
+               @target=$fwhostsettings{'OVPN_CCD_HOST'};
+               $type='OpenVPN static host';
+       }elsif ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'};
+       }
+       #get address from ovpn ccd Net-2-Net
+       if ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} ne ''){
+               @target=$fwhostsettings{'OVPN_N2N'};
+               $type='OpenVPN N-2-N';
+       }elsif ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'};
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       
+       #get address from IPSEC HOST
+       if ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} ne ''){
+               @target=$fwhostsettings{'IPSEC_HOST'};
+               $type='IpSec Host';
+       }elsif ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'};
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       #get address from IPSEC NETWORK
+       if ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} ne ''){
+               @target=$fwhostsettings{'IPSEC_NET'};
+               $type='IpSec Network';
+       }elsif ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} eq ''){
+               $errormessage=$Lang::tr{'fwhost err groupempty'};
+               $fwhostsettings{'grp_name'}='';
+               $fwhostsettings{'remark'}='';
+       }
+       
+       #check if host/net exists in grp
+       my $test="$grp,$fwhostsettings{'oldremark'},@target";
+       foreach my $key (keys %customgrp) {
+               my $test1="$customgrp{$key}[0],$customgrp{$key}[1],$customgrp{$key}[2]";
+               if ($test1 eq $test){
+                       $errormessage=$Lang::tr{'fwhost err isingrp'};
+                       $fwhostsettings{'update'} = 'on';
+               }
+       }
+               
+       if (!$errormessage){
+               #on first save, we have an empty @target, so fill it with nothing
+               my $targetvalues=@target;
+               if ($targetvalues == '0'){
+                       @target=$Lang::tr{'fwhost empty'};
+               }
+               #on update, we have to delete the dummy entry
+               
+               foreach my $key (keys %customgrp){
+                       if ($customgrp{$key}[0] eq $grp && $customgrp{$key}[2] eq $Lang::tr{'fwhost empty'}){
+                               delete $customgrp{$key};
+                               last;
+                       }
+               }
+               &General::writehasharray("$configgrp", \%customgrp);
+               &General::readhasharray("$configgrp", \%customgrp);
+               
+               
+               
+               #check if remark has also changed
+               if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $fwhostsettings{'update'} eq 'on')
+               {
+                       foreach my $key (keys %customgrp)
+                       {
+                               if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'})
+                               {
+                                       $customgrp{$key}[1]='';
+                                       $customgrp{$key}[1]=$rem;
+                               }       
+                       }
+               }
+               #get count used
+               foreach my $key (keys %customgrp)
+               {
+                       if($customgrp{$key}[0] eq $grp)
+                       {
+                               $count=$customgrp{$key}[4];
+                               last;
+                       }
+               }
+               if ($count eq '' ){$count='0';}
+               
+               #create array with new lines
+               foreach my $line (@target){
+                       push (@newgrp,"$grp,$rem,$line");
+               }
+               #append new entries
+               my $key = &General::findhasharraykey (\%customgrp);
+               foreach my $line (@newgrp){
+                       foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";}
+                       my ($a,$b,$c,$d) = split (",",$line);
+                       $customgrp{$key}[0] = $a;
+                       $customgrp{$key}[1] = $b;
+                       $customgrp{$key}[2] = $c;
+                       $customgrp{$key}[3] = $type;
+                       $customgrp{$key}[4] = $count;
+               }
+               &General::writehasharray("$configgrp", \%customgrp);
+               
+               #update counter in Host/Net
+               if($updcounter eq 'net'){
+                       foreach my $key (keys %customnetwork) {
+                               if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){
+                                       $customnetwork{$key}[3] = $customnetwork{$key}[3]+1;
+                                       last;
+                               }
+                       }
+                       &General::writehasharray("$confignet", \%customnetwork);
+               }elsif($updcounter eq 'host'){
+                       foreach my $key (keys %customhost) {
+                               if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){
+                                       $customhost{$key}[3]=$customhost{$key}[3]+1;
+                               }
+                       }
+                       &General::writehasharray("$confighost", \%customhost);
+               }
+               
+               $fwhostsettings{'update'}='on';
+               
+       }
+               if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $errormessage)
+               {
+                       foreach my $key (keys %customgrp)
+                       {
+                               if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'})
+                               {
+                                       $customgrp{$key}[1]='';
+                                       $customgrp{$key}[1]=$rem;
+                               }       
+                       }
+                       &General::writehasharray("$configsrvgrp", \%customservicegrp);
+                       $errormessage='';
+                       $hint=$Lang::tr{'fwhost changeremark'};
+                       $fwhostsettings{'update'}='on';
+               }
+               #check if ruleupdate is needed
+               if($count > 0 )
+               {
+                       &rules;
+               }
+               &addgrp;
+               &viewtablegrp;
+       
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservice')
+{
+       my $ICMP;
+       
+       &General::readhasharray("$configsrv", \%customservice );
+       $errormessage=&checkports(\%customservice);
+       
+       if ($fwhostsettings{'PROT'} eq 'ICMP'){
+               &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+               foreach my $key (keys %icmptypes){
+                       if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+                                       $ICMP=$icmptypes{$key}[0];
+                       }
+               }
+       }
+       if($ICMP eq ''){$ICMP='BLANK';}
+       if (!$errormessage){
+               
+               my $key = &General::findhasharraykey (\%customservice);
+               foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
+               $customservice{$key}[0] = $fwhostsettings{'SRV_NAME'};
+               $customservice{$key}[1] = $fwhostsettings{'SRV_PORT'};
+               $customservice{$key}[2] = $fwhostsettings{'PROT'};
+               $customservice{$key}[3] = $ICMP;
+               $customservice{$key}[4] = 0;
+               &General::writehasharray("$configsrv", \%customservice );
+               #reset fields
+               $fwhostsettings{'SRV_NAME'}='';
+               $fwhostsettings{'SRV_PORT'}='';
+               $fwhostsettings{'PROT'}='';
+               $fwhostsettings{'ICMP_TYPES'}='';
+               
+       }
+       
+       &addservice;
+       
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
+{
+       my $prot;
+       my $port;
+       my $count=0;
+       &General::readhasharray("$configsrvgrp", \%customservicegrp );
+       &General::readhasharray("$configsrv", \%customservice );
+       
+       $errormessage=&checkservicegroup;
+       
+       if (!$errormessage){
+               #on first save, we have to enter a dummy value
+               if ($fwhostsettings{'CUST_SRV'} eq ''){$fwhostsettings{'CUST_SRV'}=$Lang::tr{'fwhost empty'};}
+               
+               #on update, we have to delete the dummy entry
+               foreach my $key (keys %customservicegrp){
+                       if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost empty'}){
+                               delete $customservicegrp{$key};
+                               last;
+                       }
+               }
+               &General::writehasharray("$configsrvgrp", \%customservicegrp );
+               #check if remark has also changed
+               if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $fwhostsettings{'updatesrvgrp'} eq 'on')
+               {
+                       foreach my $key (keys %customservicegrp)
+                       {
+                               if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'})
+                               {
+                                       $customservicegrp{$key}[1]='';
+                                       $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
+                               }       
+                       }
+               }
+               #get count used
+               foreach my $key (keys %customservicegrp)
+               {
+                       if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+                       {
+                               $count=$customservicegrp{$key}[5];
+                               last;
+                       }
+               }
+               if ($count eq '' ){$count='0';}
+                       
+               foreach my $key (sort keys %customservice){
+                       if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){
+                               $port=$customservice{$key}[1];
+                               $prot=$customservice{$key}[2];
+                               $customservice{$key}[4]++;
+                       }
+               }
+               &General::writehasharray("$configsrv", \%customservice );
+               
+               my $key = &General::findhasharraykey (\%customservicegrp);
+               foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";}
+               $customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'};
+               $customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'};
+               $customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'};
+               $customservicegrp{$key}[3] = $port;
+               $customservicegrp{$key}[4] = $prot;
+               $customservicegrp{$key}[5] = $count;
+               &General::writehasharray("$configsrvgrp", \%customservicegrp );
+               $fwhostsettings{'updatesrvgrp'}='on';
+       }
+       if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $errormessage){
+               foreach my $key (keys %customservicegrp)
+               {
+                       if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'})
+                       {
+                               $customservicegrp{$key}[1]='';
+                               $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
+                       }       
+               }
+               &General::writehasharray("$configsrvgrp", \%customservicegrp);
+               $errormessage='';
+               $hint=$Lang::tr{'fwhost changeremark'};
+               $fwhostsettings{'update'}='on';
+       }
+       if ($count gt 0){
+               &rules;
+       }
+       &addservicegrp;
+       &viewtableservicegrp;
+}
+# edit
+if ($fwhostsettings{'ACTION'} eq 'editnet')
+{
+       &addnet;
+       &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'edithost')
+{
+       &addhost;
+       &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq 'editgrp')
+{
+       $fwhostsettings{'update'}='on';
+       &addgrp;
+       &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservice')
+{
+       $fwhostsettings{'updatesrv'}='on';
+       &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservicegrp')
+{
+       $fwhostsettings{'updatesrvgrp'} = 'on';
+       &addservicegrp;
+       &viewtableservicegrp;
+}
+# reset
+if ($fwhostsettings{'ACTION'} eq 'resetnet')
+{
+       $fwhostsettings{'HOSTNAME'} ="";
+       $fwhostsettings{'IP'}           ="";
+       $fwhostsettings{'SUBNET'}       ="";
+       &showmenu;
+}
+if ($fwhostsettings{'ACTION'} eq 'resethost')
+{
+       $fwhostsettings{'HOSTNAME'} ="";
+       $fwhostsettings{'IP'}           ="";
+       $fwhostsettings{'type'}         ="";
+       &showmenu;
+}
+# delete
+if ($fwhostsettings{'ACTION'} eq 'delnet')
+{
+       &General::readhasharray("$confignet", \%customnetwork);
+       foreach my $key (keys %customnetwork) {
+               if($fwhostsettings{'key'} eq $customnetwork{$key}[0]){
+                       delete $customnetwork{$key};
+                       &General::writehasharray("$confignet", \%customnetwork);
+                       last;
+               }
+       }
+       &addnet;
+       &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'delhost')
+{
+       &General::readhasharray("$confighost", \%customhost);
+       foreach my $key (keys %customhost) {
+               if($fwhostsettings{'key'} eq $customhost{$key}[0]){
+                       delete $customhost{$key};
+                       &General::writehasharray("$confighost", \%customhost);
+                       last;
+               }
+       }
+       &addhost;
+       &viewtablehost;
+       
+}
+if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
+{
+       &General::readhasharray("$configgrp", \%customgrp);
+       foreach my $key (keys %customgrp){
+               if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
+                       #decrease count from source host/net
+                       if ($customgrp{$key}[3] eq 'Custom Network'){
+                               &General::readhasharray("$confignet", \%customnetwork);
+                               foreach my $key1 (keys %customnetwork){
+                                               if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+                                               $customnetwork{$key1}[3] = $customnetwork{$key1}[3]-1;
+                                               last;
+                                       }
+                               }
+                               &General::writehasharray("$confignet", \%customnetwork);
+                       }
+                       if ($customgrp{$key}[3] eq 'Custom Host'){
+                               &General::readhasharray("$confighost", \%customhost);
+                               foreach my $key1 (keys %customhost){
+                                       if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
+                                               $customhost{$key1}[3] = $customhost{$key1}[3]-1;
+                                               last;
+                                       }
+                               }
+                               &General::writehasharray("$confighost", \%customhost);
+                       }
+                       delete $customgrp{$key};
+               }
+       }
+       &General::writehasharray("$configgrp", \%customgrp);
+       &rules;
+       &addgrp;
+       &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrp')
+{
+       &General::readhasharray("$configgrp", \%customgrp);
+       &decrease($fwhostsettings{'grp_name'});
+       foreach my $key (sort keys %customgrp)
+       {
+               if($customgrp{$key}[0] eq $fwhostsettings{'grp_name'})
+               {
+                       delete $customgrp{$key};
+               }
+       }
+       &General::writehasharray("$configgrp", \%customgrp);
+       $fwhostsettings{'grp_name'}='';
+       &addgrp;
+       &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservice')
+{
+       &General::readhasharray("$configsrv", \%customservice);
+       foreach my $key (keys %customservice) {
+               if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+                       #&deletefromgrp($customhost{$key}[0],$configgrp);
+                       delete $customservice{$key};
+                       &General::writehasharray("$configsrv", \%customservice);
+                       last;
+               }
+       }
+       $fwhostsettings{'SRV_NAME'}='';
+       $fwhostsettings{'SRV_PORT'}='';
+       $fwhostsettings{'PROT'}='';
+       &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservicegrp')
+{
+       &General::readhasharray("$configsrvgrp", \%customservicegrp);
+       &decreaseservice($fwhostsettings{'SRVGRP_NAME'});
+       foreach my $key (sort keys %customservicegrp)
+       {
+               if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+               {
+                       delete $customservicegrp{$key};
+               }
+       }
+       &General::writehasharray("$configsrvgrp", \%customservicegrp);
+       $fwhostsettings{'SRVGRP_NAME'}='';
+       &addservicegrp;
+       &viewtableservicegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
+{
+       &General::readhasharray("$configsrvgrp", \%customservicegrp);
+       &General::readhasharray("$configsrv", \%customservice);
+       foreach my $key (keys %customservicegrp){
+               if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'})
+               {
+                       #decrease count from source service
+                       foreach my $key1 (sort keys %customservice){
+                               if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+                                       $customservice{$key1}[4]--;
+                                       last;
+                               }
+                       }
+                       &General::writehasharray("$configsrv", \%customservice);
+                       delete $customservicegrp{$key}
+               }
+       }
+       &General::writehasharray("$configsrvgrp", \%customservicegrp);
+       &rules;
+       &addservicegrp;
+       &viewtableservicegrp;
+       
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
+{
+       &addnet;
+       &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newhost'})
+{
+       &addhost;
+       &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'})
+{
+       &addgrp;
+       &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'})
+{
+       &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservicegrp'})
+{
+       &addservicegrp;
+       &viewtableservicegrp;
+}
+###  VIEW  ###
+if($fwhostsettings{'ACTION'} eq '')
+{
+       &showmenu;
+}
+###  FUNCTIONS  ###
+sub showmenu
+{
+       
+       &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
+       print<<END;
+       <table border='0' width='100%'><form method='post'>
+       <tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' /></td>
+       <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' /><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' /></td></tr>
+       <tr><td colspan='6'><hr></hr></td></tr></table></form>
+END
+       
+       &Header::closebox();
+       
+}
+# Add
+sub addnet
+{
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost addnet'});
+       $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+       print<<END;
+       <table border='0' width='100%'><form method='post' style='display:inline'  >
+       <tr><td>$Lang::tr{'name'}:</td><td><input type='TEXT' name='HOSTNAME' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'}></td><td>$Lang::tr{'fwhost netaddress'}</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='14'></td><td align='right'>$Lang::tr{'netmask'}:</td><td align='right'><input type='TEXT' name='SUBNET' value='$fwhostsettings{'SUBNET'}' $fwhostsettings{'BLK_IP'} size='14'></td></tr>
+       <tr><td colspan='6'><hr></hr></td></tr><tr>
+END
+       if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on')
+       {
+               print "<td colspan='6' align='right' ><input type='submit' value='$Lang::tr{'update'}'><input type='hidden' name='ACTION' value='updatenet'><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newnet' value='$fwhostsettings{'newnet'}'>";
+       }else{
+               print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='savenet'><input type='hidden' name='newnet' value='on'>";
+       }       
+       print "</form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' ><input type='hidden' name='ACTION' value='resetnet'></td></tr></table></form>";
+       &Header::closebox();
+}
+sub addhost
+{
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost addhost'});
+       $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+       print<<END;
+       <table border='0' width='100%'><form method='post' style='display:inline'>
+       <tr><td>$Lang::tr{'name'}:</td><td width='35%'><input type='TEXT' name='HOSTNAME' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} ></td><td><select name='type'>
+END
+       if ($fwhostsettings{'type'} eq 'ip'){print "<option value='ip' selected >IP</option>";}else{print "<option value='ip' >IP</option>";}
+       if ($fwhostsettings{'type'} eq 'mac'){print "<option value='mac' selected >MAC</option>";}else{print "<option value='mac' >MAC</option>";}
+       print<<END;
+       </option></select></td><td align='right' width='15%'>IP/MAC:</td><td align='right'><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} ></td></tr>
+       <tr><td colspan='7'><br><br><b>$Lang::tr{'fwhost attention'}</b><br>$Lang::tr{'fwhost macwarn'}</td></tr>
+       <tr><td colspan='7'><hr></hr></td></tr>
+END
+
+       if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on')
+       {
+               
+               print " <td colspan='6' align='right'><input type='submit' value='$Lang::tr{'update'}' /><input type='hidden' name='ACTION' value='updatehost'><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newhost' value='$fwhostsettings{'newhost'}'></form>";
+       }else{
+               print " <td colspan='6' align='right'><input type='submit' name='savehost' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='savehost' /><input type='hidden' name='newhost' value='on'>";
+       }       
+       print " </form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}'><input type='hidden' name='ACTION' value='resethost'></td></tr></table></form>";
+       &Header::closebox();
+}
+sub addgrp
+{
+       &hint;
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'});
+       &General::setup_default_networks(\%defaultNetworks);
+       my %checked=();
+       $checked{'check1'}{'off'} = '';
+       $checked{'check1'}{'on'} = '';
+       $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
+       $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+               
+               if ($fwhostsettings{'update'} eq ''){   
+                       print<<END;
+                       <table width='100%' border='0'><form method='post'>
+                       <tr><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='24'></td><td align='right'>$Lang::tr{'remark'}:</td><td align='right'><input type='TEXT' name='remark' size='30' value='$fwhostsettings{'remark'}'></tr>
+                       <tr><td colspan='5'><hr></td></tr></table>
+END
+               }else{
+                       print<<END;
+                       <table width='100%' border='0'><form method='post'>
+                       <tr><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp_name' size='24' value='$fwhostsettings{'grp_name'}' readonly ></td><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='remark' size='30' value='$fwhostsettings{'remark'}'></tr>
+                       <tr><td colspan='5'><hr></td></tr></table>
+END
+       
+               }
+               if ($fwhostsettings{'update'} eq 'on'){
+                       
+                               
+                       print<<END;
+                       <table width='100%' border='0'><tr><td width='1%'><input type='radio' name='grp2' value='std_net'  checked></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost stdnet'}</td><td><select name='DEFAULT_SRC_ADR' style='min-width:185px;'>
+                       
+END
+                       foreach my $network (sort keys %defaultNetworks)
+                       {
+                               next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+                               print "<option value='$defaultNetworks{$network}{'NAME'}'";
+                               print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
+                               print ">$network</option>";
+                       }
+       
+                       print<<END;
+                       </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net'  $checked{'grp2'}{'ovpn_net'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_NET' style='min-width:185px;'>
+END
+                       &General::readhasharray("$configccdnet", \%ccdnet);
+                       foreach my $key (sort { uc($ccdnet{$a}[0]) cmp uc($ccdnet{$b}[0]) }  keys %ccdnet)
+                       {
+                               print"<option value='$ccdnet{$key}[0]'>$ccdnet{$key}[0]</option>";
+                       }
+                       
+                       print<<END;
+                       </select></td></tr>
+                       <tr><td><input type='radio' name='grp2' value='cust_net' $checked{'grp2'}{'cust_net'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='CUST_SRC_NET' style='min-width:185px;'>
+END
+                       &General::readhasharray("$confignet", \%customnetwork);
+                       foreach my $key (sort { uc($customnetwork{$a}[0]) cmp uc($customnetwork{$b}[0]) } keys  %customnetwork) {
+                               print"<option>$customnetwork{$key}[0]</option>";
+                       }
+                       
+                       print<<END;
+                       </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_HOST' style='min-width:185px;'>
+END
+                       &General::readhasharray("$configccdhost", \%ccdhost);
+                       foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost)
+                       {
+                               if ($ccdhost{$key}[33] ne ''){
+                                       print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
+                               }
+                       }
+                       
+                       print<<END;
+                       </select></td></tr>
+                       <tr><td valign='top'><input type='radio' name='grp2' value='cust_host' $checked{'grp2'}{'cust_host'}></td><td valign='top'>$Lang::tr{'fwhost cust addr'}</td><td><select name='CUST_SRC_HOST' style='min-width:185px;'>
+END
+                       &General::readhasharray("$confighost", \%customhost);
+                       foreach my $key (sort { uc($customhost{$a}[0]) cmp uc($customhost{$b}[0]) } keys %customhost) {
+                               print"<option>$customhost{$key}[0]</option>";
+                       }
+                       print<<END;
+                       </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}></td><td valign='top'>$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='OVPN_N2N' style='min-width:185px;'>
+END
+                       &General::readhasharray("$configccdhost", \%ccdhost);
+                       foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) {
+                               if($ccdhost{$key}[3] eq 'net'){
+                                       print"<option>$ccdhost{$key}[1]</option>";
+                               }
+                       }
+                       print<<END;
+                       </select></td></tr>
+                       <tr><td colspan='3'></td><td valign='top'><input type='radio' name='grp2' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}></td><td valign='top'>$Lang::tr{'fwhost ipsec net'}</td><td><select name='IPSEC_NET' style='min-width:185px;'>
+END
+                       &General::readhasharray("$configipsec", \%ipsecconf);
+                       foreach my $key (sort { uc($ipsecconf{$a}[0]) cmp uc($ipsecconf{$b}[0]) } keys %ipsecconf) {
+                               if ($ipsecconf{$key}[3] eq 'net'){
+                                       print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
+                               }
+                       }
+                       print<<END;
+                       </select></td></tr></table>
+END
+#                      <td colspan='3'></td><td valign='top'><input type='radio' name='grp2' value='ipsec_host' $checked{'grp2'}{'ipsec_host'}></td><td valign='top'>$Lang::tr{'fwhost ipsec host'}</td><td><select name='IPSEC_HOST' style='min-width:185px;'>
+#END
+#                      &General::readhasharray("$configipsec", \%ipsecconf);
+#                      foreach my $key (sort { uc($ipsecconf{$a}[0]) cmp uc($ipsecconf{$b}[0]) } keys %ipsecconf) {
+#                              if ($ipsecconf{$key}[3] eq 'host'){
+#                                      print"<option>$ipsecconf{$key}[1]</option>";
+#                              }
+#                      }
+#                      print<<END;
+#                      </select></td></tr>
+#                      <tr>
+                       print<<END;
+                       <br><br><br>
+                       <b>$Lang::tr{'fwhost attention'}:</b><br>
+                       $Lang::tr{'fwhost macwarn'}<br><hr>
+END
+               }
+               print<<END;
+               <table border='0' width='100%'>
+               <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+               </table></form>
+END
+       
+       &Header::closebox();
+}
+sub addservice
+{
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservice'});
+       if ($fwhostsettings{'updatesrv'} eq 'on')
+       {
+               $fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
+               $fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
+               $fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+       }
+       print<<END;
+       <table width='100%' border='0'><form method='post'>
+       <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' value='$fwhostsettings{'SRV_NAME'}'></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+END
+       foreach ("TCP","UDP","ICMP")
+       {
+               if ($_ eq $fwhostsettings{'PROT'})
+               {
+                       print"<option selected>$_</option>";
+               }else{
+                       print"<option>$_</option>";
+               }
+       }
+       print<<END;
+       </select></td><td>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='9'></td></tr>
+       <tr><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='4'><select name='ICMP_TYPES'>
+END
+       &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+       print"<option>All ICMP-Types</option>";
+       foreach my $key (sort { uc($icmptypes{$a}[0]) cmp uc($icmptypes{$b}[0]) }keys %icmptypes){
+               print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+       }
+       
+       print<<END;
+       </select></td>
+       <tr><td colspan='6'><hr></td></tr>
+       <tr><td colspan='6' align='right'>
+END
+       if ($fwhostsettings{'updatesrv'} eq 'on')
+       {
+               print<<END;
+               <input type='submit' value='$Lang::tr{'fwhost change'}'>
+               <input type='hidden' name='ACTION' value='updateservice'>
+               <input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
+               <input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
+               <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+END
+               
+       }else{  
+               print"<input type='submit' value='$Lang::tr{'save'}'><input type='hidden' name='ACTION' value='saveservice'></form>";
+       }
+       print<<END;
+       <form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost reset'}'></form></td></tr>
+       </table></form>
+       
+       
+END
+       &Header::closebox();
+       &viewtableservice;
+}
+sub addservicegrp
+{
+       &hint;
+       &error;
+       &showmenu;
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservicegrp'});
+       $fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'};
+       
+       if ($fwhostsettings{'updatesrvgrp'} eq ''){
+               print<<END;
+               <table width='100%' border='0'><form method='post'>
+               <tr><td>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'></td><td>$Lang::tr{'remark'}:</td><td width='1%'><input type='text' name='SRVGRP_REMARK' size='35' value='$fwhostsettings{'SRVGRP_REMARK'}'></td></tr>
+               <tr><td colspan='4'><hr></td></td></tr>
+               </table>
+END
+       }else{
+               print<<END;
+               <table width='100%' border='0'><form method='post'>
+               <tr><td>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}' readonly ></td><td>$Lang::tr{'remark'}:</td><td width='1%'><input type='text' name='SRVGRP_REMARK' size='35' value='$fwhostsettings{'SRVGRP_REMARK'}'></td></tr>
+               <tr><td colspan='4'><hr></td></td></tr>
+               </table>
+END
+       }
+       if($fwhostsettings{'updatesrvgrp'} eq 'on'){
+               
+               
+       print<<END;
+       <table width='100%' border='0'>
+       <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+END
+       &General::readhasharray("$configsrv", \%customservice);
+       foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) }  keys %customservice)
+       {
+               print "<option>$customservice{$key}[0]</option>";
+       }
+       print<<END;
+       </select></td></tr>
+       <tr><td colspan='4'><br><br><br></td></tr>
+       <tr><td colspan='4'><hr></td></tr>
+       </table>
+END
+       }
+       print<<END;
+       <table width='100%'>
+       <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='oldsrvgrpremark' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='saveservicegrp' ></form> <form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}'></td></tr>
+       </table></form>
+END
+       
+       &Header::closebox();
+}
+# View
+sub viewtablenet
+{
+       if(! -z $confignet){
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'});
+               &General::readhasharray("$confignet", \%customnetwork);
+               if (!keys %customnetwork) 
+               { 
+                       print "<center><b>$Lang::tr{'fwhost empty'}</b>"; 
+               }else{
+                       print<<END;
+                       <table border='0' width='100%'>
+                       <tr><td align='center'><b>$Lang::tr{'name'}</td><td align='center'><b>$Lang::tr{'fwhost netaddress'}</td><td align='center'><b>$Lang::tr{'netmask'}</td><td align='center'><b>$Lang::tr{'used'}</td><td></td><td width='3%'></td></tr>
+END
+               }
+               my $count=0;
+               foreach my $key (sort { uc($customnetwork{$a}[0]) cmp uc($customnetwork{$b}[0]) } keys %customnetwork) {
+                       if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) {
+                               print" <tr bgcolor='${Header::colouryellow}'>";
+                       }elsif ($count % 2)
+                       { 
+                               print" <tr bgcolor='$color{'color22'}'>";
+                       }else
+                       {
+                               print" <tr bgcolor='$color{'color20'}'>";
+                       }
+                       print<<END;
+                       <td width='40%'><form method='post'>$customnetwork{$key}[0]</td><td width=25%'>$customnetwork{$key}[1]</td><td width='25%'>$customnetwork{$key}[2]</td><td align='center'>$customnetwork{$key}[3] x</td>
+                       <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+                       <input type='hidden' name='ACTION' value='editnet'>
+                       <input type='hidden' name='HOSTNAME' value='$customnetwork{$key}[0]' />
+                       <input type='hidden' name='IP' value='$customnetwork{$key}[1]' />
+                       <input type='hidden' name='SUBNET' value='$customnetwork{$key}[2]' />
+                       </td></form>
+END
+                       if($customnetwork{$key}[3] == '0')
+                       {
+                               print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delnet' /><input type='hidden' name='key' value='$customnetwork{$key}[0]' /></td></form></tr>";
+                       }else{
+                               print"<td></td></form></tr>";
+                       }
+                       $count++;
+               }
+               print"</table>";
+               &Header::closebox();
+       }       
+
+}
+sub viewtablehost
+{
+       if (! -z $confighost){
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
+               &General::readhasharray("$confighost", \%customhost);
+               if (!keys %customhost) 
+               { 
+                       print "<center><b>$Lang::tr{'fwhost empty'}</b>"; 
+               }else{
+               print<<END;
+               <table border='0' width='100%'>
+               <tr><td align='center'><b>$Lang::tr{'name'}</td><td align='center'><b>$Lang::tr{'fwhost ip_mac'}</td><td align='center'><b>$Lang::tr{'used'}</td><td></td><td width='3%'></td></tr>
+END
+       }
+               my $count=0;
+               foreach my $key (sort { uc($customhost{$a}[0]) cmp uc($customhost{$b}[0]) } keys %customhost) {
+                       if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) {
+                               print" <tr bgcolor='${Header::colouryellow}'>";
+                       }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
+                       else{            print" <tr bgcolor='$color{'color20'}'>";}
+                       my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
+                       print<<END;
+                       <td width='40%'><form method='post'>$customhost{$key}[0]</td><td width='50%'>$customhost{$key}[2]</td><td align='center'>$customhost{$key}[3] x</td>
+                       <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+                       <input type='hidden' name='ACTION' value='edithost' />
+                       <input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
+                       <input type='hidden' name='IP' value='$ip' />
+                       <input type='hidden' name='type' value='$customhost{$key}[1]' />
+                       </td></form>
+END
+                       if($customhost{$key}[3] == '0')
+                       {
+                               print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delhost' /><input type='hidden' name='key' value='$customhost{$key}[0]' /></td></form></tr>";
+                       }else{
+                               print"<td width='1%'></td></tr>";
+                       }
+                       $count++;
+               }
+               print"</table>";
+               &Header::closebox();
+       }
+}
+sub viewtablegrp
+{
+       if(! -z "$configgrp"){
+       &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust grp'});
+       &General::readhasharray("$configgrp", \%customgrp);
+       &General::readhasharray("$configipsec", \%ipsecconf);
+       &General::readhasharray("$configccdhost", \%ccdhost);
+       &General::readhasharray("$configccdnet", \%ccdnet);
+       &General::readhasharray("$confighost", \%customhost);
+       &General::readhasharray("$confignet", \%customnetwork);
+       my @grp=();
+       my $helper='';
+       my $count=0;
+       my $grpname;
+       my $remark;
+       my $number=keys %customgrp;
+       if (!keys %customgrp) 
+       { 
+               print "<center><b>$Lang::tr{'fwhost empty'}</b>"; 
+       }else{
+               foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } sort { uc($customgrp{$a}[2]) cmp uc($customgrp{$b}[2]) } keys %customgrp){
+                       
+                       $count++;
+                       if ($helper ne $customgrp{$key}[0]){
+                               $grpname=$customgrp{$key}[0];
+                               $remark=$customgrp{$key}[1];
+                               if($count >=2){print"</table>";}
+                               print "<br><b><u>$grpname</u></b> &nbsp &nbsp";
+                               print " <b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp " if ($remark ne '');
+                               print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4] x";
+                               if($customgrp{$key}[4] == '0')
+                               {
+                                       print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
+                               }
+                               print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='remark' value='$remark' ><input type='hidden' name='ACTION' value='editgrp'></form>";
+                               print"<table width='100%' style='border: 1px solid  #000000;' rules='none' ><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'ip address'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost type'}</td></tr>";
+                       }
+                       if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) {
+                               print" <tr bgcolor='${Header::colouryellow}'>";
+                               }elsif ($count %2 == 0){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+                       my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]); 
+                       if ($ip eq ''){print"<tr bgcolor='${Header::colouryellow}'>";}
+                       
+                       
+                       print "<td width='39%'>";
+                       if($customgrp{$key}[3] eq 'Standard Network'){
+                               print &get_name($customgrp{$key}[2])."</td>";
+                       }else{
+                               print "$customgrp{$key}[2]</td>";
+                       }
+                       if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){
+                               print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";   
+                       }else{
+                               print"<td>$ip</td><td>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+                       }
+                       if ($number gt '1' && $ip ne ''){
+                               print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+                       }
+                       print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
+                       
+                       $helper=$customgrp{$key}[0];
+               }
+               print"</table>";
+               
+       }
+       &Header::closebox();
+}
+
+}
+sub viewtableservice
+{
+       my $count=0;
+       if(! -z "$configsrv")
+       {
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost services'});
+               &General::readhasharray("$configsrv", \%customservice);
+               print<<END;
+                       <table width='100%' border='0'>
+                       <tr><td align='center'><b>$Lang::tr{'fwhost srv_name'}</td><td align='center'><b>$Lang::tr{'fwhost prot'}</td><td align='center'><b>$Lang::tr{'fwhost port'}</td><td align='center'><b>ICMP</td><td align='center'><b>$Lang::tr{'fwhost used'}</td><td></td><td width='3%'></td></tr>
+END
+               foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice)
+               {
+                       $count++;
+                       if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) {
+                               print" <tr bgcolor='${Header::colouryellow}'>";
+                       }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}else{    print" <tr bgcolor='$color{'color20'}'>";}
+                       print<<END;
+                       <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
+END
+                       if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
+               
+                       print<<END;
+                       </td><td align='center'>$customservice{$key}[4]x</td>
+                       <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
+                       <input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
+                       <input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
+                       <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+END
+                       if ($customservice{$key}[4] eq '0')
+                       {
+                               print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delservice' /><input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]'></td></tr></form>";
+                       }else{
+                               print"<td></td></tr>";
+                       }
+               }
+               print"</table>";
+               &Header::closebox();
+       }
+}
+sub viewtableservicegrp
+{
+       my $count=0;
+       my $grpname;
+       my $remark;
+       my $helper;
+       if (! -z $configsrvgrp){
+       
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
+               &General::readhasharray("$configsrvgrp", \%customservicegrp);
+               my $number= keys %customservicegrp;
+               foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) }  keys %customservicegrp){
+                       $count++;
+                       if ($helper ne $customservicegrp{$key}[0]){
+                               $grpname=$customservicegrp{$key}[0];
+                               $remark=$customservicegrp{$key}[1];
+                               if($count >=2){print"</table>";}
+                               print "<br><b><u>$grpname</u></b> &nbsp &nbsp ";
+                               print "<b>$Lang::tr{'remark'}:</b>&nbsp $remark " if ($remark ne '');
+                               print "&nbsp <b>$Lang::tr{'used'}:</b> $customservicegrp{$key}[5] x";
+                               if($customservicegrp{$key}[5] == '0')
+                               {
+                                       print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
+                               }
+                               print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='SRVGRP_REMARK' value='$remark' ><input type='hidden' name='ACTION' value='editservicegrp'></form>";
+                               print"<table width='100%' style='border: 1px solid  #000000;' rules='none' ><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'port'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost prot'}</td></tr>";
+                       }
+                       if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) {
+                               print" <tr bgcolor='${Header::colouryellow}'>";
+                               }elsif ($count %2 == 0){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+                               print "<td width='39%'>$customservicegrp{$key}[2]</td>";
+                               print"<td align='center'>$customservicegrp{$key}[3]</td><td align='center'>$customservicegrp{$key}[4]</td><td width='1%'><form method='post'>";
+                               if ($number gt '1'){
+                                       print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+                               }
+                               print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+                               $helper=$customservicegrp{$key}[0];
+               }
+               print"</table>";
+               &Header::closebox();
+       }
+}
+# Check
+sub checkname
+{
+       my %hash=%{(shift)};
+       foreach my $key (keys %hash) {
+               if($hash{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+                       return 0;
+               }
+       }
+       return 1;
+       
+}
+sub checkip
+{
+       
+       my %hash=%{(shift)};
+       my $a=shift;
+       foreach my $key (keys %hash) {
+               if($hash{$key}[$a] eq $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'})){
+                       return 0;
+               }
+       }
+       return 1;
+}
+sub checksubnet
+{
+       
+       my %hash=%{(shift)};
+       &General::readhasharray("$confignet", \%hash);
+       foreach my $key (keys %hash) {
+               if(&General::IpInSubnet($fwhostsettings{'IP'},$hash{$key}[1],$hash{$key}[2]))
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub checkservicegroup
+{
+       &General::readhasharray("$configsrvgrp", \%customservicegrp);
+       
+       
+       #check name
+       if ( ! &General::validhostname($fwhostsettings{'SRVGRP_NAME'}))
+       {
+               $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+               return $errormessage;
+       }
+       #check remark
+       if ( ($fwhostsettings{'SRVGRP_REMARK'} ne '') && (! &validhostname($fwhostsettings{'SRVGRP_REMARK'})))
+       {
+               $errormessage.=$Lang::tr{'fwhost err remark'}."<br>";
+       }
+       #check empty selectbox
+       if (keys %customservice lt 1)
+       {
+               $errormessage.=$Lang::tr{'fwhost err groupempty'}."<br>";
+       }
+       
+       #check if name already exists
+       if ($fwhostsettings{'updatesrvgrp'} ne 'on'){
+               foreach my $key (keys %customservicegrp) {
+                       if( $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} ){
+                               $errormessage.=$Lang::tr{'fwhost err grpexist'}."<br>";
+                       
+                       }
+               }
+       }
+       #check if service already exists in group
+       foreach my $key (keys %customservicegrp) {
+                       if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[2] eq $fwhostsettings{'CUST_SRV'} ){
+                               $errormessage.=$Lang::tr{'fwhost err srvexist'}."<br>";
+                       
+                       }
+               }
+       
+       
+       
+       return $errormessage;
+}
+sub error
+{
+       if ($errormessage) {
+               &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+               print "<class name='base'>$errormessage\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+       }
+}
+sub hint
+{
+       if ($hint) {
+               &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+               print "<class name='base'>$hint\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+       }
+}
+sub get_name
+{
+       my $val=shift;
+       &General::setup_default_networks(\%defaultNetworks);
+       foreach my $network (sort keys %defaultNetworks)
+       {
+               return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+       }       
+}
+sub deletefromgrp
+{
+       my $target=shift;
+       my $config=shift;
+       my %hash=();
+       &General::readhasharray("$config",\%hash);
+       foreach my $key (keys %hash) {
+               $errormessage.="lese $hash{$key}[2] und $target<br>";
+               if($hash{$key}[2] eq $target){
+                       
+                       delete $hash{$key};
+                       $errormessage.="Habe $target aus Gruppe gelöscht!<br>";
+               }
+       }
+       &General::writehasharray("$config",\%hash);
+       
+}
+sub plausicheck
+{
+       
+       my $edit=shift;
+       #check hostname
+       if (!&General::validhostname($fwhostsettings{'HOSTNAME'}))
+       {
+               $errormessage=$errormessage.$Lang::tr{'fwhost err name'};
+               $fwhostsettings{'BLK_IP'}='readonly';
+               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+       }
+       #check if name collides with CCD Netname
+
+       &General::readhasharray("$configccdnet", \%ccdnet);
+       foreach my $key (keys %ccdnet) {
+               if($ccdnet{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+                       $errormessage=$errormessage.$Lang::tr{'fwhost err isccdnet'};;
+                       $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+                       if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+                       last;
+               }
+       }
+
+       #check if IP collides with CCD NetIP
+       if ($fwhostsettings{'type'} ne 'mac'){
+               &General::readhasharray("$configccdnet", \%ccdnet);
+               foreach my $key (keys %ccdnet) {
+                       my $test=(&General::getnetworkip($fwhostsettings{'IP'},&General::iporsubtocidr($fwhostsettings{'SUBNET'})))."/".$fwhostsettings{'SUBNET'};
+                       if($ccdnet{$key}[1] eq $test){
+                               $errormessage=$errormessage.$Lang::tr{'fwhost err isccdipnet'};
+                               $fwhostsettings{'IP'} = $fwhostsettings{'orgip'};
+                               $fwhostsettings{'SUBNET'} = $fwhostsettings{'orgsubnet'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+                               last;
+                       }
+               }
+       }
+       
+       
+       
+       #check if name collides with CCD Hostname
+       &General::readhasharray("$configccdhost", \%ccdhost);
+       foreach my $key (keys %ccdhost) {
+               my ($ip,$sub)=split(/\//,$ccdhost{$key}[33]);
+               if($ip eq $fwhostsettings{'IP'}){
+                       $errormessage=$Lang::tr{'fwhost err isccdiphost'};
+                       if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+                       last;
+               }
+       }
+       #check if IP collides with CCD HostIP (only hosts)
+       if ($edit eq 'edithost')
+       {
+               foreach my $key (keys %ccdhost) {
+                       if($ccdhost{$key}[1] eq $fwhostsettings{'HOSTNAME'}){
+                               $errormessage=$Lang::tr{'fwhost err isccdhost'};
+                               $fwhostsettings{'IP'} = $fwhostsettings{'orgname'};
+                               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+                               last;
+                       }
+               }
+       }
+       #check if network with this name already exists
+       &General::readhasharray("$confignet", \%customnetwork);
+       if (!&checkname(\%customnetwork))
+       {
+               $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err netexist'};
+               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+       }       
+       #check if network ip already exists             
+       if (!&checkip(\%customnetwork,1))
+       {
+               $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err net'};
+               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+       }       
+       #check if host with this name already exists
+       &General::readhasharray("$confighost", \%customhost);
+       if (!&checkname(\%customhost))
+       {
+               $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err hostexist'};
+               $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+               if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+       }
+       #check if host with this ip already exists
+       if (!&checkip(\%customhost,2))
+       {
+               $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err ipcheck'};
+               
+       }
+               
+       
+       return;
+}
+sub getipforgroup
+{
+       my $name=$_[0],
+       my $type=$_[1];
+       my $value;
+       
+       #get address from IPSEC NETWORK
+       if ($type eq 'IpSec Network'){
+               foreach my $key (keys %ipsecconf) {
+                       if ($ipsecconf{$key}[1] eq $name){
+                               return $ipsecconf{$key}[11];
+                       }
+               }
+               &deletefromgrp($name,$configgrp);
+       }
+       
+       #get address from IPSEC HOST
+       if ($type eq 'IpSec Host'){
+               foreach my $key (keys %ipsecconf) {
+                       if ($ipsecconf{$key}[1] eq $name){
+                               return $ipsecconf{$key}[10];
+                       }
+               }
+               &deletefromgrp($name,$configgrp);
+       }
+               
+       #get address from ovpn ccd Net-2-Net
+       if ($type eq 'OpenVPN N-2-N'){
+               foreach my $key (keys %ccdhost) {
+                       if($ccdhost{$key}[1] eq $name){
+                               my ($a,$b) = split ("/",$ccdhost{$key}[11]);
+                               $b=&General::iporsubtodec($b);
+                               return "$a/$b";
+                       }
+               }
+               &deletefromgrp($name,$configgrp);
+       }
+       
+       #get address from ovpn ccd static host
+       if ($type eq 'OpenVPN static host'){
+               foreach my $key (keys %ccdhost) {
+                       if($ccdhost{$key}[1] eq $name){
+                               my ($a,$b) = split (/\//,$ccdhost{$key}[33]);
+                               $b=&General::iporsubtodec($b);
+                               return "$a/$b";
+                       }
+               }
+               &deletefromgrp($name,$configgrp);
+       }
+       
+       #get address from  ovpn ccd static net
+       if ($type eq 'OpenVPN static network'){
+               foreach my $key (keys %ccdnet) {
+                       if ($ccdnet{$key}[0] eq $name){
+                               my ($a,$b) = split (/\//,$ccdnet{$key}[1]);
+                               $b=&General::iporsubtodec($b);
+                               return "$a/$b";
+                       }
+               }
+       }
+       
+       #check custom addresses
+       if ($type eq 'Custom Host'){
+               foreach my $key (keys %customhost) {
+                       if ($customhost{$key}[0] eq $name){
+                               return $customhost{$key}[2];
+                       }
+               }
+       }
+       
+       ##check custom networks
+       if ($type eq 'Custom Network'){
+               foreach my $key (keys %customnetwork) {
+                       if($customnetwork{$key}[0] eq $name){
+                               return $customnetwork{$key}[1]."/".$customnetwork{$key}[2];
+                       }
+               }
+       }
+       
+       #check standard networks
+       if ($type eq 'Standard Network'){
+               if ($name =~ /OpenVPN/i){
+                       my %ovpn=();
+                       &General::readhash("${General::swroot}/ovpn/settings",\%ovpn);
+                       return $ovpn{'DOVPN_SUBNET'};
+               }
+               if ($name eq 'GREEN'){
+                       my %hash=();
+                       &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+                       return $hash{'GREEN_NETADDRESS'}."/".$hash{'GREEN_NETMASK'};
+               }
+               if ($name eq 'BLUE'){
+                       my %hash=();
+                       &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+                       return $hash{'BLUE_NETADDRESS'}."/".$hash{'BLUE_NETMASK'};
+               }
+               if ($name eq 'ORANGE'){
+                       my %hash=();
+                       &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+                       return $hash{'ORANGE_NETADDRESS'}."/".$hash{'ORANGE_NETMASK'};
+               }
+               if ($name eq 'ALL'){
+                       return "0.0.0.0/0.0.0.0";
+               }
+               if ($name =~ /IPsec/i){
+                       my %hash=();
+                       &General::readhash("${General::swroot}/vpn/settings",\%hash);
+                       return $hash{'RW_NET'};
+               }
+       }
+}
+sub rules
+{
+       system ("/usr/local/bin/forwardfwctrl");
+       system("rm ${General::swroot}/forward/reread");
+}
+sub decrease
+{
+       my $grp=$_[0];
+       &General::readhasharray("$confignet", \%customnetwork);
+       &General::readhasharray("$confighost", \%customhost);
+       foreach my $key (sort keys %customgrp ){
+               if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){
+                       foreach my $key1 (sort keys %customnetwork){
+                               if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+                                       $customnetwork{$key1}[3]=$customnetwork{$key1}[3]-1;
+                                       last;
+                               }
+                       }
+               }
+               
+               if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){
+                       foreach my $key2 (sort keys %customhost){
+                               if ($customhost{$key2}[0] eq $customgrp{$key}[2]){
+                                       $customhost{$key2}[3]=$customhost{$key2}[3]-1;
+                                       last;
+                               }
+                       }
+                               
+               }
+       }
+       &General::writehasharray("$confignet", \%customnetwork);
+       &General::writehasharray("$confighost", \%customhost);
+}
+sub decreaseservice
+{
+       my $grp=$_[0];
+       &General::readhasharray("$configsrv", \%customservice);
+       &General::readhasharray("$configsrvgrp", \%customservicegrp);
+       
+       foreach my $key (sort keys %customservicegrp){
+               if ($customservicegrp{$key}[0] eq $grp ){
+                       foreach my $key2 (sort keys %customservice){
+                               if ($customservice{$key2}[0] eq $customservicegrp{$key}[2]){
+                                       $customservice{$key2}[4]--;
+                               }
+                       }
+               }
+       }
+       &General::writehasharray("$configsrv", \%customservice);
+       
+}
+sub checkports
+{
+       
+       my %hash=%{(shift)};
+       #check empty fields
+       if ($fwhostsettings{'SRV_NAME'} eq '' ){
+               $errormessage=$Lang::tr{'fwhost err name1'};
+       }
+       if ($fwhostsettings{'SRV_PORT'} eq '' && $fwhostsettings{'PROT'} ne 'ICMP'){
+               $errormessage=$Lang::tr{'fwhost err port'};
+       }
+       #check valid name
+       if (! &General::validhostname($fwhostsettings{'SRV_NAME'})){
+               $errormessage="<br>".$Lang::tr{'fwhost err name'};
+       }
+       #change dashes with :
+       $fwhostsettings{'SRV_PORT'}=~ tr/-/:/;
+               
+       if ($fwhostsettings{'SRV_PORT'} eq "*") {
+               $fwhostsettings{'SRV_PORT'} = "1:65535";
+       }
+       if ($fwhostsettings{'SRV_PORT'} =~ /^(\D)\:(\d+)$/) {
+               $fwhostsettings{'SRV_PORT'} = "1:$2";
+       }
+       if ($fwhostsettings{'SRV_PORT'} =~ /^(\d+)\:(\D)$/) {
+               $fwhostsettings{'SRV_PORT'} = "$1:65535";
+       }
+       if($fwhostsettings{'PROT'} ne 'ICMP'){
+               $errormessage = $errormessage.&General::validportrange($fwhostsettings{'SRV_PORT'}, 'src');
+       }
+       # a new service has to have a different name
+       foreach my $key (keys %hash){
+               if ($hash{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+                       $errormessage = "<br>".$Lang::tr{'fwhost err srv exists'};
+                       last;
+               }
+       }
+       return $errormessage;
+}
+sub validhostname
+{
+       # Checks a hostname against RFC1035
+        my $hostname = $_[0];
+
+       # Each part should be at least two characters in length
+       # but no more than 63 characters
+       if (length ($hostname) < 1 || length ($hostname) > 63) {
+               return 0;}
+       # Only valid characters are a-z, A-Z, 0-9 and -
+       if ($hostname !~ /^[a-zA-ZäöüÖÄÜ0-9-\s]*$/) {
+               return 0;}
+       # First character can only be a letter or a digit
+       if (substr ($hostname, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) {
+               return 0;}
+       # Last character can only be a letter or a digit
+       if (substr ($hostname, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) {
+               return 0;}
+       return 1;
+}
+
+&Header::closebigbox();
+&Header::closepage();