require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
-
+use File::Path;
my $debug = 1;
my @include = "";
my ($Sekunden, $Minuten, $Stunden, $Monatstag, $Monat, $Jahr, $Wochentag, $Jahrestag, $Sommerzeit) = localtime(time);
system("cd / && tar -xvz -p -f /tmp/restore.ipf");
#Here some converter scripts to correct old Backups (before core 65)
system("/usr/sbin/ovpn-ccd-convert");
-}
+ #OUTGOINGFW CONVERTER
+ if( -d "${General::swroot}/outgoing"){
+ if( -f "${General::swroot}/forward/config" ){
+ unlink("${General::swroot}/forward/config");
+ system("touch ${General::swroot}/forward/config");
+ chown 99,99,"${General::swroot}/forward/config";
+ }
+ if( -f "${General::swroot}/forward/outgoing" ){
+ unlink("${General::swroot}/forward/outgoing");
+ system("touch ${General::swroot}/forward/outgoing");
+ chown 99,99,"${General::swroot}/forward/outgoing";
+ }
+ unlink("${General::swroot}/fwhosts/customgroups");
+ unlink("${General::swroot}/fwhosts/customhosts");
+ unlink("${General::swroot}/fwhosts/customgroups");
+ unlink("${General::swroot}/fwhosts/customnetworks");
+ unlink("${General::swroot}/fwhosts/customservicegrp");
+ unlink("${General::swroot}/fwhosts/customnetworks");
+ system("touch ${General::swroot}/fwhosts/customgroups");
+ system("touch ${General::swroot}/fwhosts/customhosts");
+ system("touch ${General::swroot}/fwhosts/customnetworks");
+ system("touch ${General::swroot}/fwhosts/customservicegrp");
+ #START CONVERTER "OUTGOINGFW"
+ system("/usr/sbin/convert-outgoingfw");
+ chown 99,99,"${General::swroot}/fwhosts/customgroups";
+ chown 99,99,"${General::swroot}/fwhosts/customhosts";
+ chown 99,99,"${General::swroot}/fwhosts/customnetworks";
+ chown 99,99,"${General::swroot}/fwhosts/customservicegrp";
+ #START CONVERTER "OUTGOINGFW"
+ rmtree("${General::swroot}/outgoing");
+ }
+ #XTACCESS CONVERTER
+ if( -d "${General::swroot}/xtaccess"){
+ if( -f "${General::swroot}/forward/input" ){
+ unlink("${General::swroot}/forward/input");
+ system("touch ${General::swroot}/forward/input");
+ }
+ #START CONVERTER "XTACCESS"
+ system("/usr/sbin/convert-xtaccess");
+ chown 99,99,"${General::swroot}/forward/input";
+ rmtree("${General::swroot}/xtaccess");
+ }
+ #DMZ-HOLES CONVERTER
+ if( -d "${General::swroot}/dmzholes"){
+ if( -f "${General::swroot}/forward/dmz" ){
+ unlink("${General::swroot}/forward/dmz");
+ system("touch ${General::swroot}/forward/dmz");
+ }
+ #START CONVERTER "DMZ-HOLES"
+ system("/usr/sbin/convert-dmz");
+ chown 99,99,"${General::swroot}/forward/dmz";
+ rmtree("${General::swroot}/dmzholes");
+ }
+ #PORTFORWARD CONVERTER
+ if( -d "${General::swroot}/portfw"){
+ if( -f "${General::swroot}/forward/nat" ){
+ unlink("${General::swroot}/forward/nat");
+ system("touch ${General::swroot}/forward/nat");
+ }
+ #START CONVERTER "PORTFW"
+ system("/usr/sbin/convert-portfw");
+ chown 99,99,"${General::swroot}/forward/nat";
+ rmtree("${General::swroot}/portfw");
+ }
+ system("/usr/local/bin/forwardfwctrl");
+ }
elsif ($ARGV[0] eq 'restoreaddon') {
if ( -e "/tmp/$ARGV[1]" ){system("mv /tmp/$ARGV[1] /var/ipfire/backup/addons/backup/$ARGV[1]");}
system("cd / && tar -xvz -p -f /var/ipfire/backup/addons/backup/$ARGV[1]");
*.tmp
/var/ipfire/ethernet/settings
+/var/ipfire/forward/bin/*
/var/ipfire/proxy/calamaris/bin/*
/var/ipfire/qos/bin/qos.pl
/var/ipfire/urlfilter/blacklists/*/*.db
+/var/ipfire/forward/bin/*
/var/ipfire/auth/users
/var/ipfire/dhcp/*
/var/ipfire/dnsforward/*
+/var/ipfire/forward
+/var/ipfire/fwhosts
/var/ipfire/main/*
-/var/ipfire/outgoing/groups
-/var/ipfire/outgoing/macgroups
-/var/ipfire/outgoing/rules
-/var/ipfire/outgoing/p2protocols
-/var/ipfire/dmzholes
-/var/ipfire/xtaccess
-/var/ipfire/portfw
/var/ipfire/ovpn
/var/ipfire/ppp
/var/ipfire/proxy
$logmessage = $1;
system('logger', '-t', $tag, $logmessage);
}
+sub setup_default_networks
+{
+ my %netsettings=();
+ my $defaultNetworks = shift;
+
+ &readhash("/var/ipfire/ethernet/settings", \%netsettings);
+
+ # Get current defined networks (Red, Green, Blue, Orange)
+ $defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0";
+ $defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL";
+
+ $defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN";
+
+ if ($netsettings{'RED_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'IPT'} = "$netsettings{'RED_NETADDRESS'}/$netsettings{'RED_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NAME'} = "RED";
+ }
+ if ($netsettings{'ORANGE_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE";
+ }
+
+ if ($netsettings{'BLUE_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE";
+ }
+
+ #IPFire himself
+ $defaultNetworks->{'IPFire'}{'NAME'} = "IPFire";
+
+ # OpenVPN
+ if(-e "${General::swroot}/ovpn/settings")
+ {
+ my %ovpnSettings = ();
+ &readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+
+ # OpenVPN on Red?
+ if(defined($ovpnSettings{'DOVPN_SUBNET'}))
+ {
+ my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'});
+ $sub=&General::iporsubtocidr($sub);
+ my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'});
+ $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'ADR'} = $tempovpnsubnet[0];
+ $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'NAME'} = "OpenVPN-Dyn";
+ }
+ } # end OpenVPN
+ # IPsec RW NET
+ if(-e "${General::swroot}/vpn/settings")
+ {
+ my %ipsecsettings = ();
+ &readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+ if($ipsecsettings{'RW_NET'} ne '')
+ {
+ my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
+ $sub=&General::iporsubtocidr($sub);
+ my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
+ $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
+ $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
+ }
+ }
+}
+sub get_aliases
+{
+
+ my $defaultNetworks = shift;
+ open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+ my @current = <FILE>;
+ close(FILE);
+ my $ctr = 0;
+ foreach my $line (@current)
+ {
+ if ($line ne ''){
+ chomp($line);
+ my @temp = split(/\,/,$line);
+ if ($temp[2] eq '') {
+ $temp[2] = "Alias $ctr : $temp[0]";
+ }
+ $defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
+
+ $ctr++;
+ }
+ }
+}
sub readhash
{
"--color=SHADEA".$color{"color19"},
"--color=SHADEB".$color{"color19"},
"--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-FORWARD/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-INPUT/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+ "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "CDEF:amount=output,input,newnotsyn,+,+",
- "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
- "AREA:amount".$color{"color24"}."A0:".sprintf("%-20s",$Lang::tr{'firewallhits'}),
- "GPRINT:amount:MAX:%8.1lf %sBps",
- "GPRINT:amount:AVERAGE:%8.1lf %sBps",
- "GPRINT:amount:MIN:%8.1lf %sBps",
- "GPRINT:amount:LAST:%8.1lf %sBps\\j",
- "STACK:portscan".$color{"color25"}."A0:".sprintf("%-20s",$Lang::tr{'portscans'}),
+ "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-OUTPUT"),
+ "GPRINT:output:MAX:%8.1lf %sBps",
+ "GPRINT:output:AVERAGE:%8.1lf %sBps",
+ "GPRINT:output:MIN:%8.1lf %sBps",
+ "GPRINT:output:LAST:%8.1lf %sBps\\j",
+ "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-FORWARD"),
+ "GPRINT:forward:MAX:%8.1lf %sBps",
+ "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+ "GPRINT:forward:MIN:%8.1lf %sBps",
+ "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+ "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-INPUT"),
+ "GPRINT:input:MAX:%8.1lf %sBps",
+ "GPRINT:input:AVERAGE:%8.1lf %sBps",
+ "GPRINT:input:MIN:%8.1lf %sBps",
+ "GPRINT:input:LAST:%8.1lf %sBps\\j",
+ "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSyn"),
+ "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+ "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+ "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+ "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+ "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
"GPRINT:portscan:MAX:%8.1lf %sBps",
"GPRINT:portscan:MIN:%8.1lf %sBps",
"GPRINT:portscan:AVERAGE:%8.1lf %sBps",
eval `/bin/cat /var/ipfire/menu.d/*.menu`;
eval `/bin/cat /var/ipfire/menu.d/*.main`;
- if (! blue_used() && ! orange_used()) {
- $menu->{'05.firewall'}{'subMenu'}->{'40.dmz'}{'enabled'} = 0;
- }
if (! blue_used()) {
- $menu->{'05.firewall'}{'subMenu'}->{'30.wireless'}{'enabled'} = 0;
+ $menu->{'05.firewall'}{'subMenu'}->{'60.wireless'}{'enabled'} = 0;
}
if ( $ethsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $ethsettings{'RED_TYPE'} eq 'STATIC' ) {
$menu->{'03.network'}{'subMenu'}->{'70.aliases'}{'enabled'} = 1;
+++ /dev/null
-Bittorrent;bit;on;
-Edonkey;edk;on;
-KaZaA;kazaa;on;
-Gnutella;gnu;on;
-DirectConnect;dc;on;
-Applejuice;apple;on;
-WinMX;winmx;on;
-SoulSeek;soul;on;
-Ares;ares;on;
\ No newline at end of file
</Plugin>
<Plugin iptables>
- Chain filter INPUT DROP_INPUT
- Chain filter FORWARD DROP_OUTPUT
Chain filter PSCAN DROP_PScan
Chain filter NEWNOTSYN DROP_NEWNOTSYN
+ Chain filter POLICYFWD DROP_FORWARD
+ Chain filter POLICYOUT DROP_OUTPUT
+ Chain filter POLICYIN DROP_INPUT
</Plugin>
#<Plugin logfile>
--- /dev/null
+#!/usr/bin/perl
+
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# This script converts old dmz holes rules from old firewall #
+# to the new one. This is a 2-step process. #
+# STEP1: read old config and normalize settings #
+# STEP2: check valid ip and save valid rules to new firewall #
+# #
+###############################################################################
+my @current=();
+my @alias=();
+my %configdmz=();
+my %ifaces=();
+my %configfwdfw=();
+require '/var/ipfire/general-functions.pl';
+my $dmzconfig = "${General::swroot}/dmzholes/config";
+my $fwdfwconfig = "${General::swroot}/forward/config";
+my $ifacesettings = "${General::swroot}/ethernet/settings";
+my $field0 = 'ACCEPT';
+my $field1 = 'FORWARDFW';
+my $field2 = ''; #ON or emtpy
+my $field3 = ''; #std_net_src or src_addr
+my $field4 = ''; #ALL or IP-Address with /32
+my $field5 = ''; #std_net_tgt or tgt_addr
+my $field6 = ''; #IP or network name
+my $field11 = 'ON'; #use target port
+my $field12 = ''; #TCP or UDP
+my $field13 = 'All ICMP-Types';
+my $field14 = 'TGT_PORT';
+my $field15 = ''; #Port Number
+my $field16 = ''; #remark
+my $field26 = '00:00';
+my $field27 = '00:00';
+my $field28 = '';
+my $field29 = 'ALL';
+my $field30 = '';
+my $field31 = 'dnat';
+
+
+open(FILE, $dmzconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+#open LOGFILE
+open (LOG, ">/var/log/converters/dmz-convert.log") or die $!;
+&General::readhash($ifacesettings, \%ifaces);
+&General::readhasharray($fwdfwconfig,\%configfwdfw);
+&process_rules;
+sub process_rules{
+ foreach my $line (@current){
+ my $now=localtime;
+ #get values from old configfile
+ my ($a,$b,$c,$d,$e,$f,$g,$h) = split (",",$line);
+ $h =~ s/\s*\n//gi;
+ print LOG "$now Processing A: $a B: $b C: $c D: $d E: $e F: $f G: $g H: $h\n";
+ #Now convert values and check ip addresses
+ $a=uc($a);
+ $e=uc($e);
+ $field2=$e if($e eq 'ON');
+ #SOURCE IP-check
+ $b=&check_ip($b);
+ if (&General::validipandmask($b)){
+ #When ip valid, check if we have a network
+ my ($ip,$subnet) = split ("/",$b);
+ if ($f eq 'orange' && $ip eq $ifaces{'ORANGE_NETADDRESS'}){
+ $field3='std_net_src';
+ $field4='ORANGE';
+ }elsif($f eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
+ $field3='std_net_src';
+ $field4='BLUE';
+ }elsif($f eq 'orange' && &General::IpInSubnet($ip,$ifaces{'ORANGE_NETADDRESS'},$ifaces{'ORANGE_NETMASK'})){
+ $field3='src_addr';
+ $field4=$b;
+ }elsif($f eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
+ $field3='src_addr';
+ $field4=$b;
+ }else{
+ print LOG "$now ->NOT Converted, source ip $b not part of source network $f \n\n";
+ next;
+ }
+ }else{
+ print LOG "$now -> SOURCE IP INVALID. \n\n";
+ next;
+ }
+ #TARGET IP-check
+ $c=&check_ip($c);
+ if (&General::validipandmask($c)){
+ my $now=localtime;
+ #When ip valid, check if we have a network
+ my ($ip,$subnet) = split ("/",$c);
+ if ($g eq 'green' && $ip eq $ifaces{'GREEN_NETADDRESS'}){
+ $field5='std_net_tgt';
+ $field6='GREEN';
+ }elsif($g eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
+ $field5='std_net_tgt';
+ $field6='BLUE';
+ }elsif($g eq 'green' && &General::IpInSubnet($ip,$ifaces{'GREEN_NETADDRESS'},$ifaces{'GREEN_NETMASK'})){
+ $field5='tgt_addr';
+ $field6=$c;
+ }elsif($g eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
+ $field5='tgt_addr';
+ $field6=$c;
+ }else{
+ print LOG "$now ->NOT Converted, target ip $c not part of target network $g \n\n";
+ next;
+ }
+ }else{
+ print LOG "$now -> TARGET IP INVALID. \n\n";
+ next;
+ }
+ $field12=$a;
+ #convert portrange
+ $d =~ tr/-/:/;
+ $field15=$d;
+ $field16=$h;
+ my $key = &General::findhasharraykey (\%configfwdfw);
+ foreach my $i (0 .. 27) { $configfwdfw{$key}[$i] = "";}
+ $configfwdfw{$key}[0] = $field0;
+ $configfwdfw{$key}[1] = $field1;
+ $configfwdfw{$key}[2] = $field2;
+ $configfwdfw{$key}[3] = $field3;
+ $configfwdfw{$key}[4] = $field4;
+ $configfwdfw{$key}[5] = $field5;
+ $configfwdfw{$key}[6] = $field6;
+ $configfwdfw{$key}[7] = '';
+ $configfwdfw{$key}[8] = '';
+ $configfwdfw{$key}[9] = '';
+ $configfwdfw{$key}[10] = '';
+ $configfwdfw{$key}[11] = $field11;
+ $configfwdfw{$key}[12] = $field12;
+ $configfwdfw{$key}[13] = $field13;
+ $configfwdfw{$key}[14] = $field14;
+ $configfwdfw{$key}[15] = $field15;
+ $configfwdfw{$key}[16] = $field16;
+ $configfwdfw{$key}[17] = '';
+ $configfwdfw{$key}[18] = '';
+ $configfwdfw{$key}[19] = '';
+ $configfwdfw{$key}[20] = '';
+ $configfwdfw{$key}[21] = '';
+ $configfwdfw{$key}[22] = '';
+ $configfwdfw{$key}[23] = '';
+ $configfwdfw{$key}[24] = '';
+ $configfwdfw{$key}[25] = '';
+ $configfwdfw{$key}[26] = $field26;
+ $configfwdfw{$key}[27] = $field27;
+ $configfwdfw{$key}[28] = $field28;
+ $configfwdfw{$key}[29] = $field29;
+ $configfwdfw{$key}[30] = $field30;
+ $configfwdfw{$key}[31] = $field31;
+ print LOG "$Now -> Converted to $field0,$field1,$field2,$field3,$field4,$field5,$field6,,,,,$field11,$field12,$field13,$field14,$field15,$field16,,,,,,,,,,$field26,$field27\n";
+ }
+ &General::writehasharray($fwdfwconfig,\%configfwdfw);
+close (LOG);
+}
+
+sub check_ip
+{
+ my $adr=shift;
+ my $a;
+ #ip with subnet in decimal
+ if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
+ $adr=int($1).".".int($2).".".int($3).".".int($4);
+ my $b = &General::iporsubtodec($5);
+ $a=$adr."/".$b;
+ }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $adr=int($1).".".int($2).".".int($3).".".int($4);
+ if(&General::validip($adr)){
+ $a=$adr."/32";
+ }
+ }
+ if(&General::validipandmask($adr)){
+ $a=&General::iporsubtodec($adr);
+ }
+ return $a;
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# This script converts old groups and firewallrules #
+# to the new one. This is a 3-step process. #
+# STEP1: convert groups ->LOG /var/log/converters #
+# STEP2: convert rules ->LOG /var/log/converters #
+# STEP3: convert P2P rules #
+# #
+###############################################################################
+
+require '/var/ipfire/general-functions.pl';
+
+use Socket;
+use File::Path;
+use File::Copy;
+
+my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/";
+my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/";
+my $outgoingrules = "${General::swroot}/outgoing/rules";
+my $outfwsettings = "${General::swroot}/outgoing/settings";
+my $host = "Converted ";
+my $confighosts = "${General::swroot}/fwhosts/customhosts";
+my $confignets = "${General::swroot}/fwhosts/customnetworks";
+my $configgroups = "${General::swroot}/fwhosts/customgroups";
+my $ovpnsettings = "${General::swroot}/ovpn/settings";
+my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig";
+my $ccdconfig = "${General::swroot}/ovpn/ccd.conf";
+my $fwdfwconfig = "${General::swroot}/forward/config";
+my $outfwconfig = "${General::swroot}/forward/outgoing";
+my $fwdfwsettings = "${General::swroot}/forward/settings";
+my @ipgroups = qx(ls $ipgrouppath);
+my @macgroups = qx(ls $macgrouppath);
+my @hostarray=();
+my %outsettings=();
+my %hosts=();
+my %nets=();
+my %groups=();
+my %settingsovpn=();
+my %configovpn=();
+my %ccdconf=();
+my %fwconfig=();
+my %fwconfigout=();
+my %fwdsettings=();
+my %ownnet=();
+my %ovpnSettings = ();
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+&General::readhash($outfwsettings,\%outsettings);
+&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+#ONLY RUN if /var/ipfire/outgoing exists
+if ( -d "/var/ipfire/outgoing"){
+ &process_groups;
+ &process_rules;
+ &process_p2p;
+}
+system("/usr/local/bin/forwardfwctrl");
+sub process_groups
+{
+ if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
+ if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");}
+ open (LOG, ">/var/log/converters/groups-convert.log") or die $!;
+ #IP Group processing
+ foreach my $group (@ipgroups){
+ my $now=localtime;
+ chomp $group;
+ print LOG "\n$now Processing IP-GROUP: $group...\n";
+ open (DATEI, "<$ipgrouppath/$group");
+ my @zeilen = <DATEI>;
+ foreach my $ip (@zeilen){
+ chomp($ip);
+ $ip =~ s/\s//gi;
+ print LOG "$now Check IP $ip from Group $group ";
+ my $val=&check_ip($ip);
+ if($val){
+ push(@hostarray,$val.",ip");
+ print LOG "$now -> OK\n";
+ }
+ else{
+ print LOG "$now -> IP \"$ip\" from group $group not converted (invalid IP) \n";
+ }
+ $val='';
+ }
+ &new_hostgrp($group,'ip');
+ @hostarray=();
+ }
+ $group='';
+ @zeilen=();
+ @hostarray=();
+ #MAC Group processing
+ foreach my $group (@macgroups){
+ chomp $group;
+ print LOG "\nProcessing MAC-GROUP: $group...\n";
+ open (DATEI, "<$macgrouppath/$group");
+ my @zeilen = <DATEI>;
+ foreach my $mac (@zeilen){
+ chomp($mac);
+ $mac =~ s/\s//gi;
+ print LOG "$now Checking MAC $mac from group $group ";
+ #MAC checking
+ if(&General::validmac($mac)){
+ $val=$mac;
+ }
+ if($val){
+ push(@hostarray,$val.",mac");
+ print LOG "$now -> OK\n";
+ }
+ else{
+ print LOG "$now -> Mac $mac from group $group not converted (invalid MAC)\n";
+ }
+ $val='';
+ }
+ &new_hostgrp($group,'mac');
+ @hostarray=();
+ @zeilen=();
+ }
+ close (LOG);
+}
+sub check_ip
+{
+ my $adr=shift;
+ my $a;
+ #ip with subnet in decimal
+ if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
+ $adr=int($1).".".int($2).".".int($3).".".int($4);
+ my $b = &General::iporsubtodec($5);
+ $a=$adr."/".$b;
+ }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $adr=int($1).".".int($2).".".int($3).".".int($4);
+ if(&General::validip($adr)){
+ $a=$adr."/255.255.255.255";
+ }
+ }
+ if(&General::validipandmask($adr)){
+ $a=&General::iporsubtodec($adr);
+ }
+ return $a;
+}
+sub new_hostgrp
+{
+ &General::readhasharray($confighosts,\%hosts);
+ &General::readhasharray($confignets,\%nets);
+ &General::readhasharray($configgroups,\%groups);
+ my $grp=shift;
+ my $run=shift;
+ my $name; #"converted"
+ my $name2;
+ my $name3; #custom host/custom net
+ foreach my $adr (@hostarray){
+ if($run eq 'ip'){
+ my ($ip,$type) = split(",",$adr);
+ my ($ippart,$subnet) = split("/",$ip);
+ my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet);
+ if($byte4 eq '255'){
+ print LOG "Processing SINGLE HOST $ippart/$subnet from group $grp\n";
+ if(!&check_host($ip)){
+ my $key = &General::findhasharraykey(\%hosts);
+ $name="host ";
+ $name2=$name.$ippart;
+ $name3="Custom Host";
+ $hosts{$key}[0] = $name2;
+ $hosts{$key}[1] = $type;
+ $hosts{$key}[2] = $ip;
+ $hosts{$key}[3] = '';
+ $hosts{$key}[4] = 1;
+ print LOG "->Host (IP) $ip added to custom hosts\n"
+ }else{
+ print LOG "->Host (IP) $ip already exists in custom hosts\n";
+ $name="host ";
+ $name2=$name.$ippart;
+ foreach my $key (sort keys %hosts){
+ if($hosts{$key}[0] eq $name2){
+ $hosts{$key}[4]++;
+ }
+ }
+ $name="host ";
+ $name2=$name.$ippart;
+ $name3="Custom Host";
+ }
+ }elsif($byte4 < '255'){
+ print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n";
+ if(!&check_net($ippart,$subnet)){
+ #Check if this network is one one of IPFire internal networks
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
+ {
+ $name2='GREEN';
+ $name3='Standard Network';
+ }elsif (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
+ {
+ $name2='ORANGE';
+ $name3='Standard Network';
+ }elsif (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
+ {
+ $name2='BLUE';
+ $name3='Standard Network';
+ }elsif ($ippart eq '0.0.0.0')
+ {
+ $name2='ALL';
+ $name3='Standard Network';
+ }elsif(defined($ovpnSettings{'DOVPN_SUBNET'}) && "$ippart/".&General::iporsubtodec($subnet) eq $ovpnSettings{'DOVPN_SUBNET'})
+ {
+ $name2='OpenVPN-Dyn';
+ $name3='Standard Network';
+ }else{
+ my $netkey = &General::findhasharraykey(\%nets);
+ $name="net ";
+ $name2=$name.$ippart;
+ $name3="Custom Network";
+ $nets{$netkey}[0] = $name2;
+ $nets{$netkey}[1] = $ippart;
+ $nets{$netkey}[2] = $subnet;
+ $nets{$netkey}[3] = '';
+ $nets{$netkey}[4] = 1;
+ print LOG "->Network $ippart/$subnet added to custom networks\n";
+ }
+ }else{
+ print LOG "Network $ippart already exists in custom networks\n";
+ $name="net ";
+ $name2=$name.$ippart;
+ foreach my $key (sort keys %nets){
+ if($nets{$key}[0] eq $name2){
+ $nets{$key}[4]++;
+ }
+ }
+ $name="net ";
+ $name2=$name.$ippart;
+ $name3="Custom Network";
+ }
+ }
+ if($name2 && !&check_grp($grp,$name2)){
+ my $grpkey = &General::findhasharraykey(\%groups);
+ $groups{$grpkey}[0] = $grp;
+ $groups{$grpkey}[1] = '';
+ $groups{$grpkey}[2] = $name2;
+ $groups{$grpkey}[3] = $name3;
+ $groups{$grpkey}[4] = 0;
+ print LOG "->$name2 added to group $grp\n";
+ }
+ }elsif($run eq 'mac'){
+ #MACRUN
+ my ($mac,$type) = split(",",$adr);
+ print LOG "Processing HOST (MAC) $mac\n";
+ if(!&check_host($mac)){
+ my $key = &General::findhasharraykey(\%hosts);
+ $name="host ";
+ $name2=$name.$mac;
+ $name3="Custom Host";
+ $hosts{$key}[0] = $name2;
+ $hosts{$key}[1] = $type;
+ $hosts{$key}[2] = $mac;
+ $hosts{$key}[3] = '';
+ $hosts{$key}[4] = 1;
+ print LOG "->Host (MAC) $mac added to custom hosts\n";
+ }else{
+ print LOG "->Host (MAC) $mac already exists in custom hosts \n";
+ $name="host ";
+ $name2=$name.$mac;
+ foreach my $key (sort keys %hosts){
+ if($hosts{$key}[0] eq $name2){
+ $hosts{$key}[4]++;
+ }
+ }
+ $name="host ";
+ $name2=$name.$mac;
+ $name3="Custom Host";
+ }
+ if($name2 && !&check_grp($grp,$name2)){
+ my $grpkey = &General::findhasharraykey(\%groups);
+ $groups{$grpkey}[0] = $grp;
+ $groups{$grpkey}[1] = '';
+ $groups{$grpkey}[2] = $name2;
+ $groups{$grpkey}[3] = $name3;
+ $groups{$grpkey}[4] = 0;
+ print LOG "->$name2 added to group $grp\n";
+ }
+ }
+ }
+ @hostarray=();
+ &General::writehasharray($confighosts,\%hosts);
+ &General::writehasharray($configgroups,\%groups);
+ &General::writehasharray($confignets,\%nets);
+
+}
+sub check_host
+{
+ my $ip=shift;
+ foreach my $key (sort keys %hosts)
+ {
+ if($hosts{$key}[2] eq $ip)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+sub check_net
+{
+ my $ip=shift;
+ my $sub=shift;
+ foreach my $key (sort keys %nets)
+ {
+ if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+sub check_grp
+{
+ my $grp=shift;
+ my $value=shift;
+ foreach my $key (sort keys %groups)
+ {
+ if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+sub process_rules
+{
+ my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to);
+ #open LOG
+ if( -f "/var/log/converters/outgoingfw-convert.log"){unlink ("/var/log/converters/outgoingfw-convert.log");}
+ open (LOG, ">/var/log/converters/outgoingfw-convert.log") or die $!;
+
+ &General::readhash($fwdfwsettings,\%fwdsettings);
+ if ($outsettings{'POLICY'} eq 'MODE1'){
+ $fwdsettings{'POLICY'}='MODE1';
+ $fwdsettings{'POLICY1'}='MODE2';
+ $type='ALLOW';
+ $action='ACCEPT';
+ }else{
+ $fwdsettings{'POLICY'}='MODE2';
+ $fwdsettings{'POLICY1'}='MODE2';
+ $type='DENY';
+ $action='DROP';
+ }
+ &General::writehash($fwdfwsettings,\%fwdsettings);
+ open (DATEI, "<$outgoingrules");
+ my @lines = <DATEI>;
+ foreach my $rule (@lines)
+ {
+ my $now=localtime;
+ chomp($rule);
+ $port='';
+ print LOG "$now processing: $rule\n";
+ my @configline=();
+ @configline = split( /\;/, $rule );
+ my @prot=();
+ if($configline[0] eq $type){
+ #some variables we can use from old config
+ if($configline[1] eq 'on'){ $active='ON';}else{$active='';}
+ if($configline[3] eq 'all' && $configline[8] ne ''){
+ push(@prot,"TCP");
+ push(@prot,"UDP");
+ }elsif($configline[3] eq 'all' && $configline[8] eq ''){
+ push(@prot,"");
+ }else{
+ push(@prot,$configline[3]);
+ }
+ if($configline[4] ne ''){
+ $configline[4] =~ s/,/;/g;
+ $remark = $configline[4];
+ }else{$remark = '';}
+ if($configline[9] eq 'Active'){ $log='ON';}else{$log='';}
+ if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
+ if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
+ $time='';
+ }else{
+ $time='ON';
+ }
+ }else{
+ $time='ON';
+ }
+ $time_mon=$configline[10];
+ $time_tue=$configline[11];
+ $time_wed=$configline[12];
+ $time_thu=$configline[13];
+ $time_fri=$configline[14];
+ $time_sat=$configline[15];
+ $time_sun=$configline[16];
+ $time_from=$configline[17];
+ $time_to=$configline[18];
+ ############################################################
+ #sourcepart
+ if ($configline[2] eq 'green') {
+ $grp1='std_net_src';
+ $source='GREEN';
+ }elsif ($configline[2] eq 'orange') {
+ $grp1='std_net_src';
+ $source='ORANGE';
+ }elsif ($configline[2] eq 'red') {
+ $grp1='std_net_src';
+ $source='IPFire';
+ &General::readhash($fwdfwsettings,\%fwdsettings);
+ $fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
+ $fwdsettings{'POLICY'}=$outsettings{'POLICY'};
+ &General::writehash($fwdfwsettings,\%fwdsettings);
+ }elsif ($configline[2] eq 'blue') {
+ $grp1='std_net_src';
+ $source='BLUE';
+ }elsif ($configline[2] eq 'ipsec') {
+ print LOG "$now -> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n";
+ next;
+ }elsif ($configline[2] eq 'ovpn') {
+ print LOG "$now ->Creating networks/groups for OpenVPN...\n";
+ &build_ovpn_grp;
+ $grp1='cust_grp_src';
+ $source='ovpn'
+ }elsif ($configline[2] eq 'ip') {
+ my $z=&check_ip($configline[5]);
+ if($z){
+ my ($ipa,$subn) = split("/",$z);
+ $subn=&General::iporsubtocidr($subn);
+ $grp1='src_addr';
+ $source="$ipa/$subn";
+ }else{
+ print LOG "$now -> Rule not converted, missing/invalid source ip \"$configline[5]\"\n";
+ next;
+ }
+ }elsif ($configline[2] eq 'mac') {
+ if(&General::validmac($configline[6])){
+ $grp1='src_addr';
+ $source=$configline[6];
+ }else{
+ print LOG"$now -> Rule not converted, invalid MAC \"$configline[6]\" \n";
+ next;
+ }
+ }elsif ($configline[2] eq 'all') {
+ $grp1='std_net_src';
+ $source='ALL';
+ }else{
+ foreach my $key (sort keys %groups){
+ if($groups{$key}[0] eq $configline[2]){
+ $grp1='cust_grp_src';
+ $source=$configline[2];
+ }
+ }
+ if ($grp1 eq '' || $source eq ''){
+ print LOG "$now -> Rule not converted, no valid source recognised\n";
+ }
+ }
+ ############################################################
+ #destinationpart
+ if($configline[7] ne ''){
+ my $address=&check_ip($configline[7]);
+ if($address){
+ my ($dip,$dsub) = split("/",$address);
+ $dsub=&General::iporsubtocidr($dsub);
+ $grp2='tgt_addr';
+ $target="$dip/$dsub";
+ }elsif(!$address){
+ my $getwebsiteip=&get_ip_from_domain($configline[7]);
+ if ($getwebsiteip){
+ $grp2='tgt_addr';
+ $target=$getwebsiteip;
+ $remark.=" $configline[7]";
+ }else{
+ print LOG "$now -> Rule not converted, invalid domain \"$configline[7]\"\n";
+ next;
+ }
+ }
+ }else{
+ $grp2='std_net_tgt';
+ $target='ALL';
+ }
+ if($configline[8] ne '' && $configline[3] ne 'gre' && $configline[3] ne 'esp'){
+ my @values=();
+ my @parts=split(",",$configline[8]);
+ foreach (@parts){
+ $_=~ tr/-/:/;
+ if (!($_ =~ /^(\d+)\:(\d+)$/)) {
+ if(&General::validport($_)){
+ $useport='ON';
+ push (@values,$_);
+ $grp3='TGT_PORT';
+ }else{
+ print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+ next;
+ }
+ }else{
+ my ($a1,$a2) = split(/\:/,$_);
+ if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
+ $useport='ON';
+ push (@values,"$a1:$a2");
+ $grp3='TGT_PORT';
+ }else{
+ print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+ next;
+ }
+ }
+ }
+ $port=join("|",@values);
+ @values=();
+ @parts=();
+ }
+ }else{
+ print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";
+ }
+ &General::readhasharray($fwdfwconfig,\%fwconfig);
+ &General::readhasharray($outfwconfig,\%fwconfigout);
+ my $check;
+ my $chain;
+ foreach my $protocol (@prot){
+ my $now=localtime;
+ if ($source eq 'IPFire'){
+ $chain='OUTGOINGFW';
+ }else{
+ $chain='FORWARDFW';
+ }
+ $protocol=uc($protocol);
+ print LOG "$now -> Converted: $action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n";
+ #Put rules into system....
+ ###########################
+ #check for double rules
+ foreach my $key (sort keys %fwconfig){
+ if("$action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to"
+ eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){
+ $check='on';
+ next;
+ }
+ }
+ if($check ne 'on'){
+ #increase groupcounter
+ my $check1;
+ if($grp1 eq 'cust_grp_src'){
+ foreach my $key (sort keys %groups){
+ if($groups{$key}[0] eq $source){
+ $groups{$key}[4]++;
+ $check1='on';
+ }
+ }
+ if($check1 eq 'on'){
+ &General::writehasharray($configgroups,\%groups);
+ }
+ }
+ if ($chain eq 'FORWARDFW'){
+ my $key = &General::findhasharraykey(\%fwconfig);
+ $fwconfig{$key}[0] = $action;
+ $fwconfig{$key}[1] = $chain;
+ $fwconfig{$key}[2] = $active;
+ $fwconfig{$key}[3] = $grp1;
+ $fwconfig{$key}[4] = $source;
+ $fwconfig{$key}[5] = $grp2;
+ $fwconfig{$key}[6] = $target;
+ $fwconfig{$key}[11] = $useport;
+ $fwconfig{$key}[12] = $protocol;
+ $fwconfig{$key}[14] = $grp3;
+ $fwconfig{$key}[15] = $port;
+ $fwconfig{$key}[16] = $remark;
+ $fwconfig{$key}[17] = $log;
+ $fwconfig{$key}[18] = $time;
+ $fwconfig{$key}[19] = $time_mon;
+ $fwconfig{$key}[20] = $time_tue;
+ $fwconfig{$key}[21] = $time_wed;
+ $fwconfig{$key}[22] = $time_thu;
+ $fwconfig{$key}[23] = $time_fri;
+ $fwconfig{$key}[24] = $time_sat;
+ $fwconfig{$key}[25] = $time_sun;
+ $fwconfig{$key}[26] = $time_from;
+ $fwconfig{$key}[27] = $time_to;
+ $fwconfig{$key}[28] = '';
+ $fwconfig{$key}[29] = 'ALL';
+ $fwconfig{$key}[30] = '';
+ $fwconfig{$key}[31] = 'dnat';
+ }else{
+ my $key = &General::findhasharraykey(\%fwconfigout);
+ $fwconfigout{$key}[0] = $action;
+ $fwconfigout{$key}[1] = $chain;
+ $fwconfigout{$key}[2] = $active;
+ $fwconfigout{$key}[3] = $grp1;
+ $fwconfigout{$key}[4] = $source;
+ $fwconfigout{$key}[5] = $grp2;
+ $fwconfigout{$key}[6] = $target;
+ $fwconfigout{$key}[11] = $useport;
+ $fwconfigout{$key}[12] = $protocol;
+ $fwconfigout{$key}[14] = $grp3;
+ $fwconfigout{$key}[15] = $port;
+ $fwconfigout{$key}[16] = $remark;
+ $fwconfigout{$key}[17] = $log;
+ $fwconfigout{$key}[18] = $time;
+ $fwconfigout{$key}[19] = $time_mon;
+ $fwconfigout{$key}[20] = $time_tue;
+ $fwconfigout{$key}[21] = $time_wed;
+ $fwconfigout{$key}[22] = $time_thu;
+ $fwconfigout{$key}[23] = $time_fri;
+ $fwconfigout{$key}[24] = $time_sat;
+ $fwconfigout{$key}[25] = $time_sun;
+ $fwconfigout{$key}[26] = $time_from;
+ $fwconfigout{$key}[27] = $time_to;
+ $fwconfigout{$key}[28] = '';
+ $fwconfigout{$key}[29] = 'ALL';
+ $fwconfigout{$key}[30] = '';
+ $fwconfigout{$key}[31] = 'dnat';
+ }
+ &General::writehasharray($fwdfwconfig,\%fwconfig);
+ &General::writehasharray($outfwconfig,\%fwconfigout);
+ }
+ }
+ @prot=();
+ }
+ close(LOG);
+ @lines=();
+}
+sub get_ip_from_domain
+{
+ $web=shift;
+ my $resolvedip;
+ my $checked;
+ my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web);
+ if(@addrs){
+ $resolvedip=inet_ntoa($addrs[0]);
+ return $resolvedip;
+ }
+ return;
+}
+sub build_ovpn_grp
+{
+ my $now=localtime;
+ &General::readhasharray($confighosts,\%hosts);
+ &General::readhasharray($confignets,\%nets);
+ &General::readhasharray($configgroups,\%groups);
+ &General::readhasharray($ovpnconfig,\%configovpn);
+ &General::readhasharray($ccdconfig,\%ccdconf);
+ &General::readhash($ovpnsettings,\%settingsovpn);
+ #get ovpn nets
+ my @ovpnnets=();
+ if($settingsovpn{'DOVPN_SUBNET'}){
+ my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'});
+ push (@ovpnnets,"$net,$subnet,dynamic");
+ print LOG "$now ->found dynamic OpenVPN net\n";
+ }
+ foreach my $key (sort keys %ccdconf){
+ my ($net,$subnet)=split("/",$ccdconf{$key}[1]);
+ $subnet=&General::iporsubtodec($subnet);
+ push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]");
+ print LOG "$now ->found OpenVPN static net $net/$subnet\n";
+ }
+ foreach my $key (sort keys %configovpn){
+ if ($configovpn{$key}[3] eq 'net'){
+ my ($net,$subnet)=split("/",$configovpn{$key}[27]);
+ push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]");
+ print LOG "$now ->found OpenVPN $net/$subnet $configovpn{$key}[2]\n";
+ }
+ }
+ #add ovpn nets to customnetworks/groups
+ foreach my $line (@ovpnnets){
+ my $now=localtime;
+ my ($net,$subnet,$name) = split(",",$line);
+ if (!&check_net($net,$subnet)){
+ my $netkey = &General::findhasharraykey(\%nets);
+ $name2=$name."(ovpn)".$net;
+ $name3="Custom Network";
+ $nets{$netkey}[0] = $name2;
+ $nets{$netkey}[1] = $net;
+ $nets{$netkey}[2] = $subnet;
+ $nets{$netkey}[3] = '';
+ $nets{$netkey}[4] = 1;
+ print LOG "$now ->added $name2 $net/$subnet to customnetworks\n";
+ }else{
+ print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n";
+ }
+ if($name2){
+ my $grpkey = &General::findhasharraykey(\%groups);
+ $groups{$grpkey}[0] = "ovpn";
+ $groups{$grpkey}[1] = '';
+ $groups{$grpkey}[2] = $name2;
+ $groups{$grpkey}[3] = "Custom Network";
+ $groups{$grpkey}[4] = 0;
+ print LOG "$now ->added $name2 to customgroup ovpn\n";
+ }
+ $name2='';
+ }
+ @ovpnnets=();
+ &General::writehasharray($confighosts,\%hosts);
+ &General::writehasharray($configgroups,\%groups);
+ &General::writehasharray($confignets,\%nets);
+ print LOG "$now ->finished OVPN\n";
+}
+sub process_p2p
+{
+ copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols");
+ chmod oct('0777'), '/var/ipfire/forward/p2protocols';
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+# This script converts old portforwarding rules from old Firewall #
+# to the new one. This is a 3-step process. #
+# STEP1: read old config and normalize settings #
+# STEP2: create new rules from old ones #
+# STEP3: check if rule already exists, when not, put it into #
+# /var/ipfire/forward/nat #
+###############################################################################
+require '/var/ipfire/general-functions.pl';
+my @values=();
+my @built_rules=();
+my %nat=();
+my $portfwconfig = "${General::swroot}/portfw/config";
+my $confignat = "${General::swroot}/forward/config";
+my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
+my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
+my $count=0;
+my $jump;
+if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
+open(FILE, $portfwconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+open (LOG, ">/var/log/converters/portfw-convert.log") or die $!;
+open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+my @alias = <ALIAS>;
+close(ALIAS);
+&get_config;
+&build_rules;
+&write_rules;
+sub get_config
+{
+ print LOG "STEP 1: Get config from old portforward\n#########################################\n";
+ foreach my $line (@current){
+ if($jump eq '1'){
+ $jump='';
+ $count++;
+ next;
+ }
+ my $u=$count+1;
+ ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line);
+ ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]);
+ if ($flag1 eq '1'){
+ $source=$source1;
+ $jump='1';
+ }
+ my $now=localtime;
+ chomp($remark);
+ print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
+ push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
+ $count++;
+ }
+}
+sub build_rules
+{
+ print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n";
+ my $src;
+ my $src1;
+ my $ipfireip;
+ my $count=0;
+ my $stop;
+ #build rules for new firewall
+ foreach my $line (@values){
+ chomp ($line);
+ ($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line);
+ $count++;
+ #get sourcepart
+ if($source eq '0.0.0.0/0'){
+ $src = 'std_net_src';
+ $src1 = 'ALL';
+ }else{
+ $src = 'src_addr';
+ my ($a,$b) = split("/",$source);
+ $src1 = $a."/32";
+ }
+ #get ipfire ip
+ if($alias eq '0.0.0.0'){
+ $alias='ALL';
+ }else{
+ foreach my $ali (@alias){
+ my ($alias_ip,$alias_active,$alias_name) = split (",",$ali);
+ if($alias eq $alias_ip){
+ chomp($alias_name);
+ $alias=$alias_name;
+ }
+ }
+ }
+ $active = uc $active;
+ $prot = uc $prot;
+ chomp($remark);
+ push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
+ my $now=localtime;
+ print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
+ }
+}
+sub write_rules
+{
+ my $skip='';
+ my $id;
+ print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n";
+ &General::readhasharray($confignat,\%nat);
+ foreach my $line (@built_rules){
+ $skip='';
+ my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
+ foreach my $key (sort keys %nat){
+ if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
+ my $now=localtime;
+ print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
+ $skip='1';
+ }
+ }
+ if ($skip ne '1'){
+ $id = &General::findhasharraykey(\%nat);
+ $nat{$id}[0] = $action;
+ $nat{$id}[1] = $chain;
+ $nat{$id}[2] = $active;
+ $nat{$id}[3] = $src;
+ $nat{$id}[4] = $src1;
+ $nat{$id}[5] = $tgt;
+ $nat{$id}[6] = $tgt1;
+ $nat{$id}[11] = $use_prot;
+ $nat{$id}[12] = $prot;
+ $nat{$id}[13] = $dummy;
+ $nat{$id}[14] = $tgt_port;
+ $nat{$id}[15] = $tgt_port1;
+ $nat{$id}[16] = $remark;
+ $nat{$id}[26] = $from;
+ $nat{$id}[27] = $to;
+ $nat{$id}[28] = $use_port;
+ $nat{$id}[29] = $alias;
+ $nat{$id}[30] = $ipfireport;
+ $nat{$id}[31] = $dnat;
+ my $now=localtime;
+ print LOG "$now NEW RULE-> Rule $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n";
+ }
+ }
+ &General::writehasharray($confignat,\%nat);
+}
+close (LOG);
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# #
+#This script converts old xtaccess rules to new firewall #
+#Logfiles are created under /var/log/converters #
+# #
+###############################################################################
+my @current=();
+my @alias=();
+my %configinputfw=();
+require '/var/ipfire/general-functions.pl';
+my $xtaccessconfig = "${General::swroot}/xtaccess/config";
+my $inputfwconfig = "${General::swroot}/forward/input";
+my $aliasconfig = "${General::swroot}/ethernet/aliases";
+my $field0='ACCEPT';
+my $field1='INPUTFW';
+my $field2=''; #ON or emtpy
+my $field3=''; #std_net_src or src_addr
+my $field4=''; #ALL or IP-Address with /32
+my $field5='ipfire';
+my $field6=''; #Default IP or alias name
+my $field11='ON'; #use target port
+my $field12=''; #TCP or UDP
+my $field13='All ICMP-Types';
+my $field14='TGT_PORT';
+my $field15=''; #Port Number
+my $field16=''; #remark
+my $field26='00:00';
+my $field27='00:00';
+my $field28 = '';
+my $field29 = 'ALL';
+my $field30 = '';
+my $field31 = 'dnat';
+open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+open(FILE1, $aliasconfig) or die 'Unable to open config file.';
+my @alias = <FILE1>;
+close(FILE1);
+&General::readhasharray($inputfwconfig,\%configinputfw);
+
+foreach my $line (@current){
+ my ($a,$b,$c,$d,$e,$f) = split (",",$line);
+ $e =~ s/\R//g;
+ if ($f gt ''){
+ $f =~ s/\R//g;
+ $field16=$f;
+ }
+ #active or not
+ $field2=uc($d);
+ #get protocol
+ if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
+ #check source address
+ if ($b eq '0.0.0.0/0'){
+ $field3='std_net_src';
+ $field4='ALL';
+ }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $field3='src_addr';
+ $field4=$b."/32";
+ }elsif ($b =~ /^(.*?)\/(.*?)$/) {
+ $field3='src_addr';
+ $field4=$b;
+ }else{
+ print "Regel konnte nicht konvertiert werden!\n";
+ }
+ #check ipfire address
+ if ($e eq '0.0.0.0'){
+ $field6 = 'RED1';
+ }else{
+ foreach my $line (@alias){
+ my ($ip,$state,$aliasname) = split (",",$line);
+ if ($ip eq $e){
+ $aliasname =~ s/\R//g;
+ $field6 = $aliasname;
+ }
+ }
+ }
+ #get target port
+ $c=~ s/\R//g;
+ $c=~ tr/-/:/;
+ if ($c =~ /^(\D)\:(\d+)$/) {
+ $c = "1:$2";
+ }
+ if ($c =~ /^(\d+)\:(\D)$/) {
+ $c = "$1:65535";
+ }
+ $field15=$c;
+ my $key = &General::findhasharraykey (\%configinputfw);
+ foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
+ $configinputfw{$key}[0] = $field0;
+ $configinputfw{$key}[1] = $field1;
+ $configinputfw{$key}[2] = $field2;
+ $configinputfw{$key}[3] = $field3;
+ $configinputfw{$key}[4] = $field4;
+ $configinputfw{$key}[5] = $field5;
+ $configinputfw{$key}[6] = $field6;
+ $configinputfw{$key}[7] = '';
+ $configinputfw{$key}[8] = '';
+ $configinputfw{$key}[9] = '';
+ $configinputfw{$key}[10] = '';
+ $configinputfw{$key}[11] = $field11;
+ $configinputfw{$key}[12] = $field12;
+ $configinputfw{$key}[13] = $field13;
+ $configinputfw{$key}[14] = $field14;
+ $configinputfw{$key}[15] = $field15;
+ $configinputfw{$key}[16] = $field16;
+ $configinputfw{$key}[17] = '';
+ $configinputfw{$key}[18] = '';
+ $configinputfw{$key}[19] = '';
+ $configinputfw{$key}[20] = '';
+ $configinputfw{$key}[21] = '';
+ $configinputfw{$key}[22] = '';
+ $configinputfw{$key}[23] = '';
+ $configinputfw{$key}[24] = '';
+ $configinputfw{$key}[25] = '';
+ $configinputfw{$key}[26] = $field26;
+ $configinputfw{$key}[27] = $field27;
+ $configinputfw{$key}[28] = $field28;
+ $configinputfw{$key}[29] = $field29;
+ $configinputfw{$key}[30] = $field30;
+ $configinputfw{$key}[31] = $field31;
+ &General::writehasharray($inputfwconfig,\%configinputfw);
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+no warnings 'uninitialized';
+
+package fwlib;
+
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %ipsecsettings=();
+my %netsettings=();
+my %ovpnsettings=();
+
+require '/var/ipfire/general-functions.pl';
+
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $val;
+my $field;
+
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
+&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+
+
+&General::readhasharray("$confignet", \%customnetwork);
+&General::readhasharray("$confighost", \%customhost);
+&General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configccdnet", \%ccdnet);
+&General::readhasharray("$configccdhost", \%ccdhost);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhasharray("$configsrv", \%customservice);
+&General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+sub get_srv_prot
+{
+ my $val=shift;
+ foreach my $key (sort {$a <=> $b} keys %customservice){
+ if($customservice{$key}[0] eq $val){
+ if ($customservice{$key}[0] eq $val){
+ return $customservice{$key}[2];
+ }
+ }
+ }
+}
+sub get_srvgrp_prot
+{
+ my $val=shift;
+ my @ips=();
+ my $tcp;
+ my $udp;
+ my $icmp;
+ foreach my $key (sort {$a <=> $b} keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $val){
+ if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
+ $tcp=1;
+ }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
+ $udp=1;
+ }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
+ $icmp=1;
+ }
+ }
+ }
+ if ($tcp eq '1'){push (@ips,'TCP');}
+ if ($udp eq '1'){push (@ips,'UDP');}
+ if ($icmp eq '1'){push (@ips,'ICMP');}
+ my $back=join(",",@ips);
+ return $back;
+
+}
+
+
+sub get_srv_port
+{
+ my $val=shift;
+ my $field=shift;
+ my $prot=shift;
+ foreach my $key (sort {$a <=> $b} keys %customservice){
+ if($customservice{$key}[0] eq $val){
+ if($customservice{$key}[2] eq $prot){
+ return $customservice{$key}[$field];
+ }
+ }
+ }
+}
+sub get_srvgrp_port
+{
+ my $val=shift;
+ my $prot=shift;
+ my $back;
+ my $value;
+ my @ips=();
+ foreach my $key (sort {$a <=> $b} keys %customservicegrp){
+ if($customservicegrp{$key}[0] eq $val){
+ if ($prot ne 'ICMP'){
+ $value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
+ }elsif ($prot eq 'ICMP'){
+ $value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
+ }
+ push (@ips,$value) if ($value ne '') ;
+ }
+ }
+ if($prot ne 'ICMP'){
+ if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
+ }elsif ($prot eq 'ICMP'){
+ $back="--icmp-type ";
+ }
+
+ $back.=join(",",@ips);
+ return $back;
+}
+sub get_ipsec_net_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+ if($ipsecconf{$key}[1] eq $val){
+ return $ipsecconf{$key}[$field];
+ }
+ }
+}
+sub get_ipsec_host_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+ if($ipsecconf{$key}[1] eq $val){
+ return $ipsecconf{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_n2n_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort {$a <=> $b} keys %ccdhost){
+ if($ccdhost{$key}[1] eq $val){
+ return $ccdhost{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_host_ip
+{
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort {$a <=> $b} keys %ccdhost){
+ if($ccdhost{$key}[1] eq $val){
+ return $ccdhost{$key}[$field];
+ }
+ }
+}
+sub get_ovpn_net_ip
+{
+
+ my $val=shift;
+ my $field=shift;
+ foreach my $key (sort {$a <=> $b} keys %ccdnet){
+ if($ccdnet{$key}[0] eq $val){
+ return $ccdnet{$key}[$field];
+ }
+ }
+}
+sub get_grp_ip
+{
+ my $val=shift;
+ my $src=shift;
+ foreach my $key (sort {$a <=> $b} keys %customgrp){
+ if ($customgrp{$key}[0] eq $val){
+ &get_address($customgrp{$key}[3],$src);
+ }
+ }
+
+}
+sub get_std_net_ip
+{
+ my $val=shift;
+ my $con=shift;
+ if ($val eq 'ALL'){
+ return "0.0.0.0/0.0.0.0";
+ }elsif($val eq 'GREEN'){
+ return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ }elsif($val eq 'ORANGE'){
+ return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ }elsif($val eq 'BLUE'){
+ return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ }elsif($val eq 'RED'){
+ return "0.0.0.0/0 -o $con";
+ }elsif($val =~ /OpenVPN/i){
+ return "$ovpnsettings{'DOVPN_SUBNET'}";
+ }elsif($val =~ /IPsec/i){
+ return "$ipsecsettings{'RW_NET'}";
+ }elsif($val eq 'IPFire'){
+ return ;
+ }
+}
+sub get_net_ip
+{
+ my $val=shift;
+ foreach my $key (sort {$a <=> $b} keys %customnetwork){
+ if($customnetwork{$key}[0] eq $val){
+ return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
+ }
+ }
+}
+sub get_host_ip
+{
+ my $val=shift;
+ my $src=shift;
+ foreach my $key (sort {$a <=> $b} keys %customhost){
+ if($customhost{$key}[0] eq $val){
+ if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
+ return "-m mac --mac-source $customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
+ return "$customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
+ return "$customhost{$key}[2]";
+ }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
+ return "none";
+ }
+ }
+ }
+}
+
+return 1;
--- /dev/null
+#!/bin/sh
+
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+iptables -F POLICYFWD
+iptables -F POLICYOUT
+iptables -F POLICYIN
+
+if [ -f "/var/ipfire/red/iface" ]; then
+ IFACE=`cat /var/ipfire/red/iface`
+fi
+
+#FORWARDFW
+if [ "$POLICY" == "MODE1" ]; then
+ if [ "$FWPOLICY" == "REJECT" ]; then
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+ fi
+ /sbin/iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
+ fi
+ if [ "$FWPOLICY" == "DROP" ]; then
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+ fi
+ /sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
+ fi
+else
+ if [ "$BLUE_DEV" ] && [ "$IFACE" ]; then
+ /sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP
+ fi
+ /sbin/iptables -A POLICYFWD -i orange0 ! -o $IFACE -j DROP
+ /sbin/iptables -A POLICYFWD -j ACCEPT
+ /sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
+fi
+
+#OUTGOINGFW
+if [ "$POLICY1" == "MODE1" ]; then
+ if [ "$FWPOLICY1" == "REJECT" ]; then
+ if [ "$DROPOUTGOING" == "on" ]; then
+ /sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
+ fi
+ /sbin/iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
+ fi
+ if [ "$FWPOLICY1" == "DROP" ]; then
+ if [ "$DROPOUTGOING" == "on" ]; then
+ /sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
+ fi
+ /sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
+ fi
+else
+ /sbin/iptables -A POLICYOUT -j ACCEPT
+ /sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP
+fi
+#INPUT
+if [ "$FWPOLICY2" == "REJECT" ]; then
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+ fi
+ /sbin/iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
+fi
+if [ "$FWPOLICY2" == "DROP" ]; then
+ if [ "$DROPINPUT" == "on" ]; then
+ /sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+ fi
+ /sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
+fi
+
+exit 0
--- /dev/null
+Applejuice;apple;off;
+Ares;ares;off;
+Bittorrent;bit;off;
+DirectConnect;dc;off;
+Edonkey;edk;off;
+Gnutella;gnu;off;
+KaZaA;kazaa;off;
+SoulSeek;soul;off;
+WinMX;winmx;off;
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+use Time::Local;
+no warnings 'uninitialized';
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+my %fwdfwsettings=();
+my %defaultNetworks=();
+my %configfwdfw=();
+my %color=();
+my %icmptypes=();
+my %ovpnSettings=();
+my %customgrp=();
+our %sourcehash=();
+our %targethash=();
+my @timeframe=();
+my %configinputfw=();
+my %configoutgoingfw=();
+my %confignatfw=();
+my %aliases=();
+my @DPROT=();
+my @p2ps=();
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configinput = "${General::swroot}/forward/input";
+my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $p2pfile = "${General::swroot}/forward/p2protocols";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $netsettings = "${General::swroot}/ethernet/settings";
+my $errormessage='';
+my $orange;
+my $green;
+my $blue;
+my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
+my $CHAIN="FORWARDFW";
+my $conexists='off';
+my $command = 'iptables -A';
+my $dnat='';
+my $snat='';
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("$netsettings", \%defaultNetworks);
+&General::readhasharray($configfwdfw, \%configfwdfw);
+&General::readhasharray($configinput, \%configinputfw);
+&General::readhasharray($configoutgoing, \%configoutgoingfw);
+&General::readhasharray($configgrp, \%customgrp);
+&General::get_aliases(\%aliases);
+
+#check if we have an internetconnection
+open (CONN,"/var/ipfire/red/iface");
+my $con = <CONN>;
+close(CONN);
+if (-f "/var/ipfire/red/active"){
+ $conexists='on';
+}
+open (CONN1,"/var/ipfire/red/local-ipaddress");
+my $redip = <CONN1>;
+close(CONN1);
+################################
+# DEBUG/TEST #
+################################
+my $MODE=0; # 0 - normal operation
+ # 1 - print configline and rules to console
+ #
+################################
+my $param=shift;
+
+if($param eq 'flush'){
+ if ($MODE eq '1'){
+ print " Flushing chains...\n";
+ }
+ &flush;
+}else{
+ if ($MODE eq '1'){
+ print " Flushing chains...\n";
+ }
+ &flush;
+ if ($MODE eq '1'){
+ print " Preparing rules...\n";
+ }
+ &preparerules;
+ if($MODE eq '0'){
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ &p2pblock;
+ system ("/usr/sbin/firewall-policy");
+ }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ &p2pblock;
+ system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
+ system ("/usr/sbin/firewall-policy");
+ system ("/etc/sysconfig/firewall.local reload");
+ }
+ }
+}
+sub flush
+{
+ system ("iptables -F FORWARDFW");
+ system ("iptables -F INPUTFW");
+ system ("iptables -F OUTGOINGFW");
+ system ("iptables -t nat -F NAT_DESTINATION");
+ system ("iptables -t nat -F NAT_SOURCE");
+}
+sub preparerules
+{
+ if (! -z "${General::swroot}/forward/config"){
+ &buildrules(\%configfwdfw);
+ }
+ if (! -z "${General::swroot}/forward/input"){
+ &buildrules(\%configinputfw);
+ }
+ if (! -z "${General::swroot}/forward/outgoing"){
+ &buildrules(\%configoutgoingfw);
+ }
+}
+sub buildrules
+{
+ my $hash=shift;
+ my $STAG;
+ my $natip;
+ my $snatport;
+ my $fireport;
+ my $nat;
+ my $fwaccessdport;
+ my $natchain;
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ next if (($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1') && $conexists eq 'off' );
+ if ($$hash{$key}[28] eq 'ON'){
+ $command='iptables -t nat -A';
+ $natip=&get_nat_ip($$hash{$key}[29],$$hash{$key}[31]);
+ if($$hash{$key}[31] eq 'dnat'){
+ $nat='DNAT';
+ if ($$hash{$key}[30] =~ /\|/){
+ $$hash{$key}[30]=~ tr/|/,/;
+ $fireport='-m multiport --dport '.$$hash{$key}[30];
+ }else{
+ $fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
+ }
+ }else{
+ $nat='SNAT';
+ }
+ }
+ $STAG='';
+ if($$hash{$key}[2] eq 'ON'){
+ #get source ip's
+ if ($$hash{$key}[3] eq 'cust_grp_src'){
+ foreach my $grp (sort {$a <=> $b} keys %customgrp){
+ if($customgrp{$grp}[0] eq $$hash{$key}[4]){
+ &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
+ }
+ }
+ }else{
+ &get_address($$hash{$key}[3],$$hash{$key}[4],"src");
+ }
+ #get target ip's
+ if ($$hash{$key}[5] eq 'cust_grp_tgt'){
+ foreach my $grp (sort {$a <=> $b} keys %customgrp){
+ if($customgrp{$grp}[0] eq $$hash{$key}[6]){
+ &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
+ }
+ }
+ }elsif($$hash{$key}[5] eq 'ipfire' ){
+ if($$hash{$key}[6] eq 'GREEN'){
+ $targethash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+ }
+ if($$hash{$key}[6] eq 'BLUE'){
+ $targethash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+ }
+ if($$hash{$key}[6] eq 'ORANGE'){
+ $targethash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+ }
+ if($$hash{$key}[6] eq 'ALL'){
+ $targethash{$key}[0]='0.0.0.0/0';
+ }
+ if($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1'){
+ open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+ $targethash{$key}[0]= <FILE>;
+ close(FILE);
+ }else{
+ foreach my $alias (sort keys %aliases){
+ if ($$hash{$key}[6] eq $alias){
+ $targethash{$key}[0]=$aliases{$alias}{'IPT'};
+ }
+ }
+ }
+ }else{
+ &get_address($$hash{$key}[5],$$hash{$key}[6],"tgt");
+ }
+ ##get source prot and port
+ $SRC_TGT='SRC';
+ $SPROT = &get_prot($hash,$key);
+ $SPORT = &get_port($hash,$key);
+ $SRC_TGT='';
+
+ ##get target prot and port
+ $DPROT=&get_prot($hash,$key);
+
+ if ($DPROT eq ''){$DPROT=' ';}
+ @DPROT=split(",",$DPROT);
+
+ #get time if defined
+ if($$hash{$key}[18] eq 'ON'){
+ my ($time1,$time2,$daylight);
+ my $daylight=$$hash{$key}[28];
+ $time1=&get_time($$hash{$key}[26],$daylight);
+ $time2=&get_time($$hash{$key}[27],$daylight);
+ if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
+ if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");}
+ if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");}
+ if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");}
+ if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");}
+ if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
+ if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
+ $TIME=join(",",@timeframe);
+
+ $TIMEFROM="--timestart $time1 ";
+ $TIMETILL="--timestop $time2 ";
+ $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
+ }
+ if ($MODE eq '1'){
+ print "NR:$key ";
+ foreach my $i (0 .. $#{$$hash{$key}}){
+ print "$i: $$hash{$key}[$i] ";
+ }
+ print "\n";
+ print"##################################\n";
+ #print rules to console
+ foreach my $DPROT (@DPROT){
+ $DPORT = &get_port($hash,$key,$DPROT);
+ if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+ foreach my $a (sort keys %sourcehash){
+ foreach my $b (sort keys %targethash){
+ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
+ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+ if(substr($DPORT, 2, 4) eq 'icmp'){
+ my @icmprule= split(",",substr($DPORT, 12,));
+ foreach (@icmprule){
+ if ($$hash{$key}[17] eq 'ON'){
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
+ }
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
+ }
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+ $natchain='NAT_DESTINATION';
+ if ($$hash{$key}[17] eq 'ON'){
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+ }
+ my ($ip,$sub) =split("/",$targethash{$b}[0]);
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+ $DPORT =~ s/\-/:/g;
+ if ($DPORT){
+ $fwaccessdport="--dport ".substr($DPORT,1,);
+ }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+ if ($$hash{$key}[30]=~m/|/i){
+ $$hash{$key}[30] =~ s/\|/,/g;
+ $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+ }else{
+ $fwaccessdport="--dport $$hash{$key}[30]";
+ }
+ }
+ print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+ next;
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
+ $natchain='NAT_SOURCE';
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+ }
+ if ($$hash{$key}[17] eq 'ON'){
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
+ if ($PROT ne '-p ICMP'){
+ print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
+ }
+ }
+ }
+ print"\n";
+ }
+ }elsif($MODE eq '0'){
+ foreach my $DPROT (@DPROT){
+ $DPORT = &get_port($hash,$key,$DPROT);
+ if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+ foreach my $a (sort keys %sourcehash){
+ foreach my $b (sort keys %targethash){
+ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
+ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+ #Process ICMP RULE
+ if(substr($DPORT, 2, 4) eq 'icmp'){
+ my @icmprule= split(",",substr($DPORT, 12,));
+ foreach (@icmprule){
+ if ($$hash{$key}[17] eq 'ON'){
+ system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
+ }
+ system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
+ }
+ #PROCESS DNAT RULE (Portforward)
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+ $natchain='NAT_DESTINATION';
+ if ($$hash{$key}[17] eq 'ON'){
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+ }
+ my ($ip,$sub) =split("/",$targethash{$b}[0]);
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+ $DPORT =~ s/\-/:/g;
+ if ($DPORT){
+ $fwaccessdport="--dport ".substr($DPORT,1,);
+ }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+ if ($$hash{$key}[30]=~m/|/i){
+ $$hash{$key}[30] =~ s/\|/,/g;
+ $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+ }else{
+ $fwaccessdport="--dport $$hash{$key}[30]";
+ }
+ }
+ system "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+ next;
+ #PROCESS SNAT RULE
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
+ $natchain='NAT_SOURCE';
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+ }
+ if ($$hash{$key}[17] eq 'ON'){
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
+ #PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
+ if ($PROT ne '-p ICMP'){
+ system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ %sourcehash=();
+ %targethash=();
+ undef $TIME;
+ undef $TIMEFROM;
+ undef $TIMETILL;
+ undef $fireport;
+ }
+}
+sub get_nat_ip
+{
+ my $val=shift;
+ my $type=shift;
+ my $result;
+ if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){
+ $result=$defaultNetworks{$val.'_ADDRESS'};
+ }elsif($val eq 'ALL'){
+ $result='-i '.$con;
+ }elsif($val eq 'Default IP' && $type eq 'dnat'){
+ $result='-d '.$redip;
+ }elsif($val eq 'Default IP' && $type eq 'snat'){
+ $result=$redip;
+ }else{
+ foreach my $al (sort keys %aliases){
+ if($val eq $al && $type eq 'dnat'){
+ $result='-d '.$aliases{$al}{'IPT'};
+ }elsif($val eq $al && $type eq 'snat'){
+ $result=$aliases{$al}{'IPT'};
+ }
+ }
+ }
+ return $result;
+}
+sub get_time
+{
+ my $val=shift;
+ my $val1=shift;
+ my $time;
+ my $minutes;
+ my $ruletime;
+ $minutes = &utcmin($val);
+ $ruletime = $minutes + &time_get_utc($val);
+ if ($ruletime < 0){$ruletime +=1440;}
+ if ($ruletime > 1440){$ruletime -=1440;}
+ $time=sprintf "%02d:%02d", $ruletime / 60, $ruletime % 60;
+ return $time;
+}
+sub time_get_utc
+{
+ # Calculates the UTCtime from a given time
+ my $val=shift;
+ my @localtime=localtime(time);
+ my @gmtime=gmtime(time);
+ my $diff = ($gmtime[2]*60+$gmtime[1]%60)-($localtime[2]*60+$localtime[1]%60);
+ return $diff;
+}
+sub utcmin
+{
+ my $ruletime=shift;
+ my ($hrs,$min) = split(":",$ruletime);
+ my $newtime = $hrs*60+$min;
+ return $newtime;
+}
+sub p2pblock
+{
+ my $P2PSTRING;
+ my $DO;
+ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+ @p2ps = <FILE>;
+ close FILE;
+ my $CMD = "-m ipp2p";
+ foreach my $p2pentry (sort @p2ps) {
+ my @p2pline = split( /\;/, $p2pentry );
+ if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) {
+ $DO = "ACCEPT";
+ if ("$p2pline[2]" eq "on") {
+ $P2PSTRING = "$P2PSTRING --$p2pline[1]";
+ }
+ }else {
+ $DO = "RETURN";
+ if ("$p2pline[2]" eq "off") {
+ $P2PSTRING = "$P2PSTRING --$p2pline[1]";
+ }
+ }
+ }
+ if ($MODE eq 1){
+ if($P2PSTRING){
+ print"/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO\n";
+ }
+ }else{
+ if($P2PSTRING){
+ system("/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO");
+ }
+ }
+}
+sub get_address
+{
+ my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
+ my $base2=shift;
+ my $type=shift; #src or tgt
+ my $hash;
+ if ($type eq 'src'){
+ $hash=\%sourcehash;
+ }else{
+ $hash=\%targethash;
+ }
+ my $key = &General::findhasharraykey($hash);
+ if($base eq 'src_addr' || $base eq 'tgt_addr' ){
+ if (&General::validmac($base2)){
+ $$hash{$key}[0] = "-m mac --mac-source $base2";
+ }else{
+ $$hash{$key}[0] = $base2;
+ }
+ }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
+ $$hash{$key}[0]=&fwlib::get_std_net_ip($base2,$con);
+ }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
+ $$hash{$key}[0]=&fwlib::get_net_ip($base2);
+ }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){
+ $$hash{$key}[0]=&fwlib::get_host_ip($base2,$type);
+ }elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1);
+ }elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33);
+ }elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){
+ $$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,11);
+ }elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
+ $$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+ }elsif($base eq 'ipfire_src' ){
+ if($base2 eq 'GREEN'){
+ $$hash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+ }
+ if($base2 eq 'BLUE'){
+ $$hash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+ }
+ if($base2 eq 'ORANGE'){
+ $$hash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+ }
+ if($base2 eq 'ALL'){
+ $$hash{$key}[0]='0.0.0.0/0';
+ }
+ if($base2 eq 'RED' || $base2 eq 'RED1'){
+ open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+ $$hash{$key}[0]= <FILE>;
+ close(FILE);
+ }else{
+ foreach my $alias (sort keys %aliases){
+ if ($base2 eq $alias){
+ $$hash{$key}[0]=$aliases{$alias}{'IPT'};
+ }
+ }
+ }
+ }
+}
+sub get_prot
+{
+ my $hash=shift;
+ my $key=shift;
+ if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+ if ($$hash{$key}[10] ne ''){
+ return"$$hash{$key}[8]";
+ }elsif($$hash{$key}[9] ne ''){
+ return"$$hash{$key}[8]";
+ }else{
+ return "$$hash{$key}[8]";
+ }
+ }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+ if ($$hash{$key}[14] eq 'TGT_PORT'){
+ if ($$hash{$key}[15] ne ''){
+ return "$$hash{$key}[12]";
+ }elsif($$hash{$key}[13] ne ''){
+ return "$$hash{$key}[12]";
+ }else{
+ return "$$hash{$key}[12]";
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ return &fwlib::get_srv_prot($$hash{$key}[15]);
+
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+ }
+ }
+ #DNAT
+ if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' && $$hash{$key}[12] ne ''){
+ return "$$hash{$key}[12]";
+ }
+}
+sub get_port
+{
+ my $hash=shift;
+ my $key=shift;
+ my $prot=shift;
+ if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
+ if ($$hash{$key}[10] ne ''){
+ $$hash{$key}[10] =~ s/\|/,/g;
+ if(index($$hash{$key}[10],",") > 0){
+ return "-m multiport --sport $$hash{$key}[10] ";
+ }else{
+ if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat') ){
+ return "--sport $$hash{$key}[10] ";
+ }else{
+ return ":$$hash{$key}[10]";
+ }
+ }
+ }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
+ return "--icmp-type $$hash{$key}[9] ";
+ }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+ return;
+ }
+ }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
+ if($$hash{$key}[14] eq 'TGT_PORT'){
+ if ($$hash{$key}[15] ne ''){
+ $$hash{$key}[15] =~ s/\|/,/g;
+ if(index($$hash{$key}[15],",") > 0){
+ return "-m multiport --dport $$hash{$key}[15] ";
+ }else{
+ if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
+ return "--dport $$hash{$key}[15] ";
+ }else{
+ $$hash{$key}[15] =~ s/\:/-/g;
+ return ":$$hash{$key}[15]";
+ }
+ }
+ }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
+ return "--icmp-type $$hash{$key}[13] ";
+ }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
+ return;
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ if ($prot ne 'ICMP'){
+ if($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
+ return ":".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+ }else{
+ return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
+ }
+ }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
+ return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
+ }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
+ return;
+ }
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ if ($prot ne 'ICMP'){
+ return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+ }
+ elsif($prot eq 'ICMP'){
+ return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
+ }
+ }
+ }
+}
--- /dev/null
+32,rsync,873,TCP,BLANK,0
+21,IMAPS,993,TCP,BLANK,0
+7,WINS,42,TCP,BLANK,0
+26,LPD,515,TCP,BLANK,0
+17,IRC,194,TCP,BLANK,0
+2,FTP-control,21,TCP,BLANK,0
+1,FTP-data,20,TCP,BLANK,0
+18,HTTPS,443,TCP,BLANK,0
+30,NFS,2049,TCP,BLANK,0
+16,SNMP,161,UDP,BLANK,0
+25,IPP (UDP),631,UDP,BLANK,0
+27,JetDirect,9100,TCP,BLANK,0
+28,LDAP,389,TCP,BLANK,0
+14,NetBIOS Session Service,139,TCP,BLANK,0
+20,FTPS control,990,TCP,BLANK,0
+24,IPP (TCP),631,TCP,BLANK,0
+10,SFTP,115,TCP,BLANK,0
+31,Radius,1812,TCP,BLANK,0
+11,NTP,123,UDP,BLANK,0
+22,POP3S,995,TCP,BLANK,0
+13,NetBIOS Datagram Service,138,TCP,BLANK,0
+23,RDP,3389,TCP,BLANK,0
+29,LDAPS,636,TCP,BLANK,0
+6,Time,37,TCP,BLANK,0
+3,SSH,22,TCP,BLANK,0
+9,POP3,110,TCP,BLANK,0
+12,NetBIOS Name Service,137,TCP,BLANK,0
+15,IMAP,143,TCP,BLANK,0
+8,HTTP,80,TCP,BLANK,0
+4,Telnet,23,UDP,BLANK,0
+19,FTPS data,989,TCP,BLANK,0
+5,SMTP,25,TCP,BLANK,0
--- /dev/null
+0,echo-reply,0
+1,destination-unreachable,3
+2,network-unreachable,3/0
+3,host-unreachable,3/1
+4,protocol-unreachable,3/2
+5,port-unreachable,3/3
+6,fragmentation-needed,3/4
+7,source-route-failed,3/5
+8,network-unknown,3/6
+9,host-unknown,3/7
+10,network-prohibited,3/9
+11,host-prohibited,3/10
+12,TOS-network-unreachable,3/11
+13,TOS-host-unreachable,3/12
+14,communication-prohibited,3/13
+15,host-precedence-violation,3/14
+16,precedence-cutoff,3/15
+17,source-quench,4
+18,redirect,5
+19,network-redirect,5/0
+20,host-redirect,5/1
+21,TOS-network-redirect,5/2
+22,TOS-host-redirect,5/3
+23,echo-request,8
+24,router-advertisement,9
+25,router-solicitation,10
+26,time-exceeded,11
+27,ttl-zero-during-transit,11/0
+28,ttl-zero-during-reassembly,11/1
+29,parameter-problem,12
+30,ip-header-bad,12/0
+31,required-option-missing,12/1
+32,timestamp-request,13
+33,timestamp-reply,14
+34,address-mask-request,17
+35,address-mask-reply,18
- $subfirewall->{'10.dnat'} = {
- 'caption' => $Lang::tr{'ssport forwarding'},
- 'uri' => '/cgi-bin/portfw.cgi',
- 'title' => "$Lang::tr{'ssport forwarding'}",
- 'enabled' => 1,
- };
- $subfirewall->{'20.xtaccess'} = {
- 'caption' => $Lang::tr{'external access'},
- 'uri' => '/cgi-bin/xtaccess.cgi',
- 'title' => "$Lang::tr{'external access'}",
- 'enabled' => 1,
- };
- $subfirewall->{'30.wireless'} = {
- 'caption' => $Lang::tr{'blue access'},
- 'uri' => '/cgi-bin/wireless.cgi',
- 'title' => "$Lang::tr{'blue access'}",
+ $subfirewall->{'10.forward'} = {
+ 'caption' => $Lang::tr{'fwdfw menu'},
+ 'uri' => '/cgi-bin/forwardfw.cgi',
+ 'title' => "$Lang::tr{'fwdfw menu'}",
'enabled' => 1,
- };
- $subfirewall->{'40.dmz'} = {
- 'caption' => $Lang::tr{'ssdmz pinholes'},
- 'uri' => '/cgi-bin/dmzholes.cgi',
- 'title' => "$Lang::tr{'dmz pinhole configuration'}",
+ };
+ $subfirewall->{'20.fwhost'} = {
+ 'caption' => $Lang::tr{'fwhost menu'},
+ 'uri' => '/cgi-bin/fwhosts.cgi',
+ 'title' => "$Lang::tr{'fwhost menu'}",
'enabled' => 1,
- };
- $subfirewall->{'50.outgoing'} = {
- 'caption' => $Lang::tr{'outgoing firewall'},
- 'uri' => '/cgi-bin/outgoingfw.cgi',
- 'title' => "$Lang::tr{'outgoing firewall'}",
+ };
+ $subfirewall->{'30.optionsfw'} = {
+ 'caption' => $Lang::tr{'options fw'},
+ 'uri' => '/cgi-bin/optionsfw.cgi',
+ 'title' => "$Lang::tr{'options fw'}",
'enabled' => 1,
};
- $subfirewall->{'51.outgoinggrp'} = {
- 'caption' => $Lang::tr{'outgoing firewall groups'},
- 'uri' => '/cgi-bin/outgoinggrp.cgi',
- 'title' => "$Lang::tr{'outgoing firewall groups'}",
+ $subfirewall->{'40.p2p'} = {
+ 'caption' => 'P2P-Block',
+ 'uri' => '/cgi-bin/p2p-block.cgi',
+ 'title' => "P2P-Block",
'enabled' => 1,
};
- $subfirewall->{'60.upnp'} = {
+ $subfirewall->{'60.wireless'} = {
+ 'caption' => $Lang::tr{'blue access'},
+ 'uri' => '/cgi-bin/wireless.cgi',
+ 'title' => "$Lang::tr{'blue access'}",
+ 'enabled' => 1,
+ };
+ $subfirewall->{'70.upnp'} = {
'caption' => 'UPnP',
'uri' => '/cgi-bin/upnp.cgi',
'title' => "Universal Plug and Play",
'enabled' => 0,
};
- $subfirewall->{'60.optingsfw'} = {
- 'caption' => $Lang::tr{'options fw'},
- 'uri' => '/cgi-bin/optionsfw.cgi',
- 'title' => "$Lang::tr{'options fw'}",
- 'enabled' => 1,
- };
- $subfirewall->{'70.iptables'} = {
+ $subfirewall->{'90.iptables'} = {
'caption' => $Lang::tr{'ipts'},
'uri' => '/cgi-bin/iptables.cgi',
'title' => "$Lang::tr{'ipts'}",
+++ /dev/null
-bootpc,68,tcp&udp,Bootstrap Protocol Client
-bootps,67,tcp&udp,Bootstrap Protocol Server
-domain,53,tcp&udp,Domain Name Server
-echo,7,tcp&udp,Echo
-ftp,21,tcp&udp,File Transfer Control
-ftp-data,20,tcp&udp,File Control Data
-http,80,tcp,Hypertext Transfer Protocol
-https,443,tcp,secure HTTP
-imap,143,tcp,Interactive Mail Access Protocol
-imap3,220,tcp,Interactive Mail Access Protocol v3
-imaps,993,tcp,secure IMAP
-ipfire-https,444,tcp,IPFire HTTPS
-ipfire-ssh,222,tcp&udp,IPFire SSH
-irc,194,tcp&udp,Internet Relay Chat
-ircd,6667,tcp&udp,Internet Relay Chat
-microsoft-ds,445,tcp&udp,Netbios Filesharing
-nameserver,42,tcp&udp,Host Name Server
-netbios-dgm,138,tcp&udp,NETBIOS Datagram Service
-netbios-ns,137,tcp&udp,NETBIOS Name Server
-netbios-ssn,139,tcp&udp,NETBIOS Session Service
-nfs,2049,tcp&udp,Network File System
-ntp,123,udp,Network Time Protocol
-pop3,110,tcp,POP3 Email
-pop3s,995,tcp,secure POP3 Email
-sftp,115,tcp&udp,secure File Transfer Protocol
-smtp,25,tcp,Simple Mail Transfer Protocol
-smtps,465,tcp,secure Simple Mail Transfer Protocol
-snmp,161,tcp&udp,Simple Network Management
-snmptrap,162,udp,SNMP Trap
-ssh,22,tcp&udp,SSH
-telnet,23,tcp&udp,Telnet
-tftp,69,tcp&udp,Trivial File Transfer
-time,37,tcp&udp,Time
-wins,1512,tcp&udp,Windows Internet Name Service
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-
-use strict;
-# enable only the following on debugging purpose
-#use warnings;
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-
-my %outfwsettings = ();
-my %checked = ();
-my %selected= () ;
-my %netsettings = ();
-my $errormessage = "";
-my $configentry = "";
-my @configs = ();
-my @configline = ();
-my $p2pentry = "";
-my @p2ps = ();
-my @p2pline = ();
-my $CMD = "";
-my $P2PSTRING = "";
-
-my $DEBUG = 0;
-
-my $configfile = "/var/ipfire/outgoing/rules";
-my $p2pfile = "/var/ipfire/outgoing/p2protocols";
-
-### Values that have to be initialized
-$outfwsettings{'ACTION'} = '';
-$outfwsettings{'VALID'} = 'yes';
-$outfwsettings{'EDIT'} = 'no';
-$outfwsettings{'NAME'} = '';
-$outfwsettings{'SNET'} = '';
-$outfwsettings{'SIP'} = '';
-$outfwsettings{'SPORT'} = '';
-$outfwsettings{'SMAC'} = '';
-$outfwsettings{'DIP'} = '';
-$outfwsettings{'DPORT'} = '';
-$outfwsettings{'PROT'} = '';
-$outfwsettings{'STATE'} = '';
-$outfwsettings{'DISPLAY_DIP'} = '';
-$outfwsettings{'DISPLAY_DPORT'} = '';
-$outfwsettings{'DISPLAY_SMAC'} = '';
-$outfwsettings{'DISPLAY_SIP'} = '';
-$outfwsettings{'POLICY'} = 'MODE0';
-
-my @SOURCE = "";
-my $SOURCE = "";
-my $DESTINATION = "";
-my @PROTO = "";
-my $PROTO = "";
-my $DPORT = "";
-my $DEV = "";
-my $MAC = "";
-my $DO = "";
-my $DAY = "";
-
-# read files
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-$netsettings{'RED_DEV'}=`cat /var/ipfire/red/iface`;
-$netsettings{'RED_IP'}=`cat /var/ipfire/red/local-ipaddress`;
-
-open( FILE, "< $configfile" ) or die "Unable to read $configfile";
-@configs = <FILE>;
-close FILE;
-
-if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
- $outfwsettings{'STATE'} = "ALLOW";
- $DO = "RETURN";
-} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
- $outfwsettings{'STATE'} = "DENY";
- $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '";
-}
-
-### Initialize IPTables
-system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1");
-system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1");
-system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1");
-
-system("/sbin/iptables --flush OUTGOINGFWMAC >/dev/null 2>&1");
-system("/sbin/iptables --delete-chain OUTGOINGFWMAC >/dev/null 2>&1");
-system("/sbin/iptables -N OUTGOINGFWMAC >/dev/null 2>&1");
-
-if ( $outfwsettings{'POLICY'} eq 'MODE0' ) {
- &firewall_local_reload();
- exit 0
-}
-
-if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
- $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j RETURN";
- if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j RETURN";
- if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j RETURN";
- if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
- $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j RETURN";
- if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
-}
-
-foreach $configentry (sort @configs)
-{
- @SOURCE = "";
- $DESTINATION = "";
- $PROTO = "";
- $DPORT = "";
- $DEV = "";
- $MAC = "";
- @configline = split( /\;/, $configentry );
-
- if ($outfwsettings{'STATE'} eq $configline[0]) {
- if ($configline[2] eq 'green') {
- @SOURCE = ("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
- $DEV = $netsettings{'GREEN_DEV'};
- } elsif ($configline[2] eq 'red') {
- @SOURCE = ("$netsettings{'RED_IP'}");
- $DEV = "";
- } elsif ($configline[2] eq 'blue') {
- @SOURCE = ("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
- $DEV = $netsettings{'BLUE_DEV'};
- } elsif ($configline[2] eq 'orange') {
- @SOURCE = ("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
- $DEV = $netsettings{'ORANGE_DEV'};
- } elsif ($configline[2] eq 'ipsec') {
- @SOURCE = "";
- $DEV = "ipsec+";
- } elsif ($configline[2] eq 'ovpn') {
- @SOURCE = "";
- $DEV = "tun+";
- } elsif ($configline[2] eq 'ip') {
- @SOURCE = ("$configline[5]");
- $DEV = "";
- } elsif ($configline[2] eq 'mac') {
- @SOURCE = ("$configline[6]");
- $DEV = "";
- } elsif ($configline[2] eq 'all') {
- @SOURCE = ("0/0");
- $DEV = "";
- } else {
- if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) {
- @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`;
- } elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) {
- @SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`;
- $configline[2] = "mac";
- }
- $DEV = "";
- }
-
- if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; }
-
- if ($configline[3] eq 'tcp') {
- @PROTO = ("tcp");
- } elsif ($configline[3] eq 'udp') {
- @PROTO = ("udp");
- } elsif ($configline[3] eq 'esp') {
- @PROTO = ("esp");
- } elsif ($configline[3] eq 'gre') {
- @PROTO = ("gre");
- } else {
- @PROTO = ("tcp","udp");
- }
-
- my $macrule = 0;
- foreach $PROTO (@PROTO){
- foreach $SOURCE (@SOURCE) {
- $SOURCE =~ s/\s//gi;
-
- if ( $SOURCE eq "" || $configline[1] eq "" ){next;}
-
- if ( ( $configline[6] ne "" || $configline[2] eq 'mac' ) && $configline[2] ne 'all'){
- $SOURCE =~ s/[^a-zA-Z0-9]/:/gi;
- $CMD = "-m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO";
- $macrule = 1;
- } else {
- $CMD = "-s $SOURCE -d $DESTINATION -p $PROTO";
- }
-
- if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) {
- $DPORT = "$configline[8]";
- $CMD = "$CMD -m multiport --destination-port $DPORT";
- }
-
- if ($DEV) {
- $CMD = "$CMD -i $DEV";
- }
-
- if ($configline[17] && $configline[18]) {
- $DAY = "";
- if ($configline[10]){$DAY = "Mon,"}
- if ($configline[11]){$DAY .= "Tue,"}
- if ($configline[12]){$DAY .= "Wed,"}
- if ($configline[13]){$DAY .= "Thu,"}
- if ($configline[14]){$DAY .= "Fri,"}
- if ($configline[15]){$DAY .= "Sat,"}
- if ($configline[16]){$DAY .= "Sun"}
- $CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY";
- }
-
- $CMD = "$CMD -o $netsettings{'RED_DEV'}";
-
- if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
- applyrule("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '", $macrule);
- } elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
- applyrule("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '", $macrule);
- }
-
- applyrule("$CMD -j $DO", $macrule);
- }
- }
- }
-}
-
-### Do the P2P-Stuff here
-open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-@p2ps = <FILE>;
-close FILE;
-
-$CMD = "-m ipp2p";
-
-foreach $p2pentry (sort @p2ps) {
- @p2pline = split( /\;/, $p2pentry );
- if ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
- $DO = "DROP";
- if ("$p2pline[2]" eq "off") {
- $P2PSTRING = "$P2PSTRING --$p2pline[1]";
- }
- } else {
- $DO = "RETURN";
- if ("$p2pline[2]" eq "on") {
- $P2PSTRING = "$P2PSTRING --$p2pline[1]";
- }
- }
-}
-if ($P2PSTRING) {
- applyrule("$CMD $P2PSTRING -j $DO", 0);
-}
-
-if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
- if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
- applyrule("-o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '", 0);
- }
-
- applyrule("-o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW '", 0);
-}
-
-&firewall_local_reload();
-
-sub applyrule($$) {
- my $cmd = shift;
- my $macrule = shift;
-
- system("/sbin/iptables -A OUTGOINGFWMAC $cmd");
- if ($macrule == 0) {
- system("/sbin/iptables -A OUTGOINGFW $cmd");
- }
-}
-
-sub firewall_local_reload() {
- my $script = "/etc/sysconfig/firewall.local";
-
- if ( -x $script ) {
- system("$script reload >/dev/null 2>&1");
- }
-}
srv/web/ipfire/cgi-bin/dns.cgi
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/dhcp.cgi
-srv/web/ipfire/cgi-bin/dmzholes.cgi
+#srv/web/ipfire/cgi-bin/dmzholes.cgi
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
+srv/web/ipfire/cgi-bin/forwardfw.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
srv/web/ipfire/cgi-bin/hosts.cgi
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
-srv/web/ipfire/cgi-bin/outgoingfw.cgi
-srv/web/ipfire/cgi-bin/outgoinggrp.cgi
+#srv/web/ipfire/cgi-bin/outgoingfw.cgi
+#srv/web/ipfire/cgi-bin/outgoinggrp.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/p2p-block.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
-srv/web/ipfire/cgi-bin/portfw.cgi
srv/web/ipfire/cgi-bin/pppsetup.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/qos.cgi
srv/web/ipfire/cgi-bin/webaccess.cgi
srv/web/ipfire/cgi-bin/wireless.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
-srv/web/ipfire/cgi-bin/xtaccess.cgi
+#srv/web/ipfire/cgi-bin/xtaccess.cgi
srv/web/ipfire/html
var/updatecache
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/20-RL-firewall
-etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
+etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
-etc/rc.d/init.d/networking/red.up/25-portfw
-etc/rc.d/init.d/networking/red.up/26-xtaccess
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/networking/red.up/40-ipac
#var/ipfire/dhcp/fixleases
#var/ipfire/dhcp/settings
var/ipfire/dhcpc
-var/ipfire/dmzholes
-#var/ipfire/dmzholes/config
var/ipfire/dns
#var/ipfire/dns/settings
var/ipfire/dnsforward
var/ipfire/extrahd/scan
var/ipfire/extrahd/settings
var/ipfire/fwlogs
+var/ipfire/forward
+var/ipfire/forward/bin/rules.pl
+var/ipfire/forward/bin/firewall-lib.pl
+var/ipfire/forward/settings
+var/ipfire/forward/config
+var/ipfire/forward/input
+var/ipfire/forward/outgoing
+var/ipfire/forward/dmz
+var/ipfire/forward/nat
+var/ipfire/forward/p2protocols
+var/ipfire/fwhosts
+var/ipfire/fwhosts/icmp-types
+var/ipfire/fwhosts/customhosts
+var/ipfire/fwhosts/customnetworks
+var/ipfire/fwhosts/customgroups
+var/ipfire/fwhosts/customservices
+var/ipfire/fwhosts/customservicegrp
#var/ipfire/fwlogs/ipsettings
#var/ipfire/fwlogs/portsettings
var/ipfire/general-functions.pl
#var/ipfire/nfs
#var/ipfire/nfs/nfs-server
var/ipfire/optionsfw
-#var/ipfire/optionsfw/settings
-var/ipfire/outgoing
+var/ipfire/optionsfw/settings
+#var/ipfire/outgoing
#var/ipfire/outgoing/bin
#var/ipfire/outgoing/bin/outgoingfw.pl
-var/ipfire/outgoing/defaultservices
+#var/ipfire/outgoing/defaultservices
#var/ipfire/outgoing/groups
#var/ipfire/outgoing/groups/ipgroups
#var/ipfire/outgoing/groups/macgroups
var/ipfire/wireless
#var/ipfire/wireless/config
#var/ipfire/wireless/settings
-var/ipfire/xtaccess
-#var/ipfire/xtaccess/config
var/ipfire/firebuild
etc/system-release
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/20-RL-firewall
-etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
+etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
-etc/rc.d/init.d/networking/red.up/25-portfw
-etc/rc.d/init.d/networking/red.up/26-xtaccess
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/networking/red.up/40-ipac
usr/local/bin/logwatch
#usr/local/bin/mpfirectrl
usr/local/bin/openvpnctrl
-usr/local/bin/outgoingfwctrl
+#usr/local/bin/outgoingfwctrl
+usr/local/bin/forwardfwctrl
usr/local/bin/pakfire
usr/local/bin/qosctrl
usr/local/bin/rebuildhosts
usr/local/bin/redctrl
#usr/local/bin/sambactrl
usr/local/bin/setaliases
-usr/local/bin/setdmzholes
-usr/local/bin/setportfw
-usr/local/bin/setxtaccess
usr/local/bin/smartctrl
usr/local/bin/snortctrl
usr/local/bin/squidctrl
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
+usr/sbin/firewall-policy
+usr/sbin/convert-xtaccess
+usr/sbin/convert-outgoingfw
+usr/sbin/convert-dmz
+usr/sbin/convert-portfw
#usr/share
#usr/share/doc
#usr/share/doc/licenses
var/ipfire/backup/include
var/ipfire/general-functions.pl
var/ipfire/langs
-var/ipfire/outgoing/bin/outgoingfw.pl
var/ipfire/qos/bin/makeqosscripts.pl
var/ipfire/updatexlrator/bin/download
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: apply
WARNING: translation string unused: archive not exist
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: driver
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forward firewall
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
+WARNING: translation string unused: fwdfw ACCEPT
+WARNING: translation string unused: fwdfw DROP
+WARNING: translation string unused: fwdfw MODE1
+WARNING: translation string unused: fwdfw MODE2
+WARNING: translation string unused: fwdfw REJECT
+WARNING: translation string unused: fwdfw addr grp
+WARNING: translation string unused: fwdfw cust addr
+WARNING: translation string unused: fwdfw cust net
+WARNING: translation string unused: fwdfw err srcovpn
+WARNING: translation string unused: fwdfw err srcport
+WARNING: translation string unused: fwdfw err tgt_port
+WARNING: translation string unused: fwdfw err tgtovpn
+WARNING: translation string unused: fwdfw err tgtport
+WARNING: translation string unused: fwdfw from
+WARNING: translation string unused: fwdfw ipsec network
+WARNING: translation string unused: fwdfw natport used
+WARNING: translation string unused: fwdfw rules
+WARNING: translation string unused: fwdfw std network
+WARNING: translation string unused: fwdfw till
+WARNING: translation string unused: fwdfw time
+WARNING: translation string unused: fwhost addrule
+WARNING: translation string unused: fwhost attention
+WARNING: translation string unused: fwhost blue
+WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost err addrgrp
+WARNING: translation string unused: fwhost err hostorip
+WARNING: translation string unused: fwhost err mac
+WARNING: translation string unused: fwhost green
+WARNING: translation string unused: fwhost ipadr
+WARNING: translation string unused: fwhost ipsec host
+WARNING: translation string unused: fwhost orange
+WARNING: translation string unused: fwhost reset
+WARNING: translation string unused: fwhost wo subnet
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: emerging rules
+WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos add subclass
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forward firewall
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
+WARNING: translation string unused: fwdfw ACCEPT
+WARNING: translation string unused: fwdfw DROP
+WARNING: translation string unused: fwdfw MODE1
+WARNING: translation string unused: fwdfw MODE2
+WARNING: translation string unused: fwdfw REJECT
+WARNING: translation string unused: fwdfw addr grp
+WARNING: translation string unused: fwdfw cust addr
+WARNING: translation string unused: fwdfw cust net
+WARNING: translation string unused: fwdfw err srcovpn
+WARNING: translation string unused: fwdfw err srcport
+WARNING: translation string unused: fwdfw err tgt_port
+WARNING: translation string unused: fwdfw err tgtovpn
+WARNING: translation string unused: fwdfw err tgtport
+WARNING: translation string unused: fwdfw from
+WARNING: translation string unused: fwdfw ipsec network
+WARNING: translation string unused: fwdfw natport used
+WARNING: translation string unused: fwdfw rules
+WARNING: translation string unused: fwdfw std network
+WARNING: translation string unused: fwdfw till
+WARNING: translation string unused: fwdfw time
+WARNING: translation string unused: fwhost addrule
+WARNING: translation string unused: fwhost attention
+WARNING: translation string unused: fwhost blue
+WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost err addrgrp
+WARNING: translation string unused: fwhost err hostorip
+WARNING: translation string unused: fwhost err mac
+WARNING: translation string unused: fwhost green
+WARNING: translation string unused: fwhost ipadr
+WARNING: translation string unused: fwhost ipsec host
+WARNING: translation string unused: fwhost orange
+WARNING: translation string unused: fwhost reset
+WARNING: translation string unused: fwhost wo subnet
WARNING: translation string unused: g.dtm
WARNING: translation string unused: g.lite
WARNING: translation string unused: gen static key
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: bytes
+WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: wlanap country
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: openvpn default
WARNING: untranslated string: outgoing firewall mac groups
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
-WARNING: untranslated string: outgoing firewall p2p description 1
-WARNING: untranslated string: outgoing firewall p2p description 2
-WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: ntp common settings
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos enter bandwidths
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: openvpn default
WARNING: untranslated string: outgoing firewall mac groups
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
-WARNING: untranslated string: outgoing firewall p2p description 1
-WARNING: untranslated string: outgoing firewall p2p description 2
-WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
WARNING: untranslated string: ovpn errmsg green already pushed
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: filename
WARNING: translation string unused: firewall graphs
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: from email adr
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Add a route
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
WARNING: untranslated string: extrahd to
WARNING: untranslated string: extrahd to root
WARNING: untranslated string: extrahd you cant mount
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
+WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
+WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
+WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
+WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
+WARNING: translation string unused: description
+WARNING: translation string unused: destination ip bad
+WARNING: translation string unused: destination ip or net
+WARNING: translation string unused: destination net
+WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
+WARNING: translation string unused: dmz pinhole configuration
+WARNING: translation string unused: dmz pinhole rule added
+WARNING: translation string unused: dmz pinhole rule removed
+WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
+WARNING: translation string unused: drop output
+WARNING: translation string unused: dstprt range overlaps
+WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
+WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
+WARNING: translation string unused: forwarding rule added
+WARNING: translation string unused: forwarding rule removed
+WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
+WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
+WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
+WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
+WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
+WARNING: translation string unused: outgoing firewall
+WARNING: translation string unused: outgoing firewall mode0
+WARNING: translation string unused: outgoing firewall mode1
+WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
+WARNING: translation string unused: outgoing firewall p2p description 1
+WARNING: translation string unused: outgoing firewall p2p description 2
+WARNING: translation string unused: outgoing firewall p2p description 3
+WARNING: translation string unused: outgoing firewall reset
+WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
+WARNING: translation string unused: policy
+WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
+WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
+WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
+WARNING: translation string unused: source ip in use
+WARNING: translation string unused: source ip or net
+WARNING: translation string unused: source net
+WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
+WARNING: translation string unused: srcprt range overlaps
+WARNING: translation string unused: srcprt within existing
+WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
+WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
+WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: drop action
+WARNING: untranslated string: drop action1
+WARNING: untranslated string: drop action2
+WARNING: untranslated string: drop forward
+WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: fw default drop
+WARNING: untranslated string: fw settings
+WARNING: untranslated string: fw settings color
+WARNING: untranslated string: fw settings dropdown
+WARNING: untranslated string: fw settings remark
+WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw action
+WARNING: untranslated string: fwdfw additional
+WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw change
+WARNING: untranslated string: fwdfw copy
+WARNING: untranslated string: fwdfw delete
+WARNING: untranslated string: fwdfw dnat
+WARNING: untranslated string: fwdfw dnat error
+WARNING: untranslated string: fwdfw dnat porterr
+WARNING: untranslated string: fwdfw edit
+WARNING: untranslated string: fwdfw err nosrc
+WARNING: untranslated string: fwdfw err nosrcip
+WARNING: untranslated string: fwdfw err notgt
+WARNING: untranslated string: fwdfw err notgtip
+WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err remark
+WARNING: untranslated string: fwdfw err ruleexists
+WARNING: untranslated string: fwdfw err same
+WARNING: untranslated string: fwdfw err samesub
+WARNING: untranslated string: fwdfw err src_addr
+WARNING: untranslated string: fwdfw err tgt_addr
+WARNING: untranslated string: fwdfw err tgt_grp
+WARNING: untranslated string: fwdfw err tgt_mac
+WARNING: untranslated string: fwdfw err time
+WARNING: untranslated string: fwdfw final_rule
+WARNING: untranslated string: fwdfw hint ip1
+WARNING: untranslated string: fwdfw hint ip2
+WARNING: untranslated string: fwdfw log rule
+WARNING: untranslated string: fwdfw man port
+WARNING: untranslated string: fwdfw menu
+WARNING: untranslated string: fwdfw movedown
+WARNING: untranslated string: fwdfw moveup
+WARNING: untranslated string: fwdfw newrule
+WARNING: untranslated string: fwdfw p2p txt
+WARNING: untranslated string: fwdfw pol allow
+WARNING: untranslated string: fwdfw pol block
+WARNING: untranslated string: fwdfw pol text
+WARNING: untranslated string: fwdfw pol text1
+WARNING: untranslated string: fwdfw pol title
+WARNING: untranslated string: fwdfw red
+WARNING: untranslated string: fwdfw reread
+WARNING: untranslated string: fwdfw rule action
+WARNING: untranslated string: fwdfw rule activate
+WARNING: untranslated string: fwdfw rulepos
+WARNING: untranslated string: fwdfw snat
+WARNING: untranslated string: fwdfw source
+WARNING: untranslated string: fwdfw sourceip
+WARNING: untranslated string: fwdfw target
+WARNING: untranslated string: fwdfw targetip
+WARNING: untranslated string: fwdfw timeframe
+WARNING: untranslated string: fwdfw toggle
+WARNING: untranslated string: fwdfw togglelog
+WARNING: untranslated string: fwdfw use nat
+WARNING: untranslated string: fwdfw use srcport
+WARNING: untranslated string: fwdfw use srv
+WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw wd_fri
+WARNING: untranslated string: fwdfw wd_mon
+WARNING: untranslated string: fwdfw wd_sat
+WARNING: untranslated string: fwdfw wd_sun
+WARNING: untranslated string: fwdfw wd_thu
+WARNING: untranslated string: fwdfw wd_tue
+WARNING: untranslated string: fwdfw wd_wed
+WARNING: untranslated string: fwdfw xt access
+WARNING: untranslated string: fwhost addgrp
+WARNING: untranslated string: fwhost addgrpname
+WARNING: untranslated string: fwhost addhost
+WARNING: untranslated string: fwhost addnet
+WARNING: untranslated string: fwhost addservice
+WARNING: untranslated string: fwhost addservicegrp
+WARNING: untranslated string: fwhost any
+WARNING: untranslated string: fwhost back
+WARNING: untranslated string: fwhost ccdhost
+WARNING: untranslated string: fwhost ccdnet
+WARNING: untranslated string: fwhost change
+WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust grp
+WARNING: untranslated string: fwhost cust net
+WARNING: untranslated string: fwhost cust service
+WARNING: untranslated string: fwhost cust srvgrp
+WARNING: untranslated string: fwhost deleted
+WARNING: untranslated string: fwhost empty
+WARNING: untranslated string: fwhost err addr
+WARNING: untranslated string: fwhost err empty
+WARNING: untranslated string: fwhost err groupempty
+WARNING: untranslated string: fwhost err grpexist
+WARNING: untranslated string: fwhost err hostexist
+WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost err ip
+WARNING: untranslated string: fwhost err ipcheck
+WARNING: untranslated string: fwhost err ipmac
+WARNING: untranslated string: fwhost err ipwithsub
+WARNING: untranslated string: fwhost err isccdhost
+WARNING: untranslated string: fwhost err isccdiphost
+WARNING: untranslated string: fwhost err isccdipnet
+WARNING: untranslated string: fwhost err isccdnet
+WARNING: untranslated string: fwhost err isingrp
+WARNING: untranslated string: fwhost err name
+WARNING: untranslated string: fwhost err name1
+WARNING: untranslated string: fwhost err net
+WARNING: untranslated string: fwhost err netexist
+WARNING: untranslated string: fwhost err partofnet
+WARNING: untranslated string: fwhost err port
+WARNING: untranslated string: fwhost err remark
+WARNING: untranslated string: fwhost err srv exists
+WARNING: untranslated string: fwhost err srvexist
+WARNING: untranslated string: fwhost err sub32
+WARNING: untranslated string: fwhost hint
+WARNING: untranslated string: fwhost hosts
+WARNING: untranslated string: fwhost icmptype
+WARNING: untranslated string: fwhost ip_mac
+WARNING: untranslated string: fwhost ipsec net
+WARNING: untranslated string: fwhost menu
+WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgrp
+WARNING: untranslated string: fwhost newhost
+WARNING: untranslated string: fwhost newnet
+WARNING: untranslated string: fwhost newservice
+WARNING: untranslated string: fwhost newservicegrp
+WARNING: untranslated string: fwhost ovpn_n2n
+WARNING: untranslated string: fwhost port
+WARNING: untranslated string: fwhost prot
+WARNING: untranslated string: fwhost reread
+WARNING: untranslated string: fwhost services
+WARNING: untranslated string: fwhost srv_name
+WARNING: untranslated string: fwhost stdnet
+WARNING: untranslated string: fwhost type
+WARNING: untranslated string: fwhost used
+WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
+WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
# Checking cgi-bin translations for language: en #
############################################################################
< ccd maxclients
+< wlanap country
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
-< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< drop action
+< drop action1
+< drop action2
+< drop forward
+< drop outgoing
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< forward firewall
+< fw default drop
+< fwdfw ACCEPT
+< fwdfw action
+< fwdfw additional
+< fwdfw addr grp
+< fwdfw addrule
+< fwdfw change
+< fwdfw copy
+< fwdfw cust addr
+< fwdfw cust net
+< fwdfw delete
+< fwdfw dnat
+< fwdfw dnat error
+< fwdfw dnat porterr
+< fwdfw DROP
+< fwdfw edit
+< fwdfw err nosrc
+< fwdfw err nosrcip
+< fwdfw err notgt
+< fwdfw err notgtip
+< fwdfw err prot
+< fwdfw err remark
+< fwdfw err ruleexists
+< fwdfw err same
+< fwdfw err samesub
+< fwdfw err src_addr
+< fwdfw err srcovpn
+< fwdfw err srcport
+< fwdfw err tgt_addr
+< fwdfw err tgt_grp
+< fwdfw err tgt_mac
+< fwdfw err tgtovpn
+< fwdfw err tgtport
+< fwdfw err tgt_port
+< fwdfw err time
+< fwdfw final_rule
+< fwdfw from
+< fwdfw hint ip1
+< fwdfw hint ip2
+< fwdfw ipsec network
+< fwdfw log rule
+< fwdfw man port
+< fwdfw menu
+< fwdfw MODE1
+< fwdfw MODE2
+< fwdfw movedown
+< fwdfw moveup
+< fwdfw natport used
+< fwdfw newrule
+< fwdfw p2p txt
+< fwdfw pol allow
+< fwdfw pol block
+< fwdfw pol text
+< fwdfw pol text1
+< fwdfw pol title
+< fwdfw red
+< fwdfw REJECT
+< fwdfw reread
+< fwdfw rule action
+< fwdfw rule activate
+< fwdfw rulepos
+< fwdfw rules
+< fwdfw snat
+< fwdfw source
+< fwdfw sourceip
+< fwdfw std network
+< fwdfw target
+< fwdfw targetip
+< fwdfw till
+< fwdfw time
+< fwdfw timeframe
+< fwdfw toggle
+< fwdfw togglelog
+< fwdfw useless rule
+< fwdfw use nat
+< fwdfw use srcport
+< fwdfw use srv
+< fwdfw wd_fri
+< fwdfw wd_mon
+< fwdfw wd_sat
+< fwdfw wd_sun
+< fwdfw wd_thu
+< fwdfw wd_tue
+< fwdfw wd_wed
+< fwdfw xt access
+< fwhost addgrp
+< fwhost addgrpname
+< fwhost addhost
+< fwhost addnet
+< fwhost addrule
+< fwhost addservice
+< fwhost addservicegrp
+< fwhost any
+< fwhost attention
+< fwhost back
+< fwhost blue
+< fwhost ccdhost
+< fwhost ccdnet
+< fwhost change
+< fwhost changeremark
+< fwhost cust addr
+< fwhost cust grp
+< fwhost cust net
+< fwhost cust service
+< fwhost cust srvgrp
+< fwhost deleted
+< fwhost empty
+< fwhost err addr
+< fwhost err addrgrp
+< fwhost err empty
+< fwhost err groupempty
+< fwhost err grpexist
+< fwhost err hostexist
+< fwhost err hostorip
+< fwhost err ip
+< fwhost err ipcheck
+< fwhost err ipmac
+< fwhost err ipwithsub
+< fwhost err isccdhost
+< fwhost err isccdiphost
+< fwhost err isccdipnet
+< fwhost err isccdnet
+< fwhost err isingrp
+< fwhost err mac
+< fwhost err name
+< fwhost err name1
+< fwhost err net
+< fwhost err netexist
+< fwhost err partofnet
+< fwhost err port
+< fwhost err remark
+< fwhost err srvexist
+< fwhost err srv exists
+< fwhost err sub32
+< fwhost green
+< fwhost hint
+< fwhost hosts
+< fwhost icmptype
+< fwhost ipadr
+< fwhost ip_mac
+< fwhost ipsec host
+< fwhost ipsec net
+< fwhost menu
+< fwhost netaddress
+< fwhost newgrp
+< fwhost newhost
+< fwhost newnet
+< fwhost newservice
+< fwhost newservicegrp
+< fwhost orange
+< fwhost ovpn_n2n
+< fwhost port
+< fwhost prot
+< fwhost reread
+< fwhost reset
+< fwhost services
+< fwhost srv_name
+< fwhost stdnet
+< fwhost type
+< fwhost used
+< fwhost welcome
+< fwhost wo subnet
+< fw settings
+< fw settings color
+< fw settings dropdown
+< fw settings remark
+< fw settings ruletable
< minute
< ntp common settings
< ntp sync
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
+< red1
< server restart
< snort working
< static routes
############################################################################
# Checking cgi-bin translations for language: es #
############################################################################
-< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< drop action
+< drop action1
+< drop action2
+< drop forward
+< drop outgoing
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
+< forward firewall
+< fw default drop
+< fwdfw ACCEPT
+< fwdfw action
+< fwdfw additional
+< fwdfw addr grp
+< fwdfw addrule
+< fwdfw change
+< fwdfw copy
+< fwdfw cust addr
+< fwdfw cust net
+< fwdfw delete
+< fwdfw dnat
+< fwdfw dnat error
+< fwdfw dnat porterr
+< fwdfw DROP
+< fwdfw edit
+< fwdfw err nosrc
+< fwdfw err nosrcip
+< fwdfw err notgt
+< fwdfw err notgtip
+< fwdfw err prot
+< fwdfw err remark
+< fwdfw err ruleexists
+< fwdfw err same
+< fwdfw err samesub
+< fwdfw err src_addr
+< fwdfw err srcovpn
+< fwdfw err srcport
+< fwdfw err tgt_addr
+< fwdfw err tgt_grp
+< fwdfw err tgt_mac
+< fwdfw err tgtovpn
+< fwdfw err tgtport
+< fwdfw err tgt_port
+< fwdfw err time
+< fwdfw final_rule
+< fwdfw from
+< fwdfw hint ip1
+< fwdfw hint ip2
+< fwdfw ipsec network
+< fwdfw log rule
+< fwdfw man port
+< fwdfw menu
+< fwdfw MODE1
+< fwdfw MODE2
+< fwdfw movedown
+< fwdfw moveup
+< fwdfw natport used
+< fwdfw newrule
+< fwdfw p2p txt
+< fwdfw pol allow
+< fwdfw pol block
+< fwdfw pol text
+< fwdfw pol text1
+< fwdfw pol title
+< fwdfw red
+< fwdfw REJECT
+< fwdfw reread
+< fwdfw rule action
+< fwdfw rule activate
+< fwdfw rulepos
+< fwdfw rules
+< fwdfw snat
+< fwdfw source
+< fwdfw sourceip
+< fwdfw std network
+< fwdfw target
+< fwdfw targetip
+< fwdfw till
+< fwdfw time
+< fwdfw timeframe
+< fwdfw toggle
+< fwdfw togglelog
+< fwdfw useless rule
+< fwdfw use nat
+< fwdfw use srcport
+< fwdfw use srv
+< fwdfw wd_fri
+< fwdfw wd_mon
+< fwdfw wd_sat
+< fwdfw wd_sun
+< fwdfw wd_thu
+< fwdfw wd_tue
+< fwdfw wd_wed
+< fwdfw xt access
+< fwhost addgrp
+< fwhost addgrpname
+< fwhost addhost
+< fwhost addnet
+< fwhost addrule
+< fwhost addservice
+< fwhost addservicegrp
+< fwhost any
+< fwhost attention
+< fwhost back
+< fwhost blue
+< fwhost ccdhost
+< fwhost ccdnet
+< fwhost change
+< fwhost changeremark
+< fwhost cust addr
+< fwhost cust grp
+< fwhost cust net
+< fwhost cust service
+< fwhost cust srvgrp
+< fwhost deleted
+< fwhost empty
+< fwhost err addr
+< fwhost err addrgrp
+< fwhost err empty
+< fwhost err groupempty
+< fwhost err grpexist
+< fwhost err hostexist
+< fwhost err hostorip
+< fwhost err ip
+< fwhost err ipcheck
+< fwhost err ipmac
+< fwhost err ipwithsub
+< fwhost err isccdhost
+< fwhost err isccdiphost
+< fwhost err isccdipnet
+< fwhost err isccdnet
+< fwhost err isingrp
+< fwhost err mac
+< fwhost err name
+< fwhost err name1
+< fwhost err net
+< fwhost err netexist
+< fwhost err partofnet
+< fwhost err port
+< fwhost err remark
+< fwhost err srvexist
+< fwhost err srv exists
+< fwhost err sub32
+< fwhost green
+< fwhost hint
+< fwhost hosts
+< fwhost icmptype
+< fwhost ipadr
+< fwhost ip_mac
+< fwhost ipsec host
+< fwhost ipsec net
+< fwhost menu
+< fwhost netaddress
+< fwhost newgrp
+< fwhost newhost
+< fwhost newnet
+< fwhost newservice
+< fwhost newservicegrp
+< fwhost orange
+< fwhost ovpn_n2n
+< fwhost port
+< fwhost prot
+< fwhost reread
+< fwhost reset
+< fwhost services
+< fwhost srv_name
+< fwhost stdnet
+< fwhost type
+< fwhost used
+< fwhost welcome
+< fwhost wo subnet
+< fw settings
+< fw settings color
+< fw settings dropdown
+< fw settings remark
+< fw settings ruletable
< minute
< openvpn default
< openvpn destination port used
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
+< red1
< server restart
< Set time on boot
< static routes
############################################################################
# Checking cgi-bin translations for language: pl #
############################################################################
-< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< drop action
+< drop action1
+< drop action2
+< drop forward
+< drop outgoing
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< forward firewall
+< fw default drop
+< fwdfw ACCEPT
+< fwdfw action
+< fwdfw additional
+< fwdfw addr grp
+< fwdfw addrule
+< fwdfw change
+< fwdfw copy
+< fwdfw cust addr
+< fwdfw cust net
+< fwdfw delete
+< fwdfw dnat
+< fwdfw dnat error
+< fwdfw dnat porterr
+< fwdfw DROP
+< fwdfw edit
+< fwdfw err nosrc
+< fwdfw err nosrcip
+< fwdfw err notgt
+< fwdfw err notgtip
+< fwdfw err prot
+< fwdfw err remark
+< fwdfw err ruleexists
+< fwdfw err same
+< fwdfw err samesub
+< fwdfw err src_addr
+< fwdfw err srcovpn
+< fwdfw err srcport
+< fwdfw err tgt_addr
+< fwdfw err tgt_grp
+< fwdfw err tgt_mac
+< fwdfw err tgtovpn
+< fwdfw err tgtport
+< fwdfw err tgt_port
+< fwdfw err time
+< fwdfw final_rule
+< fwdfw from
+< fwdfw hint ip1
+< fwdfw hint ip2
+< fwdfw ipsec network
+< fwdfw log rule
+< fwdfw man port
+< fwdfw menu
+< fwdfw MODE1
+< fwdfw MODE2
+< fwdfw movedown
+< fwdfw moveup
+< fwdfw natport used
+< fwdfw newrule
+< fwdfw p2p txt
+< fwdfw pol allow
+< fwdfw pol block
+< fwdfw pol text
+< fwdfw pol text1
+< fwdfw pol title
+< fwdfw red
+< fwdfw REJECT
+< fwdfw reread
+< fwdfw rule action
+< fwdfw rule activate
+< fwdfw rulepos
+< fwdfw rules
+< fwdfw snat
+< fwdfw source
+< fwdfw sourceip
+< fwdfw std network
+< fwdfw target
+< fwdfw targetip
+< fwdfw till
+< fwdfw time
+< fwdfw timeframe
+< fwdfw toggle
+< fwdfw togglelog
+< fwdfw useless rule
+< fwdfw use nat
+< fwdfw use srcport
+< fwdfw use srv
+< fwdfw wd_fri
+< fwdfw wd_mon
+< fwdfw wd_sat
+< fwdfw wd_sun
+< fwdfw wd_thu
+< fwdfw wd_tue
+< fwdfw wd_wed
+< fwdfw xt access
+< fwhost addgrp
+< fwhost addgrpname
+< fwhost addhost
+< fwhost addnet
+< fwhost addrule
+< fwhost addservice
+< fwhost addservicegrp
+< fwhost any
+< fwhost attention
+< fwhost back
+< fwhost blue
+< fwhost ccdhost
+< fwhost ccdnet
+< fwhost change
+< fwhost changeremark
+< fwhost cust addr
+< fwhost cust grp
+< fwhost cust net
+< fwhost cust service
+< fwhost cust srvgrp
+< fwhost deleted
+< fwhost empty
+< fwhost err addr
+< fwhost err addrgrp
+< fwhost err empty
+< fwhost err groupempty
+< fwhost err grpexist
+< fwhost err hostexist
+< fwhost err hostorip
+< fwhost err ip
+< fwhost err ipcheck
+< fwhost err ipmac
+< fwhost err ipwithsub
+< fwhost err isccdhost
+< fwhost err isccdiphost
+< fwhost err isccdipnet
+< fwhost err isccdnet
+< fwhost err isingrp
+< fwhost err mac
+< fwhost err name
+< fwhost err name1
+< fwhost err net
+< fwhost err netexist
+< fwhost err partofnet
+< fwhost err port
+< fwhost err remark
+< fwhost err srvexist
+< fwhost err srv exists
+< fwhost err sub32
+< fwhost green
+< fwhost hint
+< fwhost hosts
+< fwhost icmptype
+< fwhost ipadr
+< fwhost ip_mac
+< fwhost ipsec host
+< fwhost ipsec net
+< fwhost menu
+< fwhost netaddress
+< fwhost newgrp
+< fwhost newhost
+< fwhost newnet
+< fwhost newservice
+< fwhost newservicegrp
+< fwhost orange
+< fwhost ovpn_n2n
+< fwhost port
+< fwhost prot
+< fwhost reread
+< fwhost reset
+< fwhost services
+< fwhost srv_name
+< fwhost stdnet
+< fwhost type
+< fwhost used
+< fwhost welcome
+< fwhost wo subnet
+< fw settings
+< fw settings color
+< fw settings dropdown
+< fw settings remark
+< fw settings ruletable
< minute
< openvpn default
< openvpn destination port used
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
+< red1
< server restart
< static routes
< tor
# Checking cgi-bin translations for language: ru #
############################################################################
< Add a route
-< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< drop action
+< drop action1
+< drop action2
+< drop forward
+< drop outgoing
< Edit an existing route
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< forward firewall
< frequency
+< fw default drop
+< fwdfw ACCEPT
+< fwdfw action
+< fwdfw additional
+< fwdfw addr grp
+< fwdfw addrule
+< fwdfw change
+< fwdfw copy
+< fwdfw cust addr
+< fwdfw cust net
+< fwdfw delete
+< fwdfw dnat
+< fwdfw dnat error
+< fwdfw dnat porterr
+< fwdfw DROP
+< fwdfw edit
+< fwdfw err nosrc
+< fwdfw err nosrcip
+< fwdfw err notgt
+< fwdfw err notgtip
+< fwdfw err prot
+< fwdfw err remark
+< fwdfw err ruleexists
+< fwdfw err same
+< fwdfw err samesub
+< fwdfw err src_addr
+< fwdfw err srcovpn
+< fwdfw err srcport
+< fwdfw err tgt_addr
+< fwdfw err tgt_grp
+< fwdfw err tgt_mac
+< fwdfw err tgtovpn
+< fwdfw err tgtport
+< fwdfw err tgt_port
+< fwdfw err time
+< fwdfw final_rule
+< fwdfw from
+< fwdfw hint ip1
+< fwdfw hint ip2
+< fwdfw ipsec network
+< fwdfw log rule
+< fwdfw man port
+< fwdfw menu
+< fwdfw MODE1
+< fwdfw MODE2
+< fwdfw movedown
+< fwdfw moveup
+< fwdfw natport used
+< fwdfw newrule
+< fwdfw p2p txt
+< fwdfw pol allow
+< fwdfw pol block
+< fwdfw pol text
+< fwdfw pol text1
+< fwdfw pol title
+< fwdfw red
+< fwdfw REJECT
+< fwdfw reread
+< fwdfw rule action
+< fwdfw rule activate
+< fwdfw rulepos
+< fwdfw rules
+< fwdfw snat
+< fwdfw source
+< fwdfw sourceip
+< fwdfw std network
+< fwdfw target
+< fwdfw targetip
+< fwdfw till
+< fwdfw time
+< fwdfw timeframe
+< fwdfw toggle
+< fwdfw togglelog
+< fwdfw useless rule
+< fwdfw use nat
+< fwdfw use srcport
+< fwdfw use srv
+< fwdfw wd_fri
+< fwdfw wd_mon
+< fwdfw wd_sat
+< fwdfw wd_sun
+< fwdfw wd_thu
+< fwdfw wd_tue
+< fwdfw wd_wed
+< fwdfw xt access
+< fwhost addgrp
+< fwhost addgrpname
+< fwhost addhost
+< fwhost addnet
+< fwhost addrule
+< fwhost addservice
+< fwhost addservicegrp
+< fwhost any
+< fwhost attention
+< fwhost back
+< fwhost blue
+< fwhost ccdhost
+< fwhost ccdnet
+< fwhost change
+< fwhost changeremark
+< fwhost cust addr
+< fwhost cust grp
+< fwhost cust net
+< fwhost cust service
+< fwhost cust srvgrp
+< fwhost deleted
+< fwhost empty
+< fwhost err addr
+< fwhost err addrgrp
+< fwhost err empty
+< fwhost err groupempty
+< fwhost err grpexist
+< fwhost err hostexist
+< fwhost err hostorip
+< fwhost err ip
+< fwhost err ipcheck
+< fwhost err ipmac
+< fwhost err ipwithsub
+< fwhost err isccdhost
+< fwhost err isccdiphost
+< fwhost err isccdipnet
+< fwhost err isccdnet
+< fwhost err isingrp
+< fwhost err mac
+< fwhost err name
+< fwhost err name1
+< fwhost err net
+< fwhost err netexist
+< fwhost err partofnet
+< fwhost err port
+< fwhost err remark
+< fwhost err srvexist
+< fwhost err srv exists
+< fwhost err sub32
+< fwhost green
+< fwhost hint
+< fwhost hosts
+< fwhost icmptype
+< fwhost ipadr
+< fwhost ip_mac
+< fwhost ipsec host
+< fwhost ipsec net
+< fwhost menu
+< fwhost netaddress
+< fwhost newgrp
+< fwhost newhost
+< fwhost newnet
+< fwhost newservice
+< fwhost newservicegrp
+< fwhost orange
+< fwhost ovpn_n2n
+< fwhost port
+< fwhost prot
+< fwhost reread
+< fwhost reset
+< fwhost services
+< fwhost srv_name
+< fwhost stdnet
+< fwhost type
+< fwhost used
+< fwhost welcome
+< fwhost wo subnet
+< fw settings
+< fw settings color
+< fw settings dropdown
+< fw settings remark
+< fw settings ruletable
< hour-graph
< incoming traffic in bytes per second
< minute
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
+< red1
< server restart
< static routes
< tor
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-#workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );
-undef (@dummy);
-
-my %cgiparams=();
-my %checked=();
-my %selected=();
-my %netsettings=();
-my $errormessage = '';
-my $filename = "${General::swroot}/dmzholes/config";
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'REMARK'} = '';
-$cgiparams{'ACTION'} = '';
-$cgiparams{'SRC_IP'} = '';
-$cgiparams{'DEST_IP'} ='';
-$cgiparams{'DEST_PORT'} = '';
-&Header::getcgihash(\%cgiparams);
-
-open(FILE, $filename) or die 'Unable to open config file.';
-my @current = <FILE>;
-close(FILE);
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
-{
- unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
- unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }
- unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}
- unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
- unless ($errormessage) {
- $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }
- # Darren Critchley - Remove commas from remarks
- $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
-
- unless ($errormessage)
- {
- if($cgiparams{'EDITING'} eq 'no') {
- open(FILE,">>$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- print FILE "$cgiparams{'PROTOCOL'},"; # [0]
- print FILE "$cgiparams{'SRC_IP'},"; # [1]
- print FILE "$cgiparams{'DEST_IP'},"; # [2]
- print FILE "$cgiparams{'DEST_PORT'},"; # [3]
- print FILE "$cgiparams{'ENABLED'},"; # [4]
- print FILE "$cgiparams{'SRC_NET'},"; # [5]
- print FILE "$cgiparams{'DEST_NET'},"; # [6]
- print FILE "$cgiparams{'REMARK'}\n"; # [7]
- } else {
- open(FILE,">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- my $id = 0;
- foreach my $line (@current)
- {
- $id++;
- if ($cgiparams{'EDITING'} eq $id) {
- print FILE "$cgiparams{'PROTOCOL'},"; # [0]
- print FILE "$cgiparams{'SRC_IP'},"; # [1]
- print FILE "$cgiparams{'DEST_IP'},"; # [2]
- print FILE "$cgiparams{'DEST_PORT'},"; # [3]
- print FILE "$cgiparams{'ENABLED'},"; # [4]
- print FILE "$cgiparams{'SRC_NET'},"; # [5]
- print FILE "$cgiparams{'DEST_NET'},"; # [6]
- print FILE "$cgiparams{'REMARK'}\n"; # [7]
- } else { print FILE "$line"; }
- }
- }
- close(FILE);
- undef %cgiparams;
- &General::log($Lang::tr{'dmz pinhole rule added'});
- system('/usr/local/bin/setdmzholes');
- }
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
-{
- my $id = 0;
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current)
- {
- $id++;
- unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
- }
- close(FILE);
- system('/usr/local/bin/setdmzholes');
- &General::log($Lang::tr{'dmz pinhole rule removed'});
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
-{
- my $id = 0;
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current)
- {
- $id++;
- unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
- else
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";
- }
- }
- close(FILE);
- system('/usr/local/bin/setdmzholes');
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
-{
- my $id = 0;
- foreach my $line (@current)
- {
- $id++;
- if ($cgiparams{'ID'} eq $id)
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- $cgiparams{'PROTOCOL'} = $temp[0];
- $cgiparams{'SRC_IP'} = $temp[1];
- $cgiparams{'DEST_IP'} = $temp[2];
- $cgiparams{'DEST_PORT'} = $temp[3];
- $cgiparams{'ENABLED'} = $temp[4];
- $cgiparams{'SRC_NET'} = $temp[5];
- $cgiparams{'DEST_NET'} = $temp[6];
- $cgiparams{'REMARK'} = $temp[7];
- }
- }
-}
-
-if ($cgiparams{'ACTION'} eq '')
-{
- $cgiparams{'PROTOCOL'} = 'tcp';
- $cgiparams{'ENABLED'} = 'on';
- $cgiparams{'SRC_NET'} = 'orange';
- $cgiparams{'DEST_NET'} = 'blue';
-}
-
-$selected{'PROTOCOL'}{'udp'} = '';
-$selected{'PROTOCOL'}{'tcp'} = '';
-$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
-
-$selected{'SRC_NET'}{'orange'} = '';
-$selected{'SRC_NET'}{'blue'} = '';
-$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";
-
-$selected{'DEST_NET'}{'blue'} = '';
-$selected{'DEST_NET'}{'green'} = '';
-$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";
-
-$checked{'ENABLED'}{'off'} = '';
-$checked{'ENABLED'}{'on'} = '';
-$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
-
-&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');
-
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
-}
-
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
-
-my $buttonText = $Lang::tr{'add'};
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
- &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
- $buttonText = $Lang::tr{'update'};
-} else {
- &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
-}
-print <<END
-<table width='100%'>
-<tr>
-<td>
- <select name='PROTOCOL'>
- <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
- </select>
-</td>
-<td>
- $Lang::tr{'source net'}:</td>
-<td>
- <select name='SRC_NET'>
-END
-;
- if (&haveOrangeNet()) {
- print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";
- }
- if (&haveBlueNet()) {
- print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
- }
-print <<END
- </select>
-</td>
-<td class='base'>$Lang::tr{'source ip or net'}:</td>
-<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>
-</tr>
-<tr>
-<td>
- </td>
-<td>
- $Lang::tr{'destination net'}:</td>
-<td>
- <select name='DEST_NET'>
-END
-;
- if (&haveOrangeNet() && &haveBlueNet()) {
- print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
- }
-
-print <<END
- <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>
- </select>
-</td>
-<td class='base'>
- $Lang::tr{'destination ip or net'}:</td>
-<td>
- <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />
-</td>
-<td class='base'>
- $Lang::tr{'destination port'}:
- <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
-</td>
-</tr>
-</table>
-<table width='100%'>
- <tr>
- <td colspan='3' width='50%' class='base'>
- <font class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></font>
- <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />
- </td>
- </tr>
- <tr>
- <td class='base' width='50%'>
- <img src='/blob.gif' alt ='*' align='top' />
- <font class='base'>$Lang::tr{'this field may be blank'}</font>
- </td>
- <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
- <td width='25%' align='center'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
- <input type='submit' name='SUBMIT' value='$buttonText' />
- </td>
- </tr>
-</table>
-END
-;
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
- print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
-} else {
- print "<input type='hidden' name='EDITING' value='no' />\n";
-}
-&Header::closebox();
-print "</form>\n";
-
-&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
-print <<END
-<table width='100%'>
-<tr>
-<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
-<td width='2%' class='boldbase' align='center'> </td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
-<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-<td width='1%' class='boldbase' align='center'> </td>
-<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
-
-# Achim Weber: if i add a new rule, this rule is not displayed?!?
-# we re-read always config.
-# If something has happeened re-read config
-#if($cgiparams{'ACTION'} ne '')
-#{
- open(FILE, $filename) or die 'Unable to open config file.';
- @current = <FILE>;
- close(FILE);
-#}
-my $id = 0;
-foreach my $line (@current)
-{
- my $protocol='';
- my $gif='';
- my $toggle='';
- my $gdesc='';
- $id++;
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }
-
- my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};
- my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};
-
- if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
- print "<tr bgcolor='${Header::colouryellow}'>\n"; }
- elsif ($id % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n"; }
- else {
- print "<tr bgcolor='${Header::table2colour}'>\n"; }
- if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
- else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
-
- # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
- my $dstprt =$temp[3];
- $_=$temp[3];
- if (/^\d+$/) {
- my $servi = uc(getservbyport($temp[3], lc($temp[0])));
- if ($servi ne '' && $temp[3] < 1024) {
- $dstprt = "$dstprt($servi)"; }
- }
- # Darren Critchley - If the line is too long, wrap the port numbers
- my $dstaddr = "$temp[2] : $dstprt";
- if (length($dstaddr) > 26) {
- $dstaddr = "$temp[2] :<br /> $dstprt";
- }
-print <<END
-<td align='center'>$protocol</td>
-<td bgcolor='$srcnetcolor'></td>
-<td align='center'>$temp[1]</td>
-<td align='center'><img src='/images/forward.gif' /></td>
-<td bgcolor='$destnetcolor'></td>
-<td align='center'>$dstaddr</td>
-<td align='center'>$temp[7]</td>
-
-<td align='center'>
-<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ENABLE' value='$toggle' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
-</form>
-</td>
-
-</tr>
-END
- ;
-}
-print "</table>\n";
-
-# If the fixed lease file contains entries, print Key to action icons
-if ( ! -z "$filename") {
-print <<END
-<table>
-<tr>
- <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
- <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
- <td class='base'>$Lang::tr{'edit'}</td>
- <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
- <td class='base'>$Lang::tr{'remove'}</td>
-</tr>
-</table>
-END
-;
-}
-
-&Header::closebox();
-
-&Header::closebigbox();
-
-&Header::closepage();
-
-sub validNet
-{
- my $srcNet = $_[0];
- my $destNet = $_[1];
-
- if ($srcNet eq $destNet) {
- return $Lang::tr{'dmzpinholes for same net not necessary'}; }
- unless ($srcNet =~ /^(blue|orange)$/) {
- return $Lang::tr{'select source net'}; }
- unless ($destNet =~ /^(blue|green)$/) {
- return $Lang::tr{'select dest net'}; }
-
- return '';
-}
-
-sub haveOrangeNet
-{
- if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
- return 0;
-}
-
-sub haveBlueNet
-{
- if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
- return 0;
-}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+use Sort::Naturally;
+no warnings 'uninitialized';
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/forward"); }
+unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); }
+unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
+unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
+unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
+
+my %fwdfwsettings=();
+my %selected=() ;
+my %defaultNetworks=();
+my %netsettings=();
+my %customhost=();
+my %customgrp=();
+my %customnetworks=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %customnetwork=();
+my %ccdhost=();
+my %configfwdfw=();
+my %configinputfw=();
+my %configoutgoingfw=();
+my %ipsecconf=();
+my %color=();
+my %mainsettings=();
+my %checked=();
+my %icmptypes=();
+my %ovpnsettings=();
+my %ipsecsettings=();
+my %aliases=();
+my %optionsfw=();
+my %ifaces=();
+
+my $VERSION='0.9.9.14';
+my $color;
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configipsecrw = "${General::swroot}/vpn/settings";
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configinput = "${General::swroot}/forward/input";
+my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $fwoptions = "${General::swroot}/optionsfw/settings";
+my $ifacesettings = "${General::swroot}/ethernet/settings";
+my $errormessage='';
+my $hint='';
+my $ipgrp="${General::swroot}/outgoing/groups";
+my $tdcolor='';
+my $checkorange='';
+my @protocols;
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash($fwoptions, \%optionsfw);
+&General::readhash($ifacesettings, \%ifaces);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&Header::showhttpheaders();
+&Header::getcgihash(\%fwdfwsettings);
+&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openbigbox('100%', 'center',$errormessage);
+#### JAVA SCRIPT ####
+print<<END;
+<script>
+ \$(document).ready(function() {
+ // Automatically select radio buttons when corresponding
+ // dropdown menu changes.
+ \$("select").change(function() {
+ var id = \$(this).attr("name");
+ //When using SNAT or DNAT, check "USE NAT" Checkbox
+ if ( id === 'snat' || id === 'dnat') {
+ \$('#USE_NAT').prop('checked', true);
+ }
+ \$('#' + id).prop("checked", true);
+ });
+ });
+function checkradio(a){
+ \$(a).attr('checked', true);
+}
+</script>
+END
+
+#### ACTION #####
+
+if ($fwdfwsettings{'ACTION'} eq 'saverule')
+{
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ &General::readhasharray("$configinput", \%configinputfw);
+ &General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ $errormessage=&checksource;
+ if(!$errormessage){&checktarget;}
+ if(!$errormessage){&checkrule;}
+
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $checkorange='on';
+ }
+ }
+ #check useless rules
+ if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){
+ $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
+ }
+ #check if we try to break rules
+ if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
+ $errormessage=$Lang::tr{'fwdfw err same'};
+ }
+ #INPUT part
+ if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+ $fwdfwsettings{'config'}=$configinput;
+ $fwdfwsettings{'chain'} = 'INPUTFW';
+ my $maxkey=&General::findhasharraykey(\%configinputfw);
+ #check if we have an identical rule already
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configinputfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configinputfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ $fwdfwsettings{'nosave2'} = 'on';
+ }
+ }
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configinputfw,$configinput);
+ }
+ }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+ # OUTGOING PART
+ $fwdfwsettings{'config'}=$configoutgoing;
+ $fwdfwsettings{'chain'} = 'OUTGOINGFW';
+ my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configoutgoingfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ print"CHECK OUTGOING DOPPELTE REGEL<br>";
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configoutgoingfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
+ #increase counters
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configoutgoingfw,$configoutgoing);
+ }
+ }else{
+ #FORWARD PART
+ $fwdfwsettings{'config'}=$configfwdfw;
+ $fwdfwsettings{'chain'} = 'FORWARDFW';
+ my $maxkey=&General::findhasharraykey(\%configfwdfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configfwdfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configfwdfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
+ #increase counters
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configfwdfw,$configfwdfw);
+ }
+ }
+ if ($errormessage){
+ &newrule;
+ }else{
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &rules;
+ }
+ &base;
+ }
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
+{
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+ &reread_rules;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'editrule')
+{
+ $fwdfwsettings{'updatefwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'deleterule')
+{
+ &deleterule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'moveup')
+{
+ &pos_up;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'movedown')
+{
+ &pos_down;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'copyrule')
+{
+ $fwdfwsettings{'copyfwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
+{
+ &base;
+}
+### Functions ####
+sub addrule
+{
+ &error;
+ if (-f "${General::swroot}/forward/reread"){
+ print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div></td></tr></table></form><br>";
+ }
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
+ print "<form method='post'>";
+ print "<table border='0'>";
+ print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
+ print"</tr></table></form><hr>";
+ &Header::closebox();
+ &viewtablerule;
+}
+sub base
+{
+ &hint;
+ &addrule;
+ print "<br><br>";
+ print "<br><br><div align='right'><font size='1' color='grey'>Version: $VERSION</font></div>";
+}
+sub changerule
+{
+ my $oldchain=shift;
+ $fwdfwsettings{'updatefwrule'}='';
+ $fwdfwsettings{'config'}=$oldchain;
+ $fwdfwsettings{'nobase'}='on';
+ &deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+}
+sub checksource
+{
+ my ($ip,$subnet);
+ #check ip-address if manual
+ if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){
+ #check if ip with subnet
+ if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ $fwdfwsettings{'isip'}='on';
+ }
+ #check if only ip
+ if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'src_addr'};
+ $subnet = '32';
+ $fwdfwsettings{'isip'}='on';
+ }
+
+ if ($fwdfwsettings{'isip'} ne 'on'){
+ if (&General::validmac($fwdfwsettings{'src_addr'})){
+ $fwdfwsettings{'ismac'}='on';
+ }
+ }
+ if ($fwdfwsettings{'isip'} eq 'on'){
+ ##check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ #check if net or broadcast
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
+ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ }
+ if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
+ return $errormessage;
+ }
+
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
+ #check icmp source
+ if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
+ $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
+ }
+ }
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }else{
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'PROT'}='';
+ }
+
+ if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'SRC_PORT'}=join("|",@values);
+ }
+ return $errormessage;
+}
+sub checktarget
+{
+ my ($ip,$subnet);
+ &General::readhasharray("$configsrv", \%customservice);
+ #check DNAT settings (has to be single Host and single Port or portrange)
+ if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
+ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
+ if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
+ }
+ #check if manual ip is a single Host (if set)
+ if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
+ my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ my @tmp1= split ("/",$tmp[3]);
+ if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
+ }
+ #check if Port is a single Port or portrange
+ if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
+ }
+ if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
+ }
+ }
+ }else{
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
+ }
+ if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
+ #check if ip with subnet
+ if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ }
+ #check if only ip
+ if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'tgt_addr'};
+ $subnet='32';
+ }
+ #check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
+ if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
+ }
+ }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err notgtip'};
+ return $errormessage;
+ }
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
+ #check tgt services
+ if ($fwdfwsettings{'USESRV'} eq 'ON'){
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }
+ if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ #check target service
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
+ }
+ }
+ if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
+ if ($fwdfwsettings{'TGT_PORT'} ne ''){
+ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') {
+ $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ return $errormessage;
+ }
+ my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'TGT_PORT'}=join("|",@values);
+ }
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'} = '';
+ }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
+ $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
+ }
+ }
+ }
+ }
+ }
+ #check targetport
+ if ($fwdfwsettings{'USESRV'} ne 'ON'){
+ $fwdfwsettings{'grp3'}='';
+ $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }
+ #check timeframe
+ if($fwdfwsettings{'TIME'} eq 'ON'){
+ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw err time'};
+ return $errormessage;
+ }
+ }
+ return $errormessage;
+}
+sub check_natport
+{
+ my $val=shift;
+ if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
+ $fwdfwsettings{'dnatport'} =~ tr/-/:/;
+ if ($fwdfwsettings{'dnatport'} eq "*") {
+ $fwdfwsettings{'dnatport'}="1:65535";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'dnatport'} = "1:$2";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'dnatport'} ="$1:65535";
+ }
+ }
+ return 1;
+ }
+ if ($val =~ "," || $val>65536 || $val<0){
+ return 0;
+ }
+ return 1;
+}
+sub checkrule
+{
+ #check valid port for NAT
+ if($fwdfwsettings{'USE_NAT'} eq 'ON'){
+ #if no port is given in nat area, take target host port
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
+ #check if port given in nat area is a single valid port or portrange
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
+ my $custsrvport;
+ #get servcie Protocol and Port
+ foreach my $key (sort keys %customservice){
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
+ if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ $custsrvport= $customservice{$key}[1];
+ }
+ }
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
+ }
+ #check if DNAT port is multiple
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'dnatport'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'dnatport'}=join("|",@values);
+ }
+ }
+ #check valid remark
+ if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ #check if source and target identical
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
+ $errormessage=$Lang::tr{'fwdfw err same'};
+ return $errormessage;
+ }
+ #get source and targetip address if possible
+ my ($sip,$scidr,$tip,$tcidr);
+ ($sip,$scidr)=&get_ip("src","grp1");
+ ($tip,$tcidr)=&get_ip("tgt","grp2");
+ #check same iprange in source and target
+ if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
+ my $networkip1=&General::getnetworkip($sip,$scidr);
+ my $networkip2=&General::getnetworkip($tip,$tcidr);
+ if ($scidr gt $tcidr){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }elsif($scidr eq $tcidr && $scidr eq '32'){
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
+ if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
+ $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
+ $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
+ }
+ }else{
+ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }
+ }
+ #check source and destination protocol if manual
+ if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ $errormessage.=$Lang::tr{'fwdfw err prot'};
+ }
+ #check source and destination protocol if source manual and dest servicegrp
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+ $errormessage.=$Lang::tr{'fwdfw err prot'};
+ last;
+ }
+ }
+ }
+ }
+ }
+ if( $fwdfwsettings{'USE_SRC_PORT'} ne 'ON' && $fwdfwsettings{'USESRV'} ne 'ON'){
+ $fwdfwsettings{'PROT'}='';
+ $fwdfwsettings{'TGT_PROT'}='';
+ }
+}
+sub checkcounter
+{
+ my ($base1,$val1,$base2,$val2) = @_;
+
+ if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
+ &dec_counter($confignet,\%customnetwork,$val1);
+ }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
+ &dec_counter($confighost,\%customhost,$val1);
+ }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
+ &dec_counter($configgrp,\%customgrp,$val1);
+ }elsif($base1 eq 'cust_srv'){
+ &dec_counter($configsrv,\%customservice,$val1);
+ }elsif($base1 eq 'cust_srvgrp'){
+ &dec_counter($configsrvgrp,\%customservicegrp,$val1);
+ }
+
+ if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
+ &inc_counter($confignet,\%customnetwork,$val2);
+ }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
+ &inc_counter($confighost,\%customhost,$val2);
+ }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
+ &inc_counter($configgrp,\%customgrp,$val2);
+ }elsif($base2 eq 'cust_srv'){
+ &inc_counter($configsrv,\%customservice,$val2);
+ }elsif($base2 eq 'cust_srvgrp'){
+ &inc_counter($configsrvgrp,\%customservicegrp,$val2);
+ }
+}
+sub checkvpn
+{
+ my $ip=shift;
+ #Test if manual IP is part of static OpenVPN networks
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (sort keys %ccdnet){
+ my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
+ my $sub=&General::iporsubtodec($vpnsubnet);
+ if (&General::IpInSubnet($ip,$vpnip,$sub)){
+ return 0;
+ }
+ }
+ # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
+ # because if one creates a custom host with the ip, we need to check the color there!
+ # It does not make sense to check this here
+
+ # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
+ # Is also checked in getcolor
+
+ # Test if manual ip is part of an IPsec Network is also checked in getcolor
+ return 1;
+}
+sub checkvpncolor
+{
+
+}
+sub deleterule
+{
+ my %delhash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
+ foreach my $key (sort {$a <=> $b} keys %delhash){
+ if ($key == $fwdfwsettings{'key'}){
+ #check hosts/net and groups
+ &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
+ &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
+ #check services and groups
+ if ($delhash{$key}[11] eq 'ON'){
+ &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
+ }
+ }
+ if ($key >= $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $delhash{$next}) {
+ foreach my $i (0 .. $#{$delhash{$next}}) {
+ $delhash{$key}[$i] = $delhash{$next}[$i];
+ }
+ }
+ }
+ }
+ # Remove the very last entry.
+ my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
+ delete $delhash{$last_key};
+
+ &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
+ &rules;
+
+ if($fwdfwsettings{'nobase'} ne 'on'){
+ &base;
+ }
+}
+sub disable_rule
+{
+ my $key1=shift;
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ foreach my $key (sort keys %configfwdfw){
+ if ($key eq $key1 ){
+ if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
+ }
+ }
+ &General::writehasharray("$configfwdfw", \%configfwdfw);
+ &rules;
+}
+sub dec_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]-1;
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub error
+{
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub fillselect
+{
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $key;
+ foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+ }else{
+ print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
+ }
+ }
+}
+sub gen_dd_block
+{
+ my $srctgt = shift;
+ my $grp=shift;
+ my $helper='';
+ my $show='';
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='50%' valign='top'>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='$grp' id='std_net_$srctgt' value='std_net_$srctgt' $checked{$grp}{'std_net_'.$srctgt}></td><td>$Lang::tr{'fwhost stdnet'}</td><td align='right'><select name='std_net_$srctgt' style='width:200px;'>
+END
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
+ my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
+ my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
+ my $defsub1=&General::subtocidr($ifaces{$defsub});
+ $ifaces{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
+ if ($ifaces{$defnet}){
+ print ">$network ($ifaces{$defnet}/$defsub1)</option>";
+ }else{
+ print ">$network</option>";
+ }
+ }
+ print"</select></td></tr>";
+ #custom networks
+ if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td><input type='radio' name='$grp' id='cust_net_$srctgt' value='cust_net_$srctgt' $checked{$grp}{'cust_net_'.$srctgt}></td><td>$Lang::tr{'fwhost cust net'}</td><td align='right'><select name='cust_net_$srctgt' style='width:200px;'>";
+ &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{$grp}});
+ print"</select></td>";
+ }
+ #custom hosts
+ if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td><input type='radio' name='$grp' id='cust_host_$srctgt' value='cust_host_$srctgt' $checked{$grp}{'cust_host_'.$srctgt}></td><td>$Lang::tr{'fwhost cust addr'}</td><td align='right'><select name='cust_host_$srctgt' style='width:200px;'>";
+ &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{$grp}});
+ print"</select></td>";
+ }
+ #custom groups
+ if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td >$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' style='width:200px;'>";
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %customgrp) {
+ if($helper ne $customgrp{$key}[0]){
+ print"<option ";
+ print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $customgrp{$key}[0]);
+ print ">$customgrp{$key}[0]</option>";
+ }
+ $helper=$customgrp{$key}[0];
+ }
+ print"</select></td>";
+ }
+ #End left table. start right table (vpn)
+ print"</tr></table></td><td valign='top'><table width='100%' border='0'><tr>";
+ # CCD networks
+ if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
+ &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{$grp}});
+ print"</select></td></tr>";
+ }
+ #OVPN CCD Hosts
+ foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
+ if ($ccdhost{$key}[33] ne '' ){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if ($show eq '');
+ $show='1';
+ print "<option value='$ccdhost{$key}[1]'";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'></select></td></tr>" ;
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #OVPN N2N
+ foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq '');
+ $show='1';
+ print "<option value='$ccdhost{$key}[1]'";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ccdhost{$key}[1]);
+ print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ovpn_n2n'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'></select></td></tr>" ;
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #IPsec netze
+ foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
+ if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
+ $show='1';
+ print "<option ";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
+ print ">$ipsecconf{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'><select></td></tr>";
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+
+ print"</table>";
+ print"</td></tr></table><br>";
+}
+sub get_ip
+{
+ my $val=shift;
+ my $grp =shift;
+ my $a;
+ my $b;
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
+ if ($fwdfwsettings{$grp} eq $val.'_addr'){
+ ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
+ }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+ $a=$netsettings{'GREEN_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+ $a=$netsettings{'ORANGE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+ $a=$netsettings{'BLUE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+ &General::readhash("$configovpn",\%ovpnsettings);
+ ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
+ $b=&General::iporsubtocidr($b);
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork){
+ if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ $a=$customnetwork{$key}[1];
+ $b=&General::iporsubtocidr($customnetwork{$key}[2]);
+ }
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost){
+ if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ if ($customhost{$key}[1] eq 'ip'){
+ ($a,$b)=split (/\//,$customhost{$key}[2]);
+ $b=&General::iporsubtocidr($b);
+ }else{
+ if ($grp eq 'grp2'){
+ $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
+ }
+ }
+ }
+ }
+ }
+ }
+ return $a,$b;
+}
+sub get_name
+{
+ my $val=shift;
+ &General::setup_default_networks(\%defaultNetworks);
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+ }
+}
+sub getsrcport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){
+ $hash{$key}[10]=~ s/\|/,/g;
+ print": $hash{$key}[10]";
+ }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
+ print": <br>$hash{$key}[9] ";
+ }
+}
+sub gettgtport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ my $service;
+ my $prot;
+ if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
+ if($hash{$key}[14] eq 'cust_srv'){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $i (sort keys %customservice){
+ if($customservice{$i}[0] eq $hash{$key}[15]){
+ $service = $customservice{$i}[0];
+ }
+ }
+ }elsif($hash{$key}[14] eq 'cust_srvgrp'){
+ $service=$hash{$key}[15];
+ }elsif($hash{$key}[14] eq 'TGT_PORT'){
+ $hash{$key}[15]=~ s/\|/,/g;
+ $service=$hash{$key}[15];
+ }
+ if($service){
+ print": $service";
+ }
+ }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
+ print":<br>$hash{$key}[13]";
+ }
+}
+sub get_serviceports
+{
+ my $type=shift;
+ my $name=shift;
+ &General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $tcp;
+ my $udp;
+ my $icmp;
+ @protocols=();
+ if($type eq 'service'){
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key}[0] eq $name){
+ push (@protocols,$customservice{$key}[2]);
+ }
+ }
+ }elsif($type eq 'group'){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+ if ($customservicegrp{$key}[0] eq $name){
+ foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
+ if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ if($customservice{$key1}[2] eq 'TCP'){
+ $tcp='TCP';
+ }elsif($customservice{$key1}[2] eq 'ICMP'){
+ $icmp='ICMP';
+ }elsif($customservice{$key1}[2] eq 'UDP'){
+ $udp='UDP';
+ }
+ }
+ }
+ }
+ }
+ }
+ if($tcp && $udp && $icmp){
+ push (@protocols,"All");
+ return @protocols;
+ }
+ if($tcp){
+ push (@protocols,"TCP");
+ }
+ if($udp){
+ push (@protocols,"UDP");
+ }
+ if($icmp){
+ push (@protocols,"ICMP");
+ }
+ return @protocols;
+}
+sub getcolor
+{
+ my $nettype=shift;
+ my $val=shift;
+ my $hash=shift;
+ if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ #custom Hosts
+ if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
+ foreach my $key (sort keys %$hash){
+ if ($$hash{$key}[0] eq $val){
+ $val=$$hash{$key}[2];
+ }
+ }
+ }
+ #standard networks
+ if ($val eq 'GREEN'){
+ $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
+ return;
+ }elsif ($val eq 'ORANGE'){
+ $tdcolor="style='background-color: $Header::colourorange;color:white;'";
+ return;
+ }elsif ($val eq 'BLUE'){
+ $tdcolor="style='background-color: $Header::colourblue;color:white;'";
+ return;
+ }elsif ($val eq 'RED' ||$val eq 'RED1' ){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }elsif ($val eq 'IPFire' ){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }elsif($val =~ /^(.*?)\/(.*?)$/){
+ my ($sip,$scidr) = split ("/",$val);
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourorange;color:white;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourblue;color:white;'";
+ return;
+ }
+ }elsif ($val eq 'Default IP'){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }
+ #Check if a manual IP or custom host is part of a VPN
+ if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ my ($c,$d) = split("/",$val);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ }
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ }
+ }
+ #VPN networks
+ if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ #ALIASE
+ foreach my $alias (sort keys %aliases)
+ {
+ if ($val eq $alias){
+ $tdcolor="style='background-color:$Header::colourred;color:white;'";
+ return;
+ }
+ }
+ }
+ $tdcolor='';
+ return;
+}
+sub hint
+{
+ if ($hint) {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+ print "<class name='base'>$hint\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub inc_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]+1;
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub newrule
+{
+ &error;
+ &General::setup_default_networks(\%defaultNetworks);
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ #read all configfiles
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ &General::get_aliases(\%aliases);
+ my %checked=();
+ my $helper;
+ my $sum=0;
+ if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
+ my $config=$fwdfwsettings{'config'};
+ my %hash=();
+ #Get Red IP-ADDRESS
+ open (CONN1,"/var/ipfire/red/local-ipaddress");
+ my $redip = <CONN1>;
+ close(CONN1);
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ #check if update and get values
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
+ &General::readhasharray("$config", \%hash);
+ foreach my $key (sort keys %hash){
+ $sum++;
+ if ($key eq $fwdfwsettings{'key'}){
+ $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
+ $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
+ $fwdfwsettings{'chain'} = $hash{$key}[1];
+ $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
+ $fwdfwsettings{'grp1'} = $hash{$key}[3];
+ $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
+ $fwdfwsettings{'grp2'} = $hash{$key}[5];
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
+ $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
+ $fwdfwsettings{'PROT'} = $hash{$key}[8];
+ $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
+ $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
+ $fwdfwsettings{'USESRV'} = $hash{$key}[11];
+ $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
+ $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
+ $fwdfwsettings{'grp3'} = $hash{$key}[14];
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
+ $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
+ $fwdfwsettings{'LOG'} = $hash{$key}[17];
+ $fwdfwsettings{'TIME'} = $hash{$key}[18];
+ $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
+ $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
+ $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
+ $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
+ $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
+ $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
+ $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
+ $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
+ $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
+ $fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
+ $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
+ $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
+ $fwdfwsettings{'dnatport'} = $hash{$key}[30];
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
+ $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
+ $selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
+ }
+ }
+ $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+ $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+ $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+ $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
+ $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
+ $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $fwdfwsettings{'oldorange'} ='on';
+ }
+ }
+ }else{
+ $fwdfwsettings{'ACTIVE'}='ON';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+ $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+ $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+ $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
+ $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $fwdfwsettings{'oldorange'} ='on';
+ }
+ }
+ }
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+ print "<form method='post'>";
+ &Header::closebox();
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
+ #------SOURCE-------------------------------------------------------
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' $checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td>
+END
+ print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire_src'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire_src'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
+ print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
+ print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
+
+ if (! -z "${General::swroot}/ethernet/aliases"){
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
+END
+ &gen_dd_block('src','grp1');
+ print<<END;
+ <table><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
+ <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
+END
+ foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+ {
+ if ($_ eq $fwdfwsettings{'PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
+ print<<END;
+ </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
+ <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='width:230px;'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr></table><br><hr>
+END
+ &Header::closebox();
+
+ #---TARGET------------------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
+END
+ print"<td align='right'><select name='ipfire' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+ print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
+ print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>"if (&Header::blue_used());
+ print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
+ if (! -z "${General::swroot}/ethernet/aliases"){
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
+END
+ &gen_dd_block('tgt','grp2');
+ print<<END;
+ <hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '><br>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' >
+END
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
+ print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' >
+END
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $helper;
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+ if ($helper ne $customservicegrp{$key}[0]){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
+ print">$customservicegrp{$key}[0]</option>";
+ }
+ $helper=$customservicegrp{$key}[0];
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT' onchange='checkradio(\"#TGT_PORT\")'>
+END
+ foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+ {
+ if ($_ eq $fwdfwsettings{'TGT_PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
+ print<<END;
+ </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio(\"#TGT_PORT\")'></td></tr>
+ <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT' style='min-width:230px;'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ </table><br><hr>
+
+END
+ &Header::closebox;
+ #---SNAT / DNAT ------------------------------------------------
+ &Header::openbox('100%', 'left', 'NAT');
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr>
+ <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
+END
+ print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
+ print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
+ print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
+ }
+ print"</select></td></tr>";
+ $fwdfwsettings{'dnatport'}=~ tr/|/,/;
+ print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=\"$fwdfwsettings{'dnatport'}\"> </td></tr>";
+ print"<tr><td colspan='8'><br></td></tr>";
+ #SNAT
+ print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
+ print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
+ foreach my $alias (sort keys %aliases)
+ {
+ print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>";
+ }
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ next if($defaultNetworks{$network}{'NAME'} eq "ALL");
+ next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network</option>";
+ }
+ print"</select></td></tr></table>";
+ print"<hr>";
+ &Header::closebox();
+ #---Activate/logging/remark-------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td nowrap>$Lang::tr{'fwdfw rule action'}</td><td><select name='RULE_ACTION'>
+END
+ foreach ("ACCEPT","DROP","REJECT")
+ {
+ if($fwdfwsettings{'updatefwrule'} eq 'on'){
+ print"<option value='$_'";
+ print "selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
+ print">$Lang::tr{'fwdfw '.$_}</option>";
+ }else{
+ if($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ $fwdfwsettings{'RULE_ACTION'} = 'DROP';
+ }
+ if ($_ eq $fwdfwsettings{'RULE_ACTION'})
+ {
+ print"<option value='$_' selected>$Lang::tr{'fwdfw '.$_}</option>";
+ }else{
+ print"<option value='$_'>$Lang::tr{'fwdfw '.$_}</option>";
+ }
+ }
+ }
+ print"</select></td></tr>";
+ print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' align='left'><input type='text' name='ruleremark' maxlength='255' value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
+ print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
+ for (my $count =1; $count <= $sum; $count++){
+ print"<option value='$count' ";
+ print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
+ print">$count</option>";
+ }
+ print"</select></td></tr>";
+ }else{
+ print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' name='rulepos' size='2'></td></tr>";
+ }
+
+ print<<END;
+ </table><table width='100%'>
+ <tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
+ <tr><td width='1%'><input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'} ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
+ </table><br><hr>
+END
+ &Header::closebox();
+ #---ADD TIMEFRAME-----------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'});
+ print<<END;
+ <table width='70%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='9'>$Lang::tr{'fwdfw timeframe'}</td></tr>
+ <tr><td colspan='10'> </td></tr>
+ <tr>
+ <td align='left'>$Lang::tr{'time'}:</td>
+ <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
+ <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
+ <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
+ </tr>
+ <tr>
+ <td align='right'></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} /></td>
+ <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} /></td>
+ <td><select name='TIME_FROM'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select></td>
+ <td><select name='TIME_TO'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select></td></tr></table><br><hr>
+END
+ #---ACTION------------------------------------------------------
+ if($fwdfwsettings{'updatefwrule'} ne 'on'){
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
+ <input type='hidden' name='config' value='$config' >
+ <input type='hidden' name='ACTION' value='saverule' ></form>
+ <form method='post' style='display:inline;'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='reset'></form></td></tr>
+ </table>
+ <br>
+END
+ }else{
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' style='min-width:100px;' /><input type='hidden' name='updatefwrule' value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' value='$fwdfwsettings{'key'}'>
+ <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
+ <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
+ <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
+ <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
+ <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
+ <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
+ <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
+ <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
+ <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
+ <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' />
+ <input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
+ <input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
+ <input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
+ <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
+ </table></form>
+END
+ }
+ &Header::closebox();
+}
+sub pos_up
+{
+ my %uphash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
+ foreach my $key (sort keys %uphash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $last = $key -1;
+ if (exists $uphash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$uphash{$last}}) {
+ $tmp{0}[$y] = $uphash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$uphash{$last}}) {
+ $uphash{$last}[$i] = $uphash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $uphash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
+ &rules;
+}
+sub pos_down
+{
+ my %downhash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
+ foreach my $key (sort keys %downhash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $downhash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$downhash{$next}}) {
+ $tmp{0}[$y] = $downhash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$downhash{$next}}) {
+ $downhash{$next}[$i] = $downhash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $downhash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
+ &rules;
+}
+sub rules
+{
+ if (!-f "${General::swroot}/forward/reread"){
+ system("touch ${General::swroot}/forward/reread");
+ system("touch ${General::swroot}/fwhosts/reread");
+ }
+}
+sub reread_rules
+{
+ system("/usr/local/bin/forwardfwctrl");
+ if ( -f "${General::swroot}/forward/reread"){
+ system("rm ${General::swroot}/forward/reread");
+ system("rm ${General::swroot}/fwhosts/reread");
+ }
+}
+sub saverule
+{
+ my $hash=shift;
+ my $config=shift;
+ &General::readhasharray("$config", $hash);
+ if (!$errormessage){
+ ################################################################
+ #check if we change an INPUT rule to a OUTGOING
+ if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW' ){
+ &changerule($configinput);
+ #print"1";
+ }
+ #check if we change an INPUT rule to a FORWARD
+ elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
+ &changerule($configinput);
+ #print"2";
+ }
+ ################################################################
+ #check if we change an OUTGOING rule to an INPUT
+ elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'INPUTFW' ){
+ &changerule($configoutgoing);
+ #print"3";
+ }
+ #check if we change an OUTGOING rule to a FORWARD
+ elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq 'FORWARDFW' ){
+ &changerule($configoutgoing);
+ #print"4";
+ }
+ ################################################################
+ #check if we change a FORWARD rule to an INPUT
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'INPUTFW'){
+ &changerule($configfwdfw);
+ #print"5";
+ }
+ #check if we change a FORWARD rule to an OUTGOING
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
+ &changerule($configfwdfw);
+ #print"6";
+ }
+ if ($fwdfwsettings{'updatefwrule'} ne 'on'){
+ my $key = &General::findhasharraykey ($hash);
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+ $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
+ &General::writehasharray("$config", $hash);
+ }else{
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if($key eq $fwdfwsettings{'key'}){
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+ $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
+ last;
+ }
+ }
+ }
+ &General::writehasharray("$config", $hash);
+ if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $last = $key -1;
+ if (exists $$hash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$$hash{$last}}) {
+ $tmp{0}[$y] = $$hash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$$hash{$last}}) {
+ $$hash{$last}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}--;
+ }
+ &General::writehasharray("$config", $hash);
+ &rules;
+ }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $next = $key + 1;
+ if (exists $$hash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$$hash{$next}}) {
+ $tmp{0}[$y] = $$hash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$$hash{$next}}) {
+ $$hash{$next}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}++;
+ }
+ &General::writehasharray("$config", $hash);
+ &rules;
+ }
+ }
+}
+sub validremark
+{
+ # Checks a hostname against RFC1035
+ my $remark = $_[0];
+
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($remark) < 1 || length ($remark) > 255) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) {
+ return 0;}
+ return 1;
+}
+sub viewtablerule
+{
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
+ &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
+ &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
+}
+sub viewtablenew
+{
+ my $hash=shift;
+ my $config=shift;
+ my $title=shift;
+ my $title1=shift;
+ my $go='';
+ &General::get_aliases(\%aliases);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$config", $hash);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ if( ! -z $config){
+ &Header::openbox('100%', 'left',$title);
+ my $count=0;
+ my ($gif,$log);
+ my $ruletype;
+ my $rulecolor;
+ my $tooltip;
+ my @tmpsrc=();
+ my $coloryellow='';
+ print"<b>$title1</b><br>";
+ print"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
+ print"<tr><td align='center'><b>#</b></td><td></td><td align='center' width='25'></td><td align='center'><b>$Lang::tr{'fwdfw source'}</b></td><td width='1%'><b>Log</b></td><td align='center'><b>$Lang::tr{'fwdfw target'}</b></td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</b></td></tr>";
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ $tdcolor='';
+ @tmpsrc=();
+ #check if vpn hosts/nets have been deleted
+ if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[4]);
+ }
+ if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[6]);
+ }
+ foreach my $host (@tmpsrc){
+ if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
+ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
+ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq 'ovpn_host_tgt'){
+ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }
+ }
+ $$hash{'ACTIVE'}=$$hash{$key}[2];
+ $count++;
+ if($coloryellow eq 'on'){
+ print"<tr bgcolor='$color{'color14'}' >";
+ $coloryellow='';
+ }elsif($coloryellow eq ''){
+ if ($count % 2){
+ $color="$color{'color22'}";
+ }
+ else{
+ $color="$color{'color20'}";
+ }
+ }
+ print"<tr bgcolor='$color' >";
+ #KEY
+ print<<END;
+ <td align='right' width='18'><b>$key </b></td>
+END
+ #RULETYPE (A,R,D)
+ if ($$hash{$key}[0] eq 'ACCEPT'){
+ $ruletype='A';
+ $tooltip='ACCEPT';
+ $rulecolor=$color{'color17'};
+ }elsif($$hash{$key}[0] eq 'DROP'){
+ $ruletype='D';
+ $tooltip='DROP';
+ $rulecolor=$color{'color25'};
+ }elsif($$hash{$key}[0] eq 'REJECT'){
+ $ruletype='R';
+ $tooltip='REJECT';
+ $rulecolor=$color{'color16'};
+ }
+ print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
+ #Get Protocol
+ my $prot;
+ if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+ push (@protocols,$$hash{$key}[8]);
+ }elsif ($$hash{$key}[12]){ #target prot if manual
+ push (@protocols,$$hash{$key}[12]);
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ &get_serviceports("service",$$hash{$key}[15]);
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ &get_serviceports("group",$$hash{$key}[15]);
+ }else{
+ push (@protocols,$Lang::tr{'all'});
+ }
+ my $protz=join(",",@protocols);
+ print"<td align='center'>$protz</td>";
+ @protocols=();
+ #SOURCE
+ my $ipfireiface;
+ &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+ print"<td align='center' width='160' $tdcolor>";
+ if ($$hash{$key}[3] eq 'ipfire_src'){
+ $ipfireiface='Interface ';
+ }
+ if ($$hash{$key}[3] eq 'std_net_src'){
+ print &get_name($$hash{$key}[4]);
+ }elsif ($$hash{$key}[3] eq 'src_addr'){
+ my ($split1,$split2) = split("/",$$hash{$key}[4]);
+ if ($split2 eq '32'){
+ print $split1;
+ }else{
+ print $$hash{$key}[4];
+ }
+ }elsif ($$hash{$key}[4] eq 'RED1'){
+ print "$ipfireiface $Lang::tr{'fwdfw red'}";
+ }else{
+ print "$$hash{$key}[4]";
+ }
+ $tdcolor='';
+ #SOURCEPORT
+ &getsrcport(\%$hash,$key);
+ #Is this a SNAT rule?
+ if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
+ my $net=&get_name($$hash{$key}[29]);
+ if ( ! $net){ $net=$$hash{$key}[29];}
+ print"<br>->$net";
+ if ($$hash{$key}[30] ne ''){
+ print": $$hash{$key}[30]";
+ }
+ }
+ if ($$hash{$key}[17] eq 'ON'){
+ $log="/images/on.gif";
+ }else{
+ $log="/images/off.gif";
+ }
+ #LOGGING
+ print<<END;
+ </td>
+ <td align='left' width='25'><form method='post'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
+ </form></td>
+END
+ #TARGET
+ &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
+ print<<END;
+ <td align='center' width='160' $tdcolor>
+END
+ #Is this a DNAT rule?
+ if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
+ print "Firewall ($$hash{$key}[29])";
+ if($$hash{$key}[30] ne ''){
+ $$hash{$key}[30]=~ tr/|/,/;
+ print": $$hash{$key}[30]";
+ }
+ print"<br>->";
+ }
+ if ($$hash{$key}[5] eq 'ipfire'){
+ $ipfireiface='Interface';
+ }
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+ if ($$hash{$key}[6] eq 'RED1'){
+ print "$ipfireiface $Lang::tr{'red1'}";
+ }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL')
+ {
+ print "$ipfireiface ".&get_name($$hash{$key}[6]);
+ }else{
+ print $$hash{$key}[6];
+ }
+ }elsif ($$hash{$key}[5] eq 'tgt_addr'){
+ my ($split1,$split2) = split("/",$$hash{$key}[6]);
+ if ($split2 eq '32'){
+ print $split1;
+ }else{
+ print $$hash{$key}[6];
+ }
+ }else{
+ print "$$hash{$key}[6]";
+ }
+ $tdcolor='';
+ #TARGETPORT
+ &gettgtport(\%$hash,$key);
+ print"</td>";
+ #RULE ACTIVE
+ if($$hash{$key}[2] eq 'ON'){
+ $gif="/images/on.gif"
+
+ }else{
+ $gif="/images/off.gif"
+ }
+ print<<END;
+ <td width='25'><form method='post'><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
+ </form></td>
+ <td width='25' ><form method='post'><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='editrule' />
+ </form></td>
+ <td width='25'><form method='post'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='copyrule' />
+ </form></td>
+ <td width='25' ><form method='post'><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='deleterule' />
+ </form></td>
+END
+ if (exists $$hash{$key-1}){
+ print<<END;
+ <td width='25'><form method='post'><input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='moveup' />
+ </form></td>
+END
+ }else{
+ print"<td width='25'><input type='image' img src='/images/up.gif' style='visibility:hidden;'></td>";
+ }
+ if (exists $$hash{$key+1}){
+ print<<END;
+ <td width='25' ><form method='post'><input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='movedown' />
+ </form></td></tr>
+END
+ }else{
+ print"<td width='25'><input type='image' img src='/images/down.gif' style='visibility:hidden;'></td></tr>";
+ }
+ #REMARK
+ if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
+ print"<tr bgcolor='$color'>";
+ print"<td> </td><td bgcolor='$rulecolor'></td><td colspan='10'> $$hash{$key}[16]</td></tr>";
+ }
+ if ($$hash{$key}[18] eq 'ON'){
+ #TIMEFRAME
+ if ($$hash{$key}[18] eq 'ON'){
+ my @days=();
+ if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+ if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+ if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+ if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+ if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+ if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+ if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+ my $weekdays=join(",",@days);
+ if (@days){
+ print"<tr bgcolor='$color'>";
+ print"<td> </td><td bgcolor='$rulecolor'></td><td align='left' colspan='10'> $weekdays $$hash{$key}[26] - $$hash{$key}[27] </td></tr>";
+ }
+ }
+ }
+ print"<tr bgcolor='FFFFFF'><td colspan='13' height='1'></td></tr>";
+ }
+ print"</table>";
+ #SHOW FINAL RULE
+ print "<table width='100%'rules='cols' border='1'>";
+ my $col;
+ if ($config eq '/var/ipfire/forward/config'){
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ }else{
+ $col="bgcolor='green'";
+ }
+ &show_defaultrules($col,$pol);
+ }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ print"<tr><td $col width='20%' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF' >$Lang::tr{'fwdfw pol block'}</font></td></tr>";
+ }else{
+ $col="bgcolor='green'";
+ print"<tr><td $col width='20%' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF' >$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
+ }
+ }else{
+ print"<tr><td bgcolor='darkred' width='20%' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td bgcolor='darkred' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
+ }
+ print"</table>";
+ print "<hr>";
+ print "<br><br>";
+ &Header::closebox();
+ }else{
+ if ($optionsfw{'SHOWTABLES'} eq 'on'){
+ print "<b>$title1</b><br>";
+ print"<table width='100%' border='0' rules='none'><tr><td height='30' bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost empty'}</td></tr></table>";
+ my $col;
+ if ($config eq '/var/ipfire/forward/config'){
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ }else{
+ $col="bgcolor='green'";
+ }
+ &show_defaultrules($col,$pol);
+ }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ print "<table width='100%' rules='cols' border='1'>";
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY1'};
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ print"<tr><td $col align='center' width='20%'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
+ }else{
+ $col="bgcolor='green'";
+ print"<tr><td $col align='center' width='20%'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
+ }
+ }else{
+ print "<table width='100%' rules='cols' border='1'>";
+ print"<tr><td bgcolor='darkred' align='center' width='20%'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td align='center' bgcolor='darkred'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
+ }
+ print"</table><br><br>";
+ }
+ }
+}
+&Header::closebigbox();
+&Header::closepage();
+
+sub show_defaultrules
+{
+ my $col=shift;
+ my $pol=shift;
+ #STANDARD RULES (From WIKI)
+ print"</table>";
+ if ($col eq "bgcolor='green'"){
+ print "<br><table width='100%' rules='cols' border='1' >";
+ my $blue = "<font color=$Header::colourblue> $Lang::tr{'blue'}</font> ($Lang::tr{'fwdfw pol block'})" if (&Header::blue_used());
+ my $orange = "<font color=$Header::colourorange> $Lang::tr{'orange'}</font> ($Lang::tr{'fwdfw pol block'})" if (&Header::orange_used());
+ my $blue1 = "<font color=$Header::colourblue> $Lang::tr{'blue'}</font> ($Lang::tr{'fwdfw pol allow'})" if (&Header::blue_used());
+ my $orange1 = "<font color=$Header::colourorange> $Lang::tr{'orange'}</font> ($Lang::tr{'fwdfw pol allow'})" if (&Header::orange_used());
+ print"<tr><td align='center'><font color='#000000'>$Lang::tr{'green'}</td><td align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol allow'})</td>";
+ print"<td align='center'>$orange1</td>" if (&Header::orange_used());
+ print"<td align='center'>$blue1</td>" if (&Header::blue_used());
+ print"</tr>";
+ if (&Header::orange_used()){
+ print"<tr><td align='center' width='20%'><font color='#000000'>$Lang::tr{'orange'}</td><td align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol allow'})</td><td align='center'><font color=$Header::colourgreen> $Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol block'})</td>";
+ print"<td align='center'>$blue</td>" if (&Header::blue_used());
+ print"</tr>";
+ }
+ if (&Header::blue_used()){
+ print"<tr><td align='center'><font color='#000000'>$Lang::tr{'blue'}</td><td align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol allow'})</td>";
+ print"<td align='center'>$orange</td>" if (&Header::orange_used());
+ print"<td align='center'><font color=$Header::colourgreen> $Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol block'})</td>";
+ print"</tr>";
+ }
+ print"<tr><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'} </font></td><td $col colspan='3' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
+ }elsif($col eq "bgcolor='darkred'"){
+ print "<table width='100%' rules='cols' border='1' >";
+ print"<tr><td $col width='20%' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
+ }
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use Sort::Naturally;
+use CGI::Carp 'fatalsToBrowser';
+no warnings 'uninitialized';
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %fwhostsettings=();
+my %customnetwork=();
+my %customhost=();
+my %customgrp=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %ccdhost=();
+my %ipsecconf=();
+my %icmptypes=();
+my %color=();
+my %defaultNetworks=();
+my %mainsettings=();
+my %ownnet=();
+my %ipsecsettings=();
+my %fwfwd=();
+my %fwinp=();
+my %ovpnsettings=();
+my %ipsecconf=();
+my %ipsecsettings=();
+
+my $errormessage;
+my $hint;
+my $update=0;
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $fwconfigfwd = "${General::swroot}/forward/config";
+my $fwconfiginp = "${General::swroot}/forward/input";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $tdcolor='';
+my $configipsec = "${General::swroot}/vpn/config";
+my $configipsecrw = "${General::swroot}/vpn/settings";
+
+unless (-e $confignet) { system("touch $confignet"); }
+unless (-e $confighost) { system("touch $confighost"); }
+unless (-e $configgrp) { system("touch $configgrp"); }
+unless (-e $configsrv) { system("touch $configsrv"); }
+unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+
+&Header::getcgihash(\%fwhostsettings);
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'fwhost hosts'}, 1, '');
+&Header::openbigbox('100%', 'center');
+
+#### JAVA SCRIPT ####
+print<<END;
+<script>
+ \$(document).ready(function() {
+ // Automatically select radio buttons when corresponding
+ // dropdown menu changes.
+ \$("select").change(function() {
+ var id = \$(this).attr("name");
+ //When using SNAT or DNAT, check "USE NAT" Checkbox
+ if ( id === 'snat' || id === 'dnat') {
+ \$('#USE_NAT').prop('checked', true);
+ }
+ \$('#' + id).prop("checked", true);
+ });
+ });
+</script>
+END
+
+## ACTION ####
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+ &reread_rules;
+ &showmenu;
+}
+# Update
+if ($fwhostsettings{'ACTION'} eq 'updatenet' )
+{
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork)
+ {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'})
+ {
+ $fwhostsettings{'orgname'} = $customnetwork{$key}[0];
+ $fwhostsettings{'orgip'} = $customnetwork{$key}[1];
+ $fwhostsettings{'orgsub'} = $customnetwork{$key}[2];
+ $fwhostsettings{'netremark'} = $customnetwork{$key}[3];
+ $fwhostsettings{'count'} = $customnetwork{$key}[4];
+ delete $customnetwork{$key};
+
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ $fwhostsettings{'actualize'} = 'on';
+ $fwhostsettings{'ACTION'} = 'savenet';
+}
+if ($fwhostsettings{'ACTION'} eq 'updatehost')
+{
+ my ($ip,$subnet);
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost)
+ {
+ if($customhost{$key}[0] eq $fwhostsettings{'orgname'})
+ {
+ if ($customhost{$key}[1] eq 'ip'){
+ ($ip,$subnet) = split (/\//,$customhost{$key}[2]);
+ }else{
+ $ip = $customhost{$key}[2];
+ }
+ $fwhostsettings{'orgip'} = $ip;
+ $fwhostsettings{'count'} = $customhost{$key}[4];
+ delete $customhost{$key};
+ &General::writehasharray("$confighost", \%customhost);
+ }
+ }
+ $fwhostsettings{'actualize'} = 'on';
+ if($fwhostsettings{'orgip'}){
+ $fwhostsettings{'ACTION'} = 'savehost';
+ }else{
+ $fwhostsettings{'ACTION'} = $Lang::tr{'fwhost newhost'};
+ }
+}
+if ($fwhostsettings{'ACTION'} eq 'updateservice')
+{
+ my $count=0;
+ my $needrules=0;
+ $errormessage=&checkports(\%customservice);
+ if (!$errormessage){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservice)
+ {
+ if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'})
+ {
+ $count=$customservice{$key}[4];
+ delete $customservice{$key};
+ &General::writehasharray("$configsrv", \%customservice);
+ last;
+ }
+ }
+ if ($fwhostsettings{'PROT'} ne 'ICMP'){
+ $fwhostsettings{'ICMP_TYPES'}='BLANK';
+ }
+ my $key1 = &General::findhasharraykey(\%customservice);
+ foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";}
+ $customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'};
+ $customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'};
+ $customservice{$key1}[2] = $fwhostsettings{'PROT'};
+ $customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'};
+ $customservice{$key1}[4] = $count;
+ &General::writehasharray("$configsrv", \%customservice);
+ #check if we need to update firewallrules
+ if ($fwhostsettings{'SRV_NAME'} ne $fwhostsettings{'oldsrvname'}){
+ if ( ! -z $fwconfigfwd ){
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ foreach my $key (sort keys %fwfwd){
+ if ($fwfwd{$key}[15] eq $fwhostsettings{'oldsrvname'}){
+ $fwfwd{$key}[15] = $fwhostsettings{'SRV_NAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd);
+ }
+ if ( ! -z $fwconfiginp ){
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ foreach my $line (sort keys %fwinp){
+ if ($fwfwd{$line}[15] eq $fwhostsettings{'oldsrvname'}){
+ $fwfwd{$line}[15] = $fwhostsettings{'SRV_NAME'};
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp);
+ }
+ #check if we need to update groups
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ foreach my $key (sort keys %customservicegrp){
+ if($customservicegrp{$key}[2] eq $fwhostsettings{'oldsrvname'}){
+ $customservicegrp{$key}[2] = $fwhostsettings{'SRV_NAME'};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $needrules='on';
+ }
+ if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){
+ $needrules='on';
+ }
+ if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){
+ $needrules='on';
+ }
+ $fwhostsettings{'SRV_NAME'} = '';
+ $fwhostsettings{'SRV_PORT'} = '';
+ $fwhostsettings{'PROT'} = '';
+ }else{
+ $fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'};
+ $fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'};
+ $fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'};
+ $fwhostsettings{'updatesrv'}= 'on';
+ }
+ if($needrules eq 'on'){
+ &rules;
+ }
+ &addservice;
+}
+# save
+if ($fwhostsettings{'ACTION'} eq 'savenet' )
+{
+ my $count=0;
+ my $needrules=0;
+ if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+ #check if all fields are set
+ if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+ &addnet;
+ &viewtablenet;
+ }else{
+ #check valid ip
+ if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err addr'};
+ $fwhostsettings{'BLK_HOST'} ='readonly';
+ $fwhostsettings{'NOCHECK'} ='false';
+ $fwhostsettings{'error'} ='on';
+ }
+ #check remark
+ if ($fwhostsettings{'NETREMARK'} ne '' && !&validremark($fwhostsettings{'NETREMARK'})){
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ $fwhostsettings{'error'} ='on';
+ }
+ #check if subnet is sigle host
+ if(&General::iporsubtocidr($fwhostsettings{'SUBNET'}) eq '32')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err sub32'};
+ }
+ if($fwhostsettings{'error'} ne 'on'){
+ #check if we use one of ipfire's networks (green,orange,blue)
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err green'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'RED_NETADDRESS'},$ownnet{'RED_NETMASK'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err red'}."<br>";
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
+ }
+ }
+ #only check plausi when no error till now
+ if (!$errormessage){
+ &plausicheck("editnet");
+ }
+ #check if network ip is part of an already used one
+ if(&checksubnet(\%customnetwork))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ }
+ if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage)
+ {
+ $fwhostsettings{'actualize'} = '';
+ my $key = &General::findhasharraykey (\%customnetwork);
+ foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
+ $customnetwork{$key}[0] = $fwhostsettings{'orgname'} ;
+ $customnetwork{$key}[1] = $fwhostsettings{'orgip'} ;
+ $customnetwork{$key}[2] = $fwhostsettings{'orgsub'};
+ $customnetwork{$key}[3] = $fwhostsettings{'orgnetremark'};
+ $customnetwork{$key}[4] = $fwhostsettings{'count'};
+ &General::writehasharray("$confignet", \%customnetwork);
+ undef %customnetwork;
+ }
+ if (!$errormessage){
+
+ &General::readhasharray("$confignet", \%customnetwork);
+ if ($fwhostsettings{'ACTION'} eq 'updatenet'){
+ if ($fwhostsettings{'update'} == '0'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){
+ $count=$customnetwork{$key}[4];
+ delete $customnetwork{$key};
+ last;
+ }
+ }
+ }
+ }
+ #get count if actualize is 'on'
+ if($fwhostsettings{'actualize'} eq 'on'){
+ $fwhostsettings{'actualize'} = '';
+ $count=$fwhostsettings{'count'};
+ #check if we need to reload rules
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0'){
+ $needrules='on';
+ }
+ if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+ #check if we need to update groups
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (sort keys %customgrp){
+ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+ last;
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ #check if we need to update firewallrules
+ if ( ! -z $fwconfigfwd ){
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ foreach my $line (sort keys %fwfwd){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd);
+ }
+ if ( ! -z $fwconfiginp ){
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ foreach my $line (sort keys %fwinp){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp);
+ }
+ }
+ }
+ my $key = &General::findhasharraykey (\%customnetwork);
+ foreach my $i (0 .. 4) { $customnetwork{$key}[$i] = "";}
+ $fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
+ $customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'};
+ #convert ip when leading '0' in byte
+ $fwhostsettings{'IP'} =&General::ip2dec($fwhostsettings{'IP'});
+ $fwhostsettings{'IP'} =&General::dec2ip($fwhostsettings{'IP'});
+ $customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ;
+ $customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ;
+ if($fwhostsettings{'newnet'} eq 'on'){$count=0;}
+ $customnetwork{$key}[3] = $fwhostsettings{'NETREMARK'};
+ $customnetwork{$key}[4] = $count;
+ &General::writehasharray("$confignet", \%customnetwork);
+ $fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ undef %customnetwork;
+ $fwhostsettings{'HOSTNAME'}='';
+ $fwhostsettings{'IP'}='';
+ $fwhostsettings{'SUBNET'}='';
+ $fwhostsettings{'NETREMARK'}='';
+ #check if an edited net affected groups and need to reload rules
+ if ($needrules eq 'on'){
+ &rules;
+ }
+ &addnet;
+ &viewtablenet;
+ }else {
+ &addnet;
+ &viewtablenet;
+ }
+ }
+}
+if ($fwhostsettings{'ACTION'} eq 'savehost')
+{
+ my $count=0;
+ my $needrules=0;
+ if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};}
+ $fwhostsettings{'SUBNET'}='32';
+ #check if all fields are set
+ if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err empty'};
+ $fwhostsettings{'ACTION'} = 'edithost';
+ }else{
+ if($fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){
+ $fwhostsettings{'type'} = 'mac';
+ }elsif($fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $fwhostsettings{'type'} = 'ip';
+ }else{
+ $fwhostsettings{'type'} = '';
+ $errormessage=$Lang::tr{'fwhost err ipmac'};
+ }
+ #check remark
+ if ($fwhostsettings{'HOSTREMARK'} ne '' && !&validremark($fwhostsettings{'HOSTREMARK'})){
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ }
+ #CHECK IP-PART
+ if ($fwhostsettings{'type'} eq 'ip'){
+ #check for subnet
+ if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){
+ if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32"))
+ {
+ $errormessage.=$errormessage.$Lang::tr{'fwhost err ip'};
+ $fwhostsettings{'error'}='on';
+ }
+ }elsif(rindex($fwhostsettings{'IP'},'/') ne '-1' ){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err ipwithsub'};
+ $fwhostsettings{'error'}='on';
+ }
+ #check if net or broadcast
+ my @tmp= split (/\./,$fwhostsettings{'IP'});
+ if (($tmp[3] eq "0") || ($tmp[3] eq "255")){
+ $errormessage=$Lang::tr{'fwhost err hostip'};
+ }
+ }
+ #only check plausi when no error till now
+ if (!$errormessage){
+ &plausicheck("edithost");
+ }
+ if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){
+ $fwhostsettings{'actualize'} = '';
+ my $key = &General::findhasharraykey (\%customhost);
+ foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";}
+ $customhost{$key}[0] = $fwhostsettings{'orgname'} ;
+ $customhost{$key}[1] = $fwhostsettings{'type'} ;
+ if($customhost{$key}[1] eq 'ip'){
+ $customhost{$key}[2] = $fwhostsettings{'orgip'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ }else{
+ $customhost{$key}[2] = $fwhostsettings{'orgip'};
+ }
+ $customhost{$key}[3] = $fwhostsettings{'orgremark'};
+ $customhost{$key}[4] = $fwhostsettings{'count'};
+ &General::writehasharray("$confighost", \%customhost);
+ undef %customhost;
+ }
+ if (!$errormessage){
+ #get count if host was edited
+ if($fwhostsettings{'actualize'} eq 'on'){
+ $count=$fwhostsettings{'count'};
+ if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){
+ $needrules='on';
+ }
+ if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){
+ #check if we need to update groups
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (sort keys %customgrp){
+ if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){
+ $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ #check if we need to update firewallrules
+ if ( ! -z $fwconfigfwd ){
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ foreach my $line (sort keys %fwfwd){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd);
+ }
+ if ( ! -z $fwconfiginp ){
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ foreach my $line (sort keys %fwinp){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp);
+ }
+ }
+ }
+ my $key = &General::findhasharraykey (\%customhost);
+ foreach my $i (0 .. 4) { $customhost{$key}[$i] = "";}
+ $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ;
+ $customhost{$key}[1] = $fwhostsettings{'type'} ;
+ if ($fwhostsettings{'type'} eq 'ip'){
+ #convert ip when leading '0' in byte
+ $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'});
+ $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'});
+ $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'});
+ }else{
+ $customhost{$key}[2] = $fwhostsettings{'IP'};
+ }
+ if($fwhostsettings{'newhost'} eq 'on'){$count=0;}
+ $customhost{$key}[3] = $fwhostsettings{'HOSTREMARK'};
+ $customhost{$key}[4] =$count;
+ &General::writehasharray("$confighost", \%customhost);
+ undef %customhost;
+ $fwhostsettings{'HOSTNAME'}='';
+ $fwhostsettings{'IP'}='';
+ $fwhostsettings{'type'}='';
+ $fwhostsettings{'HOSTREMARK'}='';
+ #check if we need to update rules while host was edited
+ if($needrules eq 'on'){
+ &rules;
+ }
+ &addhost;
+ &viewtablehost;
+ }else{
+ &addhost;
+ &viewtablehost;
+ }
+ }
+}
+if ($fwhostsettings{'ACTION'} eq 'savegrp')
+{
+ my $grp=$fwhostsettings{'grp_name'};;
+ my $rem=$fwhostsettings{'remark'};
+ my $count;
+ my $type;
+ my $updcounter='off';
+ my @target;
+ my @newgrp;
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$confighost", \%customhost);
+ #check name
+ if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}
+ #check existing name
+ if (!checkgroup(\%customgrp,$grp) && $fwhostsettings{'update'} ne 'on'){$errormessage.=$Lang::tr{'fwhost err grpexist'};}
+ #check remark
+ if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
+ $errormessage.=$Lang::tr{'fwhost err remark'};
+ }
+ if ($fwhostsettings{'update'} eq 'on'){
+ #check standard networks
+ if ($fwhostsettings{'grp2'} eq 'std_net'){
+ @target=$fwhostsettings{'DEFAULT_SRC_ADR'};
+ $type='Standard Network';
+ }
+ #check custom networks
+ if ($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} ne ''){
+ @target=$fwhostsettings{'CUST_SRC_NET'};
+ $updcounter='net';
+ $type='Custom Network';
+ }elsif($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #check custom addresses
+ if ($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} ne ''){
+ @target=$fwhostsettings{'CUST_SRC_HOST'};
+ $updcounter='host';
+ $type='Custom Host';
+ }elsif($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'}."<br>";
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from ovpn ccd static net
+ if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
+ @target=$fwhostsettings{'OVPN_CCD_NET'};
+ $type='OpenVPN static network';
+ }elsif($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from ovpn ccd static host
+ if ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} ne ''){
+ @target=$fwhostsettings{'OVPN_CCD_HOST'};
+ $type='OpenVPN static host';
+ }elsif ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ }
+ #get address from ovpn ccd Net-2-Net
+ if ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} ne ''){
+ @target=$fwhostsettings{'OVPN_N2N'};
+ $type='OpenVPN N-2-N';
+ }elsif ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from IPSEC HOST
+ if ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} ne ''){
+ @target=$fwhostsettings{'IPSEC_HOST'};
+ $type='IpSec Host';
+ }elsif ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #get address from IPSEC NETWORK
+ if ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} ne ''){
+ @target=$fwhostsettings{'IPSEC_NET'};
+ $type='IpSec Network';
+ }elsif ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} eq ''){
+ $errormessage=$Lang::tr{'fwhost err groupempty'};
+ $fwhostsettings{'grp_name'}='';
+ $fwhostsettings{'remark'}='';
+ }
+ #check if host/net exists in grp
+
+ my $test="$grp,$fwhostsettings{'oldremark'},@target";
+ foreach my $key (keys %customgrp) {
+ my $test1="$customgrp{$key}[0],$customgrp{$key}[1],$customgrp{$key}[2]";
+ if ($test1 eq $test){
+ $errormessage=$Lang::tr{'fwhost err isingrp'};
+ $fwhostsettings{'update'} = 'on';
+ }
+ }
+ }
+
+ if (!$errormessage){
+ #on first save, we have an empty @target, so fill it with nothing
+ my $targetvalues=@target;
+ if ($targetvalues == '0'){
+ @target="none";
+ }
+ #on update, we have to delete the dummy entry
+ foreach my $key (keys %customgrp){
+ if ($customgrp{$key}[0] eq $grp && $customgrp{$key}[2] eq "none"){
+ delete $customgrp{$key};
+ last;
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configgrp", \%customgrp);
+ #get count used
+ foreach my $key (keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $grp)
+ {
+ $count=$customgrp{$key}[4];
+ last;
+ }
+ }
+ if ($count eq '' ){$count='0';}
+
+ #create array with new lines
+ foreach my $line (@target){
+ push (@newgrp,"$grp,$rem,$line");
+ }
+ #append new entries
+ my $key = &General::findhasharraykey (\%customgrp);
+ foreach my $line (@newgrp){
+ foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";}
+ my ($a,$b,$c,$d) = split (",",$line);
+ $customgrp{$key}[0] = $a;
+ $customgrp{$key}[1] = $b;
+ $customgrp{$key}[2] = $c;
+ $customgrp{$key}[3] = $type;
+ $customgrp{$key}[4] = $count;
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ #update counter in Host/Net
+ if($updcounter eq 'net'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){
+ $customnetwork{$key}[4] = $customnetwork{$key}[4]+1;
+ last;
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ }elsif($updcounter eq 'host'){
+ foreach my $key (keys %customhost) {
+ if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){
+ $customhost{$key}[4]=$customhost{$key}[4]+1;
+ }
+ }
+ &General::writehasharray("$confighost", \%customhost);
+ }
+ $fwhostsettings{'update'}='on';
+ }
+ #check if ruleupdate is needed
+ if($count > 0 )
+ {
+ &rules;
+ }
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservice')
+{
+ my $ICMP;
+ &General::readhasharray("$configsrv", \%customservice );
+ $errormessage=&checkports(\%customservice);
+ if ($fwhostsettings{'PROT'} eq 'ICMP'){
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){
+ $ICMP=$icmptypes{$key}[0];
+ }
+ }
+ }
+ if($ICMP eq ''){$ICMP='BLANK';}
+ if (!$errormessage){
+ my $key = &General::findhasharraykey (\%customservice);
+ foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
+ $customservice{$key}[0] = $fwhostsettings{'SRV_NAME'};
+ $customservice{$key}[1] = $fwhostsettings{'SRV_PORT'};
+ $customservice{$key}[2] = $fwhostsettings{'PROT'};
+ $customservice{$key}[3] = $ICMP;
+ $customservice{$key}[4] = 0;
+ &General::writehasharray("$configsrv", \%customservice );
+ #reset fields
+ $fwhostsettings{'SRV_NAME'}='';
+ $fwhostsettings{'SRV_PORT'}='';
+ $fwhostsettings{'PROT'}='';
+ $fwhostsettings{'ICMP_TYPES'}='';
+ }
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
+{
+ my $prot;
+ my $port;
+ my $count=0;
+ &General::readhasharray("$configsrvgrp", \%customservicegrp );
+ &General::readhasharray("$configsrv", \%customservice );
+ $errormessage=&checkservicegroup;
+ #check remark
+ if ($fwhostsettings{'SRVGRP_REMARK'} ne '' && !&validremark($fwhostsettings{'SRVGRP_REMARK'})){
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ }
+ if (!$errormessage){
+ #on first save, we have to enter a dummy value
+ if ($fwhostsettings{'CUST_SRV'} eq ''){
+ $fwhostsettings{'CUST_SRV'}='none';
+ }
+ #on update, we have to delete the dummy entry
+ foreach my $key (keys %customservicegrp){
+ if ($customservicegrp{$key}[2] eq 'none'){
+ delete $customservicegrp{$key};
+ last;
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp );
+ #check if remark has also changed
+ if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $fwhostsettings{'updatesrvgrp'} eq 'on')
+ {
+ foreach my $key (keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'})
+ {
+ $customservicegrp{$key}[1]='';
+ $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'};
+ }
+ }
+ }
+ #get count used
+ foreach my $key (keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+ {
+ $count=$customservicegrp{$key}[3];
+ last;
+ }
+ }
+ if ($count eq '' ){$count='0';}
+
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){
+ $port=$customservice{$key}[1];
+ $prot=$customservice{$key}[2];
+ $customservice{$key}[4]++;
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice );
+ my $key = &General::findhasharraykey (\%customservicegrp);
+ foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";}
+ $customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'};
+ $customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'};
+ $customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'};
+ $customservicegrp{$key}[3] = $count;
+ &General::writehasharray("$configsrvgrp", \%customservicegrp );
+ $fwhostsettings{'updatesrvgrp'}='on';
+ }
+ if ($count gt 0){
+ &rules;
+ }
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+# edit
+if ($fwhostsettings{'ACTION'} eq 'editnet')
+{
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'edithost')
+{
+ &addhost;
+ &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq 'editgrp')
+{
+ $fwhostsettings{'update'}='on';
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservice')
+{
+ $fwhostsettings{'updatesrv'}='on';
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'editservicegrp')
+{
+ $fwhostsettings{'updatesrvgrp'} = 'on';
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+# reset
+if ($fwhostsettings{'ACTION'} eq 'resetnet')
+{
+ $fwhostsettings{'HOSTNAME'} ="";
+ $fwhostsettings{'IP'} ="";
+ $fwhostsettings{'SUBNET'} ="";
+ &showmenu;
+}
+if ($fwhostsettings{'ACTION'} eq 'resethost')
+{
+ $fwhostsettings{'HOSTNAME'} ="";
+ $fwhostsettings{'IP'} ="";
+ $fwhostsettings{'type'} ="";
+ &showmenu;
+}
+if ($fwhostsettings{'ACTION'} eq 'resetgrp')
+{
+ $fwhostsettings{'grp_name'} ="";
+ $fwhostsettings{'remark'} ="";
+ &showmenu;
+}
+# delete
+if ($fwhostsettings{'ACTION'} eq 'delnet')
+{
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork) {
+ if($fwhostsettings{'key'} eq $customnetwork{$key}[0]){
+ delete $customnetwork{$key};
+ &General::writehasharray("$confignet", \%customnetwork);
+ last;
+ }
+ }
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq 'delhost')
+{
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost) {
+ if($fwhostsettings{'key'} eq $customhost{$key}[0]){
+ delete $customhost{$key};
+ &General::writehasharray("$confighost", \%customhost);
+ last;
+ }
+ }
+ &addhost;
+ &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
+{
+ my $grpremark;
+ my $grpname;
+ &General::readhasharray("$configgrp", \%customgrp);
+ foreach my $key (keys %customgrp){
+ if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
+ #decrease count from source host/net
+ if ($customgrp{$key}[3] eq 'Custom Network'){
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key1 (keys %customnetwork){
+ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+ $customnetwork{$key1}[4] = $customnetwork{$key1}[4]-1;
+ last;
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ }
+ if ($customgrp{$key}[3] eq 'Custom Host'){
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key1 (keys %customhost){
+ if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
+ $customhost{$key1}[4] = $customhost{$key1}[4]-1;
+ last;
+ }
+ }
+ &General::writehasharray("$confighost", \%customhost);
+ }
+ $grpname=$customgrp{$key}[0];
+ $grpremark=$customgrp{$key}[1];
+ delete $customgrp{$key};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ if ($fwhostsettings{'grpcnt'} > 0){&rules;}
+ if ($fwhostsettings{'update'} eq 'on'){
+ $fwhostsettings{'remark'}= $grpremark;
+ $fwhostsettings{'grp_name'}=$grpname;
+ }
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrp')
+{
+ &General::readhasharray("$configgrp", \%customgrp);
+ &decrease($fwhostsettings{'grp_name'});
+ foreach my $key (sort keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $fwhostsettings{'grp_name'})
+ {
+ delete $customgrp{$key};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ $fwhostsettings{'grp_name'}='';
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservice')
+{
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservice) {
+ if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+ #&deletefromgrp($customhost{$key}[0],$configgrp);
+ delete $customservice{$key};
+ &General::writehasharray("$configsrv", \%customservice);
+ last;
+ }
+ }
+ $fwhostsettings{'SRV_NAME'}='';
+ $fwhostsettings{'SRV_PORT'}='';
+ $fwhostsettings{'PROT'}='';
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq 'delservicegrp')
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &decreaseservice($fwhostsettings{'SRVGRP_NAME'});
+ foreach my $key (sort keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'})
+ {
+ delete $customservicegrp{$key};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $fwhostsettings{'SRVGRP_NAME'}='';
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
+{
+ my $grpname;
+ my $grpremark;
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (keys %customservicegrp){
+ if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'})
+ {
+ #decrease count from source service
+ foreach my $key1 (sort keys %customservice){
+ if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
+ $customservice{$key1}[4]--;
+ last;
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice);
+ $grpname=$customservicegrp{$key}[0];
+ $grpremark=$customservicegrp{$key}[1];
+ delete $customservicegrp{$key};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ &rules;
+ if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
+ $fwhostsettings{'SRVGRP_NAME'}=$grpname;
+ $fwhostsettings{'SRVGRP_REMARK'}=$grpremark;
+ }
+ &addservicegrp;
+ &viewtableservicegrp;
+
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
+{
+ &addnet;
+ &viewtablenet;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newhost'})
+{
+ &addhost;
+ &viewtablehost;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'})
+{
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'})
+{
+ &addservice;
+}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservicegrp'})
+{
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'changegrpremark')
+{
+ &General::readhasharray("$configgrp", \%customgrp);
+ if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){
+ foreach my $key (sort keys %customgrp)
+ {
+ if($customgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgrp{$key}[1] eq $fwhostsettings{'oldrem'})
+ {
+ $customgrp{$key}[1]='';
+ $customgrp{$key}[1]=$fwhostsettings{'newrem'};
+ }
+ }
+ &General::writehasharray("$configgrp", \%customgrp);
+ $fwhostsettings{'update'}='on';
+ $fwhostsettings{'remark'}=$fwhostsettings{'newrem'};
+ }else{
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'};
+ $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+ $fwhostsettings{'update'} = 'on';
+ }
+ $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+ &addgrp;
+ &viewtablegrp;
+}
+if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp );
+ if ($fwhostsettings{'oldsrvrem'} ne $fwhostsettings{'newsrvrem'} && (&validremark($fwhostsettings{'newsrvrem'}) || $fwhostsettings{'newsrvrem'} eq '')){
+ foreach my $key (sort keys %customservicegrp)
+ {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'srvgrp'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvrem'})
+ {
+ $customservicegrp{$key}[1]='';
+ $customservicegrp{$key}[1]=$fwhostsettings{'newsrvrem'};
+ }
+ }
+ &General::writehasharray("$configsrvgrp", \%customservicegrp);
+ $fwhostsettings{'updatesrvgrp'}='on';
+ $fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'};
+ }else{
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ $fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'};
+ $fwhostsettings{'SRVGRP_NAME'}=$fwhostsettings{'srvgrp'};
+ $fwhostsettings{'updatesrvgrp'} = 'on';
+ }
+ $fwhostsettings{'SRVGRP_NAME'}=$fwhostsettings{'srvgrp'};
+ &addservicegrp;
+ &viewtableservicegrp;
+}
+### VIEW ###
+if($fwhostsettings{'ACTION'} eq '')
+{
+ &showmenu;
+}
+### FUNCTIONS ###
+sub showmenu
+{
+ if (-f "${General::swroot}/forward/reread"){
+ print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
+ }
+ &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
+ print "$Lang::tr{'fwhost welcome'}";
+ print<<END;
+ <br><br><table border='0' width='100%'>
+ <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ></form></td>
+ <td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
+ <tr><td colspan='6'><hr></td></tr></table>
+END
+ &Header::closebox();
+
+}
+# Add
+sub addnet
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addnet'});
+ $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+ $fwhostsettings{'orgnetremark'}=$fwhostsettings{'NETREMARK'};
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td width='15%'>$Lang::tr{'name'}:</td><td><form method='post'><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='20'><script>document.getElementById('textbox1').focus()</script></td></tr>
+ <tr><td>$Lang::tr{'fwhost netaddress'}:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='15'></td></tr>
+ <tr><td>$Lang::tr{'netmask'}:</td><td><input type='TEXT' name='SUBNET' value='$fwhostsettings{'SUBNET'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='15'></td></tr>
+ <tr><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='NETREMARK' value='$fwhostsettings{'NETREMARK'}' style='width: 98.5%;'></td></tr>
+ <tr><td colspan='6'><br><hr></td></tr><tr>
+END
+ if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on')
+ {
+ print "<td colspan='6' align='right' ><input type='submit' value='$Lang::tr{'update'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='updatenet'><input type='hidden' name='orgnetremark' value='$fwhostsettings{'orgnetremark'}' ><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newnet' value='$fwhostsettings{'newnet'}'></td>";
+ }else{
+ print "<td colspan='6' align='right'><input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'/><input type='hidden' name='ACTION' value='savenet'><input type='hidden' name='newnet' value='on'>";
+ }
+ print "</form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;' ><input type='hidden' name='ACTION' value='resetnet'></form></td></tr></table>";
+ &Header::closebox();
+}
+sub addhost
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addhost'});
+ $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};
+ $fwhostsettings{'orgremark'}=$fwhostsettings{'HOSTREMARK'};
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td>$Lang::tr{'name'}:</td><td><form method='post' style='display:inline;'><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='20'><script>document.getElementById('textbox1').focus()</script></td></tr>
+ <tr><td>IP/MAC:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='20' maxlength='17'></td></tr>
+ <tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='HOSTREMARK' value='$fwhostsettings{'HOSTREMARK'}' style='width:98%;'></td></tr>
+ <tr><td colspan='5'><hr></td></tr><tr>
+END
+
+ if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on')
+ {
+
+ print " <td colspan='4' align='right'><input type='submit' value='$Lang::tr{'update'}' style='min-width:100px;'/><input type='hidden' name='ACTION' value='updatehost'><input type='hidden' name='orgremark' value='$fwhostsettings{'orgremark'}' ><input type='hidden' name='orgname' value='$fwhostsettings{'orgname'}' ><input type='hidden' name='update' value='on'><input type='hidden' name='newhost' value='$fwhostsettings{'newhost'}'></form>";
+ }else{
+ print " <td colspan='4' align='right'><input type='submit' name='savehost' value='$Lang::tr{'save'}' style='min-width:100px;' /><input type='hidden' name='ACTION' value='savehost' /><input type='hidden' name='newhost' value='on'>";
+ }
+ print " </form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;' ><input type='hidden' name='ACTION' value='resethost'></form></td></tr></table>";
+ &Header::closebox();
+}
+sub addgrp
+{
+ &hint;
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'});
+ &General::setup_default_networks(\%defaultNetworks);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+
+ my %checked=();
+ my $show='';
+ $checked{'check1'}{'off'} = '';
+ $checked{'check1'}{'on'} = '';
+ $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
+ $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+ my $grp=$fwhostsettings{'grp_name'};
+ my $rem=$fwhostsettings{'remark'};
+ if ($fwhostsettings{'update'} eq ''){
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='20'></td></tr>
+ <tr><td width='10%'>$Lang::tr{'remark'}:</td><td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 98%;'></td></tr>
+ <tr><td colspan='2'><br><hr></td></tr></table>
+END
+ }else{
+ print<<END;
+ <table width='100%' border='0'><form method='post' style='display:inline'>
+ <tr><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='TEXT' name='grp' value='$fwhostsettings{'grp_name'}' readonly ></td><td></td></tr>
+ <tr><td>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='newrem' size='45' value='$fwhostsettings{'remark'}' style='width:98%'></td><td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td></tr></table></form>
+ <hr>
+END
+ }
+ if ($fwhostsettings{'update'} eq 'on'){
+ print<<END;
+ <form method='post'><input type='hidden' name='remark' value='$rem'><input type='hidden' name='grp_name' value='$grp'>
+ <table width='100%' border='0'>
+ <tr><td width=50% valign='top'>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp2' value='std_net' id='DEFAULT_SRC_ADR' checked></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost stdnet'}</td><td><select name='DEFAULT_SRC_ADR' style='min-width:185px;'>
+END
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
+ my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
+ my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
+ my $defsub1=&General::subtocidr($ownnet{$defsub});
+ $ownnet{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
+ if ($ownnet{$defnet}){
+ print ">$network ($ownnet{$defnet}/$defsub1)</option>";
+ }else{
+ print ">$network</option>";
+ }
+ }
+ print"</select></td></tr>";
+ if (! -z $confignet){
+ print"<tr><td><input type='radio' name='grp2' id='CUST_SRC_NET' value='cust_net' $checked{'grp2'}{'cust_net'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='CUST_SRC_NET' style='min-width:185px;'>";
+ foreach my $key (sort { ncmp($customnetwork{$a}[0],$customnetwork{$b}[0]) } keys %customnetwork) {
+ print"<option>$customnetwork{$key}[0]</option>";
+ }
+ print"</select></td></tr>";
+ }
+ if (! -z $confighost){
+ print"<tr><td valign='top'><input type='radio' name='grp2' id='CUST_SRC_HOST' value='cust_host' $checked{'grp2'}{'cust_host'}></td><td valign='top'>$Lang::tr{'fwhost cust addr'}</td><td><select name='CUST_SRC_HOST' style='min-width:185px;'>";
+ foreach my $key (sort { ncmp($customhost{$a}[0],$customhost{$b}[0]) } keys %customhost) {
+ print"<option>$customhost{$key}[0]</option>";
+ }
+ print"</select></td></tr>";
+ }
+ print"</table>";
+ #Inner table right
+ print"</td><td valign='top'><table width='100%' border='0'>";
+ #OVPN networks
+ if (! -z $configccdnet){
+ print"<td width='1%'><input type='radio' name='grp2' id='OVPN_CCD_NET' value='ovpn_net' $checked{'grp2'}{'ovpn_net'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_NET' style='min-width:185px;'>";
+ foreach my $key (sort { ncmp($ccdnet{$a}[0],$ccdnet{$b}[0]) } keys %ccdnet)
+ {
+ print"<option value='$ccdnet{$key}[0]'>$ccdnet{$key}[0]</option>";
+ }
+ print"</select></td></tr>";
+ }
+ #OVPN clients
+ foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost)
+ {
+ if ($ccdhost{$key}[33] ne ''){
+ print"<td width='1%'><input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_HOST' style='min-width:185px;'>" if ($show eq '');
+ $show='1';
+ print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
+ }
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #OVPN n2n networks
+ foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost) {
+ if($ccdhost{$key}[3] eq 'net'){
+ print"<td width='1%'><input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}></td><td valign='top'>$Lang::tr{'fwhost ovpn_n2n'}</td><td colspan='3'><select name='OVPN_N2N' style='min-width:185px;'>" if ($show eq '');
+ $show='1';
+ print"<option>$ccdhost{$key}[1]</option>";
+ }
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #IPsec networks
+ foreach my $key (sort { ncmp($ipsecconf{$a}[0],$ipsecconf{$b}[0]) } keys %ipsecconf) {
+ if ($ipsecconf{$key}[3] eq 'net'){
+ print"<td valign='top'><input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}></td><td valign='top'>$Lang::tr{'fwhost ipsec net'}</td><td><select name='IPSEC_NET' style='min-width:185px;'>" if ($show eq '');
+ $show='1';
+ print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
+ }
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ print"</table>";
+ print"</td></tr></table>";
+ print"<br><br><hr>";
+ }
+ print"<table border='0' width='100%'>";
+ print"<tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
+ &Header::closebox();
+}
+sub addservice
+{
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addservice'});
+ if ($fwhostsettings{'updatesrv'} eq 'on')
+ {
+ $fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
+ $fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
+ $fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+ }
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}' size='24'><script>document.getElementById('textbox1').focus()</script></td></tr>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+END
+ foreach ("TCP","UDP","ICMP")
+ {
+ if ($_ eq $fwhostsettings{'PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+
+ print<<END;
+ </select></td></tr>
+ <tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr>
+ <tr><td colspan='6'><br><hr></td></tr>
+ <tr><td colspan='6' align='right'>
+END
+ if ($fwhostsettings{'updatesrv'} eq 'on')
+ {
+ print<<END;
+ <input type='submit' value='$Lang::tr{'update'}'style='min-width:100px;' >
+ <input type='hidden' name='ACTION' value='updateservice'>
+ <input type='hidden' name='oldsrvname' value='$fwhostsettings{'oldsrvname'}'>
+ <input type='hidden' name='oldsrvport' value='$fwhostsettings{'oldsrvport'}'>
+ <input type='hidden' name='oldsrvprot' value='$fwhostsettings{'oldsrvprot'}'></form>
+END
+
+ }else{
+ print"<input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='saveservice'></form>";
+ }
+ print<<END;
+ <form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></form></td></tr>
+ </table></form>
+
+
+END
+ &Header::closebox();
+ &viewtableservice;
+}
+sub addservicegrp
+{
+ &hint;
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addservicegrp'});
+ $fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'};
+ if ($fwhostsettings{'updatesrvgrp'} eq ''){
+ print<<END;
+ <table width='100%' border='0'><form method='post'>
+ <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}' size='24'></td></tr>
+ <tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='text' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}' style='width: 98%;'></td></tr>
+ <tr><td colspan='2'><br><hr></tr>
+ </table>
+END
+ }else{
+ print<<END;
+ <table width='100%' border='0'><form method='post' style='display:inline'>
+ <tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td><input type='text' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}' readonly size='14'></td><td width='3%'></td></tr>
+ <tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='text' name='newsrvrem' value='$fwhostsettings{'SRVGRP_REMARK'}' style='width:98%;'></td><td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldsrvrem' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='changesrvgrpremark' ></td></tr>
+ <tr><td colspan='3'><br><hr></td></td></tr>
+ </table></form>
+END
+ }
+ if($fwhostsettings{'updatesrvgrp'} eq 'on'){
+ print<<END;
+ <form method='post'><input type='hidden' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}'><input type='hidden' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'><table border='0' width='100%'>
+ <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+END
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice)
+ {
+ print "<option>$customservice{$key}[0]</option>";
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='4'><br><br></td></tr>
+ <tr><td colspan='4'><hr></td></tr>
+ </table>
+END
+ }
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='oldsrvgrpremark' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='saveservicegrp' ></form><form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></td></tr>
+ </table></form>
+END
+ &Header::closebox();
+}
+# View
+sub viewtablenet
+{
+ if(! -z $confignet){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'});
+ &General::readhasharray("$confignet", \%customnetwork);
+ if (!keys %customnetwork)
+ {
+ print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ }else{
+ print<<END;
+ <table border='0' width='100%' cellspacing='0'>
+ <tr><td align='center'><b>$Lang::tr{'name'}</b></td><td align='center'><b>$Lang::tr{'fwhost netaddress'}</b></td><td align='center'><b>$Lang::tr{'remark'}</b></td><td align='center'><b>$Lang::tr{'used'}</b></td><td></td><td width='3%'></td></tr>
+END
+ }
+ my $count=0;
+ foreach my $key (sort {ncmp($a,$b)} keys %customnetwork) {
+ if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2)
+ {
+ print" <tr bgcolor='$color{'color22'}'>";
+ }else
+ {
+ print" <tr bgcolor='$color{'color20'}'>";
+ }
+ my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
+ print"<td width='20%'><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center'>".&Header::colorize($colnet)."</td><td width='40%'>$customnetwork{$key}[3]</td><td align='center'>$customnetwork{$key}[4]x</td>";
+ print<<END;
+ <td width='1%'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='hidden' name='ACTION' value='editnet'>
+ <input type='hidden' name='HOSTNAME' value='$customnetwork{$key}[0]' />
+ <input type='hidden' name='IP' value='$customnetwork{$key}[1]' />
+ <input type='hidden' name='SUBNET' value='$customnetwork{$key}[2]' />
+ <input type='hidden' name='NETREMARK' value='$customnetwork{$key}[3]' />
+ </td></form>
+END
+ if($customnetwork{$key}[4] == '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delnet' /><input type='hidden' name='key' value='$customnetwork{$key}[0]' /></td></form></tr>";
+ }else{
+ print"<td></td></tr>";
+ }
+ $count++;
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+
+}
+sub getcolor
+{
+ my $c=shift;
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color:$Header::colourovpn ;'";
+ return $tdcolor;
+ }
+ }
+ }
+ #Check if IP is part of OpenVPN dynamic subnet
+ my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourovpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='color: $Header::colourvpn;'";
+ return $tdcolor;
+ }
+ }
+ $tdcolor='';
+ return $tdcolor;
+}
+sub viewtablehost
+{
+ if (! -z $confighost){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'});
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ if (!keys %customhost)
+ {
+ print "<center><b>$Lang::tr{'fwhost empty'}</b>";
+ }else{
+ print<<END;
+ <table border='0' width='100%' cellspacing='0'>
+ <tr><td align='center'><b>$Lang::tr{'name'}</b></td><td align='center'><b>$Lang::tr{'fwhost ip_mac'}</b></td><td align='center'><b>$Lang::tr{'remark'}</b></td><td align='center'><b>$Lang::tr{'used'}</b></td><td></td><td width='3%'></td></tr>
+END
+ }
+ my $count=0;
+ foreach my $key (sort { ncmp ($customhost{$a}[0],$customhost{$b}[0])} keys %customhost) {
+ if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
+ else{ print" <tr bgcolor='$color{'color20'}'>";}
+ my ($ip,$sub)=split(/\//,$customhost{$key}[2]);
+ $customhost{$key}[4]=~s/\s+//g;
+ print"<td width='20%'>$customhost{$key}[0]</td><td width='20%' align='center' ".&getcolor($ip).">".&Header::colorize($ip)."</td><td width='50%' align='left'>$customhost{$key}[3]</td><td align='center'>$customhost{$key}[4]x</td>";
+ print<<END;
+ <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='hidden' name='ACTION' value='edithost' />
+ <input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
+ <input type='hidden' name='IP' value='$ip' />
+ <input type='hidden' name='type' value='$customhost{$key}[1]' />
+ <input type='hidden' name='HOSTREMARK' value='$customhost{$key}[3]' />
+ </form></td>
+END
+ if($customhost{$key}[4] == '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delhost' /><input type='hidden' name='key' value='$customhost{$key}[0]' /></td></form></tr>";
+ }else{
+ print"<td width='1%'></td></tr>";
+ }
+ $count++;
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+sub viewtablegrp
+{
+ if(! -z "$configgrp"){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust grp'});
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$confignet", \%customnetwork);
+ my @grp=();
+ my $helper='';
+ my $count=1;
+ my $grpname;
+ my $remark;
+ my $number;
+ my $delflag;
+ if (!keys %customgrp)
+ {
+ print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
+ }else{
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ $count++;
+ if ($helper ne $customgrp{$key}[0]){
+ $delflag='0';
+ foreach my $key1 (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort { ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+ if ($customgrp{$key}[0] eq $customgrp{$key1}[0])
+ {
+ $delflag++;
+ }
+ if($delflag > 1){
+ last;
+ }
+ }
+ $number=1;
+ if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=$Lang::tr{'fwhost err emptytable'};}
+ $grpname=$customgrp{$key}[0];
+ $remark="$customgrp{$key}[1]";
+ if($count gt 1){ print"</table>";}
+ print "<br><b><u>$grpname</u></b> ";
+ print " <b>$Lang::tr{'remark'}:</b>  $remark   " if ($remark ne '');
+ print "<b>$Lang::tr{'used'}:</b> $customgrp{$key}[4]x";
+ if($customgrp{$key}[4] == '0')
+ {
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
+ }
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='remark' value='$remark' ><input type='hidden' name='ACTION' value='editgrp'></form>";
+ print"<table width='100%' style='border: 1px solid #CCCCCC;' rules='none' cellspacing='0'><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'ip address'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost type'}</td><td></td></tr>";
+ }
+
+ if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count %2 == 0){
+ print"<tr bgcolor='$color{'color22'}'>";
+ }else{
+ print"<tr bgcolor='$color{'color20'}'>";
+ }
+ my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]);
+ if ($ip eq ''){print"<tr bgcolor='${Header::colouryellow}'>";}
+ print "<td width='39%' align='left'>";
+ if($customgrp{$key}[3] eq 'Standard Network'){
+ print &get_name($customgrp{$key}[2])."</td>";
+ }else{
+ print "$customgrp{$key}[2]</td>";
+ }
+ if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
+ print "<td align='center'>$Lang::tr{'fwhost deleted'}</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ }else{
+ my ($colip,$colsub) = split("/",$ip);
+ $ip="$colip/".&General::subtocidr($colsub) if ($colsub);
+ print"<td align='center' ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center'>$customgrp{$key}[3]</td><td width='1%'><form method='post'>";
+ }
+ if ($delflag > '1' && $ip ne ''){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ }
+ print"<input type='hidden' name='ACTION' value='deletegrphost'><input type='hidden' name='grpcnt' value='$customgrp{$key}[4]'><input type='hidden' name='update' value='$fwhostsettings{'update'}'><input type='hidden' name='delhost' value='$grpname,$remark,$customgrp{$key}[2],$customgrp{$key}[3]'></form></td></tr>";
+
+ $helper=$customgrp{$key}[0];
+ $number++;
+ }
+ print"</table>";
+ }
+ &Header::closebox();
+}
+
+}
+sub viewtableservice
+{
+ my $count=0;
+ if(! -z "$configsrv")
+ {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost services'});
+ &General::readhasharray("$configsrv", \%customservice);
+ print<<END;
+ <table width='100%' border='0' cellspacing='0'>
+ <tr><td align='center'><b>$Lang::tr{'fwhost srv_name'}</b></td><td align='center'><b>$Lang::tr{'fwhost prot'}</b></td><td align='center'><b>$Lang::tr{'fwhost port'}</b></td><td align='center'><b>ICMP</b></td><td align='center'><b>$Lang::tr{'fwhost used'}</b></td><td></td><td width='3%'></td></tr>
+END
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0])} keys %customservice)
+ {
+ $count++;
+ if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}else{ print" <tr bgcolor='$color{'color20'}'>";}
+ print<<END;
+ <td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
+END
+ if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
+
+ print<<END;
+ </td><td align='center'>$customservice{$key}[4]x</td>
+ <td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
+ <input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
+ <input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
+ <input type='hidden' name='PROT' value='$customservice{$key}[2]' /></form></td>
+END
+ if ($customservice{$key}[4] eq '0')
+ {
+ print"<td width='1%'><form method='post'><input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} /><input type='hidden' name='ACTION' value='delservice' /><input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]'></td></tr></form>";
+ }else{
+ print"<td></td></tr>";
+ }
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+sub viewtableservicegrp
+{
+ my $count=0;
+ my $grpname;
+ my $remark;
+ my $helper;
+ my $port;
+ my $protocol;
+ my $delflag;
+ if (! -z $configsrvgrp){
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ &General::readhasharray("$configsrv", \%customservice);
+ my $number= keys %customservicegrp;
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+ $count++;
+ if ($helper ne $customservicegrp{$key}[0]){
+ $delflag=0;
+ foreach my $key1 (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) } keys %customservicegrp){
+ if ($customservicegrp{$key}[0] eq $customservicegrp{$key1}[0])
+ {
+ $delflag++;
+ }
+ if($delflag > 1){
+ last;
+ }
+ }
+ $grpname=$customservicegrp{$key}[0];
+ if ($customservicegrp{$key}[2] eq "none"){
+ $customservicegrp{$key}[2]=$Lang::tr{'fwhost empty'};
+ $port='';
+ $protocol='';
+ }
+ $remark="$customservicegrp{$key}[1]";
+ if($count >=2){print"</table>";}
+ print "<br><b><u>$grpname</u></b> ";
+ print "<b>$Lang::tr{'remark'}:</b> $remark " if ($remark ne '');
+ print " <b>$Lang::tr{'used'}:</b> $customservicegrp{$key}[3]x";
+ if($customservicegrp{$key}[3] == '0')
+ {
+ print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
+ }
+ print"<form method='post' style='display:inline'><input type='image' src='/images/edit.gif' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='SRVGRP_REMARK' value='$remark' ><input type='hidden' name='ACTION' value='editservicegrp'></form>";
+ print"<table width='100%' style='border: 1px solid #CCCCCC;' rules='none' cellspacing='0'><tr><td align='center'><b>Name</b></td><td align='center'><b>$Lang::tr{'port'}</b></td><td align='center' width='25%'><b>$Lang::tr{'fwhost prot'}</td><td></td></tr>";
+ }
+ if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) {
+ print" <tr bgcolor='${Header::colouryellow}'>";
+ }elsif ($count %2 == 0){
+ print"<tr bgcolor='$color{'color22'}'>";
+ }else{
+ print"<tr bgcolor='$color{'color20'}'>";
+ }
+ print "<td width='39%'>$customservicegrp{$key}[2]</td>";
+ foreach my $srv (sort keys %customservice){
+ if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){
+ $protocol=$customservice{$srv}[2];
+ $port=$customservice{$srv}[1];
+ last;
+ }
+ }
+ print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>";
+ if ($number gt '1'){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
+ }
+ print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+ $helper=$customservicegrp{$key}[0];
+ }
+ print"</table>";
+ &Header::closebox();
+ }
+}
+# Check
+sub checkname
+{
+ my %hash=%{(shift)};
+ foreach my $key (keys %hash) {
+ if($hash{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+ return 0;
+ }
+ }
+ return 1;
+
+}
+sub checkgroup
+{
+ my %hash=%{(shift)};
+ my $name=shift;
+ foreach my $key (keys %hash) {
+ if($hash{$key}[0] eq $name){
+ return 0;
+ }
+ }
+ return 1;
+}
+sub checkip
+{
+
+ my %hash=%{(shift)};
+ my $a=shift;
+ foreach my $key (keys %hash) {
+ if($hash{$key}[$a] eq $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'})){
+ return 0;
+ }
+ }
+ return 1;
+}
+sub checksubnet
+{
+ my %hash=%{(shift)};
+ &General::readhasharray("$confignet", \%hash);
+ foreach my $key (keys %hash) {
+ if(&General::IpInSubnet($fwhostsettings{'IP'},$hash{$key}[1],$hash{$key}[2]))
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+sub checkservicegroup
+{
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+
+ #check name
+ if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'}))
+ {
+ $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+ return $errormessage;
+ }
+ #check empty selectbox
+ if (keys %customservice lt 1)
+ {
+ $errormessage.=$Lang::tr{'fwhost err groupempty'}."<br>";
+ }
+ #check if name already exists
+ if ($fwhostsettings{'updatesrvgrp'} ne 'on'){
+ foreach my $key (keys %customservicegrp) {
+ if( $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} ){
+ $errormessage.=$Lang::tr{'fwhost err grpexist'}."<br>";
+
+ }
+ }
+ }
+ #check if service already exists in group
+ foreach my $key (keys %customservicegrp) {
+ if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[2] eq $fwhostsettings{'CUST_SRV'} ){
+ $errormessage.=$Lang::tr{'fwhost err srvexist'}."<br>";
+ }
+ }
+ return $errormessage;
+}
+sub error
+{
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ }
+}
+sub hint
+{
+ if ($hint) {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+ print "<class name='base'>$hint\n";
+ print " </class>\n";
+ &Header::closebox();
+ }
+}
+sub get_name
+{
+ my $val=shift;
+ &General::setup_default_networks(\%defaultNetworks);
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+ }
+}
+
+sub deletefromgrp
+{
+ my $target=shift;
+ my $config=shift;
+ my %hash=();
+ &General::readhasharray("$config",\%hash);
+ foreach my $key (keys %hash) {
+ $errormessage.="lese $hash{$key}[2] und $target<br>";
+ if($hash{$key}[2] eq $target){
+
+ delete $hash{$key};
+ $errormessage.="Habe $target aus Gruppe gelöscht!<br>";
+ }
+ }
+ &General::writehasharray("$config",\%hash);
+
+}
+sub plausicheck
+{
+ my $edit=shift;
+ #check hostname
+ if (!&validhostname($fwhostsettings{'HOSTNAME'}))
+ {
+ $errormessage=$errormessage.$Lang::tr{'fwhost err name'};
+ $fwhostsettings{'BLK_IP'}='readonly';
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if name collides with CCD Netname
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (keys %ccdnet) {
+ if($ccdnet{$key}[0] eq $fwhostsettings{'HOSTNAME'}){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdnet'};;
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ #check if IP collides with CCD NetIP
+ if ($fwhostsettings{'type'} ne 'mac'){
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (keys %ccdnet) {
+ my $test=(&General::getnetworkip($fwhostsettings{'IP'},&General::iporsubtocidr($fwhostsettings{'SUBNET'})))."/".$fwhostsettings{'SUBNET'};
+ if($ccdnet{$key}[1] eq $test){
+ $errormessage=$errormessage.$Lang::tr{'fwhost err isccdipnet'};
+ $fwhostsettings{'IP'} = $fwhostsettings{'orgip'};
+ $fwhostsettings{'SUBNET'} = $fwhostsettings{'orgsubnet'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ }
+ #check if name collides with CCD Hostname
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ foreach my $key (keys %ccdhost) {
+ my ($ip,$sub)=split(/\//,$ccdhost{$key}[33]);
+ if($ip eq $fwhostsettings{'IP'}){
+ $errormessage=$Lang::tr{'fwhost err isccdiphost'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ #check if IP collides with CCD HostIP (only hosts)
+ if ($edit eq 'edithost')
+ {
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $fwhostsettings{'HOSTNAME'}){
+ $errormessage=$Lang::tr{'fwhost err isccdhost'};
+ $fwhostsettings{'IP'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ last;
+ }
+ }
+ }
+ #check if network with this name already exists
+ &General::readhasharray("$confignet", \%customnetwork);
+ if (!&checkname(\%customnetwork))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err netexist'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if network ip already exists
+ if (!&checkip(\%customnetwork,1))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err net'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if host with this name already exists
+ &General::readhasharray("$confighost", \%customhost);
+ if (!&checkname(\%customhost))
+ {
+ $errormessage.="<br>".$Lang::tr{'fwhost err hostexist'};
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
+ if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;}
+ }
+ #check if host with this ip already exists
+ if (!&checkip(\%customhost,2))
+ {
+ $errormessage=$errormessage."<br>".$Lang::tr{'fwhost err ipcheck'};
+ }
+ return;
+}
+sub getipforgroup
+{
+ my $name=$_[0],
+ my $type=$_[1];
+ my $value;
+
+ #get address from IPSEC NETWORK
+ if ($type eq 'IpSec Network'){
+ foreach my $key (keys %ipsecconf) {
+ if ($ipsecconf{$key}[1] eq $name){
+ return $ipsecconf{$key}[11];
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from IPSEC HOST
+ if ($type eq 'IpSec Host'){
+ foreach my $key (keys %ipsecconf) {
+ if ($ipsecconf{$key}[1] eq $name){
+ return $ipsecconf{$key}[10];
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd Net-2-Net
+ if ($type eq 'OpenVPN N-2-N'){
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $name){
+ my ($a,$b) = split ("/",$ccdhost{$key}[11]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd static host
+ if ($type eq 'OpenVPN static host'){
+ foreach my $key (keys %ccdhost) {
+ if($ccdhost{$key}[1] eq $name){
+ my ($a,$b) = split (/\//,$ccdhost{$key}[33]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ &deletefromgrp($name,$configgrp);
+ }
+
+ #get address from ovpn ccd static net
+ if ($type eq 'OpenVPN static network'){
+ foreach my $key (keys %ccdnet) {
+ if ($ccdnet{$key}[0] eq $name){
+ my ($a,$b) = split (/\//,$ccdnet{$key}[1]);
+ $b=&General::iporsubtodec($b);
+ return "$a/$b";
+ }
+ }
+ }
+
+ #check custom addresses
+ if ($type eq 'Custom Host'){
+ foreach my $key (keys %customhost) {
+ if ($customhost{$key}[0] eq $name){
+ my ($ip,$sub) = split("/",$customhost{$key}[2]);
+ return $ip;
+ }
+ }
+ }
+
+ ##check custom networks
+ if ($type eq 'Custom Network'){
+ foreach my $key (keys %customnetwork) {
+ if($customnetwork{$key}[0] eq $name){
+ return $customnetwork{$key}[1]."/".$customnetwork{$key}[2];
+ }
+ }
+ }
+
+ #check standard networks
+ if ($type eq 'Standard Network'){
+ if ($name =~ /OpenVPN/i){
+ my %ovpn=();
+ &General::readhash("${General::swroot}/ovpn/settings",\%ovpn);
+ return $ovpn{'DOVPN_SUBNET'};
+ }
+ if ($name eq 'GREEN'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'GREEN_NETADDRESS'}."/".$hash{'GREEN_NETMASK'};
+ }
+ if ($name eq 'BLUE'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'BLUE_NETADDRESS'}."/".$hash{'BLUE_NETMASK'};
+ }
+ if ($name eq 'ORANGE'){
+ my %hash=();
+ &General::readhash("${General::swroot}/ethernet/settings",\%hash);
+ return $hash{'ORANGE_NETADDRESS'}."/".$hash{'ORANGE_NETMASK'};
+ }
+ if ($name eq 'ALL'){
+ return "0.0.0.0/0.0.0.0";
+ }
+ if ($name =~ /IPsec/i){
+ my %hash=();
+ &General::readhash("${General::swroot}/vpn/settings",\%hash);
+ return $hash{'RW_NET'};
+ }
+ }
+}
+sub rules
+{
+ if (!-f "${General::swroot}/fwhosts/reread"){
+ system("touch ${General::swroot}/fwhosts/reread");
+ system("touch ${General::swroot}/forward/reread");
+ }
+}
+sub reread_rules
+{
+ system ("/usr/local/bin/forwardfwctrl");
+ if ( -f "${General::swroot}/fwhosts/reread"){
+ system("rm ${General::swroot}/fwhosts/reread");
+ system("rm ${General::swroot}/forward/reread");
+ }
+
+}
+sub decrease
+{
+ my $grp=$_[0];
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (sort keys %customgrp ){
+ if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){
+ foreach my $key1 (sort keys %customnetwork){
+ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
+ $customnetwork{$key1}[4]=$customnetwork{$key1}[4]-1;
+ last;
+ }
+ }
+ }
+
+ if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){
+ foreach my $key2 (sort keys %customhost){
+ if ($customhost{$key2}[0] eq $customgrp{$key}[2]){
+ $customhost{$key2}[4]=$customhost{$key2}[4]-1;
+ last;
+ }
+ }
+
+ }
+ }
+ &General::writehasharray("$confignet", \%customnetwork);
+ &General::writehasharray("$confighost", \%customhost);
+}
+sub decreaseservice
+{
+ my $grp=$_[0];
+ &General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+
+ foreach my $key (sort keys %customservicegrp){
+ if ($customservicegrp{$key}[0] eq $grp ){
+ foreach my $key2 (sort keys %customservice){
+ if ($customservice{$key2}[0] eq $customservicegrp{$key}[2]){
+ $customservice{$key2}[4]--;
+ }
+ }
+ }
+ }
+ &General::writehasharray("$configsrv", \%customservice);
+
+}
+sub checkports
+{
+
+ my %hash=%{(shift)};
+ #check empty fields
+ if ($fwhostsettings{'SRV_NAME'} eq '' ){
+ $errormessage=$Lang::tr{'fwhost err name1'};
+ }
+ if ($fwhostsettings{'SRV_PORT'} eq '' && $fwhostsettings{'PROT'} ne 'ICMP'){
+ $errormessage=$Lang::tr{'fwhost err port'};
+ }
+ #check valid name
+ if (! &validhostname($fwhostsettings{'SRV_NAME'})){
+ $errormessage="<br>".$Lang::tr{'fwhost err name'};
+ }
+ #change dashes with :
+ $fwhostsettings{'SRV_PORT'}=~ tr/-/:/;
+
+ if ($fwhostsettings{'SRV_PORT'} eq "*") {
+ $fwhostsettings{'SRV_PORT'} = "1:65535";
+ }
+ if ($fwhostsettings{'SRV_PORT'} =~ /^(\D)\:(\d+)$/) {
+ $fwhostsettings{'SRV_PORT'} = "1:$2";
+ }
+ if ($fwhostsettings{'SRV_PORT'} =~ /^(\d+)\:(\D)$/) {
+ $fwhostsettings{'SRV_PORT'} = "$1:65535";
+ }
+ if($fwhostsettings{'PROT'} ne 'ICMP'){
+ $errormessage = $errormessage.&General::validportrange($fwhostsettings{'SRV_PORT'}, 'src');
+ }
+ # a new service has to have a different name
+ foreach my $key (keys %hash){
+ if ($hash{$key}[0] eq $fwhostsettings{'SRV_NAME'}){
+ $errormessage = "<br>".$Lang::tr{'fwhost err srv exists'};
+ last;
+ }
+ }
+ return $errormessage;
+}
+sub validhostname
+{
+ # Checks a hostname against RFC1035
+ my $hostname = $_[0];
+
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($hostname) < 1 || length ($hostname) > 63) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($hostname !~ /^[a-zA-ZäöüÖÄÜ0-9-_.;()\/\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($hostname, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($hostname, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9()]*$/) {
+ return 0;}
+ return 1;
+}
+sub validremark
+{
+ # Checks a hostname against RFC1035
+ my $remark = $_[0];
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($remark) < 1 || length ($remark) > 255) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) {
+ return 0;}
+ return 1;
+}
+&Header::closebigbox();
+&Header::closepage();
} else { print $Lang::tr{'advproxy off'}; }
}
if ( $netsettings{'ORANGE_DEV'} ) { print <<END;
- <tr><td align='center' bgcolor='$Header::colourorange' width='25%'><a href="/cgi-bin/dmzholes.cgi"><font size='2' color='white'><b>$Lang::tr{'dmz'}</b></font></a><br>
+ <tr><td align='center' bgcolor='$Header::colourorange' width='25%'><a href="/cgi-bin/forwardfw.cgi"><font size='2' color='white'><b>$Lang::tr{'dmz'}</b></font></a><br>
<td width='30%' align='center'>$netsettings{'ORANGE_ADDRESS'}
<td width='45%' align='center'><font color=$Header::colourgreen>Online</font>
END
# $Id: optionsfw.cgi,v 1.1.2.10 2005/10/03 00:34:10 gespinasse Exp $
#
#
-
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
my %checked =(); # Checkbox manipulations
-
-# File used
-my $filename = "${General::swroot}/optionsfw/settings";
-
our %settings=();
-$settings{'DISABLEPING'} = 'NO';
-$settings{'DROPNEWNOTSYN'} = 'on';
-$settings{'DROPINPUT'} = 'on';
-$settings{'DROPOUTPUT'} = 'on';
-$settings{'DROPPORTSCAN'} = 'on';
-$settings{'DROPWIRELESSINPUT'} = 'on';
-$settings{'DROPWIRELESSFORWARD'} = 'on';
+my %fwdfwsettings=();
+my %configfwdfw=();
+my %configoutgoingfw=();
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configoutgoing = "${General::swroot}/forward/outgoing";
my $errormessage = '';
my $warnmessage = '';
+my $filename = "${General::swroot}/optionsfw/settings";
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&Header::showhttpheaders();
#Get GUI values
&Header::getcgihash(\%settings);
-
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
- $errormessage = $Lang::tr{'new optionsfw later'};
- delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
- &General::writehash($filename, \%settings); # Save good settings
- } else {
- &General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
- }
+ if ($settings{'defpol'} ne '1'){
+ $errormessage .= $Lang::tr{'new optionsfw later'};
+ &General::writehash($filename, \%settings); # Save good settings
+ system("/usr/local/bin/forwardfwctrl");
+ }else{
+ if ($settings{'POLICY'} ne ''){
+ $fwdfwsettings{'POLICY'} = $settings{'POLICY'};
+ }
+ if ($settings{'POLICY1'} ne ''){
+ $fwdfwsettings{'POLICY1'} = $settings{'POLICY1'};
+ }
+ my $MODE = $fwdfwsettings{'POLICY'};
+ my $MODE1 = $fwdfwsettings{'POLICY1'};
+ %fwdfwsettings = ();
+ $fwdfwsettings{'POLICY'} = "$MODE";
+ $fwdfwsettings{'POLICY1'} = "$MODE1";
+ &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ system("/usr/local/bin/forwardfwctrl");
+ }
+ &General::readhash($filename, \%settings); # Load good settings
+}
&Header::openpage($Lang::tr{'options fw'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
-
+&General::readhash($filename, \%settings);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
print "<font color='red'>$errormessage </font>";
$checked{'DROPINPUT'}{'off'} = '';
$checked{'DROPINPUT'}{'on'} = '';
$checked{'DROPINPUT'}{$settings{'DROPINPUT'}} = "checked='checked'";
-$checked{'DROPOUTPUT'}{'off'} = '';
-$checked{'DROPOUTPUT'}{'on'} = '';
-$checked{'DROPOUTPUT'}{$settings{'DROPOUTPUT'}} = "checked='checked'";
+$checked{'DROPFORWARD'}{'off'} = '';
+$checked{'DROPFORWARD'}{'on'} = '';
+$checked{'DROPFORWARD'}{$settings{'DROPFORWARD'}} = "checked='checked'";
+$checked{'DROPOUTGOING'}{'off'} = '';
+$checked{'DROPOUTGOING'}{'on'} = '';
+$checked{'DROPOUTGOING'}{$settings{'DROPOUTGOING'}} = "checked='checked'";
$checked{'DROPPORTSCAN'}{'off'} = '';
$checked{'DROPPORTSCAN'}{'on'} = '';
$checked{'DROPPORTSCAN'}{$settings{'DROPPORTSCAN'}} = "checked='checked'";
$checked{'DROPSAMBA'}{'off'} = '';
$checked{'DROPSAMBA'}{'on'} = '';
$checked{'DROPSAMBA'}{$settings{'DROPSAMBA'}} = "checked='checked'";
+$checked{'SHOWCOLORS'}{'off'} = '';
+$checked{'SHOWCOLORS'}{'on'} = '';
+$checked{'SHOWCOLORS'}{$settings{'SHOWCOLORS'}} = "checked='checked'";
+$checked{'SHOWREMARK'}{'off'} = '';
+$checked{'SHOWREMARK'}{'on'} = '';
+$checked{'SHOWREMARK'}{$settings{'SHOWREMARK'}} = "checked='checked'";
+$checked{'SHOWTABLES'}{'off'} = '';
+$checked{'SHOWTABLES'}{'on'} = '';
+$checked{'SHOWTABLES'}{$settings{'SHOWTABLES'}} = "checked='checked'";
+$checked{'SHOWDROPDOWN'}{'off'} = '';
+$checked{'SHOWDROPDOWN'}{'on'} = '';
+$checked{'SHOWDROPDOWN'}{$settings{'SHOWDROPDOWN'}} = "checked='checked'";
+$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
+$selected{'FWPOLICY1'}{$settings{'FWPOLICY1'}}= 'selected';
+$selected{'FWPOLICY2'}{$settings{'FWPOLICY2'}}= 'selected';
&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
<input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop input'}</td><td align='left'>on <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
<input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> off</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop output'}</td><td align='left'>on <input type='radio' name='DROPOUTPUT' value='on' $checked{'DROPOUTPUT'}{'on'} />/
- <input type='radio' name='DROPOUTPUT' value='off' $checked{'DROPOUTPUT'}{'off'} /> off</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop forward'}</td><td align='left'>on <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/
+ <input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> off</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td><td align='left'>on <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/
+ <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>on <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
<input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>on <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>on <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
<input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> off</td></tr>
</table>
-<br />
+<br/>
+
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>on <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/
<tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>on <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/
<input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> off</td></tr>
</table>
+<br>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw settings'}</b></td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'fw settings color'}</td><td align='left'>on <input type='radio' name='SHOWCOLORS' value='on' $checked{'SHOWCOLORS'}{'on'} />/
+ <input type='radio' name='SHOWCOLORS' value='off' $checked{'SHOWCOLORS'}{'off'} /> off</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'fw settings remark'}</td><td align='left'>on <input type='radio' name='SHOWREMARK' value='on' $checked{'SHOWREMARK'}{'on'} />/
+ <input type='radio' name='SHOWREMARK' value='off' $checked{'SHOWREMARK'}{'off'} /> off</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'fw settings ruletable'}</td><td align='left'>on <input type='radio' name='SHOWTABLES' value='on' $checked{'SHOWTABLES'}{'on'} />/
+ <input type='radio' name='SHOWTABLES' value='off' $checked{'SHOWTABLES'}{'off'} /> off</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'fw settings dropdown'}</td><td align='left'>on <input type='radio' name='SHOWDROPDOWN' value='on' $checked{'SHOWDROPDOWN'}{'on'} />/
+ <input type='radio' name='SHOWDROPDOWN' value='off' $checked{'SHOWDROPDOWN'}{'off'} /> off</td></tr>
+</table>
+<br />
+<table width='95%' cellspacing='0'>
+<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action'}</td><td><select name='FWPOLICY'>
+<option value='DROP' $selected{'FWPOLICY'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY'}{'REJECT'}>REJECT</option></select>
+</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action1'}</td><td><select name='FWPOLICY1'>
+<option value='DROP' $selected{'FWPOLICY1'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY1'}{'REJECT'}>REJECT</option></select>
+</td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action2'}</td><td><select name='FWPOLICY2'>
+<option value='DROP' $selected{'FWPOLICY2'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY2'}{'REJECT'}>REJECT</option></select>
+</td></tr>
+</table>
+
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
- <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
+<input type='submit' name='ACTION' value=$Lang::tr{'save'} />
+</form></td></tr>
</table>
</form>
END
;
&Header::closebox();
+
+&Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'});
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
+ if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; }
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; }
+print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr><td colspan='3' style='font-weight:bold;color:red;' align='left'>FORWARD </td></tr>
+ <tr><td colspan='3' align='left'>$Lang::tr{'fwdfw pol text'}</td></tr>
+ <tr><td colspan='3'><hr /></td></tr>
+ <tr><td width='15%' align='left'> <select name='POLICY' style="width: 100px">
+ <option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
+ <option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
+ <input type='submit' name='ACTION' value=$Lang::tr{'save'} /><input type='hidden' name='defpol' value='1'></td>
+END
+ print "</tr></table></form>";
+ print"<br><br>";
+ print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr><td colspan='3' style='font-weight:bold;color:red;' align='left'>OUTGOING </td></tr>
+ <tr><td colspan='3' align='left'>$Lang::tr{'fwdfw pol text1'}</td></tr>
+ <tr><td colspan='3'><hr /></td></tr>
+ <tr><td width='15%' align='left'> <select name='POLICY1' style="width: 100px">
+ <option value='MODE1' $selected{'POLICY1'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
+ <option value='MODE2' $selected{'POLICY1'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
+ <input type='submit' name='ACTION' value='$Lang::tr{'save'}' /><input type='hidden' name='defpol' value='1'></td>
+END
+ print "</tr></table></form>";
+ &Header::closebox();
+
&Header::closebigbox();
&Header::closepage();
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-my %outfwsettings = ();
-my %checked = ();
-my %selected= () ;
-my %netsettings = ();
-my $errormessage = "";
-my $configentry = "";
-my @configs = ();
-my @configline = ();
-my $p2pentry = "";
-my @p2ps = ();
-my @p2pline = ();
-
-my $configfile = "/var/ipfire/outgoing/rules";
-my $configpath = "/var/ipfire/outgoing/groups/";
-my $p2pfile = "/var/ipfire/outgoing/p2protocols";
-my $servicefile = "/var/ipfire/outgoing/defaultservices";
-
-my %color = ();
-my %mainsettings = ();
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-### Values that have to be initialized
-$outfwsettings{'ACTION'} = '';
-$outfwsettings{'VALID'} = 'yes';
-$outfwsettings{'EDIT'} = 'no';
-$outfwsettings{'NAME'} = '';
-$outfwsettings{'SNET'} = '';
-$outfwsettings{'SIP'} = '';
-$outfwsettings{'SPORT'} = '';
-$outfwsettings{'SMAC'} = '';
-$outfwsettings{'DIP'} = '';
-$outfwsettings{'DPORT'} = '';
-$outfwsettings{'PROT'} = '';
-$outfwsettings{'STATE'} = '';
-$outfwsettings{'DISPLAY_DIP'} = '';
-$outfwsettings{'DISPLAY_DPORT'} = '';
-$outfwsettings{'DISPLAY_SMAC'} = '';
-$outfwsettings{'DISPLAY_SIP'} = '';
-$outfwsettings{'POLICY'} = 'MODE0';
-$outfwsettings{'MODE1LOG'} = 'off';
-
-$outfwsettings{'TIME_FROM'} = '00:00';
-$outfwsettings{'TIME_TO'} = '00:00';
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-&Header::getcgihash(\%outfwsettings);
-
-###############
-# DEBUG DEBUG
-#&Header::openbox('100%', 'left', 'DEBUG');
-#my $debugCount = 0;
-#foreach my $line (sort keys %outfwsettings) {
-#print "$line = $outfwsettings{$line}<br />\n";
-# $debugCount++;
-#}
-#print " Count: $debugCount\n";
-#&Header::closebox();
-# DEBUG DEBUG
-###############
-
-$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
-$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-
-$checked{'MODE1LOG'}{'off'} = '';
-$checked{'MODE1LOG'}{'on'} = '';
-$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
-$checked{'TIME_MON'}{'off'} = '';
-$checked{'TIME_MON'}{'on'} = '';
-$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'";
-$checked{'TIME_TUE'}{'off'} = '';
-$checked{'TIME_TUE'}{'on'} = '';
-$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'";
-$checked{'TIME_WED'}{'off'} = '';
-$checked{'TIME_WED'}{'on'} = '';
-$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'";
-$checked{'TIME_THU'}{'off'} = '';
-$checked{'TIME_THU'}{'on'} = '';
-$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'";
-$checked{'TIME_FRI'}{'off'} = '';
-$checked{'TIME_FRI'}{'on'} = '';
-$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'";
-$checked{'TIME_SAT'}{'off'} = '';
-$checked{'TIME_SAT'}{'on'} = '';
-$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'";
-$checked{'TIME_SUN'}{'off'} = '';
-$checked{'TIME_SUN'}{'on'} = '';
-$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'";
-
-if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
-# This is a little hack if poeple don´t mark any date then all will be selected, because they might have forgotten to select
-# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice
-# that they have to select a day for the rule.
-
-if ( $outfwsettings{'TIME_MON'} eq "" &&
- $outfwsettings{'TIME_TUE'} eq "" &&
- $outfwsettings{'TIME_WED'} eq "" &&
- $outfwsettings{'TIME_THU'} eq "" &&
- $outfwsettings{'TIME_FRI'} eq "" &&
- $outfwsettings{'TIME_SAT'} eq "" &&
- $outfwsettings{'TIME_SUN'} eq "" )
- {
- $outfwsettings{'TIME_MON'} = "on";
- $outfwsettings{'TIME_TUE'} = "on";
- $outfwsettings{'TIME_WED'} = "on";
- $outfwsettings{'TIME_THU'} = "on";
- $outfwsettings{'TIME_FRI'} = "on";
- $outfwsettings{'TIME_SAT'} = "on";
- $outfwsettings{'TIME_SUN'} = "on";
- }
-
-&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
-{
- $outfwsettings{'POLICY'}='MODE0';
- unlink $configfile;
- system("/usr/bin/touch $configfile");
- my $MODE = $outfwsettings{'POLICY'};
- %outfwsettings = ();
- $outfwsettings{'POLICY'} = "$MODE";
- &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
-{
- my $MODE = $outfwsettings{'POLICY'};
- my $MODE1LOG = $outfwsettings{'MODE1LOG'};
- %outfwsettings = ();
- $outfwsettings{'POLICY'} = "$MODE";
- $outfwsettings{'MODE1LOG'} = "$MODE1LOG";
- &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'enable')
-{
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
- print FILE "$p2pline[0];$p2pline[1];on;\n";
- } else {
- print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'disable')
-{
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
- print FILE "$p2pline[0];$p2pline[1];off;\n";
- } else {
- print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
-{
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- open( FILE, "> $configfile" ) or die "Unable to write $configfile";
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- unless (($configline[0] eq $outfwsettings{'STATE'}) &&
- ($configline[1] eq $outfwsettings{'ENABLED'}) &&
- ($configline[2] eq $outfwsettings{'SNET'}) &&
- ($configline[3] eq $outfwsettings{'PROT'}) &&
- ($configline[4] eq $outfwsettings{'NAME'}) &&
- ($configline[5] eq $outfwsettings{'SIP'}) &&
- ($configline[6] eq $outfwsettings{'SMAC'}) &&
- ($configline[7] eq $outfwsettings{'DIP'}) &&
- ($configline[9] eq $outfwsettings{'LOG'}) &&
- ($configline[8] eq $outfwsettings{'DPORT'}) &&
- ($configline[10] eq $outfwsettings{'TIME_MON'}) &&
- ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
- ($configline[12] eq $outfwsettings{'TIME_WED'}) &&
- ($configline[13] eq $outfwsettings{'TIME_THU'}) &&
- ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
- ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
- ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
- ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
- ($configline[18] eq $outfwsettings{'TIME_TO'}))
- {
- print FILE $configentry;
- }
- }
- close FILE;
- $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected';
- $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected';
- $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected';
- &addrule();
- &Header::closebigbox();
- &Header::closepage();
- exit
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
-{
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- open( FILE, "> $configfile" ) or die "Unable to write $configfile";
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- unless (($configline[0] eq $outfwsettings{'STATE'}) &&
- ($configline[1] eq $outfwsettings{'ENABLED'}) &&
- ($configline[2] eq $outfwsettings{'SNET'}) &&
- ($configline[3] eq $outfwsettings{'PROT'}) &&
- ($configline[4] eq $outfwsettings{'NAME'}) &&
- ($configline[5] eq $outfwsettings{'SIP'}) &&
- ($configline[6] eq $outfwsettings{'SMAC'}) &&
- ($configline[7] eq $outfwsettings{'DIP'}) &&
- ($configline[9] eq $outfwsettings{'LOG'}) &&
- ($configline[8] eq $outfwsettings{'DPORT'}) &&
- ($configline[10] eq $outfwsettings{'TIME_MON'}) &&
- ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
- ($configline[12] eq $outfwsettings{'TIME_WED'}) &&
- ($configline[13] eq $outfwsettings{'TIME_THU'}) &&
- ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
- ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
- ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
- ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
- ($configline[18] eq $outfwsettings{'TIME_TO'}))
- {
- print FILE $configentry;
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
-{
- if ( $outfwsettings{'VALID'} eq 'yes' ) {
-
- if ( $outfwsettings{'SNET'} eq "all" ) {
- $outfwsettings{'SIP'} ="";
- $outfwsettings{'SMAC'}="";
- }
- open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
- print FILE <<END
-$outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};$outfwsettings{'LOG'};$outfwsettings{'TIME_MON'};$outfwsettings{'TIME_TUE'};$outfwsettings{'TIME_WED'};$outfwsettings{'TIME_THU'};$outfwsettings{'TIME_FRI'};$outfwsettings{'TIME_SAT'};$outfwsettings{'TIME_SUN'};$outfwsettings{'TIME_FROM'};$outfwsettings{'TIME_TO'};
-END
-;
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
- } else {
- $outfwsettings{'ACTION'} = 'Add rule';
- }
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'})
-{
- &addrule();
- exit
-}
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
-}
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
- &Header::openbox('100%', 'center', 'Rules');
- print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' />
- </form>
-END
-;
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- if (@configs) {
- print <<END
- <hr />
- <table border='0' width='100%' cellspacing='0'>
- <tr bgcolor='$color{'color22'}'>
- <td width='14%' align='center'><b>$Lang::tr{'protocol'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'network'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'destination'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'description'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'policy'}</b></td>
- <td width='16%' align='center'><b>$Lang::tr{'logging'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
- $outfwsettings{'STATE'} = $configline[0];
- $outfwsettings{'ENABLED'} = $configline[1];
- $outfwsettings{'SNET'} = $configline[2];
- $outfwsettings{'PROT'} = $configline[3];
- $outfwsettings{'NAME'} = $configline[4];
- $outfwsettings{'SIP'} = $configline[5];
- $outfwsettings{'SMAC'} = $configline[6];
- $outfwsettings{'DIP'} = $configline[7];
- $outfwsettings{'DPORT'} = $configline[8];
- $outfwsettings{'LOG'} = $configline[9];
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- $outfwsettings{'TIME_MON'} = $configline[10];
- $outfwsettings{'TIME_TUE'} = $configline[11];
- $outfwsettings{'TIME_WED'} = $configline[12];
- $outfwsettings{'TIME_THU'} = $configline[13];
- $outfwsettings{'TIME_FRI'} = $configline[14];
- $outfwsettings{'TIME_SAT'} = $configline[15];
- $outfwsettings{'TIME_SUN'} = $configline[16];
- $outfwsettings{'TIME_FROM'} = $configline[17];
- $outfwsettings{'TIME_TO'} = $configline[18];
-
- if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
- if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
- if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY' />"; }
- if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW' />"; }
- if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
- if ( $outfwsettings{'ENABLED'} eq "on" ){
- print "<tr bgcolor='$color{'color20'}'>";
- } else {
- print "<tr bgcolor='$color{'color18'}'>";
- }
- print <<END
- <td align='center'>$outfwsettings{'PROT'}
- <td align='center'>$outfwsettings{'SNET'}
- <td align='center'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
- <td align='center'>$outfwsettings{'NAME'}
- <td align='center'>$outfwsettings{'DISPLAY_STATE'}
- <td align='center'>$outfwsettings{'LOG'}
- <td align='center'>
- <table border='0' cellpadding='0' cellspacing='0'><tr>
- <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
- <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
- <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
- <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
- <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
- <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
- <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
- <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
- <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
- <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
- <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
- <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
- <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
- <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
- <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
- <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
- <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
- <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
- <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
- <input type='hidden' name='ACTION' value=$Lang::tr{'edit'} />
- <input type='image' src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'} />
- </form>
- <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
- <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
- <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
- <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
- <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
- <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
- <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
- <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
- <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
- <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
- <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
- <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
- <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
- <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
- <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
- <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
- <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
- <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
- <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
- <input type='hidden' name='ACTION' value=$Lang::tr{'delete'} />
- <input type='image' src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'} />
- </form></table>
-END
-;
- if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
-
- unless ($outfwsettings{'SIP'}) {
- $outfwsettings{'DISPLAY_SIP'} = 'ALL';
- } else {
- $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'};
- }
-
- unless ($outfwsettings{'SMAC'}) {
- $outfwsettings{'DISPLAY_SMAC'} = 'ALL';
- print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>";
- print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>";
- } else {
- $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'};
- print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>";
- print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>";
- }
- }
- print <<END
- <tr><td width='14%' align='right'>$Lang::tr{'time'} - </td>
- <td width='14%' align='left'>
-END
-;
- if ($outfwsettings{'TIME_MON'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy monday'}</font>,";
- if ($outfwsettings{'TIME_TUE'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy tuesday'}</font>,";
- if ($outfwsettings{'TIME_WED'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy wednesday'}</font>,";
- if ($outfwsettings{'TIME_THU'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy thursday'}</font>,";
- if ($outfwsettings{'TIME_FRI'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy friday'}</font>,";
- if ($outfwsettings{'TIME_SAT'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy saturday'}</font>,";
- if ($outfwsettings{'TIME_SUN'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy sunday'}</font>";
- print <<END
- </td>
- <td width='22%' align='center'>$Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'}</td>
- <td width='22%' align='center'>$Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'}</td>
- </form>
-END
-;
- }
- }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){
-print <<END
- <tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <td align='center'>all
- <td align='center'>all
- <td align='center'>ALL
- <td align='center'>drop
- <td align='center'><img src='/images/stock_stop.png' alt='DENY' />
- <td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
- <td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
- <table border='0' cellpadding='0' cellspacing='0'><tr>
- <td>
- <td></table>
-END
-;
-}
- print <<END
- </table>
-END
-;
-
- }
- &Header::closebox();
-}
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- &Header::openbox('100%', 'center', 'P2P-Block');
- print <<END
- <table width='40%'>
- <tr bgcolor='$color{'color22'}'><td width='66%' align=center><b>$Lang::tr{'protocol'}</b>
- <td width='33%' align=center><b>$Lang::tr{'status'}</b>
-END
-;
- my $id = 1;
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-END
-;
- print "\t\t\t<tr bgcolor='$color{'color20'}'>\n";
- print <<END
- <td width='66%' align='center'>$p2pline[0]:
- <td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' />
-END
-;
- if ($p2pline[2] eq 'on') {
- print <<END
- <input type='hidden' name='ACTION' value='disable' />
- <input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/>
-END
-;
- } else {
- print <<END
- <input type='hidden' name='ACTION' value='enable' />
- <input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' />
-END
-;
- }
- print <<END
- </form>
-END
-;
- }
- print <<END
- </table>
- <br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'}
-END
-;
- &Header::closebox();
-}
-
-&Header::openbox('100%', 'center', 'Policy');
-print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='100%'>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
- <tr><td colspan='3'><hr /></td></tr>
- <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
- <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
- <td width='45%' align='left'>
-END
-;
- if ($outfwsettings{'POLICY'} ne 'MODE0') {
- print <<END
- $Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} />
-END
-;
- }
-print <<END
- </table>
- </form>
-END
-;
-&Header::closebox();
-
-############################################################################################################################
-############################################################################################################################
-
-sub addrule
-{
- &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
- if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; }
- $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
- $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='80%'>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
- <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
- <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'protocol'}</td>
- <td width='30%' align='left'>
- <select name='PROT'>
- <option value='all' $selected{'PROT'}{'all'}>All</option>
- <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
- <option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
- <option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
- <option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
- </select>
- </td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
- <td width='30%' align='left' colspan='2'>
-END
-;
- if ($outfwsettings{'POLICY'} eq 'MODE1'){
- print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
- } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
- print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
- }
- print <<END
- </td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'source'}:</td>
- <td width='30%' align='left'>
- <select name='SNET'>
- <optgroup label='---'>
- <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
- <optgroup label='$Lang::tr{'mac address'}'>
- <option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option>
- </optgroup>
- <optgroup label='$Lang::tr{'ip address'}'>
- <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option>
- <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
- </optgroup>
- <optgroup label='$Lang::tr{'alt vpn'}'>
- <option value='ovpn' $selected{'SNET'}{'ovpn'}>OpenVPN $Lang::tr{'interface'}</option>
- </optgroup>
- <optgroup label='$Lang::tr{'network'}'>
- <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
- if (&Header::blue_used()){
- print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
- }
- if (&Header::orange_used()){
- print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
- }
- print <<END
- </optgroup>
- <optgroup label='IP $Lang::tr{'advproxy NCSA group'}'>
-END
-;
- my @ipgroups = qx(ls $configpath/ipgroups/);
- foreach (sort @ipgroups){
- chomp($_);
- print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
- }
- print <<END
- </optgroup>
- <optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'>
-END
-;
- my @macgroups = qx(ls $configpath/macgroups/);
- foreach (sort @macgroups){
- chomp($_);
- print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
- }
- print <<END
- </optgroup>
- </select>
- </td>
- <td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td>
- </tr>
- <tr>
- <td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td>
- <td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td>
- </tr>
- <tr>
- <td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' />
- <td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' />
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'logging'}:</td>
- <td width='30%' align='left'>
- <select name='LOG'>
- <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
- <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
- </select>
- </td>
- <td width='20%' align='right' colspan='2' />
- <td width='30%' align='left' colspan='2' />
- <tr>
- <td width='20%' align='right'>$Lang::tr{'destination ip or net'}: <img src='/blob.gif' /></td>
- <td width='30%' align='left'><input type='text' name='DIP' value='$outfwsettings{'DIP'}' /></td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}(s) <img src='/blob.gif' /></td>
- <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' value='$outfwsettings{'DPORT'}' /></td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'time'}:</td>
- <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
- <td width='20%' align='right' colspan='2' />
- <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
- <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
- </tr>
- <tr>
- <td width='20%' align='right'></td>
- <td width='30%' align='left'>
- <input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
- <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
- <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
- <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
- <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
- <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
- <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
- </td>
- <td width='20%' align='right' colspan='2' />
- <td width='15%' align='left'>
- <select name='TIME_FROM'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
- }
-}
-print <<END
- </select>
- </td>
- <td width='15%' align='left'><select name='TIME_TO'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
- }
-}
-print <<END
- </select>
- </td>
- </tr>
- <tr>
- <td colspan='6' />
- <tr>
- <tr>
- <td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
- <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
- </table></form>
-END
-;
- &Header::closebox();
-
-if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2')
-{
-&Header::openbox('100%', 'center', 'Quick Add');
-
- open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services";
- my @defservices = <FILE>;
- close FILE;
-
-print "<table width='100%'><tr bgcolor='$color{'color20'}'><td><b>$Lang::tr{'service'}</b></td><td><b>$Lang::tr{'description'}</b></td><td><b>$Lang::tr{'port'}</b></td><td><b>$Lang::tr{'protocol'}</b></td><td><b>$Lang::tr{'source net'}</b></td><td><b>$Lang::tr{'logging'}</b></td><td><b>$Lang::tr{'action'}</b></td></tr>";
-foreach my $serviceline(@defservices)
- {
- my @service = split(/,/,$serviceline);
- print <<END
- <tr><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <td>$service[0]<input type='hidden' name='NAME' value='@service[0]' /></td>
- <td>$service[3]</td>
- <td><a href='http://isc.sans.org/port_details.php?port=$service[1]' target='top'>$service[1]</a><input type='hidden' name='DPORT' value='@service[1]' /></td>
- <td>$service[2]<input type='hidden' name='PROT' value='@service[2]' /></td>
- <td><select name='SNET'><option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
- if (&Header::blue_used()){
- print "<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>";
- }
- if (&Header::orange_used()){
- print "<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>";
- }
- print <<END
- </select></td>
- <td><select name='LOG'><option value='$Lang::tr{'active'}'>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' 'selected'>$Lang::tr{'inactive'}</option></select></td><td>
- <input type='hidden' name='ACTION' value=$Lang::tr{'add'} />
- <input type='image' alt='$Lang::tr{'add'}' src='/images/add.gif' />
- <input type='hidden' name='ENABLED' value='on' />
-END
-;
- if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "<input type='hidden' name='STATE' value='ALLOW' /></form></td></tr>";}
- elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "<input type='hidden' name='STATE' value='DENY' /></form></td></tr>";}
- }
- print "</table>";
- &Header::closebox();
- }
-}
-
-&Header::closebigbox();
-&Header::closepage();
use File::Temp qw/ tempfile tempdir /;
use strict;
use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
+use Sort::Naturally;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
}
}
-
sub checkportfw {
- my $KEY2 = $_[0]; # key2
- my $SRC_PORT = $_[1]; # src_port
- my $PROTOCOL = $_[2]; # protocol
- my $SRC_IP = $_[3]; # sourceip
-
- my $pfwfilename = "${General::swroot}/portfw/config";
- open(FILE, $pfwfilename) or die 'Unable to open config file.';
- my @pfwcurrent = <FILE>;
- close(FILE);
- my $pfwkey1 = 0; # used for finding last sequence number used
- foreach my $pfwline (@pfwcurrent)
- {
- my @pfwtemp = split(/\,/,$pfwline);
-
- chomp ($pfwtemp[8]);
- if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
- if ( $SRC_PORT eq $pfwtemp[3] &&
- $PROTOCOL eq $pfwtemp[2] &&
- $SRC_IP eq $pfwtemp[7])
- {
- $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
- }
- # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
- if ( $pfwtemp[1] eq "0") {
- $pfwkey1=$pfwtemp[0];
- }
- # Darren Critchley - Duplicate or overlapping Port range check
- if ($pfwtemp[1] eq "0" &&
- $PROTOCOL eq $pfwtemp[2] &&
- $SRC_IP eq $pfwtemp[7] &&
- $errormessage eq '')
- {
- &portchecks($SRC_PORT, $pfwtemp[5]);
-# &portchecks($pfwtemp[3], $pfwtemp[5]);
-# &portchecks($pfwtemp[3], $SRC_IP);
+ my $DPORT = shift;
+ my $DPROT = shift;
+ my %natconfig =();
+ my $confignat = "${General::swroot}/forward/config";
+ $DPROT= uc ($DPROT);
+ &General::readhasharray($confignat, \%natconfig);
+ foreach my $key (sort keys %natconfig){
+ my @portarray = split (/\|/,$natconfig{$key}[30]);
+ foreach my $value (@portarray){
+ if ($value =~ /:/i){
+ my ($a,$b) = split (":",$value);
+ if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
+ $errormessage= "$Lang::tr{'source port in use'} $DPORT";
+ }
+ }else{
+ if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
+ $errormessage= "$Lang::tr{'source port in use'} $DPORT";
+ }
+ }
}
}
- }
-# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
-
- return;
+ return;
}
sub checkportoverlap
return 0;
}
}
-# Darren Critchley - Duplicate or overlapping Port range check
-sub portchecks
-{
- my $p1 = $_[0]; # New port range
- my $p2 = $_[1]; # existing port range
-# $_ = $_[0];
- our ($prtrange1, $prtrange2);
- $prtrange1 = 0;
-# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
-# unless (&checkportoverlap($p1,$p2)) {
-# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
-# }
-# }
- if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($p2,$p1)) {
- $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
- }
- }
- $prtrange1 = 1;
- if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($p1,$p2)) {
- $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
- }
- }
- return;
-}
# Darren Critchley - certain ports are reserved for IPFire
# TCP 67,68,81,222,445
if ($cgiparams{'ENABLED'} eq 'on'){
- &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
+ &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
}
if ($errormessage) { goto SETTINGS_ERROR; }
</tr>
END
;
- my $id = 0;
- my $gif;
- foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
- if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
-
+ my $id = 0;
+ my $gif;
+ foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
+ if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
print "<tr bgcolor='$color{'color20'}'>\n";
} else {
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# Author: Alexander Marx (Amarx@ipfire.org) #
+###############################################################################
+
+use strict;
+no warnings 'uninitialized';
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my $errormessage='';
+my $p2pfile = "${General::swroot}/forward/p2protocols";
+
+my @p2ps = ();
+my %fwdfwsettings=();
+my %color=();
+my %mainsettings=();
+
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+
+
+&Header::showhttpheaders();
+&Header::getcgihash(\%fwdfwsettings);
+&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openbigbox('100%', 'center',$errormessage);
+
+if ($fwdfwsettings{'ACTION'} eq ''){
+&p2pblock;
+}
+if ($fwdfwsettings{'ACTION'} eq 'togglep2p')
+{
+ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+ @p2ps = <FILE>;
+ close FILE;
+ open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
+ foreach my $p2pentry (sort @p2ps)
+ {
+ my @p2pline = split( /\;/, $p2pentry );
+ if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
+ if($p2pline[2] eq 'on'){
+ $p2pline[2]='off';
+ }else{
+ $p2pline[2]='on';
+ }
+ }
+ print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
+ }
+ close FILE;
+ &rules;
+ &p2pblock;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+ &reread_rules;
+ &p2pblock;
+}
+
+
+sub p2pblock
+{
+ if (-f "${General::swroot}/forward/reread"){
+ print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div></td></tr></table></form><br>";
+ }
+ my $gif;
+ open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+ @p2ps = <FILE>;
+ close FILE;
+ &Header::openbox('100%', 'center', 'P2P-Block');
+ print <<END;
+ <table width='35%' border='0'>
+ <tr bgcolor='$color{'color22'}'><td align=center colspan='2' ><b>$Lang::tr{'protocol'}</b></td><td align='center'><b>$Lang::tr{'status'}</b></td></tr>
+END
+ foreach my $p2pentry (sort @p2ps)
+ {
+ my @p2pline = split( /\;/, $p2pentry );
+ if($p2pline[2] eq 'on'){
+ $gif="/images/on.gif"
+ }else{
+ $gif="/images/off.gif"
+ }
+ print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <tr bgcolor='$color{'color20'}'>
+ <td align='center' colspan='2' >$p2pline[0]:</td><td align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' /><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' ><input type='hidden' name='ACTION' value='togglep2p'></td></tr></form>
+END
+ }
+ print"<tr><td><img src='/images/on.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p allow'}</td></tr>";
+ print"<tr><td><img src='/images/off.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p deny'}</td></tr></table>";
+ print"<br><br><br><table width='100%'><tr><td align='left'>$Lang::tr{'fwdfw p2p txt'}</td></tr></table>";
+ &Header::closebox();
+}
+sub rules
+{
+ if (!-f "${General::swroot}/forward/reread"){
+ system("touch ${General::swroot}/forward/reread");
+ system("touch ${General::swroot}/fwhosts/reread");
+ }
+}
+sub reread_rules
+{
+ system("/usr/local/bin/forwardfwctrl");
+ if ( -f "${General::swroot}/forward/reread"){
+ system("rm ${General::swroot}/forward/reread");
+ system("rm ${General::swroot}/fwhosts/reread");
+ }
+}
+&Header::closebigbox();
+&Header::closepage();
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-#workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::colouryellow} );
-undef (@dummy);
-
-my %color = ();
-my %mainsettings = ();
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-my %cgiparams=();
-my %selected=();
-my %checked=();
-my $prtrange1=0;
-my $prtrange2=0;
-my $errormessage = '';
-my $filename = "${General::swroot}/portfw/config";
-my $aliasfile = "${General::swroot}/ethernet/aliases";
-
-&Header::showhttpheaders();
-
-$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'KEY1'} = '0';
-$cgiparams{'KEY2'} = '0';
-$cgiparams{'PROTOCOL'} = '';
-$cgiparams{'SRC_PORT'} = '';
-$cgiparams{'DEST_IP'} = '';
-$cgiparams{'DEST_PORT'} = '';
-$cgiparams{'SRC_IP'} = '';
-$cgiparams{'ORIG_IP'} = '';
-$cgiparams{'REMARK'} = '';
-$cgiparams{'OVERRIDE'} = 'off';
-$cgiparams{'ACTION'} = '';
-
-&Header::getcgihash(\%cgiparams);
-
-my $disable_all = "0";
-my $enable_all = "0";
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
-{
- &valaddupdate();
-
- # Darren Critchley - if there is an error, don't waste any more time processing
- if ($errormessage) { goto ERROR; }
-
- open(FILE, $filename) or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
- my $key1 = 0; # used for finding last sequence number used
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
-
- chomp ($temp[8]);
- if ($cgiparams{'KEY2'} eq "0"){ # if key2 is 0 then it is a portfw addition
- if ( $cgiparams{'SRC_PORT'} eq $temp[3] &&
- $cgiparams{'PROTOCOL'} eq $temp[2] &&
- $cgiparams{'SRC_IP'} eq $temp[7])
- {
- $errormessage =
- "$Lang::tr{'source port in use'} $cgiparams{'SRC_PORT'}";
- }
- # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
- if ( $temp[1] eq "0") {
- $key1=$temp[0];
- }
- # Darren Critchley - Duplicate or overlapping Port range check
- if ($temp[1] eq "0" &&
- $cgiparams{'PROTOCOL'} eq $temp[2] &&
- $cgiparams{'SRC_IP'} eq $temp[7] &&
- $errormessage eq '')
- {
- &portchecks($temp[3], $temp[5]);
- }
- } else {
- if ( $cgiparams{'KEY1'} eq $temp[0] &&
- $cgiparams{'ORIG_IP'} eq $temp[8])
- {
- $errormessage =
- "$Lang::tr{'source ip in use'} $cgiparams{'ORIG_IP'}";
- }
- }
- }
-
-ERROR:
- unless ($errormessage)
- {
- # Darren Critchley - we only want to store ranges with Colons
- $cgiparams{'SRC_PORT'} =~ tr/-/:/;
- $cgiparams{'DEST_PORT'} =~ tr/-/:/;
-
- if ($cgiparams{'KEY1'} eq "0") { # 0 in KEY1 indicates it is a portfw add
- $key1++; # Add one to last sequence number
- open(FILE,">>$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- if ($cgiparams{'ORIG_IP'} eq '0.0.0.0/0') {
- # if the default/all is taken, then write it to the rule
- print FILE "$key1,0,$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n";
- } else { # else create an extra record so it shows up
- print FILE "$key1,0,$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},0,$cgiparams{'REMARK'}\n";
- print FILE "$key1,1,$cgiparams{'PROTOCOL'},0,$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},0,$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n";
- }
- close(FILE);
- undef %cgiparams;
- &General::log($Lang::tr{'forwarding rule added'});
- system('/usr/local/bin/setportfw');
- } else { # else key1 eq 0
- my $insertpoint = ($cgiparams{'KEY2'} - 1);
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current) {
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($cgiparams{'KEY1'} eq $temp[0] && $insertpoint eq $temp[1]) {
- if ($temp[1] eq "0") { # this is the first xtaccess rule, therefore modify the portfw rule
- $temp[8] = '0';
- }
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n";
- print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$cgiparams{'PROTOCOL'},0,$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},0,$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n";
- } else {
- print FILE "$line\n";
- }
- }
- close(FILE);
- undef %cgiparams;
- &General::log($Lang::tr{'external access rule added'});
- system('/usr/local/bin/setportfw');
- } # end if if KEY1 eq 0
- } # end unless($errormessage)
-}
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'update'})
-{
- &valaddupdate();
-
- # Darren Critchley - If there is an error don't waste any more processing time
- if ($errormessage) { $cgiparams{'ACTION'} = $Lang::tr{'edit'}; goto UPD_ERROR; }
-
- open(FILE, $filename) or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
- my $disabledpfw = '0';
- my $lastpfw = '';
- my $xtaccessdel = '0';
-
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
- if ( $temp[1] eq "0" ) { # keep track of the last portfw and if it is enabled
- $disabledpfw = $temp[6];
- $lastpfw = $temp[0];
- }
- chomp ($temp[8]);
- if ( $cgiparams{'SRC_PORT'} eq $temp[3] &&
- $cgiparams{'PROTOCOL'} eq $temp[2] &&
- $cgiparams{'SRC_IP'} eq $temp[7])
- {
- if ($cgiparams{'KEY1'} ne $temp[0] && $cgiparams{'KEY2'} eq "0")
- {
- $errormessage =
- "$Lang::tr{'source port in use'} $cgiparams{'SRC_PORT'}";
- }
- }
- if ($cgiparams{'ORIG_IP'} eq $temp[8])
- {
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} ne $temp[1])
- # If we have the same source ip within a portfw group, then we have a problem!
- {
- $errormessage = "$Lang::tr{'source ip in use'} $cgiparams{'ORIG_IP'}";
- $cgiparams{'ACTION'} = $Lang::tr{'edit'};
- }
- }
-
- # Darren Critchley - Flag when a user disables an xtaccess
- if ($cgiparams{'KEY1'} eq $temp[0] &&
- $cgiparams{'KEY2'} eq $temp[1] &&
- $cgiparams{'KEY2'} ne "0" && # if KEY2 is 0 then it is a portfw
- $cgiparams{'ENABLED'} eq "off" &&
- $temp[6] eq "on") { # we have determined that someone has turned an xtaccess off
- $xtaccessdel = "1";
- }
-
- # Darren Critchley - Portfw enabled, then enable xtaccess for all associated xtaccess records
- if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'KEY2'} eq "0" && $cgiparams{'ENABLED'} ne $temp[6])
- {
- $enable_all = "1";
- } else {
- $enable_all = "0";
- }
- # Darren Critchley - Portfw disabled, then disable xtaccess for all associated xtaccess records
- if ($cgiparams{'ENABLED'} eq "off" && $cgiparams{'KEY2'} eq "0")
- {
- $disable_all = "1";
- } else {
- $disable_all = "0";
- }
-
- # Darren Critchley - if we are enabling an xtaccess, only allow if the associated Portfw is enabled
- if ($cgiparams{'KEY1'} eq $lastpfw && $cgiparams{'KEY2'} ne "0") { # identifies an xtaccess record in the group
- if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'ENABLED'} ne $temp[6] ){ # a change has been made
- if ($disabledpfw eq "off")
- {
- $errormessage = "$Lang::tr{'cant enable xtaccess'}";
- $cgiparams{'ACTION'} = $Lang::tr{'edit'};
- }
- }
- }
-
- # Darren Critchley - rule to stop someone from entering ALL into a external access rule,
- # the portfw is the only place that ALL can be specified
- if ($cgiparams{'KEY2'} ne "0" && $cgiparams{'ORIG_IP'} eq "0.0.0.0/0") {
- $errormessage = "$Lang::tr{'xtaccess all error'}";
- $cgiparams{'ACTION'} = $Lang::tr{'edit'};
- }
-
- # Darren Critchley - Duplicate or overlapping Port range check
- if ($temp[1] eq "0" &&
- $cgiparams{'KEY1'} ne $temp[0] &&
- $cgiparams{'PROTOCOL'} eq $temp[2] &&
- $cgiparams{'SRC_IP'} eq $temp[7] &&
- $errormessage eq '')
- {
- &portchecks($temp[3], $temp[5]);
- } # end port testing
-
- }
-
- # Darren Critchley - if an xtaccess was disabled, now we need to check to see if it was the only xtaccess
- if($xtaccessdel eq "1") {
- my $xctr = 0;
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
- if($temp[0] eq $cgiparams{'KEY1'} &&
- $temp[6] eq "on") { # we only want to count the enabled xtaccess's
- $xctr++;
- }
- }
- if ($xctr == 2){
- $disable_all = "1";
- }
- }
-
-UPD_ERROR:
- unless ($errormessage)
- {
- # Darren Critchley - we only want to store ranges with Colons
- $cgiparams{'SRC_PORT'} =~ tr/-/:/;
- $cgiparams{'DEST_PORT'} =~ tr/-/:/;
-
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current) {
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1]) {
- print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$cgiparams{'PROTOCOL'},$cgiparams{'SRC_PORT'},$cgiparams{'DEST_IP'},$cgiparams{'DEST_PORT'},$cgiparams{'ENABLED'},$cgiparams{'SRC_IP'},$cgiparams{'ORIG_IP'},$cgiparams{'REMARK'}\n";
- } else {
- # Darren Critchley - If it is a port forward record, then chances are good that a change was made to
- # Destination Ip or Port, and we need to update all the associated external access records
- if ($cgiparams{'KEY2'} eq "0" && $cgiparams{'KEY1'} eq $temp[0]) {
- $temp[4] = $cgiparams{'DEST_IP'};
- $temp[5] = $cgiparams{'DEST_PORT'};
- $temp[2] = $cgiparams{'PROTOCOL'};
- }
-
- # Darren Critchley - If a Portfw has been disabled, then set all associated xtaccess as disabled
- if ( $disable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) {
- $temp[6] = 'off';
- }
- if ( $enable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) {
- $temp[6] = 'on';
- }
- # Darren Critchley - Deal with the override to allow ALL
- if ( $cgiparams{'OVERRIDE'} eq "on" && $temp[1] ne "0" && $cgiparams{'KEY1'} eq $temp[0] ) {
- $temp[6] = 'off';
- }
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n";
- }
- }
- close(FILE);
- undef %cgiparams;
- &General::log($Lang::tr{'forwarding rule updated'});
- system('/usr/local/bin/setportfw');
- }
- if ($errormessage) {
- $cgiparams{'ACTION'} = $Lang::tr{'edit'};
- }
-}
-
-# Darren Critchley - Allows rules to be enabled and disabled
-if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
-{
- open(FILE, $filename) or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
- my $disabledpfw = '0';
- my $lastpfw = '';
- my $xtaccessdel = '0';
-
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
- if ( $temp[1] eq "0" ) { # keep track of the last portfw and if it is enabled
- $disabledpfw = $temp[6];
- $lastpfw = $temp[0];
- }
- # Darren Critchley - Flag when a user disables an xtaccess
- if ($cgiparams{'KEY1'} eq $temp[0] &&
- $cgiparams{'KEY2'} eq $temp[1] &&
- $cgiparams{'KEY2'} ne "0" && # if KEY2 is 0 then it is a portfw
- $cgiparams{'ENABLED'} eq "off" &&
- $temp[6] eq "on") { # we have determined that someone has turned an xtaccess off
- $xtaccessdel = "1";
- }
-
- # Darren Critchley - Portfw enabled, then enable xtaccess for all associated xtaccess records
- if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'KEY2'} eq "0" && $cgiparams{'ENABLED'} ne $temp[6])
- {
- $enable_all = "1";
- } else {
- $enable_all = "0";
- }
- # Darren Critchley - Portfw disabled, then disable xtaccess for all associated xtaccess records
- if ($cgiparams{'ENABLED'} eq "off" && $cgiparams{'KEY2'} eq "0")
- {
- $disable_all = "1";
- } else {
- $disable_all = "0";
- }
-
- # Darren Critchley - if we are enabling an xtaccess, only allow if the associated Portfw is enabled
- if ($cgiparams{'KEY1'} eq $lastpfw && $cgiparams{'KEY2'} ne "0") { # identifies an xtaccess record in the group
- if ($cgiparams{'ENABLED'} eq "on" && $cgiparams{'ENABLED'} ne $temp[6] ){ # a change has been made
- if ($disabledpfw eq "off")
- {
- $errormessage = "$Lang::tr{'cant enable xtaccess'}";
- goto TOGGLEEXIT;
- }
- }
- }
- }
-
- # Darren Critchley - if an xtaccess was disabled, now we need to check to see if it was the only xtaccess
- if($xtaccessdel eq "1") {
- my $xctr = 0;
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
- if($temp[0] eq $cgiparams{'KEY1'} &&
- $temp[6] eq "on") { # we only want to count the enabled xtaccess's
- $xctr++;
- }
- }
- if ($xctr == 2){
- $disable_all = "1";
- }
- }
-
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current) {
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1]) {
- print FILE "$cgiparams{'KEY1'},$cgiparams{'KEY2'},$temp[2],$temp[3],$temp[4],$temp[5],$cgiparams{'ENABLED'},$temp[7],$temp[8],$temp[9]\n";
- } else {
- # Darren Critchley - If a Portfw has been disabled, then set all associated xtaccess as disabled
- if ( $disable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) {
- $temp[6] = 'off';
- }
- if ( $enable_all eq "1" && $cgiparams{'KEY1'} eq $temp[0] ) {
- $temp[6] = 'on';
- }
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n";
- }
- }
- close(FILE);
- &General::log($Lang::tr{'forwarding rule updated'});
- system('/usr/local/bin/setportfw');
-TOGGLEEXIT:
- undef %cgiparams;
-}
-
-
-# Darren Critchley - broke out Edit routine from the delete routine - Edit routine now just puts values in fields
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
-{
- open(FILE, "$filename") or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
-
- unless ($errormessage)
- {
- foreach my $line (@current)
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) {
- $cgiparams{'PROTOCOL'} = $temp[2];
- $cgiparams{'SRC_PORT'} = $temp[3];
- $cgiparams{'DEST_IP'} = $temp[4];
- $cgiparams{'DEST_PORT'} = $temp[5];
- $cgiparams{'ENABLED'} = $temp[6];
- $cgiparams{'SRC_IP'} = $temp[7];
- $cgiparams{'ORIG_IP'} = $temp[8];
- $cgiparams{'REMARK'} = $temp[9];
- }
-
- }
- }
-}
-
-# Darren Critchley - broke out Remove routine as the logic is getting too complex to be combined with the Edit
-if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
-{
- open(FILE, "$filename") or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
-
- # If the record being deleted is an xtaccess record, and it is the only one for a portfw record
- # then we need to adjust the portfw record to be open to ALL ip addressess or an error will occur
- # in setportfw.c
- my $fixportfw = '0';
- if ($cgiparams{'KEY2'} ne "0") {
- my $counter = 0;
- foreach my $line (@current)
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($temp[0] eq $cgiparams{'KEY1'}) {
- $counter++;
- }
- }
- if ($counter eq 2) {
- $fixportfw = '1';
- }
- }
-
- unless ($errormessage)
- {
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- my $linedeleted = 0;
- foreach my $line (@current)
- {
- chomp($line);
- my @temp = split(/\,/,$line);
-
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ||
- $cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq "0" )
- {
- $linedeleted = 1;
- } else {
- if ($temp[0] eq $cgiparams{'KEY1'} && $temp[1] eq "0" && $fixportfw eq "1") {
- $temp[8] = '0.0.0.0/0';
- }
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7],$temp[8],$temp[9]\n";
-# print FILE "$line\n";
- }
- }
- close(FILE);
- if ($linedeleted == 1) {
- &General::log($Lang::tr{'forwarding rule removed'});
- undef %cgiparams;
- }
- system('/usr/local/bin/setportfw');
- }
-}
-
-# Darren Critchley - Added routine to allow external access rules to be added
-if ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'})
-{
- open(FILE, $filename) or die 'Unable to open config file.';
- my @current = <FILE>;
- close(FILE);
- my $key = 0; # used for finding last sequence number used
- foreach my $line (@current)
- {
- my @temp = split(/\,/,$line);
- if ($temp[0] eq $cgiparams{'KEY1'}) {
- $key = $temp[1]
- }
- if ($cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) {
- $cgiparams{'PROTOCOL'} = $temp[2];
- $cgiparams{'SRC_PORT'} = $temp[3];
- $cgiparams{'DEST_IP'} = $temp[4];
- $cgiparams{'DEST_PORT'} = $temp[5];
- $cgiparams{'ENABLED'} = $temp[6];
- $cgiparams{'SRC_IP'} = $temp[7];
- $cgiparams{'ORIG_IP'} = '';
- $cgiparams{'REMARK'} = $temp[9];
- }
- }
- $key++;
- $cgiparams{'KEY2'} = $key;
- # Until the ADD button is hit, there needs to be no change to portfw rules
-}
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'reset'})
-{
- undef %cgiparams;
-}
-
-if ($cgiparams{'ACTION'} eq '')
-{
- $cgiparams{'PROTOCOL'} = 'tcp';
- $cgiparams{'ENABLED'} = 'on';
- $cgiparams{'SRC_IP'} = '0.0.0.0';
-}
-
-$selected{'PROTOCOL'}{'udp'} = '';
-$selected{'PROTOCOL'}{'tcp'} = '';
-$selected{'PROTOCOL'}{'gre'} = '';
-$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
-
-$selected{'SRC_IP'}{$cgiparams{'SRC_IP'}} = "selected='selected'";
-
-$checked{'ENABLED'}{'off'} = '';
-$checked{'ENABLED'}{'on'} = '';
-$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
-
-&Header::openpage($Lang::tr{'port forwarding configuration'}, 1, '');
-
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'><font color='${Header::colourred}'>$errormessage\n</font>";
- print " </class>\n";
- &Header::closebox();
-}
-
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){
- &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
-} else {
- &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
-}
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY2'} ne "0" || $cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'}){
-# if it is not a port forward record, don't validate as the fields are disabled
- my $PROT = "\U$cgiparams{'PROTOCOL'}\E";
- # Darren Critchley - Format the source and destination ports
- my $dstprt = $cgiparams{'DEST_PORT'};
- $dstprt =~ s/-/ - /;
- $dstprt =~ s/:/ - /;
-
-print <<END
-<table>
- <tr>
- <td class='base'>$Lang::tr{'protocol'}: <b>$PROT</b></td>
- <td width='20'> </td>
- <td class='base' align='right'>$Lang::tr{'destination ip'}: </td>
- <td><b>$cgiparams{'DEST_IP'}</b></td>
- <td width='20'> </td>
- <td class='base' align='right'>$Lang::tr{'destination port'}: </td>
- <td><b>$dstprt</b></td>
- </tr>
-</table>
-
-<input type='hidden' name='PROTOCOL' value='$cgiparams{'PROTOCOL'}' />
-<input type='hidden' name='SRC_IP' value='$cgiparams{'SRC_IP'}' />
-<input type='hidden' name='SRC_PORT' value='$cgiparams{'SRC_PORT'}' />
-<input type='hidden' name='DEST_IP' value='$cgiparams{'DEST_IP'}' />
-<input type='hidden' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' />
-END
-;
-} else {
-print <<END
-<table width='100%'>
- <tr>
- <td width='10%'>$Lang::tr{'protocol'}: </td>
- <td width='15%'>
- <select name='PROTOCOL'>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
- <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='gre' $selected{'PROTOCOL'}{'gre'}>GRE</option>
- </select>
- </td>
- <td class='base' width='20%'><font color='${Header::colourred}'>$Lang::tr{'alias ip'}:</font></td>
- <td>
- <select name='SRC_IP'>
- <option value='0.0.0.0' $selected{'SRC_IP'}{'0.0.0.0'}>DEFAULT IP</option>
-END
-;
-open(ALIASES, "$aliasfile") or die 'Unable to open aliases file.';
-while (<ALIASES>)
-{
- chomp($_);
- my @temp = split(/\,/,$_);
- if ($temp[1] eq 'on') {
- print "<option value='$temp[0]' $selected{'SRC_IP'}{$temp[0]}>$temp[0]";
- if (defined $temp[2] and ($temp[2] ne '')) { print " ($temp[2])"; }
- print "</option>\n";
- }
-}
-close(ALIASES);
-print <<END
- </select>
- </td>
- <td class='base' width='20%'><font color='${Header::colourred}'>$Lang::tr{'source port'}:</font></td>
- <td width='10%'><input type='text' name='SRC_PORT' value='$cgiparams{'SRC_PORT'}' size='8' /></td>
- </tr>
- <tr>
- <td class='base'> </td>
- <td> </td>
- <td class='base'>$Lang::tr{'destination ip'}:</td>
- <td><input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' /></td>
- <td class='base'>$Lang::tr{'destination port'}:</td>
- <td><input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='8' /></td>
- </tr>
-</table>
-END
-;
-}
-
-print <<END
-<table>
- <tr>
- <td class='base'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /> </td>
- <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
-END
-;
-unless ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'} && $cgiparams{'ENABLED'} eq "off") {
- print "<td width='20'> </td>";
- print "<td>$Lang::tr{'enabled'} </td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
-}
-print <<END
- </tr>
-</table>
-END
-;
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY2'} eq "0" && ($cgiparams{'ORIG_IP'} eq "0" || $cgiparams{'ORIG_IP'} eq "0.0.0.0/0")){
-# if it is a port forward rule with a 0 in the orig_port field, this means there are xtaccess records, and we
-# don't want to allow a person to change the orig_ip field as it will mess other logic up
- print "<input type='hidden' name='ORIG_IP' value='$cgiparams{'ORIG_IP'}' />\n";
-} else {
-print <<END
-<table>
- <tr>
- <td class='base'><font class='boldbase' color='${Header::colourred}'>$Lang::tr{'source network'}</font> <img src='/blob.gif' alt='*' /> </td>
- <td><input type='text' name='ORIG_IP' value='$cgiparams{'ORIG_IP'}' size='15' /></td>
- </tr>
-</table>
-END
-;
-}
-
-print <<END
-<table width='100%'>
- <hr />
- <tr>
- <td class='base' width='25%'><img src='/blob.gif' alt ='*' align='top' /> <font class='base'>$Lang::tr{'this field may be blank'}</font></td>
-END
-;
-
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}){
- if($cgiparams{'KEY2'} eq "0"){
- print "<td width='35%' align='right'>$Lang::tr{'open to all'}: </td><td width='5%'><input type='checkbox' name='OVERRIDE' $checked{'OVERRIDE'}{'on'} /></td>\n";
- } else {
- print "<td width='40%'> </td>\n";
- }
- print "<td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' />";
- print "<input type='hidden' name='KEY1' value='$cgiparams{'KEY1'}' />";
- print "<input type='hidden' name='KEY2' value='$cgiparams{'KEY2'}' /></TD>";
- print "<td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></td>";
- # on an edit and an xtaccess add, for some reason the "Reset" button stops working, so I make it a submit button
-} else {
- print "<td width='30%'> </td>\n";
- print "<td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td>";
- if ($cgiparams{'ACTION'} eq $Lang::tr{'add xtaccess'}) {
- print "<td align='center' width='15%'><input type='hidden' name='KEY1' value='$cgiparams{'KEY1'}' />";
- print "<input type='hidden' name='KEY2' value='$cgiparams{'KEY2'}' />";
- print "<input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></td>";
- } elsif ($errormessage ne '') {
- print "<td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></td>";
- } else {
- print "<td align='center' width='15%'><input type='reset' name='ACTION' value='$Lang::tr{'reset'}' /></td>";
- }
-}
-print <<END
- <td width='5%' align='right'> </td>
- </tr>
-</table>
-END
-;
-&Header::closebox();
-
-print "</form>\n";
-
-&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
-print <<END
-<table width='100%'>
-<tr>
-<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
-<td width='31%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
-<td width='2%' class='boldbase' align='center'> </td>
-<td width='31%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
-<td width='24%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-<td width='4%' class='boldbase' colspan='4' align='center'><b>$Lang::tr{'action'}</b></td>
-</tr>
-END
-;
-
-my $id = 0;
-my $xtaccesscolor = '#F6F4F4';
-open(RULES, "$filename") or die 'Unable to open config file.';
-while (<RULES>)
-{
- my $protocol = '';
- my $gif = '';
- my $gdesc = '';
- my $toggle = '';
- chomp($_);
- my @temp = split(/\,/,$_);
- $temp[9] ='' unless defined $temp[9];# Glles ESpinasse : suppress warning on page init
- if ($temp[2] eq 'udp') {
- $protocol = 'UDP'; }
- elsif ($temp[2] eq 'gre') {
- $protocol = 'GRE' }
- else {
- $protocol = 'TCP' }
- # Change bgcolor when a new portfw rule is added
- if ($temp[1] eq "0"){
- $id++;
- }
- # Darren Critchley highlight the row we are editing
- if ( $cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'KEY1'} eq $temp[0] && $cgiparams{'KEY2'} eq $temp[1] ) {
- print "<tr bgcolor='${Header::colouryellow}'>\n";
- } else {
- if ($id % 2) {
- print "<tr bgcolor='$color{'color22'}'>\n";
- }
- else {
- print "<tr bgcolor='$color{'color20'}'>\n";
- }
- }
-
- if ($temp[6] eq 'on') { $gif = 'on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
- else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
-
- # Darren Critchley - this code no longer works - should we remove?
- # catch for 'old-style' rules file - assume default ip if
- # none exists
- if (!&General::validip($temp[7]) || $temp[7] eq '0.0.0.0') {
- $temp[7] = 'DEFAULT IP'; }
- if ($temp[1] eq '0') { # Port forwarding entry
-
- # Darren Critchley - Format the source and destintation ports
- my $srcprt = $temp[3];
- $srcprt =~ s/-/ - /;
- $srcprt =~ s/:/ - /;
- my $dstprt = $temp[5];
- $dstprt =~ s/-/ - /;
- $dstprt =~ s/:/ - /;
-
- # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
- $_=$temp[3];
- if (/^\d+$/) {
- my $servi = uc(getservbyport($temp[3], lc($temp[2])));
- if ($servi ne '' && $temp[3] < 1024) {
- $srcprt = "$srcprt($servi)"; }
- }
- $_=$temp[5];
- if (/^\d+$/) {
- my $servi = uc(getservbyport($temp[5], lc($temp[2])));
- if ($servi ne '' && $temp[5] < 1024) {
- $dstprt = "$dstprt($servi)"; }
- }
-
- # Darren Critchley - If the line is too long, wrap the port numbers
- my $srcaddr = "$temp[7] : $srcprt";
- if (length($srcaddr) > 22) {
- $srcaddr = "$temp[7] :<br /> $srcprt";
- }
- my $dstaddr = "$temp[4] : $dstprt";
- if (length($dstaddr) > 26) {
- $dstaddr = "$temp[4] :<br /> $dstprt";
- }
-print <<END
-<td align='center'>$protocol</td>
-<td align='center'>$srcaddr</td>
-<td align='center'><img src='/images/forward.gif' alt='=>' /></td>
-<td align='center'>$dstaddr</td>
-<td align='left'> $temp[9]</td>
-<td align='center'>
- <form method='post' name='frm$temp[0]c' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- <input type='hidden' name='ENABLED' value='$toggle' />
- </form>
-</td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'add xtaccess'}' />
- <input type='image' name='$Lang::tr{'add xtaccess'}' src='/images/add.gif' alt='$Lang::tr{'add xtaccess'}' title='$Lang::tr{'add xtaccess'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- </form>
-</td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
- <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- </form>
-</td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]b' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
- <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- </form>
-</td>
-
-</tr>
-END
- ;
- } else { # external access entry
-print <<END
-<td align='center'> </td>
-
-<td align='left' colspan='4'> <font color='${Header::colourred}'>$Lang::tr{'access allowed'}</font> $temp[8] ($temp[9])</td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]$temp[1]t' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- <input type='hidden' name='ENABLED' value='$toggle' />
- </form>
-</td>
-
-<td align='center'> </td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]$temp[1]' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
- <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- </form>
-</td>
-
-<td align='center'>
- <form method='post' name='frm$temp[0]b$temp[1]b' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
- <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
- <input type='hidden' name='KEY1' value='$temp[0]' />
- <input type='hidden' name='KEY2' value='$temp[1]' />
- </form>
-</td>
-
-</tr>
-END
- ;
- }
-}
-
-close(RULES);
-
-print "</table>";
-
-# If the fixed lease file contains entries, print Key to action icons
-if ( ! -z "$filename") {
-print <<END
-<table>
-<tr>
- <td class='boldbase'> <b>$Lang::tr{'legend'}: </b></td>
- <td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
- <td> </td>
- <td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> </td>
- <td><img src='/images/add.gif' alt='$Lang::tr{'add xtaccess'}' /></td>
- <td class='base'>$Lang::tr{'add xtaccess'}</td>
- <td> </td>
- <td><img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
- <td class='base'>$Lang::tr{'edit'}</td>
- <td> </td>
- <td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
- <td class='base'>$Lang::tr{'remove'}</td>
-</tr>
-</table>
-END
-;
-}
-
-&Header::closebox();
-
-&Header::closebigbox();
-
-&Header::closepage();
-
-# Validate Field Entries
-sub validateparams
-{
- # Darren Critchley - Get rid of dashes in port ranges
- $cgiparams{'DEST_PORT'}=~ tr/-/:/;
- $cgiparams{'SRC_PORT'}=~ tr/-/:/;
-
- # Darren Critchley - code to substitue wildcards
- if ($cgiparams{'SRC_PORT'} eq "*") {
- $cgiparams{'SRC_PORT'} = "1:65535";
- }
- if ($cgiparams{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) {
- $cgiparams{'SRC_PORT'} = "1:$2";
- }
- if ($cgiparams{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
- $cgiparams{'SRC_PORT'} = "$1:65535";
- }
- if ($cgiparams{'DEST_PORT'} eq "*") {
- $cgiparams{'DEST_PORT'} = "1:65535";
- }
- if ($cgiparams{'DEST_PORT'} =~ /^(\D)\:(\d+)$/) {
- $cgiparams{'DEST_PORT'} = "1:$2";
- }
- if ($cgiparams{'DEST_PORT'} =~ /^(\d+)\:(\D)$/) {
- $cgiparams{'DEST_PORT'} = "$1:65535";
- }
-
- # Darren Critchley - Add code for GRE protocol - we want to ignore ports, but we need a place holder
- if ($cgiparams{'PROTOCOL'} eq 'gre') {
- $cgiparams{'SRC_PORT'} = "GRE";
- $cgiparams{'DEST_PORT'} = "GRE";
- }
-
- unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp|gre)$/) { $errormessage = $Lang::tr{'invalid input'}; }
- # Darren Critchley - Changed how the error routine works a bit - for the validportrange check, we need to
- # pass in src or dest to determine which side we are working with.
- # the routine returns the complete error or ''
- if ($cgiparams{'PROTOCOL'} ne 'gre') {
- $errormessage = &General::validportrange($cgiparams{'SRC_PORT'}, 'src');
- }
- if( ($cgiparams{'ORIG_IP'} ne "0" && $cgiparams{'KEY2'} ne "0") || $cgiparams{'ACTION'} eq $Lang::tr{'add'}) {
- # if it is a port forward record with 0 in orig_ip then ignore checking this field
- unless(&General::validipormask($cgiparams{'ORIG_IP'}))
- {
- if ($cgiparams{'ORIG_IP'} ne '') {
- $errormessage = $Lang::tr{'source ip bad'}; }
- else {
- $cgiparams{'ORIG_IP'} = '0.0.0.0/0'; }
- }
- }
- # Darren Critchey - New rule that sets destination same as source if dest_port is blank.
- if ($cgiparams{'DEST_PORT'} eq ''){
- $cgiparams{'DEST_PORT'} = $cgiparams{'SRC_PORT'};
- }
- # Darren Critchey - Just in case error message is already set, this routine would wipe it out if
- # we don't do a test here
- if ($cgiparams{'PROTOCOL'} ne 'gre') {
- unless($errormessage) {$errormessage = &General::validportrange($cgiparams{'DEST_PORT'}, 'dest');}
- }
- unless(&General::validip($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
- return;
-}
-
-# Darren Critchley - we want to make sure that a port range does not overlap another port range
-sub checkportoverlap
-{
- my $portrange1 = $_[0]; # New port range
- my $portrange2 = $_[1]; # existing port range
- my @tempr1 = split(/\:/,$portrange1);
- my @tempr2 = split(/\:/,$portrange2);
-
- unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
- unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
-
- unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
- unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
-
- return 1; # Everything checks out!
-}
-
-# Darren Critchley - we want to make sure that a port entry is not within an already existing range
-sub checkportinc
-{
- my $port1 = $_[0]; # Port
- my $portrange2 = $_[1]; # Port range
- my @tempr1 = split(/\:/,$portrange2);
-
- if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
- return 1;
- } else {
- return 0;
- }
-}
-
-# Darren Critchley - certain ports are reserved for Ipcop
-# TCP 67,68,81,222,445
-# UDP 67,68
-# Params passed in -> port, rangeyn, protocol
-sub disallowreserved
-{
- # port 67 and 68 same for tcp and udp, don't bother putting in an array
- my $msg = "";
- my @tcp_reserved = ();
- my $prt = $_[0]; # the port or range
- my $ryn = $_[1]; # tells us whether or not it is a port range
- my $prot = $_[2]; # protocol
- my $srcdst = $_[3]; # source or destination
-
- if ($ryn) { # disect port range
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'rsvd src port overlap'}";
- } else {
- $msg = "$Lang::tr{'rsvd dst port overlap'}";
- }
- my @tmprng = split(/\:/,$prt);
- unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
- unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
- }
- }
- } else {
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'reserved src port'}";
- } else {
- $msg = "$Lang::tr{'reserved dst port'}";
- }
- if ($prt == 67) { $errormessage="$msg 67"; return; }
- if ($prt == 68) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- if ($prange == $prt) { $errormessage="$msg $prange"; return; }
- }
- }
- }
- return;
-}
-
-# Darren Critchley - Attempt to combine Add/Update validation as they are almost the same
-sub valaddupdate
-{
- if ($cgiparams{'KEY2'} eq "0"){ # if it is a port forward rule, then validate properly
- &validateparams();
- } else { # it is an xtaccess rule, just check for a valid ip
- unless(&General::validipormask($cgiparams{'ORIG_IP'}))
- {
- if ($cgiparams{'ORIG_IP'} ne '') {
- $errormessage = $Lang::tr{'source ip bad'}; }
- else { # this rule stops someone from adding an ALL xtaccess record
- $errormessage = $Lang::tr{'xtaccess all error'};
- $cgiparams{'ACTION'} = $Lang::tr{'add xtaccess'};
- }
- }
- # Darren Critchley - check for 0.0.0.0/0 - not allowed for xtaccess
- if ($cgiparams{'ORIG_IP'} eq "0.0.0.0/0" || $cgiparams{'ORIG_IP'} eq "0.0.0.0") {
- $errormessage = $Lang::tr{'xtaccess all error'};
- $cgiparams{'ACTION'} = $Lang::tr{'add xtaccess'};
- }
- }
- # Darren Critchley - Remove commas from remarks
- $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
-
- # Darren Critchley - Check to see if we are working with port ranges
- our ($prtrange1, $prtrange2);
- $_ = $cgiparams{'SRC_PORT'};
- if ($cgiparams{'KEY2'} eq "0" && m/:/){
- $prtrange1 = 1;
- }
- if ($cgiparams{'SRC_IP'} eq '0.0.0.0') { # Dave Roberts - only check if using DEFAULT IP
- if ($prtrange1 == 1){ # check for source ports reserved for Ipcop
- &disallowreserved($cgiparams{'SRC_PORT'},1,$cgiparams{'PROTOCOL'},"src");
- if ($errormessage) { goto EXITSUB; }
- } else { # check for source port reserved for Ipcop
- &disallowreserved($cgiparams{'SRC_PORT'},0,$cgiparams{'PROTOCOL'},"src");
- if ($errormessage) { goto EXITSUB; }
- }
- }
-
- $_ = $cgiparams{'DEST_PORT'};
- if ($cgiparams{'KEY2'} eq "0" && m/:/){
- $prtrange2 = 1;
- }
- if ($cgiparams{'SRC_IP'} eq '0.0.0.0') { # Dave Roberts - only check if using DEFAULT IP
- if ($prtrange2 == 1){ # check for destination ports reserved for IPFire
- &disallowreserved($cgiparams{'DEST_PORT'},1,$cgiparams{'PROTOCOL'},"dst");
- if ($errormessage) { goto EXITSUB; }
- } else { # check for destination port reserved for IPFire
- &disallowreserved($cgiparams{'DEST_PORT'},0,$cgiparams{'PROTOCOL'},"dst");
- if ($errormessage) { goto EXITSUB; }
- }
- }
-
-
-EXITSUB:
- return;
-}
-
-# Darren Critchley - Duplicate or overlapping Port range check
-sub portchecks
-{
- $_ = $_[0];
- our ($prtrange1, $prtrange2);
- if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
- unless (&checkportoverlap($cgiparams{'SRC_PORT'},$_[0])) {
- $errormessage = "$Lang::tr{'source port overlaps'} $_[0]";
- }
- }
- if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($cgiparams{'SRC_PORT'}, $_[0])) {
- $errormessage = "$Lang::tr{'srcprt within existing'} $_[0]";
- }
- }
- if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($_[0], $cgiparams{'SRC_PORT'})) {
- $errormessage = "$Lang::tr{'srcprt range overlaps'} $_[0]";
- }
- }
-
- if ($errormessage eq ''){
- $_ = $_[1];
- if (m/:/ && $prtrange2 == 1) { # if true then there is a port range
- unless (&checkportoverlap($cgiparams{'DEST_PORT'},$_[1])) {
- $errormessage = "$Lang::tr{'destination port overlaps'} $_[1]";
- }
- }
- if (m/:/ && $prtrange2 == 0 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($cgiparams{'DEST_PORT'}, $_[1])) {
- $errormessage = "$Lang::tr{'dstprt within existing'} $_[1]";
- }
- }
- if (! m/:/ && $prtrange2 == 1 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($_[1], $cgiparams{'DEST_PORT'})) {
- $errormessage = "$Lang::tr{'dstprt range overlaps'} $_[1]";
- }
- }
- }
- return;
-}
debug_mode = $upnpsettings{'DEBUGMODE'}
insert_forward_rules = $upnpsettings{'FORWARDRULES'}
forward_chain_name = FORWARD
-prerouting_chain_name = PORTFW
+prerouting_chain_name = UPNPFW
upstream_bitrate = $upnpsettings{'DOWNSTREAM'}
downstream_bitrate = $upnpsettings{'UPSTREAM'}
description_document_name = $upnpsettings{'DESCRIPTION'}
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
-
+use Sort::Naturally;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
;
my $id = 0;
my $gif;
- foreach my $key (keys %confighash) {
+ foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
-%tr = (
+%tr = (
%tr,
'Act as' => 'Konfiguriert als',
'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)',
'advproxy cache management' => 'Cacheverwaltung',
'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie',
-'advproxy cache-digest' => 'Cache-Digest-Erstellung aktivieren',
'advproxy chgwebpwd ERROR' => 'F E H L E R :',
'advproxy chgwebpwd SUCCESS' => 'E R F O L G :',
'advproxy chgwebpwd change password' => 'Passwort ändern',
'download root certificate' => 'Root-Zertifikat herunterladen',
'dpd action' => 'Aktion für Dead Peer Detection',
'driver' => 'Treiber',
-'drop input' => 'Verworfene Input-Pakete loggen',
+'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
+'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
+'drop action2' => 'Standardverhalten der (Input) Firewall',
+'drop forward' => 'Verworfene (Forward) Firewall-Pakete loggen',
+'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
-'drop output' => 'Verworfene Output-Pakete loggen',
-'drop portscan' => 'Verworfene Portscan-Pakete loggen',
-'drop proxy' => 'Alle Pakete verwerfen, die nicht direkt an den Proxy gerichtet sind',
-'drop samba' => 'Alle Microsoft-Pakete verwerfen, Ports 135,137,138,139,445,1025',
+'drop outgoing' => 'Verworfene (Outgoing) Firewall-Pakete loggen',
+'drop portscan' => 'Verworfene Portscan Pakete loggen',
+'drop proxy' => 'Alle Pakete verwerfen die nicht direkt an den Proxy gerichtet sind',
+'drop samba' => 'Alle Microsoft Pakete verwerfen, Ports 135,137,138,139,445,1025',
'drop wirelessforward' => 'Verworfene Wireless Forward Pakete loggen',
'drop wirelessinput' => 'Verworfene Wireless Input Pakete loggen',
'dst port' => 'Ziel-Port',
'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht',
'force update' => 'Aktualisierung erzwingen',
'force user' => 'Standardbenutzer für das UNIX Dateisystem',
+'forward firewall' => 'Firewall',
'forwarding rule added' => 'Weiterleitungsregel hinzugefügt. Starte Weiterleitung neu',
'forwarding rule removed' => 'Weiterleitungsregel entfernt. Starte Weiterleitung neu',
'forwarding rule updated' => 'Weiterleitungsregel aktualisiert; starte Weiterleitung neu',
'from email user' => 'Von Email Benutzer',
'from warn email bad' => 'Von Email Adresse ist nicht gültig',
'fw blue' => 'Firewall-Optionen für das Blaue Interface',
+'fw default drop' => 'Firewall Policy',
'fw logging' => 'Firewall-Logging',
+'fw settings' => 'Firewall-Einstellungen',
+'fw settings color' => 'Farben in Regeltabelle anzeigen',
+'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
+'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
+'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
+'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
+'fwdfw DROP' => 'Verwerfen (DROP)',
+'fwdfw MODE1' => 'Alle Pakete verwerfen',
+'fwdfw MODE2' => 'Alle Pakete annehmen',
+'fwdfw REJECT' => 'Verweigern (REJECT)',
+'fwdfw action' => 'Aktion',
+'fwdfw additional' => 'Weitere Einstellungen',
+'fwdfw addr grp' => 'Adressgruppen:',
+'fwdfw addrule' => 'Regel hinzufügen/ändern:',
+'fwdfw change' => 'Aktualisieren',
+'fwdfw copy' => 'Kopieren',
+'fwdfw cust addr' => 'Custom Adressen:',
+'fwdfw cust net' => 'Custom Netzwerke:',
+'fwdfw delete' => 'Löschen',
+'fwdfw dnat' => 'DNAT/Port-Weiterleitung',
+'fwdfw dnat error' => 'Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
+'fwdfw dnat porterr' => 'Für NAT-Regeln muss ein einzelner Port oder Portbereich angegeben werden',
+'fwdfw edit' => 'Bearbeiten',
+'fwdfw err nosrc' => 'Keine Quelle ausgewählt',
+'fwdfw err nosrcip' => 'Bitte Quell-IP-Adresse angeben',
+'fwdfw err notgt' => 'Kein Ziel ausgewählt',
+'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
+'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
+'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
+'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
+'fwdfw err same' => 'Quelle und Ziel sind identisch',
+'fwdfw err samesub' => 'Quell- und Ziel-IP-Adresse befinden sich im selben Subnetz',
+'fwdfw err src_addr' => 'Quell-MAC/IP-Adresse ungültig',
+'fwdfw err srcovpn' => 'Die gewählte Quell-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
+'fwdfw err srcport' => 'Bitte Quellport angeben',
+'fwdfw err tgt_addr' => 'Ungültige Ziel-IP-Adresse',
+'fwdfw err tgt_grp' => 'Die Ziel-Dienstgruppe ist leer',
+'fwdfw err tgt_mac' => 'MAC-Adressen können nicht als Ziel defininert werden',
+'fwdfw err tgt_port' => 'Ungültiger Zielport',
+'fwdfw err tgtovpn' => 'Die gewählte Ziel-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
+'fwdfw err tgtport' => 'Bitte Zielport angeben',
+'fwdfw err time' => 'Es muss mindestens ein Tag ausgewählt werden',
+'fwdfw final_rule' => 'Letzte Regel: ',
+'fwdfw from' => 'Von:',
+'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
+'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
+'fwdfw ipsec network' => 'IPsec-Netzwerke:',
+'fwdfw log rule' => 'Logging aktivieren',
+'fwdfw man port' => 'Port(s):',
+'fwdfw menu' => 'Firewallregeln',
+'fwdfw movedown' => 'Herunter',
+'fwdfw moveup' => 'Herauf',
+'fwdfw natport used' => 'Der eingegebene Port wird bereits von einer anderen DNAT-Regel benutzt.',
+'fwdfw newrule' => 'Neue Regel erstellen',
+'fwdfw p2p txt' => 'P2P-Netzwerke erlauben/verbieten.',
+'fwdfw pol allow' => 'Zugelassen',
+'fwdfw pol block' => 'Blockiert',
+'fwdfw pol text' => 'Firewall-Standardverhalten für Verbindungen aus lokalen Netzwerken: Alle Verbindungen können entweder zugelassen oder geblockt werden, wenn keine Ausnahmeregel zutrifft. "Blockiert" trennt ebenfalls die Kommunikation zwischen den lokalen Netzwerken.',
+'fwdfw pol text1' => 'Firewall-Standardverhalten für von der Firewall selbst initiierte Verbindungen.',
+'fwdfw pol title' => 'Standardverhalten der Firewall',
+'fwdfw red' => 'ROT',
+'fwdfw reread' => 'Ãœbernehmen',
+'fwdfw rule action' => 'Regelaktion:',
+'fwdfw rule activate' => 'Regel aktivieren',
+'fwdfw rulepos' => 'Regelposition',
+'fwdfw rules' => 'Regeln',
+'fwdfw snat' => 'SNAT (ersetzt die Quell-IP-Adresse mit der hier konfigurierten)',
+'fwdfw source' => 'Quelle',
+'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
+'fwdfw std network' => 'Standard Netzwerke:',
+'fwdfw target' => 'Ziel',
+'fwdfw targetip' => 'Zieladresse (IP/MAC-Adresse oder Netzwerk):',
+'fwdfw till' => 'Bis:',
+'fwdfw time' => 'Zeitrahmen',
+'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
+'fwdfw toggle' => 'Aktivieren oder deaktivieren',
+'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
+'fwdfw use nat' => 'NAT benutzen',
+'fwdfw use srcport' => 'Quellport benutzen',
+'fwdfw use srv' => 'Zielport benutzen',
+'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
+'fwdfw wd_fri' => 'Fr',
+'fwdfw wd_mon' => 'Mo',
+'fwdfw wd_sat' => 'Sa',
+'fwdfw wd_sun' => 'So',
+'fwdfw wd_thu' => 'Do',
+'fwdfw wd_tue' => 'Di',
+'fwdfw wd_wed' => 'Mi',
+'fwdfw xt access' => 'Input',
+'fwhost addgrp' => 'Neue Gruppe hinzufügen:',
+'fwhost addgrpname' => 'Gruppenname:',
+'fwhost addhost' => 'Neuen Host hinzufügen:',
+'fwhost addnet' => 'Neues Netzwerk hinzufügen:',
+'fwhost addrule' => 'Regel hinzufügen/ändern:',
+'fwhost addservice' => 'Neuen Dienst hinzufügen:',
+'fwhost addservicegrp' => 'Neue Dienstgruppe hinzufügen:',
+'fwhost any' => 'Alle',
+'fwhost attention' => 'ACHTUNG',
+'fwhost back' => 'Zurück',
+'fwhost blue' => 'Blau',
+'fwhost ccdhost' => 'OpenVPN-Clients:',
+'fwhost ccdnet' => 'OpenVPN-Netzwerke:',
+'fwhost change' => 'Ändern',
+'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.',
+'fwhost cust addr' => 'Hosts:',
+'fwhost cust grp' => 'Gruppen:',
+'fwhost cust net' => 'Netzwerke:',
+'fwhost cust service' => 'Dienste:',
+'fwhost cust srvgrp' => 'Dienstgruppen',
+'fwhost deleted' => 'Gelöscht',
+'fwhost empty' => 'Keine Regeln definiert',
+'fwhost err addr' => 'IP-Adresse oder Subnetzmaske ungültig',
+'fwhost err addrgrp' => 'Bitte Gruppennamen angeben',
+'fwhost err empty' => 'Bitte alle Felder ausfüllen',
+'fwhost err emptytable' => 'Keine Einträge in Gruppe',
+'fwhost err groupempty' => 'Die gewählte Gruppe ist leer',
+'fwhost err grpexist' => 'Die Gruppe existiert bereits',
+'fwhost err hostexist' => 'Ein Host mit diesem Namen existiert bereits',
+'fwhost err hostorip' => 'Name oder IP-Adresse ungültig',
+'fwhost err ip' => 'IP-Adresse ungültig',
+'fwhost err ipcheck' => 'Diese IP-Adresse wird bereits verwendet',
+'fwhost err ipmac' => 'Ungültige IP/MAC-Addresse',
+'fwhost err ipwithsub' => 'Bitte nur eine IP-Adresse (ohne Subnetzmaske) eingeben',
+'fwhost err isccdhost' => 'Dieser Name wird bereits für einen OpenVPN-Host verwendet',
+'fwhost err isccdiphost' => 'Diese IP-Adresse wird bereits für einen OpenVPN-Host verwendet',
+'fwhost err isccdipnet' => 'Diese IP-Adresse wird bereits für einen OpenVPN-Netzwerk verwendet',
+'fwhost err isccdnet' => 'Dieser Name wird bereits für einen OpenVPN-Netzwerk verwendet',
+'fwhost err isingrp' => 'Dieser Eintrag existiert bereits in der Gruppe',
+'fwhost err mac' => 'Ungültige MAC-Adresse',
+'fwhost err name' => 'Ungültiger Name. Erlaubte Zeichen: Klein- und Großbuchstaben, Leerzeichen und Bindestrich.',
+'fwhost err name1' => 'Der Name muss ausgefüllt sein',
+'fwhost err net' => 'Netzwerk/IP-Adresse existiert bereits',
+'fwhost err netexist' => 'Ein Netz mit diesem Namen existiert bereits',
+'fwhost err partofnet' => 'Dieses Netzwerk ist ein Subnetz eines bereits existierenden Netzwerks',
+'fwhost err port' => 'Port muss gefüllt sein',
+'fwhost err remark' => 'Ungültige Bemerkung. Erlaubte Zeichen: Klein- und Großbuchstaben, Bindestrich, Unterstrich, Runde Klammern, Semikolon, Punkt.',
+'fwhost err srv exists' => 'Ein Service mit diesem Namen existiert bereits',
+'fwhost err srvexist' => 'Dieser Dienst ist bereits in der Gruppe',
+'fwhost err sub32' => 'Bitte einen einzelnen Host hinzufügen, keine Netzwerke',
+'fwhost green' => 'Grün',
+'fwhost hint' => 'Hinweis',
+'fwhost hosts' => 'Firewall-Hosts',
+'fwhost icmptype' => 'ICMP-Typ:',
+'fwhost ip_mac' => 'IP/MAC-Adresse',
+'fwhost ipadr' => 'IP-Adresse:',
+'fwhost ipsec host' => 'IPsec-Clients:',
+'fwhost ipsec net' => 'IPsec-Netzwerke:',
+'fwhost menu' => 'Firewallgruppen',
+'fwhost netaddress' => 'Netzwerkadresse',
+'fwhost newgrp' => 'Netzwerk-/Hostgruppen',
+'fwhost newhost' => 'Hosts',
+'fwhost newnet' => 'Netzwerke',
+'fwhost newservice' => 'Dienst',
+'fwhost newservicegrp' => 'Dienstgruppen',
+'fwhost orange' => 'Orange',
+'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
+'fwhost port' => 'Port(s)',
+'fwhost prot' => 'Protokoll',
+'fwhost reread' => 'Die Firewallregeln müssen neu eingelesen werden.',
+'fwhost reset' => 'Abbrechen',
+'fwhost services' => 'Dienste',
+'fwhost srv_name' => 'Dienstname',
+'fwhost stdnet' => 'Standard-Netzwerke:',
+'fwhost type' => 'Typ',
+'fwhost used' => 'Genutzt',
+'fwhost welcome' => 'Hier können einzelne Hosts, Netzwerke oder Dienste zu Gruppen zusammengefasst werden, was das erstellen von Firewallregeln einfacher und schneller macht.',
+'fwhost wo subnet' => '(Ohne Subnetz)',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
'gen static key' => 'Statischen Schlüssel erzeugen',
'network traffic graphs others' => 'Netzwerk (sonstige)',
'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert',
'networks settings' => 'Firewall - Netzwerkeinstellungen',
-'new optionsfw later' => 'Ihre Modifikation(en) wird (werden) beim nächsten Neustart aktiv werden',
+'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv',
'new optionsfw must boot' => 'Sie müssen Ihren IPFire neu starten',
'newer' => 'Neuer',
'next' => 'Nächster',
'optional at cmd' => 'zusätzlicher Modembefehl',
'optional data' => '3. Optionale Einstellungen',
'options' => 'Optionen',
-'options fw' => 'Firewall Optionen',
+'options fw' => 'Firewall-Optionen',
'optionsfw portlist hint' => 'Die Liste der Ports muss durch ein Komma getrennt werden (z.B. 137,138). Sie können maximal bis zu 15 Ports pro Protokoll angeben.',
'optionsfw warning' => 'Verändern dieser Optionen bedingt einen Neustart der Firewall',
'or' => 'oder',
'reconnect' => 'Neu Verbinden',
'reconnection' => 'Wiederverbindung',
'red' => 'Internet',
+'red1' => 'ROT',
'references' => 'Referenzen',
'refresh' => 'Aktualisieren',
'refresh index page while connected' => 'Aktualisere index.cgi Seite während der Verbindung',
'wlanap encryption' => 'Verschlüsselung',
'wlanap informations' => 'Informationen',
'wlanap interface' => 'Interface übernehmen',
-'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 ASCII-Zeichen lang sein.',
+'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 Zeichen lang sein.',
'wlanap link dhcp' => 'Wireless Lan DHCP-Einstellungen',
'wlanap link wireless' => 'Wireless Lan Clients freischalten',
'wlanap no interface' => 'Ausgewähltes Interface ist keine WLAN-Karte!',
-%tr = (
+%tr = (
%tr,
'Act as' => 'Act as:',
'advproxy banned mac clients' => 'Banned MAC addresses (one per line)',
'advproxy cache management' => 'Cache management',
'advproxy cache replacement policy' => 'Cache replacement policy',
-'advproxy cache-digest' => 'Enable Cache-Digest Generation',
'advproxy chgwebpwd ERROR' => 'E R R O R :',
'advproxy chgwebpwd SUCCESS' => 'S U C C E S S :',
'advproxy chgwebpwd change password' => 'Change password',
'download root certificate' => 'Download root certificate',
'dpd action' => 'Dead Peer Detection action',
'driver' => 'Driver',
+'drop action' => 'Default behaviour of (forward) firewall in mode "Blocked"',
+'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"',
+'drop action2' => 'Default behaviour of (input) firewall',
+'drop forward' => 'Log dropped forward packets',
'drop input' => 'Log dropped input packets',
'drop newnotsyn' => 'Log dropped new not syn packets',
-'drop output' => 'Log dropped output packets',
+'drop outgoing' => 'Log dropped outgoing packets',
'drop portscan' => 'Log dropped portscan packets',
'drop proxy' => 'Drop all packets not addressed to proxy',
'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
'fixed ip lease removed' => 'Fixed IP lease removed',
'force update' => 'Force update',
'force user' => 'force all new file to user',
+'forward firewall' => 'Firewall',
'forwarding rule added' => 'Forwarding rule added; restarting forwarder',
'forwarding rule removed' => 'Forwarding rule removed; restarting forwarder',
'forwarding rule updated' => 'Forwarding rule updated; restarting forwarder',
'from email user' => 'From e-mail user',
'from warn email bad' => 'From e-mail address is not valid',
'fw blue' => 'Firewall options for BLUE interface',
+'fw default drop' => 'Firewall policy',
'fw logging' => 'Firewall logging',
+'fw settings' => 'Firewall settings',
+'fw settings color' => 'Show colors in ruletable',
+'fw settings dropdown' => 'Show all networks on rulecreation site',
+'fw settings remark' => 'Show remarks in ruletable',
+'fw settings ruletable' => 'Show empty ruletables',
+'fwdfw ACCEPT' => 'ACCEPT',
+'fwdfw DROP' => 'DROP',
+'fwdfw MODE1' => 'Drop all packets',
+'fwdfw MODE2' => 'Accept all packets',
+'fwdfw REJECT' => 'REJECT',
+'fwdfw action' => 'Action',
+'fwdfw additional' => 'Additional settings',
+'fwdfw addr grp' => 'Adress groups:',
+'fwdfw addrule' => 'Add/Edit rule:',
+'fwdfw change' => 'Update',
+'fwdfw copy' => 'Copy',
+'fwdfw cust addr' => 'Custom addresses:',
+'fwdfw cust net' => 'Custom networks:',
+'fwdfw delete' => 'Delete',
+'fwdfw dnat' => 'Port forwarding/Destination NAT',
+'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
+'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
+'fwdfw edit' => 'Edit',
+'fwdfw err nosrc' => 'No source selected.',
+'fwdfw err nosrcip' => 'Please provide a source IP address.',
+'fwdfw err notgt' => 'No destination selected.',
+'fwdfw err notgtip' => 'Please provide a destination IP address.',
+'fwdfw err prot' => 'Source and destination protocol need to match.',
+'fwdfw err remark' => 'Invalid characters in remark.',
+'fwdfw err ruleexists' => 'This rule already exists.',
+'fwdfw err same' => 'Source and destination are identical.',
+'fwdfw err samesub' => 'Source and destination IP addresses are from the same subnet.',
+'fwdfw err src_addr' => 'Invalid source MAC/IP address.',
+'fwdfw err srcovpn' => 'The entered source IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
+'fwdfw err srcport' => 'Please provide a source port.',
+'fwdfw err tgt_addr' => 'Invalid destination IP address.',
+'fwdfw err tgt_grp' => 'The destination service group is empty',
+'fwdfw err tgt_mac' => 'A MAC addresses cannot be used as destination.',
+'fwdfw err tgt_port' => 'Invalid destination port.',
+'fwdfw err tgtovpn' => 'The entered destination IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
+'fwdfw err tgtport' => 'Please provide a destination port.',
+'fwdfw err time' => 'You have to select at least one day.',
+'fwdfw final_rule' => 'Last rule: ',
+'fwdfw from' => 'From:',
+'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
+'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ',
+'fwdfw ipsec network' => 'IPsec networks:',
+'fwdfw log rule' => 'Log rule',
+'fwdfw man port' => 'Port(s):',
+'fwdfw menu' => 'Firewall Rules',
+'fwdfw movedown' => 'Move down',
+'fwdfw moveup' => 'Move up',
+'fwdfw natport used' => 'The given port for NAPT is already in use by an other DNAT rule.',
+'fwdfw newrule' => 'New rule',
+'fwdfw p2p txt' => 'Grant/deny access to P2P networks.',
+'fwdfw pol allow' => 'Allowed',
+'fwdfw pol block' => 'Blocked',
+'fwdfw pol text' => 'Sets the default firewall behaviour for connections from local networks. You may either allow all new connections or block them by default. Connections between the local networks are also blocked in the latter mode.',
+'fwdfw pol text1' => 'Sets the default firewall behaviour for connections initiated by the firewall itself. Attention! You may lock yourself out.',
+'fwdfw pol title' => 'Default firewall behaviour',
+'fwdfw red' => 'RED',
+'fwdfw reread' => 'Apply',
+'fwdfw rule action' => 'Rule action:',
+'fwdfw rule activate' => 'Activate rule',
+'fwdfw rulepos' => 'Rule position',
+'fwdfw rules' => 'Rules',
+'fwdfw snat' => 'SNAT (replace the source\'s IP address by this IP address)',
+'fwdfw source' => 'Source',
+'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
+'fwdfw std network' => 'Standard networks:',
+'fwdfw target' => 'Destination',
+'fwdfw targetip' => 'Destination address (MAC/IP address or network):',
+'fwdfw till' => 'Until:',
+'fwdfw time' => 'Time Constraints',
+'fwdfw timeframe' => 'Use time constraints',
+'fwdfw toggle' => 'Activate or deactivate',
+'fwdfw togglelog' => 'Activate or deactivate logging',
+'fwdfw use nat' => 'Use NAT',
+'fwdfw use srcport' => 'Use source port',
+'fwdfw use srv' => 'Use destination port',
+'fwdfw useless rule' => 'This rule is useless.',
+'fwdfw wd_fri' => 'Fri',
+'fwdfw wd_mon' => 'Mon',
+'fwdfw wd_sat' => 'Sat',
+'fwdfw wd_sun' => 'Sun',
+'fwdfw wd_thu' => 'Thu',
+'fwdfw wd_tue' => 'Tue',
+'fwdfw wd_wed' => 'Wed',
+'fwdfw xt access' => 'Input',
+'fwhost addgrp' => 'Add new network/host group:',
+'fwhost addgrpname' => 'Group name:',
+'fwhost addhost' => 'Add new host:',
+'fwhost addnet' => 'Add new hetwork:',
+'fwhost addrule' => 'Add/edit rule:',
+'fwhost addservice' => 'Add service:',
+'fwhost addservicegrp' => 'Add new service group:',
+'fwhost any' => 'Any',
+'fwhost attention' => 'ATTENTION',
+'fwhost back' => 'Back',
+'fwhost blue' => 'Blue',
+'fwhost ccdhost' => 'OpenVPN clients:',
+'fwhost ccdnet' => 'OpenVPN networks:',
+'fwhost change' => 'Modify',
+'fwhost changeremark' => 'You modified just the remark',
+'fwhost cust addr' => 'Hosts:',
+'fwhost cust grp' => 'Network/Host Groups:',
+'fwhost cust net' => 'Networks:',
+'fwhost cust service' => 'Services:',
+'fwhost cust srvgrp' => 'Service Groups:',
+'fwhost deleted' => 'Deleted',
+'fwhost empty' => 'No rules defined',
+'fwhost err addr' => 'Invalid IP address or subnet',
+'fwhost err addrgrp' => 'Please provide a group name',
+'fwhost err empty' => 'Please fill in all input fields',
+'fwhost err emptytable' => 'No entries in this group',
+'fwhost err groupempty' => 'The selected group is empty',
+'fwhost err grpexist' => 'Group already exists',
+'fwhost err hostexist' => 'A host with the same name already exists',
+'fwhost err hostorip' => 'Invalid name or IP address',
+'fwhost err ip' => 'IP address invalid',
+'fwhost err ipcheck' => 'This IP address is already in use',
+'fwhost err ipmac' => 'IP/MAC address invalid',
+'fwhost err ipwithsub' => 'Please provide only an IP address (without subnet mask)',
+'fwhost err isccdhost' => 'This name is already used by an OpenVPN client connection',
+'fwhost err isccdiphost' => 'This IP address is already used by an OpenVPN client connection',
+'fwhost err isccdipnet' => 'This IP address is already used by an OpenVPN network connection',
+'fwhost err isccdnet' => 'This name is already used by an OpenVPN network',
+'fwhost err isingrp' => 'This entry already exists in the group',
+'fwhost err mac' => 'Invalid MAC address',
+'fwhost err name' => 'Invalid name. Allowed characters: Upper- and lowercase letters, digits, space and dash.',
+'fwhost err name1' => 'Empty name.',
+'fwhost err net' => 'Network/IP address already exists',
+'fwhost err netexist' => 'A network with the same name already exists',
+'fwhost err partofnet' => 'The network is a subnet of an already existing network.',
+'fwhost err port' => 'Port is empty',
+'fwhost err remark' => 'Invalid remark. Allowed characters: Upper- and lowercase letters, digits, space, dash, braces, semicolon, pipe and dot.',
+'fwhost err srv exists' => 'A service with the same name already exists',
+'fwhost err srvexist' => 'This service already exists in the group',
+'fwhost err sub32' => 'Please add a single host, not a network.',
+'fwhost green' => 'Green',
+'fwhost hint' => 'Note',
+'fwhost hosts' => 'Firewall Hosts',
+'fwhost icmptype' => 'ICMP type:',
+'fwhost ip_mac' => 'IP/MAC address',
+'fwhost ipadr' => 'IP address:',
+'fwhost ipsec host' => 'IPsec clients:',
+'fwhost ipsec net' => 'IPsec networks:',
+'fwhost menu' => 'Firewall Groups',
+'fwhost netaddress' => 'Network address',
+'fwhost newgrp' => 'Network/Host Groups',
+'fwhost newhost' => 'Hosts',
+'fwhost newnet' => 'Networks',
+'fwhost newservice' => 'Services',
+'fwhost newservicegrp' => 'Service Groups',
+'fwhost orange' => 'Orange',
+'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
+'fwhost port' => 'Port(s)',
+'fwhost prot' => 'Protocol',
+'fwhost reread' => 'Firewall rules need to be updated.',
+'fwhost reset' => 'Cancel',
+'fwhost services' => 'Services:',
+'fwhost srv_name' => 'Service name',
+'fwhost stdnet' => 'Standard networks:',
+'fwhost type' => 'Type',
+'fwhost used' => 'Used',
+'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wo subnet' => '(without subnet)',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',
'gateway' => 'Gateway',
'network traffic graphs others' => 'Network (others)',
'network updated' => 'Custom Network updated',
'networks settings' => 'Firewall - Network settings',
-'new optionsfw later' => 'Your modification(s) will be active on next restart',
+'new optionsfw later' => 'Some options need a reboot to take effect',
'new optionsfw must boot' => 'You must reboot your IPFire',
'newer' => 'Newer',
'next' => 'next',
'profile saved' => 'Profile saved: ',
'profiles' => 'Profiles:',
'proto' => 'Proto',
-'protocol' => 'Protocol:',
+'protocol' => 'Protocol',
'proxy' => 'Proxy',
'proxy access graphs' => 'Proxy access graphs',
'proxy admin password' => 'Cache administrator password',
'reconnect' => 'Reconnect',
'reconnection' => 'Reconnection',
'red' => 'Internet',
+'red1' => 'RED',
'references' => 'References',
'refresh' => 'Refresh',
'refresh index page while connected' => 'Refresh index.cgi page while connected',
'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
'wlanap access point' => 'Access Point',
'wlanap channel' => 'Channel',
-'wlanap country' => 'Country Code',
'wlanap debugging' => 'Debugging',
'wlanap del interface' => 'Remove selected interface?',
'wlanap encryption' => 'Encryption',
'wlanap informations' => 'Informations',
'wlanap interface' => 'Select interface',
-'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 ascii characters.',
+'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 characters.',
'wlanap link dhcp' => 'Wireless lan DHCP configuration',
'wlanap link wireless' => 'Activate wireless lan clients',
'wlanap no interface' => 'Selected interface is not a wirless lan card!',
@$(PREBUILD)
# Create all directories
- for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns dnsforward \
- ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \
- net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \
- outgoing/groups/macgroups ovpn patches pakfire portfw ppp private proxy/advanced/cre \
+ for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
+ ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \
+ ethernet extrahd/bin fwlogs fwhosts forward forward/bin isdn key langs logging mac main menu.d modem net-traffic \
+ net-traffic/templates nfs optionsfw \
+ ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
- wakeonlan wireless xtaccess ; do \
+ wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
# Touch empty files
for i in auth/users backup/include.user backup/exclude.user \
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
- dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
- ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \
- isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \
+ dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
+ extrahd/scan extrahd/devices extrahd/partitions extrahd/settings forward/settings forward/config forward/input forward/outgoing forward/dmz forward/nat \
+ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
+ isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
- ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
+ ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
- touch $(CONFIG_ROOT)/$$i; \
+ touch $(CONFIG_ROOT)/$$i; \
done
# Copy initial configfiles
cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
- cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list
cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl
cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler
cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/
cp $(DIR_SRC)/config/cfgroot/sensors-settings $(CONFIG_ROOT)/sensors/settings
- cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
+ cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults
cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings
cp $(DIR_SRC)/config/cfgroot/net-traffic-lib.pl $(CONFIG_ROOT)/net-traffic/net-traffic-lib.pl
- cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl
+ cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl
cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
- cp $(DIR_SRC)/config/cfgroot/p2protocols $(CONFIG_ROOT)/outgoing/p2protocols
- cp $(DIR_SRC)/config/outgoingfw/outgoingfw.pl $(CONFIG_ROOT)/outgoing/bin/
- cp $(DIR_SRC)/config/outgoingfw/defaultservices $(CONFIG_ROOT)/outgoing/
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
- cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
- cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
- cp $(DIR_SRC)/config/cfgroot/xtaccess-config $(CONFIG_ROOT)/xtaccess/config
+ cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
+ cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
- cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
+ cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
- cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
-
+ cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
+ cp $(DIR_SRC)/config/forwardfw/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
+ cp $(DIR_SRC)/config/forwardfw/convert-xtaccess /usr/sbin/convert-xtaccess
+ cp $(DIR_SRC)/config/forwardfw/convert-outgoingfw /usr/sbin/convert-outgoingfw
+ cp $(DIR_SRC)/config/forwardfw/convert-dmz /usr/sbin/convert-dmz
+ cp $(DIR_SRC)/config/forwardfw/convert-portfw /usr/sbin/convert-portfw
+ cp $(DIR_SRC)/config/forwardfw/p2protocols $(CONFIG_ROOT)/forward/p2protocols
+ cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
+ cp $(DIR_SRC)/config/forwardfw/firewall-policy /usr/sbin/firewall-policy
+ cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
+ cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
- echo "DROPOUTPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
- echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
- echo "DROPOUTPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "FWPOLICY1=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "FWPOLICY2=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPPORTSCAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
-
+ echo "DROPOUTGOING=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPSAMBA=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPPROXY=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "SHOWREMARK=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "SHOWCOLORS=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "SHOWTABLES=off" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPWIRELESSINPUT=off" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPWIRELESSFORWARD=off" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "POLICY=MODE2" >> $(CONFIG_ROOT)/forward/settings
+ echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/forward/settings
+
+ # set rules.pl executable
+ chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
+
+ # set converters executable
+ chmod 755 /usr/sbin/convert-*
+
# Modify variables in header.pl
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
-e "s+VERSION+$(VERSION)+g" \
# Language files
cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/
-
+
# Configroot permissions
chown -R nobody:nobody $(CONFIG_ROOT)
chown root:root $(CONFIG_ROOT)
done
chown root:nobody $(CONFIG_ROOT)/dhcpc
- # Set outgoingfw.pl executable
- chmod 755 $(CONFIG_ROOT)/outgoing/bin/outgoingfw.pl
-
+
@$(POSTBUILD)
ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
ln -sf ../../firewall /etc/rc.d/init.d/networking/red.up/20-RL-firewall
- ln -sf ../../../../../usr/local/bin/outgoingfwctrl \
- /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
+ ln -sf ../../../../../usr/local/bin/forwardfwctrl \
+ /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
ln -sf ../../../../../usr/local/bin/snortctrl \
/etc/rc.d/init.d/networking/red.up/23-RS-snort
ln -sf ../../../../../usr/local/bin/qosctrl \
/etc/rc.d/init.d/networking/red.up/24-RS-qos
- ln -sf ../../../../../usr/local/bin/setportfw \
- /etc/rc.d/init.d/networking/red.up/25-portfw
- ln -sf ../../../../../usr/local/bin/setxtaccess \
- /etc/rc.d/init.d/networking/red.up/26-xtaccess
ln -sf ../../../../../usr/local/bin/dialctrl.pl \
/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
-
ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
ln -sf ../../firewall /etc/rc.d/init.d/networking/red.down/20-RL-firewall
ln -sf ../../../../../usr/local/bin/dialctrl.pl \
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
# SYN/FIN (QueSO or nmap OS probe)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
# NEW TCP without SYN
- /sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN
+ /sbin/iptables -A BADTCP -p tcp ! --syn -m conntrack --ctstate NEW -j NEWNOTSYN
- /sbin/iptables -A INPUT -j BADTCP
- /sbin/iptables -A FORWARD -j BADTCP
+ /sbin/iptables -A INPUT -p tcp -j BADTCP
+ /sbin/iptables -A FORWARD -p tcp -j BADTCP
-}
-
-iptables_red() {
- /sbin/iptables -F REDINPUT
- /sbin/iptables -F REDFORWARD
- /sbin/iptables -t nat -F REDNAT
-
- # PPPoE / PPTP Device
- if [ "$IFACE" != "" ]; then
- # PPPoE / PPTP
- if [ "$DEVICE" != "" ]; then
- /sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
- fi
- if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
- if [ "$RED_DEV" != "" ]; then
- /sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
- fi
- fi
- fi
-
- # PPTP over DHCP
- if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
- /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
- /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
- fi
-
- # Orange pinholes
- if [ "$ORANGE_DEV" != "" ]; then
- # This rule enables a host on ORANGE network to connect to the outside
- # (only if we have a red connection)
- if [ "$IFACE" != "" ]; then
- /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -o $IFACE -j ACCEPT
- fi
- fi
-
- if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
- # DHCP
- if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
- /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- fi
- if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
- /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- fi
-
- # Outgoing masquerading (don't masqerade IPSEC (mark 50))
- /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
- /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
-
- fi
-}
-
-# See how we were called.
-case "$1" in
- start)
- iptables_init
-
- # Limit Packets- helps reduce dos/syn attacks
- # original do nothing line
- #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
- # the correct one, but the negative '!' do nothing...
- #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN ! -m limit --limit 10/sec -j DROP
+ # Connection tracking chain
+ /sbin/iptables -N CONNTRACK
+ /sbin/iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
- /sbin/iptables -N GUARDIAN
- /sbin/iptables -A INPUT -j GUARDIAN
- /sbin/iptables -A FORWARD -j GUARDIAN
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
- /sbin/iptables -N OUTGOINGFW
- /sbin/iptables -N OUTGOINGFWMAC
- /sbin/iptables -A OUTPUT -j OUTGOINGFW
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+ # Guardian (IPS) chains
+ /sbin/iptables -N GUARDIAN
+ /sbin/iptables -A INPUT -j GUARDIAN
+ /sbin/iptables -A FORWARD -j GUARDIAN
+
+ # Block OpenVPN transfer networks
+ /sbin/iptables -N OVPNBLOCK
+ for i in INPUT FORWARD OUTPUT; do
+ /sbin/iptables -A ${i} -j OVPNBLOCK
+ done
+
+ # OpenVPN transfer network translation
+ /sbin/iptables -t nat -N OVPNNAT
+ /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
+
# IPTV chains for IGMPPROXY
/sbin/iptables -N IPTVINPUT
/sbin/iptables -A INPUT -j IPTVINPUT
/sbin/iptables -A INPUT -j GUIINPUT
/sbin/iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT
+ # Accept everything on loopback
+ /sbin/iptables -N LOOPBACK
+ /sbin/iptables -A LOOPBACK -i lo -j ACCEPT
+ /sbin/iptables -A LOOPBACK -o lo -j ACCEPT
+
+ # Filter all packets with loopback addresses on non-loopback interfaces.
+ /sbin/iptables -A LOOPBACK -s 127.0.0.0/8 -j DROP
+ /sbin/iptables -A LOOPBACK -d 127.0.0.0/8 -j DROP
+
+ for i in INPUT FORWARD OUTPUT; do
+ /sbin/iptables -A ${i} -j LOOPBACK
+ done
+
# Accept everything connected
- /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-
+ for i in INPUT FORWARD OUTPUT; do
+ /sbin/iptables -A ${i} -j CONNTRACK
+ done
+
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
/sbin/iptables -N IPSECINPUT
/sbin/iptables -N IPSECFORWARD
/sbin/iptables -N IPSECOUTPUT
- /sbin/iptables -N OPENSSLVIRTUAL
/sbin/iptables -A INPUT -j IPSECINPUT
- /sbin/iptables -A INPUT -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL INPUT"
/sbin/iptables -A FORWARD -j IPSECFORWARD
- /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
- /sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -N IPSECNAT
- /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
- # TOR
- /sbin/iptables -N TOR_INPUT
- /sbin/iptables -A INPUT -j TOR_INPUT
-
- # Outgoing Firewall
- /sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-
# localhost and ethernet.
- /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
- /sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
- /sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
- /sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
- /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
- /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
- /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp
- /sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
-
- # If a host on orange tries to initiate a connection to IPFire's red IP and
- # the connection gets DNATed back through a port forward to a server on orange
- # we end up with orange -> orange traffic passing through IPFire
- [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
-
+ /sbin/iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
+
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
-
- # OPenSSL
- /sbin/iptables -N OPENSSLPHYSICAL
- /sbin/iptables -A INPUT -j OPENSSLPHYSICAL
-
+
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
- /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
+ /sbin/iptables -A INPUT -m conntrack --ctstate NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
- /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
+ /sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
+
+ # TOR
+ /sbin/iptables -N TOR_INPUT
+ /sbin/iptables -A INPUT -j TOR_INPUT
+
+ # Jump into the actual firewall ruleset.
+ /sbin/iptables -N INPUTFW
+ /sbin/iptables -A INPUT -j INPUTFW
+
+ /sbin/iptables -N OUTGOINGFW
+ /sbin/iptables -A OUTPUT -j OUTGOINGFW
+
+ /sbin/iptables -N FORWARDFW
+ /sbin/iptables -A FORWARD -j FORWARDFW
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
iptables_red
- # DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
- # ORANGE to talk to GREEN / BLUE.
- /sbin/iptables -N DMZHOLES
- if [ "$ORANGE_DEV" != "" ]; then
- /sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
- fi
-
- # XTACCESS chain, used for external access
- /sbin/iptables -N XTACCESS
- /sbin/iptables -A INPUT -m state --state NEW -j XTACCESS
-
- # PORTFWACCESS chain, used for portforwarding
- /sbin/iptables -N PORTFWACCESS
- /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
-
- # Custom prerouting chains (for transparent proxy and port forwarding)
+ # Custom prerouting chains (for transparent proxy)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID
- /sbin/iptables -t nat -N PORTFW
- /sbin/iptables -t nat -A PREROUTING -j PORTFW
+
+ # DNAT rules
+ /sbin/iptables -t nat -N NAT_DESTINATION
+ /sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
+
+ # SNAT rules
+ /sbin/iptables -t nat -N NAT_SOURCE
+ /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW
/sbin/iptables -N UPNPFW
- /sbin/iptables -A FORWARD -m state --state NEW -j UPNPFW
-
- # Custom mangle chain (for port fowarding)
- /sbin/iptables -t mangle -N PORTFWMANGLE
- /sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE
-
- # Postrouting rules (for port forwarding)
- /sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
- --to-source $GREEN_ADDRESS
- if [ "$BLUE_DEV" != "" ]; then
- /sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
- fi
- if [ "$ORANGE_DEV" != "" ]; then
- /sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
- fi
+ /sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local start
fi
-
- # last rule in input and forward chain is for logging.
+
+ # run openvpn
+ /usr/local/bin/openvpnctrl --create-chains-and-rules
+
+ # run wirelessctrl
+ /usr/local/bin/wirelessctrl
+
+ #POLICY CHAIN
+ /sbin/iptables -N POLICYIN
+ /sbin/iptables -A INPUT -j POLICYIN
+ /sbin/iptables -N POLICYFWD
+ /sbin/iptables -A FORWARD -j POLICYFWD
+ /sbin/iptables -N POLICYOUT
+ /sbin/iptables -A OUTPUT -j POLICYOUT
+
+ /usr/sbin/firewall-policy
+
+ # read new firewall
+ /usr/local/bin/forwardfwctrl
if [ "$DROPINPUT" == "on" ]; then
- /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
- if [ "$DROPOUTPUT" == "on" ]; then
- /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
- /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
- ;;
- startovpn)
- # run openvpn
- /usr/local/bin/openvpnctrl --create-chains-and-rules
- ;;
- stop)
- iptables_init
- # Accept everyting connected
- /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+}
- # localhost and ethernet.
- /sbin/iptables -A INPUT -i lo -j ACCEPT
- /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT
+iptables_red() {
+ /sbin/iptables -F REDINPUT
+ /sbin/iptables -F REDFORWARD
+ /sbin/iptables -t nat -F REDNAT
- if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
- /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- fi
- if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then
- /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
- /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ # PPPoE / PPTP Device
+ if [ "$IFACE" != "" ]; then
+ # PPPoE / PPTP
+ if [ "$DEVICE" != "" ]; then
+ /sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
+ fi
+ if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
+ if [ "$RED_DEV" != "" ]; then
+ /sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
+ fi
+ fi
fi
- # run local firewall configuration, if present
- if [ -x /etc/sysconfig/firewall.local ]; then
- /etc/sysconfig/firewall.local stop
+ # PPTP over DHCP
+ if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
fi
- if [ "$DROPINPUT" == "on" ]; then
- /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
+ # Orange pinholes
+ if [ "$ORANGE_DEV" != "" ]; then
+ # This rule enables a host on ORANGE network to connect to the outside
+ # (only if we have a red connection)
+ if [ "$IFACE" != "" ]; then
+ /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -o $IFACE -j ACCEPT
+ fi
fi
- /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
- if [ "$DROPOUTPUT" == "on" ]; then
- /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
+
+ if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
+ # DHCP
+ if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+ if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+
+ # Outgoing masquerading (don't masqerade IPSEC (mark 50))
+ /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
+ /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+
fi
- /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
- ;;
- stopovpn)
- # stop openvpn
- /usr/local/bin/openvpnctrl --delete-chains-and-rules
- ;;
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ iptables_init
+ ;;
reload)
iptables_red
-
# run local firewall configuration, if present
- if [ -x /etc/sysconfig/firewall.local ]; then
+ if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local reload
fi
;;
restart)
- $0 stop
- $0 stopovpn
+ # run local firewall configuration, if present
+ if [ -x /etc/sysconfig/firewall.local ]; then
+ /etc/sysconfig/firewall.local stop
+ fi
$0 start
- $0 startovpn
;;
*)
- echo "Usage: $0 {start|stop|reload|restart}"
+ echo "Usage: $0 {start|reload|restart}"
exit 1
;;
esac
# (exit ${failed})
# evaluate_retval
- boot_mesg "Setting up DMZ pinholes"
- /usr/local/bin/setdmzholes; evaluate_retval
-
+
if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
boot_mesg "Setting up wireless firewall rules"
/usr/local/bin/wirelessctrl; evaluate_retval
COMPILE=$(CC) $(CFLAGS)
PROGS = iowrap
-SUID_PROGS = setdmzholes setportfw setxtaccess \
- squidctrl sshctrl ipfirereboot \
+SUID_PROGS = squidctrl sshctrl ipfirereboot \
ipsecctrl timectrl dhcpctrl snortctrl \
applejuicectrl rebuildhosts backupctrl \
- logwatch openvpnctrl outgoingfwctrl \
+ logwatch openvpnctrl forwardfwctrl \
wirelessctrl getipstat qosctrl launch-ether-wake \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
clamavctrl: clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
-outgoingfwctrl: outgoingfwctrl.c setuid.o ../install+setup/libsmooth/varval.o
- $(COMPILE) -I../install+setup/libsmooth/ outgoingfwctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
+
+forwardfwctrl: forwardfwctrl.c setuid.o ../install+setup/libsmooth/varval.o
+ $(COMPILE) -I../install+setup/libsmooth/ forwardfwctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+
timectrl: timectrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ timectrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
launch-ether-wake: launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-setdmzholes: setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o
- $(COMPILE) -I../install+setup/libsmooth/ setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
-setportfw: setportfw.c setuid.o ../install+setup/libsmooth/varval.o
- $(COMPILE) -I../install+setup/libsmooth/ setportfw.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
rebuildhosts: rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o -o $@
*
*/
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <fcntl.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
-
if (!(initsetuid()))
exit(1);
- safe_system("chmod 755 /var/ipfire/outgoing/bin/outgoingfw.pl");
- safe_system("/var/ipfire/outgoing/bin/outgoingfw.pl");
+ safe_system("/var/ipfire/forward/bin/rules.pl");
return 0;
}
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
+char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
char OVPNNAT[STRING_SIZE] = "OVPNNAT";
char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
executeCommand(str);
- sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
- executeCommand(str);
- sprintf(str, "/sbin/iptables -A %sFORWARD -i tun+ -j ACCEPT", chain);
- executeCommand(str);
}
void flushChain(char *chain) {
char str[STRING_SIZE];
- sprintf(str, "/sbin/iptables -F %sINPUT", chain);
+ sprintf(str, "/sbin/iptables -F %s", chain);
executeCommand(str);
- sprintf(str, "/sbin/iptables -F %sFORWARD", chain);
- executeCommand(str);
- safe_system(str);
}
void flushChainNAT(char *chain) {
executeCommand(str);
}
+void flushChainINPUT(char *chain) {
+ char str[STRING_SIZE];
+
+ snprintf(str, STRING_SIZE, "%sINPUT", chain);
+ flushChain(str);
+}
+
void deleteChainReference(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain);
executeCommand(str);
- safe_system(str);
- sprintf(str, "/sbin/iptables -D FORWARD -j %sFORWARD", chain);
- executeCommand(str);
- safe_system(str);
}
void deleteChain(char *chain) {
sprintf(str, "/sbin/iptables -X %sINPUT", chain);
executeCommand(str);
- sprintf(str, "/sbin/iptables -X %sFORWARD", chain);
- executeCommand(str);
}
void deleteAllChains(void) {
deleteChainReference(OVPNRED);
deleteChainReference(OVPNBLUE);
deleteChainReference(OVPNORANGE);
- flushChain(OVPNRED);
- flushChain(OVPNBLUE);
- flushChain(OVPNORANGE);
+ flushChainINPUT(OVPNRED);
+ flushChainINPUT(OVPNBLUE);
+ flushChainINPUT(OVPNORANGE);
deleteChain(OVPNRED);
deleteChain(OVPNBLUE);
deleteChain(OVPNORANGE);
+
+ // Only flush chains that are created by the firewall
+ flushChain(OVPNBLOCK);
+ flushChainNAT(OVPNNAT);
}
void createChainReference(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain);
executeCommand(str);
- sprintf(str, "/sbin/iptables -I FORWARD %s -j %sFORWARD", "12", chain);
- executeCommand(str);
}
void createChain(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -N %sINPUT", chain);
executeCommand(str);
- sprintf(str, "/sbin/iptables -N %sFORWARD", chain);
- executeCommand(str);
}
void createAllChains(void) {
freekeyvalues(kv);
// Flush all chains.
- flushChain(OVPNRED);
- flushChain(OVPNBLUE);
- flushChain(OVPNORANGE);
+ flushChainINPUT(OVPNRED);
+ flushChainINPUT(OVPNBLUE);
+ flushChainINPUT(OVPNORANGE);
+ flushChain(OVPNBLOCK);
flushChainNAT(OVPNNAT);
// set firewall rules
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
+ /* Block all communication from the transfer nets. */
+ snprintf(command, STRING_SIZE, "/sbin/iptables -A %s -s %s -j DROP",
+ OVPNBLOCK, conn->transfer_subnet);
+ executeCommand(command);
+
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);
+++ /dev/null
-/* SmoothWall helper program - setdmzhole\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Daniel Goscomb, 2001\r
- * \r
- * Modifications and improvements by Lawrence Manning.\r
- *\r
- * 10/04/01 Aslak added protocol support\r
- * This program reads the list of ports to forward and setups iptables\r
- * and rules in ipmasqadm to enable them.\r
- * \r
- * $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $\r
- * \r
- */\r
-#include "libsmooth.h"\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include "setuid.h"\r
-\r
-FILE *fwdfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if (fwdfile)\r
- fclose(fwdfile);\r
-}\r
-\r
-int main(void)\r
-{\r
- int count;\r
- char *protocol;\r
- char *locip;\r
- char *remip;\r
- char *remport;\r
- char *enabled;\r
- char *src_net;\r
- char *dst_net;\r
- char s[STRING_SIZE];\r
- char *result;\r
- struct keyvalue *kv = NULL;\r
- char orange_dev[STRING_SIZE] = "";\r
- char blue_dev[STRING_SIZE] = "";\r
- char green_dev[STRING_SIZE] = "";\r
- char *idev;\r
- char *odev;\r
- char command[STRING_SIZE];\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
- kv=initkeyvalues();\r
- if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
- {\r
- fprintf(stderr, "Cannot read ethernet settings\n");\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "GREEN_DEV", green_dev))\r
- {\r
- fprintf(stderr, "Cannot read GREEN_DEV\n");\r
- exit(1);\r
- }\r
- findkey(kv, "BLUE_DEV", blue_dev);\r
- findkey(kv, "ORANGE_DEV", orange_dev);\r
-\r
- if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open dmzholes settings file\n");\r
- exit(1);\r
- }\r
-\r
- safe_system("/sbin/iptables -F DMZHOLES");\r
-\r
- while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
- {\r
- if (s[strlen(s) - 1] == '\n')\r
- s[strlen(s) - 1] = '\0';\r
- result = strtok(s, ",");\r
- \r
- count = 0;\r
- protocol = NULL;\r
- locip = NULL; remip = NULL;\r
- remport = NULL;\r
- enabled = NULL;\r
- src_net = NULL;\r
- dst_net = NULL;\r
- idev = NULL;\r
- odev = NULL;\r
- \r
- while (result)\r
- {\r
- if (count == 0)\r
- protocol = result;\r
- else if (count == 1)\r
- locip = result;\r
- else if (count == 2)\r
- remip = result;\r
- else if (count == 3)\r
- remport = result;\r
- else if (count == 4)\r
- enabled = result;\r
- else if (count == 5)\r
- src_net = result;\r
- else if (count == 6)\r
- dst_net = result;\r
- count++;\r
- result = strtok(NULL, ",");\r
- }\r
-\r
- if (!(protocol && locip && remip && remport && enabled))\r
- {\r
- fprintf(stderr, "Bad line:\n");\r
- break;\r
- }\r
-\r
- if (!VALID_PROTOCOL(protocol))\r
- {\r
- fprintf(stderr, "Bad protocol: %s\n", protocol);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(remip))\r
- {\r
- fprintf(stderr, "Bad remote IP: %s\n", remip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(remport))\r
- {\r
- fprintf(stderr, "Bad remote port: %s\n", remport);\r
- exit(1);\r
- }\r
- \r
- if (!src_net) { src_net = strdup ("orange");}\r
- if (!dst_net) { dst_net = strdup ("green");}\r
- \r
- if (!strcmp(src_net, "blue")) { idev = blue_dev; }\r
- if (!strcmp(src_net, "orange")) { idev = orange_dev; }\r
- if (!strcmp(dst_net, "blue")) { odev = blue_dev; }\r
- if (!strcmp(dst_net, "green")) { odev = green_dev; }\r
- \r
- if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))\r
- {\r
- char *ctr;\r
- /* If remport contains a - we need to change it to a : */\r
- if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);\r
- safe_system(command);\r
- }\r
- }\r
-\r
- return 0;\r
-}\r
+++ /dev/null
-/* SmoothWall helper program - setportfw\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Daniel Goscomb, 2001\r
- * Copyright (c) 2002/04/13 Steve Bootes - Added source ip support for aliases\r
- * \r
- * Modifications and improvements by Lawrence Manning.\r
- *\r
- * 10/04/01 Aslak added protocol support\r
- * This program reads the list of ports to forward and setups iptables\r
- * and rules in ipmasqadm to enable them.\r
- *\r
- * 02/11/03 Darren Critchley modifications to allow it to open multiple\r
- * source ip addresses\r
- * 02/25/03 Darren Critchley modifications to allow port ranges\r
- * 04/01/03 Darren Critchley modifications to allow gre protocol\r
- * 20/04/03 Robert Kerr Fixed root exploit, validated all variables properly,\r
- * tidied up the iptables logic, killed duplicated code,\r
- * removed srciptmp (unecessary)\r
- *\r
- * $Id: setportfw.c,v 1.3.2.6 2005/08/24 18:44:19 gespinasse Exp $\r
- * \r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include "libsmooth.h"\r
-#include "setuid.h"\r
-\r
-struct keyvalue *kv = NULL;\r
-FILE *fwdfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if(kv)\r
- freekeyvalues(kv);\r
- if (fwdfile)\r
- fclose(fwdfile);\r
-}\r
-\r
-int main(void)\r
-{\r
- FILE *ipfile = NULL, *ifacefile = NULL;\r
- int count;\r
- char iface[STRING_SIZE] ="";
- char locip[STRING_SIZE] ="";
- char greenip[STRING_SIZE] ="", greenmask[STRING_SIZE] ="";
- char bluedev[STRING_SIZE] ="", blueip[STRING_SIZE] ="", bluemask[STRING_SIZE] ="";
- char orangedev[STRING_SIZE] ="", orangeip[STRING_SIZE] ="", orangemask[STRING_SIZE] ="";
- char *protocol;\r
- char *srcip;\r
- char *locport;\r
- char *remip;\r
- char *remport;\r
- char *origip;\r
- char *enabled;\r
- char s[STRING_SIZE];\r
- char *result;\r
- char *key1;\r
- char *key2;\r
- char command[STRING_SIZE];\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
- /* Read in and verify config */\r
- kv=initkeyvalues();\r
-\r
- if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
- {\r
- fprintf(stderr, "Cannot read ethernet settings\n");\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "GREEN_ADDRESS", greenip))\r
- {\r
- fprintf(stderr, "Cannot read GREEN_ADDRESS\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(greenip))\r
- {\r
- fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "GREEN_NETMASK", greenmask))\r
- {\r
- fprintf(stderr, "Cannot read GREEN_NETMASK\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(greenmask))\r
- {\r
- fprintf(stderr, "Bad GREEN_NETMASK: %s\n", greenmask);\r
- exit(1);\r
- }\r
-\r
- /* Get the BLUE interface details */\r
- findkey(kv, "BLUE_DEV", bluedev);\r
-\r
- if (strlen(bluedev))\r
- {\r
-\r
- if (!VALID_DEVICE(bluedev))\r
- {\r
- fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "BLUE_ADDRESS", blueip))\r
- {\r
- fprintf(stderr, "Cannot read BLUE_ADDRESS\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(blueip))\r
- {\r
- fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "BLUE_NETMASK", bluemask))\r
- {\r
- fprintf(stderr, "Cannot read BLUE_NETMASK\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(bluemask))\r
- {\r
- fprintf(stderr, "Bad BLUE_NETMASK: %s\n", bluemask);\r
- exit(1);\r
- }\r
-\r
- }\r
-\r
- /* Get the ORANGE interface details */\r
- findkey(kv, "ORANGE_DEV", orangedev);\r
-\r
- if (strlen(orangedev))\r
- {\r
-\r
- if (!VALID_DEVICE(orangedev))\r
- {\r
- fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "ORANGE_ADDRESS", orangeip))\r
- {\r
- fprintf(stderr, "Cannot read ORANGE_ADDRESS\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(orangeip))\r
- {\r
- fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);\r
- exit(1);\r
- }\r
-\r
- if (!findkey(kv, "ORANGE_NETMASK", orangemask))\r
- {\r
- fprintf(stderr, "Cannot read ORANGE_NETMASK\n");\r
- exit(1);\r
- }\r
-\r
- if (!VALID_IP(orangemask))\r
- {\r
- fprintf(stderr, "Bad ORANGE_NETMASK: %s\n", orangemask);\r
- exit(1);\r
- }\r
-\r
- }\r
-\r
-\r
- if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open local ip file\n");\r
- exit(1);\r
- }\r
- fgets(locip, STRING_SIZE, ipfile);\r
- if (locip[strlen(locip) - 1] == '\n')\r
- locip[strlen(locip) - 1] = '\0';\r
- fclose (ipfile);\r
- if (!VALID_IP(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
- \r
- if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open iface file\n");\r
- exit(1);\r
- }\r
- fgets(iface, STRING_SIZE, ifacefile);\r
- if (iface[strlen(iface) - 1] == '\n')\r
- iface[strlen(iface) - 1] = '\0';\r
- fclose (ifacefile);\r
- if (!VALID_DEVICE(iface))\r
- {\r
- fprintf(stderr, "Bad iface: %s\n", iface);\r
- exit(1);\r
- }\r
- \r
- if (!(fwdfile = fopen(CONFIG_ROOT "/portfw/config", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open portfw settings file\n");\r
- exit(1);\r
- }\r
-\r
- safe_system("/sbin/iptables -t nat -F PORTFW");\r
- safe_system("/sbin/iptables -t mangle -F PORTFWMANGLE");\r
- safe_system("/sbin/iptables -F PORTFWACCESS");\r
-\r
- while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
- {\r
- if (s[strlen(s) - 1] == '\n')\r
- s[strlen(s) - 1] = '\0';\r
- result = strtok(s, ",");\r
-\r
- count = 0;\r
- key1 = NULL;\r
- key2 = NULL;\r
- protocol = NULL;\r
- srcip = NULL;\r
- locport = NULL;\r
- remip = NULL;\r
- origip = NULL;\r
- remport = NULL;\r
- enabled = NULL;\r
- while (result)\r
- {\r
- if (count == 0)\r
- key1 = result;\r
- else if (count == 1)\r
- key2 = result;\r
- else if (count == 2)\r
- protocol = result;\r
- else if (count == 3)\r
- locport = result;\r
- else if (count == 4)\r
- remip = result;\r
- else if (count == 5)\r
- remport = result;\r
- else if (count == 6)\r
- enabled = result;\r
- else if (count == 7)\r
- srcip = result;\r
- else if (count == 8)\r
- origip = result;\r
- count++;\r
- result = strtok(NULL, ",");\r
- }\r
- \r
- if (!(key1 && key2 && protocol && locport && remip && remport && enabled\r
- && srcip && origip))\r
- break;\r
- \r
- if (!VALID_PROTOCOL(protocol))\r
- {\r
- fprintf(stderr, "Bad protocol: %s\n", protocol);\r
- exit(1);\r
- }\r
- if (strcmp(protocol, "gre") == 0)\r
- {\r
- locport = "0";\r
- remport = "0";\r
- }\r
- if (strcmp(origip,"0") && !VALID_IP_AND_MASK(origip))\r
- {\r
- fprintf(stderr, "Bad IP: %s\n", origip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(locport))\r
- {\r
- fprintf(stderr, "Bad local port: %s\n", locport);\r
- exit(1);\r
- }\r
- if (!VALID_IP(remip))\r
- {\r
- fprintf(stderr, "Bad remote IP: %s\n", remip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(remport))\r
- {\r
- fprintf(stderr, "Bad remote port: %s\n", remport);\r
- exit(1);\r
- }\r
-\r
- /* check for source ip in config file. If it's there\r
- * and it's not 0.0.0.0, use it; else use the\r
- * local ip address. (This makes sure we can use old-style\r
- * config files without the source ip) */\r
- if (!srcip || !strcmp(srcip, "0.0.0.0"))\r
- srcip = locip;\r
- if (strcmp(srcip,"0") && !VALID_IP(srcip))\r
- {\r
- fprintf(stderr, "Bad source IP: %s\n", srcip);\r
- exit(1);\r
- }\r
-\r
- /* This may seem complicated... refer to portfw.pl for an explanation of\r
- * the keys and their meaning in certain circumstances */\r
- \r
- if (strcmp(enabled, "on") == 0)\r
- {\r
-\r
- /* If key2 is a zero, then it is a portfw command, otherwise it is an\r
- * external access command */\r
- if (strcmp(key2, "0") == 0) \r
- {\r
- memset(command, 0, STRING_SIZE);\r
- if (strcmp(protocol, "gre") == 0)\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A PORTFW -p %s -d %s -j DNAT --to %s", protocol, srcip, remip);\r
- else \r
- {\r
- char *ctr;\r
- /* If locport contains a - we need to change it to a : */\r
- if ((ctr = strchr(locport, '-')) != NULL) {*ctr = ':';}\r
- /* If remport contains a : we need to change it to a - */\r
- if ((ctr = strchr(remport,':')) != NULL){*ctr = '-';}\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A PORTFW -p %s -d %s --dport %s -j DNAT --to %s:%s", protocol, srcip, locport, remip, remport);\r
- safe_system(command);\r
- /* Now if remport contains a - we need to change it to a : */\r
- if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 1", protocol, greenip, greenmask, srcip, locport);\r
- if (strlen(bluedev))\r
- {\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 2", protocol, blueip, bluemask, srcip, locport);\r
- }\r
- if (strlen(orangedev))\r
- {\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 3", protocol, orangeip, orangemask, srcip, locport);\r
- }\r
- }\r
- safe_system(command);\r
- }\r
-\r
- /* if key2 is not "0" then it's an external access rule, if key2 is "0"\r
- * then the portfw rule may contain external access information if origip\r
- * is not "0" (the only defined not 0 value seems to be 0.0.0.0 - open\r
- * to all; again, check portfw.pl for more details) */\r
- if(strcmp(key2, "0") || strcmp(origip,"0") )\r
- {\r
- memset(command, 0, STRING_SIZE);\r
- if (strcmp(protocol, "gre") == 0)\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A PORTFWACCESS -i %s -p %s -s %s -d %s -j ACCEPT", iface, protocol, origip, remip);\r
- else\r
- {\r
- char *ctr;\r
- /* If remport contains a - we need to change it to a : */\r
- if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A PORTFWACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT", iface, protocol, origip, remip, remport);\r
- }\r
- safe_system(command);\r
- }\r
- }\r
- }\r
-\r
- return 0;\r
-}\r
+++ /dev/null
-/* SmoothWall helper program - setxtaccess\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Daniel Goscomb, 2001\r
- * \r
- * Modifications and improvements by Lawrence Manning.\r
- *\r
- * 10/04/01 Aslak added protocol support\r
- * \r
- * (c) Steve Bootes 2002/04/14 - Added source IP support for aliases\r
- *\r
- * 19/04/03 Robert Kerr Fixed root exploit\r
- *\r
- * $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $\r
- * \r
- */\r
-\r
-#include <stdio.h>\r
-#include <stdlib.h>\r
-#include <string.h>\r
-#include "setuid.h"\r
-\r
-FILE *ifacefile = NULL;\r
-FILE *fwdfile = NULL;\r
-FILE *ipfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if (fwdfile)\r
- fclose(fwdfile);\r
-}\r
-\r
-int main(void)\r
-{\r
- char iface[STRING_SIZE] = "";\r
- char locip[STRING_SIZE] = "";\r
- char s[STRING_SIZE] = "";\r
- int count;\r
- char *protocol;\r
- char *destip;\r
- char *remip;\r
- char *locport;\r
- char *enabled;\r
- char *information;\r
- char *result;\r
- char command[STRING_SIZE];\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
- if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open local ip file\n");\r
- exit(1);\r
- }\r
- if (fgets(locip, STRING_SIZE, ipfile))\r
- {\r
- if (locip[strlen(locip) - 1] == '\n')\r
- locip[strlen(locip) - 1] = '\0';\r
- }\r
- fclose (ipfile);\r
- if (!VALID_IP(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
-\r
- if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open iface file\n");\r
- exit(1);\r
- }\r
- if (fgets(iface, STRING_SIZE, ifacefile))\r
- {\r
- if (iface[strlen(iface) - 1] == '\n')\r
- iface[strlen(iface) - 1] = '\0';\r
- }\r
- fclose (ifacefile);\r
- if (!VALID_DEVICE(iface))\r
- {\r
- fprintf(stderr, "Bad iface: %s\n", iface);\r
- exit(1);\r
- }\r
- \r
- if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open xtaccess settings file\n");\r
- exit(1);\r
- }\r
-\r
- safe_system("/sbin/iptables -F XTACCESS");\r
-\r
- while (fgets(s, STRING_SIZE, fwdfile) != NULL)\r
- {\r
- if (s[strlen(s) - 1] == '\n')\r
- s[strlen(s) - 1] = '\0';\r
- count = 0;\r
- protocol = NULL;\r
- remip = NULL;\r
- destip = NULL;\r
- locport = NULL;\r
- enabled = NULL;\r
- information = NULL;\r
- result = strtok(s, ",");\r
- while (result)\r
- {\r
- if (count == 0)\r
- protocol = result;\r
- else if (count == 1)\r
- remip = result;\r
- else if (count == 2)\r
- locport = result;\r
- else if (count == 3)\r
- enabled = result;\r
- else if (count == 4)\r
- destip = result;\r
- else\r
- information = result;\r
- count++;\r
- result = strtok(NULL, ",");\r
- }\r
-\r
- if (!(protocol && remip && locport && enabled))\r
- break;\r
- \r
- if (!VALID_PROTOCOL(protocol))\r
- {\r
- fprintf(stderr, "Bad protocol: %s\n", protocol);\r
- exit(1);\r
- }\r
- if (!VALID_IP_AND_MASK(remip))\r
- {\r
- fprintf(stderr, "Bad remote IP: %s\n", remip);\r
- exit(1);\r
- }\r
- if (!VALID_PORT_RANGE(locport))\r
- {\r
- fprintf(stderr, "Bad local port: %s\n", locport);\r
- exit(1);\r
- }\r
-\r
- /* check for destination ip in config file. If it's there\r
- * and it's not 0.0.0.0, use it; else use the current\r
- * local ip address. (This makes sure we can use old-style\r
- * config files without the destination ip) */\r
- if (!destip || !strcmp(destip, "0.0.0.0"))\r
- destip = locip;\r
- if (!VALID_IP(destip))\r
- {\r
- fprintf(stderr, "Bad destination IP: %s\n", remip);\r
- exit(1);\r
- }\r
-\r
- if (strcmp(enabled, "on") == 0)\r
- {\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",\r
- iface, protocol, remip, destip, locport);\r
- safe_system(command);\r
- }\r
- }\r
- \r
- return 0;\r
-}\r
(VALID_IP_AND_MASK(ipaddress))) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
- safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev);
safe_system(command);
} else {
if (strlen(macaddress) == 17) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
- safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev);
safe_system(command);
}
if (VALID_IP_AND_MASK(ipaddress)) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
- safe_system(command);
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j RETURN", ipaddress, blue_dev);
safe_system(command);
}
}
-diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_updown/_updown.in
---- strongswan-4.5.3.org/src/_updown/_updown.in 2010-10-22 16:33:30.000000000 +0200
-+++ strongswan-4.5.3/src/_updown/_updown.in 2011-09-13 14:19:31.000000000 +0200
-@@ -183,6 +183,29 @@
+diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
+index 3a40e21..d9f3ea0 100644
+--- a/src/_updown/_updown.in
++++ b/src/_updown/_updown.in
+@@ -193,6 +193,29 @@ custom:*) # custom parameters (see above CAUTION comment)
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
-@@ -387,12 +410,12 @@
+@@ -397,12 +420,12 @@ up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
#
# log IPsec host connection setup
if [ $VPN_LOGGING ]
-@@ -400,10 +423,10 @@
+@@ -410,10 +433,10 @@ up-host:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
fi
fi
;;
-@@ -411,12 +434,12 @@
+@@ -421,12 +444,12 @@ down-host:iptables)
# connection to me, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
#
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
-@@ -424,10 +447,10 @@
+@@ -434,10 +457,10 @@ down-host:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
fi
fi
;;
-@@ -437,10 +460,10 @@
+@@ -447,24 +470,24 @@ up-client:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
then
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
+ iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
++ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
fi
-@@ -449,12 +472,12 @@
+ #
+ # a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
fi
#
# log IPsec client connection setup
-@@ -463,12 +486,51 @@
+@@ -473,12 +496,51 @@ up-client:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
;;
down-client:iptables)
# connection to client subnet, with (left/right)firewall=yes, going down
-@@ -476,11 +538,11 @@
+@@ -486,28 +548,28 @@ down-client:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
then
+ iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
-@@ -490,14 +552,14 @@
+- $IPSEC_POLICY_IN -j ACCEPT
++ $IPSEC_POLICY_IN -j RETURN
+ fi
+ #
+ # a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
fi
#
# log IPsec client connection teardown
-@@ -506,12 +568,51 @@
+@@ -516,12 +578,51 @@ down-client:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
;;
#
# IPv6
-@@ -546,10 +647,10 @@
+@@ -556,10 +657,10 @@ up-host-v6:iptables)
# connection to me, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
-@@ -570,10 +671,10 @@
+@@ -580,10 +681,10 @@ down-host-v6:iptables)
# connection to me, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
-@@ -596,10 +697,10 @@
+@@ -606,10 +707,10 @@ up-client-v6:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
then
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
fi
-@@ -608,10 +709,10 @@
+@@ -618,10 +719,10 @@ up-client-v6:iptables)
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
-s $PLUTO_MY_CLIENT $S_MY_PORT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
-@@ -635,11 +736,11 @@
+@@ -645,11 +746,11 @@ down-client-v6:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
then
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT \
$IPSEC_POLICY_IN -j ACCEPT
-@@ -649,11 +750,11 @@
+@@ -659,11 +760,11 @@ down-client-v6:iptables)
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
projects / people / teissler / ipfire-2.x.git / commitdiff
