}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
$defaultNetworks{'GREEN_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'GREEN_NETMASK'});
$green="$defaultNetworks{'GREEN_ADDRESS'}/$defaultNetworks{'GREEN_NETMASK'}";
- if ($defaultNetworks{'ORANGE_DEV'}){
- $defaultNetworks{'ORANGE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'ORANGE_NETMASK'});
- $orange="$defaultNetworks{'ORANGE_ADDRESS'}/$defaultNetworks{'ORANGE_NETMASK'}";
- #set default rules for DMZ
- system ("iptables -A $CHAIN -s $orange -d $green -j RETURN");
- }
if ($defaultNetworks{'BLUE_DEV'}){
$defaultNetworks{'BLUE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'BLUE_NETMASK'});
$blue="$defaultNetworks{'BLUE_ADDRESS'}/$defaultNetworks{'BLUE_NETMASK'}";
#set default rules for BLUE
system ("iptables -A $CHAIN -s $blue -d $green -j RETURN");
}
+ if ($defaultNetworks{'ORANGE_DEV'}){
+ $defaultNetworks{'ORANGE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'ORANGE_NETMASK'});
+ $orange="$defaultNetworks{'ORANGE_ADDRESS'}/$defaultNetworks{'ORANGE_NETMASK'}";
+ #set default rules for DMZ
+ system ("iptables -A $CHAIN -s $orange -d $green -j RETURN");
+ if ($defaultNetworks{'BLUE_DEV'}){
+ system ("iptables -A $CHAIN -s $orange -d $blue -j RETURN");
+ }
+ }
+
&p2pblock;
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
system ("/usr/sbin/firewall-forward-policy");
&viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" );
&viewtablenew(\%configfwdfw,$configfwdfw,'',"DMZ" );
+ &viewtablenew(\%configfwdfw,$configfwdfw,'',"WLAN" );
&viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} );
}
sub viewtablenew
#check if there are DMZ entries
if ($title1 eq 'DMZ'){
foreach my $key (keys %$hash){
- if ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE'){$go='on';}
+ if ($$hash{$key}[4] eq 'ORANGE'){$go='on';last}
}
- }elsif( ! -z "$config" ){
+ }elsif($title1 eq 'WLAN'){
+ foreach my $key (keys %$hash){
+ if ($$hash{$key}[4] eq 'BLUE'){$go='on';last}
+ }
+ }elsif($title1 eq 'Forward'){
+ foreach my $key (keys %$hash){
+ if (($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[4] ne 'BLUE')){$go='on';last}
+ }
+ }elsif( ! -z $config){
$go='on';
}
if($go ne ''){
print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' ><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center'><b>$Lang::tr{'protocol'}</b></td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
foreach my $key (sort {$a <=> $b} keys %$hash){
#check if we have a FORWARDFW OR DMZ RULE
- if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE' && $$hash{$key}[6] ne 'ORANGE')){next;}
- if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[6] eq 'ORANGE')){next;}
+ if ($title1 eq 'DMZ' && ($$hash{$key}[4] ne 'ORANGE')){next;}
+ if ($title1 eq 'WLAN' && ($$hash{$key}[4] ne 'BLUE')){next;}
+ if ($title1 eq 'Forward' && ($$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE')){next;}
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
projects / people / teissler / ipfire-2.x.git / commitdiff
