Forward Firewall: fixed 12 Bugs from forum.
authorAlexander Marx <amarx@ipfire.org>
Wed, 9 Jan 2013 09:22:32 +0000 (10:22 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:08:04 +0000 (14:08 +0200)
1) Added more possible chars in remark: : / .
2) Added "Internet" to std networks to be able to define internetaccess
3) When renaming a custom address, the firewallrules get updated
4) Ports are now ignored when using GRE as Protocol
5) When saving a customservice, the cursor is now in first textfield
6) Added a customservices file to installation with predefined services
7) Added ESP as protocol
8) Fixed counterproblem
9) Dropdownboxes for customservices and groups now sorted
10) Firewallrules now sorted in right order
11) fixed a Bug when defining manual address in source and target, the hint message is no longer displayed
12) When defining an external access rule, the last forwardrule was deleted

14 files changed:
config/forwardfw/firewall-forward-policy [new file with mode: 0755]
config/forwardfw/firewall-lib.pl
config/forwardfw/rules.pl
config/rootfiles/common/apache2
config/rootfiles/common/stage2
html/cgi-bin/dmzholes.cgi [deleted file]
html/cgi-bin/forwardfw.cgi
html/cgi-bin/fwhosts.cgi
html/cgi-bin/optionsfw.cgi
html/cgi-bin/outgoingfw.cgi [deleted file]
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/configroot
src/initscripts/init.d/firewall

diff --git a/config/forwardfw/firewall-forward-policy b/config/forwardfw/firewall-forward-policy
new file mode 100755 (executable)
index 0000000..aec71e2
--- /dev/null
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+
+iptables -F POLICY
+
+if [ "$POLICY" == "MODE1" ]; then
+       
+               if [ "$FWPOLICY" == "REJECT" ]; then
+                       if [ "$DROPFORWARD" == "on" ]; then
+                               /sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+                       fi
+                       /sbin/iptables -A POLICY -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
+               fi
+               if [ "$FWPOLICY" == "DROP" ]; then
+                       if [ "$DROPFORWARD" == "on" ]; then
+                               /sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+                       fi
+                       /sbin/iptables -A POLICY -j DROP -m comment --comment "DROP_OUTPUT"
+               fi
+fi
+
+
index 24b990c7727634be4b97b2f232e8ee8cdcf718c6..44c0079b7c383ec28a103772d6a47d0ad9564f12 100755 (executable)
@@ -215,6 +215,8 @@ sub get_std_net_ip
                return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
        }elsif($val eq 'BLUE'){
                return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+       }elsif($val eq 'RED'){
+               return "0.0.0.0/0 -o red0";
        }elsif($val =~ /OpenVPN/i){
                return "$ovpnsettings{'DOVPN_SUBNET'}";
        }elsif($val =~ /IPsec/i){
index 960951fc00fc7df4d176e333c06371a31fd7852c..953aad0bc0c6587d9aa4ceca5db5a6eb5bd17390 100755 (executable)
@@ -88,10 +88,11 @@ if($param eq 'flush'){
        &preparerules;
        if($MODE eq '0'){
                if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
-                       #system ("iptables -A $CHAIN -j DROP"); 
+                       system ("/usr/sbin/firewall-forward-policy"); 
                }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
-                       #system ("iptables -A $CHAIN -j ACCEPT");
+                       system ("/usr/sbin/firewall-forward-policy"); 
                }elsif($fwdfwsettings{'POLICY'} eq 'MODE0' || $fwdfwsettings{'POLICY'} eq 'MODE2'){
+                       system ("/usr/sbin/firewall-forward-policy"); 
                        system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
                }
        }
@@ -113,9 +114,7 @@ sub preparerules
 }
 sub buildrules
 {
-       
        my $hash=shift;
-       
        foreach my $key (sort keys %$hash){
                if($$hash{$key}[2] eq 'ON'){
                        #get source ip's
@@ -163,7 +162,7 @@ sub buildrules
                        if ($DPROT eq ''){$DPROT=' ';}                          
                        @DPROT=split(",",$DPROT);
 
-       
+
                        #get time if defined
                        if($$hash{$key}[18] eq 'ON'){
                                if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
@@ -178,7 +177,7 @@ sub buildrules
                                $TIMETILL="--timestop $$hash{$key}[27] ";
                                $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
                        }
-                                       
+
                        if ($MODE eq '1'){      
                                print "NR:$key ";
                                foreach my $i (0 .. $#{$$hash{$key}}){
@@ -187,7 +186,7 @@ sub buildrules
                                print "\n";
                                print"##################################\n";
                                #print rules to console
-                               
+
                                foreach my $DPROT (@DPROT){
                                        $DPORT = &get_port($hash,$key,$DPROT);
                                        if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
@@ -206,7 +205,7 @@ sub buildrules
                                        }
                                        print"\n";
                                }
-                       
+
                        }elsif($MODE eq '0'){
                                foreach my $DPROT (@DPROT){
                                        $DPORT = &get_port($hash,$key,$DPROT);
@@ -302,11 +301,12 @@ sub get_port
        if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
                if ($$hash{$key}[10] ne ''){
                        return "--sport $$hash{$key}[10] ";
-               }elsif($$hash{$key}[9] ne ''){
+               }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
                        return "--icmp-type $$hash{$key}[9] ";
+               }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+                       return;
                }
        }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
-               
                if($$hash{$key}[14] eq 'TGT_PORT'){
                        if ($$hash{$key}[15] ne ''){
                                return "--dport $$hash{$key}[15] ";
@@ -330,8 +330,6 @@ sub get_port
                        elsif($prot eq 'ICMP'){
                                return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
                        }
-                       
-                       
                }
        }
 }
index 5d5195fba2a2bea5cb66a7a31a1e08ea2a892ff9..d57390443d5a1f13b0199985ab41b4b326986851 100644 (file)
@@ -1390,7 +1390,7 @@ srv/web/ipfire/cgi-bin/credits.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
 srv/web/ipfire/cgi-bin/ddns.cgi
 srv/web/ipfire/cgi-bin/dhcp.cgi
-srv/web/ipfire/cgi-bin/dmzholes.cgi
+#srv/web/ipfire/cgi-bin/dmzholes.cgi
 srv/web/ipfire/cgi-bin/extrahd.cgi
 srv/web/ipfire/cgi-bin/fireinfo.cgi
 srv/web/ipfire/cgi-bin/forwardfw.cgi
index 1e91b37438ca79f0a708841013680160ae77957f..4755f07f077c3fc5d1af48e5086e2760c255b339 100644 (file)
@@ -109,6 +109,7 @@ usr/local/bin/update-lang-cache
 #usr/local/src
 #usr/sbin
 usr/sbin/ovpn-ccd-convert
+usr/sbin/firewall-forward-policy
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
diff --git a/html/cgi-bin/dmzholes.cgi b/html/cgi-bin/dmzholes.cgi
deleted file mode 100644 (file)
index 5c16f00..0000000
+++ /dev/null
@@ -1,446 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-use strict;
-
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-#workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );
-undef (@dummy);
-
-my %cgiparams=();
-my %checked=();
-my %selected=();
-my %netsettings=();
-my $errormessage = '';
-my $filename = "${General::swroot}/dmzholes/config";
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'REMARK'} = '';
-$cgiparams{'ACTION'} = '';
-$cgiparams{'SRC_IP'} = '';
-$cgiparams{'DEST_IP'} ='';
-$cgiparams{'DEST_PORT'} = '';
-&Header::getcgihash(\%cgiparams);
-
-open(FILE, $filename) or die 'Unable to open config file.';
-my @current = <FILE>;
-close(FILE);
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
-{
-       unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
-       unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }
-       unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}
-       unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
-       unless ($errormessage) {
-               $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }
-       # Darren Critchley - Remove commas from remarks
-       $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
-
-       unless ($errormessage)
-       {
-               if($cgiparams{'EDITING'} eq 'no') {
-                       open(FILE,">>$filename") or die 'Unable to open config file.';
-                       flock FILE, 2;
-                       print FILE "$cgiparams{'PROTOCOL'},";           # [0]
-                       print FILE "$cgiparams{'SRC_IP'},";             # [1]
-                       print FILE "$cgiparams{'DEST_IP'},";            # [2]
-                       print FILE "$cgiparams{'DEST_PORT'},";          # [3]
-                       print FILE "$cgiparams{'ENABLED'},";            # [4]
-                       print FILE "$cgiparams{'SRC_NET'},";            # [5]
-                       print FILE "$cgiparams{'DEST_NET'},";           # [6]
-                       print FILE "$cgiparams{'REMARK'}\n";            # [7]
-               } else {
-                       open(FILE,">$filename") or die 'Unable to open config file.';
-                       flock FILE, 2;
-                       my $id = 0;
-                       foreach my $line (@current)
-                       {
-                               $id++;
-                               if ($cgiparams{'EDITING'} eq $id) {
-                                       print FILE "$cgiparams{'PROTOCOL'},";           # [0]
-                                       print FILE "$cgiparams{'SRC_IP'},";             # [1]
-                                       print FILE "$cgiparams{'DEST_IP'},";            # [2]
-                                       print FILE "$cgiparams{'DEST_PORT'},";          # [3]
-                                       print FILE "$cgiparams{'ENABLED'},";            # [4]
-                                       print FILE "$cgiparams{'SRC_NET'},";            # [5]
-                                       print FILE "$cgiparams{'DEST_NET'},";           # [6]
-                                       print FILE "$cgiparams{'REMARK'}\n";            # [7]
-                               } else { print FILE "$line"; }
-                       }
-               }
-               close(FILE);
-               undef %cgiparams;
-               &General::log($Lang::tr{'dmz pinhole rule added'});
-               system('/usr/local/bin/setdmzholes');
-       }
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
-{
-       my $id = 0;
-       open(FILE, ">$filename") or die 'Unable to open config file.';
-       flock FILE, 2;
-       foreach my $line (@current)
-       {
-               $id++;
-               unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
-       }
-       close(FILE);
-       system('/usr/local/bin/setdmzholes');
-       &General::log($Lang::tr{'dmz pinhole rule removed'});
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
-{
-       my $id = 0;
-       open(FILE, ">$filename") or die 'Unable to open config file.';
-       flock FILE, 2;
-       foreach my $line (@current)
-       {
-               $id++;
-               unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
-               else
-               {
-                       chomp($line);
-                       my @temp = split(/\,/,$line);
-                       print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";
-               }
-       }
-       close(FILE);
-       system('/usr/local/bin/setdmzholes');
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
-{
-       my $id = 0;
-       foreach my $line (@current)
-       {
-               $id++;
-               if ($cgiparams{'ID'} eq $id)
-               {
-                       chomp($line);
-                       my @temp = split(/\,/,$line);
-                       $cgiparams{'PROTOCOL'} = $temp[0];
-                       $cgiparams{'SRC_IP'} = $temp[1];
-                       $cgiparams{'DEST_IP'} = $temp[2];
-                       $cgiparams{'DEST_PORT'} = $temp[3];
-                       $cgiparams{'ENABLED'} = $temp[4];
-                       $cgiparams{'SRC_NET'} = $temp[5];
-                       $cgiparams{'DEST_NET'} = $temp[6];
-                       $cgiparams{'REMARK'} = $temp[7];
-               }
-       }
-}
-
-if ($cgiparams{'ACTION'} eq '')
-{
-       $cgiparams{'PROTOCOL'} = 'tcp';
-       $cgiparams{'ENABLED'} = 'on';
-       $cgiparams{'SRC_NET'} = 'orange';
-       $cgiparams{'DEST_NET'} = 'blue';
-}
-
-$selected{'PROTOCOL'}{'udp'} = '';
-$selected{'PROTOCOL'}{'tcp'} = '';
-$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
-
-$selected{'SRC_NET'}{'orange'} = '';
-$selected{'SRC_NET'}{'blue'} = '';
-$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";
-
-$selected{'DEST_NET'}{'blue'} = '';
-$selected{'DEST_NET'}{'green'} = '';
-$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";
-
-$checked{'ENABLED'}{'off'} = '';
-$checked{'ENABLED'}{'on'} = '';
-$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
-
-&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');
-
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-if ($errormessage) {
-       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
-       print "<class name='base'>$errormessage\n";
-       print "&nbsp;</class>\n";
-       &Header::closebox();
-}
-
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
-
-my $buttonText = $Lang::tr{'add'};
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
-       &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
-       $buttonText = $Lang::tr{'update'};
-} else {
-       &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
-}
-print <<END
-<table width='100%'>
-<tr>
-<td>
-       <select name='PROTOCOL'>
-               <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
-               <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
-       </select>
-</td>
-<td>
-       $Lang::tr{'source net'}:</td>
-<td>
-       <select name='SRC_NET'>
-END
-;
-       if (&haveOrangeNet()) {
-               print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";
-       }
-       if (&haveBlueNet()) {
-               print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
-       }
-print <<END
-       </select>
-</td>
-<td class='base'>$Lang::tr{'source ip or net'}:</td>
-<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>
-</tr>
-<tr>
-<td>
-       &nbsp;</td>
-<td>
-       $Lang::tr{'destination net'}:</td>
-<td>
-       <select name='DEST_NET'>
-END
-;
-       if (&haveOrangeNet() && &haveBlueNet()) {
-               print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
-       }
-
-print <<END
-               <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>
-       </select>
-</td>
-<td class='base'>
-       $Lang::tr{'destination ip or net'}:</td>
-<td>
-       <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />
-</td>
-<td class='base'>
-       $Lang::tr{'destination port'}:&nbsp;
-       <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
-</td>
-</tr>
-</table>
-<table width='100%'>
-       <tr>
-               <td colspan='3' width='50%' class='base'>
-                       <font class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></font>
-                       <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />
-               </td>
-       </tr>
-       <tr>
-               <td class='base' width='50%'>
-                       <img src='/blob.gif' alt ='*' align='top' />&nbsp;
-                       <font class='base'>$Lang::tr{'this field may be blank'}</font>
-               </td>
-               <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
-               <td width='25%' align='center'>
-                       <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
-                       <input type='submit' name='SUBMIT' value='$buttonText' />
-               </td>
-       </tr>
-</table>
-END
-;
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
-       print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
-} else {
-       print "<input type='hidden' name='EDITING' value='no' />\n";
-}
-&Header::closebox();
-print "</form>\n";
-
-&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
-print <<END
-<table width='100%'>
-<tr>
-<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
-<td width='2%' class='boldbase' align='center'>&nbsp;</td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
-<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-<td width='1%' class='boldbase' align='center'>&nbsp;</td>
-<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
-
-# Achim Weber: if i add a new rule, this rule is not displayed?!?
-#                                                      we re-read always config.
-# If something has happeened re-read config
-#if($cgiparams{'ACTION'} ne '')
-#{
-       open(FILE, $filename) or die 'Unable to open config file.';
-       @current = <FILE>;
-       close(FILE);
-#}
-my $id = 0;
-foreach my $line (@current)
-{
-       my $protocol='';
-       my $gif='';
-       my $toggle='';
-       my $gdesc='';
-       $id++;
-       chomp($line);
-       my @temp = split(/\,/,$line);
-       if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }
-
-       my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};
-       my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};
-
-       if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
-               print "<tr bgcolor='${Header::colouryellow}'>\n"; }
-       elsif ($id % 2) {
-               print "<tr bgcolor='${Header::table1colour}'>\n"; }
-       else {
-               print "<tr bgcolor='${Header::table2colour}'>\n"; }
-       if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
-       else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
-
-       # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
-       my $dstprt =$temp[3];
-       $_=$temp[3];
-       if (/^\d+$/) {
-               my $servi = uc(getservbyport($temp[3], lc($temp[0])));
-               if ($servi ne '' && $temp[3] < 1024) {
-                       $dstprt = "$dstprt($servi)"; }
-       }
-       # Darren Critchley - If the line is too long, wrap the port numbers
-       my $dstaddr = "$temp[2] : $dstprt";
-       if (length($dstaddr) > 26) {
-               $dstaddr = "$temp[2] :<br /> $dstprt";
-       }
-print <<END
-<td align='center'>$protocol</td>
-<td bgcolor='$srcnetcolor'></td>
-<td align='center'>$temp[1]</td>
-<td align='center'><img src='/images/forward.gif' /></td>
-<td bgcolor='$destnetcolor'></td>
-<td align='center'>$dstaddr</td>
-<td align='center'>$temp[7]</td>
-
-<td align='center'>
-<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ENABLE' value='$toggle' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
-</form>
-</td>
-
-</tr>
-END
-       ;
-}
-print "</table>\n";
-
-# If the fixed lease file contains entries, print Key to action icons
-if ( ! -z "$filename") {
-print <<END
-<table>
-<tr>
-       <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
-       <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
-       <td class='base'>$Lang::tr{'click to disable'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
-       <td class='base'>$Lang::tr{'click to enable'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
-       <td class='base'>$Lang::tr{'edit'}</td>
-       <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
-       <td class='base'>$Lang::tr{'remove'}</td>
-</tr>
-</table>
-END
-;
-}
-
-&Header::closebox();
-
-&Header::closebigbox();
-
-&Header::closepage();
-
-sub validNet
-{
-       my $srcNet      = $_[0];
-       my $destNet     = $_[1];
-
-       if ($srcNet eq $destNet) {
-               return $Lang::tr{'dmzpinholes for same net not necessary'}; }
-       unless ($srcNet =~ /^(blue|orange)$/) {
-               return $Lang::tr{'select source net'}; }
-       unless ($destNet =~ /^(blue|green)$/) {
-               return $Lang::tr{'select dest net'}; }
-               
-       return '';
-}
-
-sub haveOrangeNet
-{
-       if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
-       if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
-       return 0;
-}
-
-sub haveBlueNet
-{
-       if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
-       if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
-       return 0;
-}
index caaba21687f45a046f76a3e6d0cb48e0d4327851..6aadb996b428ed02767d02ee16104063600f336a 100755 (executable)
@@ -112,54 +112,50 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
        $errormessage=&checksource;
        if(!$errormessage){&checktarget;}
        if(!$errormessage){&checkrule;}
-               
+
        #check if we change an forward rule to an external access
-       if(     $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
+       if(     $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
                $fwdfwsettings{'updatefwrule'}='';
                $fwdfwsettings{'config'}=$configfwdfw;
                $fwdfwsettings{'nobase'}='on';
                &deleterule;
+               &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
        }
-               
+
        #check if we change an external access rule to an forward
-       if(     $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
+       if(     $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
                $fwdfwsettings{'updatefwrule'}='';
                $fwdfwsettings{'config'}=$configinput;
                $fwdfwsettings{'nobase'}='on';
                &deleterule;
+               &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
        }       
-               
        #INPUT part
        if($fwdfwsettings{'grp2'} eq 'ipfire'){
                $fwdfwsettings{'chain'} = 'INPUTFW';
                #check if we have an identical rule already
                foreach my $key (sort keys %configinputfw){
                        if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" 
-                               eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
-                                $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
-                       }               
+                               eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[16],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
+                                       $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+                       }       
                }       
-               
-                       &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-                       if ($fwdfwsettings{'nobase'} ne 'on'){
-                               &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-                       }
-                       
-                       if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
-                               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-                       }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
-                               &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
-                       }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
-                               &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-                       }
-                       
-                       if ($fwdfwsettings{'nobase'} eq 'on'){
-                               &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-                       }
-                       
-               
+
+               &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+               if ($fwdfwsettings{'nobase'} ne 'on'){
+                       &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+               }
+               if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
+                       &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+               }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+               }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+               }
+
                &saverule(\%configinputfw,$configinput);
-               
                #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
                #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
                #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
@@ -181,9 +177,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'}       NEU:    $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
                #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'}       NEU:    $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
                #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'}  DIENSTE Checkneu:$fwdfwsettings{'USESRV'}    DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'}   DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-       
-               
-               
        }else{
                $fwdfwsettings{'chain'} = 'FORWARDFW';
                #check if we have an identical rule already
@@ -196,9 +189,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                }       
                #increase counters
                &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-               
+
                &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-               
+
                if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
                        &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
                }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
@@ -206,14 +199,11 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
                        &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
                }
-               
                if ($fwdfwsettings{'nobase'} eq 'on'){
                        &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
                }
-               
-               
                &saverule(\%configfwdfw,$configfwdfw);
-                               
+
                #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
                #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
                #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
@@ -235,9 +225,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'}       NEU:    $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
                #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'}       NEU:    $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
                #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'}  DIENSTE Checkneu:$fwdfwsettings{'USESRV'}    DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'}   DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-       
-               
-               
        }
        if ($errormessage){
                &newrule;
@@ -245,7 +232,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                &rules;
                &base;
        }
-       
 }
 if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
 {
@@ -264,12 +250,10 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
        $fwdfwsettings{'POLICY'}='MODE0';
        system("rm ${General::swroot}/forward/config");
        system("rm ${General::swroot}/forward/input");
-       %fwdfwsettings = ();
-       
        &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
        unless (-e "${General::swroot}/forward/config")         { system("touch ${General::swroot}/forward/config"); }
        unless (-e "${General::swroot}/forward/input")          { system("touch ${General::swroot}/forward/input"); }
-       
+       %fwdfwsettings = ();
        &reread_rules;
 
 }
@@ -407,7 +391,7 @@ sub checkcounter
        }elsif($base1 eq 'cust_srvgrp'){
                &dec_counter($configsrvgrp,\%customservicegrp,$val1);   
        }
-       
+
        if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
                &inc_counter($confignet,\%customnetwork,$val2);
        }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
@@ -426,13 +410,12 @@ sub inc_counter
        my %hash=%{(shift)};
        my $val=shift;
        my $pos;
-       
+
        &General::readhasharray($config, \%hash);
        foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash){
                if($hash{$key}[0] eq $val){
                        $pos=$#{$hash{$key}};
                        $hash{$key}[$pos] = $hash{$key}[$pos]+1;
-                       
                }
        }
        &General::writehasharray($config, \%hash);
@@ -449,23 +432,21 @@ sub dec_counter
                if($hash{$key}[0] eq $val){
                        $pos=$#{$hash{$key}};
                        $hash{$key}[$pos] = $hash{$key}[$pos]-1;
-                       
                }
        }
        &General::writehasharray($config, \%hash);
 }
 sub base
 {
-       
        if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
        if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
        if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-       
+
        &hint;
        if ($fwdfwsettings{'POLICY'} ne 'MODE0'  && $fwdfwsettings{'POLICY'} ne '') {
                &addrule;
        }
-       
+
        #print"<table width='100' border='1'><tr>";
        #foreach (0 .. 40){
                #my $i="color".$_;
@@ -494,7 +475,7 @@ sub addrule
 {
        &error;
        &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-       
+
        print "<form method='post'>";
        print "<table border='0'>";
        print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
@@ -505,7 +486,6 @@ sub addrule
 
        &Header::closebox();
        &viewtablerule;
-       
 }
 sub deleterule
 {
@@ -537,7 +517,7 @@ sub deleterule
 
        &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
        &rules;
-       
+
        if($fwdfwsettings{'nobase'} ne 'on'){
                &base;
        }
@@ -553,7 +533,6 @@ sub disable_rule
        }
        &General::writehasharray("$configfwdfw", \%configfwdfw);
        &rules;
-       
 }
 sub checksource
 {
@@ -589,7 +568,7 @@ sub checksource
                $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
                return $errormessage;
        }
-               
+
        #check empty fields
        if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
        #check icmp source
@@ -601,6 +580,12 @@ sub checksource
                                        $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
                                }
                        }
+               }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
+                       $fwdfwsettings{'SRC_PORT'}='';
+                       $fwdfwsettings{'ICMP_TYPES'}='';
+               }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
+                       $fwdfwsettings{'SRC_PORT'}='';
+                       $fwdfwsettings{'ICMP_TYPES'}='';
                }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
                        $fwdfwsettings{'ICMP_TYPES'}='';
                }else{
@@ -608,7 +593,7 @@ sub checksource
                        $fwdfwsettings{'SRC_PORT'}='';
                        $fwdfwsettings{'PROT'}='';
                }
-               
+
        if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
                #change dashes with :
                $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
@@ -622,7 +607,7 @@ sub checksource
                if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
                        $fwdfwsettings{'SRC_PORT'} = "$1:65535";
                }
-               
+
                $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
        }
        return $errormessage;
@@ -630,8 +615,7 @@ sub checksource
 sub checktarget
 {
        my ($ip,$subnet);
-       
-               
+
        if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
                #check if ip with subnet
                if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
@@ -658,15 +642,15 @@ sub checktarget
                if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
                        $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
                }
-               
+
        }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
                $errormessage.=$Lang::tr{'fwdfw err notgtip'};
                return $errormessage;
        }
-               
+
        #check empty fields
        if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
-       
+
        #check tgt services
        if ($fwdfwsettings{'USESRV'} eq 'ON'){
                if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
@@ -682,7 +666,7 @@ sub checktarget
                        }
                }
                if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
-                       if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+                       if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP' && $fwdfwsettings{'TGT_PROT'} ne 'GRE'){
                                if ($fwdfwsettings{'TGT_PORT'} ne ''){
                                        #change dashes with :
                                        $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
@@ -697,19 +681,25 @@ sub checktarget
                                        }
                                        $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
                                }
+                       }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+                                       $fwdfwsettings{'TGT_PORT'} = '';
+                                       $fwdfwsettings{'ICMP_TGT'} = '';
+                       }elsif($fwdfwsettings{'TGT_PORT'} eq 'ESP'){
+                                       $fwdfwsettings{'TGT_PORT'}='';
+                                       $fwdfwsettings{'ICMP_TGT'}='';
                        }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+                               $fwdfwsettings{'TGT_PORT'} = '';
                                &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
                                foreach my $key (keys %icmptypes){
                                        
                                        if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
-                                               
                                                $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
                                        }
                                }
                        }
                }
        }
-       
+
        #check targetport
        if ($fwdfwsettings{'USESRV'} ne 'ON'){
                $fwdfwsettings{'grp3'}='';
@@ -717,17 +707,12 @@ sub checktarget
                $fwdfwsettings{'TGT_PROT'}='';
                $fwdfwsettings{'ICMP_TGT'}='';
        }
-               
-               
        #check timeframe
        if($fwdfwsettings{'TIME'} eq 'ON'){
                if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
                        $errormessage=$Lang::tr{'fwdfw err time'};
                }
        }
-       
-       
-       
        return $errormessage;
 }
 sub checkrule
@@ -741,17 +726,14 @@ sub checkrule
                $errormessage.=$Lang::tr{'fwdfw err same'};
                return $errormessage;
        }
-               
+
        #get source and targetip address if possible
        my ($sip,$scidr,$tip,$tcidr);
        ($sip,$scidr)=&get_ip("src","grp1");
        ($tip,$tcidr)=&get_ip("tgt","grp2");
-       
-       
-       
+
        #check same iprange in source and target
        if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
-               
                my $networkip1=&General::getnetworkip($sip,$scidr);
                my $networkip2=&General::getnetworkip($tip,$tcidr);
                if ($scidr gt $tcidr){
@@ -759,20 +741,19 @@ sub checkrule
                                $errormessage.=$Lang::tr{'fwdfw err samesub'};
                        }
                }elsif($scidr eq $tcidr && $scidr eq '32'){
-                       my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
-                       my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+                       my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+                       my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
                                if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
                                        $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
                                        $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
                                }
-               
                }else{
                        if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
                        $errormessage.=$Lang::tr{'fwdfw err samesub'};
                        }
                }
        }
-               
+
        #check source and destination protocol if manual
        if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
                if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
@@ -791,7 +772,6 @@ sub checkrule
                        }
                }
        }
-       
 }
 sub get_ip
 {
@@ -842,7 +822,6 @@ sub get_ip
                        }
                }
        }
-       
        return $a,$b;
 }
 sub newrule
@@ -858,14 +837,11 @@ sub newrule
        &General::readhasharray("$configgrp", \%customgrp);
        &General::readhasharray("$configipsec", \%ipsecconf);
        &General::get_aliases(\%aliases);
-       
-               
        my %checked=();
        my $helper;
        if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
        my $config=$fwdfwsettings{'config'};
        my %hash=();
-               
        $checked{'grp1'}{$fwdfwsettings{'grp1'}}                                = 'CHECKED';
        $checked{'grp2'}{$fwdfwsettings{'grp2'}}                                = 'CHECKED';
        $checked{'grp3'}{$fwdfwsettings{'grp3'}}                                = 'CHECKED';
@@ -884,7 +860,6 @@ sub newrule
        $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}             = 'selected';
        $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}                 = 'selected';
        $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
-       
        #check if update and get values
        if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
                &General::readhasharray("$config", \%hash);
@@ -917,7 +892,6 @@ sub newrule
                                $fwdfwsettings{'TIME_SUN'}                              = $hash{$key}[25];
                                $fwdfwsettings{'TIME_FROM'}                             = $hash{$key}[26];
                                $fwdfwsettings{'TIME_TO'}                               = $hash{$key}[27];
-                                
                                $checked{'grp1'}{$fwdfwsettings{'grp1'}}                                = 'CHECKED';
                                $checked{'grp2'}{$fwdfwsettings{'grp2'}}                                = 'CHECKED';
                                $checked{'grp3'}{$fwdfwsettings{'grp3'}}                                = 'CHECKED';
@@ -949,9 +923,9 @@ sub newrule
                $fwdfwsettings{'ACTIVE'}='ON';
                $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
        }
-       
+
        &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-       
+
 print <<END;
        <form method="post">
        <table border='0'>
@@ -962,7 +936,7 @@ END
                if($fwdfwsettings{'POLICY'} eq 'MODE2'){
                        $fwdfwsettings{'RULE_ACTION'} = 'DROP';
                }
-                       
+
                if ($_ eq $fwdfwsettings{'RULE_ACTION'})
                {
                        print"<option selected>$_</option>";
@@ -975,19 +949,19 @@ END
 
        &Header::closebox();
        &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
-       
-       
+
+
        #------SOURCE-------------------------------------------------------
        print<<END;
                <table width='100%' border='0'>
                <tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
                <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
                <tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
-               
 END
                foreach my $network (sort keys %defaultNetworks)
                {
                        next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+                       next if($defaultNetworks{$network}{'NAME'} eq "RED");
                        print "<option value='$defaultNetworks{$network}{'NAME'}'";
                        print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
                        print ">$network</option>";
@@ -1030,7 +1004,7 @@ END
                }
                print<<END;
                </select></td></tr>
-               
+
                <tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
 END
                foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
@@ -1038,8 +1012,6 @@ END
                                print"<option ";
                                print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
                                print ">$customgrp{$key}[0]</option>";
-                               
-                       
                        }
                        $helper=$customgrp{$key}[0];
                }
@@ -1058,7 +1030,7 @@ END
                print<<END;
                </select></td></tr>
 END
-               
+
 #              <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
 #END
 #              foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1069,15 +1041,12 @@ END
 #                      }
 #              }
                print<<END;
-       
                <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
-               
-               
                <table width='100%' border='0'>
                <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
                <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
 END
-               foreach ("TCP","UDP","GRE","ICMP")
+               foreach ("TCP","UDP","GRE","ESP","ICMP")
                {
                        if ($_ eq $fwdfwsettings{'PROT'})
                        {
@@ -1111,19 +1080,17 @@ END
                <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
 END
                print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
-               
+
                foreach my $alias (sort keys %aliases)
                {
                        print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
                }
-                               
+
                print<<END;
                </td></tr>
                <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
                <tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
-               
 END
-               
                foreach my $network (sort keys %defaultNetworks)
                {
                        print "<option value='$defaultNetworks{$network}{'NAME'}'";
@@ -1134,7 +1101,6 @@ END
                </select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt'  $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
 END
                &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
-               
                print<<END;
                </select></td></tr>
                <tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
@@ -1168,7 +1134,6 @@ END
                }
                print<<END;
                </select></td></tr>
-               
                <tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
 END
                $helper='';
@@ -1194,7 +1159,6 @@ END
                print<<END;
                </select></td></tr>
 END
-               
 #              <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
 #END
 #              foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1208,12 +1172,12 @@ END
                </table>
                <b>$Lang::tr{'fwhost attention'}:</b><br>
                $Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
-               
+
                <table width='100%' border='0'>
                <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
 END
                &General::readhasharray("$configsrv", \%customservice);
-               foreach my $key (sort keys %customservice){
+               foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
                        print"<option ";
                        print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
                        print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
@@ -1224,7 +1188,7 @@ END
 END
                &General::readhasharray("$configsrvgrp", \%customservicegrp);
                my $helper;
-               foreach my $key (sort keys %customservicegrp){
+               foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
                        if ($helper ne $customservicegrp{$key}[0]){
                                print"<option ";
                                print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
@@ -1236,7 +1200,7 @@ END
                </select></td></tr>
                <tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
 END
-               foreach ("TCP","UDP","GRE","ICMP")
+               foreach ("TCP","UDP","GRE","ESP","ICMP")
                {
                        if ($_ eq $fwdfwsettings{'TGT_PROT'})
                        {
@@ -1261,7 +1225,7 @@ END
                print<<END;
                </select></td></tr>
                </table><hr><br><br>
-               
+
 END
                #---Activate/logging/remark-------------------------------------
                &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
@@ -1282,7 +1246,6 @@ END
                <tr>
                        <td  align='left'>$Lang::tr{'time'}:</td>
                        <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
-                       
                        <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
                        <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
                </tr>
@@ -1297,7 +1260,6 @@ END
                                <input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
                                <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
                        </td>
-                       
                        <td><select name='TIME_FROM'>
 END
                for (my $i=0;$i<=23;$i++) {
@@ -1320,7 +1282,7 @@ END
                                print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
                        }
                }
-               print<<END;     
+               print<<END;
                </select></td></tr>
                </table><hr>
 END
@@ -1345,9 +1307,7 @@ END
                        <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
                        <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
                        <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
-                       
                        <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
-                       
                        </table></form>
 END
                }
@@ -1355,7 +1315,6 @@ END
 }
 sub saverule
 {
-       
        my $hash=shift;
        my $config=shift;
        &General::readhasharray("$config", $hash);
@@ -1456,7 +1415,7 @@ sub get_name
        foreach my $network (sort keys %defaultNetworks)
        {
                return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
-       }       
+       }
 }
 sub validremark
 {
@@ -1468,13 +1427,13 @@ sub validremark
        if (length ($remark) < 1 || length ($remark) > 255) {
                return 0;}
        # Only valid characters are a-z, A-Z, 0-9 and -
-       if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
+       if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:\/\s]*$/) {
                return 0;}
        # First character can only be a letter or a digit
        if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
                return 0;}
        # Last character can only be a letter or a digit
-       if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
+       if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) {
                return 0;}
        return 1;
 }
@@ -1494,7 +1453,7 @@ sub gettgtport
        my $key=shift;
        my $service;
        my $prot;
-       
+
        if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
                if($hash{$key}[14] eq 'cust_srv'){
                        &General::readhasharray("$configsrv", \%customservice);
@@ -1506,7 +1465,7 @@ sub gettgtport
                                }
                        }
                }elsif($hash{$key}[14] eq 'cust_srvgrp'){
-                       
+
                        $service=$hash{$key}[15];
                }elsif($hash{$key}[14] eq 'TGT_PORT'){
                        $service=$hash{$key}[15];
@@ -1515,7 +1474,7 @@ sub gettgtport
        }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
                print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
        }
-       
+
        if ($prot ne '' || $service ne ''){
                print" :";
                if ($prot ne ''){
@@ -1535,7 +1494,7 @@ sub viewtablenew
        my $config=shift;
        my $title=shift;
        my $title1=shift;
-       
+
        if ( ! -z "$config"){
                &Header::openbox('100%', 'left',$title);
                my $count=0;
@@ -1549,7 +1508,7 @@ sub viewtablenew
                print"<b>$title1</b><br>";
                print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
                print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' width='20%'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
-               foreach my $key (sort keys %$hash){
+               foreach my $key (sort  {$a <=> $b} keys %$hash){
                        @tmpsrc=();
                        #check if vpn hosts/nets have been deleted
                        if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
@@ -1558,14 +1517,12 @@ sub viewtablenew
                        if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
                                push (@tmpsrc,$$hash{$key}[6]);
                        }
-               
                        foreach my $host (@tmpsrc){
                                if($$hash{$key}[3] eq  'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
-                                               if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+                                       if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
                                                $coloryellow='on';
                                                &disable_rule($key);
                                                $$hash{$key}[2]='';
-                                               
                                        }
                                }elsif($$hash{$key}[3] eq  'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
                                        if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
@@ -1589,10 +1546,8 @@ sub viewtablenew
                                $$hash{$key}[3]='';
                                $$hash{$key}[5]='';
                        }
-                       
                        $$hash{'ACTIVE'}=$$hash{$key}[2];
                        $count++;
-                       
                        if($coloryellow eq 'on'){
                                print"<tr bgcolor='$color{'color14'}' >";
                                $coloryellow='';
@@ -1604,7 +1559,6 @@ sub viewtablenew
                                        print"<tr bgcolor='$color{'color20'}' >";
                                }
                        }
-                       
                        print<<END;
                        <td align='right'>$key</td>
 END
@@ -1636,7 +1590,6 @@ END
                        }
                        print<<END;
                        </td>
-                       
                        <form method='post'>
                        <td width='1%' align='left'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
                        <input type='hidden' name='key' value='$key' />
@@ -1662,7 +1615,6 @@ END
                                
                        }else{
                                $gif="/images/off.gif"
-                               
                        }
                        print<<END;
                        <form method='post'>
@@ -1671,22 +1623,18 @@ END
                        <input type='hidden' name='config' value='$config' />
                        <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
                        </td></form>
-                       
                        <form method='post'>
                        <td  width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'  />
                        <input type='hidden' name='key' value='$key' />
                        <input type='hidden' name='config' value='$config' />
                        <input type='hidden' name='ACTION' value='editrule' />
                        </td></form></td>
-                       
                        <form method='post'>
                        <td  width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
                        <input type='hidden' name='key' value='$key' />
                        <input type='hidden' name='config' value='$config' />
                        <input type='hidden' name='ACTION' value='copyrule' />
                        </td></form></td>
-                       
-                       
                        <form method='post'>
                        <td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'   />
                        <input type='hidden' name='key' value='$key' />
@@ -1706,7 +1654,6 @@ END
                        }else{
                                print"<td></td>";
                        }
-               
                        if (exists $$hash{$key+1}){
                                print<<END;
                                <form method='post'>
@@ -1729,9 +1676,7 @@ END
                                if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
                                if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
                                if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
-                       
                                my $weekdays=join(",",@days);
-                                                       
                                if (@days){
                                        print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
                                        print"$weekdays";
@@ -1742,21 +1687,19 @@ END
                print"</table>";
                &Header::closebox();
        }
-       
 }
 sub fillselect
 {
        my %hash=%{(shift)};
        my $val=shift;
        my $key;
-       foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash)
-               {
-                       if($hash{$key}[0] eq $val){
-                               print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
-                       }else{
-                               print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
-                       }
+       foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash){
+               if($hash{$key}[0] eq $val){
+                       print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+               }else{
+                       print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
                }
+       }
 }
 sub rules
 {
index 236e0b47c2992d8d8786dd8e1218dd49e691fe29..5a838369268502e93f5ad799a51b888af738c506 100755 (executable)
@@ -47,6 +47,8 @@ my %defaultNetworks=();
 my %mainsettings=();
 my %ownnet=();
 my %ipsecsettings=();
+my %fwfwd=();
+my %fwinp=();
 
 my $errormessage;
 my $hint;
@@ -59,6 +61,8 @@ my $configccdhost     = "${General::swroot}/ovpn/ovpnconfig";
 my $configipsec                = "${General::swroot}/vpn/config";
 my $configsrv          = "${General::swroot}/fwhosts/customservices";
 my $configsrvgrp       = "${General::swroot}/fwhosts/customservicegrp";
+my $fwconfigfwd                = "${General::swroot}/forward/config";
+my $fwconfiginp                = "${General::swroot}/forward/input";
 
 unless (-e $confignet)    { system("touch $confignet"); }
 unless (-e $confighost)   { system("touch $confighost"); }
@@ -116,6 +120,9 @@ if ($fwhostsettings{'ACTION'} eq 'updatehost')
                }
        }
        &General::writehasharray("$confighost", \%customhost);
+       
+       
+       
        $fwhostsettings{'actualize'} = 'on';
        $fwhostsettings{'ACTION'} = 'savehost';
 }
@@ -285,6 +292,28 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
                                                }
                                        }
                                        &General::writehasharray("$configgrp", \%customgrp);
+                                       #check if we need to update firewallrules
+                                       if ( ! -z $fwconfigfwd ){
+                                               &General::readhasharray("$fwconfigfwd", \%fwfwd);
+                                               foreach my $line (sort keys %fwfwd){
+                                                       if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                                       if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                               }
+                                               &General::writehasharray("$fwconfigfwd", \%fwfwd);
+                                       }
+                                       if ( ! -z $fwconfiginp ){
+                                               &General::readhasharray("$fwconfiginp", \%fwinp);
+                                               foreach my $line (sort keys %fwinp){
+                                                       if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                               }
+                                               &General::writehasharray("$fwconfiginp", \%fwinp);
+                                       }
                                }
                        }                                       
                        my $key = &General::findhasharraykey (\%customnetwork);
@@ -416,9 +445,29 @@ if ($fwhostsettings{'ACTION'} eq 'savehost')
                                                }
                                        }
                                        &General::writehasharray("$configgrp", \%customgrp);
+                                       #check if we need to update firewallrules
+                                       if ( ! -z $fwconfigfwd ){
+                                               &General::readhasharray("$fwconfigfwd", \%fwfwd);
+                                               foreach my $line (sort keys %fwfwd){
+                                                       if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                                       if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                               }
+                                               &General::writehasharray("$fwconfigfwd", \%fwfwd);
+                                       }
+                                       if ( ! -z $fwconfiginp ){
+                                               &General::readhasharray("$fwconfiginp", \%fwinp);
+                                               foreach my $line (sort keys %fwinp){
+                                                       if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+                                                               $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+                                                       }
+                                               }
+                                               &General::writehasharray("$fwconfiginp", \%fwinp);
+                                       }
                                }
-                               
-                               
                        }
                        my $key = &General::findhasharraykey (\%customhost);
                        foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
@@ -1084,6 +1133,7 @@ END
                        foreach my $network (sort keys %defaultNetworks)
                        {
                                next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+                               next if($defaultNetworks{$network}{'NAME'} eq "RED");
                                print "<option value='$defaultNetworks{$network}{'NAME'}'";
                                print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
                                print ">$network</option>";
@@ -1186,7 +1236,7 @@ sub addservice
        }
        print<<END;
        <table width='100%' border='0'><form method='post'>
-       <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' value='$fwhostsettings{'SRV_NAME'}'></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+       <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}'><script>document.getElementById('textbox1').focus()</script></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
 END
        foreach ("TCP","UDP","ICMP")
        {
index 66ebb1caa7013ee7711a6aef4607e2c74c3c8d88..db4794c0c7ef7e093b4762f1c7228e1b5305fcb8 100644 (file)
@@ -44,13 +44,16 @@ my $warnmessage = '';
 &Header::getcgihash(\%settings);
 
 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+       
         $errormessage = $Lang::tr{'new optionsfw later'};
-        delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
+        delete $settings{'__CGI__'};
+        delete $settings{'x'};
+        delete $settings{'y'};
         &General::writehash($filename, \%settings);             # Save good settings
-   } else {
-        &General::readhash($filename, \%settings);                      # Get saved settings and reset to good if needed
-        }
-
+   }else {
+               &General::readhash($filename, \%settings);                      # Get saved settings and reset to good if needed
+       }
+       system("/usr/local/bin/forwardfwctrl");
 &Header::openpage($Lang::tr{'options fw'}, 1, '');
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
@@ -84,6 +87,7 @@ $checked{'DROPPROXY'}{$settings{'DROPPROXY'}} = "checked='checked'";
 $checked{'DROPSAMBA'}{'off'} = '';
 $checked{'DROPSAMBA'}{'on'} = '';
 $checked{'DROPSAMBA'}{$settings{'DROPSAMBA'}} = "checked='checked'";
+$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
 
 &Header::openbox('100%', 'center', $Lang::tr{'options fw'});
 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
@@ -113,11 +117,20 @@ print <<END
 <tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>on <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/
                                                                                                                                                                                <input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> off</td></tr>
 </table>
+<br />
+<table width='95%' cellspacing='0'>
+<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action'}</td><td><select name='FWPOLICY'>
+<option value='DROP' $selected{'FWPOLICY'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY'}{'REJECT'}>REJECT</option></select>
+</td></tr>
+</table>
+
 <br />
 <table width='10%' cellspacing='0'>
 <tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                                                                               <input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
-                                                                                               <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
+<input type='submit' name='ACTION' value=$Lang::tr{'save'} />
+</form></td></tr>
 </table>
 </form>
 END
diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi
deleted file mode 100644 (file)
index b417817..0000000
+++ /dev/null
@@ -1,849 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-use strict;
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-my %outfwsettings = ();
-my %checked = ();
-my %selected= () ;
-my %netsettings = ();
-my $errormessage = "";
-my $configentry = "";
-my @configs = ();
-my @configline = ();
-my $p2pentry = "";
-my @p2ps = ();
-my @p2pline = ();
-
-my $configfile = "/var/ipfire/outgoing/rules";
-my $configpath = "/var/ipfire/outgoing/groups/";
-my $p2pfile = "/var/ipfire/outgoing/p2protocols";
-my $servicefile = "/var/ipfire/outgoing/defaultservices";
-
-my %color = ();
-my %mainsettings = ();
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-### Values that have to be initialized
-$outfwsettings{'ACTION'} = '';
-$outfwsettings{'VALID'} = 'yes';
-$outfwsettings{'EDIT'} = 'no';
-$outfwsettings{'NAME'} = '';
-$outfwsettings{'SNET'} = '';
-$outfwsettings{'SIP'} = '';
-$outfwsettings{'SPORT'} = '';
-$outfwsettings{'SMAC'} = '';
-$outfwsettings{'DIP'} = '';
-$outfwsettings{'DPORT'} = '';
-$outfwsettings{'PROT'} = '';
-$outfwsettings{'STATE'} = '';
-$outfwsettings{'DISPLAY_DIP'} = '';
-$outfwsettings{'DISPLAY_DPORT'} = '';
-$outfwsettings{'DISPLAY_SMAC'} = '';
-$outfwsettings{'DISPLAY_SIP'} = '';
-$outfwsettings{'POLICY'} = 'MODE0';
-$outfwsettings{'MODE1LOG'} = 'off';
-
-$outfwsettings{'TIME_FROM'} = '00:00';
-$outfwsettings{'TIME_TO'} = '00:00';
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-&Header::getcgihash(\%outfwsettings);
-
-###############
-# DEBUG DEBUG
-#&Header::openbox('100%', 'left', 'DEBUG');
-#my $debugCount = 0;
-#foreach my $line (sort keys %outfwsettings) {
-#print "$line = $outfwsettings{$line}<br />\n";
-# $debugCount++;
-#}
-#print "&nbsp;Count: $debugCount\n";
-#&Header::closebox();
-# DEBUG DEBUG
-###############
-
-$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
-$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-
-$checked{'MODE1LOG'}{'off'} = '';
-$checked{'MODE1LOG'}{'on'} = '';
-$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
-$checked{'TIME_MON'}{'off'} = '';
-$checked{'TIME_MON'}{'on'} = '';
-$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'";
-$checked{'TIME_TUE'}{'off'} = '';
-$checked{'TIME_TUE'}{'on'} = '';
-$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'";
-$checked{'TIME_WED'}{'off'} = '';
-$checked{'TIME_WED'}{'on'} = '';
-$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'";
-$checked{'TIME_THU'}{'off'} = '';
-$checked{'TIME_THU'}{'on'} = '';
-$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'";
-$checked{'TIME_FRI'}{'off'} = '';
-$checked{'TIME_FRI'}{'on'} = '';
-$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'";
-$checked{'TIME_SAT'}{'off'} = '';
-$checked{'TIME_SAT'}{'on'} = '';
-$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'";
-$checked{'TIME_SUN'}{'off'} = '';
-$checked{'TIME_SUN'}{'on'} = '';
-$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'";
-
-if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
-# This is a little hack if poeple don´t mark any date then all will be selected, because they might have forgotten to select
-# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice
-# that they have to select a day for the rule.
-
-if ( $outfwsettings{'TIME_MON'} eq "" &&
-     $outfwsettings{'TIME_TUE'} eq "" &&
-        $outfwsettings{'TIME_WED'} eq "" &&
-        $outfwsettings{'TIME_THU'} eq "" &&
-        $outfwsettings{'TIME_FRI'} eq "" &&
-        $outfwsettings{'TIME_SAT'} eq "" &&
-        $outfwsettings{'TIME_SUN'} eq "" )
-        {
-               $outfwsettings{'TIME_MON'} = "on";
-               $outfwsettings{'TIME_TUE'} = "on";
-               $outfwsettings{'TIME_WED'} = "on";
-               $outfwsettings{'TIME_THU'} = "on";
-               $outfwsettings{'TIME_FRI'} = "on";
-               $outfwsettings{'TIME_SAT'} = "on";
-               $outfwsettings{'TIME_SUN'} = "on";
-        }
-
-&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
-{
-       $outfwsettings{'POLICY'}='MODE0';
-       unlink $configfile;
-       system("/usr/bin/touch $configfile");
-       my $MODE = $outfwsettings{'POLICY'};
-       %outfwsettings = ();
-       $outfwsettings{'POLICY'} = "$MODE";
-       &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
-{
-       my $MODE = $outfwsettings{'POLICY'};
-       my $MODE1LOG = $outfwsettings{'MODE1LOG'};
-       %outfwsettings = ();
-       $outfwsettings{'POLICY'} = "$MODE";
-       $outfwsettings{'MODE1LOG'} = "$MODE1LOG";
-       &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
-       system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'enable')
-{
-       open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-       @p2ps = <FILE>;
-       close FILE;
-       open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
-       foreach $p2pentry (sort @p2ps)
-       {
-               @p2pline = split( /\;/, $p2pentry );
-               if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
-                       print FILE "$p2pline[0];$p2pline[1];on;\n";
-               } else {
-                       print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
-               }
-       }
-       close FILE;
-       system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'disable')
-{
-       open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-       @p2ps = <FILE>;
-       close FILE;
-       open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
-       foreach $p2pentry (sort @p2ps)
-       {
-               @p2pline = split( /\;/, $p2pentry );
-               if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
-                       print FILE "$p2pline[0];$p2pline[1];off;\n";
-               } else {
-                       print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
-               }
-       }
-       close FILE;
-       system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
-{
-       open( FILE, "< $configfile" ) or die "Unable to read $configfile";
-       @configs = <FILE>;
-       close FILE;
-       open( FILE, "> $configfile" ) or die "Unable to write $configfile";
-       foreach $configentry (sort @configs)
-       {
-               @configline = split( /\;/, $configentry );
-               
-               $configline[10] =  "on" if not exists $configline[11];
-               $configline[11] =  "on" if not exists $configline[11];
-               $configline[12] =  "on" if not exists $configline[12];
-               $configline[13] =  "on" if not exists $configline[13];
-               $configline[14] =  "on" if not exists $configline[14];
-               $configline[15] =  "on" if not exists $configline[15];
-               $configline[16] =  "on" if not exists $configline[16];
-               $configline[17] =  "00:00" if not exists $configline[17];
-               $configline[18] =  "00:00" if not exists $configline[18];
-
-               unless  (($configline[0] eq $outfwsettings{'STATE'}) && 
-                       ($configline[1] eq $outfwsettings{'ENABLED'}) && 
-                       ($configline[2] eq $outfwsettings{'SNET'}) && 
-                       ($configline[3] eq $outfwsettings{'PROT'}) && 
-                       ($configline[4] eq $outfwsettings{'NAME'}) && 
-                       ($configline[5] eq $outfwsettings{'SIP'}) && 
-                       ($configline[6] eq $outfwsettings{'SMAC'}) && 
-                       ($configline[7] eq $outfwsettings{'DIP'}) &&
-                       ($configline[9] eq $outfwsettings{'LOG'}) &&       
-                       ($configline[8] eq $outfwsettings{'DPORT'}) &&
-                       ($configline[10] eq $outfwsettings{'TIME_MON'}) &&       
-                       ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&       
-                       ($configline[12] eq $outfwsettings{'TIME_WED'}) &&       
-                       ($configline[13] eq $outfwsettings{'TIME_THU'}) &&       
-                       ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&       
-                       ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&       
-                       ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&       
-                       ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&       
-                       ($configline[18] eq $outfwsettings{'TIME_TO'}))
-               {
-                       print FILE $configentry;
-               }
-       }
-       close FILE;
-       $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected';
-       $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected';
-       $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected';
-       &addrule();
-       &Header::closebigbox();
-       &Header::closepage();
-       exit
-  system("/usr/local/bin/outgoingfwctrl");     
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
-{
-       open( FILE, "< $configfile" ) or die "Unable to read $configfile";
-       @configs = <FILE>;
-       close FILE;
-       open( FILE, "> $configfile" ) or die "Unable to write $configfile";
-       foreach $configentry (sort @configs)
-       {
-               @configline = split( /\;/, $configentry );
-               
-               $configline[10] =  "on" if not exists $configline[11];
-               $configline[11] =  "on" if not exists $configline[11];
-               $configline[12] =  "on" if not exists $configline[12];
-               $configline[13] =  "on" if not exists $configline[13];
-               $configline[14] =  "on" if not exists $configline[14];
-               $configline[15] =  "on" if not exists $configline[15];
-               $configline[16] =  "on" if not exists $configline[16];
-               $configline[17] =  "00:00" if not exists $configline[17];
-               $configline[18] =  "00:00" if not exists $configline[18];
-                               
-               unless  (($configline[0] eq $outfwsettings{'STATE'}) && 
-                       ($configline[1] eq $outfwsettings{'ENABLED'}) && 
-                       ($configline[2] eq $outfwsettings{'SNET'}) && 
-                       ($configline[3] eq $outfwsettings{'PROT'}) && 
-                       ($configline[4] eq $outfwsettings{'NAME'}) && 
-                       ($configline[5] eq $outfwsettings{'SIP'}) && 
-                       ($configline[6] eq $outfwsettings{'SMAC'}) && 
-                       ($configline[7] eq $outfwsettings{'DIP'}) && 
-                       ($configline[9] eq $outfwsettings{'LOG'}) &&
-                       ($configline[8] eq $outfwsettings{'DPORT'}) &&
-                       ($configline[10] eq $outfwsettings{'TIME_MON'}) &&       
-                       ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&       
-                       ($configline[12] eq $outfwsettings{'TIME_WED'}) &&       
-                       ($configline[13] eq $outfwsettings{'TIME_THU'}) &&       
-                       ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&       
-                       ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&       
-                       ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&       
-                       ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&       
-                       ($configline[18] eq $outfwsettings{'TIME_TO'}))
-               {
-                       print FILE $configentry;
-               }
-       }
-       close FILE;
-       system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
-{
-       if ( $outfwsettings{'VALID'} eq 'yes' ) {
-
-               if ( $outfwsettings{'SNET'} eq "all" ) {
-                       $outfwsettings{'SIP'} ="";
-                       $outfwsettings{'SMAC'}="";
-               }
-               open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
-               print FILE <<END
-$outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};$outfwsettings{'LOG'};$outfwsettings{'TIME_MON'};$outfwsettings{'TIME_TUE'};$outfwsettings{'TIME_WED'};$outfwsettings{'TIME_THU'};$outfwsettings{'TIME_FRI'};$outfwsettings{'TIME_SAT'};$outfwsettings{'TIME_SUN'};$outfwsettings{'TIME_FROM'};$outfwsettings{'TIME_TO'};
-END
-;
-               close FILE;
-               system("/usr/local/bin/outgoingfwctrl");
-       } else {
-               $outfwsettings{'ACTION'} = 'Add rule';
-       }
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'})
-{
-       &addrule();
-       exit
-}
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-
-if ($errormessage) {
-       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
-       print "<class name='base'>$errormessage\n";
-       print "&nbsp;</class>\n";
-       &Header::closebox();
-}
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
-       &Header::openbox('100%', 'center', 'Rules');
-               print <<END
-       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-               <input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' />
-       </form>
-END
-;
-       open( FILE, "< $configfile" ) or die "Unable to read $configfile";
-       @configs = <FILE>;
-       close FILE;
-       if (@configs) {
-               print <<END
-               <hr />
-               <table border='0' width='100%' cellspacing='0'>
-               <tr bgcolor='$color{'color22'}'>
-                   <td width='14%' align='center'><b>$Lang::tr{'protocol'}</b></td>
-                   <td width='14%' align='center'><b>$Lang::tr{'network'}</b></td>
-                   <td width='14%' align='center'><b>$Lang::tr{'destination'}</b></td>
-                   <td width='14%' align='center'><b>$Lang::tr{'description'}</b></td>
-                   <td width='14%' align='center'><b>$Lang::tr{'policy'}</b></td>
-                   <td width='16%' align='center'><b>$Lang::tr{'logging'}</b></td>
-                   <td width='14%' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
-               foreach $configentry (sort @configs)
-                       {
-                               @configline = split( /\;/, $configentry );
-                               $outfwsettings{'STATE'} = $configline[0];
-                               $outfwsettings{'ENABLED'} = $configline[1];
-                               $outfwsettings{'SNET'} = $configline[2];
-                               $outfwsettings{'PROT'} = $configline[3];
-                               $outfwsettings{'NAME'} = $configline[4];
-                               $outfwsettings{'SIP'} = $configline[5];
-                               $outfwsettings{'SMAC'} = $configline[6];
-                               $outfwsettings{'DIP'} = $configline[7];
-                               $outfwsettings{'DPORT'} = $configline[8];
-                               $outfwsettings{'LOG'} = $configline[9];
-                               
-                               $configline[10] =  "on" if not exists $configline[11];
-                               $configline[11] =  "on" if not exists $configline[11];
-                               $configline[12] =  "on" if not exists $configline[12];
-                               $configline[13] =  "on" if not exists $configline[13];
-                               $configline[14] =  "on" if not exists $configline[14];
-                               $configline[15] =  "on" if not exists $configline[15];
-                               $configline[16] =  "on" if not exists $configline[16];
-                               $configline[17] =  "00:00" if not exists $configline[17];
-                               $configline[18] =  "00:00" if not exists $configline[18];
-                               
-                               $outfwsettings{'TIME_MON'} =  $configline[10];
-                               $outfwsettings{'TIME_TUE'} =  $configline[11];
-                               $outfwsettings{'TIME_WED'} =  $configline[12];
-                               $outfwsettings{'TIME_THU'} =  $configline[13];
-                               $outfwsettings{'TIME_FRI'} =  $configline[14];
-                               $outfwsettings{'TIME_SAT'} =  $configline[15];
-                               $outfwsettings{'TIME_SUN'} =  $configline[16];
-                               $outfwsettings{'TIME_FROM'} =  $configline[17];
-                               $outfwsettings{'TIME_TO'} =  $configline[18];
-
-                               if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
-                               if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
-                               if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY' />"; }
-                               if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW' />"; }
-                               if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
-                               if ( $outfwsettings{'ENABLED'} eq "on" ){
-                                       print "<tr bgcolor='$color{'color20'}'>";
-                               } else {
-                                       print "<tr bgcolor='$color{'color18'}'>";
-                               }
-                                       print <<END
-                                           <td align='center'>$outfwsettings{'PROT'}
-                                           <td align='center'>$outfwsettings{'SNET'}
-                                           <td align='center'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
-                                           <td align='center'>$outfwsettings{'NAME'}
-                                           <td align='center'>$outfwsettings{'DISPLAY_STATE'}
-                                           <td align='center'>$outfwsettings{'LOG'}
-                                           <td align='center'>
-                                            <table border='0' cellpadding='0' cellspacing='0'><tr>
-                                               <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                                       <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
-                                                       <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
-                                                       <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
-                                                       <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
-                                                       <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
-                                                       <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
-                                                       <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
-                                                       <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
-                                                       <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
-                                                       <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
-                                                       <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
-                                                       <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
-                                                       <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
-                                                       <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
-                                                       <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
-                                                       <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
-                                                       <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
-                                                       <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
-                                                       <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
-                                                       <input type='hidden' name='ACTION' value=$Lang::tr{'edit'} />
-                                                       <input type='image' src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'} />
-                                               </form>
-                                               <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                                       <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
-                                                       <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
-                                                       <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
-                                                       <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
-                                                       <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
-                                                       <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
-                                                       <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
-                                                       <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
-                                                       <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
-                                                       <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
-                                                       <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
-                                                       <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
-                                                       <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
-                                                       <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
-                                                       <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
-                                                       <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
-                                                       <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
-                                                       <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
-                                                       <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
-                                                       <input type='hidden' name='ACTION' value=$Lang::tr{'delete'} />
-                                                       <input type='image' src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'} />
-                                               </form></table>
-END
-;
-                                       if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
-
-                                               unless ($outfwsettings{'SIP'}) {
-                                                       $outfwsettings{'DISPLAY_SIP'} = 'ALL';
-                                               } else {
-                                                       $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'};
-                                               }
-
-                                               unless ($outfwsettings{'SMAC'}) {
-                                                       $outfwsettings{'DISPLAY_SMAC'} = 'ALL';
-                                                       print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>";
-                                                       print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>";
-                                               } else {
-                                                       $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'};
-                                                       print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>";
-                                                       print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>";
-                                               }
-                                       }
-                                               print <<END
-                                               <tr><td width='14%' align='right'>$Lang::tr{'time'} -  </td>
-                                                   <td width='14%' align='left'>
-END
-;
-                                                       if ($outfwsettings{'TIME_MON'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy monday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_TUE'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy tuesday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_WED'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy wednesday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_THU'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy thursday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_FRI'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy friday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_SAT'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy saturday'}</font>,"; 
-                                                       if ($outfwsettings{'TIME_SUN'} eq 'on') { print "<font color='$Header::colourgreen'>";}
-                                                       else { print "<font color='$Header::colourred'>";}
-                                                               print "$Lang::tr{'advproxy sunday'}</font>";            
-                                                       print <<END
-                                                       </td>
-                                                   <td width='22%' align='center'>$Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'}</td>
-                                                       <td width='22%' align='center'>$Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'}</td>
-                                       </form>
-END
-;
-                               }
-                       }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){
-print <<END
-                                       <tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                           <td align='center'>all
-                                           <td align='center'>all
-                                           <td align='center'>ALL
-                                           <td align='center'>drop
-                                           <td align='center'><img src='/images/stock_stop.png' alt='DENY' />
-                                           <td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
-                                           <td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
-                                            <table border='0' cellpadding='0' cellspacing='0'><tr>
-                                               <td>
-                                               <td></table>
-END
-;
-}
-               print <<END
-               </table>
-END
-;
-
-       }
-       &Header::closebox();
-}
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
-       open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-       @p2ps = <FILE>;
-       close FILE;
-       &Header::openbox('100%', 'center', 'P2P-Block');
-       print <<END
-       <table width='40%'>
-               <tr bgcolor='$color{'color22'}'><td width='66%' align=center><b>$Lang::tr{'protocol'}</b>
-                   <td width='33%' align=center><b>$Lang::tr{'status'}</b>
-END
-;
-       my $id = 1;
-       foreach $p2pentry (sort @p2ps)
-       {
-               @p2pline = split( /\;/, $p2pentry );
-               print <<END
-                       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-END
-;
-                       print "\t\t\t<tr bgcolor='$color{'color20'}'>\n"; 
-               print <<END
-                       <td width='66%' align='center'>$p2pline[0]:     
-                       <td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' />
-END
-;
-               if ($p2pline[2] eq 'on') {
-                       print <<END
-                               <input type='hidden' name='ACTION' value='disable' />
-                               <input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/>
-END
-;
-               } else {
-                       print <<END
-                               <input type='hidden' name='ACTION' value='enable' />
-                               <input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' />
-END
-;
-               }
-               print <<END
-                       </form>
-END
-;
-       }
-       print <<END
-       </table>
-  <br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'}
-END
-;
-       &Header::closebox();
-}
-
-&Header::openbox('100%', 'center', 'Policy');
-print <<END
-       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-       <table width='100%'>
-               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
-               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
-               <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
-               <tr><td colspan='3'><hr /></td></tr>
-               <tr><td width='10%' align='left'>       <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
-                   <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
-                   <td width='45%' align='left'>
-END
-;
-       if ($outfwsettings{'POLICY'} ne 'MODE0') {
-               print <<END
-                   $Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} />
-END
-;
-       }
-print <<END
-       </table>
-       </form>
-END
-;
-&Header::closebox();
-
-############################################################################################################################
-############################################################################################################################
-
-sub addrule
-{
-       &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
-       if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; }
-       $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
-       $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-print <<END
-       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-       <table width='80%'>
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
-                       <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
-                       <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
-                       <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
-               </tr>
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'protocol'}</td>
-                       <td width='30%' align='left'>
-                               <select name='PROT'>
-                                       <option value='all' $selected{'PROT'}{'all'}>All</option>
-                                       <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
-                                       <option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
-                                       <option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
-                                       <option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
-                               </select>
-                       </td>
-                       <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
-                       <td width='30%' align='left' colspan='2'>
-END
-;
-       if ($outfwsettings{'POLICY'} eq 'MODE1'){
-               print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
-       } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
-               print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
-       }
-       print <<END
-                       </td>
-               </tr>
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'source'}:</td>
-                       <td width='30%' align='left'>
-                               <select name='SNET'>
-                                       <optgroup label='---'>
-                                               <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
-                                       <optgroup label='$Lang::tr{'mac address'}'>
-                                               <option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option>
-                                       </optgroup>
-                                       <optgroup label='$Lang::tr{'ip address'}'>
-                                               <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option>
-                                               <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
-                                       </optgroup>
-                                       <optgroup label='$Lang::tr{'alt vpn'}'>
-                                               <option value='ovpn' $selected{'SNET'}{'ovpn'}>OpenVPN $Lang::tr{'interface'}</option>
-                                       </optgroup>
-                                       <optgroup label='$Lang::tr{'network'}'>
-                                               <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
-       if (&Header::blue_used()){
-               print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
-       }
-       if (&Header::orange_used()){
-               print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
-       }
-       print <<END
-                                       </optgroup>
-                                       <optgroup label='IP $Lang::tr{'advproxy NCSA group'}'>
-END
-;
-       my @ipgroups = qx(ls $configpath/ipgroups/);
-       foreach (sort @ipgroups){
-               chomp($_);
-               print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
-       }
-       print <<END
-                                       </optgroup>
-                                       <optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'>
-END
-;
-       my @macgroups = qx(ls $configpath/macgroups/);
-       foreach (sort @macgroups){
-               chomp($_);
-               print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
-       }
-       print <<END
-                                       </optgroup>
-                               </select>
-                       </td>
-                       <td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td>
-               </tr>
-               <tr>
-                       <td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td>
-                       <td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td>
-               </tr>
-               <tr>
-                       <td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' />
-                       <td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' />
-               </tr>
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'logging'}:</td>
-                       <td width='30%' align='left'>
-                               <select name='LOG'>
-                                       <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
-                                       <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
-                               </select>
-                       </td>
-                       <td width='20%' align='right' colspan='2' />
-                       <td width='30%' align='left' colspan='2' />
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'destination ip or net'}: <img src='/blob.gif' /></td>
-                       <td width='30%' align='left'><input type='text' name='DIP'  value='$outfwsettings{'DIP'}' /></td>
-                       <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}(s) <img src='/blob.gif' /></td>
-                       <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' value='$outfwsettings{'DPORT'}' /></td>
-               </tr>
-               <tr>
-                       <td width='20%' align='right'>$Lang::tr{'time'}:</td>
-                       <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
-                       <td width='20%' align='right' colspan='2' />
-                       <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
-                       <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
-               </tr>
-               <tr>
-                       <td width='20%' align='right'></td>
-                       <td width='30%' align='left'>
-                               <input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
-                               <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
-                               <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
-                               <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
-                               <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
-                               <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
-                               <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
-                       </td>
-                       <td width='20%' align='right' colspan='2' />
-                       <td width='15%' align='left'>
-                               <select name='TIME_FROM'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
-       $i = sprintf("%02s",$i);
-       for (my $j=0;$j<=45;$j+=15) {
-               $j = sprintf("%02s",$j);
-               my $time = $i.":".$j;
-               print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
-       }
-}
-print <<END    
-                               </select>
-                       </td>
-                       <td width='15%' align='left'><select name='TIME_TO'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
-       $i = sprintf("%02s",$i);
-       for (my $j=0;$j<=45;$j+=15) {
-               $j = sprintf("%02s",$j);
-               my $time = $i.":".$j;
-               print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
-       }
-}
-print <<END    
-                               </select>
-                       </td>
-               </tr>
-               <tr>
-                       <td colspan='6' />
-               <tr>
-               <tr>
-                       <td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
-                       <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
-       </table></form>
-END
-;
-       &Header::closebox();
-
-if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2')
-{
-&Header::openbox('100%', 'center', 'Quick Add');
-
-       open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services";
-       my @defservices = <FILE>;
-       close FILE;
-
-print "<table width='100%'><tr bgcolor='$color{'color20'}'><td><b>$Lang::tr{'service'}</b></td><td><b>$Lang::tr{'description'}</b></td><td><b>$Lang::tr{'port'}</b></td><td><b>$Lang::tr{'protocol'}</b></td><td><b>$Lang::tr{'source net'}</b></td><td><b>$Lang::tr{'logging'}</b></td><td><b>$Lang::tr{'action'}</b></td></tr>";
-foreach my $serviceline(@defservices)
-       {
-       my @service = split(/,/,$serviceline);
-       print <<END
-       <tr><form method='post' action='$ENV{'SCRIPT_NAME'}'>
-                                                                                               <td>$service[0]<input type='hidden' name='NAME' value='@service[0]' /></td>
-                                                                                               <td>$service[3]</td>
-                                                                                               <td><a href='http://isc.sans.org/port_details.php?port=$service[1]' target='top'>$service[1]</a><input type='hidden' name='DPORT' value='@service[1]' /></td>
-                                                                                               <td>$service[2]<input type='hidden' name='PROT' value='@service[2]' /></td>
-                                                                                               <td><select name='SNET'><option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
-       if (&Header::blue_used()){
-               print "<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>";
-       }
-       if (&Header::orange_used()){
-               print "<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>";
-       }
-       print <<END
-                                       </select></td>
-          <td><select name='LOG'><option value='$Lang::tr{'active'}'>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' 'selected'>$Lang::tr{'inactive'}</option></select></td><td>
-                                       <input type='hidden' name='ACTION' value=$Lang::tr{'add'} />
-                                       <input type='image' alt='$Lang::tr{'add'}' src='/images/add.gif' />
-                                       <input type='hidden' name='ENABLED' value='on' />
-END
-;
-       if ($outfwsettings{'POLICY'} eq 'MODE1'){       print "<input type='hidden' name='STATE' value='ALLOW' /></form></td></tr>";}
-       elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "<input type='hidden' name='STATE' value='DENY' /></form></td></tr>";}
-       }
-       print "</table>";
-       &Header::closebox();
-  }
-}
-
-&Header::closebigbox();
-&Header::closepage();
index 7fe166465239f14aab98b15b6213cf389d6ec456..11e418756f5a923db628e8a77f6dc77e45f3be61 100644 (file)
 'download root certificate' => 'Root-Zertifikat herunterladen',
 'dpd action' => 'Aktion für Dead Peer Detection',
 'driver' => 'Treiber',
-'drop input' => 'Verworfene Input-Pakete loggen',
+'drop action' => 'Standardverhalten der Firewall in Modus1',
+'drop input' => 'Verworfene Input Pakete loggen',
 'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
 'drop forward' => 'Verworfene Firewall-Pakete loggen',
 'drop portscan' => 'Verworfene Portscan Pakete loggen',
 'from email server' => 'Von Email Server',
 'from email user' => 'Von Email Benutzer',
 'from warn email bad' => 'Von Email Adresse ist nicht gültig',
-'fw blue' => 'Firewall-Optionen für das Blaue Interface',
-'fw logging' => 'Firewall-Logging',
+'fw blue' => 'Firewall Optionen für das Blaue Interface',
+'fw default drop' => 'Firewall Policy',
+'fw logging' => 'Firewall Logging',
 'gateway' => 'Gateway',
 'gateway ip' => 'Gateway-IP',
 'gen static key' => 'Statischen Schlüssel erzeugen',
index c33f97247758a85d49f5acb1e2c2cf7b204439f2..c4c882bf86d906d2ad6351ecb1377a222009945d 100644 (file)
 'download root certificate' => 'Download root certificate',
 'dpd action' => 'Dead Peer Detection action',
 'driver' => 'Driver',
+'drop action' => 'Default behaviour of firewall in mode 1',
 'drop input' => 'Log dropped input pakets',
 'drop newnotsyn' => 'Log dropped new not syn pakets',
-'drop forward' => 'Log dropped firewall pakets',
+'drop forward' => 'Log dropped forward pakets',
 'drop portscan' => 'Log dropped portscan pakets',
 'drop proxy' => 'Drop all packets not addressed to proxy',
 'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
 'from email user' => 'From e-mail user',
 'from warn email bad' => 'From e-mail address is not valid',
 'fw blue' => 'Firewall options for BLUE interface',
+'fw default drop' => 'Firewall policy',
 'fw logging' => 'Firewall logging',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',
index 704c6900734b47f6255cae92ceefc8b468455880..56ee98df98f3b1508149081b0436113cd46248bc 100644 (file)
@@ -103,6 +103,7 @@ $(TARGET) :
        cp $(DIR_SRC)/langs/list                                                $(CONFIG_ROOT)/langs/
        cp $(DIR_SRC)/config/forwardfw/rules.pl                 $(CONFIG_ROOT)/forward/bin/rules.pl
        cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl  $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
+       cp $(DIR_SRC)/config/forwardfw/firewall-forward-policy  /usr/sbin/firewall-forward-policy
        cp $(DIR_SRC)/config/fwhosts/icmp-types                 $(CONFIG_ROOT)/fwhosts/icmp-types
        cp $(DIR_SRC)/config/fwhosts/customservices             $(CONFIG_ROOT)/fwhosts/customservices
        # Oneliner configfiles
index c1daa59b5266da97274357b3933a0f7c3f44c345..0af3d4b2af5340d99f12402470e0d1aaacff9fb6 100644 (file)
@@ -226,12 +226,6 @@ case "$1" in
        /sbin/iptables -N OPENSSLPHYSICAL
        /sbin/iptables -A INPUT -j OPENSSLPHYSICAL
 
-       # WIRELESS chains
-       /sbin/iptables -N WIRELESSINPUT
-       /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
-       /sbin/iptables -N WIRELESSFORWARD
-       /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
-
        # RED chain, used for the red interface
        /sbin/iptables -N REDINPUT
        /sbin/iptables -A INPUT -j REDINPUT
@@ -283,11 +277,16 @@ case "$1" in
                /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
        fi
        /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
-       if [ "$DROPFORWARD" == "on" ]; then
-               /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
-       fi
-       /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+       #if [ "$DROPFORWARD" == "on" ]; then
+       #       /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+       #fi
+       #/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+       
+       #POLICY CHAIN
+       /sbin/iptables -N POLICY
+       /sbin/iptables -A FORWARD -j POLICY
        
+       /usr/sbin/firewall-forward-policy
        ;;
   startovpn)  
        # run openvpn
@@ -320,14 +319,10 @@ case "$1" in
                /sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
        fi
        /sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
-       #if [ "$DROPOUTPUT" == "on" ]; then
-       #       /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
-       #fi
-       #/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
        if [ "$DROPFORWARD" == "on" ]; then
-               /sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
+               /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
        fi
-       /sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW-oberdropper"
+       /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
        ;;
   stopovpn)
        # stop openvpn