1) Added more possible chars in remark: : / .
2) Added "Internet" to std networks to be able to define internetaccess
3) When renaming a custom address, the firewallrules get updated
4) Ports are now ignored when using GRE as Protocol
5) When saving a customservice, the cursor is now in first textfield
6) Added a customservices file to installation with predefined services
7) Added ESP as protocol
8) Fixed counterproblem
9) Dropdownboxes for customservices and groups now sorted
10) Firewallrules now sorted in right order
11) fixed a Bug when defining manual address in source and target, the hint message is no longer displayed
12) When defining an external access rule, the last forwardrule was deleted
--- /dev/null
+#!/bin/sh
+
+eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+
+iptables -F POLICY
+
+if [ "$POLICY" == "MODE1" ]; then
+
+ if [ "$FWPOLICY" == "REJECT" ]; then
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+ fi
+ /sbin/iptables -A POLICY -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
+ fi
+ if [ "$FWPOLICY" == "DROP" ]; then
+ if [ "$DROPFORWARD" == "on" ]; then
+ /sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+ fi
+ /sbin/iptables -A POLICY -j DROP -m comment --comment "DROP_OUTPUT"
+ fi
+fi
+
+
return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
}elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ }elsif($val eq 'RED'){
+ return "0.0.0.0/0 -o red0";
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
&preparerules;
if($MODE eq '0'){
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
- #system ("iptables -A $CHAIN -j DROP");
+ system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
- #system ("iptables -A $CHAIN -j ACCEPT");
+ system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE0' || $fwdfwsettings{'POLICY'} eq 'MODE2'){
+ system ("/usr/sbin/firewall-forward-policy");
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
}
}
}
sub buildrules
{
-
my $hash=shift;
-
foreach my $key (sort keys %$hash){
if($$hash{$key}[2] eq 'ON'){
#get source ip's
if ($DPROT eq ''){$DPROT=' ';}
@DPROT=split(",",$DPROT);
-
+
#get time if defined
if($$hash{$key}[18] eq 'ON'){
if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
$TIMETILL="--timestop $$hash{$key}[27] ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
}
-
+
if ($MODE eq '1'){
print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){
print "\n";
print"##################################\n";
#print rules to console
-
+
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
}
print"\n";
}
-
+
}elsif($MODE eq '0'){
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
if ($$hash{$key}[10] ne ''){
return "--sport $$hash{$key}[10] ";
- }elsif($$hash{$key}[9] ne ''){
+ }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[9] ";
+ }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+ return;
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
-
if($$hash{$key}[14] eq 'TGT_PORT'){
if ($$hash{$key}[15] ne ''){
return "--dport $$hash{$key}[15] ";
elsif($prot eq 'ICMP'){
return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
}
-
-
}
}
}
srv/web/ipfire/cgi-bin/dns.cgi
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/dhcp.cgi
-srv/web/ipfire/cgi-bin/dmzholes.cgi
+#srv/web/ipfire/cgi-bin/dmzholes.cgi
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
srv/web/ipfire/cgi-bin/forwardfw.cgi
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
+usr/sbin/firewall-forward-policy
#usr/share
#usr/share/doc
#usr/share/doc/licenses
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-#workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );
-undef (@dummy);
-
-my %cgiparams=();
-my %checked=();
-my %selected=();
-my %netsettings=();
-my $errormessage = '';
-my $filename = "${General::swroot}/dmzholes/config";
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-$cgiparams{'ENABLED'} = 'off';
-$cgiparams{'REMARK'} = '';
-$cgiparams{'ACTION'} = '';
-$cgiparams{'SRC_IP'} = '';
-$cgiparams{'DEST_IP'} ='';
-$cgiparams{'DEST_PORT'} = '';
-&Header::getcgihash(\%cgiparams);
-
-open(FILE, $filename) or die 'Unable to open config file.';
-my @current = <FILE>;
-close(FILE);
-
-if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
-{
- unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
- unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }
- unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}
- unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
- unless ($errormessage) {
- $errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }
- # Darren Critchley - Remove commas from remarks
- $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
-
- unless ($errormessage)
- {
- if($cgiparams{'EDITING'} eq 'no') {
- open(FILE,">>$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- print FILE "$cgiparams{'PROTOCOL'},"; # [0]
- print FILE "$cgiparams{'SRC_IP'},"; # [1]
- print FILE "$cgiparams{'DEST_IP'},"; # [2]
- print FILE "$cgiparams{'DEST_PORT'},"; # [3]
- print FILE "$cgiparams{'ENABLED'},"; # [4]
- print FILE "$cgiparams{'SRC_NET'},"; # [5]
- print FILE "$cgiparams{'DEST_NET'},"; # [6]
- print FILE "$cgiparams{'REMARK'}\n"; # [7]
- } else {
- open(FILE,">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- my $id = 0;
- foreach my $line (@current)
- {
- $id++;
- if ($cgiparams{'EDITING'} eq $id) {
- print FILE "$cgiparams{'PROTOCOL'},"; # [0]
- print FILE "$cgiparams{'SRC_IP'},"; # [1]
- print FILE "$cgiparams{'DEST_IP'},"; # [2]
- print FILE "$cgiparams{'DEST_PORT'},"; # [3]
- print FILE "$cgiparams{'ENABLED'},"; # [4]
- print FILE "$cgiparams{'SRC_NET'},"; # [5]
- print FILE "$cgiparams{'DEST_NET'},"; # [6]
- print FILE "$cgiparams{'REMARK'}\n"; # [7]
- } else { print FILE "$line"; }
- }
- }
- close(FILE);
- undef %cgiparams;
- &General::log($Lang::tr{'dmz pinhole rule added'});
- system('/usr/local/bin/setdmzholes');
- }
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
-{
- my $id = 0;
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current)
- {
- $id++;
- unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
- }
- close(FILE);
- system('/usr/local/bin/setdmzholes');
- &General::log($Lang::tr{'dmz pinhole rule removed'});
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
-{
- my $id = 0;
- open(FILE, ">$filename") or die 'Unable to open config file.';
- flock FILE, 2;
- foreach my $line (@current)
- {
- $id++;
- unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
- else
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";
- }
- }
- close(FILE);
- system('/usr/local/bin/setdmzholes');
-}
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
-{
- my $id = 0;
- foreach my $line (@current)
- {
- $id++;
- if ($cgiparams{'ID'} eq $id)
- {
- chomp($line);
- my @temp = split(/\,/,$line);
- $cgiparams{'PROTOCOL'} = $temp[0];
- $cgiparams{'SRC_IP'} = $temp[1];
- $cgiparams{'DEST_IP'} = $temp[2];
- $cgiparams{'DEST_PORT'} = $temp[3];
- $cgiparams{'ENABLED'} = $temp[4];
- $cgiparams{'SRC_NET'} = $temp[5];
- $cgiparams{'DEST_NET'} = $temp[6];
- $cgiparams{'REMARK'} = $temp[7];
- }
- }
-}
-
-if ($cgiparams{'ACTION'} eq '')
-{
- $cgiparams{'PROTOCOL'} = 'tcp';
- $cgiparams{'ENABLED'} = 'on';
- $cgiparams{'SRC_NET'} = 'orange';
- $cgiparams{'DEST_NET'} = 'blue';
-}
-
-$selected{'PROTOCOL'}{'udp'} = '';
-$selected{'PROTOCOL'}{'tcp'} = '';
-$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
-
-$selected{'SRC_NET'}{'orange'} = '';
-$selected{'SRC_NET'}{'blue'} = '';
-$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";
-
-$selected{'DEST_NET'}{'blue'} = '';
-$selected{'DEST_NET'}{'green'} = '';
-$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";
-
-$checked{'ENABLED'}{'off'} = '';
-$checked{'ENABLED'}{'on'} = '';
-$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
-
-&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');
-
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
-}
-
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
-
-my $buttonText = $Lang::tr{'add'};
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
- &Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
- $buttonText = $Lang::tr{'update'};
-} else {
- &Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
-}
-print <<END
-<table width='100%'>
-<tr>
-<td>
- <select name='PROTOCOL'>
- <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
- <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
- </select>
-</td>
-<td>
- $Lang::tr{'source net'}:</td>
-<td>
- <select name='SRC_NET'>
-END
-;
- if (&haveOrangeNet()) {
- print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";
- }
- if (&haveBlueNet()) {
- print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
- }
-print <<END
- </select>
-</td>
-<td class='base'>$Lang::tr{'source ip or net'}:</td>
-<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>
-</tr>
-<tr>
-<td>
- </td>
-<td>
- $Lang::tr{'destination net'}:</td>
-<td>
- <select name='DEST_NET'>
-END
-;
- if (&haveOrangeNet() && &haveBlueNet()) {
- print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
- }
-
-print <<END
- <option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>
- </select>
-</td>
-<td class='base'>
- $Lang::tr{'destination ip or net'}:</td>
-<td>
- <input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />
-</td>
-<td class='base'>
- $Lang::tr{'destination port'}:
- <input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
-</td>
-</tr>
-</table>
-<table width='100%'>
- <tr>
- <td colspan='3' width='50%' class='base'>
- <font class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' alt='*' /></font>
- <input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />
- </td>
- </tr>
- <tr>
- <td class='base' width='50%'>
- <img src='/blob.gif' alt ='*' align='top' />
- <font class='base'>$Lang::tr{'this field may be blank'}</font>
- </td>
- <td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
- <td width='25%' align='center'>
- <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
- <input type='submit' name='SUBMIT' value='$buttonText' />
- </td>
- </tr>
-</table>
-END
-;
-if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
- print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
-} else {
- print "<input type='hidden' name='EDITING' value='no' />\n";
-}
-&Header::closebox();
-print "</form>\n";
-
-&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
-print <<END
-<table width='100%'>
-<tr>
-<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
-<td width='2%' class='boldbase' align='center'> </td>
-<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
-<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
-<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-<td width='1%' class='boldbase' align='center'> </td>
-<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
-
-# Achim Weber: if i add a new rule, this rule is not displayed?!?
-# we re-read always config.
-# If something has happeened re-read config
-#if($cgiparams{'ACTION'} ne '')
-#{
- open(FILE, $filename) or die 'Unable to open config file.';
- @current = <FILE>;
- close(FILE);
-#}
-my $id = 0;
-foreach my $line (@current)
-{
- my $protocol='';
- my $gif='';
- my $toggle='';
- my $gdesc='';
- $id++;
- chomp($line);
- my @temp = split(/\,/,$line);
- if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }
-
- my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};
- my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};
-
- if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
- print "<tr bgcolor='${Header::colouryellow}'>\n"; }
- elsif ($id % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n"; }
- else {
- print "<tr bgcolor='${Header::table2colour}'>\n"; }
- if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
- else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
-
- # Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
- my $dstprt =$temp[3];
- $_=$temp[3];
- if (/^\d+$/) {
- my $servi = uc(getservbyport($temp[3], lc($temp[0])));
- if ($servi ne '' && $temp[3] < 1024) {
- $dstprt = "$dstprt($servi)"; }
- }
- # Darren Critchley - If the line is too long, wrap the port numbers
- my $dstaddr = "$temp[2] : $dstprt";
- if (length($dstaddr) > 26) {
- $dstaddr = "$temp[2] :<br /> $dstprt";
- }
-print <<END
-<td align='center'>$protocol</td>
-<td bgcolor='$srcnetcolor'></td>
-<td align='center'>$temp[1]</td>
-<td align='center'><img src='/images/forward.gif' /></td>
-<td bgcolor='$destnetcolor'></td>
-<td align='center'>$dstaddr</td>
-<td align='center'>$temp[7]</td>
-
-<td align='center'>
-<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ENABLE' value='$toggle' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
-</form>
-</td>
-
-<td align='center'>
-<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
-<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />
-<input type='hidden' name='ID' value='$id' />
-<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
-</form>
-</td>
-
-</tr>
-END
- ;
-}
-print "</table>\n";
-
-# If the fixed lease file contains entries, print Key to action icons
-if ( ! -z "$filename") {
-print <<END
-<table>
-<tr>
- <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
- <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
- <td class='base'>$Lang::tr{'edit'}</td>
- <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
- <td class='base'>$Lang::tr{'remove'}</td>
-</tr>
-</table>
-END
-;
-}
-
-&Header::closebox();
-
-&Header::closebigbox();
-
-&Header::closepage();
-
-sub validNet
-{
- my $srcNet = $_[0];
- my $destNet = $_[1];
-
- if ($srcNet eq $destNet) {
- return $Lang::tr{'dmzpinholes for same net not necessary'}; }
- unless ($srcNet =~ /^(blue|orange)$/) {
- return $Lang::tr{'select source net'}; }
- unless ($destNet =~ /^(blue|green)$/) {
- return $Lang::tr{'select dest net'}; }
-
- return '';
-}
-
-sub haveOrangeNet
-{
- if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
- return 0;
-}
-
-sub haveBlueNet
-{
- if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
- return 0;
-}
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
-
+
#check if we change an forward rule to an external access
- if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
+ if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'nobase'}='on';
&deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
+
#check if we change an external access rule to an forward
- if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
+ if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'nobase'}='on';
&deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
#INPUT part
if($fwdfwsettings{'grp2'} eq 'ipfire'){
$fwdfwsettings{'chain'} = 'INPUTFW';
#check if we have an identical rule already
foreach my $key (sort keys %configinputfw){
if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[16],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
}
-
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
-
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
-
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
-
-
+
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+
&saverule(\%configinputfw,$configinput);
-
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-
-
-
}else{
$fwdfwsettings{'chain'} = 'FORWARDFW';
#check if we have an identical rule already
}
#increase counters
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-
+
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
+
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
if ($fwdfwsettings{'nobase'} eq 'on'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
-
-
&saverule(\%configfwdfw,$configfwdfw);
-
+
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
-
-
-
}
if ($errormessage){
&newrule;
&rules;
&base;
}
-
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
$fwdfwsettings{'POLICY'}='MODE0';
system("rm ${General::swroot}/forward/config");
system("rm ${General::swroot}/forward/input");
- %fwdfwsettings = ();
-
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
-
+ %fwdfwsettings = ();
&reread_rules;
}
}elsif($base1 eq 'cust_srvgrp'){
&dec_counter($configsrvgrp,\%customservicegrp,$val1);
}
-
+
if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
&inc_counter($confignet,\%customnetwork,$val2);
}elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
my %hash=%{(shift)};
my $val=shift;
my $pos;
-
+
&General::readhasharray($config, \%hash);
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]+1;
-
}
}
&General::writehasharray($config, \%hash);
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]-1;
-
}
}
&General::writehasharray($config, \%hash);
}
sub base
{
-
if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
+
&hint;
if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') {
&addrule;
}
-
+
#print"<table width='100' border='1'><tr>";
#foreach (0 .. 40){
#my $i="color".$_;
{
&error;
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
+
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
&Header::closebox();
&viewtablerule;
-
}
sub deleterule
{
&General::writehasharray($fwdfwsettings{'config'}, \%delhash);
&rules;
-
+
if($fwdfwsettings{'nobase'} ne 'on'){
&base;
}
}
&General::writehasharray("$configfwdfw", \%configfwdfw);
&rules;
-
}
sub checksource
{
$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
#check icmp source
$fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
}
}
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
$fwdfwsettings{'ICMP_TYPES'}='';
}else{
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'PROT'}='';
}
-
+
if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
$fwdfwsettings{'SRC_PORT'} = "$1:65535";
}
-
+
$errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
}
return $errormessage;
sub checktarget
{
my ($ip,$subnet);
-
-
+
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
}
-
+
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
-
+
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
-
+
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
}
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
+ if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP' && $fwdfwsettings{'TGT_PROT'} ne 'GRE'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
}
$errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
}
+ }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'} = '';
+ }elsif($fwdfwsettings{'TGT_PORT'} eq 'ESP'){
+ $fwdfwsettings{'TGT_PORT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ $fwdfwsettings{'TGT_PORT'} = '';
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $key (keys %icmptypes){
if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
-
$fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
}
}
}
}
}
-
+
#check targetport
if ($fwdfwsettings{'USESRV'} ne 'ON'){
$fwdfwsettings{'grp3'}='';
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}
-
-
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
$errormessage=$Lang::tr{'fwdfw err time'};
}
}
-
-
-
return $errormessage;
}
sub checkrule
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
-
+
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
-
-
-
+
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
-
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
- my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
- my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
$hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
-
}else{
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
}
-
+
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
}
}
}
-
}
sub get_ip
{
}
}
}
-
return $a,$b;
}
sub newrule
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
-
-
my %checked=();
my $helper;
if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
my $config=$fwdfwsettings{'config'};
my %hash=();
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
-
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
$fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
-
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$fwdfwsettings{'ACTIVE'}='ON';
$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
}
-
+
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
-
+
print <<END;
<form method="post">
<table border='0'>
if($fwdfwsettings{'POLICY'} eq 'MODE2'){
$fwdfwsettings{'RULE_ACTION'} = 'DROP';
}
-
+
if ($_ eq $fwdfwsettings{'RULE_ACTION'})
{
print"<option selected>$_</option>";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
-
-
+
+
#------SOURCE-------------------------------------------------------
print<<END;
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
-
END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
}
print<<END;
</select></td></tr>
-
+
<tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
END
foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
print"<option ";
print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
print ">$customgrp{$key}[0]</option>";
-
-
}
$helper=$customgrp{$key}[0];
}
print<<END;
</select></td></tr>
END
-
+
# <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
# }
# }
print<<END;
-
<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
-
-
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
<td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'PROT'})
{
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
END
print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
-
+
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
}
-
+
print<<END;
</td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
-
END
-
foreach my $network (sort keys %defaultNetworks)
{
print "<option value='$defaultNetworks{$network}{'NAME'}'";
</select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt' $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
END
&fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
-
print<<END;
</select></td></tr>
<tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
}
print<<END;
</select></td></tr>
-
<tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
END
$helper='';
print<<END;
</select></td></tr>
END
-
# <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
</table>
<b>$Lang::tr{'fwhost attention'}:</b><br>
$Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
-
+
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
END
&General::readhasharray("$configsrv", \%customservice);
- foreach my $key (sort keys %customservice){
+ foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
- foreach my $key (sort keys %customservicegrp){
+ foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
if ($helper ne $customservicegrp{$key}[0]){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
</select></td></tr>
<tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
END
- foreach ("TCP","UDP","GRE","ICMP")
+ foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'TGT_PROT'})
{
print<<END;
</select></td></tr>
</table><hr><br><br>
-
+
END
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
<tr>
<td align='left'>$Lang::tr{'time'}:</td>
<td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
-
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
<input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
<input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
</td>
-
<td><select name='TIME_FROM'>
END
for (my $i=0;$i<=23;$i++) {
print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
- print<<END;
+ print<<END;
</select></td></tr>
</table><hr>
END
<input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
<input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
<input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
-
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
-
</table></form>
END
}
}
sub saverule
{
-
my $hash=shift;
my $config=shift;
&General::readhasharray("$config", $hash);
foreach my $network (sort keys %defaultNetworks)
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
- }
+ }
}
sub validremark
{
if (length ($remark) < 1 || length ($remark) > 255) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
- if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
+ if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:\/\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
- if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
+ if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) {
return 0;}
return 1;
}
my $key=shift;
my $service;
my $prot;
-
+
if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
}
}
}elsif($hash{$key}[14] eq 'cust_srvgrp'){
-
+
$service=$hash{$key}[15];
}elsif($hash{$key}[14] eq 'TGT_PORT'){
$service=$hash{$key}[15];
}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
}
-
+
if ($prot ne '' || $service ne ''){
print" :";
if ($prot ne ''){
my $config=shift;
my $title=shift;
my $title1=shift;
-
+
if ( ! -z "$config"){
&Header::openbox('100%', 'left',$title);
my $count=0;
print"<b>$title1</b><br>";
print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' width='20%'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
- foreach my $key (sort keys %$hash){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[6]);
}
-
foreach my $host (@tmpsrc){
if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
- if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
&disable_rule($key);
$$hash{$key}[2]='';
-
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$$hash{$key}[3]='';
$$hash{$key}[5]='';
}
-
$$hash{'ACTIVE'}=$$hash{$key}[2];
$count++;
-
if($coloryellow eq 'on'){
print"<tr bgcolor='$color{'color14'}' >";
$coloryellow='';
print"<tr bgcolor='$color{'color20'}' >";
}
}
-
print<<END;
<td align='right'>$key</td>
END
}
print<<END;
</td>
-
<form method='post'>
<td width='1%' align='left'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
<input type='hidden' name='key' value='$key' />
}else{
$gif="/images/off.gif"
-
}
print<<END;
<form method='post'>
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
</td></form>
-
<form method='post'>
<td width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='editrule' />
</td></form></td>
-
<form method='post'>
<td width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='copyrule' />
</td></form></td>
-
-
<form method='post'>
<td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
}else{
print"<td></td>";
}
-
if (exists $$hash{$key+1}){
print<<END;
<form method='post'>
if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
-
my $weekdays=join(",",@days);
-
if (@days){
print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
print"$weekdays";
print"</table>";
&Header::closebox();
}
-
}
sub fillselect
{
my %hash=%{(shift)};
my $val=shift;
my $key;
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash)
- {
- if($hash{$key}[0] eq $val){
- print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
- }else{
- print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
- }
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+ }else{
+ print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
}
+ }
}
sub rules
{
my %mainsettings=();
my %ownnet=();
my %ipsecsettings=();
+my %fwfwd=();
+my %fwinp=();
my $errormessage;
my $hint;
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $fwconfigfwd = "${General::swroot}/forward/config";
+my $fwconfiginp = "${General::swroot}/forward/input";
unless (-e $confignet) { system("touch $confignet"); }
unless (-e $confighost) { system("touch $confighost"); }
}
}
&General::writehasharray("$confighost", \%customhost);
+
+
+
$fwhostsettings{'actualize'} = 'on';
$fwhostsettings{'ACTION'} = 'savehost';
}
}
}
&General::writehasharray("$configgrp", \%customgrp);
+ #check if we need to update firewallrules
+ if ( ! -z $fwconfigfwd ){
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ foreach my $line (sort keys %fwfwd){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd);
+ }
+ if ( ! -z $fwconfiginp ){
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ foreach my $line (sort keys %fwinp){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp);
+ }
}
}
my $key = &General::findhasharraykey (\%customnetwork);
}
}
&General::writehasharray("$configgrp", \%customgrp);
+ #check if we need to update firewallrules
+ if ( ! -z $fwconfigfwd ){
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ foreach my $line (sort keys %fwfwd){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfigfwd", \%fwfwd);
+ }
+ if ( ! -z $fwconfiginp ){
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ foreach my $line (sort keys %fwinp){
+ if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
+ $fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
+ }
+ }
+ &General::writehasharray("$fwconfiginp", \%fwinp);
+ }
}
-
-
}
my $key = &General::findhasharraykey (\%customhost);
foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
+ next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
}
print<<END;
<table width='100%' border='0'><form method='post'>
- <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' value='$fwhostsettings{'SRV_NAME'}'></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+ <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}'><script>document.getElementById('textbox1').focus()</script></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
END
foreach ("TCP","UDP","ICMP")
{
&Header::getcgihash(\%settings);
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+
$errormessage = $Lang::tr{'new optionsfw later'};
- delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
+ delete $settings{'__CGI__'};
+ delete $settings{'x'};
+ delete $settings{'y'};
&General::writehash($filename, \%settings); # Save good settings
- } else {
- &General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
- }
-
+ }else {
+ &General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
+ }
+ system("/usr/local/bin/forwardfwctrl");
&Header::openpage($Lang::tr{'options fw'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
$checked{'DROPSAMBA'}{'off'} = '';
$checked{'DROPSAMBA'}{'on'} = '';
$checked{'DROPSAMBA'}{$settings{'DROPSAMBA'}} = "checked='checked'";
+$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
<tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>on <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/
<input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> off</td></tr>
</table>
+<br />
+<table width='95%' cellspacing='0'>
+<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
+<tr><td align='left' width='60%'>$Lang::tr{'drop action'}</td><td><select name='FWPOLICY'>
+<option value='DROP' $selected{'FWPOLICY'}{'DROP'}>DROP</option>
+<option value='REJECT' $selected{'FWPOLICY'}{'REJECT'}>REJECT</option></select>
+</td></tr>
+</table>
+
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
- <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
+<input type='submit' name='ACTION' value=$Lang::tr{'save'} />
+</form></td></tr>
</table>
</form>
END
+++ /dev/null
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-my %outfwsettings = ();
-my %checked = ();
-my %selected= () ;
-my %netsettings = ();
-my $errormessage = "";
-my $configentry = "";
-my @configs = ();
-my @configline = ();
-my $p2pentry = "";
-my @p2ps = ();
-my @p2pline = ();
-
-my $configfile = "/var/ipfire/outgoing/rules";
-my $configpath = "/var/ipfire/outgoing/groups/";
-my $p2pfile = "/var/ipfire/outgoing/p2protocols";
-my $servicefile = "/var/ipfire/outgoing/defaultservices";
-
-my %color = ();
-my %mainsettings = ();
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-&Header::showhttpheaders();
-
-### Values that have to be initialized
-$outfwsettings{'ACTION'} = '';
-$outfwsettings{'VALID'} = 'yes';
-$outfwsettings{'EDIT'} = 'no';
-$outfwsettings{'NAME'} = '';
-$outfwsettings{'SNET'} = '';
-$outfwsettings{'SIP'} = '';
-$outfwsettings{'SPORT'} = '';
-$outfwsettings{'SMAC'} = '';
-$outfwsettings{'DIP'} = '';
-$outfwsettings{'DPORT'} = '';
-$outfwsettings{'PROT'} = '';
-$outfwsettings{'STATE'} = '';
-$outfwsettings{'DISPLAY_DIP'} = '';
-$outfwsettings{'DISPLAY_DPORT'} = '';
-$outfwsettings{'DISPLAY_SMAC'} = '';
-$outfwsettings{'DISPLAY_SIP'} = '';
-$outfwsettings{'POLICY'} = 'MODE0';
-$outfwsettings{'MODE1LOG'} = 'off';
-
-$outfwsettings{'TIME_FROM'} = '00:00';
-$outfwsettings{'TIME_TO'} = '00:00';
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-&Header::getcgihash(\%outfwsettings);
-
-###############
-# DEBUG DEBUG
-#&Header::openbox('100%', 'left', 'DEBUG');
-#my $debugCount = 0;
-#foreach my $line (sort keys %outfwsettings) {
-#print "$line = $outfwsettings{$line}<br />\n";
-# $debugCount++;
-#}
-#print " Count: $debugCount\n";
-#&Header::closebox();
-# DEBUG DEBUG
-###############
-
-$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
-$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-
-$checked{'MODE1LOG'}{'off'} = '';
-$checked{'MODE1LOG'}{'on'} = '';
-$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
-$checked{'TIME_MON'}{'off'} = '';
-$checked{'TIME_MON'}{'on'} = '';
-$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'";
-$checked{'TIME_TUE'}{'off'} = '';
-$checked{'TIME_TUE'}{'on'} = '';
-$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'";
-$checked{'TIME_WED'}{'off'} = '';
-$checked{'TIME_WED'}{'on'} = '';
-$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'";
-$checked{'TIME_THU'}{'off'} = '';
-$checked{'TIME_THU'}{'on'} = '';
-$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'";
-$checked{'TIME_FRI'}{'off'} = '';
-$checked{'TIME_FRI'}{'on'} = '';
-$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'";
-$checked{'TIME_SAT'}{'off'} = '';
-$checked{'TIME_SAT'}{'on'} = '';
-$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'";
-$checked{'TIME_SUN'}{'off'} = '';
-$checked{'TIME_SUN'}{'on'} = '';
-$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'";
-
-if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
-if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
-
-# This is a little hack if poeple don´t mark any date then all will be selected, because they might have forgotten to select
-# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice
-# that they have to select a day for the rule.
-
-if ( $outfwsettings{'TIME_MON'} eq "" &&
- $outfwsettings{'TIME_TUE'} eq "" &&
- $outfwsettings{'TIME_WED'} eq "" &&
- $outfwsettings{'TIME_THU'} eq "" &&
- $outfwsettings{'TIME_FRI'} eq "" &&
- $outfwsettings{'TIME_SAT'} eq "" &&
- $outfwsettings{'TIME_SUN'} eq "" )
- {
- $outfwsettings{'TIME_MON'} = "on";
- $outfwsettings{'TIME_TUE'} = "on";
- $outfwsettings{'TIME_WED'} = "on";
- $outfwsettings{'TIME_THU'} = "on";
- $outfwsettings{'TIME_FRI'} = "on";
- $outfwsettings{'TIME_SAT'} = "on";
- $outfwsettings{'TIME_SUN'} = "on";
- }
-
-&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
-&Header::openbigbox('100%', 'left', '', $errormessage);
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
-{
- $outfwsettings{'POLICY'}='MODE0';
- unlink $configfile;
- system("/usr/bin/touch $configfile");
- my $MODE = $outfwsettings{'POLICY'};
- %outfwsettings = ();
- $outfwsettings{'POLICY'} = "$MODE";
- &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
-{
- my $MODE = $outfwsettings{'POLICY'};
- my $MODE1LOG = $outfwsettings{'MODE1LOG'};
- %outfwsettings = ();
- $outfwsettings{'POLICY'} = "$MODE";
- $outfwsettings{'MODE1LOG'} = "$MODE1LOG";
- &General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'enable')
-{
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
- print FILE "$p2pline[0];$p2pline[1];on;\n";
- } else {
- print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq 'disable')
-{
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
- print FILE "$p2pline[0];$p2pline[1];off;\n";
- } else {
- print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
-{
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- open( FILE, "> $configfile" ) or die "Unable to write $configfile";
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- unless (($configline[0] eq $outfwsettings{'STATE'}) &&
- ($configline[1] eq $outfwsettings{'ENABLED'}) &&
- ($configline[2] eq $outfwsettings{'SNET'}) &&
- ($configline[3] eq $outfwsettings{'PROT'}) &&
- ($configline[4] eq $outfwsettings{'NAME'}) &&
- ($configline[5] eq $outfwsettings{'SIP'}) &&
- ($configline[6] eq $outfwsettings{'SMAC'}) &&
- ($configline[7] eq $outfwsettings{'DIP'}) &&
- ($configline[9] eq $outfwsettings{'LOG'}) &&
- ($configline[8] eq $outfwsettings{'DPORT'}) &&
- ($configline[10] eq $outfwsettings{'TIME_MON'}) &&
- ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
- ($configline[12] eq $outfwsettings{'TIME_WED'}) &&
- ($configline[13] eq $outfwsettings{'TIME_THU'}) &&
- ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
- ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
- ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
- ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
- ($configline[18] eq $outfwsettings{'TIME_TO'}))
- {
- print FILE $configentry;
- }
- }
- close FILE;
- $selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected';
- $selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected';
- $selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected';
- &addrule();
- &Header::closebigbox();
- &Header::closepage();
- exit
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
-{
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- open( FILE, "> $configfile" ) or die "Unable to write $configfile";
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- unless (($configline[0] eq $outfwsettings{'STATE'}) &&
- ($configline[1] eq $outfwsettings{'ENABLED'}) &&
- ($configline[2] eq $outfwsettings{'SNET'}) &&
- ($configline[3] eq $outfwsettings{'PROT'}) &&
- ($configline[4] eq $outfwsettings{'NAME'}) &&
- ($configline[5] eq $outfwsettings{'SIP'}) &&
- ($configline[6] eq $outfwsettings{'SMAC'}) &&
- ($configline[7] eq $outfwsettings{'DIP'}) &&
- ($configline[9] eq $outfwsettings{'LOG'}) &&
- ($configline[8] eq $outfwsettings{'DPORT'}) &&
- ($configline[10] eq $outfwsettings{'TIME_MON'}) &&
- ($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
- ($configline[12] eq $outfwsettings{'TIME_WED'}) &&
- ($configline[13] eq $outfwsettings{'TIME_THU'}) &&
- ($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
- ($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
- ($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
- ($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
- ($configline[18] eq $outfwsettings{'TIME_TO'}))
- {
- print FILE $configentry;
- }
- }
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
-{
- if ( $outfwsettings{'VALID'} eq 'yes' ) {
-
- if ( $outfwsettings{'SNET'} eq "all" ) {
- $outfwsettings{'SIP'} ="";
- $outfwsettings{'SMAC'}="";
- }
- open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
- print FILE <<END
-$outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};$outfwsettings{'LOG'};$outfwsettings{'TIME_MON'};$outfwsettings{'TIME_TUE'};$outfwsettings{'TIME_WED'};$outfwsettings{'TIME_THU'};$outfwsettings{'TIME_FRI'};$outfwsettings{'TIME_SAT'};$outfwsettings{'TIME_SUN'};$outfwsettings{'TIME_FROM'};$outfwsettings{'TIME_TO'};
-END
-;
- close FILE;
- system("/usr/local/bin/outgoingfwctrl");
- } else {
- $outfwsettings{'ACTION'} = 'Add rule';
- }
-}
-if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'})
-{
- &addrule();
- exit
-}
-
-&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
-
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
-}
-
-############################################################################################################################
-############################################################################################################################
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
- &Header::openbox('100%', 'center', 'Rules');
- print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' />
- </form>
-END
-;
- open( FILE, "< $configfile" ) or die "Unable to read $configfile";
- @configs = <FILE>;
- close FILE;
- if (@configs) {
- print <<END
- <hr />
- <table border='0' width='100%' cellspacing='0'>
- <tr bgcolor='$color{'color22'}'>
- <td width='14%' align='center'><b>$Lang::tr{'protocol'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'network'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'destination'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'description'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'policy'}</b></td>
- <td width='16%' align='center'><b>$Lang::tr{'logging'}</b></td>
- <td width='14%' align='center'><b>$Lang::tr{'action'}</b></td>
-END
-;
- foreach $configentry (sort @configs)
- {
- @configline = split( /\;/, $configentry );
- $outfwsettings{'STATE'} = $configline[0];
- $outfwsettings{'ENABLED'} = $configline[1];
- $outfwsettings{'SNET'} = $configline[2];
- $outfwsettings{'PROT'} = $configline[3];
- $outfwsettings{'NAME'} = $configline[4];
- $outfwsettings{'SIP'} = $configline[5];
- $outfwsettings{'SMAC'} = $configline[6];
- $outfwsettings{'DIP'} = $configline[7];
- $outfwsettings{'DPORT'} = $configline[8];
- $outfwsettings{'LOG'} = $configline[9];
-
- $configline[10] = "on" if not exists $configline[11];
- $configline[11] = "on" if not exists $configline[11];
- $configline[12] = "on" if not exists $configline[12];
- $configline[13] = "on" if not exists $configline[13];
- $configline[14] = "on" if not exists $configline[14];
- $configline[15] = "on" if not exists $configline[15];
- $configline[16] = "on" if not exists $configline[16];
- $configline[17] = "00:00" if not exists $configline[17];
- $configline[18] = "00:00" if not exists $configline[18];
-
- $outfwsettings{'TIME_MON'} = $configline[10];
- $outfwsettings{'TIME_TUE'} = $configline[11];
- $outfwsettings{'TIME_WED'} = $configline[12];
- $outfwsettings{'TIME_THU'} = $configline[13];
- $outfwsettings{'TIME_FRI'} = $configline[14];
- $outfwsettings{'TIME_SAT'} = $configline[15];
- $outfwsettings{'TIME_SUN'} = $configline[16];
- $outfwsettings{'TIME_FROM'} = $configline[17];
- $outfwsettings{'TIME_TO'} = $configline[18];
-
- if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
- if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
- if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY' />"; }
- if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW' />"; }
- if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
- if ( $outfwsettings{'ENABLED'} eq "on" ){
- print "<tr bgcolor='$color{'color20'}'>";
- } else {
- print "<tr bgcolor='$color{'color18'}'>";
- }
- print <<END
- <td align='center'>$outfwsettings{'PROT'}
- <td align='center'>$outfwsettings{'SNET'}
- <td align='center'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
- <td align='center'>$outfwsettings{'NAME'}
- <td align='center'>$outfwsettings{'DISPLAY_STATE'}
- <td align='center'>$outfwsettings{'LOG'}
- <td align='center'>
- <table border='0' cellpadding='0' cellspacing='0'><tr>
- <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
- <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
- <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
- <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
- <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
- <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
- <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
- <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
- <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
- <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
- <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
- <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
- <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
- <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
- <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
- <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
- <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
- <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
- <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
- <input type='hidden' name='ACTION' value=$Lang::tr{'edit'} />
- <input type='image' src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'} />
- </form>
- <td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
- <input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
- <input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
- <input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
- <input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
- <input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
- <input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
- <input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
- <input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
- <input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
- <input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
- <input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
- <input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
- <input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
- <input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
- <input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
- <input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
- <input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
- <input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
- <input type='hidden' name='ACTION' value=$Lang::tr{'delete'} />
- <input type='image' src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'} />
- </form></table>
-END
-;
- if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
-
- unless ($outfwsettings{'SIP'}) {
- $outfwsettings{'DISPLAY_SIP'} = 'ALL';
- } else {
- $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'};
- }
-
- unless ($outfwsettings{'SMAC'}) {
- $outfwsettings{'DISPLAY_SMAC'} = 'ALL';
- print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>";
- print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>";
- } else {
- $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'};
- print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>";
- print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>";
- }
- }
- print <<END
- <tr><td width='14%' align='right'>$Lang::tr{'time'} - </td>
- <td width='14%' align='left'>
-END
-;
- if ($outfwsettings{'TIME_MON'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy monday'}</font>,";
- if ($outfwsettings{'TIME_TUE'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy tuesday'}</font>,";
- if ($outfwsettings{'TIME_WED'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy wednesday'}</font>,";
- if ($outfwsettings{'TIME_THU'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy thursday'}</font>,";
- if ($outfwsettings{'TIME_FRI'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy friday'}</font>,";
- if ($outfwsettings{'TIME_SAT'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy saturday'}</font>,";
- if ($outfwsettings{'TIME_SUN'} eq 'on') { print "<font color='$Header::colourgreen'>";}
- else { print "<font color='$Header::colourred'>";}
- print "$Lang::tr{'advproxy sunday'}</font>";
- print <<END
- </td>
- <td width='22%' align='center'>$Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'}</td>
- <td width='22%' align='center'>$Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'}</td>
- </form>
-END
-;
- }
- }
-if ($outfwsettings{'POLICY'} eq 'MODE1'){
-print <<END
- <tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <td align='center'>all
- <td align='center'>all
- <td align='center'>ALL
- <td align='center'>drop
- <td align='center'><img src='/images/stock_stop.png' alt='DENY' />
- <td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
- <td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
- <table border='0' cellpadding='0' cellspacing='0'><tr>
- <td>
- <td></table>
-END
-;
-}
- print <<END
- </table>
-END
-;
-
- }
- &Header::closebox();
-}
-
-if ($outfwsettings{'POLICY'} ne 'MODE0'){
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
- @p2ps = <FILE>;
- close FILE;
- &Header::openbox('100%', 'center', 'P2P-Block');
- print <<END
- <table width='40%'>
- <tr bgcolor='$color{'color22'}'><td width='66%' align=center><b>$Lang::tr{'protocol'}</b>
- <td width='33%' align=center><b>$Lang::tr{'status'}</b>
-END
-;
- my $id = 1;
- foreach $p2pentry (sort @p2ps)
- {
- @p2pline = split( /\;/, $p2pentry );
- print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-END
-;
- print "\t\t\t<tr bgcolor='$color{'color20'}'>\n";
- print <<END
- <td width='66%' align='center'>$p2pline[0]:
- <td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' />
-END
-;
- if ($p2pline[2] eq 'on') {
- print <<END
- <input type='hidden' name='ACTION' value='disable' />
- <input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/>
-END
-;
- } else {
- print <<END
- <input type='hidden' name='ACTION' value='enable' />
- <input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' />
-END
-;
- }
- print <<END
- </form>
-END
-;
- }
- print <<END
- </table>
- <br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'}
-END
-;
- &Header::closebox();
-}
-
-&Header::openbox('100%', 'center', 'Policy');
-print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='100%'>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
- <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
- <tr><td colspan='3'><hr /></td></tr>
- <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
- <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
- <td width='45%' align='left'>
-END
-;
- if ($outfwsettings{'POLICY'} ne 'MODE0') {
- print <<END
- $Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} />
-END
-;
- }
-print <<END
- </table>
- </form>
-END
-;
-&Header::closebox();
-
-############################################################################################################################
-############################################################################################################################
-
-sub addrule
-{
- &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
- if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; }
- $selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
- $selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
-print <<END
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='80%'>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
- <td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
- <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'protocol'}</td>
- <td width='30%' align='left'>
- <select name='PROT'>
- <option value='all' $selected{'PROT'}{'all'}>All</option>
- <option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
- <option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
- <option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
- <option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
- </select>
- </td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
- <td width='30%' align='left' colspan='2'>
-END
-;
- if ($outfwsettings{'POLICY'} eq 'MODE1'){
- print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
- } elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
- print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
- }
- print <<END
- </td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'source'}:</td>
- <td width='30%' align='left'>
- <select name='SNET'>
- <optgroup label='---'>
- <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
- <optgroup label='$Lang::tr{'mac address'}'>
- <option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option>
- </optgroup>
- <optgroup label='$Lang::tr{'ip address'}'>
- <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option>
- <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
- </optgroup>
- <optgroup label='$Lang::tr{'alt vpn'}'>
- <option value='ovpn' $selected{'SNET'}{'ovpn'}>OpenVPN $Lang::tr{'interface'}</option>
- </optgroup>
- <optgroup label='$Lang::tr{'network'}'>
- <option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
- if (&Header::blue_used()){
- print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
- }
- if (&Header::orange_used()){
- print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
- }
- print <<END
- </optgroup>
- <optgroup label='IP $Lang::tr{'advproxy NCSA group'}'>
-END
-;
- my @ipgroups = qx(ls $configpath/ipgroups/);
- foreach (sort @ipgroups){
- chomp($_);
- print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
- }
- print <<END
- </optgroup>
- <optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'>
-END
-;
- my @macgroups = qx(ls $configpath/macgroups/);
- foreach (sort @macgroups){
- chomp($_);
- print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
- }
- print <<END
- </optgroup>
- </select>
- </td>
- <td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td>
- </tr>
- <tr>
- <td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td>
- <td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td>
- </tr>
- <tr>
- <td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' />
- <td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' />
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'logging'}:</td>
- <td width='30%' align='left'>
- <select name='LOG'>
- <option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
- <option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
- </select>
- </td>
- <td width='20%' align='right' colspan='2' />
- <td width='30%' align='left' colspan='2' />
- <tr>
- <td width='20%' align='right'>$Lang::tr{'destination ip or net'}: <img src='/blob.gif' /></td>
- <td width='30%' align='left'><input type='text' name='DIP' value='$outfwsettings{'DIP'}' /></td>
- <td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}(s) <img src='/blob.gif' /></td>
- <td width='30%' align='left' colspan='2'><input type='text' name='DPORT' value='$outfwsettings{'DPORT'}' /></td>
- </tr>
- <tr>
- <td width='20%' align='right'>$Lang::tr{'time'}:</td>
- <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
- <td width='20%' align='right' colspan='2' />
- <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
- <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
- </tr>
- <tr>
- <td width='20%' align='right'></td>
- <td width='30%' align='left'>
- <input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
- <input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
- <input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
- <input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
- <input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
- <input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
- <input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
- </td>
- <td width='20%' align='right' colspan='2' />
- <td width='15%' align='left'>
- <select name='TIME_FROM'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
- }
-}
-print <<END
- </select>
- </td>
- <td width='15%' align='left'><select name='TIME_TO'>
-END
-;
-for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
- }
-}
-print <<END
- </select>
- </td>
- </tr>
- <tr>
- <td colspan='6' />
- <tr>
- <tr>
- <td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
- <td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
- </table></form>
-END
-;
- &Header::closebox();
-
-if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2')
-{
-&Header::openbox('100%', 'center', 'Quick Add');
-
- open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services";
- my @defservices = <FILE>;
- close FILE;
-
-print "<table width='100%'><tr bgcolor='$color{'color20'}'><td><b>$Lang::tr{'service'}</b></td><td><b>$Lang::tr{'description'}</b></td><td><b>$Lang::tr{'port'}</b></td><td><b>$Lang::tr{'protocol'}</b></td><td><b>$Lang::tr{'source net'}</b></td><td><b>$Lang::tr{'logging'}</b></td><td><b>$Lang::tr{'action'}</b></td></tr>";
-foreach my $serviceline(@defservices)
- {
- my @service = split(/,/,$serviceline);
- print <<END
- <tr><form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <td>$service[0]<input type='hidden' name='NAME' value='@service[0]' /></td>
- <td>$service[3]</td>
- <td><a href='http://isc.sans.org/port_details.php?port=$service[1]' target='top'>$service[1]</a><input type='hidden' name='DPORT' value='@service[1]' /></td>
- <td>$service[2]<input type='hidden' name='PROT' value='@service[2]' /></td>
- <td><select name='SNET'><option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
-END
-;
- if (&Header::blue_used()){
- print "<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>";
- }
- if (&Header::orange_used()){
- print "<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>";
- }
- print <<END
- </select></td>
- <td><select name='LOG'><option value='$Lang::tr{'active'}'>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' 'selected'>$Lang::tr{'inactive'}</option></select></td><td>
- <input type='hidden' name='ACTION' value=$Lang::tr{'add'} />
- <input type='image' alt='$Lang::tr{'add'}' src='/images/add.gif' />
- <input type='hidden' name='ENABLED' value='on' />
-END
-;
- if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "<input type='hidden' name='STATE' value='ALLOW' /></form></td></tr>";}
- elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "<input type='hidden' name='STATE' value='DENY' /></form></td></tr>";}
- }
- print "</table>";
- &Header::closebox();
- }
-}
-
-&Header::closebigbox();
-&Header::closepage();
'download root certificate' => 'Root-Zertifikat herunterladen',
'dpd action' => 'Aktion für Dead Peer Detection',
'driver' => 'Treiber',
-'drop input' => 'Verworfene Input-Pakete loggen',
+'drop action' => 'Standardverhalten der Firewall in Modus1',
+'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop forward' => 'Verworfene Firewall-Pakete loggen',
'drop portscan' => 'Verworfene Portscan Pakete loggen',
'from email server' => 'Von Email Server',
'from email user' => 'Von Email Benutzer',
'from warn email bad' => 'Von Email Adresse ist nicht gültig',
-'fw blue' => 'Firewall-Optionen für das Blaue Interface',
-'fw logging' => 'Firewall-Logging',
+'fw blue' => 'Firewall Optionen für das Blaue Interface',
+'fw default drop' => 'Firewall Policy',
+'fw logging' => 'Firewall Logging',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
'gen static key' => 'Statischen Schlüssel erzeugen',
'download root certificate' => 'Download root certificate',
'dpd action' => 'Dead Peer Detection action',
'driver' => 'Driver',
+'drop action' => 'Default behaviour of firewall in mode 1',
'drop input' => 'Log dropped input pakets',
'drop newnotsyn' => 'Log dropped new not syn pakets',
-'drop forward' => 'Log dropped firewall pakets',
+'drop forward' => 'Log dropped forward pakets',
'drop portscan' => 'Log dropped portscan pakets',
'drop proxy' => 'Drop all packets not addressed to proxy',
'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
'from email user' => 'From e-mail user',
'from warn email bad' => 'From e-mail address is not valid',
'fw blue' => 'Firewall options for BLUE interface',
+'fw default drop' => 'Firewall policy',
'fw logging' => 'Firewall logging',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
cp $(DIR_SRC)/config/forwardfw/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
+ cp $(DIR_SRC)/config/forwardfw/firewall-forward-policy /usr/sbin/firewall-forward-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
# Oneliner configfiles
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
- # WIRELESS chains
- /sbin/iptables -N WIRELESSINPUT
- /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
- /sbin/iptables -N WIRELESSFORWARD
- /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
-
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
- if [ "$DROPFORWARD" == "on" ]; then
- /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
- fi
- /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+ #if [ "$DROPFORWARD" == "on" ]; then
+ # /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
+ #fi
+ #/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+
+ #POLICY CHAIN
+ /sbin/iptables -N POLICY
+ /sbin/iptables -A FORWARD -j POLICY
+ /usr/sbin/firewall-forward-policy
;;
startovpn)
# run openvpn
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
- #if [ "$DROPOUTPUT" == "on" ]; then
- # /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
- #fi
- #/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
if [ "$DROPFORWARD" == "on" ]; then
- /sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
- /sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW-oberdropper"
+ /sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
;;
stopovpn)
# stop openvpn