my $errormessage='';
my $orange;
my $green;
+my $blue;
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW";
&p2pblock;
system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
+ $defaultNetworks{'GREEN_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'GREEN_NETMASK'});
+ $green="$defaultNetworks{'GREEN_ADDRESS'}/$defaultNetworks{'GREEN_NETMASK'}";
if ($defaultNetworks{'ORANGE_DEV'}){
$defaultNetworks{'ORANGE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'ORANGE_NETMASK'});
- $defaultNetworks{'GREEN_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'GREEN_NETMASK'});
$orange="$defaultNetworks{'ORANGE_ADDRESS'}/$defaultNetworks{'ORANGE_NETMASK'}";
- $green="$defaultNetworks{'GREEN_ADDRESS'}/$defaultNetworks{'GREEN_NETMASK'}";
#set default rules for DMZ
system ("iptables -A $CHAIN -s $orange -d $green -j RETURN");
- &p2pblock;
}
+ if ($defaultNetworks{'BLUE_DEV'}){
+ $defaultNetworks{'BLUE_NETMASK'}=&General::iporsubtocidr($defaultNetworks{'BLUE_NETMASK'});
+ $blue="$defaultNetworks{'BLUE_ADDRESS'}/$defaultNetworks{'BLUE_NETMASK'}";
+ #set default rules for BLUE
+ system ("iptables -A $CHAIN -s $blue -d $green -j RETURN");
+ }
+ &p2pblock;
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
system ("/usr/sbin/firewall-forward-policy");
}
$ip=&General::ip2dec($ip);
$ip=&General::dec2ip($ip);
- #check if net
+ #check if net or broadcast
my @tmp= split (/\./,$ip);
- if ($tmp[3] eq "0")
+ if ($tmp[3] eq "0" || ($tmp[3] eq "255"))
{
$errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
}
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
}else{
- if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) && $tcidr ne '32' ){
+ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
projects / people / teissler / ipfire-2.x.git / commitdiff
