my $natip;
my $snatport;
my $fireport;
+ my $nat;
foreach my $key (sort {$a <=> $b} keys %$hash){
next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' );
if ($$hash{$key}[28] eq 'ON'){
$command='iptables -t nat -A';
$natip=&get_nat_ip($$hash{$key}[29]);
if($$hash{$key}[31] eq 'dnat'){
- $$hash{$key}[0]='DNAT';
+ $nat='DNAT';
$fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
}else{
- $$hash{$key}[0]='SNAT';
+ $nat='SNAT';
}
}
$STAG='';
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
$DPORT =~ s/\-/:/g;
my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
- print "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
+ print "iptables -A PORTFWACCESS $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){
- print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip$fireport\n";
}
}
}
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
$DPORT =~ s/\-/:/g;
my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
- system "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
+ system "iptables -A PORTFWACCESS $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
if ($$hash{$key}[17] eq 'ON'){
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
}
- system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip$fireport\n";
}
}
}
my %optionsfw=();
my %ifaces=();
-my $VERSION='0.9.9.1';
+my $VERSION='0.9.9.2';
my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
#check if we have an identical rule already
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %confignatfw){
- if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
+ if ("$confignatfw{$key}[0],$confignatfw{$key}[1],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31]"
+ eq "$fwdfwsettings{'RULE_ACTION'},NAT_DESTINATION,$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
+ $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
}
}
}
{
&error;
if (-f "${General::swroot}/forward/reread"){
- print "<table border='0'><form method='post'><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold;'>$Lang::tr{'fwhost reread'}</td></tr></table></form><hr><br>";
+ print "<table border='0'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: red; font-weight: bold; font-size: 14pt; text-decoration: blink;'>    $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
}
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+ &Header::openbox('100%', 'left', $Lang::tr{'firewall'});
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
{
my ($ip,$subnet);
&General::readhasharray("$configsrv", \%customservice);
- #check DNAT settings (has to be single Host and single Port)
+ #check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
if ($fwdfwsettings{'USESRV'} eq ''){
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
}
}
- #check if Port is a single Port
+ #check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
#if no port is given in nat area, take target host port
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
-
- #check if given nat port is already used by another dnatrule
- if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'updatefwrule'} ne 'on'){
- foreach my $id (sort keys %confignatfw){
- if ($fwdfwsettings{'dnatport'} eq $confignatfw{$id}[30]){
- $errormessage=$Lang::tr{'fwdfw natport used'}."<br>";
- }
- }
- }
-
- #check if port given in nat area is a single valid port
+ #check if port given in nat area is a single valid port or portrange
if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
$tooltip='REJECT';
$rulecolor=$color{'color16'};
}
- if($$hash{$key}[28] eq 'ON'){
- print"<td bgcolor='$color' align='center' width='20'></td>";
- $rulecolor=$color;
- }else{
- print"<td bgcolor='$rulecolor' align='center' width='20'><span title='$tooltip'><b>$ruletype</b></span></td>";
- }
+ print"<td bgcolor='$rulecolor' align='center' width='20'><span title='$tooltip'><b>$ruletype</b></span></td>";
&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
print"<td align='center' width='160' $tdcolor>";
if ($$hash{$key}[3] eq 'std_net_src'){
'fwdfw rules' => 'Rules',
'fwdfw rule action' => 'Rule action:',
'fwdfw rule activate' => 'Activate rule',
-'fwdfw rulepos' => 'Ruleposition',
+'fwdfw rulepos' => 'Rule position',
'fwdfw snat' => 'SNAT (replace the addresse(s) from SOURCE with this address)',
'fwdfw source' => 'Source',
'fwdfw sourceip' => 'Source address (MAC, IP or Network):',
'fwhost ovpn_n2n' => 'OpenVPN N-2-N',
'fwhost port' => 'Port(s)',
'fwhost prot' => 'Protocol',
-'fwhost reread' => 'Firewallrules need to be updated.',
+'fwhost reread' => 'Firewall rules need to be updated.',
'fwhost reset' => 'Cancel',
'fwhost services' => 'Services',
'fwhost srv_name' => 'Servicename',