Forward Firewall: removed NAT table and txt file.
authorAlexander Marx <amarx@ipfire.org>
Wed, 26 Jun 2013 11:30:30 +0000 (13:30 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:15:29 +0000 (14:15 +0200)
config/forwardfw/convert-portfw
config/forwardfw/rules.pl
html/cgi-bin/forwardfw.cgi
src/initscripts/init.d/firewall

index 8ec3c34382dda3d782300e649d46ea51b0490fdd..691cfb429a0a632114d423f43d8ecf1f95c0bd16 100755 (executable)
@@ -2,7 +2,7 @@
 
 ######################################################################## 
 # Script:      convert-portfw
-# Date:                19.03.2013
+# Date:                21.03.2013
 # Author:      Alexander Marx (amarx@ipfire.org)
 ########################################################################
 #
@@ -18,7 +18,7 @@ my @values=();
 my @built_rules=();
 my %nat=();
 my $portfwconfig       = "${General::swroot}/portfw/config";
-my $confignat          = "${General::swroot}/forward/nat";
+my $confignat          = "${General::swroot}/forward/config";
 my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
 my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
 my $count=0;
@@ -94,9 +94,9 @@ sub build_rules
                $active = uc $active;
                $prot   = uc $prot;
                chomp($remark);
-               push (@built_rules,"ACCEPT,NAT_DESTINATION,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
+               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
                my $now=localtime;
-               print LOG "$now    Converted-> KEY: $count ACCEPT,NAT_DESTINATION,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
+               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
        }
 }
 sub write_rules
index b22a67b3c56bb4e57880bd11b54ef9be3b97ef8e..4c220c04faa143fd797908b7d1e8fd365ff35756 100755 (executable)
@@ -173,6 +173,7 @@ sub buildrules
        my $fireport;
        my $nat;
        my $fwaccessdport;
+       my $natchain;
        foreach my $key (sort {$a <=> $b} keys %$hash){
                next if (($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1') && $conexists eq 'off' );
                if ($$hash{$key}[28] eq 'ON'){
@@ -292,17 +293,13 @@ sub buildrules
                                                                                        }
                                                                                        print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
                                                                                }
-                                                                       }elsif($$hash{$key}[28] ne 'ON'){
-                                                                               if ($$hash{$key}[17] eq 'ON'){
-                                                                                       print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
-                                                                               }
-                                                                               print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+                                                                               $natchain='NAT_DESTINATION';
                                                                                if ($$hash{$key}[17] eq 'ON'){
-                                                                                       print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
                                                                                }
                                                                                my ($ip,$sub) =split("/",$targethash{$b}[0]);
-                                                                               print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+                                                                               print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
                                                                                $DPORT =~ s/\-/:/g;
                                                                                if ($DPORT){
                                                                                        $fwaccessdport="--dport ".substr($DPORT,1,);
@@ -314,10 +311,16 @@ sub buildrules
                                                                                                $fwaccessdport="--dport $$hash{$key}[30]";
                                                                                        }
                                                                                }
-                                                                               print "iptables -A PORTFWACCESS $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               next;
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
-                                                                               print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+                                                                               $natchain='NAT_SOURCE';
+                                                                               print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
                                                                        }
+                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                                       print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+                                                                       }
+                                                                       print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                }                               
                                                        }
                                                }
@@ -342,17 +345,13 @@ sub buildrules
                                                                                        }
                                                                                        system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
                                                                                }
-                                                                       }elsif($$hash{$key}[28] ne 'ON'){
-                                                                               if ($$hash{$key}[17] eq 'ON'){
-                                                                                       system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
-                                                                               }
-                                                                               system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+                                                                               $natchain='NAT_DESTINATION';
                                                                                if ($$hash{$key}[17] eq 'ON'){
-                                                                                       system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+                                                                                       system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
                                                                                }
                                                                                my ($ip,$sub) =split("/",$targethash{$b}[0]);
-                                                                               system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
+                                                                               system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
                                                                                $DPORT =~ s/\-/:/g;
                                                                                if ($DPORT){
                                                                                        $fwaccessdport="--dport ".substr($DPORT,1,);
@@ -364,13 +363,16 @@ sub buildrules
                                                                                                $fwaccessdport="--dport $$hash{$key}[30]";
                                                                                        }
                                                                                }
-                                                                               system "iptables -A PORTFWACCESS $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               system "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
+                                                                               next;
                                                                        }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
-                                                                               if ($$hash{$key}[17] eq 'ON'){
-                                                                                       system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
-                                                                               }
-                                                                               system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat  --to $natip$fireport\n";
+                                                                               $natchain='NAT_SOURCE';
+                                                                               system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
+                                                                       }
+                                                                       if ($$hash{$key}[17] eq 'ON'){
+                                                                               system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
                                                                        }
+                                                                       system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
                                                                }                               
                                                        }
                                                }
index 899f226a54771a480edb1eb97f0674bbdf84836f..8068ad3a88f71acef8586aec21e7376b0aab2596 100755 (executable)
@@ -64,7 +64,6 @@ my %ccdhost=();
 my %configfwdfw=();
 my %configinputfw=();
 my %configoutgoingfw=();
-my %confignatfw=();
 my %ipsecconf=();
 my %color=();
 my %mainsettings=();
@@ -90,7 +89,6 @@ my $configipsecrw     = "${General::swroot}/vpn/settings";
 my $configfwdfw                = "${General::swroot}/forward/config";
 my $configinput                = "${General::swroot}/forward/input";
 my $configoutgoing     = "${General::swroot}/forward/outgoing";
-my $confignat          = "${General::swroot}/forward/nat";
 my $configovpn         = "${General::swroot}/ovpn/settings";
 my $fwoptions          = "${General::swroot}/optionsfw/settings";
 my $ifacesettings      = "${General::swroot}/ethernet/settings";
@@ -119,7 +117,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
        &General::readhasharray("$configfwdfw", \%configfwdfw);
        &General::readhasharray("$configinput", \%configinputfw);
        &General::readhasharray("$configoutgoing", \%configoutgoingfw);
-       &General::readhasharray("$confignat", \%confignatfw);
        $errormessage=&checksource;
        if(!$errormessage){&checktarget;}
        if(!$errormessage){&checkrule;}
@@ -139,66 +136,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
        if(     $fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' && $fwdfwsettings{'grp2'} eq 'ipfire'){
                $errormessage.=$Lang::tr{'fwdfw err same'};
        }
-       #NAT-Part
-       if ($fwdfwsettings{'USE_NAT'} eq 'ON'){
-               $fwdfwsettings{'config'}=$confignat;
-               if ($fwdfwsettings{'nat'} eq 'dnat'){
-                       $fwdfwsettings{'chain'} = 'NAT_DESTINATION';
-               }else{
-                       $fwdfwsettings{'chain'} = 'NAT_SOURCE';
-               }
-               my $maxkey=&General::findhasharraykey(\%confignatfw);
-               #check if we have an identical rule already
-               if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
-                       foreach my $key (sort keys %confignatfw){
-                               if ("$confignatfw{$key}[0],$confignatfw{$key}[1],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31]"
-                               eq "$fwdfwsettings{'RULE_ACTION'},NAT_DESTINATION,$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"){
-                                       $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
-                                       if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' ){
-                                               $errormessage='';
-                                       }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
-                                               $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
-                                       }
-                                       if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
-                                               $fwdfwsettings{'nosave'} = 'on';
-                                       }
-                               }
-                       }
-               }
-               
-               #check Rulepos on new Rule
-               if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
-                       $fwdfwsettings{'oldrulenumber'}=$maxkey;
-                       foreach my $key (sort keys %confignatfw){
-                               if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'snatport'},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
-                                       eq "$confignatfw{$key}[0],$confignatfw{$key}[2],$confignatfw{$key}[3],$confignatfw{$key}[4],$confignatfw{$key}[5],$confignatfw{$key}[6],$confignatfw{$key}[7],$confignatfw{$key}[8],$confignatfw{$key}[9],$confignatfw{$key}[10],$confignatfw{$key}[11],$confignatfw{$key}[12],$confignatfw{$key}[13],$confignatfw{$key}[14],$confignatfw{$key}[15],$confignatfw{$key}[17],$confignatfw{$key}[19],$confignatfw{$key}[20],$confignatfw{$key}[21],$confignatfw{$key}[22],$confignatfw{$key}[23],$confignatfw{$key}[24],$confignatfw{$key}[25],$confignatfw{$key}[26],$confignatfw{$key}[27],$confignatfw{$key}[28],$confignatfw{$key}[29],$confignatfw{$key}[30],$confignatfw{$key}[31],$confignatfw{$key}[32]"){
-                                               $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
-                               }
-                       }
-               }
-               #check if we just close a rule
-               if( $fwdfwsettings{'oldgrp1a'} eq  $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq  $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} &&  $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq  $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
-                       if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
-                               $errormessage='';
-                               $fwdfwsettings{'nosave2'} = 'on';
-                       }
-               }
-               &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
-               if ($fwdfwsettings{'nobase'} ne 'on'){
-                       &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
-               }
-               if($fwdfwsettings{'oldusesrv'} eq '' &&  $fwdfwsettings{'USESRV'} eq 'ON'){
-                       &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-               }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
-                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
-               }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
-                       &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-               }
-               if($fwdfwsettings{'nosave2'} ne 'on'){
-                       &saverule(\%confignatfw,$confignat);
-               }       
        #INPUT part
-       }elsif($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+       if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
                $fwdfwsettings{'config'}=$configinput;
                $fwdfwsettings{'chain'} = 'INPUTFW';
                my $maxkey=&General::findhasharraykey(\%configinputfw);
@@ -1933,69 +1872,39 @@ sub saverule
        my $config=shift;
        &General::readhasharray("$config", $hash);
        if (!$errormessage){
-               #check if we change a NAT to a FORWARD
-               if(($fwdfwsettings{'oldruletype'} eq 'NAT_SOURCE' || $fwdfwsettings{'oldruletype'} eq 'NAT_DESTINATION') && $fwdfwsettings{'chain'} eq 'FORWARDFW'){
-                       &changerule($confignat);
-                       #print"1";
-               }
-               #check if we change a NAT to a INPUT (external access)
-               elsif(($fwdfwsettings{'oldruletype'} eq 'NAT_SOURCE' || $fwdfwsettings{'oldruletype'} eq 'NAT_DESTINATION') && $fwdfwsettings{'chain'} eq 'INPUTFW'){
-                       &changerule($confignat);
-                       #print"2";
-               }
-               #check if we change a NAT to a OUTGOING
-               elsif(($fwdfwsettings{'oldruletype'} eq 'NAT_SOURCE' || $fwdfwsettings{'oldruletype'} eq 'NAT_DESTINATION') && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
-                       &changerule($confignat);
-                       #print"3";
-               }
                ################################################################
-               #check if we change an INPUT rule to a NAT
-               elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW'  && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' ||  $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
-                       &changerule($configinput);
-                       #print"4";
-               }
                #check if we change an INPUT rule to a OUTGOING
-               elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW'  && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'  ){
+               if($fwdfwsettings{'oldruletype'} eq 'INPUTFW'  && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'  ){
                        &changerule($configinput);
-                       #print"5";
+                       #print"1";
                }
                #check if we change an INPUT rule to a FORWARD
                elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW'  && $fwdfwsettings{'chain'} eq 'FORWARDFW'  ){
                        &changerule($configinput);
-                       #print"6";
+                       #print"2";
                }
                ################################################################
                #check if we change an OUTGOING rule to an INPUT
                elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW'  && $fwdfwsettings{'chain'} eq 'INPUTFW'  ){
                        &changerule($configoutgoing);
-                       #print"7";
+                       #print"3";
                }
                #check if we change an OUTGOING rule to a FORWARD
                elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW'  && $fwdfwsettings{'chain'} eq 'FORWARDFW'  ){
                        &changerule($configoutgoing);
-                       #print"8";
-               }
-               #check if we change an OUTGOING rule to a NAT
-               elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW'  && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' ||  $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
-                       &changerule($configoutgoing);
-                       #print"9";
+                       #print"4";
                }
                ################################################################
                #check if we change a FORWARD rule to an INPUT
                elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW'  && $fwdfwsettings{'chain'} eq 'INPUTFW'){
                        &changerule($configfwdfw);
-                       #print"10";
+                       #print"5";
                }
                #check if we change a FORWARD rule to an OUTGOING
                elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW'  && $fwdfwsettings{'chain'} eq 'OUTGOINGFW'){
                        &changerule($configfwdfw);
-                       #print"11";
+                       #print"6";
                }
-               #check if we change a FORWARD rule to an NAT
-               elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW'  && ($fwdfwsettings{'chain'} eq 'NAT_SOURCE' ||  $fwdfwsettings{'chain'} eq 'NAT_DESTINATION')){
-                       &changerule($configfwdfw);
-                       #print"12";
-               }               
                if ($fwdfwsettings{'updatefwrule'} ne 'on'){
                        my $key = &General::findhasharraykey ($hash);
                        $$hash{$key}[0]  = $fwdfwsettings{'RULE_ACTION'};
@@ -2026,12 +1935,10 @@ sub saverule
                        $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
                        $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
                        $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
-                       if($fwdfwsettings{'USE_NAT'} eq 'ON'){
-                               $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
-                               $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
-                               $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
-                               $$hash{$key}[31] = $fwdfwsettings{'nat'};
-                       }
+                       $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+                       $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+                       $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+                       $$hash{$key}[31] = $fwdfwsettings{'nat'};
                        &General::writehasharray("$config", $hash);
                }else{
                        foreach my $key (sort {$a <=> $b} keys %$hash){
@@ -2064,12 +1971,10 @@ sub saverule
                                        $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
                                        $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
                                        $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
-                                       if($fwdfwsettings{'USE_NAT'} eq 'ON'){
-                                               $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
-                                               $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
-                                               $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
-                                               $$hash{$key}[31] = $fwdfwsettings{'nat'};
-                                       }
+                                       $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+                                       $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+                                       $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+                                       $$hash{$key}[31] = $fwdfwsettings{'nat'};
                                        last;
                                }
                        }
@@ -2155,7 +2060,6 @@ sub validremark
 sub viewtablerule
 {
        &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
-       &viewtablenew(\%confignatfw,$confignat,"$Lang::tr{'fwdfw rules'}","Portforward / SNAT" );
        &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
        &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
        &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
index 844cbf6d56092689418b2fe3f45da33bf43c844c..2f7577f5107a17cbcdb11908a119c9309c8513b4 100644 (file)
@@ -161,10 +161,6 @@ iptables_init() {
        /sbin/iptables -N FORWARDFW
        /sbin/iptables -A FORWARD -j FORWARDFW
                
-       # PORTFWACCESS chain, used for portforwarding
-       /sbin/iptables -N PORTFWACCESS
-       /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
-       
        # OPenSSL
        /sbin/iptables -N OPENSSLPHYSICAL
        /sbin/iptables -A INPUT -j OPENSSLPHYSICAL