Forward Firewall: added checks if manual ip (src/tgt) is part of a OpenVPN to colour...

author Alexander Marx <amarx@ipfire.org>

Thu, 13 Jun 2013 08:17:18 +0000 (10:17 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Fri, 9 Aug 2013 12:15:28 +0000 (14:15 +0200)
author Alexander Marx <amarx@ipfire.org>
Thu, 13 Jun 2013 08:17:18 +0000 (10:17 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:15:28 +0000 (14:15 +0200)
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi

index 22b0d407c4e6358a1826bba68f093b59be625a3b..7ea7d62eababaf1e62f197f172a253c8e7088592 100755 (executable)
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -78,7 +78,7 @@ my %aliases=();
  my %optionsfw=();
  my %ifaces=();
  
  my %optionsfw=();
  my %ifaces=();
  
-my $VERSION='0.9.9.7';
+my $VERSION='0.9.9.8';
  my $color;
  my $confignet          = "${General::swroot}/fwhosts/customnetworks";
  my $confighost         = "${General::swroot}/fwhosts/customhosts";
  my $color;
  my $confignet          = "${General::swroot}/fwhosts/customnetworks";
  my $confighost         = "${General::swroot}/fwhosts/customhosts";
@@ -693,14 +693,15 @@ sub checksource
                                 $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
                                 return $errormessage;
                         }
                                 $errormessage=$Lang::tr{'fwhost err hostip'}."<br>";
                                 return $errormessage;
                         }
-                       #check if the ip is part of an existing openvpn client/net or ipsec network
-                       #if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
-                       if (! &checkvpn($ip)){
-                               $errormessage=$Lang::tr{'fwdfw err srcovpn'};
-                               return $errormessage;
-                       }else{
-                               $fwdfwsettings{'src_addr'}="$ip/$subnet";
-                       }
+                       ##check if the ip is part of an existing openvpn client/net or ipsec network
+                       ##if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
+                       #if (! &checkvpn($ip)){
+                               #$errormessage=$Lang::tr{'fwdfw err srcovpn'};
+                               #return $errormessage;
+                       #}else{
+                               #$fwdfwsettings{'src_addr'}="$ip/$subnet";
+                       #}
+                       $fwdfwsettings{'src_addr'}="$ip/$subnet";
                         if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
                                 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
                                 return $errormessage;
                         if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
                                 $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
                                 return $errormessage;
@@ -836,14 +837,15 @@ sub checktarget
                 #check and form valid IP
                 $ip=&General::ip2dec($ip);
                 $ip=&General::dec2ip($ip);
                 #check and form valid IP
                 $ip=&General::ip2dec($ip);
                 $ip=&General::dec2ip($ip);
-               #check if the ip is part of an existing openvpn client/net or ipsec network
-               #if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
-               if (! &checkvpn($ip)){
-                       $errormessage=$Lang::tr{'fwdfw err tgtovpn'};
-                       return $errormessage;
-               }else{
-                       $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
-               }
+               ##check if the ip is part of an existing openvpn client/net or ipsec network
+               ##if this is the case, generate errormessage to make the user use the dropdowns instead of using manual ip's
+               #if (! &checkvpn($ip)){
+                       #$errormessage=$Lang::tr{'fwdfw err tgtovpn'};
+                       #return $errormessage;
+               #}else{
+                       #$fwdfwsettings{'tgt_addr'}="$ip/$subnet";
+               #}
+               $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
                 if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
                         $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
                         return $errormessage;
                 if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
                         $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
                         return $errormessage;
@@ -1534,6 +1536,25 @@ sub getcolor
                                 $tdcolor="style='border: 1px solid $Header::colourovpn;'";
                                 return;
                         }
                                 $tdcolor="style='border: 1px solid $Header::colourovpn;'";
                                 return;
                         }
+                       #Check if IP is part of OpenVPN static subnet
+                       foreach my $key (sort keys %ccdnet){
+                               my ($a,$b) = split("/",$ccdnet{$key}[1]);
+                               $b =&General::iporsubtodec($b);
+                               if (&General::IpInSubnet($c,$a,$b)){
+                                       $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+                                       return;
+                               }
+                       }
+                       #Check if IP is part of OpenVPN N2N subnet
+                       foreach my $key (sort keys %ccdhost){
+                               if ($ccdhost{$key}[3] eq 'net'){
+                                       my ($a,$b) = split("/",$ccdhost{$key}[11]);
+                                       if (&General::IpInSubnet($c,$a,$b)){
+                                               $tdcolor="style='border: 1px solid $Header::colourovpn;'";
+                                               return;
+                                       }
+                               }
+                       }
                         #Check if IP is part of IPsec RW network
                         if ($ipsecsettings{'RW_NET'} ne ''){
                                 my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
                         #Check if IP is part of IPsec RW network
                         if ($ipsecsettings{'RW_NET'} ne ''){
                                 my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
@@ -2384,6 +2405,8 @@ sub viewtablenew
         &General::get_aliases(\%aliases);
         &General::readhasharray("$confighost", \%customhost);
         &General::readhasharray("$config", $hash);
         &General::get_aliases(\%aliases);
         &General::readhasharray("$confighost", \%customhost);
         &General::readhasharray("$config", $hash);
+       &General::readhasharray("$configccdnet", \%ccdnet);
+       &General::readhasharray("$configccdhost", \%ccdhost);
         if( ! -z $config){
                 &Header::openbox('100%', 'left',$title);
                 my $count=0;
         if( ! -z $config){
                 &Header::openbox('100%', 'left',$title);
                 my $count=0;
author	Alexander Marx <amarx@ipfire.org>
	Thu, 13 Jun 2013 08:17:18 +0000 (10:17 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 9 Aug 2013 12:15:28 +0000 (14:15 +0200)