From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 5 Apr 2014 15:09:56 +0000 (+0200)
Subject: firewall: Fix using aliases.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=085a20ec8bc05b58244bf05d9589e9a1ed3a5265

firewall: Fix using aliases.

Fix coding errors, actually read aliases configuration
and fall back to default RED IP address if no suitable
alias was found.
---

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index ae2a46228..9f546a9ef 100755
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -64,6 +64,7 @@ my $netsettings		= "${General::swroot}/ethernet/settings";
 &General::readhasharray("$configipsec", \%ipsecconf);
 &General::readhasharray("$configsrv", \%customservice);
 &General::readhasharray("$configsrvgrp", \%customservicegrp);
+&General::get_aliases(\%aliases);
 
 sub get_srv_prot
 {
@@ -388,9 +389,9 @@ sub get_address
 
 		# Aliases
 		} else {
-			my %alias = &get_alias($value);
-			if (%alias) {
-				push(@ret, $alias{"IPT"});
+			my $alias = &get_alias($value);
+			if ($alias) {
+				push(@ret, $alias);
 			}
 		}
 
@@ -423,12 +424,12 @@ sub get_alias
 
 	foreach my $alias (sort keys %aliases) {
 		if ($id eq $alias) {
-			return $aliases{$alias};
+			return $aliases{$alias}{"IPT"};
 		}
 	}
 }
-sub get_nat_address
-{
+
+sub get_nat_address {
 	my $zone = shift;
 	my $source = shift;
 
@@ -451,15 +452,20 @@ sub get_nat_address
 	} elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
 		return $netsettings{$zone . "_ADDRESS"};
 
-	} elsif ($zone eq "Default IP") {
+	} elsif ($zone ~~ ["Default IP", "ALL"]) {
 		return &get_external_address();
 
 	} else {
-		return &get_alias($zone);
+		my $alias = &get_alias($zone);
+		unless ($alias) {
+			$alias = &get_external_address();
+		}
+		return $alias;
 	}
 
 	print_error("Could not find NAT address");
 }
+
 sub get_internal_firewall_ip_addresses
 {
 	my $use_orange = shift;
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index a0bc32c96..dae2d5269 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -53,7 +53,6 @@ my %customgrp=();
 my %configinputfw=();
 my %configoutgoingfw=();
 my %confignatfw=();
-my %aliases=();
 my @p2ps=();
 
 my $configfwdfw		= "${General::swroot}/firewall/config";
@@ -69,7 +68,6 @@ my $netsettings		= "${General::swroot}/ethernet/settings";
 &General::readhasharray($configinput, \%configinputfw);
 &General::readhasharray($configoutgoing, \%configoutgoingfw);
 &General::readhasharray($configgrp, \%customgrp);
-&General::get_aliases(\%aliases);
 
 my @log_limit_options = &make_log_limit_options();