From: Alexander Marx Date: Fri, 18 Jan 2013 07:35:25 +0000 (+0100) Subject: Forward Firewall: added converters for old exaccess rules and old rules from outgoing... X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=27f4a6b159d9b040feffa8b06784fc71965fac2e Forward Firewall: added converters for old exaccess rules and old rules from outgoingfw and old firewallgroups. Also fixed a Bug: Day SUN was not checked when in rule-edit mode --- diff --git a/config/forwardfw/convert-outgoingfw b/config/forwardfw/convert-outgoingfw new file mode 100644 index 000000000..282a017e4 --- /dev/null +++ b/config/forwardfw/convert-outgoingfw @@ -0,0 +1,525 @@ +#!/usr/bin/perl + + +require '/var/ipfire/general-functions.pl'; +use Socket; + +my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/"; +my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/"; +my $outgoingrules = "${General::swroot}/outgoing/rules"; +my $outfwsettings = "${General::swroot}/outgoing/settings"; +my $host = "Converted "; +my $confighosts = "${General::swroot}/fwhosts/customhosts"; +my $confignets = "${General::swroot}/fwhosts/customnetworks"; +my $configgroups = "${General::swroot}/fwhosts/customgroups"; +my $ovpnsettings = "${General::swroot}/ovpn/settings"; +my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig"; +my $ccdconfig = "${General::swroot}/ovpn/ccd.conf"; +my $fwdfwconfig = "${General::swroot}/forward/config"; +my $fwdfwsettings = "${General::swroot}/forward/settings"; +my @ipgroups = qx(ls $ipgrouppath); +my @macgroups = qx(ls $macgrouppath); +my @hostarray=(); +my %outsettings=(); +my %hosts=(); +my %nets=(); +my %groups=(); +my %settingsovpn=(); +my %configovpn=(); +my %ccdconf=(); +my %fwconf=(); +my %fwdsettings=(); +&General::readhash($outfwsettings,\%outsettings); + + +&process_groups; +&process_rules; + + + +sub process_groups +{ + if(! -d "/var/log/firewall"){ mkdir("/var/log/firewall");} + if( -f "/var/log/firewall/ip-convert.log"){unlink ("/var/log/firewall/ip-convert.log");} + open (LOG, ">/var/log/firewall/ip-convert.log") or die $!; + #IP Group processing + foreach my $group (@ipgroups){ + chomp $group; + open (DATEI, "<$ipgrouppath/$group"); + my @zeilen = ; + foreach my $ip (@zeilen){ + chomp($ip); + $ip =~ s/\s//gi; + my $val=&check_ip($ip); + if($val){ + push(@hostarray,$val.",ip"); + } + else{ + print LOG "-> IP \"$ip\" from group $group not converted (invalid IP) \n"; + } + $val=''; + } + &new_hostgrp($group,'ip'); + @hostarray=(); + } + $group=''; + @zeilen=(); + @hostarray=(); + #MAC Group processing + foreach my $group (@macgroups){ + chomp $group; + open (DATEI, "<$macgrouppath/$group"); + my @zeilen = ; + foreach my $mac (@zeilen){ + chomp($mac); + $mac =~ s/\s//gi; + #MAC checking + if(&General::validmac($mac)){ + $val=$mac; + } + if($val){ + push(@hostarray,$val.",mac"); + } + else{ + print LOG "-> Mac $mac from group $group not converted (invalid MAC)\n"; + } + $val=''; + } + &new_hostgrp($group,'mac'); + @hostarray=(); + } + close (LOG); +} +sub check_ip +{ + my $adr=shift; + my $a; + #ip with subnet in decimal + if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){ + $adr=int($1).".".int($2).".".int($3).".".int($4); + my $b = &General::iporsubtodec($5); + $a=$adr."/".$b; + } + if($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $adr=int($1).".".int($2).".".int($3).".".int($4); + if(&General::validip($adr)){ + $a=$adr."/255.255.255.255"; + } + } + if(&General::validipandmask($adr)){ + $a=&General::iporsubtodec($adr); + } + return $a; +} +sub new_hostgrp +{ + &General::readhasharray($confighosts,\%hosts); + &General::readhasharray($confignets,\%nets); + &General::readhasharray($configgroups,\%groups); + my $grp=shift; + my $run=shift; + my $name; #"converted" + my $name2; + my $name3; #custom host/custom net + foreach my $adr (@hostarray){ + if($run eq 'ip'){ + my ($ip,$type) = split(",",$adr); + my ($ippart,$subnet) = split("/",$ip); + my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet); + if($byte4 eq '255'){ + if(!&check_host($ip)){ + my $key = &General::findhasharraykey(\%hosts); + $name="host "; + $name2=$name.$ippart; + $name3="Custom Host"; + $hosts{$key}[0] = $name2; + $hosts{$key}[1] = $type; + $hosts{$key}[2] = $ip; + $hosts{$key}[3] = 1; + }else{ + print LOG "Host (IP) $ip already exists\n"; + } + }elsif($byte4 < '255'){ + if(!&check_net($ippart,$subnet)){ + my $netkey = &General::findhasharraykey(\%nets); + $name="net "; + $name2=$name.$ippart; + $name3="Custom Network"; + $nets{$netkey}[0] = $name2; + $nets{$netkey}[1] = $ippart; + $nets{$netkey}[2] = $subnet; + $nets{$netkey}[3] = 1; + }else{ + print LOG "Network $ippart already exists\n"; + } + } + if($name2){ + my $grpkey = &General::findhasharraykey(\%groups); + $groups{$grpkey}[0] = $grp; + $groups{$grpkey}[1] = ''; + $groups{$grpkey}[2] = $name2; + $groups{$grpkey}[3] = $name3; + $groups{$grpkey}[4] = 0; + } + }elsif($run eq 'mac'){ + #MACRUN + my ($mac,$type) = split(",",$adr); + if(!&check_host($mac)){ + my $key = &General::findhasharraykey(\%hosts); + $name="host "; + $name2=$name.$mac; + $name3="Custom Host"; + $hosts{$key}[0] = $name2; + $hosts{$key}[1] = $type; + $hosts{$key}[2] = $mac; + $hosts{$key}[3] = 1; + }else{ + print LOG "Host (MAC) $mac already exists\n"; + } + if($name2){ + my $grpkey = &General::findhasharraykey(\%groups); + $groups{$grpkey}[0] = $grp; + $groups{$grpkey}[1] = ''; + $groups{$grpkey}[2] = $name2; + $groups{$grpkey}[3] = $name3; + $groups{$grpkey}[4] = 0; + } + } + } + &General::writehasharray($confighosts,\%hosts); + &General::writehasharray($configgroups,\%groups); + &General::writehasharray($confignets,\%nets); +} +sub check_host +{ + my $ip=shift; + foreach my $key (sort keys %hosts) + { + if($hosts{$key}[2] eq $ip) + { + return 1; + } + } + return 0; +} +sub check_net +{ + my $ip=shift; + my $sub=shift; + foreach my $key (sort keys %nets) + { + if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub) + { + return 1; + } + } + return 0; +} +sub check_grp +{ + my $grp=shift; + my $value=shift; + foreach my $key (sort keys %groups) + { + if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value) + { + return 1; + } + } + return 0; +} +sub process_rules +{ + print "Outgoing ist im Mode $outsettings{'POLICY'}\n"; + &General::readhash($fwdfwsettings,\%fwdsettings); + if($fwdsettings{'POLICY'} ne $outsettings{'POLICY'}){ + $fwdsettings{'POLICY'}=$outsettings{'POLICY'}; + &General::writehash($fwdfwsettings,\%fwdsettings); + } + #open LOG + if( -f "/var/log/firewall/rule-convert.log"){unlink ("/var/log/firewall/rule-convert.log");} + open (LOG, ">/var/log/firewall/rule-convert.log") or die $!; + + my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to); + if ($outsettings{'POLICY'} eq 'MODE1'){ + $type='ALLOW'; + $action='ACCEPT'; + }elsif($outsettings{'POLICY'} eq 'MODE2'){ + $type='DENY'; + $action='DROP'; + }else{ + return; + } + open (DATEI, "<$outgoingrules"); + my @lines = ; + foreach my $rule (@lines) + { + chomp($rule); + print LOG "processing: $rule\n"; + print "$rule\n"; + my @configline = split( /\;/, $rule ); + my @prot=(); + if($configline[0] eq $type){ + #some variables we can use from old config + if($configline[1] eq 'on'){ $active='ON';}else{$active='';} + if($configline[3] eq 'all'){ + push(@prot,"tcp"); + push(@prot,"udp"); + $useport='ON'; + $grp3='TGT_PORT'; + + }else{ + push(@prot,$configline[3]); + $useport='ON'; + $grp3='TGT_PORT'; + } + if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';} + if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';} + + if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){ + if($configline[17] eq '00:00' && $configline[18] eq '00:00'){ + $time=''; + }else{ + $time='ON'; + } + }else{ + $time='ON'; + } + $time_mon=$configline[10]; + $time_tue=$configline[11]; + $time_wed=$configline[12]; + $time_thu=$configline[13]; + $time_fri=$configline[14]; + $time_sat=$configline[15]; + $time_sun=$configline[16]; + $time_from=$configline[17]; + $time_to=$configline[18]; + ############################################################ + #sourcepart + if ($configline[2] eq 'green') { + $grp1='std_net_src'; + $source='GREEN'; + }elsif ($configline[2] eq 'orange') { + $grp1='std_net_src'; + $source='ORANGE'; + }elsif ($configline[2] eq 'red') { + print LOG "-> Rule not converted, is an outgoing rule.Please put it manually in /etc/sysconfig/firewall.local \n"; + next; + }elsif ($configline[2] eq 'blue') { + $grp1='std_net_src'; + $source='BLUE'; + }elsif ($configline[2] eq 'ipsec') { + print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n"; + next; + }elsif ($configline[2] eq 'ovpn') { + &build_ovpn_grp; + }elsif ($configline[2] eq 'ip') { + my $z=&check_ip($configline[5]); + if($z){ + $grp1='src_addr'; + $source=$z; + }else{ + print LOG "-> Rule not converted, missing/invalid source ip \"$configline[5]\"\n"; + next; + } + }elsif ($configline[2] eq 'mac') { + if(&General::validmac($configline[6])){ + $grp1='src_addr'; + $source=$configline[6]; + }else{ + print LOG"-> Rule not converted, invalid MAC \"$configline[6]\" \n"; + next; + } + }elsif ($configline[2] eq 'all') { + $grp1='std_net_src'; + $source='ALL'; + }else{ + #&General::readhasharray($configgroups,\%groups); + foreach my $key (sort keys %groups){ + if($groups{$key}[0] eq $configline[2]){ + $grp1='cust_grp_src'; + $source=$configline[2]; + } + } + if ($grp1 eq '' || $source eq ''){ + print LOG "-> Rule not converted, no valid source recognised\n"; + } + } + ############################################################ + #destinationpart + if($configline[7] ne ''){ + my $address=&check_ip($configline[7]); + if($address){ + $grp2='tgt_addr'; + $target=$address; + }elsif(!$address){ + my $getwebsiteip=&get_ip_from_domain($configline[7]); + if ($getwebsiteip){ + $grp2='tgt_addr'; + $target=$getwebsiteip; + }else{ + print LOG "-> Rule not converted, invalid domain \"$configline[7]\"\n"; + next; + } + } + }else{ + $grp2='std_net_tgt'; + $target='ALL'; + } + if($configline[8] ne ''){ + if (!($configline[8] =~ /^(\d+)\:(\d+)$/)) { + if(&General::validport($configline[8])){ + $useport='ON'; + $port=$configline[8]; + $grp3='TGT_PORT'; + }else{ + print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; + next; + } + }else{ + my ($a1,$a2) = split(/\:/,$configline[8]); + if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){ + $useport='ON'; + $port=$configline[8]; + $grp3='TGT_PORT'; + }else{ + print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; + next; + } + } + } + }else{ + print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n"; + } + &General::readhasharray($fwdfwconfig,\%fwconfig); + my $check; + foreach my $protocol (@prot){ + $protocol=uc($protocol); + print"0:$action 1:FORWARDFW 2:$active 3:$grp1 4:$source 5:$grp2 6:$target 7:src_srv(leer) 8:srcprot(leer) 9:icmp(leer) 10:srcport(leer) 11:$useport 12:$protocol 13:icmp(leer) 14:$grp3 15:$port 16:$remark 17:$log 18:$time 19:$time_mon 20:$time_tue 21:$time_wed 22:$time_thu 23:$time_fri 24:$time_sat 25:$time_sun 26:$time_from 27:$time_to\n\n"; + print LOG "-> Converted: $action,FORWARDFW,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n"; + #Put rules into system.... + ########################### + + #check for double rules + foreach my $key (sort keys %fwconfig){ + if("$action,FORWARDFW,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to" + eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){ + $check='on'; + next; + } + } + if($check ne 'on'){ + #increase groupcounter + my $check1; + if($grp1 eq 'cust_grp_src'){ + foreach my $key (sort keys %groups){ + if($groups{$key}[0] eq $source){ + $groups{$key}[4]++; + $check1='on'; + } + } + if($check1 eq 'on'){ + print" schreibe in gruppe\n"; + &General::writehasharray($configgroups,\%groups); + } + } + print"SCHREIBE REGEL!\n"; + my $key = &General::findhasharraykey(\%fwconfig); + $fwconfig{$key}[0] = $action; + $fwconfig{$key}[1] = "FORWARDFW"; + $fwconfig{$key}[2] = $active; + $fwconfig{$key}[3] = $grp1; + $fwconfig{$key}[4] = $source; + $fwconfig{$key}[5] = $grp2; + $fwconfig{$key}[6] = $target; + $fwconfig{$key}[11] = $useport; + $fwconfig{$key}[12] = $protocol; + $fwconfig{$key}[14] = $grp3; + $fwconfig{$key}[15] = $port; + $fwconfig{$key}[16] = $remark; + $fwconfig{$key}[17] = $log; + $fwconfig{$key}[18] = $time; + $fwconfig{$key}[19] = $time_mon; + $fwconfig{$key}[20] = $time_tue; + $fwconfig{$key}[21] = $time_wed; + $fwconfig{$key}[22] = $time_thu; + $fwconfig{$key}[23] = $time_fri; + $fwconfig{$key}[24] = $time_sat; + $fwconfig{$key}[25] = $time_sun; + $fwconfig{$key}[26] = $time_from; + $fwconfig{$key}[27] = $time_to; + } + } + &General::writehasharray($fwdfwconfig,\%fwconfig); + system("/usr/local/bin/forwardfwctrl"); + @prot=(); + } + close(LOG); + @lines=(); +} +sub get_ip_from_domain +{ + $web=shift; + my $resolvedip; + my $checked; + my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web); + if(@addrs){ + $resolvedip=inet_ntoa($addrs[0]); + return $resolvedip; + } + return; +} +sub build_ovpn_grp +{ + &General::readhasharray($confighosts,\%hosts); + &General::readhasharray($confignets,\%nets); + &General::readhasharray($configgroups,\%groups); + &General::readhasharray($ovpnconfig,\%configovpn); + &General::readhasharray($ccdconfig,\%ccdconf); + &General::readhash($ovpnsettings,\%settingsovpn); + #get ovpn nets + my @ovpnnets=(); + if($settingsovpn{'DOVPN_SUBNET'}){ + my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'}); + push (@ovpnnets,"$net,$subnet,dynamic"); + } + foreach my $key (sort keys %ccdconf){ + my ($net,$subnet)=split("/",$ccdconf{$key}[1]); + $subnet=&General::iporsubtodec($subnet); + push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]"); + } + foreach my $key (sort keys %configovpn){ + if ($configovpn{$key}[3] eq 'net'){ + my ($net,$subnet)=split("/",$configovpn{$key}[27]); + push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]"); + } + } + #add ovpn nets to customnetworks/groups + foreach my $line (@ovpnnets){ + my ($net,$subnet,$name) = split(",",$line); + if (!&check_net($net,$subnet)){ + my $netkey = &General::findhasharraykey(\%nets); + $name2=$name."(ovpn)".$net; + $name3="Custom Network"; + $nets{$netkey}[0] = $name2; + $nets{$netkey}[1] = $net; + $nets{$netkey}[2] = $subnet; + $nets{$netkey}[3] = 1; + }else{ + print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n"; + } + if($name2){ + my $grpkey = &General::findhasharraykey(\%groups); + $groups{$grpkey}[0] = "ovpn"; + $groups{$grpkey}[1] = ''; + $groups{$grpkey}[2] = $name2; + $groups{$grpkey}[3] = "Custom Network"; + $groups{$grpkey}[4] = 0; + } + $name2=''; + } + @ovpnnets=(); + &General::writehasharray($confighosts,\%hosts); + &General::writehasharray($configgroups,\%groups); + &General::writehasharray($confignets,\%nets); +} diff --git a/config/forwardfw/convert-xtaccess b/config/forwardfw/convert-xtaccess new file mode 100644 index 000000000..3db7da65e --- /dev/null +++ b/config/forwardfw/convert-xtaccess @@ -0,0 +1,111 @@ +#!/usr/bin/perl +my @current=(); +my @alias=(); +my %configinputfw=(); +require '/var/ipfire/general-functions.pl'; +my $xtaccessconfig = "${General::swroot}/xtaccess/config"; +my $inputfwconfig = "${General::swroot}/forward/input"; +my $aliasconfig = "${General::swroot}/ethernet/aliases"; +my $field0='ACCEPT'; +my $field1='INPUTFW'; +my $field2=''; #ON or emtpy +my $field3=''; #std_net_src or src_addr +my $field4=''; #ALL or IP-Address with /32 +my $field5='ipfire'; +my $field6=''; #Default IP or alias name +my $field11='ON'; #use target port +my $field12=''; #TCP or UDP +my $field13='All ICMP-Types'; +my $field14='TGT_PORT'; +my $field15=''; #Port Number +my $field16=''; #remark +my $field26='00:00'; +my $field27='00:00'; +open(FILE, $xtaccessconfig) or die 'Unable to open config file.'; +my @current = ; +close(FILE); +open(FILE1, $aliasconfig) or die 'Unable to open config file.'; +my @alias = ; +close(FILE1); +&General::readhasharray($inputfwconfig,\%configinputfw); + +foreach my $line (@current){ + my ($a,$b,$c,$d,$e,$f) = split (",",$line); + $e =~ s/\R//g; + if ($f gt ''){ + $f =~ s/\R//g; + $field16=$f; + } + #active or not + $field2=uc($d); + #get protocol + if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';} + #check source address + if ($b eq '0.0.0.0/0'){ + $field3='std_net_src'; + $field4='ALL'; + }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $field3='src_addr'; + $field4=$b."/32"; + }elsif ($b =~ /^(.*?)\/(.*?)$/) { + $field3='src_addr'; + $field4=$b; + }else{ + print "Regel konnte nicht konvertiert werden!\n"; + } + #check ipfire address + if ($e eq '0.0.0.0'){ + $field6 = 'Default IP'; + }else{ + foreach my $line (@alias){ + my ($ip,$state,$aliasname) = split (",",$line); + if ($ip eq $e){ + $aliasname =~ s/\R//g; + $field6 = $aliasname; + } + } + } + #get target port + $c=~ s/\R//g; + $c=~ tr/-/:/; + if ($c =~ /^(\D)\:(\d+)$/) { + $c = "1:$2"; + } + if ($c =~ /^(\d+)\:(\D)$/) { + $c = "$1:65535"; + } + $field15=$c; + #Ausgabe + #print "0:$field0 1:$field1 2:$field2 3:$field3 4:$field4 5:$field5 6:$field6 11:$field11 12:$field12 13:$field13 14:$field14 15:$field15 16:$field16 26:$field26 27:$field27\n"; + my $key = &General::findhasharraykey (\%configinputfw); + foreach my $i (0 .. 27) { $configinputfw{$key}[$i] = "";} + $configinputfw{$key}[0] = $field0; + $configinputfw{$key}[1] = $field1; + $configinputfw{$key}[2] = $field2; + $configinputfw{$key}[3] = $field3; + $configinputfw{$key}[4] = $field4; + $configinputfw{$key}[5] = $field5; + $configinputfw{$key}[6] = $field6; + $configinputfw{$key}[7] = ''; + $configinputfw{$key}[8] = ''; + $configinputfw{$key}[9] = ''; + $configinputfw{$key}[10] = ''; + $configinputfw{$key}[11] = $field11; + $configinputfw{$key}[12] = $field12; + $configinputfw{$key}[13] = $field13; + $configinputfw{$key}[14] = $field14; + $configinputfw{$key}[15] = $field15; + $configinputfw{$key}[16] = $field16; + $configinputfw{$key}[17] = ''; + $configinputfw{$key}[18] = ''; + $configinputfw{$key}[19] = ''; + $configinputfw{$key}[20] = ''; + $configinputfw{$key}[21] = ''; + $configinputfw{$key}[22] = ''; + $configinputfw{$key}[23] = ''; + $configinputfw{$key}[24] = ''; + $configinputfw{$key}[25] = ''; + $configinputfw{$key}[26] = $field26; + $configinputfw{$key}[27] = $field27; + &General::writehasharray($inputfwconfig,\%configinputfw); +} diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 4755f07f0..f772be335 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -110,6 +110,8 @@ usr/local/bin/update-lang-cache #usr/sbin usr/sbin/ovpn-ccd-convert usr/sbin/firewall-forward-policy +usr/sbin/convert-xtaccess +usr/sbin/convert-outgoingfw #usr/share #usr/share/doc #usr/share/doc/licenses diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 8e1100b45..8fae77123 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -192,6 +192,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; }else{ + #FORWARD PART $fwdfwsettings{'chain'} = 'FORWARDFW'; if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){ #check if we have an identical rule already @@ -798,7 +799,7 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; } #check if source and target identical - if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){ + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){ $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } @@ -1349,7 +1350,7 @@ END - +