From: Alexander Marx Date: Fri, 28 Dec 2012 07:26:07 +0000 (+0100) Subject: Forward Firewall: added new files X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=2a81ab0d7701a7afd049d3ca5a28dc4e0fbffd20 Forward Firewall: added new files --- diff --git a/config/forwardfw/firewall-lib.pl b/config/forwardfw/firewall-lib.pl new file mode 100644 index 000000000..24b990c77 --- /dev/null +++ b/config/forwardfw/firewall-lib.pl @@ -0,0 +1,252 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + + +use strict; +no warnings 'uninitialized'; + +package fwlib; + +my %customnetwork=(); +my %customhost=(); +my %customgrp=(); +my %customservice=(); +my %customservicegrp=(); +my %ccdnet=(); +my %ccdhost=(); +my %ipsecconf=(); +my %ipsecsettings=(); +my %netsettings=(); +my %ovpnsettings=(); + +require '/var/ipfire/general-functions.pl'; + +my $confignet = "${General::swroot}/fwhosts/customnetworks"; +my $confighost = "${General::swroot}/fwhosts/customhosts"; +my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configsrv = "${General::swroot}/fwhosts/customservices"; +my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; +my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; +my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; +my $configipsec = "${General::swroot}/vpn/config"; +my $configovpn = "${General::swroot}/ovpn/settings"; +my $val; +my $field; + +&General::readhash("/var/ipfire/ethernet/settings", \%netsettings); +&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); +&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings); + + +&General::readhasharray("$confignet", \%customnetwork); +&General::readhasharray("$confighost", \%customhost); +&General::readhasharray("$configgrp", \%customgrp); +&General::readhasharray("$configccdnet", \%ccdnet); +&General::readhasharray("$configccdhost", \%ccdhost); +&General::readhasharray("$configipsec", \%ipsecconf); +&General::readhasharray("$configsrv", \%customservice); +&General::readhasharray("$configsrvgrp", \%customservicegrp); + +sub get_srv_prot +{ + my $val=shift; + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $val){ + if ($customservice{$key}[0] eq $val){ + return $customservice{$key}[2]; + } + } + } +} +sub get_srvgrp_prot +{ + my $val=shift; + my @ips=(); + my $tcp; + my $udp; + my $icmp; + foreach my $key (sort keys %customservicegrp){ + if($customservicegrp{$key}[0] eq $val){ + if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ + $tcp=1; + }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ + $udp=1; + }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){ + $icmp=1; + } + } + } + if ($tcp eq '1'){push (@ips,'TCP');} + if ($udp eq '1'){push (@ips,'UDP');} + if ($icmp eq '1'){push (@ips,'ICMP');} + my $back=join(",",@ips); + return $back; + +} + + +sub get_srv_port +{ + my $val=shift; + my $field=shift; + my $prot=shift; + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $val){ + if($customservice{$key}[2] eq $prot){ + return $customservice{$key}[$field]; + } + } + } +} +sub get_srvgrp_port +{ + my $val=shift; + my $prot=shift; + my $back; + my $value; + my @ips=(); + foreach my $key (sort keys %customservicegrp){ + if($customservicegrp{$key}[0] eq $val){ + if ($prot ne 'ICMP'){ + $value=&get_srv_port($customservicegrp{$key}[2],1,$prot); + }elsif ($prot eq 'ICMP'){ + $value=&get_srv_port($customservicegrp{$key}[2],3,$prot); + } + push (@ips,$value) if ($value ne '') ; + } + } + if($prot ne 'ICMP'){ + if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";} + }elsif ($prot eq 'ICMP'){ + $back="--icmp-type "; + } + + $back.=join(",",@ips); + return $back; +} +sub get_ipsec_net_ip +{ + my $val=shift; + my $field=shift; + foreach my $key (sort keys %ipsecconf){ + if($ipsecconf{$key}[1] eq $val){ + return $ipsecconf{$key}[$field]; + } + } +} +sub get_ipsec_host_ip +{ + my $val=shift; + my $field=shift; + foreach my $key (sort keys %ipsecconf){ + if($ipsecconf{$key}[1] eq $val){ + return $ipsecconf{$key}[$field]; + } + } +} +sub get_ovpn_n2n_ip +{ + my $val=shift; + my $field=shift; + foreach my $key (sort keys %ccdhost){ + if($ccdhost{$key}[1] eq $val){ + return $ccdhost{$key}[$field]; + } + } +} +sub get_ovpn_host_ip +{ + my $val=shift; + my $field=shift; + foreach my $key (sort keys %ccdhost){ + if($ccdhost{$key}[1] eq $val){ + return $ccdhost{$key}[$field]; + } + } +} +sub get_ovpn_net_ip +{ + + my $val=shift; + my $field=shift; + foreach my $key (sort keys %ccdnet){ + if($ccdnet{$key}[0] eq $val){ + return $ccdnet{$key}[$field]; + } + } +} +sub get_grp_ip +{ + my $val=shift; + my $src=shift; + foreach my $key (sort keys %customgrp){ + if ($customgrp{$key}[0] eq $val){ + &get_address($customgrp{$key}[3],$src); + } + } + +} +sub get_std_net_ip +{ + my $val=shift; + if ($val eq 'ALL'){ + return "0.0.0.0/0.0.0.0"; + }elsif($val eq 'GREEN'){ + return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + }elsif($val eq 'ORANGE'){ + return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; + }elsif($val eq 'BLUE'){ + return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + }elsif($val =~ /OpenVPN/i){ + return "$ovpnsettings{'DOVPN_SUBNET'}"; + }elsif($val =~ /IPsec/i){ + return "$ipsecsettings{'RW_NET'}"; + } +} +sub get_net_ip +{ + my $val=shift; + foreach my $key (sort keys %customnetwork){ + if($customnetwork{$key}[0] eq $val){ + return "$customnetwork{$key}[1]/$customnetwork{$key}[2]"; + } + } +} +sub get_host_ip +{ + my $val=shift; + my $src=shift; + foreach my $key (sort keys %customhost){ + if($customhost{$key}[0] eq $val){ + if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){ + return "-m mac --mac-source $customhost{$key}[2]"; + }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){ + return "$customhost{$key}[2]"; + }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){ + return "$customhost{$key}[2]"; + }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){ + return "none"; + } + } + } +} + +return 1; diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl new file mode 100755 index 000000000..d6bd3c9d6 --- /dev/null +++ b/config/forwardfw/rules.pl @@ -0,0 +1,334 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### +# # +# Hi folks! I hope this code is useful for all. I needed something to handle # +# my VPN Connections in a comfortable way. # +# This script builds firewallrules from the webinterface # +############################################################################### + + +use strict; +no warnings 'uninitialized'; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +my %fwdfwsettings=(); +my %defaultNetworks=(); +my %configfwdfw=(); +my %color=(); +my %icmptypes=(); +my %ovpnSettings=(); +my %customgrp=(); +our %sourcehash=(); +our %targethash=(); +my @timeframe=(); +my %configinputfw=(); +my %aliases=(); +my @DPROT=(); +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/forward/bin/firewall-lib.pl"; + +my $configfwdfw = "${General::swroot}/forward/config"; +my $configinput = "${General::swroot}/forward/input"; +my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $errormessage=''; +my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT); +my $CHAIN="FORWARDFW"; + + +&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); +&General::readhasharray($configfwdfw, \%configfwdfw); +&General::readhasharray($configinput, \%configinputfw); +&General::readhasharray($configgrp, \%customgrp); +&General::get_aliases(\%aliases); + +################################ +# DEBUG/TEST # +################################ +my $MODE=0; # 0 - normal operation + # 1 - print configline and rules to console + # +################################ +my $param=shift; + +if($param eq 'flush'){ + if ($MODE eq '1'){ + print " Flushing chains...\n"; + } + &flush; +}else{ + if ($MODE eq '1'){ + print " Flushing chains...\n"; + } + &flush; + if ($MODE eq '1'){ + print " Preparing rules...\n"; + } + &preparerules; + if($MODE eq '0'){ + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ + system ("iptables -A $CHAIN -j DROP"); + }elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){ + system ("iptables -A $CHAIN -j ACCEPT"); + } + } +} + +sub flush +{ + system ("iptables -F FORWARDFW"); + system ("iptables -F INPUTFW"); +} +sub preparerules +{ + if (! -z "${General::swroot}/forward/config"){ + &buildrules(\%configfwdfw); + } + if (! -z "${General::swroot}/forward/input"){ + &buildrules(\%configinputfw); + } +} +sub buildrules +{ + my $hash=shift; + foreach my $key (sort keys %$hash){ + if($$hash{$key}[2] eq 'ON'){ + #get source ip's + if ($$hash{$key}[3] eq 'cust_grp_src'){ + foreach my $grp (sort keys %customgrp){ + if($customgrp{$grp}[0] eq $$hash{$key}[4]){ + &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src"); + } + } + }else{ + &get_address($$hash{$key}[3],$$hash{$key}[4],"src"); + } + #get target ip's + if ($$hash{$key}[5] eq 'cust_grp_tgt'){ + foreach my $grp (sort keys %customgrp){ + if($customgrp{$grp}[0] eq $$hash{$key}[6]){ + &get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt"); + } + } + }elsif($$hash{$key}[5] eq 'ipfire'){ + + if($$hash{$key}[6] eq 'Default IP'){ + open(FILE, "/var/ipfire/red/local-ipaddress") or die 'Unable to open config file.'; + $targethash{$key}[0]= ; + close(FILE); + }else{ + foreach my $alias (sort keys %aliases){ + if ($$hash{$key}[6] eq $alias){ + $targethash{$key}[0]=$aliases{$alias}{'IPT'}; + } + } + } + }else{ + &get_address($$hash{$key}[5],$$hash{$key}[6],"tgt"); + } + + ##get source prot and port + $SRC_TGT='SRC'; + $SPROT = &get_prot($hash,$key); + $SPORT = &get_port($hash,$key); + $SRC_TGT=''; + + ##get target prot and port + $DPROT=&get_prot($hash,$key); + + if ($DPROT eq ''){$DPROT=' ';} + @DPROT=split(",",$DPROT); + + + #get time if defined + if($$hash{$key}[18] eq 'ON'){ + if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");} + if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");} + if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");} + if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");} + if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");} + if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");} + if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");} + $TIME=join(",",@timeframe); + $TIMEFROM="--timestart $$hash{$key}[26] "; + $TIMETILL="--timestop $$hash{$key}[27] "; + $TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL"; + } + + if ($MODE eq '1'){ + print "NR:$key "; + foreach my $i (0 .. $#{$$hash{$key}}){ + print "$i: $$hash{$key}[$i] "; + } + print "\n"; + print"##################################\n"; + #print rules to console + + foreach my $DPROT (@DPROT){ + $DPORT = &get_port($hash,$key,$DPROT); + if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;} + $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' '); + foreach my $a (sort keys %sourcehash){ + foreach my $b (sort keys %targethash){ + if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){ + if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ + if ($$hash{$key}[17] eq 'ON'){ + print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n"; + } + print "iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n"; + } + } + } + } + print"\n"; + } + + }elsif($MODE eq '0'){ + foreach my $DPROT (@DPROT){ + $DPORT = &get_port($hash,$key,$DPROT); + if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;} + $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' '); + foreach my $a (sort keys %sourcehash){ + foreach my $b (sort keys %targethash){ + if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){ + if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ + if ($$hash{$key}[17] eq 'ON'){ + system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG"); + } + system ("iptables -A $$hash{$key}[1] $PROT -s $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]"); + } + } + } + } + print"\n"; + } + } + } + %sourcehash=(); + %targethash=(); + undef $TIME; + undef $TIMEFROM; + undef $TIMETILL; + } +} +sub get_address +{ + my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey + my $base2=shift; + my $type=shift; #src or tgt + my $hash; + if ($type eq 'src'){ + $hash=\%sourcehash; + }else{ + $hash=\%targethash; + } + my $key = &General::findhasharraykey($hash); + if($base eq 'src_addr' || $base eq 'tgt_addr' ){ + $$hash{$key}[0] = $configfwdfw{$key}[4]; + }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){ + $$hash{$key}[0]=&fwlib::get_std_net_ip($base2); + }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){ + $$hash{$key}[0]=&fwlib::get_net_ip($base2); + }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){ + $$hash{$key}[0]=&fwlib::get_host_ip($base2,$type); + }elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){ + $$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1); + }elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){ + $$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33); + }elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){ + $$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,27); + }elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){ + $$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11); + } +} +sub get_prot +{ + my $hash=shift; + my $key=shift; + if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){ + if ($$hash{$key}[10] ne ''){ + return"$$hash{$key}[8]"; + }elsif($$hash{$key}[9] ne ''){ + return"$$hash{$key}[8]"; + }else{ + return "$$hash{$key}[8]"; + } + }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){ + if ($$hash{$key}[14] eq 'TGT_PORT'){ + if ($$hash{$key}[15] ne ''){ + return "$$hash{$key}[12]"; + }elsif($$hash{$key}[13] ne ''){ + return "$$hash{$key}[12]"; + }else{ + return "$$hash{$key}[12]"; + } + }elsif($$hash{$key}[14] eq 'cust_srv'){ + return &fwlib::get_srv_prot($$hash{$key}[15]); + + }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ + return &fwlib::get_srvgrp_prot($$hash{$key}[15]); + } + } +} +sub get_port +{ + my $hash=shift; + my $key=shift; + my $prot=shift; + if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){ + if ($$hash{$key}[10] ne ''){ + return "--sport $$hash{$key}[10] "; + }elsif($$hash{$key}[9] ne ''){ + return "--icmp-type $$hash{$key}[9] "; + } + }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){ + + if($$hash{$key}[14] eq 'TGT_PORT'){ + if ($$hash{$key}[15] ne ''){ + return "--dport $$hash{$key}[15] "; + }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){ + return "--icmp-type $$hash{$key}[13] "; + }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){ + return; + } + }elsif($$hash{$key}[14] eq 'cust_srv'){ + if ($prot ne 'ICMP'){ + return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot); + }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){ + return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot); + }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){ + return; + } + }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ + if ($prot ne 'ICMP'){ + return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot); + } + elsif($prot eq 'ICMP'){ + return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot); + } + + + } + } +} diff --git a/config/fwhosts/icmp-types b/config/fwhosts/icmp-types new file mode 100644 index 000000000..d41cdbfba --- /dev/null +++ b/config/fwhosts/icmp-types @@ -0,0 +1,36 @@ +0,echo-reply (pong),0 +1,destination-unreachable,3 +2,network-unreachable,3/0 +3,host-unreachable,3/1 +4,protocol-unreachable,3/2 +5,port-unreachable,3/3 +6,fragmentation-needed,3/4 +7,source-route-failed,3/5 +8,network-unknown,3/6 +9,host-unknown,3/7 +10,network-prohibited,3/9 +11,host-prohibited,3/10 +12,TOS-network-unreachable,3/11 +13,TOS-host-unreachable,3/12 +14,communication-prohibited,3/13 +15,host-precedence-violation,3/14 +16,precedence-cutoff,3/15 +17,source-quench,4 +18,redirect,5 +19,network-redirect,5/0 +20,host-redirect,5/1 +21,TOS-network-redirect,5/2 +22,TOS-host-redirect,5/3 +23,echo-request (ping),8 +24,router-advertisement,9 +25,router-solicitation,10 +26,time-exceeded (ttl-exceeded),11 +27,ttl-zero-during-transit,11/0 +28,ttl-zero-during-reassembly,11/1 +29,parameter-problem,12 +30,ip-header-bad,12/0 +31,required-option-missing,12/1 +32,timestamp-request,13 +33,timestamp-reply,14 +34,address-mask-request,17 +35,address-mask-reply,18 diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi new file mode 100755 index 000000000..be2f0cfea --- /dev/null +++ b/html/cgi-bin/forwardfw.cgi @@ -0,0 +1,1772 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### +# # +# Hi folks! I hope this code is useful for all. I needed something to handle # +# my VPN Connections in a comfortable way. As a prerequisite i needed # +# something that makes sure the vpn roadwarrior are able to have a fixed # +# ip-address. So i developed the ccd extension for the vpn server. # +# # +# Now that the ccd extension is ready i am able to develop the main request. # +# Any feedback is appreciated. # +# # +# # +############################################################################### + +use strict; +no warnings 'uninitialized'; +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "${General::swroot}/forward/bin/firewall-lib.pl"; + +unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/forward"); } +unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); } +unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } +unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } + +my %fwdfwsettings=(); +my %selected=() ; +my %defaultNetworks=(); +my %netsettings=(); +my %customhost=(); +my %customgrp=(); +my %customnetworks=(); +my %customservice=(); +my %customservicegrp=(); +my %ccdnet=(); +my %customnetwork=(); +my %ccdhost=(); +my %configfwdfw=(); +my %configinputfw=(); +my %ipsecconf=(); +my %color=(); +my %mainsettings=(); +my %checked=(); +my %icmptypes=(); +my %ovpnsettings=(); +my %ipsecsettings=(); +my %aliases=(); +my $color; +my $confignet = "${General::swroot}/fwhosts/customnetworks"; +my $confighost = "${General::swroot}/fwhosts/customhosts"; +my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configsrv = "${General::swroot}/fwhosts/customservices"; +my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; +my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; +my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; +my $configipsec = "${General::swroot}/vpn/config"; +my $configipsecrw = "${General::swroot}/vpn/settings"; +my $configfwdfw = "${General::swroot}/forward/config"; +my $configinput = "${General::swroot}/forward/input"; +my $configovpn = "${General::swroot}/ovpn/settings"; + +my $errormessage=''; +my $hint=''; +my $ipgrp="${General::swroot}/outgoing/groups"; + + +&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +&Header::showhttpheaders(); +&Header::getcgihash(\%fwdfwsettings); +&Header::openpage($Lang::tr{'fwdfw menu'}, 1, ''); +&Header::openbigbox('100%', 'center',$errormessage); +#### ACTION ##### + +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'save'}) +{ + my $MODE = $fwdfwsettings{'POLICY'}; + %fwdfwsettings = (); + $fwdfwsettings{'POLICY'} = "$MODE"; + &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); + &reread_rules; +} +if ($fwdfwsettings{'ACTION'} eq 'saverule') +{ + &General::readhasharray("$configfwdfw", \%configfwdfw); + &General::readhasharray("$configinput", \%configinputfw); + $errormessage=&checksource; + if(!$errormessage){&checktarget;} + if(!$errormessage){&checkrule;} + + #check if we change an forward rule to an external access + if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){ + $fwdfwsettings{'updatefwrule'}=''; + $fwdfwsettings{'config'}=$configfwdfw; + $fwdfwsettings{'nobase'}='on'; + &deleterule; + } + + #check if we change an external access rule to an forward + if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){ + $fwdfwsettings{'updatefwrule'}=''; + $fwdfwsettings{'config'}=$configinput; + $fwdfwsettings{'nobase'}='on'; + &deleterule; + } + + #INPUT part + if($fwdfwsettings{'grp2'} eq 'ipfire'){ + $fwdfwsettings{'chain'} = 'INPUTFW'; + #check if we have an identical rule already + foreach my $key (sort keys %configinputfw){ + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + if ($fwdfwsettings{'nobase'} ne 'on'){ + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + } + + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + + + &saverule(\%configinputfw,$configinput); + + #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; + #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; + #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; + #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; + #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; + #print " Regel LOG: $fwdfwsettings{'LOG'}
"; + #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; + #print " MO: $fwdfwsettings{'TIME_MON'}
"; + #print " DI: $fwdfwsettings{'TIME_TUE'}
"; + #print " MI: $fwdfwsettings{'TIME_WED'}
"; + #print " DO: $fwdfwsettings{'TIME_THU'}
"; + #print " FR: $fwdfwsettings{'TIME_FRI'}
"; + #print " SA: $fwdfwsettings{'TIME_SAT'}
"; + #print " SO: $fwdfwsettings{'TIME_SUN'}
"; + #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; + #print "
"; + #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; + #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; + #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + + + + }else{ + $fwdfwsettings{'chain'} = 'FORWARDFW'; + #check if we have an identical rule already + foreach my $key (sort keys %configfwdfw){ + + if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}" + eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){ + $errormessage.=$Lang::tr{'fwdfw err ruleexists'}; + } + } + #increase counters + &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + + &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}}); + + if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') { + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0); + }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){ + &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + + if ($fwdfwsettings{'nobase'} eq 'on'){ + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); + } + + + &saverule(\%configfwdfw,$configfwdfw); + + #print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; + #print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}
"; + #print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; + #print "Dienst: $fwdfwsettings{'USESRV'}, $fwdfwsettings{'grp3'} -> $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + #print "BEMERKUNG: $fwdfwsettings{'ruleremark'}
"; + #print " Regel AKTIV: $fwdfwsettings{'ACTIVE'}
"; + #print " Regel LOG: $fwdfwsettings{'LOG'}
"; + #print " ZEITRAHMEN: $fwdfwsettings{'TIME'}
"; + #print " MO: $fwdfwsettings{'TIME_MON'}
"; + #print " DI: $fwdfwsettings{'TIME_TUE'}
"; + #print " MI: $fwdfwsettings{'TIME_WED'}
"; + #print " DO: $fwdfwsettings{'TIME_THU'}
"; + #print " FR: $fwdfwsettings{'TIME_FRI'}
"; + #print " SA: $fwdfwsettings{'TIME_SAT'}
"; + #print " SO: $fwdfwsettings{'TIME_SUN'}
"; + #print " VON: $fwdfwsettings{'TIME_FROM'} bis $fwdfwsettings{'TIME_TO'}
"; + #print "
"; + #print"ALT: $fwdfwsettings{'oldgrp1a'} $fwdfwsettings{'oldgrp1b'} NEU: $fwdfwsettings{'grp1'} $fwdfwsettings{$fwdfwsettings{'grp1'}}
"; + #print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}
"; + #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}
"; + + + + } + if ($errormessage){ + &newrule; + }else{ + &rules; + &base; + } + +} +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'}) +{ + &General::readhasharray("$configfwdfw", \%configfwdfw); + foreach my $key (sort keys %configfwdfw){ + &checkcounter($configfwdfw{$key}[3],$configfwdfw{$key}[4],,); + &checkcounter($configfwdfw{$key}[5],$configfwdfw{$key}[6],,); + &checkcounter($configfwdfw{$key}[14],$configfwdfw{$key}[15],,); + } + &General::readhasharray("$configinput", \%configinputfw); + foreach my $key (sort keys %configinputfw){ + &checkcounter($configinputfw{$key}[3],$configinputfw{$key}[4],,); + &checkcounter($configinputfw{$key}[5],$configinputfw{$key}[6],,); + &checkcounter($configinputfw{$key}[14],$configinputfw{$key}[15],,); + } + $fwdfwsettings{'POLICY'}='MODE0'; + system("rm ${General::swroot}/forward/config"); + system("rm ${General::swroot}/forward/input"); + %fwdfwsettings = (); + + &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings); + unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); } + unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); } + + &reread_rules; + +} +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'}) +{ + &newrule; +} +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'}) +{ + my %togglehash=(); + &General::readhasharray($fwdfwsettings{'config'}, \%togglehash); + foreach my $key (sort keys %togglehash){ + if ($key eq $fwdfwsettings{'key'}){ + if ($togglehash{$key}[2] eq 'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';} + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); + &rules; + &base; +} +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) +{ + my %togglehash=(); + &General::readhasharray($fwdfwsettings{'config'}, \%togglehash); + foreach my $key (sort keys %togglehash){ + if ($key eq $fwdfwsettings{'key'}){ + if ($togglehash{$key}[17] eq 'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';} + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); + &rules; + &base; +} +if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'}) +{ + &reread_rules; + &base; +} +if ($fwdfwsettings{'ACTION'} eq 'editrule') +{ + $fwdfwsettings{'updatefwrule'}='on'; + &newrule; +} +if ($fwdfwsettings{'ACTION'} eq 'deleterule') +{ + &deleterule; +} +if ($fwdfwsettings{'ACTION'} eq 'moveup') +{ + &pos_up; + &base; +} +if ($fwdfwsettings{'ACTION'} eq 'movedown') +{ + &pos_down; + &base; +} +if ($fwdfwsettings{'ACTION'} eq 'copyrule') +{ + $fwdfwsettings{'copyfwrule'}='on'; + #$fwdfwsettings{'updatefwrule'}='on'; + &newrule; +} +if ($fwdfwsettings{'ACTION'} eq '') +{ + &base; +} +### Functions #### +sub pos_up +{ + my %uphash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%uphash); + foreach my $key (sort keys %uphash){ + if ($key eq $fwdfwsettings{'key'}) { + my $last = $key -1; + if (exists $uphash{$last}){ + #save rule last + foreach my $y (0 .. $#{$uphash{$last}}) { + $tmp{0}[$y] = $uphash{$last}[$y]; + } + #copy active rule to last + foreach my $i (0 .. $#{$uphash{$last}}) { + $uphash{$last}[$i] = $uphash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $uphash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%uphash); + &rules; +} +sub pos_down +{ + my %downhash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%downhash); + foreach my $key (sort keys %downhash){ + if ($key eq $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $downhash{$next}){ + #save rule next + foreach my $y (0 .. $#{$downhash{$next}}) { + $tmp{0}[$y] = $downhash{$next}[$y]; + } + #copy active rule to next + foreach my $i (0 .. $#{$downhash{$next}}) { + $downhash{$next}[$i] = $downhash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $downhash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%downhash); + &rules; +} +sub checkcounter +{ + my ($base1,$val1,$base2,$val2) = @_; + + if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ + &dec_counter($confignet,\%customnetwork,$val1); + }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ + &dec_counter($confighost,\%customhost,$val1); + }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ + &dec_counter($configgrp,\%customgrp,$val1); + }elsif($base1 eq 'cust_srv'){ + &dec_counter($configsrv,\%customservice,$val1); + }elsif($base1 eq 'cust_srvgrp'){ + &dec_counter($configsrvgrp,\%customservicegrp,$val1); + } + + if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ + &inc_counter($confignet,\%customnetwork,$val2); + }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ + &inc_counter($confighost,\%customhost,$val2); + }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ + &inc_counter($configgrp,\%customgrp,$val2); + }elsif($base2 eq 'cust_srv'){ + &inc_counter($configsrv,\%customservice,$val2); + }elsif($base2 eq 'cust_srvgrp'){ + &inc_counter($configsrvgrp,\%customservicegrp,$val2); + } +} +sub inc_counter +{ + my $config=shift; + my %hash=%{(shift)}; + my $val=shift; + my $pos; + + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]+1; + + } + } + &General::writehasharray($config, \%hash); +} +sub dec_counter +{ + my $config=shift; + my %hash=%{(shift)}; + my $val=shift; + my $pos; + #$errormessage.="ALT:config: $config , verringert wird $val
"; + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]-1; + + } + } + &General::writehasharray($config, \%hash); +} +sub base +{ + + if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; } + if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; } + if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; } + + &hint; + if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') { + &addrule; + } + + #print""; + #foreach (0 .. 40){ + #my $i="color".$_; + #print""; + #} + #print"
$_
"; + &Header::openbox('100%', 'center', 'Policy'); +print < + + + + + +
$Lang::tr{'mode'} 0:$Lang::tr{'outgoing firewall mode0'}
$Lang::tr{'mode'} 1:$Lang::tr{'outgoing firewall mode1'}
$Lang::tr{'mode'} 2:$Lang::tr{'outgoing firewall mode2'}
+ + +END + if ($fwdfwsettings{'POLICY'} ne 'MODE0'&& $fwdfwsettings{'POLICY'} ne '' ) { + print "$Lang::tr{'outgoing firewall reset'}: "; + } +print "
"; + &Header::closebox(); +} +sub addrule +{ + &error; + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); + + print "
"; + print ""; + print ""; + if (-f "${General::swroot}/forward/reread"){ + print ""; + } + print"
"; + + &Header::closebox(); + &viewtablerule; + +} +sub deleterule +{ + my %delhash=(); + &General::readhasharray($fwdfwsettings{'config'}, \%delhash); + foreach my $key (sort keys %delhash){ + if ($key eq $fwdfwsettings{'key'}){ + #check hosts/net and groups + &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); + &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); + #check services and groups + if ($delhash{$key}[11] eq 'ON'){ + &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); + } + } + + if ($key ge $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $delhash{$next}) { + foreach my $i (0 .. $#{$configfwdfw{$next}}) { + $delhash{$key}[$i] = $delhash{$next}[$i]; + } + } + } + } + # Remove the very last entry. + my $last_key = (sort keys %delhash)[-1]; + delete $delhash{$last_key}; + + &General::writehasharray($fwdfwsettings{'config'}, \%delhash); + &rules; + if($fwdfwsettings{'nobase'} ne 'on'){ + &base; + } +} +sub disable_rule +{ + my $key1=shift; + &General::readhasharray("$configfwdfw", \%configfwdfw); + foreach my $key (sort keys %configfwdfw){ + if ($key eq $key1 ){ + if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';} + } + } + &General::writehasharray("$configfwdfw", \%configfwdfw); + &rules; + +} +sub checksource +{ + my ($ip,$subnet); + + #check ip-address if manual + if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} ne ''){ + #check if ip with subnet + if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) { + ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'}); + $subnet = &General::iporsubtocidr($subnet); + } + #check if only ip + if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $ip=$fwdfwsettings{'src_addr'}; + $subnet = '32'; + } + #check and form valid IP + $ip=&General::ip2dec($ip); + $ip=&General::dec2ip($ip); + #check if net or broadcast + my @tmp= split (/\./,$ip); + if (($tmp[3] eq "0") || ($tmp[3] eq "255")) + { + $errormessage=$Lang::tr{'fwhost err hostip'}; + } + $fwdfwsettings{'src_addr'}="$ip/$subnet"; + + if(!&General::validipandmask($fwdfwsettings{'src_addr'})){ + $errormessage.=$Lang::tr{'fwdfw err src_addr'}."
"; + } + }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; + return $errormessage; + } + + #check empty fields + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."
";} + #check icmp source + if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ + $fwdfwsettings{'SRC_PORT'}=''; + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ + $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; + } + } + }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + }else{ + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'PROT'}=''; + } + + if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){ + #change dashes with : + $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/; + + if ($fwdfwsettings{'SRC_PORT'} eq "*") { + $fwdfwsettings{'SRC_PORT'} = "1:65535"; + } + if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) { + $fwdfwsettings{'SRC_PORT'} = "1:$2"; + } + if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) { + $fwdfwsettings{'SRC_PORT'} = "$1:65535"; + } + + $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src'); + } + return $errormessage; +} +sub checktarget +{ + my ($ip,$subnet); + + + if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ + #check if ip with subnet + if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { + ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'}); + $subnet = &General::iporsubtocidr($subnet); + } + #check if only ip + if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $ip=$fwdfwsettings{'tgt_addr'}; + $subnet='32'; + } + #check and form valid IP + $ip=&General::ip2dec($ip); + $ip=&General::dec2ip($ip); + + #check if net or broadcast + my @tmp= split (/\./,$ip); + if (($tmp[3] eq "0") || ($tmp[3] eq "255")) + { + $errormessage=$Lang::tr{'fwhost err hostip'}; + } + $fwdfwsettings{'tgt_addr'}=$ip."/".$subnet; + + if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ + $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; + } + + }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err notgtip'}; + return $errormessage; + } + + #check empty fields + if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} + + #check tgt services + if ($fwdfwsettings{'USESRV'} eq 'ON'){ + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + $fwdfwsettings{'TGT_PROT'}=''; + $fwdfwsettings{'ICMP_TGT'}=''; + } + if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ + $fwdfwsettings{'TGT_PROT'}=''; + $fwdfwsettings{'ICMP_TGT'}=''; + #check target service + if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err tgt_grp'}; + } + } + if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){ + if ($fwdfwsettings{'TGT_PORT'} ne ''){ + #change dashes with : + $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/; + if ($fwdfwsettings{'TGT_PORT'} eq "*") { + $fwdfwsettings{'TGT_PORT'} = "1:65535"; + } + if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) { + $fwdfwsettings{'TGT_PORT'} = "1:$2"; + } + if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) { + $fwdfwsettings{'TGT_PORT'} = "$1:65535"; + } + $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination'); + } + }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + + if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ + + $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; + } + } + } + } + } + + #check targetport + if ($fwdfwsettings{'USESRV'} ne 'ON'){ + $fwdfwsettings{'grp3'}=''; + $fwdfwsettings{$fwdfwsettings{'grp3'}}=''; + $fwdfwsettings{'TGT_PROT'}=''; + $fwdfwsettings{'ICMP_TGT'}=''; + } + + + #check timeframe + if($fwdfwsettings{'TIME'} eq 'ON'){ + if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){ + $errormessage=$Lang::tr{'fwdfw err time'}; + } + } + + + + return $errormessage; +} +sub checkrule +{ + #check valid remark + if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; + } + #check if source and target identical + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){ + $errormessage.=$Lang::tr{'fwdfw err same'}; + return $errormessage; + } + + #get source and targetip address if possible + my ($sip,$scidr,$tip,$tcidr); + ($sip,$scidr)=&get_ip("src","grp1"); + ($tip,$tcidr)=&get_ip("tgt","grp2"); + + + + #check same iprange in source and target + if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ + + my $networkip1=&General::getnetworkip($sip,$scidr); + my $networkip2=&General::getnetworkip($tip,$tcidr); + if ($scidr gt $tcidr){ + if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr)) ){ + $errormessage.=$Lang::tr{'fwdfw err samesub'}; + } + }elsif($scidr eq $tcidr && $scidr eq '32'){ + my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1); + my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2); + if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){ + $hint=$Lang::tr{'fwdfw hint ip1'}."
"; + $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target:$networkip2/$tcidr
"; + } + + }else{ + if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ + $errormessage.=$Lang::tr{'fwdfw err samesub'}; + } + } + } + + #check source and destination protocol if manual + if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ + if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + $errormessage.=$Lang::tr{'fwdfw err prot'}; + } + #check source and destination protocol if source manual and dest servicegrp + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ + if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ + $errormessage.=$Lang::tr{'fwdfw err prot'}; + last; + } + } + } + } + } + +} +sub get_ip +{ + my $val=shift; + my $grp =shift; + my $a; + my $b; + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); + if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){ + if ($fwdfwsettings{$grp} eq $val.'_addr'){ + ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}}); + }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){ + if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){ + $a=$netsettings{'GREEN_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){ + $a=$netsettings{'ORANGE_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){ + $a=$netsettings{'BLUE_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){ + &General::readhash("$configovpn",\%ovpnsettings); + ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'}); + $b=&General::iporsubtocidr($b); + } + }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){ + &General::readhasharray("$confignet", \%customnetwork); + foreach my $key (keys %customnetwork){ + if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ + $a=$customnetwork{$key}[1]; + $b=&General::iporsubtocidr($customnetwork{$key}[2]); + } + } + }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){ + &General::readhasharray("$confighost", \%customhost); + foreach my $key (keys %customhost){ + if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ + if ($customhost{$key}[1] eq 'ip'){ + ($a,$b)=split (/\//,$customhost{$key}[2]); + $b=&General::iporsubtocidr($b); + }else{ + if ($grp eq 'grp2'){ + $errormessage=$Lang::tr{'fwdfw err tgt_mac'}; + } + } + } + } + } + } + + return $a,$b; +} +sub newrule +{ + &error; + &General::setup_default_networks(\%defaultNetworks); + #read all configfiles + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$confignet", \%customnetwork); + &General::readhasharray("$configccdhost", \%ccdhost); + &General::readhasharray("$confighost", \%customhost); + &General::readhasharray("$configccdhost", \%ccdhost); + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$configipsec", \%ipsecconf); + &General::get_aliases(\%aliases); + + + my %checked=(); + my $helper; + if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;} + my $config=$fwdfwsettings{'config'}; + my %hash=(); + + $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; + $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; + $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; + $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED'; + $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED'; + $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; + $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED'; + $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED'; + $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED'; + $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED'; + $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED'; + $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED'; + $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; + $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; + $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; + $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + + #check if update and get values + if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){ + &General::readhasharray("$config", \%hash); + foreach my $key (sort keys %hash){ + if ($key eq $fwdfwsettings{'key'}){ + $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0]; + $fwdfwsettings{'ACTIVE'} = $hash{$key}[2]; + $fwdfwsettings{'grp1'} = $hash{$key}[3]; + $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4]; + $fwdfwsettings{'grp2'} = $hash{$key}[5]; + $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6]; + $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7]; + $fwdfwsettings{'PROT'} = $hash{$key}[8]; + $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9]; + $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10]; + $fwdfwsettings{'USESRV'} = $hash{$key}[11]; + $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12]; + $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13]; + $fwdfwsettings{'grp3'} = $hash{$key}[14]; + $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15]; + $fwdfwsettings{'ruleremark'} = $hash{$key}[16]; + $fwdfwsettings{'LOG'} = $hash{$key}[17]; + $fwdfwsettings{'TIME'} = $hash{$key}[18]; + $fwdfwsettings{'TIME_MON'} = $hash{$key}[19]; + $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20]; + $fwdfwsettings{'TIME_WED'} = $hash{$key}[21]; + $fwdfwsettings{'TIME_THU'} = $hash{$key}[22]; + $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23]; + $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24]; + $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25]; + $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; + $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; + + $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; + $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; + $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; + $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED'; + $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED'; + $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; + $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED'; + $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED'; + $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED'; + $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED'; + $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED'; + $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED'; + $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; + $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; + $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; + $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; + } + } + $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'}; + $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}}; + $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'}; + $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}}; + $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'}; + $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}}; + $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'}; + }else{ + $fwdfwsettings{'ACTIVE'}='ON'; + $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; + } + + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); + +print < + +
$Lang::tr{'fwdfw rule action'}
"; + + + &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); + + + #------SOURCE------------------------------------------------------- + print< + $Lang::tr{'fwdfw sourceip'} +
+ $Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srcport'} + $Lang::tr{'fwdfw man port'} + $Lang::tr{'fwhost icmptype'}$Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'}$Lang::tr{'fwhost cust srvgrp'}:$Lang::tr{'fwdfw man port'} + $Lang::tr{'fwhost icmptype'} + $Lang::tr{'fwdfw rule activate'} + $Lang::tr{'fwdfw log rule'} +

+END + &Header::closebox(); + #---ADD TIMEFRAME----------------------------------------------- + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'}); + print< + $Lang::tr{'fwdfw timeframe'} +   + + $Lang::tr{'time'}: + $Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'} + + $Lang::tr{'advproxy from'} + $Lang::tr{'advproxy to'} + + + + + + + + + + + + + + +END + for (my $i=0;$i<=23;$i++) { + $i = sprintf("%02s",$i); + for (my $j=0;$j<=45;$j+=15) { + $j = sprintf("%02s",$j); + my $time = $i.":".$j; + print "\t\t\t\t\t\n"; + } + } + print< +
+END + &Header::closebox(); + #---ACTION------------------------------------------------------ + if($fwdfwsettings{'updatefwrule'} ne 'on'){ + print< + + +
+
+END + }else{ + print< + + + + + + + + + +
+ +
+END + } + &Header::closebox(); +} +sub saverule +{ + + my $hash=shift; + my $config=shift; + &General::readhasharray("$config", $hash); + if (!$errormessage){ + if ($fwdfwsettings{'updatefwrule'} ne 'on' ){ + my $key = &General::findhasharraykey ($hash); + $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; + $$hash{$key}[1] = $fwdfwsettings{'chain'}; + $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'}; + $$hash{$key}[3] = $fwdfwsettings{'grp1'}; + $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}}; + $$hash{$key}[5] = $fwdfwsettings{'grp2'}; + $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}}; + $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'}; + $$hash{$key}[8] = $fwdfwsettings{'PROT'}; + $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'}; + $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'}; + $$hash{$key}[11] = $fwdfwsettings{'USESRV'}; + $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'}; + $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'}; + $$hash{$key}[14] = $fwdfwsettings{'grp3'}; + $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}}; + $$hash{$key}[16] = $fwdfwsettings{'ruleremark'}; + $$hash{$key}[17] = $fwdfwsettings{'LOG'}; + $$hash{$key}[18] = $fwdfwsettings{'TIME'}; + $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'}; + $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'}; + $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'}; + $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'}; + $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'}; + $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'}; + $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'}; + $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'}; + $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; + &General::writehasharray("$config", $hash); + }else{ + foreach my $key (sort keys %$hash){ + if($key eq $fwdfwsettings{'key'}){ + $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; + $$hash{$key}[1] = $fwdfwsettings{'chain'}; + $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'}; + $$hash{$key}[3] = $fwdfwsettings{'grp1'}; + $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}}; + $$hash{$key}[5] = $fwdfwsettings{'grp2'}; + $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}}; + $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'}; + $$hash{$key}[8] = $fwdfwsettings{'PROT'}; + $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'}; + $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'}; + $$hash{$key}[11] = $fwdfwsettings{'USESRV'}; + $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'}; + $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'}; + $$hash{$key}[14] = $fwdfwsettings{'grp3'}; + $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}}; + $$hash{$key}[16] = $fwdfwsettings{'ruleremark'}; + $$hash{$key}[17] = $fwdfwsettings{'LOG'}; + $$hash{$key}[18] = $fwdfwsettings{'TIME'}; + $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'}; + $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'}; + $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'}; + $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'}; + $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'}; + $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'}; + $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'}; + $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'}; + $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'}; + last; + } + } + &General::writehasharray("$config", $hash); + } + } +} +sub error +{ + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); + print"
"; + } +} +sub hint +{ + if ($hint) { + &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); + print "$hint\n"; + print " \n"; + &Header::closebox(); + print"
"; + } +} +sub get_name +{ + my $val=shift; + &General::setup_default_networks(\%defaultNetworks); + foreach my $network (sort keys %defaultNetworks) + { + return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); + } +} +sub validremark +{ + # Checks a hostname against RFC1035 + my $remark = $_[0]; + + # Each part should be at least two characters in length + # but no more than 63 characters + if (length ($remark) < 1 || length ($remark) > 63) { + return 0;} + # Only valid characters are a-z, A-Z, 0-9 and - + if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) { + return 0;} + # First character can only be a letter or a digit + if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) { + return 0;} + # Last character can only be a letter or a digit + if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) { + return 0;} + return 1; +} +sub getsrcport +{ + my %hash=%{(shift)}; + my $key=shift; + if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){ + print" : ($hash{$key}[8]) $hash{$key}[10]"; + }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ + print" : ($hash{$key}[8])
$hash{$key}[9]"; + } +} +sub gettgtport +{ + my %hash=%{(shift)}; + my $key=shift; + my $service; + my $prot; + + if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ + if($hash{$key}[14] eq 'cust_srv'){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $i (sort keys %customservice){ + #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15]
"; + if($customservice{$i}[0] eq $hash{$key}[15]){ + $prot = $hash{$key}[12]; + $service = $customservice{$i}[0]; + } + } + }elsif($hash{$key}[14] eq 'cust_srvgrp'){ + + $service=$hash{$key}[15]; + }elsif($hash{$key}[14] eq 'TGT_PORT'){ + $service=$hash{$key}[15]; + $prot=$hash{$key}[12]; + } + }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ + print" : ($hash{$key}[12])
$hash{$key}[13]"; + } + + if ($prot ne '' || $service ne ''){ + print" :"; + if ($prot ne ''){ + print"($prot) "; + } + print" $service"; + } +} +sub viewtablerule +{ + &viewtablenew(\%configfwdfw,$configfwdfw,$Lang::tr{'fwdfw rules'},"Forward" ); + &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'external access'} ); +} +sub viewtablenew +{ + my $hash=shift; + my $config=shift; + my $title=shift; + my $title1=shift; + + if ( ! -z "$config"){ + &Header::openbox('100%', 'left',$title); + my $count=0; + my ($gif,$log); + my $ruletype; + my $rulecolor; + my $tooltip; + my @tmpsrc=(); + my $coloryellow=''; + &General::readhasharray("$config", $hash); + print"$title1
"; + print""; + print""; + foreach my $key (sort keys %$hash){ + @tmpsrc=(); + #check if vpn hosts/nets have been deleted + if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){ + push (@tmpsrc,$$hash{$key}[4]); + } + if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){ + push (@tmpsrc,$$hash{$key}[6]); + } + + foreach my $host (@tmpsrc){ + if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){ + if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + + } + }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){ + if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + } + }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){ + if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + } + }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq 'ovpn_host_tgt'){ + if(&fwlib::get_ovpn_host_ip($host,33) eq ''){ + $coloryellow='on'; + &disable_rule($key); + $$hash{$key}[2]=''; + } + } + $$hash{$key}[3]=''; + $$hash{$key}[5]=''; + } + + $$hash{'ACTIVE'}=$$hash{$key}[2]; + $count++; + + if($coloryellow eq 'on'){ + print""; + $coloryellow=''; + }elsif($coloryellow eq ''){ + if ($count % 2){ + print""; + } + else{ + print""; + } + } + + print<$key +END + if ($$hash{$key}[0] eq 'ACCEPT'){ + $ruletype='A'; + $tooltip='ACCEPT'; + $rulecolor=$color{'color17'}; + }elsif($$hash{$key}[0] eq 'DROP'){ + $ruletype='D'; + $tooltip='DROP'; + $rulecolor=$color{'color25'}; + }elsif($$hash{$key}[0] eq 'REJECT'){ + $ruletype='R'; + $tooltip='REJECT'; + $rulecolor=$color{'color16'}; + } + print""; + print" +END + + print< +END + if ($$hash{$key}[5] eq 'std_net_tgt'){ + print &get_name($$hash{$key}[6]); + }else{ + print $$hash{$key}[6]; + } + &gettgtport(\%$hash,$key); + ################################################################################ + print""; + + if($$hash{$key}[2] eq 'ON'){ + $gif="/images/on.gif" + + }else{ + $gif="/images/off.gif" + + } + print< + + + + + + + + + + + +END + if (exists $$hash{$key-1}){ + print< + +END + }else{ + print""; + } + + if (exists $$hash{$key+1}){ + print< + +END + }else{ + print""; + } + #if timeframe set, print new line in table + if ($$hash{$key}[18] eq 'ON'){ + my @days=(); + if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});} + if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});} + if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});} + if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});} + if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});} + if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});} + if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});} + + my $weekdays=join(",",@days); + + if (@days){ + print""; + } + } + } + print"
#$Lang::tr{'fwdfw source'}Log$Lang::tr{'fwdfw target'}$Lang::tr{'remark'}$Lang::tr{'fwdfw action'}
$ruletype"; + if ($$hash{$key}[3] eq 'std_net_src'){ + print &get_name($$hash{$key}[4]); + }else{ + print $$hash{$key}[4]; + } + &getsrcport(\%$hash,$key); + if ($$hash{$key}[17] eq 'ON'){ + $log="/images/on.gif"; + }else{ + $log="/images/off.gif"; + } + print< + +
+
+ + + + $$hash{$key}[16] + + + +
+ + + +
+ + + +
+ + + + + + + + + + + +
$Lang::tr{'fwdfw time'} "; + print"$weekdays"; + print "  $Lang::tr{'fwdfw from'} $$hash{$key}[26]   $Lang::tr{'fwdfw till'} $$hash{$key}[27]
"; + &Header::closebox(); + } + +} +sub fillselect +{ + my %hash=%{(shift)}; + my $val=shift; + my $key; + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash) + { + if($hash{$key}[0] eq $val){ + print""; + }else{ + print""; + } + } +} +sub rules +{ + if (!-f "${General::swroot}/forward/reread"){ + system("touch ${General::swroot}/forward/reread"); + } +} +sub reread_rules +{ + system("/usr/local/bin/forwardfwctrl"); + system("rm ${General::swroot}/forward/reread"); +} +&Header::closebigbox(); +&Header::closepage(); diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi new file mode 100755 index 000000000..8fe281b74 --- /dev/null +++ b/html/cgi-bin/fwhosts.cgi @@ -0,0 +1,1970 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2011 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### +# New function for forwarding firewall. To make it comfortable to create # +# rules, we need "spelling names" for single Hosts. If you have any questions # +# # +############################################################################### +use strict; + +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; +no warnings 'uninitialized'; +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %fwhostsettings=(); +my %customnetwork=(); +my %customhost=(); +my %customgrp=(); +my %customservice=(); +my %customservicegrp=(); +my %ccdnet=(); +my %ccdhost=(); +my %ipsecconf=(); +my %icmptypes=(); +my %color=(); +my %defaultNetworks=(); +my %mainsettings=(); +my %ownnet=(); +my %ipsecsettings=(); + +my $errormessage; +my $hint; +my $update=0; +my $confignet = "${General::swroot}/fwhosts/customnetworks"; +my $confighost = "${General::swroot}/fwhosts/customhosts"; +my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; +my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; +my $configipsec = "${General::swroot}/vpn/config"; +my $configsrv = "${General::swroot}/fwhosts/customservices"; +my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; + +unless (-e $confignet) { system("touch $confignet"); } +unless (-e $confighost) { system("touch $confighost"); } +unless (-e $configgrp) { system("touch $configgrp"); } +unless (-e $configsrv) { system("touch $configsrv"); } +unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } + +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); +&General::readhash("${General::swroot}/ethernet/settings", \%ownnet); +&Header::getcgihash(\%fwhostsettings); + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'fwhost hosts'}, 1, ''); +&Header::openbigbox('100%', 'center'); + +## ACTION #### +# Update +if ($fwhostsettings{'ACTION'} eq 'updatenet' ) +{ + &General::readhasharray("$confignet", \%customnetwork); + foreach my $key (keys %customnetwork) + { + if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}) + { + $fwhostsettings{'orgname'} = $customnetwork{$key}[0]; + $fwhostsettings{'orgip'} = $customnetwork{$key}[1]; + $fwhostsettings{'orgsub'} = $customnetwork{$key}[2]; + $fwhostsettings{'count'} = $customnetwork{$key}[3]; + delete $customnetwork{$key}; + + } + } + &General::writehasharray("$confignet", \%customnetwork); + $fwhostsettings{'actualize'} = 'on'; + $fwhostsettings{'ACTION'} = 'savenet'; +} +if ($fwhostsettings{'ACTION'} eq 'updatehost') +{ + my ($ip,$subnet); + &General::readhasharray("$confighost", \%customhost); + foreach my $key (keys %customhost) + { + if($customhost{$key}[0] eq $fwhostsettings{'orgname'}) + { + $fwhostsettings{'orgname'} = $customhost{$key}[0]; + if ($customhost{$key}[1] eq 'ip'){ + ($ip,$subnet) = split (/\//,$customhost{$key}[2]); + }else{ + $ip = $customhost{$key}[2]; + } + $fwhostsettings{'orgip'} = $ip; + $fwhostsettings{'count'} = $customhost{$key}[3]; + delete $customhost{$key}; + } + } + &General::writehasharray("$confighost", \%customhost); + $fwhostsettings{'actualize'} = 'on'; + $fwhostsettings{'ACTION'} = 'savehost'; +} +if ($fwhostsettings{'ACTION'} eq 'updateservice') +{ + my $count=0; + my $needrules=0; + $errormessage=&checkports(\%customservice); + + if (!$errormessage){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $key (keys %customservice) + { + if ($customservice{$key}[0] eq $fwhostsettings{'oldsrvname'}) + { + $count=$customservice{$key}[4]; + delete $customservice{$key}; + &General::writehasharray("$configsrv", \%customservice); + last; + } + } + if ($fwhostsettings{'PROT'} ne 'ICMP'){ + $fwhostsettings{'ICMP_TYPES'}='BLANK'; + } + my $key1 = &General::findhasharraykey(\%customservice); + foreach my $i (0 .. 4) { $customservice{$key1}[$i] = "";} + $customservice{$key1}[0] = $fwhostsettings{'SRV_NAME'}; + $customservice{$key1}[1] = $fwhostsettings{'SRV_PORT'}; + $customservice{$key1}[2] = $fwhostsettings{'PROT'}; + $customservice{$key1}[3] = $fwhostsettings{'ICMP_TYPES'}; + $customservice{$key1}[4] = $count; + &General::writehasharray("$configsrv", \%customservice); + if($fwhostsettings{'updatesrv'} eq 'on'){ + if($count gt 0 && $fwhostsettings{'oldsrvport'} ne $fwhostsettings{'SRV_PORT'} ){ + $needrules='on'; + } + if($count gt 0 && $fwhostsettings{'oldsrvprot'} ne $fwhostsettings{'PROT'} ){ + $needrules='on'; + } + } + $fwhostsettings{'SRV_NAME'} = ''; + $fwhostsettings{'SRV_PORT'} = ''; + $fwhostsettings{'PROT'} = ''; + + }else{ + $fwhostsettings{'SRV_NAME'} = $fwhostsettings{'oldsrvname'}; + $fwhostsettings{'SRV_PORT'} = $fwhostsettings{'oldsrvport'}; + $fwhostsettings{'PROT'} = $fwhostsettings{'oldsrvprot'}; + $fwhostsettings{'updatesrv'}= 'on'; + } + + if($needrules eq 'on'){ + $errormessage="reread!"; + &rules; + } + + &addservice; +} +# save +if ($fwhostsettings{'ACTION'} eq 'savenet' ) +{ + my $count=0; + my $needrules=0; + if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};} + + #check if all fields are set + if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '') + { + $errormessage=$errormessage.$Lang::tr{'fwhost err empty'}; + &addnet; + &viewtablenet; + }else{ + #check valid ip + if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'})) + { + $errormessage=$errormessage.$Lang::tr{'fwhost err addr'}; + $fwhostsettings{'BLK_HOST'} ='readonly'; + $fwhostsettings{'NOCHECK'} ='false'; + $fwhostsettings{'error'} ='on'; + } + #check if subnet is sigle host + if(&General::iporsubtocidr($fwhostsettings{'SUBNET'}) eq '32') + { + $errormessage=$errormessage.$Lang::tr{'fwhost err sub32'}; + + } + if($fwhostsettings{'error'} ne 'on'){ + #check if we use one of ipfire's networks (green,orange,blue) + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'})) + { + $errormessage=$errormessage.$Lang::tr{'ccd err green'}."
"; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} + } + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'})) + { + $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."
"; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} + } + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'})) + { + $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."
"; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} + } + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($fwhostsettings{'IP'},$ownnet{'RED_NETADDRESS'},$ownnet{'RED_NETMASK'})) + { + $errormessage=$errormessage.$Lang::tr{'ccd err red'}."
"; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';} + } + } + #only check plausi when no error till now + if (!$errormessage){ + &plausicheck("editnet"); + } + + #check if network ip is part of an already used one + if(&checksubnet(\%customnetwork)) + { + $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'}; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + } + + if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage) + { + $fwhostsettings{'actualize'} = ''; + my $key = &General::findhasharraykey (\%customnetwork); + foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";} + $customnetwork{$key}[0] = $fwhostsettings{'orgname'} ; + $customnetwork{$key}[1] = $fwhostsettings{'orgip'} ; + $customnetwork{$key}[2] = $fwhostsettings{'orgsub'}; + $customnetwork{$key}[3] = $fwhostsettings{'count'}; + &General::writehasharray("$confignet", \%customnetwork); + undef %customnetwork; + } + + if (!$errormessage){ + &General::readhasharray("$confignet", \%customnetwork); + if ($fwhostsettings{'ACTION'} eq 'updatenet'){ + if ($fwhostsettings{'update'} == '0'){ + foreach my $key (keys %customnetwork) { + if($customnetwork{$key}[0] eq $fwhostsettings{'orgname'}){ + $count=$customnetwork{$key}[3]; + delete $customnetwork{$key}; + last; + } + } + } + } + #get count if actualize is 'on' + if($fwhostsettings{'actualize'} eq 'on'){ + $fwhostsettings{'actualize'} = ''; + $count=$fwhostsettings{'count'}; + #check if we need to reload rules + if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0'){ + $needrules='on'; + } + if ($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){ + #check if we need to update groups + &General::readhasharray("$configgrp", \%customgrp); + foreach my $key (sort keys %customgrp){ + if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){ + $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'}; + last; + } + } + &General::writehasharray("$configgrp", \%customgrp); + } + } + my $key = &General::findhasharraykey (\%customnetwork); + foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";} + $fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'}); + $customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'}; + #convert ip when leading '0' in byte + $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'}); + $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'}); + $customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ; + $customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ; + if($fwhostsettings{'newnet'} eq 'on'){$count=0;} + $customnetwork{$key}[3] = $count; + &General::writehasharray("$confignet", \%customnetwork); + $fwhostsettings{'IP'}=$fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); + undef %customnetwork; + $fwhostsettings{'HOSTNAME'}=''; + $fwhostsettings{'IP'}=''; + $fwhostsettings{'SUBNET'}=''; + #check if an edited net affected groups and need to reload rules + if ($needrules eq 'on'){ + &rules; + } + &addnet; + &viewtablenet; + }else + { + &addnet; + &viewtablenet; + } + } + +} +if ($fwhostsettings{'ACTION'} eq 'savehost') +{ + my $count=0; + my $needrules=0; + if ($fwhostsettings{'orgname'} eq ''){$fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'};} + + $fwhostsettings{'SUBNET'}='32'; + + #check if all fields are set + if ($fwhostsettings{'HOSTNAME'} eq '' || $fwhostsettings{'IP'} eq '' || $fwhostsettings{'SUBNET'} eq '') + { + $errormessage=$errormessage.$Lang::tr{'fwhost err empty'}; + $fwhostsettings{'ACTION'} = 'edithost'; + }else{ + + if($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){ + $fwhostsettings{'type'} = 'mac'; + }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $fwhostsettings{'type'} = 'ip'; + }elsif($fwhostsettings{'type'} eq 'mac' && $fwhostsettings{'IP'}=~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/){ + $fwhostsettings{'type'} = 'mac'; + }elsif($fwhostsettings{'type'} eq 'ip' && $fwhostsettings{'IP'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ + $fwhostsettings{'type'} = 'ip'; + }else{ + $fwhostsettings{'type'} = ''; + $errormessage=$Lang::tr{'fwhost err ipmac'}; + } + + if($fwhostsettings{'type'} eq 'mac' ) + { + if ($fwhostsettings{'IP'}!~/^([0-9a-fA-F]{1,2}:){5}[0-9a-fA-F]{1,2}$/ ) + { + $errormessage=$Lang::tr{'fwhost err mac'}; + + } + } + #CHECK IP-PART + if ($fwhostsettings{'type'} eq 'ip'){ + #check for subnet + if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){ + if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32")) + { + $errormessage.=$errormessage.$Lang::tr{'fwhost err ip'}; + $fwhostsettings{'error'}='on'; + } + + }elsif(rindex($fwhostsettings{'IP'},'/') ne '-1' ){ + $errormessage=$errormessage.$Lang::tr{'fwhost err ipwithsub'}; + $fwhostsettings{'error'}='on'; + } + #check if net or broadcast + my @tmp= split (/\./,$fwhostsettings{'IP'}); + if (($tmp[3] eq "0") || ($tmp[3] eq "255")){ + $errormessage=$Lang::tr{'fwhost err hostip'}; + } + } + + + + #only check plausi when no error till now + if (!$errormessage){ + &plausicheck("edithost"); + } + + if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newhost'} ne 'on' && $errormessage){ + $fwhostsettings{'actualize'} = ''; + my $key = &General::findhasharraykey (\%customhost); + foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";} + $customhost{$key}[0] = $fwhostsettings{'orgname'} ; + $customhost{$key}[1] = $fwhostsettings{'type'} ; + if($customhost{$key}[1] eq 'ip'){ + $customhost{$key}[2] = $fwhostsettings{'orgip'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); + }else{ + $customhost{$key}[2] = $fwhostsettings{'orgip'}; + } + $customhost{$key}[3] = $fwhostsettings{'count'}; + &General::writehasharray("$confighost", \%customhost); + undef %customhost; + + } + + if (!$errormessage){ + #get count if host was edited + if($fwhostsettings{'actualize'} eq 'on'){ + $count=$fwhostsettings{'count'}; + if($fwhostsettings{'orgip'} ne $fwhostsettings{'IP'} && $count gt '0' ){ + $needrules='on'; + } + if($fwhostsettings{'orgname'} ne $fwhostsettings{'HOSTNAME'}){ + #check if we need to update groups + &General::readhasharray("$configgrp", \%customgrp); + foreach my $key (sort keys %customgrp){ + if($customgrp{$key}[2] eq $fwhostsettings{'orgname'}){ + $customgrp{$key}[2]=$fwhostsettings{'HOSTNAME'}; + last; + } + } + &General::writehasharray("$configgrp", \%customgrp); + } + + + } + my $key = &General::findhasharraykey (\%customhost); + foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";} + $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ; + $customhost{$key}[1] = $fwhostsettings{'type'} ; + if ($fwhostsettings{'type'} eq 'ip'){ + #convert ip when leading '0' in byte + $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'}); + $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'}); + $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); + }else{ + $customhost{$key}[2] = $fwhostsettings{'IP'}; + } + if($fwhostsettings{'newhost'} eq 'on'){$count=0;} + $customhost{$key}[3] = $count; + &General::writehasharray("$confighost", \%customhost); + + #$fwhostsettings{'IP'} = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); + undef %customhost; + $fwhostsettings{'HOSTNAME'}=''; + $fwhostsettings{'IP'}=''; + $fwhostsettings{'type'}=''; + #check if we need to update rules while host was edited + if($needrules eq 'on'){ + &rules; + } + &addhost; + &viewtablehost; + }else{ + &addhost; + &viewtablehost; + } + + } + +} +if ($fwhostsettings{'ACTION'} eq 'savegrp') +{ + my $grp; + my $rem=$fwhostsettings{'remark'}; + my $count; + my $type; + my $updcounter='off'; + my @target; + my @newgrp; + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$confignet", \%customnetwork); + &General::readhasharray("$confighost", \%customhost); + $grp=$fwhostsettings{'grp_name'}; + + if (!&General::validhostname($grp)){$errormessage=$errormessage.$Lang::tr{'fwhost err name'};} + + ###check standard networks + if ($fwhostsettings{'grp2'} eq 'std_net'){ + @target=$fwhostsettings{'DEFAULT_SRC_ADR'}; + $type='Standard Network'; + } + ##check custom networks + if ($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} ne ''){ + @target=$fwhostsettings{'CUST_SRC_NET'}; + $updcounter='net'; + $type='Custom Network'; + }elsif($fwhostsettings{'grp2'} eq 'cust_net' && $fwhostsettings{'CUST_SRC_NET'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}."
"; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + #check custom addresses + if ($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} ne ''){ + @target=$fwhostsettings{'CUST_SRC_HOST'}; + $updcounter='host'; + $type='Custom Host'; + }elsif($fwhostsettings{'grp2'} eq 'cust_host' && $fwhostsettings{'CUST_SRC_HOST'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}."
"; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + #get address from ovpn ccd static net + if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){ + @target=$fwhostsettings{'OVPN_CCD_NET'}; + $type='OpenVPN static network'; + }elsif($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + #get address from ovpn ccd static host + if ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} ne ''){ + @target=$fwhostsettings{'OVPN_CCD_HOST'}; + $type='OpenVPN static host'; + }elsif ($fwhostsettings{'grp2'} eq 'ovpn_host' && $fwhostsettings{'OVPN_CCD_HOST'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + } + #get address from ovpn ccd Net-2-Net + if ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} ne ''){ + @target=$fwhostsettings{'OVPN_N2N'}; + $type='OpenVPN N-2-N'; + }elsif ($fwhostsettings{'grp2'} eq 'ovpn_n2n' && $fwhostsettings{'OVPN_N2N'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + + #get address from IPSEC HOST + if ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} ne ''){ + @target=$fwhostsettings{'IPSEC_HOST'}; + $type='IpSec Host'; + }elsif ($fwhostsettings{'grp2'} eq 'ipsec_host' && $fwhostsettings{'IPSEC_HOST'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + #get address from IPSEC NETWORK + if ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} ne ''){ + @target=$fwhostsettings{'IPSEC_NET'}; + $type='IpSec Network'; + }elsif ($fwhostsettings{'grp2'} eq 'ipsec_net' && $fwhostsettings{'IPSEC_NET'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + $fwhostsettings{'grp_name'}=''; + $fwhostsettings{'remark'}=''; + } + + #check if host/net exists in grp + my $test="$grp,$fwhostsettings{'oldremark'},@target"; + foreach my $key (keys %customgrp) { + my $test1="$customgrp{$key}[0],$customgrp{$key}[1],$customgrp{$key}[2]"; + if ($test1 eq $test){ + $errormessage=$Lang::tr{'fwhost err isingrp'}; + $fwhostsettings{'update'} = 'on'; + } + } + + if (!$errormessage){ + #on first save, we have an empty @target, so fill it with nothing + my $targetvalues=@target; + if ($targetvalues == '0'){ + @target=$Lang::tr{'fwhost empty'}; + } + #on update, we have to delete the dummy entry + + foreach my $key (keys %customgrp){ + if ($customgrp{$key}[0] eq $grp && $customgrp{$key}[2] eq $Lang::tr{'fwhost empty'}){ + delete $customgrp{$key}; + last; + } + } + &General::writehasharray("$configgrp", \%customgrp); + &General::readhasharray("$configgrp", \%customgrp); + + + + #check if remark has also changed + if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $fwhostsettings{'update'} eq 'on') + { + foreach my $key (keys %customgrp) + { + if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'}) + { + $customgrp{$key}[1]=''; + $customgrp{$key}[1]=$rem; + } + } + } + #get count used + foreach my $key (keys %customgrp) + { + if($customgrp{$key}[0] eq $grp) + { + $count=$customgrp{$key}[4]; + last; + } + } + if ($count eq '' ){$count='0';} + + #create array with new lines + foreach my $line (@target){ + push (@newgrp,"$grp,$rem,$line"); + } + #append new entries + my $key = &General::findhasharraykey (\%customgrp); + foreach my $line (@newgrp){ + foreach my $i (0 .. 4) { $customgrp{$key}[$i] = "";} + my ($a,$b,$c,$d) = split (",",$line); + $customgrp{$key}[0] = $a; + $customgrp{$key}[1] = $b; + $customgrp{$key}[2] = $c; + $customgrp{$key}[3] = $type; + $customgrp{$key}[4] = $count; + } + &General::writehasharray("$configgrp", \%customgrp); + + #update counter in Host/Net + if($updcounter eq 'net'){ + foreach my $key (keys %customnetwork) { + if($customnetwork{$key}[0] eq $fwhostsettings{'CUST_SRC_NET'}){ + $customnetwork{$key}[3] = $customnetwork{$key}[3]+1; + last; + } + } + &General::writehasharray("$confignet", \%customnetwork); + }elsif($updcounter eq 'host'){ + foreach my $key (keys %customhost) { + if ($customhost{$key}[0] eq $fwhostsettings{'CUST_SRC_HOST'}){ + $customhost{$key}[3]=$customhost{$key}[3]+1; + } + } + &General::writehasharray("$confighost", \%customhost); + } + + $fwhostsettings{'update'}='on'; + + } + if ($fwhostsettings{'remark'} ne $fwhostsettings{'oldremark'} && $errormessage) + { + foreach my $key (keys %customgrp) + { + if($customgrp{$key}[0] eq $grp && $customgrp{$key}[1] eq $fwhostsettings{'oldremark'}) + { + $customgrp{$key}[1]=''; + $customgrp{$key}[1]=$rem; + } + } + &General::writehasharray("$configsrvgrp", \%customservicegrp); + $errormessage=''; + $hint=$Lang::tr{'fwhost changeremark'}; + $fwhostsettings{'update'}='on'; + } + #check if ruleupdate is needed + if($count > 0 ) + { + &rules; + } + &addgrp; + &viewtablegrp; + +} +if ($fwhostsettings{'ACTION'} eq 'saveservice') +{ + my $ICMP; + + &General::readhasharray("$configsrv", \%customservice ); + $errormessage=&checkports(\%customservice); + + if ($fwhostsettings{'PROT'} eq 'ICMP'){ + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes); + foreach my $key (keys %icmptypes){ + if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwhostsettings{'ICMP_TYPES'}){ + $ICMP=$icmptypes{$key}[0]; + } + } + } + if($ICMP eq ''){$ICMP='BLANK';} + if (!$errormessage){ + + my $key = &General::findhasharraykey (\%customservice); + foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";} + $customservice{$key}[0] = $fwhostsettings{'SRV_NAME'}; + $customservice{$key}[1] = $fwhostsettings{'SRV_PORT'}; + $customservice{$key}[2] = $fwhostsettings{'PROT'}; + $customservice{$key}[3] = $ICMP; + $customservice{$key}[4] = 0; + &General::writehasharray("$configsrv", \%customservice ); + #reset fields + $fwhostsettings{'SRV_NAME'}=''; + $fwhostsettings{'SRV_PORT'}=''; + $fwhostsettings{'PROT'}=''; + $fwhostsettings{'ICMP_TYPES'}=''; + + } + + &addservice; + +} +if ($fwhostsettings{'ACTION'} eq 'saveservicegrp') +{ + my $prot; + my $port; + my $count=0; + &General::readhasharray("$configsrvgrp", \%customservicegrp ); + &General::readhasharray("$configsrv", \%customservice ); + + $errormessage=&checkservicegroup; + + if (!$errormessage){ + #on first save, we have to enter a dummy value + if ($fwhostsettings{'CUST_SRV'} eq ''){$fwhostsettings{'CUST_SRV'}=$Lang::tr{'fwhost empty'};} + + #on update, we have to delete the dummy entry + foreach my $key (keys %customservicegrp){ + if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost empty'}){ + delete $customservicegrp{$key}; + last; + } + } + &General::writehasharray("$configsrvgrp", \%customservicegrp ); + #check if remark has also changed + if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $fwhostsettings{'updatesrvgrp'} eq 'on') + { + foreach my $key (keys %customservicegrp) + { + if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'}) + { + $customservicegrp{$key}[1]=''; + $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'}; + } + } + } + #get count used + foreach my $key (keys %customservicegrp) + { + if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}) + { + $count=$customservicegrp{$key}[5]; + last; + } + } + if ($count eq '' ){$count='0';} + + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwhostsettings{'CUST_SRV'}){ + $port=$customservice{$key}[1]; + $prot=$customservice{$key}[2]; + $customservice{$key}[4]++; + } + } + &General::writehasharray("$configsrv", \%customservice ); + + my $key = &General::findhasharraykey (\%customservicegrp); + foreach my $i (0 .. 3) { $customservice{$key}[$i] = "";} + $customservicegrp{$key}[0] = $fwhostsettings{'SRVGRP_NAME'}; + $customservicegrp{$key}[1] = $fwhostsettings{'SRVGRP_REMARK'}; + $customservicegrp{$key}[2] = $fwhostsettings{'CUST_SRV'}; + $customservicegrp{$key}[3] = $port; + $customservicegrp{$key}[4] = $prot; + $customservicegrp{$key}[5] = $count; + &General::writehasharray("$configsrvgrp", \%customservicegrp ); + $fwhostsettings{'updatesrvgrp'}='on'; + } + if ($fwhostsettings{'SRVGRP_REMARK'} ne $fwhostsettings{'oldsrvgrpremark'} && $errormessage){ + foreach my $key (keys %customservicegrp) + { + if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[1] eq $fwhostsettings{'oldsrvgrpremark'}) + { + $customservicegrp{$key}[1]=''; + $customservicegrp{$key}[1]=$fwhostsettings{'SRVGRP_REMARK'}; + } + } + &General::writehasharray("$configsrvgrp", \%customservicegrp); + $errormessage=''; + $hint=$Lang::tr{'fwhost changeremark'}; + $fwhostsettings{'update'}='on'; + } + if ($count gt 0){ + &rules; + } + &addservicegrp; + &viewtableservicegrp; +} +# edit +if ($fwhostsettings{'ACTION'} eq 'editnet') +{ + &addnet; + &viewtablenet; +} +if ($fwhostsettings{'ACTION'} eq 'edithost') +{ + &addhost; + &viewtablehost; +} +if ($fwhostsettings{'ACTION'} eq 'editgrp') +{ + $fwhostsettings{'update'}='on'; + &addgrp; + &viewtablegrp; +} +if ($fwhostsettings{'ACTION'} eq 'editservice') +{ + $fwhostsettings{'updatesrv'}='on'; + &addservice; +} +if ($fwhostsettings{'ACTION'} eq 'editservicegrp') +{ + $fwhostsettings{'updatesrvgrp'} = 'on'; + &addservicegrp; + &viewtableservicegrp; +} +# reset +if ($fwhostsettings{'ACTION'} eq 'resetnet') +{ + $fwhostsettings{'HOSTNAME'} =""; + $fwhostsettings{'IP'} =""; + $fwhostsettings{'SUBNET'} =""; + &showmenu; +} +if ($fwhostsettings{'ACTION'} eq 'resethost') +{ + $fwhostsettings{'HOSTNAME'} =""; + $fwhostsettings{'IP'} =""; + $fwhostsettings{'type'} =""; + &showmenu; +} +# delete +if ($fwhostsettings{'ACTION'} eq 'delnet') +{ + &General::readhasharray("$confignet", \%customnetwork); + foreach my $key (keys %customnetwork) { + if($fwhostsettings{'key'} eq $customnetwork{$key}[0]){ + delete $customnetwork{$key}; + &General::writehasharray("$confignet", \%customnetwork); + last; + } + } + &addnet; + &viewtablenet; +} +if ($fwhostsettings{'ACTION'} eq 'delhost') +{ + &General::readhasharray("$confighost", \%customhost); + foreach my $key (keys %customhost) { + if($fwhostsettings{'key'} eq $customhost{$key}[0]){ + delete $customhost{$key}; + &General::writehasharray("$confighost", \%customhost); + last; + } + } + &addhost; + &viewtablehost; + +} +if ($fwhostsettings{'ACTION'} eq 'deletegrphost') +{ + &General::readhasharray("$configgrp", \%customgrp); + foreach my $key (keys %customgrp){ + if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].",".$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){ + #decrease count from source host/net + if ($customgrp{$key}[3] eq 'Custom Network'){ + &General::readhasharray("$confignet", \%customnetwork); + foreach my $key1 (keys %customnetwork){ + if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){ + $customnetwork{$key1}[3] = $customnetwork{$key1}[3]-1; + last; + } + } + &General::writehasharray("$confignet", \%customnetwork); + } + if ($customgrp{$key}[3] eq 'Custom Host'){ + &General::readhasharray("$confighost", \%customhost); + foreach my $key1 (keys %customhost){ + if ($customhost{$key1}[0] eq $customgrp{$key}[2]){ + $customhost{$key1}[3] = $customhost{$key1}[3]-1; + last; + } + } + &General::writehasharray("$confighost", \%customhost); + } + delete $customgrp{$key}; + } + } + &General::writehasharray("$configgrp", \%customgrp); + &rules; + &addgrp; + &viewtablegrp; +} +if ($fwhostsettings{'ACTION'} eq 'delgrp') +{ + &General::readhasharray("$configgrp", \%customgrp); + &decrease($fwhostsettings{'grp_name'}); + foreach my $key (sort keys %customgrp) + { + if($customgrp{$key}[0] eq $fwhostsettings{'grp_name'}) + { + delete $customgrp{$key}; + } + } + &General::writehasharray("$configgrp", \%customgrp); + $fwhostsettings{'grp_name'}=''; + &addgrp; + &viewtablegrp; +} +if ($fwhostsettings{'ACTION'} eq 'delservice') +{ + &General::readhasharray("$configsrv", \%customservice); + foreach my $key (keys %customservice) { + if($customservice{$key}[0] eq $fwhostsettings{'SRV_NAME'}){ + #&deletefromgrp($customhost{$key}[0],$configgrp); + delete $customservice{$key}; + &General::writehasharray("$configsrv", \%customservice); + last; + } + } + $fwhostsettings{'SRV_NAME'}=''; + $fwhostsettings{'SRV_PORT'}=''; + $fwhostsettings{'PROT'}=''; + &addservice; +} +if ($fwhostsettings{'ACTION'} eq 'delservicegrp') +{ + &General::readhasharray("$configsrvgrp", \%customservicegrp); + &decreaseservice($fwhostsettings{'SRVGRP_NAME'}); + foreach my $key (sort keys %customservicegrp) + { + if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}) + { + delete $customservicegrp{$key}; + } + } + &General::writehasharray("$configsrvgrp", \%customservicegrp); + $fwhostsettings{'SRVGRP_NAME'}=''; + &addservicegrp; + &viewtableservicegrp; +} +if ($fwhostsettings{'ACTION'} eq 'delgrpservice') +{ + &General::readhasharray("$configsrvgrp", \%customservicegrp); + &General::readhasharray("$configsrv", \%customservice); + foreach my $key (keys %customservicegrp){ + if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customservicegrp{$key}[2].",".$customservicegrp{$key}[3] eq $fwhostsettings{'delsrvfromgrp'}) + { + #decrease count from source service + foreach my $key1 (sort keys %customservice){ + if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ + $customservice{$key1}[4]--; + last; + } + } + &General::writehasharray("$configsrv", \%customservice); + delete $customservicegrp{$key} + } + } + &General::writehasharray("$configsrvgrp", \%customservicegrp); + &rules; + &addservicegrp; + &viewtableservicegrp; + +} +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'}) +{ + &addnet; + &viewtablenet; +} +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newhost'}) +{ + &addhost; + &viewtablehost; +} +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'}) +{ + &addgrp; + &viewtablegrp; +} +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'}) +{ + &addservice; +} +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservicegrp'}) +{ + &addservicegrp; + &viewtableservicegrp; +} +### VIEW ### +if($fwhostsettings{'ACTION'} eq '') +{ + &showmenu; +} +### FUNCTIONS ### +sub showmenu +{ + + &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'}); + print<
+ + +
+END + + &Header::closebox(); + +} +# Add +sub addnet +{ + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost addnet'}); + $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'}; + print<
+ $Lang::tr{'name'}:$Lang::tr{'fwhost netaddress'}$Lang::tr{'netmask'}: +
+END + if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on') + { + print ""; + }else{ + print ""; + } + print "
"; + &Header::closebox(); +} +sub addhost +{ + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost addhost'}); + $fwhostsettings{'orgname'}=$fwhostsettings{'HOSTNAME'}; + print<
+ $Lang::tr{'name'}:IP/MAC: +

$Lang::tr{'fwhost attention'}
$Lang::tr{'fwhost macwarn'} +
+END + + if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on') + { + + print "
"; + }else{ + print " "; + } + print "
"; + &Header::closebox(); +} +sub addgrp +{ + &hint; + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'}); + &General::setup_default_networks(\%defaultNetworks); + my %checked=(); + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED'; + $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'}; + + if ($fwhostsettings{'update'} eq ''){ + print<
+ $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: +
+END + }else{ + print< + $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: +
+END + + } + if ($fwhostsettings{'update'} eq 'on'){ + + + print<$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'}
+
+END + + &Header::closebox(); +} +sub addservice +{ + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservice'}); + if ($fwhostsettings{'updatesrv'} eq 'on') + { + $fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'}; + $fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'}; + $fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'}; + } + print<
+ $Lang::tr{'fwhost srv_name'}:$Lang::tr{'fwhost prot'}: + $Lang::tr{'fwhost icmptype'} + + +
+END + + }else{ + print""; + } + print< + + + +END + &Header::closebox(); + &viewtableservice; +} +sub addservicegrp +{ + &hint; + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost newservicegrp'}); + $fwhostsettings{'oldsrvgrpremark'}=$fwhostsettings{'SRVGRP_REMARK'}; + + if ($fwhostsettings{'updatesrvgrp'} eq ''){ + print<
+ $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: +
+ +END + }else{ + print< + $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: +
+ +END + } + if($fwhostsettings{'updatesrvgrp'} eq 'on'){ + + + print< + $Lang::tr{'fwhost cust service'}
+
+END + + &Header::closebox(); +} +# View +sub viewtablenet +{ + if(! -z $confignet){ + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust net'}); + &General::readhasharray("$confignet", \%customnetwork); + if (!keys %customnetwork) + { + print "
$Lang::tr{'fwhost empty'}"; + }else{ + print< + $Lang::tr{'name'}$Lang::tr{'fwhost netaddress'}$Lang::tr{'netmask'}$Lang::tr{'used'} +END + } + my $count=0; + foreach my $key (sort { uc($customnetwork{$a}[0]) cmp uc($customnetwork{$b}[0]) } keys %customnetwork) { + if ($fwhostsettings{'ACTION'} eq 'editnet' && $fwhostsettings{'HOSTNAME'} eq $customnetwork{$key}[0]) { + print" "; + }elsif ($count % 2) + { + print" "; + }else + { + print" "; + } + print<
$customnetwork{$key}[0]$customnetwork{$key}[1]$customnetwork{$key}[2]$customnetwork{$key}[3] x + + + + + +
+END + if($customnetwork{$key}[3] == '0') + { + print"
"; + }else{ + print""; + } + $count++; + } + print""; + &Header::closebox(); + } + +} +sub viewtablehost +{ + if (! -z $confighost){ + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust addr'}); + &General::readhasharray("$confighost", \%customhost); + if (!keys %customhost) + { + print "
$Lang::tr{'fwhost empty'}"; + }else{ + print< + $Lang::tr{'name'}$Lang::tr{'fwhost ip_mac'}$Lang::tr{'used'} +END + } + my $count=0; + foreach my $key (sort { uc($customhost{$a}[0]) cmp uc($customhost{$b}[0]) } keys %customhost) { + if ( ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'}) && $fwhostsettings{'HOSTNAME'} eq $customhost{$key}[0]) { + print" "; + }elsif ($count % 2){ print" ";} + else{ print" ";} + my ($ip,$sub)=split(/\//,$customhost{$key}[2]); + print<
$customhost{$key}[0]$customhost{$key}[2]$customhost{$key}[3] x + + + + + +
+END + if($customhost{$key}[3] == '0') + { + print"
"; + }else{ + print""; + } + $count++; + } + print""; + &Header::closebox(); + } +} +sub viewtablegrp +{ + if(! -z "$configgrp"){ + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust grp'}); + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$configipsec", \%ipsecconf); + &General::readhasharray("$configccdhost", \%ccdhost); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$confighost", \%customhost); + &General::readhasharray("$confignet", \%customnetwork); + my @grp=(); + my $helper=''; + my $count=0; + my $grpname; + my $remark; + my $number=keys %customgrp; + if (!keys %customgrp) + { + print "
$Lang::tr{'fwhost empty'}"; + }else{ + foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } sort { uc($customgrp{$a}[2]) cmp uc($customgrp{$b}[2]) } keys %customgrp){ + + $count++; + if ($helper ne $customgrp{$key}[0]){ + $grpname=$customgrp{$key}[0]; + $remark=$customgrp{$key}[1]; + if($count >=2){print"";} + print "
$grpname    "; + print " $Lang::tr{'remark'}:  $remark   " if ($remark ne ''); + print "$Lang::tr{'used'}: $customgrp{$key}[4] x"; + if($customgrp{$key}[4] == '0') + { + print"
"; + } + print"
"; + print""; + } + if ( ($fwhostsettings{'ACTION'} eq 'editgrp' || $fwhostsettings{'update'} ne '') && $fwhostsettings{'grp_name'} eq $customgrp{$key}[0]) { + print" "; + }elsif ($count %2 == 0){print"";}else{print"";} + my $ip=&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]); + if ($ip eq ''){print"";} + + + print ""; + }else{ + print "$customgrp{$key}[2]"; + } + if ($ip eq '' && $customgrp{$key}[2] ne $Lang::tr{'fwhost empty'}){ + print ""; + + $helper=$customgrp{$key}[0]; + } + print"
Name$Lang::tr{'ip address'}$Lang::tr{'fwhost type'}
"; + if($customgrp{$key}[3] eq 'Standard Network'){ + print &get_name($customgrp{$key}[2])."$Lang::tr{'fwhost deleted'}$customgrp{$key}[3]
"; + }else{ + print"
$ip$customgrp{$key}[3]"; + } + if ($number gt '1' && $ip ne ''){ + print""; + } + print"
"; + + } + &Header::closebox(); +} + +} +sub viewtableservice +{ + my $count=0; + if(! -z "$configsrv") + { + &Header::openbox('100%', 'left', $Lang::tr{'fwhost services'}); + &General::readhasharray("$configsrv", \%customservice); + print< + $Lang::tr{'fwhost srv_name'}$Lang::tr{'fwhost prot'}$Lang::tr{'fwhost port'}ICMP$Lang::tr{'fwhost used'} +END + foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice) + { + $count++; + if ( ($fwhostsettings{'updatesrv'} eq 'on' || $fwhostsettings{'error'}) && $fwhostsettings{'SRV_NAME'} eq $customservice{$key}[0]) { + print" "; + }elsif ($count % 2){ print" ";}else{ print" ";} + print<$customservice{$key}[0]$customservice{$key}[2]$customservice{$key}[1] +END + if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];} + + print<$customservice{$key}[4]x +
+ + +
+END + if ($customservice{$key}[4] eq '0') + { + print"
"; + }else{ + print""; + } + } + print""; + &Header::closebox(); + } +} +sub viewtableservicegrp +{ + my $count=0; + my $grpname; + my $remark; + my $helper; + if (! -z $configsrvgrp){ + + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'}); + &General::readhasharray("$configsrvgrp", \%customservicegrp); + my $number= keys %customservicegrp; + foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ + $count++; + if ($helper ne $customservicegrp{$key}[0]){ + $grpname=$customservicegrp{$key}[0]; + $remark=$customservicegrp{$key}[1]; + if($count >=2){print"";} + print "
$grpname     "; + print "$Lang::tr{'remark'}:  $remark " if ($remark ne ''); + print "  $Lang::tr{'used'}: $customservicegrp{$key}[5] x"; + if($customservicegrp{$key}[5] == '0') + { + print"
"; + } + print"
"; + print""; + } + if( $fwhostsettings{'SRVGRP_NAME'} eq $customservicegrp{$key}[0]) { + print" "; + }elsif ($count %2 == 0){print"";}else{print"";} + print ""; + print""; + $helper=$customservicegrp{$key}[0]; + } + print"
Name$Lang::tr{'port'}$Lang::tr{'fwhost prot'}
$customservicegrp{$key}[2]$customservicegrp{$key}[3]$customservicegrp{$key}[4]
"; + if ($number gt '1'){ + print""; + } + print"
"; + &Header::closebox(); + } +} +# Check +sub checkname +{ + my %hash=%{(shift)}; + foreach my $key (keys %hash) { + if($hash{$key}[0] eq $fwhostsettings{'HOSTNAME'}){ + return 0; + } + } + return 1; + +} +sub checkip +{ + + my %hash=%{(shift)}; + my $a=shift; + foreach my $key (keys %hash) { + if($hash{$key}[$a] eq $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'})){ + return 0; + } + } + return 1; +} +sub checksubnet +{ + + my %hash=%{(shift)}; + &General::readhasharray("$confignet", \%hash); + foreach my $key (keys %hash) { + if(&General::IpInSubnet($fwhostsettings{'IP'},$hash{$key}[1],$hash{$key}[2])) + { + return 1; + } + } + return 0; +} +sub checkservicegroup +{ + &General::readhasharray("$configsrvgrp", \%customservicegrp); + + + #check name + if ( ! &General::validhostname($fwhostsettings{'SRVGRP_NAME'})) + { + $errormessage.=$Lang::tr{'fwhost err name'}."
"; + return $errormessage; + } + #check remark + if ( ($fwhostsettings{'SRVGRP_REMARK'} ne '') && (! &validhostname($fwhostsettings{'SRVGRP_REMARK'}))) + { + $errormessage.=$Lang::tr{'fwhost err remark'}."
"; + } + #check empty selectbox + if (keys %customservice lt 1) + { + $errormessage.=$Lang::tr{'fwhost err groupempty'}."
"; + } + + #check if name already exists + if ($fwhostsettings{'updatesrvgrp'} ne 'on'){ + foreach my $key (keys %customservicegrp) { + if( $customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} ){ + $errormessage.=$Lang::tr{'fwhost err grpexist'}."
"; + + } + } + } + #check if service already exists in group + foreach my $key (keys %customservicegrp) { + if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'} && $customservicegrp{$key}[2] eq $fwhostsettings{'CUST_SRV'} ){ + $errormessage.=$Lang::tr{'fwhost err srvexist'}."
"; + + } + } + + + + return $errormessage; +} +sub error +{ + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); + } +} +sub hint +{ + if ($hint) { + &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); + print "$hint\n"; + print " \n"; + &Header::closebox(); + } +} +sub get_name +{ + my $val=shift; + &General::setup_default_networks(\%defaultNetworks); + foreach my $network (sort keys %defaultNetworks) + { + return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); + } +} +sub deletefromgrp +{ + my $target=shift; + my $config=shift; + my %hash=(); + &General::readhasharray("$config",\%hash); + foreach my $key (keys %hash) { + $errormessage.="lese $hash{$key}[2] und $target
"; + if($hash{$key}[2] eq $target){ + + delete $hash{$key}; + $errormessage.="Habe $target aus Gruppe gelöscht!
"; + } + } + &General::writehasharray("$config",\%hash); + +} +sub plausicheck +{ + + my $edit=shift; + #check hostname + if (!&General::validhostname($fwhostsettings{'HOSTNAME'})) + { + $errormessage=$errormessage.$Lang::tr{'fwhost err name'}; + $fwhostsettings{'BLK_IP'}='readonly'; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + } + #check if name collides with CCD Netname + + &General::readhasharray("$configccdnet", \%ccdnet); + foreach my $key (keys %ccdnet) { + if($ccdnet{$key}[0] eq $fwhostsettings{'HOSTNAME'}){ + $errormessage=$errormessage.$Lang::tr{'fwhost err isccdnet'};; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + last; + } + } + + #check if IP collides with CCD NetIP + if ($fwhostsettings{'type'} ne 'mac'){ + &General::readhasharray("$configccdnet", \%ccdnet); + foreach my $key (keys %ccdnet) { + my $test=(&General::getnetworkip($fwhostsettings{'IP'},&General::iporsubtocidr($fwhostsettings{'SUBNET'})))."/".$fwhostsettings{'SUBNET'}; + if($ccdnet{$key}[1] eq $test){ + $errormessage=$errormessage.$Lang::tr{'fwhost err isccdipnet'}; + $fwhostsettings{'IP'} = $fwhostsettings{'orgip'}; + $fwhostsettings{'SUBNET'} = $fwhostsettings{'orgsubnet'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + last; + } + } + } + + + + #check if name collides with CCD Hostname + &General::readhasharray("$configccdhost", \%ccdhost); + foreach my $key (keys %ccdhost) { + my ($ip,$sub)=split(/\//,$ccdhost{$key}[33]); + if($ip eq $fwhostsettings{'IP'}){ + $errormessage=$Lang::tr{'fwhost err isccdiphost'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + last; + } + } + #check if IP collides with CCD HostIP (only hosts) + if ($edit eq 'edithost') + { + foreach my $key (keys %ccdhost) { + if($ccdhost{$key}[1] eq $fwhostsettings{'HOSTNAME'}){ + $errormessage=$Lang::tr{'fwhost err isccdhost'}; + $fwhostsettings{'IP'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + last; + } + } + } + #check if network with this name already exists + &General::readhasharray("$confignet", \%customnetwork); + if (!&checkname(\%customnetwork)) + { + $errormessage=$errormessage."
".$Lang::tr{'fwhost err netexist'}; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + } + #check if network ip already exists + if (!&checkip(\%customnetwork,1)) + { + $errormessage=$errormessage."
".$Lang::tr{'fwhost err net'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + } + #check if host with this name already exists + &General::readhasharray("$confighost", \%customhost); + if (!&checkname(\%customhost)) + { + $errormessage=$errormessage."
".$Lang::tr{'fwhost err hostexist'}; + $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'}; + if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}=$edit;} + } + #check if host with this ip already exists + if (!&checkip(\%customhost,2)) + { + $errormessage=$errormessage."
".$Lang::tr{'fwhost err ipcheck'}; + + } + + + return; +} +sub getipforgroup +{ + my $name=$_[0], + my $type=$_[1]; + my $value; + + #get address from IPSEC NETWORK + if ($type eq 'IpSec Network'){ + foreach my $key (keys %ipsecconf) { + if ($ipsecconf{$key}[1] eq $name){ + return $ipsecconf{$key}[11]; + } + } + &deletefromgrp($name,$configgrp); + } + + #get address from IPSEC HOST + if ($type eq 'IpSec Host'){ + foreach my $key (keys %ipsecconf) { + if ($ipsecconf{$key}[1] eq $name){ + return $ipsecconf{$key}[10]; + } + } + &deletefromgrp($name,$configgrp); + } + + #get address from ovpn ccd Net-2-Net + if ($type eq 'OpenVPN N-2-N'){ + foreach my $key (keys %ccdhost) { + if($ccdhost{$key}[1] eq $name){ + my ($a,$b) = split ("/",$ccdhost{$key}[11]); + $b=&General::iporsubtodec($b); + return "$a/$b"; + } + } + &deletefromgrp($name,$configgrp); + } + + #get address from ovpn ccd static host + if ($type eq 'OpenVPN static host'){ + foreach my $key (keys %ccdhost) { + if($ccdhost{$key}[1] eq $name){ + my ($a,$b) = split (/\//,$ccdhost{$key}[33]); + $b=&General::iporsubtodec($b); + return "$a/$b"; + } + } + &deletefromgrp($name,$configgrp); + } + + #get address from ovpn ccd static net + if ($type eq 'OpenVPN static network'){ + foreach my $key (keys %ccdnet) { + if ($ccdnet{$key}[0] eq $name){ + my ($a,$b) = split (/\//,$ccdnet{$key}[1]); + $b=&General::iporsubtodec($b); + return "$a/$b"; + } + } + } + + #check custom addresses + if ($type eq 'Custom Host'){ + foreach my $key (keys %customhost) { + if ($customhost{$key}[0] eq $name){ + return $customhost{$key}[2]; + } + } + } + + ##check custom networks + if ($type eq 'Custom Network'){ + foreach my $key (keys %customnetwork) { + if($customnetwork{$key}[0] eq $name){ + return $customnetwork{$key}[1]."/".$customnetwork{$key}[2]; + } + } + } + + #check standard networks + if ($type eq 'Standard Network'){ + if ($name =~ /OpenVPN/i){ + my %ovpn=(); + &General::readhash("${General::swroot}/ovpn/settings",\%ovpn); + return $ovpn{'DOVPN_SUBNET'}; + } + if ($name eq 'GREEN'){ + my %hash=(); + &General::readhash("${General::swroot}/ethernet/settings",\%hash); + return $hash{'GREEN_NETADDRESS'}."/".$hash{'GREEN_NETMASK'}; + } + if ($name eq 'BLUE'){ + my %hash=(); + &General::readhash("${General::swroot}/ethernet/settings",\%hash); + return $hash{'BLUE_NETADDRESS'}."/".$hash{'BLUE_NETMASK'}; + } + if ($name eq 'ORANGE'){ + my %hash=(); + &General::readhash("${General::swroot}/ethernet/settings",\%hash); + return $hash{'ORANGE_NETADDRESS'}."/".$hash{'ORANGE_NETMASK'}; + } + if ($name eq 'ALL'){ + return "0.0.0.0/0.0.0.0"; + } + if ($name =~ /IPsec/i){ + my %hash=(); + &General::readhash("${General::swroot}/vpn/settings",\%hash); + return $hash{'RW_NET'}; + } + } +} +sub rules +{ + system ("/usr/local/bin/forwardfwctrl"); + system("rm ${General::swroot}/forward/reread"); +} +sub decrease +{ + my $grp=$_[0]; + &General::readhasharray("$confignet", \%customnetwork); + &General::readhasharray("$confighost", \%customhost); + foreach my $key (sort keys %customgrp ){ + if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){ + foreach my $key1 (sort keys %customnetwork){ + if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){ + $customnetwork{$key1}[3]=$customnetwork{$key1}[3]-1; + last; + } + } + } + + if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){ + foreach my $key2 (sort keys %customhost){ + if ($customhost{$key2}[0] eq $customgrp{$key}[2]){ + $customhost{$key2}[3]=$customhost{$key2}[3]-1; + last; + } + } + + } + } + &General::writehasharray("$confignet", \%customnetwork); + &General::writehasharray("$confighost", \%customhost); +} +sub decreaseservice +{ + my $grp=$_[0]; + &General::readhasharray("$configsrv", \%customservice); + &General::readhasharray("$configsrvgrp", \%customservicegrp); + + foreach my $key (sort keys %customservicegrp){ + if ($customservicegrp{$key}[0] eq $grp ){ + foreach my $key2 (sort keys %customservice){ + if ($customservice{$key2}[0] eq $customservicegrp{$key}[2]){ + $customservice{$key2}[4]--; + } + } + } + } + &General::writehasharray("$configsrv", \%customservice); + +} +sub checkports +{ + + my %hash=%{(shift)}; + #check empty fields + if ($fwhostsettings{'SRV_NAME'} eq '' ){ + $errormessage=$Lang::tr{'fwhost err name1'}; + } + if ($fwhostsettings{'SRV_PORT'} eq '' && $fwhostsettings{'PROT'} ne 'ICMP'){ + $errormessage=$Lang::tr{'fwhost err port'}; + } + #check valid name + if (! &General::validhostname($fwhostsettings{'SRV_NAME'})){ + $errormessage="
".$Lang::tr{'fwhost err name'}; + } + #change dashes with : + $fwhostsettings{'SRV_PORT'}=~ tr/-/:/; + + if ($fwhostsettings{'SRV_PORT'} eq "*") { + $fwhostsettings{'SRV_PORT'} = "1:65535"; + } + if ($fwhostsettings{'SRV_PORT'} =~ /^(\D)\:(\d+)$/) { + $fwhostsettings{'SRV_PORT'} = "1:$2"; + } + if ($fwhostsettings{'SRV_PORT'} =~ /^(\d+)\:(\D)$/) { + $fwhostsettings{'SRV_PORT'} = "$1:65535"; + } + if($fwhostsettings{'PROT'} ne 'ICMP'){ + $errormessage = $errormessage.&General::validportrange($fwhostsettings{'SRV_PORT'}, 'src'); + } + # a new service has to have a different name + foreach my $key (keys %hash){ + if ($hash{$key}[0] eq $fwhostsettings{'SRV_NAME'}){ + $errormessage = "
".$Lang::tr{'fwhost err srv exists'}; + last; + } + } + return $errormessage; +} +sub validhostname +{ + # Checks a hostname against RFC1035 + my $hostname = $_[0]; + + # Each part should be at least two characters in length + # but no more than 63 characters + if (length ($hostname) < 1 || length ($hostname) > 63) { + return 0;} + # Only valid characters are a-z, A-Z, 0-9 and - + if ($hostname !~ /^[a-zA-ZäöüÖÄÜ0-9-\s]*$/) { + return 0;} + # First character can only be a letter or a digit + if (substr ($hostname, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) { + return 0;} + # Last character can only be a letter or a digit + if (substr ($hostname, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) { + return 0;} + return 1; +} + +&Header::closebigbox(); +&Header::closepage();