From: Alexander Marx Date: Fri, 5 Jul 2013 10:15:05 +0000 (+0200) Subject: Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=7326051edb1ebec404e0b81bd85292285d7a5b6b Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules --- diff --git a/config/forwardfw/convert-outgoingfw b/config/forwardfw/convert-outgoingfw index ef2f7e1b9..05bf13dad 100755 --- a/config/forwardfw/convert-outgoingfw +++ b/config/forwardfw/convert-outgoingfw @@ -46,7 +46,11 @@ my %ccdconf=(); my %fwconfig=(); my %fwconfigout=(); my %fwdsettings=(); +my %ownnet=(); +my %ovpnSettings = (); +&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings); &General::readhash($outfwsettings,\%outsettings); +&General::readhash("${General::swroot}/ethernet/settings", \%ownnet); #ONLY RUN if /var/ipfire/outgoing exists if ( -d "/var/ipfire/outgoing"){ &process_groups; @@ -179,16 +183,39 @@ sub new_hostgrp }elsif($byte4 < '255'){ print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n"; if(!&check_net($ippart,$subnet)){ - my $netkey = &General::findhasharraykey(\%nets); - $name="net "; - $name2=$name.$ippart; - $name3="Custom Network"; - $nets{$netkey}[0] = $name2; - $nets{$netkey}[1] = $ippart; - $nets{$netkey}[2] = $subnet; - $nets{$netkey}[3] = ''; - $nets{$netkey}[4] = 1; - print LOG "->Network $ippart/$subnet added to custom networks\n"; + #Check if this network is one one of IPFire internal networks + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'})) + { + $name2='GREEN'; + $name3='Standard Network'; + }elsif (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'})) + { + $name2='ORANGE'; + $name3='Standard Network'; + }elsif (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'})) + { + $name2='BLUE'; + $name3='Standard Network'; + }elsif ($ippart eq '0.0.0.0') + { + $name2='ALL'; + $name3='Standard Network'; + }elsif(defined($ovpnSettings{'DOVPN_SUBNET'}) && "$ippart/".&General::iporsubtodec($subnet) eq $ovpnSettings{'DOVPN_SUBNET'}) + { + $name2='OpenVPN-Dyn'; + $name3='Standard Network'; + }else{ + my $netkey = &General::findhasharraykey(\%nets); + $name="net "; + $name2=$name.$ippart; + $name3="Custom Network"; + $nets{$netkey}[0] = $name2; + $nets{$netkey}[1] = $ippart; + $nets{$netkey}[2] = $subnet; + $nets{$netkey}[3] = ''; + $nets{$netkey}[4] = 1; + print LOG "->Network $ippart/$subnet added to custom networks\n"; + } }else{ print LOG "Network $ippart already exists in custom networks\n"; $name="net "; diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 1800095df..4a49f2ed9 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -998,8 +998,7 @@ END my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS"; my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK"; my $defsub1=&General::subtocidr($ifaces{$defsub}); - $ifaces{$defnet}='0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'RED'); - $defsub1 ='0' if ($defaultNetworks{$network}{'NAME'} eq 'RED'); + $ifaces{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED'); if ($ifaces{$defnet}){ print ">$network ($ifaces{$defnet}/$defsub1)"; }else{ @@ -2382,7 +2381,7 @@ END }else{ $col="bgcolor='green'"; } - &show_default_rules($col,$pol); + &show_defaultrules($col,$pol); }elsif ($config eq '/var/ipfire/forward/outgoing'){ my $pol='fwdfw '.$fwdfwsettings{'POLICY1'}; if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ @@ -2390,9 +2389,9 @@ END }else{ $col="bgcolor='green'"; } - print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}"; + print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}"; }else{ - print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw MODE1'}"; + print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw MODE1'}"; } print""; print "
"; @@ -2419,9 +2418,9 @@ END }else{ $col="bgcolor='green'"; } - print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}"; + print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}"; }else{ - print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw MODE1'}"; + print"$Lang::tr{'fwdfw final_rule'}$Lang::tr{'fwdfw MODE1'}"; } print"

"; } @@ -2435,15 +2434,18 @@ sub show_defaultrules my $col=shift; my $pol=shift; #STANDARD RULES (From WIKI) - print""; - print ""; + print"

"; + print ""; if ($col eq "bgcolor='green'"){ - my $blue = ", $Lang::tr{'blue'} ($Lang::tr{'fwdfw pol block'})" if $ifaces{'BLUE_DEV'}; - my $orange = ", $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol block'})" if $ifaces{'ORANGE_DEV'}; - print""; - print"" if $ifaces{'BLUE_DEV'}; - print""; + my $blue = " $Lang::tr{'blue'} ($Lang::tr{'fwdfw pol block'})" if $ifaces{'BLUE_DEV'}; + my $orange = " $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol block'})" if $ifaces{'ORANGE_DEV'}; + my $blue1 = " $Lang::tr{'blue'} ($Lang::tr{'fwdfw pol allow'})" if $ifaces{'BLUE_DEV'}; + my $orange1 = " $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol allow'})" if $ifaces{'ORANGE_DEV'}; + print""; + print""; + print"" if $ifaces{'BLUE_DEV'}; + print""; }elsif($col eq "bgcolor='darkred'"){ - print""; + print""; } } diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index c854e9f5c..73dabaadb 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1171,10 +1171,18 @@ END foreach my $network (sort keys %defaultNetworks) { next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP"); - next if($defaultNetworks{$network}{'NAME'} eq "RED"); + next if($defaultNetworks{$network}{'NAME'} eq "IPFire"); print ""; + my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS"; + my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK"; + my $defsub1=&General::subtocidr($ownnet{$defsub}); + $ownnet{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED'); + if ($ownnet{$defnet}){ + print ">$network ($ownnet{$defnet}/$defsub1)"; + }else{ + print ">$network"; + } } print""; if (! -z $confignet){ diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 616f52964..61441e470 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -51,12 +51,11 @@ my $errormessage = ''; my $warnmessage = ''; &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); - &Header::showhttpheaders(); #Get GUI values &Header::getcgihash(\%settings); - +&General::readhash("${General::swroot}/optionsfw/settings", \%settings); if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
$Lang::tr{'orange'} $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'}), $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$blue
$Lang::tr{'blue'} $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'}), $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$orange
$Lang::tr{'fwdfw final_rule'} $Lang::tr{$pol}
$Lang::tr{'green'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$orange1$blue1
$Lang::tr{'orange'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'}) $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'})$blue
$Lang::tr{'blue'} $Lang::tr{'red'} ($Lang::tr{'fwdfw pol allow'})$orange $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'})
$Lang::tr{'fwdfw final_rule'} $Lang::tr{'fwdfw pol allow'}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}
$Lang::tr{'fwdfw final_rule'}$Lang::tr{$pol}