From: Alexander Marx Date: Wed, 27 Feb 2013 13:23:20 +0000 (+0100) Subject: Forward Firewall: Changed layout of rulecreation. Now only the dropdowns for configur... X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=8013bd0ac28ac8daee7bae5ebcfe4c9fd8154310;hp=92e4ae9db1334acf481a60656004b289b0accf80 Forward Firewall: Changed layout of rulecreation. Now only the dropdowns for configured networks are shown on the site Also changed fwhosts.cgi (custom groups) to the same feature --- diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index f7d2bb1dd..b93557d83 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -520,129 +520,19 @@ if ($fwdfwsettings{'ACTION'} eq '') &base; } ### Functions #### -sub changerule -{ - my $oldchain=shift; - $fwdfwsettings{'updatefwrule'}=''; - $fwdfwsettings{'config'}=$oldchain; - $fwdfwsettings{'nobase'}='on'; - &deleterule; - &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); - &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); -} -sub pos_up -{ - my %uphash=(); - my %tmp=(); - &General::readhasharray($fwdfwsettings{'config'}, \%uphash); - foreach my $key (sort keys %uphash){ - if ($key eq $fwdfwsettings{'key'}) { - my $last = $key -1; - if (exists $uphash{$last}){ - #save rule last - foreach my $y (0 .. $#{$uphash{$last}}) { - $tmp{0}[$y] = $uphash{$last}[$y]; - } - #copy active rule to last - foreach my $i (0 .. $#{$uphash{$last}}) { - $uphash{$last}[$i] = $uphash{$key}[$i]; - } - #copy saved rule to actual position - foreach my $x (0 .. $#{$tmp{0}}) { - $uphash{$key}[$x] = $tmp{0}[$x]; - } - } - } - } - &General::writehasharray($fwdfwsettings{'config'}, \%uphash); - &rules; -} -sub pos_down -{ - my %downhash=(); - my %tmp=(); - &General::readhasharray($fwdfwsettings{'config'}, \%downhash); - foreach my $key (sort keys %downhash){ - if ($key eq $fwdfwsettings{'key'}) { - my $next = $key + 1; - if (exists $downhash{$next}){ - #save rule next - foreach my $y (0 .. $#{$downhash{$next}}) { - $tmp{0}[$y] = $downhash{$next}[$y]; - } - #copy active rule to next - foreach my $i (0 .. $#{$downhash{$next}}) { - $downhash{$next}[$i] = $downhash{$key}[$i]; - } - #copy saved rule to actual position - foreach my $x (0 .. $#{$tmp{0}}) { - $downhash{$key}[$x] = $tmp{0}[$x]; - } - } - } - } - &General::writehasharray($fwdfwsettings{'config'}, \%downhash); - &rules; -} -sub checkcounter -{ - my ($base1,$val1,$base2,$val2) = @_; - - if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ - &dec_counter($confignet,\%customnetwork,$val1); - }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ - &dec_counter($confighost,\%customhost,$val1); - }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ - &dec_counter($configgrp,\%customgrp,$val1); - }elsif($base1 eq 'cust_srv'){ - &dec_counter($configsrv,\%customservice,$val1); - }elsif($base1 eq 'cust_srvgrp'){ - &dec_counter($configsrvgrp,\%customservicegrp,$val1); - } - - if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ - &inc_counter($confignet,\%customnetwork,$val2); - }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ - &inc_counter($confighost,\%customhost,$val2); - }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ - &inc_counter($configgrp,\%customgrp,$val2); - }elsif($base2 eq 'cust_srv'){ - &inc_counter($configsrv,\%customservice,$val2); - }elsif($base2 eq 'cust_srvgrp'){ - &inc_counter($configsrvgrp,\%customservicegrp,$val2); - } -} -sub inc_counter -{ - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]+1; - } - } - &General::writehasharray($config, \%hash); -} -sub dec_counter +sub addrule { - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - #$errormessage.="ALT:config: $config , verringert wird $val
"; - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]-1; - } + &error; + if (-f "${General::swroot}/forward/reread"){ + print "
$Lang::tr{'fwhost reread'}

"; } - &General::writehasharray($config, \%hash); + &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); + print "
"; + print ""; + print ""; + print"
"; + &Header::closebox(); + &viewtablerule; } sub base { @@ -685,65 +575,15 @@ END print ""; &Header::closebox(); } -sub addrule -{ - &error; - if (-f "${General::swroot}/forward/reread"){ - print "
$Lang::tr{'fwhost reread'}

"; - } - &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'}); - print "
"; - print ""; - print ""; - print"
"; - &Header::closebox(); - &viewtablerule; -} -sub deleterule -{ - my %delhash=(); - &General::readhasharray($fwdfwsettings{'config'}, \%delhash); - foreach my $key (sort {$a <=> $b} keys %delhash){ - if ($key == $fwdfwsettings{'key'}){ - #check hosts/net and groups - &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); - &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); - #check services and groups - if ($delhash{$key}[11] eq 'ON'){ - &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); - } - } - if ($key >= $fwdfwsettings{'key'}) { - my $next = $key + 1; - if (exists $delhash{$next}) { - foreach my $i (0 .. $#{$delhash{$next}}) { - $delhash{$key}[$i] = $delhash{$next}[$i]; - } - } - } - } - # Remove the very last entry. - my $last_key = (sort {$a <=> $b} keys %delhash)[-1]; - delete $delhash{$last_key}; - - &General::writehasharray($fwdfwsettings{'config'}, \%delhash); - &rules; - - if($fwdfwsettings{'nobase'} ne 'on'){ - &base; - } -} -sub disable_rule +sub changerule { - my $key1=shift; - &General::readhasharray("$configfwdfw", \%configfwdfw); - foreach my $key (sort keys %configfwdfw){ - if ($key eq $key1 ){ - if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';} - } - } - &General::writehasharray("$configfwdfw", \%configfwdfw); - &rules; + my $oldchain=shift; + $fwdfwsettings{'updatefwrule'}=''; + $fwdfwsettings{'config'}=$oldchain; + $fwdfwsettings{'nobase'}='on'; + &deleterule; + &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}}); + &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}); } sub checksource { @@ -1012,89 +852,475 @@ sub checkrule if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){ $errormessage.=$Lang::tr{'fwdfw err samesub'}; } - }elsif($scidr eq $tcidr && $scidr eq '32'){ - my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1); - my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2); - if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){ - $hint=$Lang::tr{'fwdfw hint ip1'}."
"; - $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; - } - }else{ - if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ - $errormessage.=$Lang::tr{'fwdfw err samesub'}; + }elsif($scidr eq $tcidr && $scidr eq '32'){ + my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1); + my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2); + if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){ + $hint=$Lang::tr{'fwdfw hint ip1'}."
"; + $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; + } + }else{ + if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ + $errormessage.=$Lang::tr{'fwdfw err samesub'}; + } + } + } + + #check source and destination protocol if manual + if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ + if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + $errormessage.=$Lang::tr{'fwdfw err prot'}; + } + #check source and destination protocol if source manual and dest servicegrp + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ + if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ + $errormessage.=$Lang::tr{'fwdfw err prot'}; + last; + } + } + } + } + } +} +sub checkcounter +{ + my ($base1,$val1,$base2,$val2) = @_; + + if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){ + &dec_counter($confignet,\%customnetwork,$val1); + }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){ + &dec_counter($confighost,\%customhost,$val1); + }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){ + &dec_counter($configgrp,\%customgrp,$val1); + }elsif($base1 eq 'cust_srv'){ + &dec_counter($configsrv,\%customservice,$val1); + }elsif($base1 eq 'cust_srvgrp'){ + &dec_counter($configsrvgrp,\%customservicegrp,$val1); + } + + if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){ + &inc_counter($confignet,\%customnetwork,$val2); + }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){ + &inc_counter($confighost,\%customhost,$val2); + }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){ + &inc_counter($configgrp,\%customgrp,$val2); + }elsif($base2 eq 'cust_srv'){ + &inc_counter($configsrv,\%customservice,$val2); + }elsif($base2 eq 'cust_srvgrp'){ + &inc_counter($configsrvgrp,\%customservicegrp,$val2); + } +} +sub deleterule +{ + my %delhash=(); + &General::readhasharray($fwdfwsettings{'config'}, \%delhash); + foreach my $key (sort {$a <=> $b} keys %delhash){ + if ($key == $fwdfwsettings{'key'}){ + #check hosts/net and groups + &checkcounter($delhash{$key}[3],$delhash{$key}[4],,); + &checkcounter($delhash{$key}[5],$delhash{$key}[6],,); + #check services and groups + if ($delhash{$key}[11] eq 'ON'){ + &checkcounter($delhash{$key}[14],$delhash{$key}[15],,); + } + } + if ($key >= $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $delhash{$next}) { + foreach my $i (0 .. $#{$delhash{$next}}) { + $delhash{$key}[$i] = $delhash{$next}[$i]; + } + } + } + } + # Remove the very last entry. + my $last_key = (sort {$a <=> $b} keys %delhash)[-1]; + delete $delhash{$last_key}; + + &General::writehasharray($fwdfwsettings{'config'}, \%delhash); + &rules; + + if($fwdfwsettings{'nobase'} ne 'on'){ + &base; + } +} +sub disable_rule +{ + my $key1=shift; + &General::readhasharray("$configfwdfw", \%configfwdfw); + foreach my $key (sort keys %configfwdfw){ + if ($key eq $key1 ){ + if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';} + } + } + &General::writehasharray("$configfwdfw", \%configfwdfw); + &rules; +} +sub dec_counter +{ + my $config=shift; + my %hash=%{(shift)}; + my $val=shift; + my $pos; + #$errormessage.="ALT:config: $config , verringert wird $val
"; + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]-1; + } + } + &General::writehasharray($config, \%hash); +} +sub error +{ + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); + print"
"; + } +} +sub fillselect +{ + my %hash=%{(shift)}; + my $val=shift; + my $key; + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + print""; + }else{ + print""; + } + } +} +sub gen_dd_block +{ + my $srctgt = shift; + my $grp=shift; + my $helper=''; + my $show=''; + $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; + $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; + $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; + $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED'; + $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED'; + $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED'; + $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED'; + $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED'; + $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED'; + $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED'; + $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED'; + $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED'; + $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; + $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; + $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; + $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; + $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; +print< + + + "; + #custom networks + if (! -z $confignet){ + print""; + } + #custom hosts + if (! -z $confighost){ + print""; + } + #custom groups + if (! -z $configgrp){ + print""; + } + #End left table. start right table (vpn) + print"
$Lang::tr{'fwhost stdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust addr'}
$Lang::tr{'fwhost cust grp'}
"; + # CCD networks + if( ! -z $configccdnet){ + print""; + } + #OVPN CCD Hosts + foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){ + if ($ccdhost{$key}[33] ne ''){ + print"";} + #OVPN N2N + foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost){ + if ($ccdhost{$key}[3] eq 'net'){ + print"";} + #IPsec netze + foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) { + if ($ipsecconf{$key}[3] eq 'net'){ + print"";} + + print"
$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost ipsec net'}
"; + print"
"; +} +sub get_ip +{ + my $val=shift; + my $grp =shift; + my $a; + my $b; + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); + if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){ + if ($fwdfwsettings{$grp} eq $val.'_addr'){ + ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}}); + }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){ + if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){ + $a=$netsettings{'GREEN_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){ + $a=$netsettings{'ORANGE_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){ + $a=$netsettings{'BLUE_NETADDRESS'}; + $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){ + &General::readhash("$configovpn",\%ovpnsettings); + ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'}); + $b=&General::iporsubtocidr($b); + } + }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){ + &General::readhasharray("$confignet", \%customnetwork); + foreach my $key (keys %customnetwork){ + if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ + $a=$customnetwork{$key}[1]; + $b=&General::iporsubtocidr($customnetwork{$key}[2]); + } + } + }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){ + &General::readhasharray("$confighost", \%customhost); + foreach my $key (keys %customhost){ + if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ + if ($customhost{$key}[1] eq 'ip'){ + ($a,$b)=split (/\//,$customhost{$key}[2]); + $b=&General::iporsubtocidr($b); + }else{ + if ($grp eq 'grp2'){ + $errormessage=$Lang::tr{'fwdfw err tgt_mac'}; + } + } + } + } + } + } + return $a,$b; +} +sub get_name +{ + my $val=shift; + &General::setup_default_networks(\%defaultNetworks); + foreach my $network (sort keys %defaultNetworks) + { + return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); + } +} +sub getsrcport +{ + my %hash=%{(shift)}; + my $key=shift; + if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + $hash{$key}[10]=~ s/\|/,/g; + print": $hash{$key}[10]"; + }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ + print":
$hash{$key}[9] "; + } +} +sub gettgtport +{ + my %hash=%{(shift)}; + my $key=shift; + my $service; + my $prot; + if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ + if($hash{$key}[14] eq 'cust_srv'){ + &General::readhasharray("$configsrv", \%customservice); + foreach my $i (sort keys %customservice){ + if($customservice{$i}[0] eq $hash{$key}[15]){ + $service = $customservice{$i}[0]; + } + } + }elsif($hash{$key}[14] eq 'cust_srvgrp'){ + $service=$hash{$key}[15]; + }elsif($hash{$key}[14] eq 'TGT_PORT'){ + $hash{$key}[15]=~ s/\|/,/g; + $service=$hash{$key}[15]; + } + if($service){ + print": $service"; + } + }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ + print":
$hash{$key}[13]"; + } +} +sub get_serviceports +{ + my $type=shift; + my $name=shift; + &General::readhasharray("$configsrv", \%customservice); + &General::readhasharray("$configsrvgrp", \%customservicegrp); + my $protocols; + my $tcp; + my $udp; + if($type eq 'service'){ + foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key}[0] eq $name){ + $protocols=$customservice{$key}[2]; + } + } + }elsif($type eq 'group'){ + foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ + if ($customservicegrp{$key}[0] eq $name){ + foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ + if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ + if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} + } + } + } + } + } + if($tcp && $udp){$protocols="TCP,UDP"; + }elsif($tcp){$protocols.="TCP"; + }elsif($udp){$protocols.="UDP";} + return $protocols; +} +sub getcolor +{ + my $nettype=shift; + my $val=shift; + my $hash=shift; + if($optionsfw{'SHOWCOLORS'} eq 'on'){ + #VPN networks + if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ + $tdcolor="style='border: 1px solid $Header::colourovpn;'"; + return; + } + if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ + $tdcolor="style='border: 1px solid $Header::colourvpn;'"; + return; + } + #custom Hosts + if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ + foreach my $key (sort keys %$hash){ + if ($$hash{$key}[0] eq $val){ + $val=$$hash{$key}[2]; + } + } + } + #ALIASE + foreach my $alias (sort keys %aliases) + { + if ($val eq $alias){ + $tdcolor="style='border: 2px solid red;'"; + return; + } + } + #standard networks + if ($val eq 'GREEN'){ + $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + }elsif ($val eq 'ORANGE'){ + $tdcolor="style='border: 1px solid $Header::colourorange;'"; + }elsif ($val eq 'BLUE'){ + $tdcolor="style='border: 1px solid $Header::colourblue;'"; + }elsif ($val eq 'RED'){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + }elsif ($val eq 'IPFire' ){ + $tdcolor="style='border: 1px solid $Header::colourred;'"; + }elsif($val =~ /^(.*?)\/(.*?)$/){ + my ($sip,$scidr) = split ("/",$val); + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourorange;'"; + } + if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourgreen;'"; + } + if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ + $tdcolor="style='border: 1px solid $Header::colourblue;'"; } + }elsif ($val eq 'Default IP'){ + $tdcolor="style='border: 1px solid red;'"; + }else{ + $tdcolor=''; } } - - #check source and destination protocol if manual - if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - } - #check source and destination protocol if source manual and dest servicegrp - if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); - foreach my $key (sort keys %customservice){ - if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ - if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - last; - } - } - } - } +} +sub hint +{ + if ($hint) { + &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); + print "$hint\n"; + print " \n"; + &Header::closebox(); + print"
"; } } -sub get_ip +sub inc_counter { + my $config=shift; + my %hash=%{(shift)}; my $val=shift; - my $grp =shift; - my $a; - my $b; - &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); - if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){ - if ($fwdfwsettings{$grp} eq $val.'_addr'){ - ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}}); - }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){ - if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){ - $a=$netsettings{'GREEN_NETADDRESS'}; - $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){ - $a=$netsettings{'ORANGE_NETADDRESS'}; - $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){ - $a=$netsettings{'BLUE_NETADDRESS'}; - $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){ - &General::readhash("$configovpn",\%ovpnsettings); - ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'}); - $b=&General::iporsubtocidr($b); - } - }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){ - &General::readhasharray("$confignet", \%customnetwork); - foreach my $key (keys %customnetwork){ - if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ - $a=$customnetwork{$key}[1]; - $b=&General::iporsubtocidr($customnetwork{$key}[2]); - } - } - }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){ - &General::readhasharray("$confighost", \%customhost); - foreach my $key (keys %customhost){ - if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){ - if ($customhost{$key}[1] eq 'ip'){ - ($a,$b)=split (/\//,$customhost{$key}[2]); - $b=&General::iporsubtocidr($b); - }else{ - if ($grp eq 'grp2'){ - $errormessage=$Lang::tr{'fwdfw err tgt_mac'}; - } - } - } - } + my $pos; + + &General::readhasharray($config, \%hash); + foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ + if($hash{$key}[0] eq $val){ + $pos=$#{$hash{$key}}; + $hash{$key}[$pos] = $hash{$key}[$pos]+1; } } - return $a,$b; + &General::writehasharray($config, \%hash); } sub newrule { @@ -1257,90 +1483,10 @@ END - - - - - - +
$Lang::tr{'fwdfw sourceip'}
$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}
END + &gen_dd_block('src','grp1'); -# $Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})$Lang::tr{'fwdfw targetip'}IPFire ($Lang::tr{'external access'})$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}$Lang::tr{'fwhost cust net'}$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}$Lang::tr{'fwhost cust grp'}$Lang::tr{'fwhost ipsec net'}$Lang::tr{'fwhost ipsec host'}$Lang::tr{'fwdfw use srv'}$Lang::tr{'fwhost cust service'} - - -
-
-END - }else{ - print< - - - - - - - - - - - - -
-
-END - } - &Header::closebox(); + print< +
+END + #---ACTION------------------------------------------------------ + if($fwdfwsettings{'updatefwrule'} ne 'on'){ + print< + + + +
+
+END + }else{ + print< + + + + + + + + + + + + +
+
+END + } + &Header::closebox(); +} +sub pos_up +{ + my %uphash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%uphash); + foreach my $key (sort keys %uphash){ + if ($key eq $fwdfwsettings{'key'}) { + my $last = $key -1; + if (exists $uphash{$last}){ + #save rule last + foreach my $y (0 .. $#{$uphash{$last}}) { + $tmp{0}[$y] = $uphash{$last}[$y]; + } + #copy active rule to last + foreach my $i (0 .. $#{$uphash{$last}}) { + $uphash{$last}[$i] = $uphash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $uphash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%uphash); + &rules; +} +sub pos_down +{ + my %downhash=(); + my %tmp=(); + &General::readhasharray($fwdfwsettings{'config'}, \%downhash); + foreach my $key (sort keys %downhash){ + if ($key eq $fwdfwsettings{'key'}) { + my $next = $key + 1; + if (exists $downhash{$next}){ + #save rule next + foreach my $y (0 .. $#{$downhash{$next}}) { + $tmp{0}[$y] = $downhash{$next}[$y]; + } + #copy active rule to next + foreach my $i (0 .. $#{$downhash{$next}}) { + $downhash{$next}[$i] = $downhash{$key}[$i]; + } + #copy saved rule to actual position + foreach my $x (0 .. $#{$tmp{0}}) { + $downhash{$key}[$x] = $tmp{0}[$x]; + } + } + } + } + &General::writehasharray($fwdfwsettings{'config'}, \%downhash); + &rules; +} +sub rules +{ + if (!-f "${General::swroot}/forward/reread"){ + system("touch ${General::swroot}/forward/reread"); + system("touch ${General::swroot}/fwhosts/reread"); + } +} +sub reread_rules +{ + system("/usr/local/bin/forwardfwctrl"); + if ( -f "${General::swroot}/forward/reread"){ + system("rm ${General::swroot}/forward/reread"); + system("rm ${General::swroot}/fwhosts/reread"); + } } sub saverule { @@ -1828,35 +1961,6 @@ sub saverule } } } -sub error -{ - if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage\n"; - print " \n"; - &Header::closebox(); - print"
"; - } -} -sub hint -{ - if ($hint) { - &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'}); - print "$hint\n"; - print " \n"; - &Header::closebox(); - print"
"; - } -} -sub get_name -{ - my $val=shift; - &General::setup_default_networks(\%defaultNetworks); - foreach my $network (sort keys %defaultNetworks) - { - return "$network" if ($val eq $defaultNetworks{$network}{'NAME'}); - } -} sub validremark { # Checks a hostname against RFC1035 @@ -1877,75 +1981,6 @@ sub validremark return 0;} return 1; } -sub getsrcport -{ - my %hash=%{(shift)}; - my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ - $hash{$key}[10]=~ s/\|/,/g; - print": $hash{$key}[10]"; - }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ - print":
$hash{$key}[9] "; - } -} -sub gettgtport -{ - my %hash=%{(shift)}; - my $key=shift; - my $service; - my $prot; - if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ - if($hash{$key}[14] eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); - foreach my $i (sort keys %customservice){ - if($customservice{$i}[0] eq $hash{$key}[15]){ - $service = $customservice{$i}[0]; - } - } - }elsif($hash{$key}[14] eq 'cust_srvgrp'){ - $service=$hash{$key}[15]; - }elsif($hash{$key}[14] eq 'TGT_PORT'){ - $hash{$key}[15]=~ s/\|/,/g; - $service=$hash{$key}[15]; - } - if($service){ - print": $service"; - } - }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print":
$hash{$key}[13]"; - } -} -sub get_serviceports -{ - my $type=shift; - my $name=shift; - &General::readhasharray("$configsrv", \%customservice); - &General::readhasharray("$configsrvgrp", \%customservicegrp); - my $protocols; - my $tcp; - my $udp; - if($type eq 'service'){ - foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ - if ($customservice{$key}[0] eq $name){ - $protocols=$customservice{$key}[2]; - } - } - }elsif($type eq 'group'){ - foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){ - if ($customservicegrp{$key}[0] eq $name){ - foreach my $key1 (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){ - if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){ - if($customservice{$key1}[2] eq 'TCP'){$tcp='TCP';}else{$udp='UDP';} - } - } - } - } - } - if($tcp && $udp){$protocols="TCP,UDP"; - }elsif($tcp){$protocols.="TCP"; - }elsif($udp){$protocols.="UDP";} - return $protocols; -} sub viewtablerule { &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); @@ -2185,93 +2220,7 @@ END } } } -sub getcolor -{ - my $nettype=shift; - my $val=shift; - my $hash=shift; - if($optionsfw{'SHOWCOLORS'} eq 'on'){ - #VPN networks - if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ - $tdcolor="style='border: 1px solid $Header::colourovpn;'"; - return; - } - if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){ - $tdcolor="style='border: 1px solid $Header::colourvpn;'"; - return; - } - #custom Hosts - if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ - foreach my $key (sort keys %$hash){ - if ($$hash{$key}[0] eq $val){ - $val=$$hash{$key}[2]; - } - } - } - #ALIASE - foreach my $alias (sort keys %aliases) - { - if ($val eq $alias){ - $tdcolor="style='border: 2px solid red;'"; - return; - } - } - #standard networks - if ($val eq 'GREEN'){ - $tdcolor="style='border: 1px solid $Header::colourgreen;'"; - }elsif ($val eq 'ORANGE'){ - $tdcolor="style='border: 1px solid $Header::colourorange;'"; - }elsif ($val eq 'BLUE'){ - $tdcolor="style='border: 1px solid $Header::colourblue;'"; - }elsif ($val eq 'RED'){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; - }elsif ($val eq 'IPFire' ){ - $tdcolor="style='border: 1px solid $Header::colourred;'"; - }elsif($val =~ /^(.*?)\/(.*?)$/){ - my ($sip,$scidr) = split ("/",$val); - if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourorange;'"; - } - if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourgreen;'"; - } - if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ - $tdcolor="style='border: 1px solid $Header::colourblue;'"; - } - }elsif ($val eq 'Default IP'){ - $tdcolor="style='border: 1px solid red;'"; - }else{ - $tdcolor=''; - } - } -} -sub fillselect -{ - my %hash=%{(shift)}; - my $val=shift; - my $key; - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - print""; - }else{ - print""; - } - } -} -sub rules -{ - if (!-f "${General::swroot}/forward/reread"){ - system("touch ${General::swroot}/forward/reread"); - system("touch ${General::swroot}/fwhosts/reread"); - } -} -sub reread_rules -{ - system("/usr/local/bin/forwardfwctrl"); - if ( -f "${General::swroot}/forward/reread"){ - system("rm ${General::swroot}/forward/reread"); - system("rm ${General::swroot}/fwhosts/reread"); - } -} + + &Header::closebigbox(); &Header::closepage(); diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index e608b0f3f..073565abf 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1086,8 +1086,10 @@ sub addnet $fwhostsettings{'orgnetremark'}=$fwhostsettings{'NETREMARK'}; print<
- $Lang::tr{'name'}:$Lang::tr{'fwhost netaddress'}:$Lang::tr{'netmask'}: - $Lang::tr{'remark'}: + $Lang::tr{'name'}: + $Lang::tr{'fwhost netaddress'}: + $Lang::tr{'netmask'}: + $Lang::tr{'remark'}:
END if ($fwhostsettings{'ACTION'} eq 'editnet' || $fwhostsettings{'error'} eq 'on') @@ -1108,17 +1110,9 @@ sub addhost $fwhostsettings{'orgremark'}=$fwhostsettings{'HOSTREMARK'}; print< - $Lang::tr{'name'}: - -END - # - print<IP/MAC: - $Lang::tr{'remark'}: + $Lang::tr{'name'}: + IP/MAC: + $Lang::tr{'remark'}:

$Lang::tr{'fwhost attention'}
$Lang::tr{'fwhost macwarn'}
END @@ -1126,9 +1120,9 @@ END if ($fwhostsettings{'ACTION'} eq 'edithost' || $fwhostsettings{'error'} eq 'on') { - print " "; + print " "; }else{ - print " "; + print " "; } print "
"; &Header::closebox(); @@ -1140,7 +1134,14 @@ sub addgrp &showmenu; &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgrp'}); &General::setup_default_networks(\%defaultNetworks); + &General::readhasharray("$configccdnet", \%ccdnet); + &General::readhasharray("$confignet", \%customnetwork); + &General::readhasharray("$configccdhost", \%ccdhost); + &General::readhasharray("$confighost", \%customhost); + &General::readhasharray("$configipsec", \%ipsecconf); + my %checked=(); + my $show=''; $checked{'check1'}{'off'} = ''; $checked{'check1'}{'on'} = ''; $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED'; @@ -1150,19 +1151,25 @@ sub addgrp if ($fwhostsettings{'update'} eq ''){ print<
- $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: -
+ $Lang::tr{'fwhost addgrpname'} + $Lang::tr{'remark'}: +
END }else{ print< - $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: + $Lang::tr{'fwhost addgrpname'} + $Lang::tr{'remark'}:
END } if ($fwhostsettings{'update'} eq 'on'){ print<
$Lang::tr{'fwhost stdnet'} + + -# + if ($show eq '1'){$show='';print"";} + print"
+ + "; + if (! -z $confignet){ + print""; } - print< - "; + } + print"
$Lang::tr{'fwhost stdnet'}$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust net'}
$Lang::tr{'fwhost cust addr'}
"; + #Inner table right + print"		"; + #OVPN networks + if (! -z $configccdnet){ + print""; } - print< - ";} + #OVPN n2n networks foreach my $key (sort { uc($ccdhost{$a}[0]) cmp uc($ccdhost{$b}[0]) } keys %ccdhost) { if($ccdhost{$key}[3] eq 'net'){ + print" - ";} + #IPsec networks foreach my $key (sort { uc($ipsecconf{$a}[0]) cmp uc($ipsecconf{$b}[0]) } keys %ipsecconf) { if ($ipsecconf{$key}[3] eq 'net'){ + print"
$Lang::tr{'fwhost ccdnet'}
$Lang::tr{'fwhost ccdhost'}$Lang::tr{'fwhost ccdhost'}
$Lang::tr{'fwhost cust addr'}$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ovpn_n2n'}
$Lang::tr{'fwhost ipsec net'}
$Lang::tr{'fwhost ipsec net'}
-END -# 		$Lang::tr{'fwhost ipsec host'}
"; + print"
"; print"

$Lang::tr{'fwhost attention'}:
$Lang::tr{'fwhost macwarn'}
"; } - print""; - print"
"; + print""; + print"
"; &Header::closebox(); } sub addservice @@ -1258,7 +1255,8 @@ sub addservice } print<
- $Lang::tr{'fwhost srv_name'}:$Lang::tr{'fwhost prot'}: + $Lang::tr{'fwhost prot'}: - $Lang::tr{'fwhost icmptype'} + $Lang::tr{'fwhost icmptype'} + $Lang::tr{'fwhost port'}:
END @@ -1316,15 +1315,17 @@ sub addservicegrp if ($fwhostsettings{'updatesrvgrp'} eq ''){ print< - $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: -
+ $Lang::tr{'fwhost addgrpname'} + $Lang::tr{'remark'}: +
END }else{ print< - $Lang::tr{'fwhost addgrpname'}$Lang::tr{'remark'}: -
+ $Lang::tr{'fwhost addgrpname'} + $Lang::tr{'remark'}: +
END } @@ -1977,7 +1978,7 @@ sub decrease if ( ($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Network')){ foreach my $key1 (sort keys %customnetwork){ if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){ - $customnetwork{$key1}[3]=$customnetwork{$key1}[3]-1; + $customnetwork{$key1}[4]=$customnetwork{$key1}[4]-1; last; } } @@ -1986,7 +1987,7 @@ sub decrease if (($customgrp{$key}[0] eq $grp) && ($customgrp{$key}[3] eq 'Custom Host')){ foreach my $key2 (sort keys %customhost){ if ($customhost{$key2}[0] eq $customgrp{$key}[2]){ - $customhost{$key2}[3]=$customhost{$key2}[3]-1; + $customhost{$key2}[4]=$customhost{$key2}[4]-1; last; } }