From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 9 Dec 2013 16:13:34 +0000 (+0100)
Subject: Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=e39ac92dd298fee0e546638c36f568978398a5f1;hp=be33adfb3d958259695d8b8ce2803181fbf78be2

Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
---

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index 8cff76bb5..fc8055507 100755
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -90,7 +90,10 @@ sub get_srvgrp_prot
 				$udp=1;
 			}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
 				$icmp=1;
-			} 
+			}else{
+				#Protocols used in servicegroups
+				push (@ips,$customservicegrp{$key}[2]);
+			}
 		}
 	}
 	if ($tcp eq '1'){push (@ips,'TCP');}
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c54a2eb82..d0a9e20b7 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -252,6 +252,9 @@ sub buildrules
 				#print rules to console
 				foreach my $DPROT (@DPROT){
 					$DPORT = &get_port($hash,$key,$DPROT);
+					if ($DPROT ne 'TCP' && $DPROT ne 'UDP' && $DPROT ne 'ICMP' ){
+						$DPORT='';
+					}
 					$PROT=$DPROT;
 					$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
 					foreach my $a (sort keys %sourcehash){
@@ -333,6 +336,9 @@ sub buildrules
 					$DPORT = &get_port($hash,$key,$DPROT);
 					$PROT=$DPROT;
 					$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+					if ($DPROT ne 'TCP' && $DPROT ne'UDP' && $DPROT ne 'ICMP' ){
+						$DPORT='';
+					}
 					foreach my $a (sort keys %sourcehash){
 						foreach my $b (sort keys %targethash){
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
diff --git a/config/fwhosts/customservices b/config/fwhosts/customservices
index 07dd3d2b7..7f9ae3a6f 100644
--- a/config/fwhosts/customservices
+++ b/config/fwhosts/customservices
@@ -1,15 +1,16 @@
 32,rsync,873,TCP,BLANK,0
+33,DNS (UDP),53,UDP,,0
 21,IMAPS,993,TCP,BLANK,0
 7,WINS,42,TCP,BLANK,0
 26,LPD,515,TCP,BLANK,0
-17,IRC,194,TCP,BLANK,0
 2,FTP-control,21,TCP,BLANK,0
+17,IRC,194,TCP,BLANK,0
 1,FTP-data,20,TCP,BLANK,0
 18,HTTPS,443,TCP,BLANK,0
 30,NFS,2049,TCP,BLANK,0
 16,SNMP,161,UDP,BLANK,0
-25,IPP (UDP),631,UDP,BLANK,0
 27,JetDirect,9100,TCP,BLANK,0
+25,IPP (UDP),631,UDP,BLANK,0
 28,LDAP,389,TCP,BLANK,0
 14,NetBIOS Session Service,139,TCP,BLANK,0
 20,FTPS control,990,TCP,BLANK,0
@@ -18,8 +19,8 @@
 31,Radius,1812,TCP,BLANK,0
 11,NTP,123,UDP,BLANK,0
 22,POP3S,995,TCP,BLANK,0
-13,NetBIOS Datagram Service,138,TCP,BLANK,0
 23,RDP,3389,TCP,BLANK,0
+13,NetBIOS Datagram Service,138,TCP,BLANK,0
 29,LDAPS,636,TCP,BLANK,0
 6,Time,37,TCP,BLANK,0
 3,SSH,22,TCP,BLANK,0
@@ -28,5 +29,6 @@
 15,IMAP,143,TCP,BLANK,0
 8,HTTP,80,TCP,BLANK,0
 4,Telnet,23,UDP,BLANK,0
+34,DNS (TCP),53,TCP,,0
 19,FTPS data,989,TCP,BLANK,0
 5,SMTP,25,TCP,BLANK,0
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index bc9ca85d4..7f4b63c90 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -769,8 +769,8 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
 	&General::readhasharray("$configsrvgrp", \%customservicegrp );
 	&General::readhasharray("$configsrv", \%customservice );
 	$errormessage=&checkservicegroup;
-	#Check if we have more than 13 services from one Protocol in the group
-	#iptables can only handle 13 ports/portranges via multiport
+	#Check if we have more than 15 services from one Protocol in the group
+	#iptables can only handle 15 ports/portranges via multiport
 	foreach my $key (keys %customservicegrp){
 		if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
 			foreach my $key1 (keys %customservice){
@@ -1036,12 +1036,12 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
 					last;
 				}
 			}
-			&General::writehasharray("$configsrv", \%customservice);
 			$grpname=$customservicegrp{$key}[0];
 			$grpremark=$customservicegrp{$key}[1];
 			delete $customservicegrp{$key};
 		}
 	}
+	&General::writehasharray("$configsrv", \%customservice);
 	&General::writehasharray("$configsrvgrp", \%customservicegrp);
 	&General::firewall_config_changed();
 	if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
@@ -1116,6 +1116,9 @@ if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
 			&General::writehasharray("$configsrvgrp", \%customservicegrp);
 			$fwhostsettings{'updatesrvgrp'}='on';
 			$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'};
+	}elsif($fwhostsettings{'oldsrvrem'} eq $fwhostsettings{'newsrvrem'}){
+		&addservicegrp;
+		&viewtableservicegrp;
 	}else{
 		$errormessage=$Lang::tr{'fwhost err remark'};
 		$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'};
@@ -1410,13 +1413,24 @@ END
 	if($fwhostsettings{'updatesrvgrp'} eq 'on'){
 	print<<END;
 	<form method='post'><input type='hidden' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}'><input type='hidden' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'><table border='0' width='100%'>
-	<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+	<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'add'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
 END
 	&General::readhasharray("$configsrv", \%customservice);
+	#Protocols for use in servicegroups
+	print "<optgroup label='$Lang::tr{'fwhost cust service'}'>";
 	foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice)
 	{
 		print "<option>$customservice{$key}[0]</option>";
 	}
+	print "</optgroup>";
+	print "<optgroup label='$Lang::tr{'protocol'}'>";
+	print "<option>GRE</option>";
+	print "<option>AH</option>";
+	print "<option>ESP</option>";
+	print "<option>IGMP</option>";
+	print "<option>IPIP</option>";
+	print "<option value='IPV6'>IPv6 encap</option>";
+	print "</optgroup>";
 	print<<END;
 	</select></td></tr>
 	<tr><td colspan='4'><br><br></td></tr>
@@ -1716,7 +1730,7 @@ sub viewtableservicegrp
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
 		&General::readhasharray("$configsrv", \%customservice);
 		my $number= keys %customservicegrp;
-		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
 			$count++;
 			if ($helper ne $customservicegrp{$key}[0]){
 				$delflag=0;
@@ -1754,6 +1768,16 @@ sub viewtableservicegrp
 			}else{
 				print"<tr bgcolor='$color{'color20'}'>";
 			}
+			#Set fields if we use protocols in servicegroups
+			if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne 'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
+				$port='-';
+			}
+			if ($customservicegrp{$key}[2] eq 'GRE'){$protocol='GRE';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} GRE";}
+			if ($customservicegrp{$key}[2] eq 'ESP'){$protocol='ESP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} ESP";}
+			if ($customservicegrp{$key}[2] eq 'AH'){$protocol='AH';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} AH";}
+			if ($customservicegrp{$key}[2] eq 'IGMP'){$protocol='IGMP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IGMP";}
+			if ($customservicegrp{$key}[2] eq 'IPIP'){$protocol='IPIP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPIP";}
+			if ($customservicegrp{$key}[2] eq 'IPV6'){$protocol='IPV6';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPv6 encapsulation";}
 			print "<td width='39%'>$customservicegrp{$key}[2]</td>";
 			foreach my $srv (sort keys %customservice){
 				if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){
@@ -1766,7 +1790,12 @@ sub viewtableservicegrp
 			if ($delflag gt '1'){
 				print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
 			}
-			print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+			print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'>";
+			if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
+				print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+			}else{
+				print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$protocol,$customservicegrp{$key}[3]'></form></td></tr>";
+			}
 			$helper=$customservicegrp{$key}[0];
 		}
 		print"</table>";
@@ -1823,8 +1852,6 @@ sub checksubnet
 sub checkservicegroup
 {
 	&General::readhasharray("$configsrvgrp", \%customservicegrp);
-	
-	
 	#check name
 	if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'}))
 	{
@@ -1880,7 +1907,6 @@ sub get_name
 		return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
 	}	
 }
-
 sub deletefromgrp
 {
 	my $target=shift;
@@ -1888,11 +1914,8 @@ sub deletefromgrp
 	my %hash=();
 	&General::readhasharray("$config",\%hash);
 	foreach my $key (keys %hash) {
-		$errormessage.="lese $hash{$key}[2] und $target<br>";
 		if($hash{$key}[2] eq $target){
-			
 			delete $hash{$key};
-			$errormessage.="Habe $target aus Gruppe gelöscht!<br>";
 		}
 	}
 	&General::writehasharray("$config",\%hash);
@@ -2096,8 +2119,8 @@ sub getipforgroup
 		}
 	}
 }
-
-sub decrease {
+sub decrease
+{
 	my $grp=$_[0];
 	&General::readhasharray("$confignet", \%customnetwork);
 	&General::readhasharray("$confighost", \%customhost);