Forward Firewall: applied all changes as diff and added new files. Also deleted c files from xtaccess and setdmzholes.

Signed-off-by: Alexander Marx <amarx@ipfire.org> Conflicts: config/backup/include lfs/configroot lfs/usb-stick
2026-05-11 01:38:25 +02:00 · 2013-08-09 14:02:02 +02:00
parent 7323724196
commit 111c99ddfa
15 changed files with 449 additions and 414 deletions
--- a/config/backup/include
+++ b/config/backup/include
@@ -15,6 +15,8 @@
 /var/ipfire/auth/users
 /var/ipfire/dhcp/*
 /var/ipfire/dnsforward/*
+/var/ipfire/forward/*
+/var/ipfire/fwhosts/*
 /var/ipfire/main/*
 /var/ipfire/outgoing/groups
 /var/ipfire/outgoing/macgroups
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -21,8 +21,8 @@ use Net::SSLeay;
 use Net::IPv4Addr qw(:all);
 $|=1; # line buffering

-$General::version = 'VERSION';
-$General::swroot = 'CONFIG_ROOT';
+$General::version = '2.11';
+$General::swroot = '/var/ipfire';
 $General::noipprefix = 'noipg-';
 $General::adminmanualurl = 'http://wiki.ipfire.org';

@@ -39,6 +39,99 @@ sub log
 	$logmessage = $1;
 	system('logger', '-t', $tag, $logmessage);
 }
+sub setup_default_networks
+{
+	my %netsettings=();
+	my $defaultNetworks = shift;
+	
+	&readhash("/var/ipfire/ethernet/settings", \%netsettings);
+	
+	# Get current defined networks (Red, Green, Blue, Orange)
+	$defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0";
+	$defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL";
+		
+	$defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+	$defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN";
+
+	if ($netsettings{'ORANGE_DEV'} ne ''){
+		$defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+		$defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE";
+	}
+
+	if ($netsettings{'BLUE_DEV'} ne ''){
+		$defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+		$defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE";
+	}
+
+	# OpenVPN
+	if(-e "${General::swroot}/ovpn/settings")
+	{
+		my %ovpnSettings = ();
+		&readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+
+		# OpenVPN on Red?
+		if(defined($ovpnSettings{'DOVPN_SUBNET'}))
+		{
+			my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'});
+			$sub=&General::iporsubtocidr($sub);
+			my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'});
+			$defaultNetworks->{'OpenVPN ' .$ip."/".$sub}{'ADR'} = $tempovpnsubnet[0];
+			$defaultNetworks->{'OpenVPN ' .$ip."/".$sub}{'NAME'} = "OpenVPN-Dyn";
+		}
+	} # end OpenVPN
+	# IPsec RW NET
+	if(-e "${General::swroot}/vpn/settings")
+	{
+		my %ipsecsettings = ();
+		&readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+		if($ipsecsettings{'RW_NET'} ne '')
+		{
+			my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
+			$sub=&General::iporsubtocidr($sub);
+			my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
+			$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
+			$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
+		}
+	}
+	#open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+	#my @current = <FILE>;
+	#close(FILE);
+	#my $ctr = 0;
+	#foreach my $line (@current)
+	#{
+		#if ($line ne ''){
+			#chomp($line);
+			#my @temp = split(/\,/,$line);
+			#if ($temp[2] eq '') {
+				#$temp[2] = "Alias $ctr : $temp[0]";
+			#}
+			#$defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
+			#$ctr++;
+		#}
+	#}
+}
+sub get_aliases
+{
+	
+	my $defaultNetworks = shift;
+	open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+	my @current = <FILE>;
+	close(FILE);
+	my $ctr = 0;
+	foreach my $line (@current)
+	{
+		if ($line ne ''){
+			chomp($line);
+			my @temp = split(/\,/,$line);
+			if ($temp[2] eq '') {
+				$temp[2] = "Alias $ctr : $temp[0]";
+			}
+			$defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
+			
+			$ctr++;
+		}
+	}
+}

 sub readhash
 {
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -4,49 +4,37 @@
 				 'title' => "$Lang::tr{'ssport forwarding'}",
 				 'enabled' => 1,
 				 };
-    $subfirewall->{'20.xtaccess'} = {
-				 'caption' => $Lang::tr{'external access'},
-				 'uri' => '/cgi-bin/xtaccess.cgi',
-				 'title' => "$Lang::tr{'external access'}",
-				 'enabled' => 1,
-				 };
    $subfirewall->{'30.wireless'} = {
 				'caption' => $Lang::tr{'blue access'},
 				'uri' => '/cgi-bin/wireless.cgi',
 				'title' => "$Lang::tr{'blue access'}",
 				'enabled' => 1,
 				 };
-    $subfirewall->{'40.dmz'} = {
-				'caption' => $Lang::tr{'ssdmz pinholes'},
-				'uri' => '/cgi-bin/dmzholes.cgi',
-				'title' => "$Lang::tr{'dmz pinhole configuration'}",
+    $subfirewall->{'51.forward'} = {
+				'caption' => $Lang::tr{'fwdfw menu'},
+				'uri' => '/cgi-bin/forwardfw.cgi',
+				'title' => "$Lang::tr{'fwdfw menu'}",
 				'enabled' => 1,
-				 };
-    $subfirewall->{'50.outgoing'} = {
-				'caption' => $Lang::tr{'outgoing firewall'},
-				'uri' => '/cgi-bin/outgoingfw.cgi',
-				'title' => "$Lang::tr{'outgoing firewall'}",
+				};			
+	$subfirewall->{'65.fwhost'} = {
+				'caption' => $Lang::tr{'fwhost menu'},
+				'uri' => '/cgi-bin/fwhosts.cgi',
+				'title' => "$Lang::tr{'fwhost menu'}",
 				'enabled' => 1,
 				};
-    $subfirewall->{'51.outgoinggrp'} = {
-				'caption' => $Lang::tr{'outgoing firewall groups'},
-				'uri' => '/cgi-bin/outgoinggrp.cgi',
-				'title' => "$Lang::tr{'outgoing firewall groups'}",
-				'enabled' => 1,
-				};
-    $subfirewall->{'60.upnp'} = {
+	$subfirewall->{'70.upnp'} = {
 				'caption' => 'UPnP',
 				'uri' => '/cgi-bin/upnp.cgi',
 				'title' => "Universal Plug and Play",
 				'enabled' => 0,
 				};
-    $subfirewall->{'60.optingsfw'} = {
+	$subfirewall->{'80.optingsfw'} = {
 				'caption' => $Lang::tr{'options fw'},
 				'uri' => '/cgi-bin/optionsfw.cgi',
 				'title' => "$Lang::tr{'options fw'}",
 				'enabled' => 1,
 				};
-    $subfirewall->{'70.iptables'} = {
+	$subfirewall->{'90.iptables'} = {
 				'caption' => $Lang::tr{'ipts'},
 				'uri' => '/cgi-bin/iptables.cgi',
 				'title' => "$Lang::tr{'ipts'}",
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -26,8 +26,6 @@ var/ipfire/dhcp
 #var/ipfire/dhcp/fixleases
 #var/ipfire/dhcp/settings
 var/ipfire/dhcpc
-var/ipfire/dmzholes
-#var/ipfire/dmzholes/config
 var/ipfire/dns
 #var/ipfire/dns/settings
 var/ipfire/dnsforward
@@ -47,6 +45,19 @@ var/ipfire/extrahd/partitions
 var/ipfire/extrahd/scan
 var/ipfire/extrahd/settings
 var/ipfire/fwlogs
+var/ipfire/forward
+var/ipfire/forward/bin/rules.pl
+var/ipfire/forward/bin/firewall-lib.pl
+var/ipfire/forward/settings
+var/ipfire/forward/config
+var/ipfire/forward/input
+var/ipfire/fwhosts
+var/ipfire/fwhosts/icmp-types
+var/ipfire/fwhosts/customhosts
+var/ipfire/fwhosts/customnetworks
+var/ipfire/fwhosts/customgroups
+var/ipfire/fwhosts/customservices
+var/ipfire/fwhosts/customservicegrp
 #var/ipfire/fwlogs/ipsettings
 #var/ipfire/fwlogs/portsettings
 var/ipfire/general-functions.pl
@@ -188,7 +199,5 @@ var/ipfire/wakeonlan
 var/ipfire/wireless
 #var/ipfire/wireless/config
 #var/ipfire/wireless/settings
-var/ipfire/xtaccess
-#var/ipfire/xtaccess/config
 var/ipfire/firebuild
 etc/system-release
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -84,11 +84,11 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/20-RL-firewall
 etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
-etc/rc.d/init.d/networking/red.up/23-RS-snort
-etc/rc.d/init.d/networking/red.up/24-RS-qos
-etc/rc.d/init.d/networking/red.up/25-portfw
-etc/rc.d/init.d/networking/red.up/26-xtaccess
-etc/rc.d/init.d/networking/red.up/27-RS-squid
+etc/rc.d/init.d/networking/red.up/23-forwardfwctrl
+etc/rc.d/init.d/networking/red.up/24-RS-snort
+etc/rc.d/init.d/networking/red.up/25-RS-qos
+etc/rc.d/init.d/networking/red.up/26-portfw
+etc/rc.d/init.d/networking/red.up/28-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
 etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -16,6 +16,7 @@ usr/local/bin/logwatch
 #usr/local/bin/mpfirectrl
 usr/local/bin/openvpnctrl
 usr/local/bin/outgoingfwctrl
+usr/local/bin/forwardfwctrl
 usr/local/bin/pakfire
 usr/local/bin/qosctrl
 usr/local/bin/rebuildhosts
@@ -23,9 +24,7 @@ usr/local/bin/rebuildroutes
 usr/local/bin/redctrl
 #usr/local/bin/sambactrl
 usr/local/bin/setaliases
-usr/local/bin/setdmzholes
 usr/local/bin/setportfw
-usr/local/bin/setxtaccess
 usr/local/bin/smartctrl
 usr/local/bin/snortctrl
 usr/local/bin/squidctrl