webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'amarx/firewall' into fifteen

Browse Source
This commit is contained in:
Michael Tremer
2013-08-28 11:33:20 +02:00
parent 30156b054e eb95ce89a8
commit 2ac39db92e
63 changed files with 10053 additions and 4049 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
config/backup/backup.pl
View File

@@ -22,7 +22,7 @@
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
use File::Path;
my $debug = 1;
my @include = "";
my ($Sekunden, $Minuten, $Stunden, $Monatstag, $Monat, $Jahr, $Wochentag, $Jahrestag, $Sommerzeit) = localtime(time);
@@ -64,7 +64,72 @@ elsif ($ARGV[0] eq 'restore') {
system("cd / && tar -xvz -p -f /tmp/restore.ipf");
#Here some converter scripts to correct old Backups (before core 65)
system("/usr/sbin/ovpn-ccd-convert");
}
#OUTGOINGFW CONVERTER
if( -d "${General::swroot}/outgoing"){
if( -f "${General::swroot}/forward/config" ){
unlink("${General::swroot}/forward/config");
system("touch ${General::swroot}/forward/config");
chown 99,99,"${General::swroot}/forward/config";
}
if( -f "${General::swroot}/forward/outgoing" ){
unlink("${General::swroot}/forward/outgoing");
system("touch ${General::swroot}/forward/outgoing");
chown 99,99,"${General::swroot}/forward/outgoing";
}
unlink("${General::swroot}/fwhosts/customgroups");
unlink("${General::swroot}/fwhosts/customhosts");
unlink("${General::swroot}/fwhosts/customgroups");
unlink("${General::swroot}/fwhosts/customnetworks");
unlink("${General::swroot}/fwhosts/customservicegrp");
unlink("${General::swroot}/fwhosts/customnetworks");
system("touch ${General::swroot}/fwhosts/customgroups");
system("touch ${General::swroot}/fwhosts/customhosts");
system("touch ${General::swroot}/fwhosts/customnetworks");
system("touch ${General::swroot}/fwhosts/customservicegrp");
#START CONVERTER "OUTGOINGFW"
system("/usr/sbin/convert-outgoingfw");
chown 99,99,"${General::swroot}/fwhosts/customgroups";
chown 99,99,"${General::swroot}/fwhosts/customhosts";
chown 99,99,"${General::swroot}/fwhosts/customnetworks";
chown 99,99,"${General::swroot}/fwhosts/customservicegrp";
#START CONVERTER "OUTGOINGFW"
rmtree("${General::swroot}/outgoing");
}
#XTACCESS CONVERTER
if( -d "${General::swroot}/xtaccess"){
if( -f "${General::swroot}/forward/input" ){
unlink("${General::swroot}/forward/input");
system("touch ${General::swroot}/forward/input");
}
#START CONVERTER "XTACCESS"
system("/usr/sbin/convert-xtaccess");
chown 99,99,"${General::swroot}/forward/input";
rmtree("${General::swroot}/xtaccess");
}
#DMZ-HOLES CONVERTER
if( -d "${General::swroot}/dmzholes"){
if( -f "${General::swroot}/forward/dmz" ){
unlink("${General::swroot}/forward/dmz");
system("touch ${General::swroot}/forward/dmz");
}
#START CONVERTER "DMZ-HOLES"
system("/usr/sbin/convert-dmz");
chown 99,99,"${General::swroot}/forward/dmz";
rmtree("${General::swroot}/dmzholes");
}
#PORTFORWARD CONVERTER
if( -d "${General::swroot}/portfw"){
if( -f "${General::swroot}/forward/nat" ){
unlink("${General::swroot}/forward/nat");
system("touch ${General::swroot}/forward/nat");
}
#START CONVERTER "PORTFW"
system("/usr/sbin/convert-portfw");
chown 99,99,"${General::swroot}/forward/nat";
rmtree("${General::swroot}/portfw");
}
system("/usr/local/bin/forwardfwctrl");
}
elsif ($ARGV[0] eq 'restoreaddon') {
if ( -e "/tmp/$ARGV[1]" ){system("mv /tmp/$ARGV[1] /var/ipfire/backup/addons/backup/$ARGV[1]");}
system("cd / && tar -xvz -p -f /var/ipfire/backup/addons/backup/$ARGV[1]");

2
config/backup/exclude
View File

@@ -1,5 +1,7 @@
*.tmp
/var/ipfire/ethernet/settings
/var/ipfire/forward/bin/*
/var/ipfire/proxy/calamaris/bin/*
/var/ipfire/qos/bin/qos.pl
/var/ipfire/urlfilter/blacklists/*/*.db
/var/ipfire/forward/bin/*

9
config/backup/include
View File

@@ -15,14 +15,9 @@
/var/ipfire/auth/users
/var/ipfire/dhcp/*
/var/ipfire/dnsforward/*
/var/ipfire/forward
/var/ipfire/fwhosts
/var/ipfire/main/*
/var/ipfire/outgoing/groups
/var/ipfire/outgoing/macgroups
/var/ipfire/outgoing/rules
/var/ipfire/outgoing/p2protocols
/var/ipfire/dmzholes
/var/ipfire/xtaccess
/var/ipfire/portfw
/var/ipfire/ovpn
/var/ipfire/ppp
/var/ipfire/proxy

84
config/cfgroot/general-functions.pl
View File

@@ -39,6 +39,90 @@ sub log
$logmessage = $1;
system('logger', '-t', $tag, $logmessage);
}
sub setup_default_networks
{
my %netsettings=();
my $defaultNetworks = shift;
&readhash("/var/ipfire/ethernet/settings", \%netsettings);
# Get current defined networks (Red, Green, Blue, Orange)
$defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0";
$defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL";
$defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
$defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN";
if ($netsettings{'RED_DEV'} ne ''){
$defaultNetworks->{$Lang::tr{'fwdfw red'}}{'IPT'} = "$netsettings{'RED_NETADDRESS'}/$netsettings{'RED_NETMASK'}";
$defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NAME'} = "RED";
}
if ($netsettings{'ORANGE_DEV'} ne ''){
$defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
$defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE";
}
if ($netsettings{'BLUE_DEV'} ne ''){
$defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
$defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE";
}
#IPFire himself
$defaultNetworks->{'IPFire'}{'NAME'} = "IPFire";
# OpenVPN
if(-e "${General::swroot}/ovpn/settings")
{
my %ovpnSettings = ();
&readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
# OpenVPN on Red?
if(defined($ovpnSettings{'DOVPN_SUBNET'}))
{
my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'});
$sub=&General::iporsubtocidr($sub);
my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'});
$defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'ADR'} = $tempovpnsubnet[0];
$defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'NAME'} = "OpenVPN-Dyn";
}
} # end OpenVPN
# IPsec RW NET
if(-e "${General::swroot}/vpn/settings")
{
my %ipsecsettings = ();
&readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
if($ipsecsettings{'RW_NET'} ne '')
{
my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
$sub=&General::iporsubtocidr($sub);
my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
}
}
}
sub get_aliases
{
my $defaultNetworks = shift;
open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
my @current = <FILE>;
close(FILE);
my $ctr = 0;
foreach my $line (@current)
{
if ($line ne ''){
chomp($line);
my @temp = split(/\,/,$line);
if ($temp[2] eq '') {
$temp[2] = "Alias $ctr : $temp[0]";
}
$defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
$ctr++;
}
}
}
sub readhash
{

37
config/cfgroot/graphs.pl
View File

@@ -602,22 +602,37 @@ sub updatefwhitsgraph {
"--color=SHADEA".$color{"color19"},
"--color=SHADEB".$color{"color19"},
"--color=BACK".$color{"color21"},
"DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-FORWARD/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
"DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-INPUT/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
"DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
"DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
"DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
"CDEF:amount=output,input,newnotsyn,+,+",
"COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
"COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
"COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
"AREA:amount".$color{"color24"}."A0:".sprintf("%-20s",$Lang::tr{'firewallhits'}),
"GPRINT:amount:MAX:%8.1lf %sBps",
"GPRINT:amount:AVERAGE:%8.1lf %sBps",
"GPRINT:amount:MIN:%8.1lf %sBps",
"GPRINT:amount:LAST:%8.1lf %sBps\\j",
"STACK:portscan".$color{"color25"}."A0:".sprintf("%-20s",$Lang::tr{'portscans'}),
"AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-OUTPUT"),
"GPRINT:output:MAX:%8.1lf %sBps",
"GPRINT:output:AVERAGE:%8.1lf %sBps",
"GPRINT:output:MIN:%8.1lf %sBps",
"GPRINT:output:LAST:%8.1lf %sBps\\j",
"STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-FORWARD"),
"GPRINT:forward:MAX:%8.1lf %sBps",
"GPRINT:forward:AVERAGE:%8.1lf %sBps",
"GPRINT:forward:MIN:%8.1lf %sBps",
"GPRINT:forward:LAST:%8.1lf %sBps\\j",
"STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}."-INPUT"),
"GPRINT:input:MAX:%8.1lf %sBps",
"GPRINT:input:AVERAGE:%8.1lf %sBps",
"GPRINT:input:MIN:%8.1lf %sBps",
"GPRINT:input:LAST:%8.1lf %sBps\\j",
"STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSyn"),
"GPRINT:newnotsyn:MAX:%8.1lf %sBps",
"GPRINT:newnotsyn:MIN:%8.1lf %sBps",
"GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
"GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
"STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
"GPRINT:portscan:MAX:%8.1lf %sBps",
"GPRINT:portscan:MIN:%8.1lf %sBps",
"GPRINT:portscan:AVERAGE:%8.1lf %sBps",

5
config/cfgroot/header.pl
View File

@@ -149,11 +149,8 @@ sub genmenu {
eval `/bin/cat /var/ipfire/menu.d/*.menu`;
eval `/bin/cat /var/ipfire/menu.d/*.main`;
if (! blue_used() && ! orange_used()) {
$menu->{'05.firewall'}{'subMenu'}->{'40.dmz'}{'enabled'} = 0;
}
if (! blue_used()) {
$menu->{'05.firewall'}{'subMenu'}->{'30.wireless'}{'enabled'} = 0;
$menu->{'05.firewall'}{'subMenu'}->{'60.wireless'}{'enabled'} = 0;
}
if ( $ethsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $ethsettings{'RED_TYPE'} eq 'STATIC' ) {
$menu->{'03.network'}{'subMenu'}->{'70.aliases'}{'enabled'} = 1;

9
config/cfgroot/p2protocols
View File

@@ -1,9 +0,0 @@
Bittorrent;bit;on;
Edonkey;edk;on;
KaZaA;kazaa;on;
Gnutella;gnu;on;
DirectConnect;dc;on;
Applejuice;apple;on;
WinMX;winmx;on;
SoulSeek;soul;on;
Ares;ares;on;

5
config/collectd/collectd.conf
View File

@@ -45,10 +45,11 @@ include "/etc/collectd.precache"
</Plugin>
<Plugin iptables>
Chain filter INPUT DROP_INPUT
Chain filter FORWARD DROP_OUTPUT
Chain filter PSCAN DROP_PScan
Chain filter NEWNOTSYN DROP_NEWNOTSYN
Chain filter POLICYFWD DROP_FORWARD
Chain filter POLICYOUT DROP_OUTPUT
Chain filter POLICYIN DROP_INPUT
</Plugin>
#<Plugin logfile>

193
config/forwardfw/convert-dmz Executable file
View File

@@ -0,0 +1,193 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
# This script converts old dmz holes rules from old firewall #
# to the new one. This is a 2-step process. #
# STEP1: read old config and normalize settings #
# STEP2: check valid ip and save valid rules to new firewall #
# #
###############################################################################
my @current=();
my @alias=();
my %configdmz=();
my %ifaces=();
my %configfwdfw=();
require '/var/ipfire/general-functions.pl';
my $dmzconfig = "${General::swroot}/dmzholes/config";
my $fwdfwconfig = "${General::swroot}/forward/config";
my $ifacesettings = "${General::swroot}/ethernet/settings";
my $field0 = 'ACCEPT';
my $field1 = 'FORWARDFW';
my $field2 = ''; #ON or emtpy
my $field3 = ''; #std_net_src or src_addr
my $field4 = ''; #ALL or IP-Address with /32
my $field5 = ''; #std_net_tgt or tgt_addr
my $field6 = ''; #IP or network name
my $field11 = 'ON'; #use target port
my $field12 = ''; #TCP or UDP
my $field13 = 'All ICMP-Types';
my $field14 = 'TGT_PORT';
my $field15 = ''; #Port Number
my $field16 = ''; #remark
my $field26 = '00:00';
my $field27 = '00:00';
my $field28 = '';
my $field29 = 'ALL';
my $field30 = '';
my $field31 = 'dnat';
open(FILE, $dmzconfig) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
#open LOGFILE
open (LOG, ">/var/log/converters/dmz-convert.log") or die $!;
&General::readhash($ifacesettings, \%ifaces);
&General::readhasharray($fwdfwconfig,\%configfwdfw);
&process_rules;
sub process_rules{
foreach my $line (@current){
my $now=localtime;
#get values from old configfile
my ($a,$b,$c,$d,$e,$f,$g,$h) = split (",",$line);
$h =~ s/\s*\n//gi;
print LOG "$now Processing A: $a B: $b C: $c D: $d E: $e F: $f G: $g H: $h\n";
#Now convert values and check ip addresses
$a=uc($a);
$e=uc($e);
$field2=$e if($e eq 'ON');
#SOURCE IP-check
$b=&check_ip($b);
if (&General::validipandmask($b)){
#When ip valid, check if we have a network
my ($ip,$subnet) = split ("/",$b);
if ($f eq 'orange' && $ip eq $ifaces{'ORANGE_NETADDRESS'}){
$field3='std_net_src';
$field4='ORANGE';
}elsif($f eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
$field3='std_net_src';
$field4='BLUE';
}elsif($f eq 'orange' && &General::IpInSubnet($ip,$ifaces{'ORANGE_NETADDRESS'},$ifaces{'ORANGE_NETMASK'})){
$field3='src_addr';
$field4=$b;
}elsif($f eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
$field3='src_addr';
$field4=$b;
}else{
print LOG "$now ->NOT Converted, source ip $b not part of source network $f \n\n";
next;
}
}else{
print LOG "$now -> SOURCE IP INVALID. \n\n";
next;
}
#TARGET IP-check
$c=&check_ip($c);
if (&General::validipandmask($c)){
my $now=localtime;
#When ip valid, check if we have a network
my ($ip,$subnet) = split ("/",$c);
if ($g eq 'green' && $ip eq $ifaces{'GREEN_NETADDRESS'}){
$field5='std_net_tgt';
$field6='GREEN';
}elsif($g eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
$field5='std_net_tgt';
$field6='BLUE';
}elsif($g eq 'green' && &General::IpInSubnet($ip,$ifaces{'GREEN_NETADDRESS'},$ifaces{'GREEN_NETMASK'})){
$field5='tgt_addr';
$field6=$c;
}elsif($g eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
$field5='tgt_addr';
$field6=$c;
}else{
print LOG "$now ->NOT Converted, target ip $c not part of target network $g \n\n";
next;
}
}else{
print LOG "$now -> TARGET IP INVALID. \n\n";
next;
}
$field12=$a;
#convert portrange
$d =~ tr/-/:/;
$field15=$d;
$field16=$h;
my $key = &General::findhasharraykey (\%configfwdfw);
foreach my $i (0 .. 27) { $configfwdfw{$key}[$i] = "";}
$configfwdfw{$key}[0] = $field0;
$configfwdfw{$key}[1] = $field1;
$configfwdfw{$key}[2] = $field2;
$configfwdfw{$key}[3] = $field3;
$configfwdfw{$key}[4] = $field4;
$configfwdfw{$key}[5] = $field5;
$configfwdfw{$key}[6] = $field6;
$configfwdfw{$key}[7] = '';
$configfwdfw{$key}[8] = '';
$configfwdfw{$key}[9] = '';
$configfwdfw{$key}[10] = '';
$configfwdfw{$key}[11] = $field11;
$configfwdfw{$key}[12] = $field12;
$configfwdfw{$key}[13] = $field13;
$configfwdfw{$key}[14] = $field14;
$configfwdfw{$key}[15] = $field15;
$configfwdfw{$key}[16] = $field16;
$configfwdfw{$key}[17] = '';
$configfwdfw{$key}[18] = '';
$configfwdfw{$key}[19] = '';
$configfwdfw{$key}[20] = '';
$configfwdfw{$key}[21] = '';
$configfwdfw{$key}[22] = '';
$configfwdfw{$key}[23] = '';
$configfwdfw{$key}[24] = '';
$configfwdfw{$key}[25] = '';
$configfwdfw{$key}[26] = $field26;
$configfwdfw{$key}[27] = $field27;
$configfwdfw{$key}[28] = $field28;
$configfwdfw{$key}[29] = $field29;
$configfwdfw{$key}[30] = $field30;
$configfwdfw{$key}[31] = $field31;
print LOG "$Now -> Converted to $field0,$field1,$field2,$field3,$field4,$field5,$field6,,,,,$field11,$field12,$field13,$field14,$field15,$field16,,,,,,,,,,$field26,$field27\n";
}
&General::writehasharray($fwdfwconfig,\%configfwdfw);
close (LOG);
}
sub check_ip
{
my $adr=shift;
my $a;
#ip with subnet in decimal
if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
$adr=int($1).".".int($2).".".int($3).".".int($4);
my $b = &General::iporsubtodec($5);
$a=$adr."/".$b;
}elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$adr=int($1).".".int($2).".".int($3).".".int($4);
if(&General::validip($adr)){
$a=$adr."/32";
}
}
if(&General::validipandmask($adr)){
$a=&General::iporsubtodec($adr);
}
return $a;
}

704
config/forwardfw/convert-outgoingfw Executable file
View File

@@ -0,0 +1,704 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
# This script converts old groups and firewallrules #
# to the new one. This is a 3-step process. #
# STEP1: convert groups ->LOG /var/log/converters #
# STEP2: convert rules ->LOG /var/log/converters #
# STEP3: convert P2P rules #
# #
###############################################################################
require '/var/ipfire/general-functions.pl';
use Socket;
use File::Path;
use File::Copy;
my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/";
my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/";
my $outgoingrules = "${General::swroot}/outgoing/rules";
my $outfwsettings = "${General::swroot}/outgoing/settings";
my $host = "Converted ";
my $confighosts = "${General::swroot}/fwhosts/customhosts";
my $confignets = "${General::swroot}/fwhosts/customnetworks";
my $configgroups = "${General::swroot}/fwhosts/customgroups";
my $ovpnsettings = "${General::swroot}/ovpn/settings";
my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig";
my $ccdconfig = "${General::swroot}/ovpn/ccd.conf";
my $fwdfwconfig = "${General::swroot}/forward/config";
my $outfwconfig = "${General::swroot}/forward/outgoing";
my $fwdfwsettings = "${General::swroot}/forward/settings";
my @ipgroups = qx(ls $ipgrouppath);
my @macgroups = qx(ls $macgrouppath);
my @hostarray=();
my %outsettings=();
my %hosts=();
my %nets=();
my %groups=();
my %settingsovpn=();
my %configovpn=();
my %ccdconf=();
my %fwconfig=();
my %fwconfigout=();
my %fwdsettings=();
my %ownnet=();
my %ovpnSettings = ();
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
&General::readhash($outfwsettings,\%outsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
#ONLY RUN if /var/ipfire/outgoing exists
if ( -d "/var/ipfire/outgoing"){
&process_groups;
&process_rules;
&process_p2p;
}
system("/usr/local/bin/forwardfwctrl");
sub process_groups
{
if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");}
open (LOG, ">/var/log/converters/groups-convert.log") or die $!;
#IP Group processing
foreach my $group (@ipgroups){
my $now=localtime;
chomp $group;
print LOG "\n$now Processing IP-GROUP: $group...\n";
open (DATEI, "<$ipgrouppath/$group");
my @zeilen = <DATEI>;
foreach my $ip (@zeilen){
chomp($ip);
$ip =~ s/\s//gi;
print LOG "$now Check IP $ip from Group $group ";
my $val=&check_ip($ip);
if($val){
push(@hostarray,$val.",ip");
print LOG "$now -> OK\n";
}
else{
print LOG "$now -> IP \"$ip\" from group $group not converted (invalid IP) \n";
}
$val='';
}
&new_hostgrp($group,'ip');
@hostarray=();
}
$group='';
@zeilen=();
@hostarray=();
#MAC Group processing
foreach my $group (@macgroups){
chomp $group;
print LOG "\nProcessing MAC-GROUP: $group...\n";
open (DATEI, "<$macgrouppath/$group");
my @zeilen = <DATEI>;
foreach my $mac (@zeilen){
chomp($mac);
$mac =~ s/\s//gi;
print LOG "$now Checking MAC $mac from group $group ";
#MAC checking
if(&General::validmac($mac)){
$val=$mac;
}
if($val){
push(@hostarray,$val.",mac");
print LOG "$now -> OK\n";
}
else{
print LOG "$now -> Mac $mac from group $group not converted (invalid MAC)\n";
}
$val='';
}
&new_hostgrp($group,'mac');
@hostarray=();
@zeilen=();
}
close (LOG);
}
sub check_ip
{
my $adr=shift;
my $a;
#ip with subnet in decimal
if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
$adr=int($1).".".int($2).".".int($3).".".int($4);
my $b = &General::iporsubtodec($5);
$a=$adr."/".$b;
}elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$adr=int($1).".".int($2).".".int($3).".".int($4);
if(&General::validip($adr)){
$a=$adr."/255.255.255.255";
}
}
if(&General::validipandmask($adr)){
$a=&General::iporsubtodec($adr);
}
return $a;
}
sub new_hostgrp
{
&General::readhasharray($confighosts,\%hosts);
&General::readhasharray($confignets,\%nets);
&General::readhasharray($configgroups,\%groups);
my $grp=shift;
my $run=shift;
my $name; #"converted"
my $name2;
my $name3; #custom host/custom net
foreach my $adr (@hostarray){
if($run eq 'ip'){
my ($ip,$type) = split(",",$adr);
my ($ippart,$subnet) = split("/",$ip);
my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet);
if($byte4 eq '255'){
print LOG "Processing SINGLE HOST $ippart/$subnet from group $grp\n";
if(!&check_host($ip)){
my $key = &General::findhasharraykey(\%hosts);
$name="host ";
$name2=$name.$ippart;
$name3="Custom Host";
$hosts{$key}[0] = $name2;
$hosts{$key}[1] = $type;
$hosts{$key}[2] = $ip;
$hosts{$key}[3] = '';
$hosts{$key}[4] = 1;
print LOG "->Host (IP) $ip added to custom hosts\n"
}else{
print LOG "->Host (IP) $ip already exists in custom hosts\n";
$name="host ";
$name2=$name.$ippart;
foreach my $key (sort keys %hosts){
if($hosts{$key}[0] eq $name2){
$hosts{$key}[4]++;
}
}
$name="host ";
$name2=$name.$ippart;
$name3="Custom Host";
}
}elsif($byte4 < '255'){
print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n";
if(!&check_net($ippart,$subnet)){
#Check if this network is one one of IPFire internal networks
if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'GREEN_NETADDRESS'},$ownnet{'GREEN_NETMASK'}))
{
$name2='GREEN';
$name3='Standard Network';
}elsif (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'ORANGE_NETADDRESS'},$ownnet{'ORANGE_NETMASK'}))
{
$name2='ORANGE';
$name3='Standard Network';
}elsif (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ippart,$ownnet{'BLUE_NETADDRESS'},$ownnet{'BLUE_NETMASK'}))
{
$name2='BLUE';
$name3='Standard Network';
}elsif ($ippart eq '0.0.0.0')
{
$name2='ALL';
$name3='Standard Network';
}elsif(defined($ovpnSettings{'DOVPN_SUBNET'}) && "$ippart/".&General::iporsubtodec($subnet) eq $ovpnSettings{'DOVPN_SUBNET'})
{
$name2='OpenVPN-Dyn';
$name3='Standard Network';
}else{
my $netkey = &General::findhasharraykey(\%nets);
$name="net ";
$name2=$name.$ippart;
$name3="Custom Network";
$nets{$netkey}[0] = $name2;
$nets{$netkey}[1] = $ippart;
$nets{$netkey}[2] = $subnet;
$nets{$netkey}[3] = '';
$nets{$netkey}[4] = 1;
print LOG "->Network $ippart/$subnet added to custom networks\n";
}
}else{
print LOG "Network $ippart already exists in custom networks\n";
$name="net ";
$name2=$name.$ippart;
foreach my $key (sort keys %nets){
if($nets{$key}[0] eq $name2){
$nets{$key}[4]++;
}
}
$name="net ";
$name2=$name.$ippart;
$name3="Custom Network";
}
}
if($name2 && !&check_grp($grp,$name2)){
my $grpkey = &General::findhasharraykey(\%groups);
$groups{$grpkey}[0] = $grp;
$groups{$grpkey}[1] = '';
$groups{$grpkey}[2] = $name2;
$groups{$grpkey}[3] = $name3;
$groups{$grpkey}[4] = 0;
print LOG "->$name2 added to group $grp\n";
}
}elsif($run eq 'mac'){
#MACRUN
my ($mac,$type) = split(",",$adr);
print LOG "Processing HOST (MAC) $mac\n";
if(!&check_host($mac)){
my $key = &General::findhasharraykey(\%hosts);
$name="host ";
$name2=$name.$mac;
$name3="Custom Host";
$hosts{$key}[0] = $name2;
$hosts{$key}[1] = $type;
$hosts{$key}[2] = $mac;
$hosts{$key}[3] = '';
$hosts{$key}[4] = 1;
print LOG "->Host (MAC) $mac added to custom hosts\n";
}else{
print LOG "->Host (MAC) $mac already exists in custom hosts \n";
$name="host ";
$name2=$name.$mac;
foreach my $key (sort keys %hosts){
if($hosts{$key}[0] eq $name2){
$hosts{$key}[4]++;
}
}
$name="host ";
$name2=$name.$mac;
$name3="Custom Host";
}
if($name2 && !&check_grp($grp,$name2)){
my $grpkey = &General::findhasharraykey(\%groups);
$groups{$grpkey}[0] = $grp;
$groups{$grpkey}[1] = '';
$groups{$grpkey}[2] = $name2;
$groups{$grpkey}[3] = $name3;
$groups{$grpkey}[4] = 0;
print LOG "->$name2 added to group $grp\n";
}
}
}
@hostarray=();
&General::writehasharray($confighosts,\%hosts);
&General::writehasharray($configgroups,\%groups);
&General::writehasharray($confignets,\%nets);
}
sub check_host
{
my $ip=shift;
foreach my $key (sort keys %hosts)
{
if($hosts{$key}[2] eq $ip)
{
return 1;
}
}
return 0;
}
sub check_net
{
my $ip=shift;
my $sub=shift;
foreach my $key (sort keys %nets)
{
if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub)
{
return 1;
}
}
return 0;
}
sub check_grp
{
my $grp=shift;
my $value=shift;
foreach my $key (sort keys %groups)
{
if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value)
{
return 1;
}
}
return 0;
}
sub process_rules
{
my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to);
#open LOG
if( -f "/var/log/converters/outgoingfw-convert.log"){unlink ("/var/log/converters/outgoingfw-convert.log");}
open (LOG, ">/var/log/converters/outgoingfw-convert.log") or die $!;
&General::readhash($fwdfwsettings,\%fwdsettings);
if ($outsettings{'POLICY'} eq 'MODE1'){
$fwdsettings{'POLICY'}='MODE1';
$fwdsettings{'POLICY1'}='MODE2';
$type='ALLOW';
$action='ACCEPT';
}else{
$fwdsettings{'POLICY'}='MODE2';
$fwdsettings{'POLICY1'}='MODE2';
$type='DENY';
$action='DROP';
}
&General::writehash($fwdfwsettings,\%fwdsettings);
open (DATEI, "<$outgoingrules");
my @lines = <DATEI>;
foreach my $rule (@lines)
{
my $now=localtime;
chomp($rule);
$port='';
print LOG "$now processing: $rule\n";
my @configline=();
@configline = split( /\;/, $rule );
my @prot=();
if($configline[0] eq $type){
#some variables we can use from old config
if($configline[1] eq 'on'){ $active='ON';}else{$active='';}
if($configline[3] eq 'all' && $configline[8] ne ''){
push(@prot,"TCP");
push(@prot,"UDP");
}elsif($configline[3] eq 'all' && $configline[8] eq ''){
push(@prot,"");
}else{
push(@prot,$configline[3]);
}
if($configline[4] ne ''){
$configline[4] =~ s/,/;/g;
$remark = $configline[4];
}else{$remark = '';}
if($configline[9] eq 'Active'){ $log='ON';}else{$log='';}
if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
$time='';
}else{
$time='ON';
}
}else{
$time='ON';
}
$time_mon=$configline[10];
$time_tue=$configline[11];
$time_wed=$configline[12];
$time_thu=$configline[13];
$time_fri=$configline[14];
$time_sat=$configline[15];
$time_sun=$configline[16];
$time_from=$configline[17];
$time_to=$configline[18];
############################################################
#sourcepart
if ($configline[2] eq 'green') {
$grp1='std_net_src';
$source='GREEN';
}elsif ($configline[2] eq 'orange') {
$grp1='std_net_src';
$source='ORANGE';
}elsif ($configline[2] eq 'red') {
$grp1='std_net_src';
$source='IPFire';
&General::readhash($fwdfwsettings,\%fwdsettings);
$fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
$fwdsettings{'POLICY'}=$outsettings{'POLICY'};
&General::writehash($fwdfwsettings,\%fwdsettings);
}elsif ($configline[2] eq 'blue') {
$grp1='std_net_src';
$source='BLUE';
}elsif ($configline[2] eq 'ipsec') {
print LOG "$now -> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n";
next;
}elsif ($configline[2] eq 'ovpn') {
print LOG "$now ->Creating networks/groups for OpenVPN...\n";
&build_ovpn_grp;
$grp1='cust_grp_src';
$source='ovpn'
}elsif ($configline[2] eq 'ip') {
my $z=&check_ip($configline[5]);
if($z){
my ($ipa,$subn) = split("/",$z);
$subn=&General::iporsubtocidr($subn);
$grp1='src_addr';
$source="$ipa/$subn";
}else{
print LOG "$now -> Rule not converted, missing/invalid source ip \"$configline[5]\"\n";
next;
}
}elsif ($configline[2] eq 'mac') {
if(&General::validmac($configline[6])){
$grp1='src_addr';
$source=$configline[6];
}else{
print LOG"$now -> Rule not converted, invalid MAC \"$configline[6]\" \n";
next;
}
}elsif ($configline[2] eq 'all') {
$grp1='std_net_src';
$source='ALL';
}else{
foreach my $key (sort keys %groups){
if($groups{$key}[0] eq $configline[2]){
$grp1='cust_grp_src';
$source=$configline[2];
}
}
if ($grp1 eq '' || $source eq ''){
print LOG "$now -> Rule not converted, no valid source recognised\n";
}
}
############################################################
#destinationpart
if($configline[7] ne ''){
my $address=&check_ip($configline[7]);
if($address){
my ($dip,$dsub) = split("/",$address);
$dsub=&General::iporsubtocidr($dsub);
$grp2='tgt_addr';
$target="$dip/$dsub";
}elsif(!$address){
my $getwebsiteip=&get_ip_from_domain($configline[7]);
if ($getwebsiteip){
$grp2='tgt_addr';
$target=$getwebsiteip;
$remark.=" $configline[7]";
}else{
print LOG "$now -> Rule not converted, invalid domain \"$configline[7]\"\n";
next;
}
}
}else{
$grp2='std_net_tgt';
$target='ALL';
}
if($configline[8] ne '' && $configline[3] ne 'gre' && $configline[3] ne 'esp'){
my @values=();
my @parts=split(",",$configline[8]);
foreach (@parts){
$_=~ tr/-/:/;
if (!($_ =~ /^(\d+)\:(\d+)$/)) {
if(&General::validport($_)){
$useport='ON';
push (@values,$_);
$grp3='TGT_PORT';
}else{
print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n";
next;
}
}else{
my ($a1,$a2) = split(/\:/,$_);
if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
$useport='ON';
push (@values,"$a1:$a2");
$grp3='TGT_PORT';
}else{
print LOG "$now -> Rule not converted, invalid destination Port \"$configline[8]\"\n";
next;
}
}
}
$port=join("|",@values);
@values=();
@parts=();
}
}else{
print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";
}
&General::readhasharray($fwdfwconfig,\%fwconfig);
&General::readhasharray($outfwconfig,\%fwconfigout);
my $check;
my $chain;
foreach my $protocol (@prot){
my $now=localtime;
if ($source eq 'IPFire'){
$chain='OUTGOINGFW';
}else{
$chain='FORWARDFW';
}
$protocol=uc($protocol);
print LOG "$now -> Converted: $action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n";
#Put rules into system....
###########################
#check for double rules
foreach my $key (sort keys %fwconfig){
if("$action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to"
eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){
$check='on';
next;
}
}
if($check ne 'on'){
#increase groupcounter
my $check1;
if($grp1 eq 'cust_grp_src'){
foreach my $key (sort keys %groups){
if($groups{$key}[0] eq $source){
$groups{$key}[4]++;
$check1='on';
}
}
if($check1 eq 'on'){
&General::writehasharray($configgroups,\%groups);
}
}
if ($chain eq 'FORWARDFW'){
my $key = &General::findhasharraykey(\%fwconfig);
$fwconfig{$key}[0] = $action;
$fwconfig{$key}[1] = $chain;
$fwconfig{$key}[2] = $active;
$fwconfig{$key}[3] = $grp1;
$fwconfig{$key}[4] = $source;
$fwconfig{$key}[5] = $grp2;
$fwconfig{$key}[6] = $target;
$fwconfig{$key}[11] = $useport;
$fwconfig{$key}[12] = $protocol;
$fwconfig{$key}[14] = $grp3;
$fwconfig{$key}[15] = $port;
$fwconfig{$key}[16] = $remark;
$fwconfig{$key}[17] = $log;
$fwconfig{$key}[18] = $time;
$fwconfig{$key}[19] = $time_mon;
$fwconfig{$key}[20] = $time_tue;
$fwconfig{$key}[21] = $time_wed;
$fwconfig{$key}[22] = $time_thu;
$fwconfig{$key}[23] = $time_fri;
$fwconfig{$key}[24] = $time_sat;
$fwconfig{$key}[25] = $time_sun;
$fwconfig{$key}[26] = $time_from;
$fwconfig{$key}[27] = $time_to;
$fwconfig{$key}[28] = '';
$fwconfig{$key}[29] = 'ALL';
$fwconfig{$key}[30] = '';
$fwconfig{$key}[31] = 'dnat';
}else{
my $key = &General::findhasharraykey(\%fwconfigout);
$fwconfigout{$key}[0] = $action;
$fwconfigout{$key}[1] = $chain;
$fwconfigout{$key}[2] = $active;
$fwconfigout{$key}[3] = $grp1;
$fwconfigout{$key}[4] = $source;
$fwconfigout{$key}[5] = $grp2;
$fwconfigout{$key}[6] = $target;
$fwconfigout{$key}[11] = $useport;
$fwconfigout{$key}[12] = $protocol;
$fwconfigout{$key}[14] = $grp3;
$fwconfigout{$key}[15] = $port;
$fwconfigout{$key}[16] = $remark;
$fwconfigout{$key}[17] = $log;
$fwconfigout{$key}[18] = $time;
$fwconfigout{$key}[19] = $time_mon;
$fwconfigout{$key}[20] = $time_tue;
$fwconfigout{$key}[21] = $time_wed;
$fwconfigout{$key}[22] = $time_thu;
$fwconfigout{$key}[23] = $time_fri;
$fwconfigout{$key}[24] = $time_sat;
$fwconfigout{$key}[25] = $time_sun;
$fwconfigout{$key}[26] = $time_from;
$fwconfigout{$key}[27] = $time_to;
$fwconfigout{$key}[28] = '';
$fwconfigout{$key}[29] = 'ALL';
$fwconfigout{$key}[30] = '';
$fwconfigout{$key}[31] = 'dnat';
}
&General::writehasharray($fwdfwconfig,\%fwconfig);
&General::writehasharray($outfwconfig,\%fwconfigout);
}
}
@prot=();
}
close(LOG);
@lines=();
}
sub get_ip_from_domain
{
$web=shift;
my $resolvedip;
my $checked;
my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web);
if(@addrs){
$resolvedip=inet_ntoa($addrs[0]);
return $resolvedip;
}
return;
}
sub build_ovpn_grp
{
my $now=localtime;
&General::readhasharray($confighosts,\%hosts);
&General::readhasharray($confignets,\%nets);
&General::readhasharray($configgroups,\%groups);
&General::readhasharray($ovpnconfig,\%configovpn);
&General::readhasharray($ccdconfig,\%ccdconf);
&General::readhash($ovpnsettings,\%settingsovpn);
#get ovpn nets
my @ovpnnets=();
if($settingsovpn{'DOVPN_SUBNET'}){
my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'});
push (@ovpnnets,"$net,$subnet,dynamic");
print LOG "$now ->found dynamic OpenVPN net\n";
}
foreach my $key (sort keys %ccdconf){
my ($net,$subnet)=split("/",$ccdconf{$key}[1]);
$subnet=&General::iporsubtodec($subnet);
push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]");
print LOG "$now ->found OpenVPN static net $net/$subnet\n";
}
foreach my $key (sort keys %configovpn){
if ($configovpn{$key}[3] eq 'net'){
my ($net,$subnet)=split("/",$configovpn{$key}[27]);
push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]");
print LOG "$now ->found OpenVPN $net/$subnet $configovpn{$key}[2]\n";
}
}
#add ovpn nets to customnetworks/groups
foreach my $line (@ovpnnets){
my $now=localtime;
my ($net,$subnet,$name) = split(",",$line);
if (!&check_net($net,$subnet)){
my $netkey = &General::findhasharraykey(\%nets);
$name2=$name."(ovpn)".$net;
$name3="Custom Network";
$nets{$netkey}[0] = $name2;
$nets{$netkey}[1] = $net;
$nets{$netkey}[2] = $subnet;
$nets{$netkey}[3] = '';
$nets{$netkey}[4] = 1;
print LOG "$now ->added $name2 $net/$subnet to customnetworks\n";
}else{
print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n";
}
if($name2){
my $grpkey = &General::findhasharraykey(\%groups);
$groups{$grpkey}[0] = "ovpn";
$groups{$grpkey}[1] = '';
$groups{$grpkey}[2] = $name2;
$groups{$grpkey}[3] = "Custom Network";
$groups{$grpkey}[4] = 0;
print LOG "$now ->added $name2 to customgroup ovpn\n";
}
$name2='';
}
@ovpnnets=();
&General::writehasharray($confighosts,\%hosts);
&General::writehasharray($configgroups,\%groups);
&General::writehasharray($confignets,\%nets);
print LOG "$now ->finished OVPN\n";
}
sub process_p2p
{
copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols");
chmod oct('0777'), '/var/ipfire/forward/p2protocols';
}

158
config/forwardfw/convert-portfw Executable file
View File

@@ -0,0 +1,158 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
# This script converts old portforwarding rules from old Firewall #
# to the new one. This is a 3-step process. #
# STEP1: read old config and normalize settings #
# STEP2: create new rules from old ones #
# STEP3: check if rule already exists, when not, put it into #
# /var/ipfire/forward/nat #
###############################################################################
require '/var/ipfire/general-functions.pl';
my @values=();
my @built_rules=();
my %nat=();
my $portfwconfig = "${General::swroot}/portfw/config";
my $confignat = "${General::swroot}/forward/config";
my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
my $count=0;
my $jump;
if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
open(FILE, $portfwconfig) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
open (LOG, ">/var/log/converters/portfw-convert.log") or die $!;
open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
my @alias = <ALIAS>;
close(ALIAS);
&get_config;
&build_rules;
&write_rules;
sub get_config
{
print LOG "STEP 1: Get config from old portforward\n#########################################\n";
foreach my $line (@current){
if($jump eq '1'){
$jump='';
$count++;
next;
}
my $u=$count+1;
($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line);
($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]);
if ($flag1 eq '1'){
$source=$source1;
$jump='1';
}
my $now=localtime;
chomp($remark);
print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
$count++;
}
}
sub build_rules
{
print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n";
my $src;
my $src1;
my $ipfireip;
my $count=0;
my $stop;
#build rules for new firewall
foreach my $line (@values){
chomp ($line);
($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line);
$count++;
#get sourcepart
if($source eq '0.0.0.0/0'){
$src = 'std_net_src';
$src1 = 'ALL';
}else{
$src = 'src_addr';
my ($a,$b) = split("/",$source);
$src1 = $a."/32";
}
#get ipfire ip
if($alias eq '0.0.0.0'){
$alias='ALL';
}else{
foreach my $ali (@alias){
my ($alias_ip,$alias_active,$alias_name) = split (",",$ali);
if($alias eq $alias_ip){
chomp($alias_name);
$alias=$alias_name;
}
}
}
$active = uc $active;
$prot = uc $prot;
chomp($remark);
push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
my $now=localtime;
print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
}
}
sub write_rules
{
my $skip='';
my $id;
print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n";
&General::readhasharray($confignat,\%nat);
foreach my $line (@built_rules){
$skip='';
my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
foreach my $key (sort keys %nat){
if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
my $now=localtime;
print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
$skip='1';
}
}
if ($skip ne '1'){
$id = &General::findhasharraykey(\%nat);
$nat{$id}[0] = $action;
$nat{$id}[1] = $chain;
$nat{$id}[2] = $active;
$nat{$id}[3] = $src;
$nat{$id}[4] = $src1;
$nat{$id}[5] = $tgt;
$nat{$id}[6] = $tgt1;
$nat{$id}[11] = $use_prot;
$nat{$id}[12] = $prot;
$nat{$id}[13] = $dummy;
$nat{$id}[14] = $tgt_port;
$nat{$id}[15] = $tgt_port1;
$nat{$id}[16] = $remark;
$nat{$id}[26] = $from;
$nat{$id}[27] = $to;
$nat{$id}[28] = $use_port;
$nat{$id}[29] = $alias;
$nat{$id}[30] = $ipfireport;
$nat{$id}[31] = $dnat;
my $now=localtime;
print LOG "$now NEW RULE-> Rule $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n";
}
}
&General::writehasharray($confignat,\%nat);
}
close (LOG);

141
config/forwardfw/convert-xtaccess Executable file
View File

@@ -0,0 +1,141 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
#This script converts old xtaccess rules to new firewall #
#Logfiles are created under /var/log/converters #
# #
###############################################################################
my @current=();
my @alias=();
my %configinputfw=();
require '/var/ipfire/general-functions.pl';
my $xtaccessconfig = "${General::swroot}/xtaccess/config";
my $inputfwconfig = "${General::swroot}/forward/input";
my $aliasconfig = "${General::swroot}/ethernet/aliases";
my $field0='ACCEPT';
my $field1='INPUTFW';
my $field2=''; #ON or emtpy
my $field3=''; #std_net_src or src_addr
my $field4=''; #ALL or IP-Address with /32
my $field5='ipfire';
my $field6=''; #Default IP or alias name
my $field11='ON'; #use target port
my $field12=''; #TCP or UDP
my $field13='All ICMP-Types';
my $field14='TGT_PORT';
my $field15=''; #Port Number
my $field16=''; #remark
my $field26='00:00';
my $field27='00:00';
my $field28 = '';
my $field29 = 'ALL';
my $field30 = '';
my $field31 = 'dnat';
open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
open(FILE1, $aliasconfig) or die 'Unable to open config file.';
my @alias = <FILE1>;
close(FILE1);
&General::readhasharray($inputfwconfig,\%configinputfw);
foreach my $line (@current){
my ($a,$b,$c,$d,$e,$f) = split (",",$line);
$e =~ s/\R//g;
if ($f gt ''){
$f =~ s/\R//g;
$field16=$f;
}
#active or not
$field2=uc($d);
#get protocol
if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
#check source address
if ($b eq '0.0.0.0/0'){
$field3='std_net_src';
$field4='ALL';
}elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$field3='src_addr';
$field4=$b."/32";
}elsif ($b =~ /^(.*?)\/(.*?)$/) {
$field3='src_addr';
$field4=$b;
}else{
print "Regel konnte nicht konvertiert werden!\n";
}
#check ipfire address
if ($e eq '0.0.0.0'){
$field6 = 'RED1';
}else{
foreach my $line (@alias){
my ($ip,$state,$aliasname) = split (",",$line);
if ($ip eq $e){
$aliasname =~ s/\R//g;
$field6 = $aliasname;
}
}
}
#get target port
$c=~ s/\R//g;
$c=~ tr/-/:/;
if ($c =~ /^(\D)\:(\d+)$/) {
$c = "1:$2";
}
if ($c =~ /^(\d+)\:(\D)$/) {
$c = "$1:65535";
}
$field15=$c;
my $key = &General::findhasharraykey (\%configinputfw);
foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
$configinputfw{$key}[0] = $field0;
$configinputfw{$key}[1] = $field1;
$configinputfw{$key}[2] = $field2;
$configinputfw{$key}[3] = $field3;
$configinputfw{$key}[4] = $field4;
$configinputfw{$key}[5] = $field5;
$configinputfw{$key}[6] = $field6;
$configinputfw{$key}[7] = '';
$configinputfw{$key}[8] = '';
$configinputfw{$key}[9] = '';
$configinputfw{$key}[10] = '';
$configinputfw{$key}[11] = $field11;
$configinputfw{$key}[12] = $field12;
$configinputfw{$key}[13] = $field13;
$configinputfw{$key}[14] = $field14;
$configinputfw{$key}[15] = $field15;
$configinputfw{$key}[16] = $field16;
$configinputfw{$key}[17] = '';
$configinputfw{$key}[18] = '';
$configinputfw{$key}[19] = '';
$configinputfw{$key}[20] = '';
$configinputfw{$key}[21] = '';
$configinputfw{$key}[22] = '';
$configinputfw{$key}[23] = '';
$configinputfw{$key}[24] = '';
$configinputfw{$key}[25] = '';
$configinputfw{$key}[26] = $field26;
$configinputfw{$key}[27] = $field27;
$configinputfw{$key}[28] = $field28;
$configinputfw{$key}[29] = $field29;
$configinputfw{$key}[30] = $field30;
$configinputfw{$key}[31] = $field31;
&General::writehasharray($inputfwconfig,\%configinputfw);
}

256
config/forwardfw/firewall-lib.pl Executable file
View File

@@ -0,0 +1,256 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
no warnings 'uninitialized';
package fwlib;
my %customnetwork=();
my %customhost=();
my %customgrp=();
my %customservice=();
my %customservicegrp=();
my %ccdnet=();
my %ccdhost=();
my %ipsecconf=();
my %ipsecsettings=();
my %netsettings=();
my %ovpnsettings=();
require '/var/ipfire/general-functions.pl';
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
my $configipsec = "${General::swroot}/vpn/config";
my $configovpn = "${General::swroot}/ovpn/settings";
my $val;
my $field;
&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$configccdnet", \%ccdnet);
&General::readhasharray("$configccdhost", \%ccdhost);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::readhasharray("$configsrv", \%customservice);
&General::readhasharray("$configsrvgrp", \%customservicegrp);
sub get_srv_prot
{
my $val=shift;
foreach my $key (sort {$a <=> $b} keys %customservice){
if($customservice{$key}[0] eq $val){
if ($customservice{$key}[0] eq $val){
return $customservice{$key}[2];
}
}
}
}
sub get_srvgrp_prot
{
my $val=shift;
my @ips=();
my $tcp;
my $udp;
my $icmp;
foreach my $key (sort {$a <=> $b} keys %customservicegrp){
if($customservicegrp{$key}[0] eq $val){
if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
$tcp=1;
}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
$udp=1;
}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
$icmp=1;
}
}
}
if ($tcp eq '1'){push (@ips,'TCP');}
if ($udp eq '1'){push (@ips,'UDP');}
if ($icmp eq '1'){push (@ips,'ICMP');}
my $back=join(",",@ips);
return $back;
}
sub get_srv_port
{
my $val=shift;
my $field=shift;
my $prot=shift;
foreach my $key (sort {$a <=> $b} keys %customservice){
if($customservice{$key}[0] eq $val){
if($customservice{$key}[2] eq $prot){
return $customservice{$key}[$field];
}
}
}
}
sub get_srvgrp_port
{
my $val=shift;
my $prot=shift;
my $back;
my $value;
my @ips=();
foreach my $key (sort {$a <=> $b} keys %customservicegrp){
if($customservicegrp{$key}[0] eq $val){
if ($prot ne 'ICMP'){
$value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
}elsif ($prot eq 'ICMP'){
$value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
}
push (@ips,$value) if ($value ne '') ;
}
}
if($prot ne 'ICMP'){
if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
}elsif ($prot eq 'ICMP'){
$back="--icmp-type ";
}
$back.=join(",",@ips);
return $back;
}
sub get_ipsec_net_ip
{
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ipsecconf){
if($ipsecconf{$key}[1] eq $val){
return $ipsecconf{$key}[$field];
}
}
}
sub get_ipsec_host_ip
{
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ipsecconf){
if($ipsecconf{$key}[1] eq $val){
return $ipsecconf{$key}[$field];
}
}
}
sub get_ovpn_n2n_ip
{
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ccdhost){
if($ccdhost{$key}[1] eq $val){
return $ccdhost{$key}[$field];
}
}
}
sub get_ovpn_host_ip
{
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ccdhost){
if($ccdhost{$key}[1] eq $val){
return $ccdhost{$key}[$field];
}
}
}
sub get_ovpn_net_ip
{
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ccdnet){
if($ccdnet{$key}[0] eq $val){
return $ccdnet{$key}[$field];
}
}
}
sub get_grp_ip
{
my $val=shift;
my $src=shift;
foreach my $key (sort {$a <=> $b} keys %customgrp){
if ($customgrp{$key}[0] eq $val){
&get_address($customgrp{$key}[3],$src);
}
}
}
sub get_std_net_ip
{
my $val=shift;
my $con=shift;
if ($val eq 'ALL'){
return "0.0.0.0/0.0.0.0";
}elsif($val eq 'GREEN'){
return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
}elsif($val eq 'ORANGE'){
return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
}elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
return "0.0.0.0/0 -o $con";
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
return "$ipsecsettings{'RW_NET'}";
}elsif($val eq 'IPFire'){
return ;
}
}
sub get_net_ip
{
my $val=shift;
foreach my $key (sort {$a <=> $b} keys %customnetwork){
if($customnetwork{$key}[0] eq $val){
return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
}
}
}
sub get_host_ip
{
my $val=shift;
my $src=shift;
foreach my $key (sort {$a <=> $b} keys %customhost){
if($customhost{$key}[0] eq $val){
if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
return "-m mac --mac-source $customhost{$key}[2]";
}elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
return "$customhost{$key}[2]";
}elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
return "$customhost{$key}[2]";
}elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
return "none";
}
}
}
}
return 1;

91
config/forwardfw/firewall-policy Executable file
View File

@@ -0,0 +1,91 @@
#!/bin/sh
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
iptables -F POLICYFWD
iptables -F POLICYOUT
iptables -F POLICYIN
if [ -f "/var/ipfire/red/iface" ]; then
IFACE=`cat /var/ipfire/red/iface`
fi
#FORWARDFW
if [ "$POLICY" == "MODE1" ]; then
if [ "$FWPOLICY" == "REJECT" ]; then
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
fi
/sbin/iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
fi
if [ "$FWPOLICY" == "DROP" ]; then
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
fi
else
if [ "$BLUE_DEV" ] && [ "$IFACE" ]; then
/sbin/iptables -A POLICYFWD -i blue0 ! -o $IFACE -j DROP
fi
/sbin/iptables -A POLICYFWD -i orange0 ! -o $IFACE -j DROP
/sbin/iptables -A POLICYFWD -j ACCEPT
/sbin/iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
fi
#OUTGOINGFW
if [ "$POLICY1" == "MODE1" ]; then
if [ "$FWPOLICY1" == "REJECT" ]; then
if [ "$DROPOUTGOING" == "on" ]; then
/sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
fi
/sbin/iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
fi
if [ "$FWPOLICY1" == "DROP" ]; then
if [ "$DROPOUTGOING" == "on" ]; then
/sbin/iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
fi
/sbin/iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
fi
else
/sbin/iptables -A POLICYOUT -j ACCEPT
/sbin/iptables -A POLICYOUT -m comment --comment "DROP_OUTPUT" -j DROP
fi
#INPUT
if [ "$FWPOLICY2" == "REJECT" ]; then
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
fi
/sbin/iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
fi
if [ "$FWPOLICY2" == "DROP" ]; then
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
fi
/sbin/iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
fi
exit 0

9
config/forwardfw/p2protocols Normal file
View File

@@ -0,0 +1,9 @@
Applejuice;apple;off;
Ares;ares;off;
Bittorrent;bit;off;
DirectConnect;dc;off;
Edonkey;edk;off;
Gnutella;gnu;off;
KaZaA;kazaa;off;
SoulSeek;soul;off;
WinMX;winmx;off;

610
config/forwardfw/rules.pl Executable file
View File

@@ -0,0 +1,610 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use Time::Local;
no warnings 'uninitialized';
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
my %fwdfwsettings=();
my %defaultNetworks=();
my %configfwdfw=();
my %color=();
my %icmptypes=();
my %ovpnSettings=();
my %customgrp=();
our %sourcehash=();
our %targethash=();
my @timeframe=();
my %configinputfw=();
my %configoutgoingfw=();
my %confignatfw=();
my %aliases=();
my @DPROT=();
my @p2ps=();
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/forward/bin/firewall-lib.pl";
my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input";
my $configoutgoing = "${General::swroot}/forward/outgoing";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
my $errormessage='';
my $orange;
my $green;
my $blue;
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW";
my $conexists='off';
my $command = 'iptables -A';
my $dnat='';
my $snat='';
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configfwdfw, \%configfwdfw);
&General::readhasharray($configinput, \%configinputfw);
&General::readhasharray($configoutgoing, \%configoutgoingfw);
&General::readhasharray($configgrp, \%customgrp);
&General::get_aliases(\%aliases);
#check if we have an internetconnection
open (CONN,"/var/ipfire/red/iface");
my $con = <CONN>;
close(CONN);
if (-f "/var/ipfire/red/active"){
$conexists='on';
}
open (CONN1,"/var/ipfire/red/local-ipaddress");
my $redip = <CONN1>;
close(CONN1);
################################
# DEBUG/TEST #
################################
my $MODE=0; # 0 - normal operation
# 1 - print configline and rules to console
#
################################
my $param=shift;
if($param eq 'flush'){
if ($MODE eq '1'){
print " Flushing chains...\n";
}
&flush;
}else{
if ($MODE eq '1'){
print " Flushing chains...\n";
}
&flush;
if ($MODE eq '1'){
print " Preparing rules...\n";
}
&preparerules;
if($MODE eq '0'){
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
&p2pblock;
system ("/usr/sbin/firewall-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
&p2pblock;
system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
system ("/usr/sbin/firewall-policy");
system ("/etc/sysconfig/firewall.local reload");
}
}
}
sub flush
{
system ("iptables -F FORWARDFW");
system ("iptables -F INPUTFW");
system ("iptables -F OUTGOINGFW");
system ("iptables -t nat -F NAT_DESTINATION");
system ("iptables -t nat -F NAT_SOURCE");
}
sub preparerules
{
if (! -z "${General::swroot}/forward/config"){
&buildrules(\%configfwdfw);
}
if (! -z "${General::swroot}/forward/input"){
&buildrules(\%configinputfw);
}
if (! -z "${General::swroot}/forward/outgoing"){
&buildrules(\%configoutgoingfw);
}
}
sub buildrules
{
my $hash=shift;
my $STAG;
my $natip;
my $snatport;
my $fireport;
my $nat;
my $fwaccessdport;
my $natchain;
foreach my $key (sort {$a <=> $b} keys %$hash){
next if (($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1') && $conexists eq 'off' );
if ($$hash{$key}[28] eq 'ON'){
$command='iptables -t nat -A';
$natip=&get_nat_ip($$hash{$key}[29],$$hash{$key}[31]);
if($$hash{$key}[31] eq 'dnat'){
$nat='DNAT';
if ($$hash{$key}[30] =~ /\|/){
$$hash{$key}[30]=~ tr/|/,/;
$fireport='-m multiport --dport '.$$hash{$key}[30];
}else{
$fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
}
}else{
$nat='SNAT';
}
}
$STAG='';
if($$hash{$key}[2] eq 'ON'){
#get source ip's
if ($$hash{$key}[3] eq 'cust_grp_src'){
foreach my $grp (sort {$a <=> $b} keys %customgrp){
if($customgrp{$grp}[0] eq $$hash{$key}[4]){
&get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"src");
}
}
}else{
&get_address($$hash{$key}[3],$$hash{$key}[4],"src");
}
#get target ip's
if ($$hash{$key}[5] eq 'cust_grp_tgt'){
foreach my $grp (sort {$a <=> $b} keys %customgrp){
if($customgrp{$grp}[0] eq $$hash{$key}[6]){
&get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
}
}
}elsif($$hash{$key}[5] eq 'ipfire' ){
if($$hash{$key}[6] eq 'GREEN'){
$targethash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
}
if($$hash{$key}[6] eq 'BLUE'){
$targethash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
}
if($$hash{$key}[6] eq 'ORANGE'){
$targethash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
}
if($$hash{$key}[6] eq 'ALL'){
$targethash{$key}[0]='0.0.0.0/0';
}
if($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1'){
open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
$targethash{$key}[0]= <FILE>;
close(FILE);
}else{
foreach my $alias (sort keys %aliases){
if ($$hash{$key}[6] eq $alias){
$targethash{$key}[0]=$aliases{$alias}{'IPT'};
}
}
}
}else{
&get_address($$hash{$key}[5],$$hash{$key}[6],"tgt");
}
##get source prot and port
$SRC_TGT='SRC';
$SPROT = &get_prot($hash,$key);
$SPORT = &get_port($hash,$key);
$SRC_TGT='';
##get target prot and port
$DPROT=&get_prot($hash,$key);
if ($DPROT eq ''){$DPROT=' ';}
@DPROT=split(",",$DPROT);
#get time if defined
if($$hash{$key}[18] eq 'ON'){
my ($time1,$time2,$daylight);
my $daylight=$$hash{$key}[28];
$time1=&get_time($$hash{$key}[26],$daylight);
$time2=&get_time($$hash{$key}[27],$daylight);
if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
if($$hash{$key}[20] ne ''){push (@timeframe,"Tue");}
if($$hash{$key}[21] ne ''){push (@timeframe,"Wed");}
if($$hash{$key}[22] ne ''){push (@timeframe,"Thu");}
if($$hash{$key}[23] ne ''){push (@timeframe,"Fri");}
if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
$TIME=join(",",@timeframe);
$TIMEFROM="--timestart $time1 ";
$TIMETILL="--timestop $time2 ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
}
if ($MODE eq '1'){
print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){
print "$i: $$hash{$key}[$i] ";
}
print "\n";
print"##################################\n";
#print rules to console
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
}
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
}
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
$natchain='NAT_DESTINATION';
if ($$hash{$key}[17] eq 'ON'){
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
$DPORT =~ s/\-/:/g;
if ($DPORT){
$fwaccessdport="--dport ".substr($DPORT,1,);
}elsif(! $DPORT && $$hash{$key}[30] ne ''){
if ($$hash{$key}[30]=~m/|/i){
$$hash{$key}[30] =~ s/\|/,/g;
$fwaccessdport="-m multiport --dport $$hash{$key}[30]";
}else{
$fwaccessdport="--dport $$hash{$key}[30]";
}
}
print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
next;
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
$natchain='NAT_SOURCE';
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
}
if ($$hash{$key}[17] eq 'ON'){
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
if ($PROT ne '-p ICMP'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
}
}
}
}
print"\n";
}
}elsif($MODE eq '0'){
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
#Process ICMP RULE
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
}
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
}
#PROCESS DNAT RULE (Portforward)
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
$natchain='NAT_DESTINATION';
if ($$hash{$key}[17] eq 'ON'){
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip$DPORT\n";
$DPORT =~ s/\-/:/g;
if ($DPORT){
$fwaccessdport="--dport ".substr($DPORT,1,);
}elsif(! $DPORT && $$hash{$key}[30] ne ''){
if ($$hash{$key}[30]=~m/|/i){
$$hash{$key}[30] =~ s/\|/,/g;
$fwaccessdport="-m multiport --dport $$hash{$key}[30]";
}else{
$fwaccessdport="--dport $$hash{$key}[30]";
}
}
system "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
next;
#PROCESS SNAT RULE
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
$natchain='NAT_SOURCE';
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
}
if ($$hash{$key}[17] eq 'ON'){
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
#PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
if ($PROT ne '-p ICMP'){
system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
}
}
}
}
}
}
}
%sourcehash=();
%targethash=();
undef $TIME;
undef $TIMEFROM;
undef $TIMETILL;
undef $fireport;
}
}
sub get_nat_ip
{
my $val=shift;
my $type=shift;
my $result;
if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){
$result=$defaultNetworks{$val.'_ADDRESS'};
}elsif($val eq 'ALL'){
$result='-i '.$con;
}elsif($val eq 'Default IP' && $type eq 'dnat'){
$result='-d '.$redip;
}elsif($val eq 'Default IP' && $type eq 'snat'){
$result=$redip;
}else{
foreach my $al (sort keys %aliases){
if($val eq $al && $type eq 'dnat'){
$result='-d '.$aliases{$al}{'IPT'};
}elsif($val eq $al && $type eq 'snat'){
$result=$aliases{$al}{'IPT'};
}
}
}
return $result;
}
sub get_time
{
my $val=shift;
my $val1=shift;
my $time;
my $minutes;
my $ruletime;
$minutes = &utcmin($val);
$ruletime = $minutes + &time_get_utc($val);
if ($ruletime < 0){$ruletime +=1440;}
if ($ruletime > 1440){$ruletime -=1440;}
$time=sprintf "%02d:%02d", $ruletime / 60, $ruletime % 60;
return $time;
}
sub time_get_utc
{
# Calculates the UTCtime from a given time
my $val=shift;
my @localtime=localtime(time);
my @gmtime=gmtime(time);
my $diff = ($gmtime[2]*60+$gmtime[1]%60)-($localtime[2]*60+$localtime[1]%60);
return $diff;
}
sub utcmin
{
my $ruletime=shift;
my ($hrs,$min) = split(":",$ruletime);
my $newtime = $hrs*60+$min;
return $newtime;
}
sub p2pblock
{
my $P2PSTRING;
my $DO;
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
my $CMD = "-m ipp2p";
foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /\;/, $p2pentry );
if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) {
$DO = "ACCEPT";
if ("$p2pline[2]" eq "on") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
}else {
$DO = "RETURN";
if ("$p2pline[2]" eq "off") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
}
}
if ($MODE eq 1){
if($P2PSTRING){
print"/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO\n";
}
}else{
if($P2PSTRING){
system("/sbin/iptables -A FORWARDFW $CMD $P2PSTRING -j $DO");
}
}
}
sub get_address
{
my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
my $base2=shift;
my $type=shift; #src or tgt
my $hash;
if ($type eq 'src'){
$hash=\%sourcehash;
}else{
$hash=\%targethash;
}
my $key = &General::findhasharraykey($hash);
if($base eq 'src_addr' || $base eq 'tgt_addr' ){
if (&General::validmac($base2)){
$$hash{$key}[0] = "-m mac --mac-source $base2";
}else{
$$hash{$key}[0] = $base2;
}
}elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
$$hash{$key}[0]=&fwlib::get_std_net_ip($base2,$con);
}elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
$$hash{$key}[0]=&fwlib::get_net_ip($base2);
}elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){
$$hash{$key}[0]=&fwlib::get_host_ip($base2,$type);
}elsif($base eq 'ovpn_net_src' || $base eq 'ovpn_net_tgt' || $base eq 'OpenVPN static network'){
$$hash{$key}[0]=&fwlib::get_ovpn_net_ip($base2,1);
}elsif($base eq 'ovpn_host_src' ||$base eq 'ovpn_host_tgt' || $base eq 'OpenVPN static host'){
$$hash{$key}[0]=&fwlib::get_ovpn_host_ip($base2,33);
}elsif($base eq 'ovpn_n2n_src' ||$base eq 'ovpn_n2n_tgt' || $base eq 'OpenVPN N-2-N'){
$$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,11);
}elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
$$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
}elsif($base eq 'ipfire_src' ){
if($base2 eq 'GREEN'){
$$hash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
}
if($base2 eq 'BLUE'){
$$hash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
}
if($base2 eq 'ORANGE'){
$$hash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
}
if($base2 eq 'ALL'){
$$hash{$key}[0]='0.0.0.0/0';
}
if($base2 eq 'RED' || $base2 eq 'RED1'){
open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
$$hash{$key}[0]= <FILE>;
close(FILE);
}else{
foreach my $alias (sort keys %aliases){
if ($base2 eq $alias){
$$hash{$key}[0]=$aliases{$alias}{'IPT'};
}
}
}
}
}
sub get_prot
{
my $hash=shift;
my $key=shift;
if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
if ($$hash{$key}[10] ne ''){
return"$$hash{$key}[8]";
}elsif($$hash{$key}[9] ne ''){
return"$$hash{$key}[8]";
}else{
return "$$hash{$key}[8]";
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
if ($$hash{$key}[14] eq 'TGT_PORT'){
if ($$hash{$key}[15] ne ''){
return "$$hash{$key}[12]";
}elsif($$hash{$key}[13] ne ''){
return "$$hash{$key}[12]";
}else{
return "$$hash{$key}[12]";
}
}elsif($$hash{$key}[14] eq 'cust_srv'){
return &fwlib::get_srv_prot($$hash{$key}[15]);
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
}
}
#DNAT
if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' && $$hash{$key}[12] ne ''){
return "$$hash{$key}[12]";
}
}
sub get_port
{
my $hash=shift;
my $key=shift;
my $prot=shift;
if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
if ($$hash{$key}[10] ne ''){
$$hash{$key}[10] =~ s/\|/,/g;
if(index($$hash{$key}[10],",") > 0){
return "-m multiport --sport $$hash{$key}[10] ";
}else{
if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat') ){
return "--sport $$hash{$key}[10] ";
}else{
return ":$$hash{$key}[10]";
}
}
}elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[9] ";
}elsif($$hash{$key}[9] eq 'All ICMP-Types'){
return;
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
if($$hash{$key}[14] eq 'TGT_PORT'){
if ($$hash{$key}[15] ne ''){
$$hash{$key}[15] =~ s/\|/,/g;
if(index($$hash{$key}[15],",") > 0){
return "-m multiport --dport $$hash{$key}[15] ";
}else{
if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
return "--dport $$hash{$key}[15] ";
}else{
$$hash{$key}[15] =~ s/\:/-/g;
return ":$$hash{$key}[15]";
}
}
}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[13] ";
}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
return;
}
}elsif($$hash{$key}[14] eq 'cust_srv'){
if ($prot ne 'ICMP'){
if($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
return ":".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
}else{
return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
}
}elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
}elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
return;
}
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
if ($prot ne 'ICMP'){
return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
}
elsif($prot eq 'ICMP'){
return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
}
}
}
}

32
config/fwhosts/customservices Normal file
View File

@@ -0,0 +1,32 @@
32,rsync,873,TCP,BLANK,0
21,IMAPS,993,TCP,BLANK,0
7,WINS,42,TCP,BLANK,0
26,LPD,515,TCP,BLANK,0
17,IRC,194,TCP,BLANK,0
2,FTP-control,21,TCP,BLANK,0
1,FTP-data,20,TCP,BLANK,0
18,HTTPS,443,TCP,BLANK,0
30,NFS,2049,TCP,BLANK,0
16,SNMP,161,UDP,BLANK,0
25,IPP (UDP),631,UDP,BLANK,0
27,JetDirect,9100,TCP,BLANK,0
28,LDAP,389,TCP,BLANK,0
14,NetBIOS Session Service,139,TCP,BLANK,0
20,FTPS control,990,TCP,BLANK,0
24,IPP (TCP),631,TCP,BLANK,0
10,SFTP,115,TCP,BLANK,0
31,Radius,1812,TCP,BLANK,0
11,NTP,123,UDP,BLANK,0
22,POP3S,995,TCP,BLANK,0
13,NetBIOS Datagram Service,138,TCP,BLANK,0
23,RDP,3389,TCP,BLANK,0
29,LDAPS,636,TCP,BLANK,0
6,Time,37,TCP,BLANK,0
3,SSH,22,TCP,BLANK,0
9,POP3,110,TCP,BLANK,0
12,NetBIOS Name Service,137,TCP,BLANK,0
15,IMAP,143,TCP,BLANK,0
8,HTTP,80,TCP,BLANK,0
4,Telnet,23,UDP,BLANK,0
19,FTPS data,989,TCP,BLANK,0
5,SMTP,25,TCP,BLANK,0

36
config/fwhosts/icmp-types Executable file
View File

@@ -0,0 +1,36 @@
0,echo-reply,0
1,destination-unreachable,3
2,network-unreachable,3/0
3,host-unreachable,3/1
4,protocol-unreachable,3/2
5,port-unreachable,3/3
6,fragmentation-needed,3/4
7,source-route-failed,3/5
8,network-unknown,3/6
9,host-unknown,3/7
10,network-prohibited,3/9
11,host-prohibited,3/10
12,TOS-network-unreachable,3/11
13,TOS-host-unreachable,3/12
14,communication-prohibited,3/13
15,host-precedence-violation,3/14
16,precedence-cutoff,3/15
17,source-quench,4
18,redirect,5
19,network-redirect,5/0
20,host-redirect,5/1
21,TOS-network-redirect,5/2
22,TOS-host-redirect,5/3
23,echo-request,8
24,router-advertisement,9
25,router-solicitation,10
26,time-exceeded,11
27,ttl-zero-during-transit,11/0
28,ttl-zero-during-reassembly,11/1
29,parameter-problem,12
30,ip-header-bad,12/0
31,required-option-missing,12/1
32,timestamp-request,13
33,timestamp-reply,14
34,address-mask-request,17
35,address-mask-reply,18

68
config/menu/50-firewall.menu
View File

@@ -1,52 +1,40 @@
$subfirewall->{'10.dnat'} = {
'caption' => $Lang::tr{'ssport forwarding'},
'uri' => '/cgi-bin/portfw.cgi',
'title' => "$Lang::tr{'ssport forwarding'}",
'enabled' => 1,
};
$subfirewall->{'20.xtaccess'} = {
'caption' => $Lang::tr{'external access'},
'uri' => '/cgi-bin/xtaccess.cgi',
'title' => "$Lang::tr{'external access'}",
'enabled' => 1,
};
$subfirewall->{'30.wireless'} = {
'caption' => $Lang::tr{'blue access'},
'uri' => '/cgi-bin/wireless.cgi',
'title' => "$Lang::tr{'blue access'}",
'enabled' => 1,
};
$subfirewall->{'40.dmz'} = {
'caption' => $Lang::tr{'ssdmz pinholes'},
'uri' => '/cgi-bin/dmzholes.cgi',
'title' => "$Lang::tr{'dmz pinhole configuration'}",
'enabled' => 1,
};
$subfirewall->{'50.outgoing'} = {
'caption' => $Lang::tr{'outgoing firewall'},
'uri' => '/cgi-bin/outgoingfw.cgi',
'title' => "$Lang::tr{'outgoing firewall'}",
$subfirewall->{'10.forward'} = {
'caption' => $Lang::tr{'fwdfw menu'},
'uri' => '/cgi-bin/forwardfw.cgi',
'title' => "$Lang::tr{'fwdfw menu'}",
'enabled' => 1,
};
$subfirewall->{'51.outgoinggrp'} = {
'caption' => $Lang::tr{'outgoing firewall groups'},
'uri' => '/cgi-bin/outgoinggrp.cgi',
'title' => "$Lang::tr{'outgoing firewall groups'}",
$subfirewall->{'20.fwhost'} = {
'caption' => $Lang::tr{'fwhost menu'},
'uri' => '/cgi-bin/fwhosts.cgi',
'title' => "$Lang::tr{'fwhost menu'}",
'enabled' => 1,
};
$subfirewall->{'60.upnp'} = {
'caption' => 'UPnP',
'uri' => '/cgi-bin/upnp.cgi',
'title' => "Universal Plug and Play",
'enabled' => 0,
};
$subfirewall->{'60.optingsfw'} = {
$subfirewall->{'30.optionsfw'} = {
'caption' => $Lang::tr{'options fw'},
'uri' => '/cgi-bin/optionsfw.cgi',
'title' => "$Lang::tr{'options fw'}",
'enabled' => 1,
};
$subfirewall->{'70.iptables'} = {
$subfirewall->{'40.p2p'} = {
'caption' => 'P2P-Block',
'uri' => '/cgi-bin/p2p-block.cgi',
'title' => "P2P-Block",
'enabled' => 1,
};
$subfirewall->{'60.wireless'} = {
'caption' => $Lang::tr{'blue access'},
'uri' => '/cgi-bin/wireless.cgi',
'title' => "$Lang::tr{'blue access'}",
'enabled' => 1,
};
$subfirewall->{'70.upnp'} = {
'caption' => 'UPnP',
'uri' => '/cgi-bin/upnp.cgi',
'title' => "Universal Plug and Play",
'enabled' => 0,
};
$subfirewall->{'90.iptables'} = {
'caption' => $Lang::tr{'ipts'},
'uri' => '/cgi-bin/iptables.cgi',
'title' => "$Lang::tr{'ipts'}",

34
config/outgoingfw/defaultservices
View File

@@ -1,34 +0,0 @@
bootpc,68,tcp&udp,Bootstrap Protocol Client
bootps,67,tcp&udp,Bootstrap Protocol Server
domain,53,tcp&udp,Domain Name Server
echo,7,tcp&udp,Echo
ftp,21,tcp&udp,File Transfer Control
ftp-data,20,tcp&udp,File Control Data
http,80,tcp,Hypertext Transfer Protocol
https,443,tcp,secure HTTP
imap,143,tcp,Interactive Mail Access Protocol
imap3,220,tcp,Interactive Mail Access Protocol v3
imaps,993,tcp,secure IMAP
ipfire-https,444,tcp,IPFire HTTPS
ipfire-ssh,222,tcp&udp,IPFire SSH
irc,194,tcp&udp,Internet Relay Chat
ircd,6667,tcp&udp,Internet Relay Chat
microsoft-ds,445,tcp&udp,Netbios Filesharing
nameserver,42,tcp&udp,Host Name Server
netbios-dgm,138,tcp&udp,NETBIOS Datagram Service
netbios-ns,137,tcp&udp,NETBIOS Name Server
netbios-ssn,139,tcp&udp,NETBIOS Session Service
nfs,2049,tcp&udp,Network File System
ntp,123,udp,Network Time Protocol
pop3,110,tcp,POP3 Email
pop3s,995,tcp,secure POP3 Email
sftp,115,tcp&udp,secure File Transfer Protocol
smtp,25,tcp,Simple Mail Transfer Protocol
smtps,465,tcp,secure Simple Mail Transfer Protocol
snmp,161,tcp&udp,Simple Network Management
snmptrap,162,udp,SNMP Trap
ssh,22,tcp&udp,SSH
telnet,23,tcp&udp,Telnet
tftp,69,tcp&udp,Trivial File Transfer
time,37,tcp&udp,Time
wins,1512,tcp&udp,Windows Internet Name Service

286
config/outgoingfw/outgoingfw.pl
View File

@@ -1,286 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2011 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
my %outfwsettings = ();
my %checked = ();
my %selected= () ;
my %netsettings = ();
my $errormessage = "";
my $configentry = "";
my @configs = ();
my @configline = ();
my $p2pentry = "";
my @p2ps = ();
my @p2pline = ();
my $CMD = "";
my $P2PSTRING = "";
my $DEBUG = 0;
my $configfile = "/var/ipfire/outgoing/rules";
my $p2pfile = "/var/ipfire/outgoing/p2protocols";
### Values that have to be initialized
$outfwsettings{'ACTION'} = '';
$outfwsettings{'VALID'} = 'yes';
$outfwsettings{'EDIT'} = 'no';
$outfwsettings{'NAME'} = '';
$outfwsettings{'SNET'} = '';
$outfwsettings{'SIP'} = '';
$outfwsettings{'SPORT'} = '';
$outfwsettings{'SMAC'} = '';
$outfwsettings{'DIP'} = '';
$outfwsettings{'DPORT'} = '';
$outfwsettings{'PROT'} = '';
$outfwsettings{'STATE'} = '';
$outfwsettings{'DISPLAY_DIP'} = '';
$outfwsettings{'DISPLAY_DPORT'} = '';
$outfwsettings{'DISPLAY_SMAC'} = '';
$outfwsettings{'DISPLAY_SIP'} = '';
$outfwsettings{'POLICY'} = 'MODE0';
my @SOURCE = "";
my $SOURCE = "";
my $DESTINATION = "";
my @PROTO = "";
my $PROTO = "";
my $DPORT = "";
my $DEV = "";
my $MAC = "";
my $DO = "";
my $DAY = "";
# read files
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$netsettings{'RED_DEV'}=`cat /var/ipfire/red/iface`;
$netsettings{'RED_IP'}=`cat /var/ipfire/red/local-ipaddress`;
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$outfwsettings{'STATE'} = "ALLOW";
$DO = "RETURN";
} elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
$outfwsettings{'STATE'} = "DENY";
$DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '";
}
### Initialize IPTables
system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1");
system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1");
system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1");
system("/sbin/iptables --flush OUTGOINGFWMAC >/dev/null 2>&1");
system("/sbin/iptables --delete-chain OUTGOINGFWMAC >/dev/null 2>&1");
system("/sbin/iptables -N OUTGOINGFWMAC >/dev/null 2>&1");
if ( $outfwsettings{'POLICY'} eq 'MODE0' ) {
&firewall_local_reload();
exit 0
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
$CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
$CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
$CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
$CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j RETURN";
if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
}
foreach $configentry (sort @configs)
{
@SOURCE = "";
$DESTINATION = "";
$PROTO = "";
$DPORT = "";
$DEV = "";
$MAC = "";
@configline = split( /\;/, $configentry );
if ($outfwsettings{'STATE'} eq $configline[0]) {
if ($configline[2] eq 'green') {
@SOURCE = ("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
$DEV = $netsettings{'GREEN_DEV'};
} elsif ($configline[2] eq 'red') {
@SOURCE = ("$netsettings{'RED_IP'}");
$DEV = "";
} elsif ($configline[2] eq 'blue') {
@SOURCE = ("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
$DEV = $netsettings{'BLUE_DEV'};
} elsif ($configline[2] eq 'orange') {
@SOURCE = ("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
$DEV = $netsettings{'ORANGE_DEV'};
} elsif ($configline[2] eq 'ipsec') {
@SOURCE = "";
$DEV = "ipsec+";
} elsif ($configline[2] eq 'ovpn') {
@SOURCE = "";
$DEV = "tun+";
} elsif ($configline[2] eq 'ip') {
@SOURCE = ("$configline[5]");
$DEV = "";
} elsif ($configline[2] eq 'mac') {
@SOURCE = ("$configline[6]");
$DEV = "";
} elsif ($configline[2] eq 'all') {
@SOURCE = ("0/0");
$DEV = "";
} else {
if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) {
@SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`;
} elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) {
@SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`;
$configline[2] = "mac";
}
$DEV = "";
}
if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; }
if ($configline[3] eq 'tcp') {
@PROTO = ("tcp");
} elsif ($configline[3] eq 'udp') {
@PROTO = ("udp");
} elsif ($configline[3] eq 'esp') {
@PROTO = ("esp");
} elsif ($configline[3] eq 'gre') {
@PROTO = ("gre");
} else {
@PROTO = ("tcp","udp");
}
my $macrule = 0;
foreach $PROTO (@PROTO){
foreach $SOURCE (@SOURCE) {
$SOURCE =~ s/\s//gi;
if ( $SOURCE eq "" || $configline[1] eq "" ){next;}
if ( ( $configline[6] ne "" || $configline[2] eq 'mac' ) && $configline[2] ne 'all'){
$SOURCE =~ s/[^a-zA-Z0-9]/:/gi;
$CMD = "-m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO";
$macrule = 1;
} else {
$CMD = "-s $SOURCE -d $DESTINATION -p $PROTO";
}
if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) {
$DPORT = "$configline[8]";
$CMD = "$CMD -m multiport --destination-port $DPORT";
}
if ($DEV) {
$CMD = "$CMD -i $DEV";
}
if ($configline[17] && $configline[18]) {
$DAY = "";
if ($configline[10]){$DAY = "Mon,"}
if ($configline[11]){$DAY .= "Tue,"}
if ($configline[12]){$DAY .= "Wed,"}
if ($configline[13]){$DAY .= "Thu,"}
if ($configline[14]){$DAY .= "Fri,"}
if ($configline[15]){$DAY .= "Sat,"}
if ($configline[16]){$DAY .= "Sun"}
$CMD = "$CMD -m time --timestart $configline[17] --timestop $configline[18] --weekdays $DAY";
}
$CMD = "$CMD -o $netsettings{'RED_DEV'}";
if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
applyrule("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '", $macrule);
} elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
applyrule("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '", $macrule);
}
applyrule("$CMD -j $DO", $macrule);
}
}
}
}
### Do the P2P-Stuff here
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
$CMD = "-m ipp2p";
foreach $p2pentry (sort @p2ps) {
@p2pline = split( /\;/, $p2pentry );
if ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
$DO = "DROP";
if ("$p2pline[2]" eq "off") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
} else {
$DO = "RETURN";
if ("$p2pline[2]" eq "on") {
$P2PSTRING = "$P2PSTRING --$p2pline[1]";
}
}
}
if ($P2PSTRING) {
applyrule("$CMD $P2PSTRING -j $DO", 0);
}
if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
if ( $outfwsettings{'MODE1LOG'} eq 'on' ) {
applyrule("-o $netsettings{'RED_DEV'} -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '", 0);
}
applyrule("-o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW '", 0);
}
&firewall_local_reload();
sub applyrule($$) {
my $cmd = shift;
my $macrule = shift;
system("/sbin/iptables -A OUTGOINGFWMAC $cmd");
if ($macrule == 0) {
system("/sbin/iptables -A OUTGOINGFW $cmd");
}
}
sub firewall_local_reload() {
my $script = "/etc/sysconfig/firewall.local";
if ( -x $script ) {
system("$script reload >/dev/null 2>&1");
}
}

12
config/rootfiles/common/apache2
View File

@@ -1390,9 +1390,11 @@ srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/dns.cgi
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/dmzholes.cgi
#srv/web/ipfire/cgi-bin/dmzholes.cgi
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
srv/web/ipfire/cgi-bin/forwardfw.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
srv/web/ipfire/cgi-bin/hosts.cgi
@@ -1408,12 +1410,12 @@ srv/web/ipfire/cgi-bin/modem.cgi
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
srv/web/ipfire/cgi-bin/outgoingfw.cgi
srv/web/ipfire/cgi-bin/outgoinggrp.cgi
#srv/web/ipfire/cgi-bin/outgoingfw.cgi
#srv/web/ipfire/cgi-bin/outgoinggrp.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/p2p-block.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
srv/web/ipfire/cgi-bin/portfw.cgi
srv/web/ipfire/cgi-bin/pppsetup.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/qos.cgi
@@ -1432,6 +1434,6 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi
srv/web/ipfire/cgi-bin/webaccess.cgi
srv/web/ipfire/cgi-bin/wireless.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
srv/web/ipfire/cgi-bin/xtaccess.cgi
#srv/web/ipfire/cgi-bin/xtaccess.cgi
srv/web/ipfire/html
var/updatecache

4
config/rootfiles/common/armv5tel/initscripts
View File

@@ -81,11 +81,9 @@ etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/20-RL-firewall
etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/25-portfw
etc/rc.d/init.d/networking/red.up/26-xtaccess
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/networking/red.up/40-ipac

27
config/rootfiles/common/configroot
View File

@@ -26,8 +26,6 @@ var/ipfire/dhcp
#var/ipfire/dhcp/fixleases
#var/ipfire/dhcp/settings
var/ipfire/dhcpc
var/ipfire/dmzholes
#var/ipfire/dmzholes/config
var/ipfire/dns
#var/ipfire/dns/settings
var/ipfire/dnsforward
@@ -47,6 +45,23 @@ var/ipfire/extrahd/partitions
var/ipfire/extrahd/scan
var/ipfire/extrahd/settings
var/ipfire/fwlogs
var/ipfire/forward
var/ipfire/forward/bin/rules.pl
var/ipfire/forward/bin/firewall-lib.pl
var/ipfire/forward/settings
var/ipfire/forward/config
var/ipfire/forward/input
var/ipfire/forward/outgoing
var/ipfire/forward/dmz
var/ipfire/forward/nat
var/ipfire/forward/p2protocols
var/ipfire/fwhosts
var/ipfire/fwhosts/icmp-types
var/ipfire/fwhosts/customhosts
var/ipfire/fwhosts/customnetworks
var/ipfire/fwhosts/customgroups
var/ipfire/fwhosts/customservices
var/ipfire/fwhosts/customservicegrp
#var/ipfire/fwlogs/ipsettings
#var/ipfire/fwlogs/portsettings
var/ipfire/general-functions.pl
@@ -105,11 +120,11 @@ var/ipfire/net-traffic
#var/ipfire/nfs
#var/ipfire/nfs/nfs-server
var/ipfire/optionsfw
#var/ipfire/optionsfw/settings
var/ipfire/outgoing
var/ipfire/optionsfw/settings
#var/ipfire/outgoing
#var/ipfire/outgoing/bin
#var/ipfire/outgoing/bin/outgoingfw.pl
var/ipfire/outgoing/defaultservices
#var/ipfire/outgoing/defaultservices
#var/ipfire/outgoing/groups
#var/ipfire/outgoing/groups/ipgroups
#var/ipfire/outgoing/groups/macgroups
@@ -188,7 +203,5 @@ var/ipfire/wakeonlan
var/ipfire/wireless
#var/ipfire/wireless/config
#var/ipfire/wireless/settings
var/ipfire/xtaccess
#var/ipfire/xtaccess/config
var/ipfire/firebuild
etc/system-release

4
config/rootfiles/common/i586/initscripts
View File

@@ -83,11 +83,9 @@ etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/20-RL-firewall
etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/25-portfw
etc/rc.d/init.d/networking/red.up/26-xtaccess
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/networking/red.up/40-ipac

6
config/rootfiles/common/misc-progs
View File

@@ -15,7 +15,8 @@ usr/local/bin/launch-ether-wake
usr/local/bin/logwatch
#usr/local/bin/mpfirectrl
usr/local/bin/openvpnctrl
usr/local/bin/outgoingfwctrl
#usr/local/bin/outgoingfwctrl
usr/local/bin/forwardfwctrl
usr/local/bin/pakfire
usr/local/bin/qosctrl
usr/local/bin/rebuildhosts
@@ -23,9 +24,6 @@ usr/local/bin/rebuildroutes
usr/local/bin/redctrl
#usr/local/bin/sambactrl
usr/local/bin/setaliases
usr/local/bin/setdmzholes
usr/local/bin/setportfw
usr/local/bin/setxtaccess
usr/local/bin/smartctrl
usr/local/bin/snortctrl
usr/local/bin/squidctrl

5
config/rootfiles/common/stage2
View File

@@ -109,6 +109,11 @@ usr/local/bin/update-lang-cache
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
usr/sbin/firewall-policy
usr/sbin/convert-xtaccess
usr/sbin/convert-outgoingfw
usr/sbin/convert-dmz
usr/sbin/convert-portfw
#usr/share
#usr/share/doc
#usr/share/doc/licenses

1
config/rootfiles/oldcore/66/filelists/files
View File

@@ -48,6 +48,5 @@ var/ipfire/backup/bin/backup.pl
var/ipfire/backup/include
var/ipfire/general-functions.pl
var/ipfire/langs
var/ipfire/outgoing/bin/outgoingfw.pl
var/ipfire/qos/bin/makeqosscripts.pl
var/ipfire/updatexlrator/bin/download

81
doc/language_issues.de
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -45,6 +47,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: apply
WARNING: translation string unused: archive not exist
@@ -68,6 +71,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
@@ -109,6 +113,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -119,10 +128,16 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -149,6 +164,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -158,6 +174,10 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forward firewall
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -166,6 +186,39 @@ WARNING: translation string unused: from email pw
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw ACCEPT
WARNING: translation string unused: fwdfw DROP
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw REJECT
WARNING: translation string unused: fwdfw addr grp
WARNING: translation string unused: fwdfw cust addr
WARNING: translation string unused: fwdfw cust net
WARNING: translation string unused: fwdfw err srcovpn
WARNING: translation string unused: fwdfw err srcport
WARNING: translation string unused: fwdfw err tgt_port
WARNING: translation string unused: fwdfw err tgtovpn
WARNING: translation string unused: fwdfw err tgtport
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
WARNING: translation string unused: fwdfw natport used
WARNING: translation string unused: fwdfw rules
WARNING: translation string unused: fwdfw std network
WARNING: translation string unused: fwdfw till
WARNING: translation string unused: fwdfw time
WARNING: translation string unused: fwhost addrule
WARNING: translation string unused: fwhost attention
WARNING: translation string unused: fwhost blue
WARNING: translation string unused: fwhost changeremark
WARNING: translation string unused: fwhost err addrgrp
WARNING: translation string unused: fwhost err hostorip
WARNING: translation string unused: fwhost err mac
WARNING: translation string unused: fwhost green
WARNING: translation string unused: fwhost ipadr
WARNING: translation string unused: fwhost ipsec host
WARNING: translation string unused: fwhost orange
WARNING: translation string unused: fwhost reset
WARNING: translation string unused: fwhost wo subnet
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
@@ -220,6 +273,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -245,6 +299,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -261,6 +316,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -286,6 +342,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
@@ -296,7 +353,16 @@ WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -327,6 +393,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -353,7 +421,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -369,15 +439,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -476,13 +554,16 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos add subclass

82
doc/language_issues.en
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
@@ -129,6 +133,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -141,11 +150,17 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -172,6 +187,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -181,6 +197,10 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forward firewall
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -189,6 +209,39 @@ WARNING: translation string unused: from email pw
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw ACCEPT
WARNING: translation string unused: fwdfw DROP
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw REJECT
WARNING: translation string unused: fwdfw addr grp
WARNING: translation string unused: fwdfw cust addr
WARNING: translation string unused: fwdfw cust net
WARNING: translation string unused: fwdfw err srcovpn
WARNING: translation string unused: fwdfw err srcport
WARNING: translation string unused: fwdfw err tgt_port
WARNING: translation string unused: fwdfw err tgtovpn
WARNING: translation string unused: fwdfw err tgtport
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
WARNING: translation string unused: fwdfw natport used
WARNING: translation string unused: fwdfw rules
WARNING: translation string unused: fwdfw std network
WARNING: translation string unused: fwdfw till
WARNING: translation string unused: fwdfw time
WARNING: translation string unused: fwhost addrule
WARNING: translation string unused: fwhost attention
WARNING: translation string unused: fwhost blue
WARNING: translation string unused: fwhost changeremark
WARNING: translation string unused: fwhost err addrgrp
WARNING: translation string unused: fwhost err hostorip
WARNING: translation string unused: fwhost err mac
WARNING: translation string unused: fwhost green
WARNING: translation string unused: fwhost ipadr
WARNING: translation string unused: fwhost ipsec host
WARNING: translation string unused: fwhost orange
WARNING: translation string unused: fwhost reset
WARNING: translation string unused: fwhost wo subnet
WARNING: translation string unused: g.dtm
WARNING: translation string unused: g.lite
WARNING: translation string unused: gen static key
@@ -246,6 +299,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -271,6 +325,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -287,6 +342,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -313,6 +369,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
@@ -323,7 +380,16 @@ WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -354,6 +420,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -381,7 +449,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -400,15 +470,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -511,14 +589,18 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: bytes
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: wlanap country

187
doc/language_issues.es
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
@@ -127,6 +131,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -139,11 +148,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -170,6 +186,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -179,6 +196,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -244,6 +264,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -269,6 +290,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -285,6 +307,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -311,6 +334,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
@@ -318,8 +342,14 @@ WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -350,6 +380,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -377,7 +409,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -396,15 +430,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -497,6 +539,7 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
@@ -556,6 +599,11 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -574,6 +622,141 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: openvpn default
@@ -595,9 +778,6 @@ WARNING: untranslated string: outgoing firewall ip groups
WARNING: untranslated string: outgoing firewall mac groups
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: outgoing firewall p2p description 1
WARNING: untranslated string: outgoing firewall p2p description 2
WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
WARNING: untranslated string: ovpn errmsg green already pushed
@@ -618,6 +798,7 @@ WARNING: untranslated string: proxy reports monthly
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

187
doc/language_issues.fr
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
@@ -127,6 +131,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -139,11 +148,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -170,6 +186,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -179,6 +196,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -244,6 +264,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -269,6 +290,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -285,6 +307,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -311,6 +334,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
@@ -318,7 +342,16 @@ WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -349,6 +382,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -376,7 +411,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -395,15 +432,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -498,6 +543,7 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
@@ -556,6 +602,11 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -574,6 +625,141 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: ntp common settings
@@ -602,6 +788,7 @@ WARNING: untranslated string: proxy reports monthly
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

187
doc/language_issues.nl
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
@@ -129,6 +133,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -141,11 +150,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -172,6 +188,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -181,6 +198,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -246,6 +266,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -271,6 +292,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -287,6 +309,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -313,6 +336,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
@@ -323,7 +347,16 @@ WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -354,6 +387,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -381,7 +416,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -400,15 +437,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -501,6 +546,7 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
@@ -520,9 +566,150 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos enter bandwidths
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

187
doc/language_issues.pl
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
@@ -127,6 +131,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -139,11 +148,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -170,6 +186,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -179,6 +196,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -244,6 +264,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -269,6 +290,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -285,6 +307,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -311,6 +334,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
@@ -318,8 +342,14 @@ WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -350,6 +380,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -377,7 +409,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -396,15 +430,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -497,6 +539,7 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
@@ -556,6 +599,11 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -574,6 +622,141 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: minute
WARNING: untranslated string: new
WARNING: untranslated string: openvpn default
@@ -595,9 +778,6 @@ WARNING: untranslated string: outgoing firewall ip groups
WARNING: untranslated string: outgoing firewall mac groups
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
WARNING: untranslated string: outgoing firewall p2p description 1
WARNING: untranslated string: outgoing firewall p2p description 2
WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
WARNING: untranslated string: ovpn errmsg green already pushed
@@ -618,6 +798,7 @@ WARNING: untranslated string: proxy reports monthly
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

187
doc/language_issues.ru
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
@@ -126,6 +130,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -138,11 +147,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -169,6 +185,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: filename
WARNING: translation string unused: firewall graphs
@@ -176,6 +193,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
WARNING: translation string unused: from email adr
@@ -239,6 +259,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -264,6 +285,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -279,6 +301,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -305,6 +328,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: optional data
WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
@@ -312,7 +336,16 @@ WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -343,6 +376,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -370,7 +405,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -389,15 +426,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -489,6 +534,7 @@ WARNING: translation string unused: vpn watch
WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Add a route
@@ -549,6 +595,11 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
@@ -557,6 +608,141 @@ WARNING: untranslated string: extrahd maybe the device is in use
WARNING: untranslated string: extrahd to
WARNING: untranslated string: extrahd to root
WARNING: untranslated string: extrahd you cant mount
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: minute
WARNING: untranslated string: new
@@ -584,6 +770,7 @@ WARNING: untranslated string: proxy reports monthly
WARNING: untranslated string: proxy reports today
WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: qos enter bandwidths
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

187
doc/language_issues.tr
View File

@@ -11,10 +11,12 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Verbose
WARNING: translation string unused: access allowed
WARNING: translation string unused: access refused with this oinkcode
WARNING: translation string unused: add network
WARNING: translation string unused: add new ovpn
WARNING: translation string unused: add service
WARNING: translation string unused: add xtaccess
WARNING: translation string unused: add-route
WARNING: translation string unused: admin user password has been changed
WARNING: translation string unused: administrator user password
@@ -46,6 +48,7 @@ WARNING: translation string unused: all updates installed
WARNING: translation string unused: allmsg
WARNING: translation string unused: alt information
WARNING: translation string unused: alt ovpn
WARNING: translation string unused: alt vpn
WARNING: translation string unused: and
WARNING: translation string unused: ansi t1.483
WARNING: translation string unused: apply
@@ -87,6 +90,7 @@ WARNING: translation string unused: cache management
WARNING: translation string unused: cache size
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: cant enable xtaccess
WARNING: translation string unused: capsinactive
WARNING: translation string unused: ccd err iroute
WARNING: translation string unused: ccd err netadr
@@ -129,6 +133,11 @@ WARNING: translation string unused: debugme
WARNING: translation string unused: deep scan directories
WARNING: translation string unused: default networks
WARNING: translation string unused: default services
WARNING: translation string unused: description
WARNING: translation string unused: destination ip bad
WARNING: translation string unused: destination ip or net
WARNING: translation string unused: destination net
WARNING: translation string unused: destination port overlaps
WARNING: translation string unused: dhcp base ip fixed lease
WARNING: translation string unused: dhcp create fixed leases
WARNING: translation string unused: dhcp fixed lease err1
@@ -141,11 +150,18 @@ WARNING: translation string unused: dial user password has been changed
WARNING: translation string unused: dialup settings
WARNING: translation string unused: disconnect
WARNING: translation string unused: display traffic at home
WARNING: translation string unused: dmz pinhole configuration
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
WARNING: translation string unused: eciadsl help
WARNING: translation string unused: eciadsl upload
@@ -172,6 +188,7 @@ WARNING: translation string unused: error external access
WARNING: translation string unused: expected
WARNING: translation string unused: expertoptions
WARNING: translation string unused: exportkey
WARNING: translation string unused: external access
WARNING: translation string unused: external access rule changed
WARNING: translation string unused: extrahd unable to read
WARNING: translation string unused: extrahd unable to write
@@ -181,6 +198,9 @@ WARNING: translation string unused: firewall log viewer
WARNING: translation string unused: firmware
WARNING: translation string unused: firmware upload
WARNING: translation string unused: force update
WARNING: translation string unused: forwarding rule added
WARNING: translation string unused: forwarding rule removed
WARNING: translation string unused: forwarding rule updated
WARNING: translation string unused: frequency
WARNING: translation string unused: fritzdsl help
WARNING: translation string unused: fritzdsl upload
@@ -246,6 +266,7 @@ WARNING: translation string unused: local hard disk
WARNING: translation string unused: localkeyfile
WARNING: translation string unused: log enabled
WARNING: translation string unused: log viewer
WARNING: translation string unused: logging
WARNING: translation string unused: loosedirectorychecking
WARNING: translation string unused: ls_dhcpd
WARNING: translation string unused: ls_disk space
@@ -271,6 +292,7 @@ WARNING: translation string unused: mbmon value
WARNING: translation string unused: min size
WARNING: translation string unused: missing dat
WARNING: translation string unused: missing gz
WARNING: translation string unused: mode
WARNING: translation string unused: modem on com1
WARNING: translation string unused: modem on com2
WARNING: translation string unused: modem on com3
@@ -287,6 +309,7 @@ WARNING: translation string unused: monthly volume start day short
WARNING: translation string unused: mount
WARNING: translation string unused: mtu QoS
WARNING: translation string unused: nat-traversal
WARNING: translation string unused: net
WARNING: translation string unused: net address
WARNING: translation string unused: net config type
WARNING: translation string unused: net config type help
@@ -313,6 +336,7 @@ WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
WARNING: translation string unused: online help en
WARNING: translation string unused: only red
WARNING: translation string unused: open to all
WARNING: translation string unused: openvpn disabled
WARNING: translation string unused: openvpn enabled
WARNING: translation string unused: optional data
@@ -323,7 +347,16 @@ WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
WARNING: translation string unused: outgoing firewall mode2
WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname
WARNING: translation string unused: outgoing firewall p2p description 1
WARNING: translation string unused: outgoing firewall p2p description 2
WARNING: translation string unused: outgoing firewall p2p description 3
WARNING: translation string unused: outgoing firewall reset
WARNING: translation string unused: outgoing firewall warning
WARNING: translation string unused: override mtu
WARNING: translation string unused: ovpn
WARNING: translation string unused: ovpn config
@@ -354,6 +387,8 @@ WARNING: translation string unused: passwords must be at least 6 characters in l
WARNING: translation string unused: phonebook entry
WARNING: translation string unused: ping disabled
WARNING: translation string unused: polfile
WARNING: translation string unused: policy
WARNING: translation string unused: port forwarding configuration
WARNING: translation string unused: ports
WARNING: translation string unused: pots
WARNING: translation string unused: pppoe
@@ -381,7 +416,9 @@ WARNING: translation string unused: router ip
WARNING: translation string unused: rules already up to date
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: select media
WARNING: translation string unused: select source net
WARNING: translation string unused: selecttraffic
WARNING: translation string unused: send email notification
WARNING: translation string unused: send test mail
@@ -400,15 +437,23 @@ WARNING: translation string unused: shutdown2
WARNING: translation string unused: shutting down
WARNING: translation string unused: sitekeyfile
WARNING: translation string unused: smbreload
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: source net
WARNING: translation string unused: source port overlaps
WARNING: translation string unused: squid extension methods
WARNING: translation string unused: squid extension methods invalid
WARNING: translation string unused: squid fix cache
WARNING: translation string unused: srcprt range overlaps
WARNING: translation string unused: srcprt within existing
WARNING: translation string unused: ssdmz pinholes
WARNING: translation string unused: ssh access tip
WARNING: translation string unused: ssh1 disabled
WARNING: translation string unused: ssh1 enabled
WARNING: translation string unused: ssh1 support
WARNING: translation string unused: ssnetwork status
WARNING: translation string unused: sspasswords
WARNING: translation string unused: ssport forwarding
WARNING: translation string unused: ssproxy graphs
WARNING: translation string unused: sssystem status
WARNING: translation string unused: sstraffic graphs
@@ -505,6 +550,7 @@ WARNING: translation string unused: warn when traffic reaches
WARNING: translation string unused: web proxy configuration
WARNING: translation string unused: week-graph
WARNING: translation string unused: weekly firewallhits
WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
@@ -517,8 +563,149 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: drop action
WARNING: untranslated string: drop action1
WARNING: untranslated string: drop action2
WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: fw default drop
WARNING: untranslated string: fw settings
WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: fwdfw dnat
WARNING: untranslated string: fwdfw dnat error
WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
WARNING: untranslated string: fwdfw err samesub
WARNING: untranslated string: fwdfw err src_addr
WARNING: untranslated string: fwdfw err tgt_addr
WARNING: untranslated string: fwdfw err tgt_grp
WARNING: untranslated string: fwdfw err tgt_mac
WARNING: untranslated string: fwdfw err time
WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
WARNING: untranslated string: fwdfw newrule
WARNING: untranslated string: fwdfw p2p txt
WARNING: untranslated string: fwdfw pol allow
WARNING: untranslated string: fwdfw pol block
WARNING: untranslated string: fwdfw pol text
WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
WARNING: untranslated string: fwdfw source
WARNING: untranslated string: fwdfw sourceip
WARNING: untranslated string: fwdfw target
WARNING: untranslated string: fwdfw targetip
WARNING: untranslated string: fwdfw timeframe
WARNING: untranslated string: fwdfw toggle
WARNING: untranslated string: fwdfw togglelog
WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
WARNING: untranslated string: fwdfw wd_sun
WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwdfw xt access
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
WARNING: untranslated string: fwhost addnet
WARNING: untranslated string: fwhost addservice
WARNING: untranslated string: fwhost addservicegrp
WARNING: untranslated string: fwhost any
WARNING: untranslated string: fwhost back
WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
WARNING: untranslated string: fwhost cust srvgrp
WARNING: untranslated string: fwhost deleted
WARNING: untranslated string: fwhost empty
WARNING: untranslated string: fwhost err addr
WARNING: untranslated string: fwhost err empty
WARNING: untranslated string: fwhost err groupempty
WARNING: untranslated string: fwhost err grpexist
WARNING: untranslated string: fwhost err hostexist
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: fwhost err ip
WARNING: untranslated string: fwhost err ipcheck
WARNING: untranslated string: fwhost err ipmac
WARNING: untranslated string: fwhost err ipwithsub
WARNING: untranslated string: fwhost err isccdhost
WARNING: untranslated string: fwhost err isccdiphost
WARNING: untranslated string: fwhost err isccdipnet
WARNING: untranslated string: fwhost err isccdnet
WARNING: untranslated string: fwhost err isingrp
WARNING: untranslated string: fwhost err name
WARNING: untranslated string: fwhost err name1
WARNING: untranslated string: fwhost err net
WARNING: untranslated string: fwhost err netexist
WARNING: untranslated string: fwhost err partofnet
WARNING: untranslated string: fwhost err port
WARNING: untranslated string: fwhost err remark
WARNING: untranslated string: fwhost err srv exists
WARNING: untranslated string: fwhost err srvexist
WARNING: untranslated string: fwhost err sub32
WARNING: untranslated string: fwhost hint
WARNING: untranslated string: fwhost hosts
WARNING: untranslated string: fwhost icmptype
WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
WARNING: untranslated string: fwhost newservice
WARNING: untranslated string: fwhost newservicegrp
WARNING: untranslated string: fwhost ovpn_n2n
WARNING: untranslated string: fwhost port
WARNING: untranslated string: fwhost prot
WARNING: untranslated string: fwhost reread
WARNING: untranslated string: fwhost services
WARNING: untranslated string: fwhost srv_name
WARNING: untranslated string: fwhost stdnet
WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: red1
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed

701
doc/language_missings
View File

@@ -5,13 +5,13 @@
# Checking cgi-bin translations for language: en #
############################################################################
< ccd maxclients
< wlanap country
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
@@ -67,6 +67,11 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< drop action
< drop action1
< drop action2
< drop forward
< drop outgoing
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -84,6 +89,174 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
< forward firewall
< fw default drop
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
< fwdfw addr grp
< fwdfw addrule
< fwdfw change
< fwdfw copy
< fwdfw cust addr
< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
< fwdfw dnat porterr
< fwdfw DROP
< fwdfw edit
< fwdfw err nosrc
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
< fwdfw err prot
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
< fwdfw err srcovpn
< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
< fwdfw err tgtovpn
< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
< fwdfw hint ip2
< fwdfw ipsec network
< fwdfw log rule
< fwdfw man port
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
< fwdfw movedown
< fwdfw moveup
< fwdfw natport used
< fwdfw newrule
< fwdfw p2p txt
< fwdfw pol allow
< fwdfw pol block
< fwdfw pol text
< fwdfw pol text1
< fwdfw pol title
< fwdfw red
< fwdfw REJECT
< fwdfw reread
< fwdfw rule action
< fwdfw rule activate
< fwdfw rulepos
< fwdfw rules
< fwdfw snat
< fwdfw source
< fwdfw sourceip
< fwdfw std network
< fwdfw target
< fwdfw targetip
< fwdfw till
< fwdfw time
< fwdfw timeframe
< fwdfw toggle
< fwdfw togglelog
< fwdfw useless rule
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
< fwdfw wd_sun
< fwdfw wd_thu
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
< fwhost addnet
< fwhost addrule
< fwhost addservice
< fwhost addservicegrp
< fwhost any
< fwhost attention
< fwhost back
< fwhost blue
< fwhost ccdhost
< fwhost ccdnet
< fwhost change
< fwhost changeremark
< fwhost cust addr
< fwhost cust grp
< fwhost cust net
< fwhost cust service
< fwhost cust srvgrp
< fwhost deleted
< fwhost empty
< fwhost err addr
< fwhost err addrgrp
< fwhost err empty
< fwhost err groupempty
< fwhost err grpexist
< fwhost err hostexist
< fwhost err hostorip
< fwhost err ip
< fwhost err ipcheck
< fwhost err ipmac
< fwhost err ipwithsub
< fwhost err isccdhost
< fwhost err isccdiphost
< fwhost err isccdipnet
< fwhost err isccdnet
< fwhost err isingrp
< fwhost err mac
< fwhost err name
< fwhost err name1
< fwhost err net
< fwhost err netexist
< fwhost err partofnet
< fwhost err port
< fwhost err remark
< fwhost err srvexist
< fwhost err srv exists
< fwhost err sub32
< fwhost green
< fwhost hint
< fwhost hosts
< fwhost icmptype
< fwhost ipadr
< fwhost ip_mac
< fwhost ipsec host
< fwhost ipsec net
< fwhost menu
< fwhost netaddress
< fwhost newgrp
< fwhost newhost
< fwhost newnet
< fwhost newservice
< fwhost newservicegrp
< fwhost orange
< fwhost ovpn_n2n
< fwhost port
< fwhost prot
< fwhost reread
< fwhost reset
< fwhost services
< fwhost srv_name
< fwhost stdnet
< fwhost type
< fwhost used
< fwhost welcome
< fwhost wo subnet
< fw settings
< fw settings color
< fw settings dropdown
< fw settings remark
< fw settings ruletable
< minute
< ntp common settings
< ntp sync
@@ -112,6 +285,7 @@
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
< red1
< server restart
< snort working
< static routes
@@ -233,7 +407,6 @@
############################################################################
# Checking cgi-bin translations for language: es #
############################################################################
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
@@ -289,6 +462,11 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< drop action
< drop action1
< drop action2
< drop forward
< drop outgoing
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -306,6 +484,174 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
< forward firewall
< fw default drop
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
< fwdfw addr grp
< fwdfw addrule
< fwdfw change
< fwdfw copy
< fwdfw cust addr
< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
< fwdfw dnat porterr
< fwdfw DROP
< fwdfw edit
< fwdfw err nosrc
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
< fwdfw err prot
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
< fwdfw err srcovpn
< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
< fwdfw err tgtovpn
< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
< fwdfw hint ip2
< fwdfw ipsec network
< fwdfw log rule
< fwdfw man port
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
< fwdfw movedown
< fwdfw moveup
< fwdfw natport used
< fwdfw newrule
< fwdfw p2p txt
< fwdfw pol allow
< fwdfw pol block
< fwdfw pol text
< fwdfw pol text1
< fwdfw pol title
< fwdfw red
< fwdfw REJECT
< fwdfw reread
< fwdfw rule action
< fwdfw rule activate
< fwdfw rulepos
< fwdfw rules
< fwdfw snat
< fwdfw source
< fwdfw sourceip
< fwdfw std network
< fwdfw target
< fwdfw targetip
< fwdfw till
< fwdfw time
< fwdfw timeframe
< fwdfw toggle
< fwdfw togglelog
< fwdfw useless rule
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
< fwdfw wd_sun
< fwdfw wd_thu
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
< fwhost addnet
< fwhost addrule
< fwhost addservice
< fwhost addservicegrp
< fwhost any
< fwhost attention
< fwhost back
< fwhost blue
< fwhost ccdhost
< fwhost ccdnet
< fwhost change
< fwhost changeremark
< fwhost cust addr
< fwhost cust grp
< fwhost cust net
< fwhost cust service
< fwhost cust srvgrp
< fwhost deleted
< fwhost empty
< fwhost err addr
< fwhost err addrgrp
< fwhost err empty
< fwhost err groupempty
< fwhost err grpexist
< fwhost err hostexist
< fwhost err hostorip
< fwhost err ip
< fwhost err ipcheck
< fwhost err ipmac
< fwhost err ipwithsub
< fwhost err isccdhost
< fwhost err isccdiphost
< fwhost err isccdipnet
< fwhost err isccdnet
< fwhost err isingrp
< fwhost err mac
< fwhost err name
< fwhost err name1
< fwhost err net
< fwhost err netexist
< fwhost err partofnet
< fwhost err port
< fwhost err remark
< fwhost err srvexist
< fwhost err srv exists
< fwhost err sub32
< fwhost green
< fwhost hint
< fwhost hosts
< fwhost icmptype
< fwhost ipadr
< fwhost ip_mac
< fwhost ipsec host
< fwhost ipsec net
< fwhost menu
< fwhost netaddress
< fwhost newgrp
< fwhost newhost
< fwhost newnet
< fwhost newservice
< fwhost newservicegrp
< fwhost orange
< fwhost ovpn_n2n
< fwhost port
< fwhost prot
< fwhost reread
< fwhost reset
< fwhost services
< fwhost srv_name
< fwhost stdnet
< fwhost type
< fwhost used
< fwhost welcome
< fwhost wo subnet
< fw settings
< fw settings color
< fw settings dropdown
< fw settings remark
< fw settings ruletable
< minute
< openvpn default
< openvpn destination port used
@@ -350,6 +696,7 @@
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
< red1
< server restart
< Set time on boot
< static routes
@@ -448,7 +795,6 @@
############################################################################
# Checking cgi-bin translations for language: pl #
############################################################################
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
@@ -503,6 +849,11 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< drop action
< drop action1
< drop action2
< drop forward
< drop outgoing
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
@@ -512,6 +863,174 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
< forward firewall
< fw default drop
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
< fwdfw addr grp
< fwdfw addrule
< fwdfw change
< fwdfw copy
< fwdfw cust addr
< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
< fwdfw dnat porterr
< fwdfw DROP
< fwdfw edit
< fwdfw err nosrc
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
< fwdfw err prot
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
< fwdfw err srcovpn
< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
< fwdfw err tgtovpn
< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
< fwdfw hint ip2
< fwdfw ipsec network
< fwdfw log rule
< fwdfw man port
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
< fwdfw movedown
< fwdfw moveup
< fwdfw natport used
< fwdfw newrule
< fwdfw p2p txt
< fwdfw pol allow
< fwdfw pol block
< fwdfw pol text
< fwdfw pol text1
< fwdfw pol title
< fwdfw red
< fwdfw REJECT
< fwdfw reread
< fwdfw rule action
< fwdfw rule activate
< fwdfw rulepos
< fwdfw rules
< fwdfw snat
< fwdfw source
< fwdfw sourceip
< fwdfw std network
< fwdfw target
< fwdfw targetip
< fwdfw till
< fwdfw time
< fwdfw timeframe
< fwdfw toggle
< fwdfw togglelog
< fwdfw useless rule
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
< fwdfw wd_sun
< fwdfw wd_thu
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
< fwhost addnet
< fwhost addrule
< fwhost addservice
< fwhost addservicegrp
< fwhost any
< fwhost attention
< fwhost back
< fwhost blue
< fwhost ccdhost
< fwhost ccdnet
< fwhost change
< fwhost changeremark
< fwhost cust addr
< fwhost cust grp
< fwhost cust net
< fwhost cust service
< fwhost cust srvgrp
< fwhost deleted
< fwhost empty
< fwhost err addr
< fwhost err addrgrp
< fwhost err empty
< fwhost err groupempty
< fwhost err grpexist
< fwhost err hostexist
< fwhost err hostorip
< fwhost err ip
< fwhost err ipcheck
< fwhost err ipmac
< fwhost err ipwithsub
< fwhost err isccdhost
< fwhost err isccdiphost
< fwhost err isccdipnet
< fwhost err isccdnet
< fwhost err isingrp
< fwhost err mac
< fwhost err name
< fwhost err name1
< fwhost err net
< fwhost err netexist
< fwhost err partofnet
< fwhost err port
< fwhost err remark
< fwhost err srvexist
< fwhost err srv exists
< fwhost err sub32
< fwhost green
< fwhost hint
< fwhost hosts
< fwhost icmptype
< fwhost ipadr
< fwhost ip_mac
< fwhost ipsec host
< fwhost ipsec net
< fwhost menu
< fwhost netaddress
< fwhost newgrp
< fwhost newhost
< fwhost newnet
< fwhost newservice
< fwhost newservicegrp
< fwhost orange
< fwhost ovpn_n2n
< fwhost port
< fwhost prot
< fwhost reread
< fwhost reset
< fwhost services
< fwhost srv_name
< fwhost stdnet
< fwhost type
< fwhost used
< fwhost welcome
< fwhost wo subnet
< fw settings
< fw settings color
< fw settings dropdown
< fw settings remark
< fw settings ruletable
< minute
< openvpn default
< openvpn destination port used
@@ -542,6 +1061,7 @@
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
< red1
< server restart
< static routes
< tor
@@ -639,7 +1159,6 @@
# Checking cgi-bin translations for language: ru #
############################################################################
< Add a route
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< age second
@@ -696,6 +1215,11 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
< drop action
< drop action1
< drop action2
< drop forward
< drop outgoing
< Edit an existing route
< extrahd because there is already a device mounted
< extrahd cant umount
@@ -706,7 +1230,175 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
< forward firewall
< frequency
< fw default drop
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
< fwdfw addr grp
< fwdfw addrule
< fwdfw change
< fwdfw copy
< fwdfw cust addr
< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
< fwdfw dnat porterr
< fwdfw DROP
< fwdfw edit
< fwdfw err nosrc
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
< fwdfw err prot
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
< fwdfw err srcovpn
< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
< fwdfw err tgtovpn
< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
< fwdfw hint ip2
< fwdfw ipsec network
< fwdfw log rule
< fwdfw man port
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
< fwdfw movedown
< fwdfw moveup
< fwdfw natport used
< fwdfw newrule
< fwdfw p2p txt
< fwdfw pol allow
< fwdfw pol block
< fwdfw pol text
< fwdfw pol text1
< fwdfw pol title
< fwdfw red
< fwdfw REJECT
< fwdfw reread
< fwdfw rule action
< fwdfw rule activate
< fwdfw rulepos
< fwdfw rules
< fwdfw snat
< fwdfw source
< fwdfw sourceip
< fwdfw std network
< fwdfw target
< fwdfw targetip
< fwdfw till
< fwdfw time
< fwdfw timeframe
< fwdfw toggle
< fwdfw togglelog
< fwdfw useless rule
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
< fwdfw wd_sun
< fwdfw wd_thu
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
< fwhost addnet
< fwhost addrule
< fwhost addservice
< fwhost addservicegrp
< fwhost any
< fwhost attention
< fwhost back
< fwhost blue
< fwhost ccdhost
< fwhost ccdnet
< fwhost change
< fwhost changeremark
< fwhost cust addr
< fwhost cust grp
< fwhost cust net
< fwhost cust service
< fwhost cust srvgrp
< fwhost deleted
< fwhost empty
< fwhost err addr
< fwhost err addrgrp
< fwhost err empty
< fwhost err groupempty
< fwhost err grpexist
< fwhost err hostexist
< fwhost err hostorip
< fwhost err ip
< fwhost err ipcheck
< fwhost err ipmac
< fwhost err ipwithsub
< fwhost err isccdhost
< fwhost err isccdiphost
< fwhost err isccdipnet
< fwhost err isccdnet
< fwhost err isingrp
< fwhost err mac
< fwhost err name
< fwhost err name1
< fwhost err net
< fwhost err netexist
< fwhost err partofnet
< fwhost err port
< fwhost err remark
< fwhost err srvexist
< fwhost err srv exists
< fwhost err sub32
< fwhost green
< fwhost hint
< fwhost hosts
< fwhost icmptype
< fwhost ipadr
< fwhost ip_mac
< fwhost ipsec host
< fwhost ipsec net
< fwhost menu
< fwhost netaddress
< fwhost newgrp
< fwhost newhost
< fwhost newnet
< fwhost newservice
< fwhost newservicegrp
< fwhost orange
< fwhost ovpn_n2n
< fwhost port
< fwhost prot
< fwhost reread
< fwhost reset
< fwhost services
< fwhost srv_name
< fwhost stdnet
< fwhost type
< fwhost used
< fwhost welcome
< fwhost wo subnet
< fw settings
< fw settings color
< fw settings dropdown
< fw settings remark
< fw settings ruletable
< hour-graph
< incoming traffic in bytes per second
< minute
@@ -737,6 +1429,7 @@
< proxy reports today
< proxy reports weekly
< qos enter bandwidths
< red1
< server restart
< static routes
< tor

446
html/cgi-bin/dmzholes.cgi
View File

@@ -1,446 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my %netsettings=();
my $errormessage = '';
my $filename = "${General::swroot}/dmzholes/config";
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'REMARK'} = '';
$cgiparams{'ACTION'} = '';
$cgiparams{'SRC_IP'} = '';
$cgiparams{'DEST_IP'} ='';
$cgiparams{'DEST_PORT'} = '';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }
unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}
unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
unless ($errormessage) {
$errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }
# Darren Critchley - Remove commas from remarks
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
unless ($errormessage)
{
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'PROTOCOL'},"; # [0]
print FILE "$cgiparams{'SRC_IP'},"; # [1]
print FILE "$cgiparams{'DEST_IP'},"; # [2]
print FILE "$cgiparams{'DEST_PORT'},"; # [3]
print FILE "$cgiparams{'ENABLED'},"; # [4]
print FILE "$cgiparams{'SRC_NET'},"; # [5]
print FILE "$cgiparams{'DEST_NET'},"; # [6]
print FILE "$cgiparams{'REMARK'}\n"; # [7]
} else {
open(FILE,">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'PROTOCOL'},"; # [0]
print FILE "$cgiparams{'SRC_IP'},"; # [1]
print FILE "$cgiparams{'DEST_IP'},"; # [2]
print FILE "$cgiparams{'DEST_PORT'},"; # [3]
print FILE "$cgiparams{'ENABLED'},"; # [4]
print FILE "$cgiparams{'SRC_NET'},"; # [5]
print FILE "$cgiparams{'DEST_NET'},"; # [6]
print FILE "$cgiparams{'REMARK'}\n"; # [7]
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
&General::log($Lang::tr{'dmz pinhole rule added'});
system('/usr/local/bin/setdmzholes');
}
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
system('/usr/local/bin/setdmzholes');
&General::log($Lang::tr{'dmz pinhole rule removed'});
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";
}
}
close(FILE);
system('/usr/local/bin/setdmzholes');
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'PROTOCOL'} = $temp[0];
$cgiparams{'SRC_IP'} = $temp[1];
$cgiparams{'DEST_IP'} = $temp[2];
$cgiparams{'DEST_PORT'} = $temp[3];
$cgiparams{'ENABLED'} = $temp[4];
$cgiparams{'SRC_NET'} = $temp[5];
$cgiparams{'DEST_NET'} = $temp[6];
$cgiparams{'REMARK'} = $temp[7];
}
}
}
if ($cgiparams{'ACTION'} eq '')
{
$cgiparams{'PROTOCOL'} = 'tcp';
$cgiparams{'ENABLED'} = 'on';
$cgiparams{'SRC_NET'} = 'orange';
$cgiparams{'DEST_NET'} = 'blue';
}
$selected{'PROTOCOL'}{'udp'} = '';
$selected{'PROTOCOL'}{'tcp'} = '';
$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
$selected{'SRC_NET'}{'orange'} = '';
$selected{'SRC_NET'}{'blue'} = '';
$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";
$selected{'DEST_NET'}{'blue'} = '';
$selected{'DEST_NET'}{'green'} = '';
$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
my $buttonText = $Lang::tr{'add'};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
&Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
$buttonText = $Lang::tr{'update'};
} else {
&Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
}
print <<END
<table width='100%'>
<tr>
<td>
<select name='PROTOCOL'>
<option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
</select>
</td>
<td>
$Lang::tr{'source net'}:</td>
<td>
<select name='SRC_NET'>
END
;
if (&haveOrangeNet()) {
print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";
}
if (&haveBlueNet()) {
print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
}
print <<END
</select>
</td>
<td class='base'>$Lang::tr{'source ip or net'}:</td>
<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>
</tr>
<tr>
<td>
&nbsp;</td>
<td>
$Lang::tr{'destination net'}:</td>
<td>
<select name='DEST_NET'>
END
;
if (&haveOrangeNet() && &haveBlueNet()) {
print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
}
print <<END
<option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>
</select>
</td>
<td class='base'>
$Lang::tr{'destination ip or net'}:</td>
<td>
<input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />
</td>
<td class='base'>
$Lang::tr{'destination port'}:&nbsp;
<input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
</td>
</tr>
</table>
<table width='100%'>
<tr>
<td colspan='3' width='50%' class='base'>
<font class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></font>
<input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />
</td>
</tr>
<tr>
<td class='base' width='50%'>
<img src='/blob.gif' alt ='*' align='top' />&nbsp;
<font class='base'>$Lang::tr{'this field may be blank'}</font>
</td>
<td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
<td width='25%' align='center'>
<input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
<input type='submit' name='SUBMIT' value='$buttonText' />
</td>
</tr>
</table>
END
;
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
} else {
print "<input type='hidden' name='EDITING' value='no' />\n";
}
&Header::closebox();
print "</form>\n";
&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
print <<END
<table width='100%'>
<tr>
<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
<td width='2%' class='boldbase' align='center'>&nbsp;</td>
<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
<td width='1%' class='boldbase' align='center'>&nbsp;</td>
<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
END
;
# Achim Weber: if i add a new rule, this rule is not displayed?!?
# we re-read always config.
# If something has happeened re-read config
#if($cgiparams{'ACTION'} ne '')
#{
open(FILE, $filename) or die 'Unable to open config file.';
@current = <FILE>;
close(FILE);
#}
my $id = 0;
foreach my $line (@current)
{
my $protocol='';
my $gif='';
my $toggle='';
my $gdesc='';
$id++;
chomp($line);
my @temp = split(/\,/,$line);
if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }
my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};
my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "<tr bgcolor='${Header::colouryellow}'>\n"; }
elsif ($id % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
# Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
my $dstprt =$temp[3];
$_=$temp[3];
if (/^\d+$/) {
my $servi = uc(getservbyport($temp[3], lc($temp[0])));
if ($servi ne '' && $temp[3] < 1024) {
$dstprt = "$dstprt($servi)"; }
}
# Darren Critchley - If the line is too long, wrap the port numbers
my $dstaddr = "$temp[2] : $dstprt";
if (length($dstaddr) > 26) {
$dstaddr = "$temp[2] :<br /> $dstprt";
}
print <<END
<td align='center'>$protocol</td>
<td bgcolor='$srcnetcolor'></td>
<td align='center'>$temp[1]</td>
<td align='center'><img src='/images/forward.gif' /></td>
<td bgcolor='$destnetcolor'></td>
<td align='center'>$dstaddr</td>
<td align='center'>$temp[7]</td>
<td align='center'>
<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ENABLE' value='$toggle' />
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
</form>
</td>
</tr>
END
;
}
print "</table>\n";
# If the fixed lease file contains entries, print Key to action icons
if ( ! -z "$filename") {
print <<END
<table>
<tr>
<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
sub validNet
{
my $srcNet = $_[0];
my $destNet = $_[1];
if ($srcNet eq $destNet) {
return $Lang::tr{'dmzpinholes for same net not necessary'}; }
unless ($srcNet =~ /^(blue|orange)$/) {
return $Lang::tr{'select source net'}; }
unless ($destNet =~ /^(blue|green)$/) {
return $Lang::tr{'select dest net'}; }
return '';
}
sub haveOrangeNet
{
if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
return 0;
}
sub haveBlueNet
{
if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
return 0;
}

2463
html/cgi-bin/forwardfw.cgi Executable file
View File

File diff suppressed because it is too large Load Diff

2198
html/cgi-bin/fwhosts.cgi Executable file
View File

File diff suppressed because it is too large Load Diff

2
html/cgi-bin/index.cgi
View File

@@ -341,7 +341,7 @@ END
} else { print $Lang::tr{'advproxy off'}; }
}
if ( $netsettings{'ORANGE_DEV'} ) { print <<END;
<tr><td align='center' bgcolor='$Header::colourorange' width='25%'><a href="/cgi-bin/dmzholes.cgi"><font size='2' color='white'><b>$Lang::tr{'dmz'}</b></font></a><br>
<tr><td align='center' bgcolor='$Header::colourorange' width='25%'><a href="/cgi-bin/forwardfw.cgi"><font size='2' color='white'><b>$Lang::tr{'dmz'}</b></font></a><br>
<td width='30%' align='center'>$netsettings{'ORANGE_ADDRESS'}
<td width='45%' align='center'><font color=$Header::colourgreen>Online</font>
END

149
html/cgi-bin/optionsfw.cgi
View File

@@ -11,7 +11,6 @@
# $Id: optionsfw.cgi,v 1.1.2.10 2005/10/03 00:34:10 gespinasse Exp $
#
#
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
@@ -22,38 +21,49 @@ require "${General::swroot}/header.pl";
my %checked =(); # Checkbox manipulations
# File used
my $filename = "${General::swroot}/optionsfw/settings";
our %settings=();
$settings{'DISABLEPING'} = 'NO';
$settings{'DROPNEWNOTSYN'} = 'on';
$settings{'DROPINPUT'} = 'on';
$settings{'DROPOUTPUT'} = 'on';
$settings{'DROPPORTSCAN'} = 'on';
$settings{'DROPWIRELESSINPUT'} = 'on';
$settings{'DROPWIRELESSFORWARD'} = 'on';
my %fwdfwsettings=();
my %configfwdfw=();
my %configoutgoingfw=();
my $configfwdfw = "${General::swroot}/forward/config";
my $configoutgoing = "${General::swroot}/forward/outgoing";
my $errormessage = '';
my $warnmessage = '';
my $filename = "${General::swroot}/optionsfw/settings";
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&Header::showhttpheaders();
#Get GUI values
&Header::getcgihash(\%settings);
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
$errormessage = $Lang::tr{'new optionsfw later'};
delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
&General::writehash($filename, \%settings); # Save good settings
} else {
&General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
}
if ($settings{'defpol'} ne '1'){
$errormessage .= $Lang::tr{'new optionsfw later'};
&General::writehash($filename, \%settings); # Save good settings
system("/usr/local/bin/forwardfwctrl");
}else{
if ($settings{'POLICY'} ne ''){
$fwdfwsettings{'POLICY'} = $settings{'POLICY'};
}
if ($settings{'POLICY1'} ne ''){
$fwdfwsettings{'POLICY1'} = $settings{'POLICY1'};
}
my $MODE = $fwdfwsettings{'POLICY'};
my $MODE1 = $fwdfwsettings{'POLICY1'};
%fwdfwsettings = ();
$fwdfwsettings{'POLICY'} = "$MODE";
$fwdfwsettings{'POLICY1'} = "$MODE1";
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
system("/usr/local/bin/forwardfwctrl");
}
&General::readhash($filename, \%settings); # Load good settings
}
&Header::openpage($Lang::tr{'options fw'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
&General::readhash($filename, \%settings);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
print "<font color='red'>$errormessage&nbsp;</font>";
@@ -66,9 +76,12 @@ $checked{'DROPNEWNOTSYN'}{$settings{'DROPNEWNOTSYN'}} = "checked='checked'";
$checked{'DROPINPUT'}{'off'} = '';
$checked{'DROPINPUT'}{'on'} = '';
$checked{'DROPINPUT'}{$settings{'DROPINPUT'}} = "checked='checked'";
$checked{'DROPOUTPUT'}{'off'} = '';
$checked{'DROPOUTPUT'}{'on'} = '';
$checked{'DROPOUTPUT'}{$settings{'DROPOUTPUT'}} = "checked='checked'";
$checked{'DROPFORWARD'}{'off'} = '';
$checked{'DROPFORWARD'}{'on'} = '';
$checked{'DROPFORWARD'}{$settings{'DROPFORWARD'}} = "checked='checked'";
$checked{'DROPOUTGOING'}{'off'} = '';
$checked{'DROPOUTGOING'}{'on'} = '';
$checked{'DROPOUTGOING'}{$settings{'DROPOUTGOING'}} = "checked='checked'";
$checked{'DROPPORTSCAN'}{'off'} = '';
$checked{'DROPPORTSCAN'}{'on'} = '';
$checked{'DROPPORTSCAN'}{$settings{'DROPPORTSCAN'}} = "checked='checked'";
@@ -84,6 +97,21 @@ $checked{'DROPPROXY'}{$settings{'DROPPROXY'}} = "checked='checked'";
$checked{'DROPSAMBA'}{'off'} = '';
$checked{'DROPSAMBA'}{'on'} = '';
$checked{'DROPSAMBA'}{$settings{'DROPSAMBA'}} = "checked='checked'";
$checked{'SHOWCOLORS'}{'off'} = '';
$checked{'SHOWCOLORS'}{'on'} = '';
$checked{'SHOWCOLORS'}{$settings{'SHOWCOLORS'}} = "checked='checked'";
$checked{'SHOWREMARK'}{'off'} = '';
$checked{'SHOWREMARK'}{'on'} = '';
$checked{'SHOWREMARK'}{$settings{'SHOWREMARK'}} = "checked='checked'";
$checked{'SHOWTABLES'}{'off'} = '';
$checked{'SHOWTABLES'}{'on'} = '';
$checked{'SHOWTABLES'}{$settings{'SHOWTABLES'}} = "checked='checked'";
$checked{'SHOWDROPDOWN'}{'off'} = '';
$checked{'SHOWDROPDOWN'}{'on'} = '';
$checked{'SHOWDROPDOWN'}{$settings{'SHOWDROPDOWN'}} = "checked='checked'";
$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
$selected{'FWPOLICY1'}{$settings{'FWPOLICY1'}}= 'selected';
$selected{'FWPOLICY2'}{$settings{'FWPOLICY2'}}= 'selected';
&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
@@ -96,8 +124,10 @@ print <<END
<input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop input'}</td><td align='left'>on <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
<input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop output'}</td><td align='left'>on <input type='radio' name='DROPOUTPUT' value='on' $checked{'DROPOUTPUT'}{'on'} />/
<input type='radio' name='DROPOUTPUT' value='off' $checked{'DROPOUTPUT'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop forward'}</td><td align='left'>on <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/
<input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td><td align='left'>on <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/
<input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>on <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
<input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>on <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
@@ -105,7 +135,8 @@ print <<END
<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>on <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
<input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> off</td></tr>
</table>
<br />
<br/>
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>on <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/
@@ -113,15 +144,77 @@ print <<END
<tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>on <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/
<input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> off</td></tr>
</table>
<br>
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw settings'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'fw settings color'}</td><td align='left'>on <input type='radio' name='SHOWCOLORS' value='on' $checked{'SHOWCOLORS'}{'on'} />/
<input type='radio' name='SHOWCOLORS' value='off' $checked{'SHOWCOLORS'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'fw settings remark'}</td><td align='left'>on <input type='radio' name='SHOWREMARK' value='on' $checked{'SHOWREMARK'}{'on'} />/
<input type='radio' name='SHOWREMARK' value='off' $checked{'SHOWREMARK'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'fw settings ruletable'}</td><td align='left'>on <input type='radio' name='SHOWTABLES' value='on' $checked{'SHOWTABLES'}{'on'} />/
<input type='radio' name='SHOWTABLES' value='off' $checked{'SHOWTABLES'}{'off'} /> off</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'fw settings dropdown'}</td><td align='left'>on <input type='radio' name='SHOWDROPDOWN' value='on' $checked{'SHOWDROPDOWN'}{'on'} />/
<input type='radio' name='SHOWDROPDOWN' value='off' $checked{'SHOWDROPDOWN'}{'off'} /> off</td></tr>
</table>
<br />
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop action'}</td><td><select name='FWPOLICY'>
<option value='DROP' $selected{'FWPOLICY'}{'DROP'}>DROP</option>
<option value='REJECT' $selected{'FWPOLICY'}{'REJECT'}>REJECT</option></select>
</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop action1'}</td><td><select name='FWPOLICY1'>
<option value='DROP' $selected{'FWPOLICY1'}{'DROP'}>DROP</option>
<option value='REJECT' $selected{'FWPOLICY1'}{'REJECT'}>REJECT</option></select>
</td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop action2'}</td><td><select name='FWPOLICY2'>
<option value='DROP' $selected{'FWPOLICY2'}{'DROP'}>DROP</option>
<option value='REJECT' $selected{'FWPOLICY2'}{'REJECT'}>REJECT</option></select>
</td></tr>
</table>
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
<input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
<input type='submit' name='ACTION' value=$Lang::tr{'save'} />
</form></td></tr>
</table>
</form>
END
;
&Header::closebox();
&Header::openbox('100%', 'center', $Lang::tr{'fwdfw pol title'});
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){ $selected{'POLICY1'}{'MODE1'} = 'selected'; } else { $selected{'POLICY1'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY1'} eq 'MODE2'){ $selected{'POLICY1'}{'MODE2'} = 'selected'; } else { $selected{'POLICY1'}{'MODE2'} = ''; }
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%' border='0'>
<tr><td colspan='3' style='font-weight:bold;color:red;' align='left'>FORWARD </td></tr>
<tr><td colspan='3' align='left'>$Lang::tr{'fwdfw pol text'}</td></tr>
<tr><td colspan='3'><hr /></td></tr>
<tr><td width='15%' align='left'> <select name='POLICY' style="width: 100px">
<option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
<option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
<input type='submit' name='ACTION' value=$Lang::tr{'save'} /><input type='hidden' name='defpol' value='1'></td>
END
print "</tr></table></form>";
print"<br><br>";
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%' border='0'>
<tr><td colspan='3' style='font-weight:bold;color:red;' align='left'>OUTGOING </td></tr>
<tr><td colspan='3' align='left'>$Lang::tr{'fwdfw pol text1'}</td></tr>
<tr><td colspan='3'><hr /></td></tr>
<tr><td width='15%' align='left'> <select name='POLICY1' style="width: 100px">
<option value='MODE1' $selected{'POLICY1'}{'MODE1'}>$Lang::tr{'fwdfw pol block'}</option>
<option value='MODE2' $selected{'POLICY1'}{'MODE2'}>$Lang::tr{'fwdfw pol allow'}</option></select>
<input type='submit' name='ACTION' value='$Lang::tr{'save'}' /><input type='hidden' name='defpol' value='1'></td>
END
print "</tr></table></form>";
&Header::closebox();
&Header::closebigbox();
&Header::closepage();

849
html/cgi-bin/outgoingfw.cgi
View File

@@ -1,849 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2005-2010 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %outfwsettings = ();
my %checked = ();
my %selected= () ;
my %netsettings = ();
my $errormessage = "";
my $configentry = "";
my @configs = ();
my @configline = ();
my $p2pentry = "";
my @p2ps = ();
my @p2pline = ();
my $configfile = "/var/ipfire/outgoing/rules";
my $configpath = "/var/ipfire/outgoing/groups/";
my $p2pfile = "/var/ipfire/outgoing/p2protocols";
my $servicefile = "/var/ipfire/outgoing/defaultservices";
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&Header::showhttpheaders();
### Values that have to be initialized
$outfwsettings{'ACTION'} = '';
$outfwsettings{'VALID'} = 'yes';
$outfwsettings{'EDIT'} = 'no';
$outfwsettings{'NAME'} = '';
$outfwsettings{'SNET'} = '';
$outfwsettings{'SIP'} = '';
$outfwsettings{'SPORT'} = '';
$outfwsettings{'SMAC'} = '';
$outfwsettings{'DIP'} = '';
$outfwsettings{'DPORT'} = '';
$outfwsettings{'PROT'} = '';
$outfwsettings{'STATE'} = '';
$outfwsettings{'DISPLAY_DIP'} = '';
$outfwsettings{'DISPLAY_DPORT'} = '';
$outfwsettings{'DISPLAY_SMAC'} = '';
$outfwsettings{'DISPLAY_SIP'} = '';
$outfwsettings{'POLICY'} = 'MODE0';
$outfwsettings{'MODE1LOG'} = 'off';
$outfwsettings{'TIME_FROM'} = '00:00';
$outfwsettings{'TIME_TO'} = '00:00';
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
&Header::getcgihash(\%outfwsettings);
###############
# DEBUG DEBUG
#&Header::openbox('100%', 'left', 'DEBUG');
#my $debugCount = 0;
#foreach my $line (sort keys %outfwsettings) {
#print "$line = $outfwsettings{$line}<br />\n";
# $debugCount++;
#}
#print "&nbsp;Count: $debugCount\n";
#&Header::closebox();
# DEBUG DEBUG
###############
$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
$checked{'MODE1LOG'}{'off'} = '';
$checked{'MODE1LOG'}{'on'} = '';
$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
$checked{'TIME_MON'}{'off'} = '';
$checked{'TIME_MON'}{'on'} = '';
$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'";
$checked{'TIME_TUE'}{'off'} = '';
$checked{'TIME_TUE'}{'on'} = '';
$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'";
$checked{'TIME_WED'}{'off'} = '';
$checked{'TIME_WED'}{'on'} = '';
$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'";
$checked{'TIME_THU'}{'off'} = '';
$checked{'TIME_THU'}{'on'} = '';
$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'";
$checked{'TIME_FRI'}{'off'} = '';
$checked{'TIME_FRI'}{'on'} = '';
$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'";
$checked{'TIME_SAT'}{'off'} = '';
$checked{'TIME_SAT'}{'on'} = '';
$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'";
$checked{'TIME_SUN'}{'off'} = '';
$checked{'TIME_SUN'}{'on'} = '';
$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'";
if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
# This is a little hack if poeple don<6F>t mark any date then all will be selected, because they might have forgotten to select
# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice
# that they have to select a day for the rule.
if ( $outfwsettings{'TIME_MON'} eq "" &&
$outfwsettings{'TIME_TUE'} eq "" &&
$outfwsettings{'TIME_WED'} eq "" &&
$outfwsettings{'TIME_THU'} eq "" &&
$outfwsettings{'TIME_FRI'} eq "" &&
$outfwsettings{'TIME_SAT'} eq "" &&
$outfwsettings{'TIME_SUN'} eq "" )
{
$outfwsettings{'TIME_MON'} = "on";
$outfwsettings{'TIME_TUE'} = "on";
$outfwsettings{'TIME_WED'} = "on";
$outfwsettings{'TIME_THU'} = "on";
$outfwsettings{'TIME_FRI'} = "on";
$outfwsettings{'TIME_SAT'} = "on";
$outfwsettings{'TIME_SUN'} = "on";
}
&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
############################################################################################################################
############################################################################################################################
if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
$outfwsettings{'POLICY'}='MODE0';
unlink $configfile;
system("/usr/bin/touch $configfile");
my $MODE = $outfwsettings{'POLICY'};
%outfwsettings = ();
$outfwsettings{'POLICY'} = "$MODE";
&General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
{
my $MODE = $outfwsettings{'POLICY'};
my $MODE1LOG = $outfwsettings{'MODE1LOG'};
%outfwsettings = ();
$outfwsettings{'POLICY'} = "$MODE";
$outfwsettings{'MODE1LOG'} = "$MODE1LOG";
&General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq 'enable')
{
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
print FILE "$p2pline[0];$p2pline[1];on;\n";
} else {
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq 'disable')
{
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
print FILE "$p2pline[0];$p2pline[1];off;\n";
} else {
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
{
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
open( FILE, "> $configfile" ) or die "Unable to write $configfile";
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
unless (($configline[0] eq $outfwsettings{'STATE'}) &&
($configline[1] eq $outfwsettings{'ENABLED'}) &&
($configline[2] eq $outfwsettings{'SNET'}) &&
($configline[3] eq $outfwsettings{'PROT'}) &&
($configline[4] eq $outfwsettings{'NAME'}) &&
($configline[5] eq $outfwsettings{'SIP'}) &&
($configline[6] eq $outfwsettings{'SMAC'}) &&
($configline[7] eq $outfwsettings{'DIP'}) &&
($configline[9] eq $outfwsettings{'LOG'}) &&
($configline[8] eq $outfwsettings{'DPORT'}) &&
($configline[10] eq $outfwsettings{'TIME_MON'}) &&
($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
($configline[12] eq $outfwsettings{'TIME_WED'}) &&
($configline[13] eq $outfwsettings{'TIME_THU'}) &&
($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
($configline[18] eq $outfwsettings{'TIME_TO'}))
{
print FILE $configentry;
}
}
close FILE;
$selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected';
$selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected';
$selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected';
&addrule();
&Header::closebigbox();
&Header::closepage();
exit
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
{
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
open( FILE, "> $configfile" ) or die "Unable to write $configfile";
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
unless (($configline[0] eq $outfwsettings{'STATE'}) &&
($configline[1] eq $outfwsettings{'ENABLED'}) &&
($configline[2] eq $outfwsettings{'SNET'}) &&
($configline[3] eq $outfwsettings{'PROT'}) &&
($configline[4] eq $outfwsettings{'NAME'}) &&
($configline[5] eq $outfwsettings{'SIP'}) &&
($configline[6] eq $outfwsettings{'SMAC'}) &&
($configline[7] eq $outfwsettings{'DIP'}) &&
($configline[9] eq $outfwsettings{'LOG'}) &&
($configline[8] eq $outfwsettings{'DPORT'}) &&
($configline[10] eq $outfwsettings{'TIME_MON'}) &&
($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
($configline[12] eq $outfwsettings{'TIME_WED'}) &&
($configline[13] eq $outfwsettings{'TIME_THU'}) &&
($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
($configline[18] eq $outfwsettings{'TIME_TO'}))
{
print FILE $configentry;
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
{
if ( $outfwsettings{'VALID'} eq 'yes' ) {
if ( $outfwsettings{'SNET'} eq "all" ) {
$outfwsettings{'SIP'} ="";
$outfwsettings{'SMAC'}="";
}
open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
print FILE <<END
$outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};$outfwsettings{'LOG'};$outfwsettings{'TIME_MON'};$outfwsettings{'TIME_TUE'};$outfwsettings{'TIME_WED'};$outfwsettings{'TIME_THU'};$outfwsettings{'TIME_FRI'};$outfwsettings{'TIME_SAT'};$outfwsettings{'TIME_SUN'};$outfwsettings{'TIME_FROM'};$outfwsettings{'TIME_TO'};
END
;
close FILE;
system("/usr/local/bin/outgoingfwctrl");
} else {
$outfwsettings{'ACTION'} = 'Add rule';
}
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'})
{
&addrule();
exit
}
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
############################################################################################################################
############################################################################################################################
if ($outfwsettings{'POLICY'} ne 'MODE0'){
&Header::openbox('100%', 'center', 'Rules');
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' />
</form>
END
;
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
if (@configs) {
print <<END
<hr />
<table border='0' width='100%' cellspacing='0'>
<tr bgcolor='$color{'color22'}'>
<td width='14%' align='center'><b>$Lang::tr{'protocol'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'network'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'destination'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'description'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'policy'}</b></td>
<td width='16%' align='center'><b>$Lang::tr{'logging'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'action'}</b></td>
END
;
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$outfwsettings{'STATE'} = $configline[0];
$outfwsettings{'ENABLED'} = $configline[1];
$outfwsettings{'SNET'} = $configline[2];
$outfwsettings{'PROT'} = $configline[3];
$outfwsettings{'NAME'} = $configline[4];
$outfwsettings{'SIP'} = $configline[5];
$outfwsettings{'SMAC'} = $configline[6];
$outfwsettings{'DIP'} = $configline[7];
$outfwsettings{'DPORT'} = $configline[8];
$outfwsettings{'LOG'} = $configline[9];
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
$outfwsettings{'TIME_MON'} = $configline[10];
$outfwsettings{'TIME_TUE'} = $configline[11];
$outfwsettings{'TIME_WED'} = $configline[12];
$outfwsettings{'TIME_THU'} = $configline[13];
$outfwsettings{'TIME_FRI'} = $configline[14];
$outfwsettings{'TIME_SAT'} = $configline[15];
$outfwsettings{'TIME_SUN'} = $configline[16];
$outfwsettings{'TIME_FROM'} = $configline[17];
$outfwsettings{'TIME_TO'} = $configline[18];
if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY' />"; }
if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW' />"; }
if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
if ( $outfwsettings{'ENABLED'} eq "on" ){
print "<tr bgcolor='$color{'color20'}'>";
} else {
print "<tr bgcolor='$color{'color18'}'>";
}
print <<END
<td align='center'>$outfwsettings{'PROT'}
<td align='center'>$outfwsettings{'SNET'}
<td align='center'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
<td align='center'>$outfwsettings{'NAME'}
<td align='center'>$outfwsettings{'DISPLAY_STATE'}
<td align='center'>$outfwsettings{'LOG'}
<td align='center'>
<table border='0' cellpadding='0' cellspacing='0'><tr>
<td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
<input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
<input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
<input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
<input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
<input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
<input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
<input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
<input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
<input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
<input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
<input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
<input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
<input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
<input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
<input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
<input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
<input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
<input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
<input type='hidden' name='ACTION' value=$Lang::tr{'edit'} />
<input type='image' src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'} />
</form>
<td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
<input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
<input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
<input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
<input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
<input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
<input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
<input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
<input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
<input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
<input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
<input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
<input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
<input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
<input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
<input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
<input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
<input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
<input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
<input type='hidden' name='ACTION' value=$Lang::tr{'delete'} />
<input type='image' src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'} />
</form></table>
END
;
if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
unless ($outfwsettings{'SIP'}) {
$outfwsettings{'DISPLAY_SIP'} = 'ALL';
} else {
$outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'};
}
unless ($outfwsettings{'SMAC'}) {
$outfwsettings{'DISPLAY_SMAC'} = 'ALL';
print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>";
print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>";
} else {
$outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'};
print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>";
print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>";
}
}
print <<END
<tr><td width='14%' align='right'>$Lang::tr{'time'} - </td>
<td width='14%' align='left'>
END
;
if ($outfwsettings{'TIME_MON'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy monday'}</font>,";
if ($outfwsettings{'TIME_TUE'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy tuesday'}</font>,";
if ($outfwsettings{'TIME_WED'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy wednesday'}</font>,";
if ($outfwsettings{'TIME_THU'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy thursday'}</font>,";
if ($outfwsettings{'TIME_FRI'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy friday'}</font>,";
if ($outfwsettings{'TIME_SAT'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy saturday'}</font>,";
if ($outfwsettings{'TIME_SUN'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy sunday'}</font>";
print <<END
</td>
<td width='22%' align='center'>$Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'}</td>
<td width='22%' align='center'>$Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'}</td>
</form>
END
;
}
}
if ($outfwsettings{'POLICY'} eq 'MODE1'){
print <<END
<tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td align='center'>all
<td align='center'>all
<td align='center'>ALL
<td align='center'>drop
<td align='center'><img src='/images/stock_stop.png' alt='DENY' />
<td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
<td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
<table border='0' cellpadding='0' cellspacing='0'><tr>
<td>
<td></table>
END
;
}
print <<END
</table>
END
;
}
&Header::closebox();
}
if ($outfwsettings{'POLICY'} ne 'MODE0'){
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
&Header::openbox('100%', 'center', 'P2P-Block');
print <<END
<table width='40%'>
<tr bgcolor='$color{'color22'}'><td width='66%' align=center><b>$Lang::tr{'protocol'}</b>
<td width='33%' align=center><b>$Lang::tr{'status'}</b>
END
;
my $id = 1;
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
END
;
print "\t\t\t<tr bgcolor='$color{'color20'}'>\n";
print <<END
<td width='66%' align='center'>$p2pline[0]:
<td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' />
END
;
if ($p2pline[2] eq 'on') {
print <<END
<input type='hidden' name='ACTION' value='disable' />
<input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/>
END
;
} else {
print <<END
<input type='hidden' name='ACTION' value='enable' />
<input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' />
END
;
}
print <<END
</form>
END
;
}
print <<END
</table>
<br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'}
END
;
&Header::closebox();
}
&Header::openbox('100%', 'center', 'Policy');
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
<tr><td colspan='3'><hr /></td></tr>
<tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
<td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
<td width='45%' align='left'>
END
;
if ($outfwsettings{'POLICY'} ne 'MODE0') {
print <<END
$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} />
END
;
}
print <<END
</table>
</form>
END
;
&Header::closebox();
############################################################################################################################
############################################################################################################################
sub addrule
{
&Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; }
$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='80%'>
<tr>
<td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
<td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
<td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'protocol'}</td>
<td width='30%' align='left'>
<select name='PROT'>
<option value='all' $selected{'PROT'}{'all'}>All</option>
<option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
<option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
<option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
<option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
</select>
</td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
<td width='30%' align='left' colspan='2'>
END
;
if ($outfwsettings{'POLICY'} eq 'MODE1'){
print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
} elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
}
print <<END
</td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'source'}:</td>
<td width='30%' align='left'>
<select name='SNET'>
<optgroup label='---'>
<option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
<optgroup label='$Lang::tr{'mac address'}'>
<option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option>
</optgroup>
<optgroup label='$Lang::tr{'ip address'}'>
<option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option>
<option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
</optgroup>
<optgroup label='$Lang::tr{'alt vpn'}'>
<option value='ovpn' $selected{'SNET'}{'ovpn'}>OpenVPN $Lang::tr{'interface'}</option>
</optgroup>
<optgroup label='$Lang::tr{'network'}'>
<option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
END
;
if (&Header::blue_used()){
print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
}
if (&Header::orange_used()){
print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
}
print <<END
</optgroup>
<optgroup label='IP $Lang::tr{'advproxy NCSA group'}'>
END
;
my @ipgroups = qx(ls $configpath/ipgroups/);
foreach (sort @ipgroups){
chomp($_);
print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
}
print <<END
</optgroup>
<optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'>
END
;
my @macgroups = qx(ls $configpath/macgroups/);
foreach (sort @macgroups){
chomp($_);
print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
}
print <<END
</optgroup>
</select>
</td>
<td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td>
</tr>
<tr>
<td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td>
<td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td>
</tr>
<tr>
<td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' />
<td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' />
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'logging'}:</td>
<td width='30%' align='left'>
<select name='LOG'>
<option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
<option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
</select>
</td>
<td width='20%' align='right' colspan='2' />
<td width='30%' align='left' colspan='2' />
<tr>
<td width='20%' align='right'>$Lang::tr{'destination ip or net'}: <img src='/blob.gif' /></td>
<td width='30%' align='left'><input type='text' name='DIP' value='$outfwsettings{'DIP'}' /></td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}(s) <img src='/blob.gif' /></td>
<td width='30%' align='left' colspan='2'><input type='text' name='DPORT' value='$outfwsettings{'DPORT'}' /></td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'time'}:</td>
<td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
<td width='20%' align='right' colspan='2' />
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
<tr>
<td width='20%' align='right'></td>
<td width='30%' align='left'>
<input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
<input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
<input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
<input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
<input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
<input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
<input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
</td>
<td width='20%' align='right' colspan='2' />
<td width='15%' align='left'>
<select name='TIME_FROM'>
END
;
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
}
}
print <<END
</select>
</td>
<td width='15%' align='left'><select name='TIME_TO'>
END
;
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
print <<END
</select>
</td>
</tr>
<tr>
<td colspan='6' />
<tr>
<tr>
<td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
<td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
</table></form>
END
;
&Header::closebox();
if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2')
{
&Header::openbox('100%', 'center', 'Quick Add');
open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services";
my @defservices = <FILE>;
close FILE;
print "<table width='100%'><tr bgcolor='$color{'color20'}'><td><b>$Lang::tr{'service'}</b></td><td><b>$Lang::tr{'description'}</b></td><td><b>$Lang::tr{'port'}</b></td><td><b>$Lang::tr{'protocol'}</b></td><td><b>$Lang::tr{'source net'}</b></td><td><b>$Lang::tr{'logging'}</b></td><td><b>$Lang::tr{'action'}</b></td></tr>";
foreach my $serviceline(@defservices)
{
my @service = split(/,/,$serviceline);
print <<END
<tr><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td>$service[0]<input type='hidden' name='NAME' value='@service[0]' /></td>
<td>$service[3]</td>
<td><a href='http://isc.sans.org/port_details.php?port=$service[1]' target='top'>$service[1]</a><input type='hidden' name='DPORT' value='@service[1]' /></td>
<td>$service[2]<input type='hidden' name='PROT' value='@service[2]' /></td>
<td><select name='SNET'><option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
END
;
if (&Header::blue_used()){
print "<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>";
}
if (&Header::orange_used()){
print "<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>";
}
print <<END
</select></td>
<td><select name='LOG'><option value='$Lang::tr{'active'}'>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' 'selected'>$Lang::tr{'inactive'}</option></select></td><td>
<input type='hidden' name='ACTION' value=$Lang::tr{'add'} />
<input type='image' alt='$Lang::tr{'add'}' src='/images/add.gif' />
<input type='hidden' name='ENABLED' value='on' />
END
;
if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "<input type='hidden' name='STATE' value='ALLOW' /></form></td></tr>";}
elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "<input type='hidden' name='STATE' value='DENY' /></form></td></tr>";}
}
print "</table>";
&Header::closebox();
}
}
&Header::closebigbox();
&Header::closepage();

98
html/cgi-bin/ovpnmain.cgi
View File

@@ -30,6 +30,7 @@ use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
use Sort::Naturally;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
@@ -165,49 +166,29 @@ sub deletebackupcert
unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
}
}
sub checkportfw {
my $KEY2 = $_[0]; # key2
my $SRC_PORT = $_[1]; # src_port
my $PROTOCOL = $_[2]; # protocol
my $SRC_IP = $_[3]; # sourceip
my $pfwfilename = "${General::swroot}/portfw/config";
open(FILE, $pfwfilename) or die 'Unable to open config file.';
my @pfwcurrent = <FILE>;
close(FILE);
my $pfwkey1 = 0; # used for finding last sequence number used
foreach my $pfwline (@pfwcurrent)
{
my @pfwtemp = split(/\,/,$pfwline);
chomp ($pfwtemp[8]);
if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
if ( $SRC_PORT eq $pfwtemp[3] &&
$PROTOCOL eq $pfwtemp[2] &&
$SRC_IP eq $pfwtemp[7])
{
$errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
}
# Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
if ( $pfwtemp[1] eq "0") {
$pfwkey1=$pfwtemp[0];
}
# Darren Critchley - Duplicate or overlapping Port range check
if ($pfwtemp[1] eq "0" &&
$PROTOCOL eq $pfwtemp[2] &&
$SRC_IP eq $pfwtemp[7] &&
$errormessage eq '')
{
&portchecks($SRC_PORT, $pfwtemp[5]);
# &portchecks($pfwtemp[3], $pfwtemp[5]);
# &portchecks($pfwtemp[3], $SRC_IP);
my $DPORT = shift;
my $DPROT = shift;
my %natconfig =();
my $confignat = "${General::swroot}/forward/config";
$DPROT= uc ($DPROT);
&General::readhasharray($confignat, \%natconfig);
foreach my $key (sort keys %natconfig){
my @portarray = split (/\|/,$natconfig{$key}[30]);
foreach my $value (@portarray){
if ($value =~ /:/i){
my ($a,$b) = split (":",$value);
if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
$errormessage= "$Lang::tr{'source port in use'} $DPORT";
}
}else{
if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
$errormessage= "$Lang::tr{'source port in use'} $DPORT";
}
}
}
}
}
# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
return;
return;
}
sub checkportoverlap
@@ -239,32 +220,6 @@ sub checkportinc
return 0;
}
}
# Darren Critchley - Duplicate or overlapping Port range check
sub portchecks
{
my $p1 = $_[0]; # New port range
my $p2 = $_[1]; # existing port range
# $_ = $_[0];
our ($prtrange1, $prtrange2);
$prtrange1 = 0;
# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
# unless (&checkportoverlap($p1,$p2)) {
# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
# }
# }
if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
unless (&checkportinc($p2,$p1)) {
$errormessage = "$Lang::tr{'srcprt within existing'} $p1";
}
}
$prtrange1 = 1;
if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
unless (&checkportinc($p1,$p2)) {
$errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
}
}
return;
}
# Darren Critchley - certain ports are reserved for IPFire
# TCP 67,68,81,222,445
@@ -1144,7 +1099,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
if ($cgiparams{'ENABLED'} eq 'on'){
&checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
&checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
}
if ($errormessage) { goto SETTINGS_ERROR; }
@@ -4895,11 +4850,10 @@ END
</tr>
END
;
my $id = 0;
my $gif;
foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
my $id = 0;
my $gif;
foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
print "<tr bgcolor='$color{'color20'}'>\n";
} else {

134
html/cgi-bin/p2p-block.cgi Executable file
View File

@@ -0,0 +1,134 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# Author: Alexander Marx (Amarx@ipfire.org) #
###############################################################################
use strict;
no warnings 'uninitialized';
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my $errormessage='';
my $p2pfile = "${General::swroot}/forward/p2protocols";
my @p2ps = ();
my %fwdfwsettings=();
my %color=();
my %mainsettings=();
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&Header::showhttpheaders();
&Header::getcgihash(\%fwdfwsettings);
&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
&Header::openbigbox('100%', 'center',$errormessage);
if ($fwdfwsettings{'ACTION'} eq ''){
&p2pblock;
}
if ($fwdfwsettings{'ACTION'} eq 'togglep2p')
{
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach my $p2pentry (sort @p2ps)
{
my @p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
if($p2pline[2] eq 'on'){
$p2pline[2]='off';
}else{
$p2pline[2]='on';
}
}
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
close FILE;
&rules;
&p2pblock;
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
{
&reread_rules;
&p2pblock;
}
sub p2pblock
{
if (-f "${General::swroot}/forward/reread"){
print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div></td></tr></table></form><br>";
}
my $gif;
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
&Header::openbox('100%', 'center', 'P2P-Block');
print <<END;
<table width='35%' border='0'>
<tr bgcolor='$color{'color22'}'><td align=center colspan='2' ><b>$Lang::tr{'protocol'}</b></td><td align='center'><b>$Lang::tr{'status'}</b></td></tr>
END
foreach my $p2pentry (sort @p2ps)
{
my @p2pline = split( /\;/, $p2pentry );
if($p2pline[2] eq 'on'){
$gif="/images/on.gif"
}else{
$gif="/images/off.gif"
}
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<tr bgcolor='$color{'color20'}'>
<td align='center' colspan='2' >$p2pline[0]:</td><td align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' /><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' ><input type='hidden' name='ACTION' value='togglep2p'></td></tr></form>
END
}
print"<tr><td><img src='/images/on.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p allow'}</td></tr>";
print"<tr><td><img src='/images/off.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p deny'}</td></tr></table>";
print"<br><br><br><table width='100%'><tr><td align='left'>$Lang::tr{'fwdfw p2p txt'}</td></tr></table>";
&Header::closebox();
}
sub rules
{
if (!-f "${General::swroot}/forward/reread"){
system("touch ${General::swroot}/forward/reread");
system("touch ${General::swroot}/fwhosts/reread");
}
}
sub reread_rules
{
system("/usr/local/bin/forwardfwctrl");
if ( -f "${General::swroot}/forward/reread"){
system("rm ${General::swroot}/forward/reread");
system("rm ${General::swroot}/fwhosts/reread");
}
}
&Header::closebigbox();
&Header::closepage();

1177
html/cgi-bin/portfw.cgi
View File

File diff suppressed because it is too large Load Diff

2
html/cgi-bin/upnp.cgi
View File

@@ -82,7 +82,7 @@ if ($upnpsettings{'ACTION'} eq $Lang::tr{'save'})
debug_mode = $upnpsettings{'DEBUGMODE'}
insert_forward_rules = $upnpsettings{'FORWARDRULES'}
forward_chain_name = FORWARD
prerouting_chain_name = PORTFW
prerouting_chain_name = UPNPFW
upstream_bitrate = $upnpsettings{'DOWNSTREAM'}
downstream_bitrate = $upnpsettings{'UPSTREAM'}
description_document_name = $upnpsettings{'DESCRIPTION'}

4
html/cgi-bin/vpnmain.cgi
View File

@@ -23,7 +23,7 @@ use Net::DNS;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
use Sort::Naturally;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
@@ -2491,7 +2491,7 @@ END
;
my $id = 0;
my $gif;
foreach my $key (keys %confighash) {
foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {

193
langs/de/cgi-bin/de.pl
View File

@@ -1,4 +1,4 @@
%tr = (
%tr = (
%tr,
'Act as' => 'Konfiguriert als',
@@ -187,7 +187,6 @@
'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)',
'advproxy cache management' => 'Cacheverwaltung',
'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie',
'advproxy cache-digest' => 'Cache-Digest-Erstellung aktivieren',
'advproxy chgwebpwd ERROR' => 'F E H L E R :',
'advproxy chgwebpwd SUCCESS' => 'E R F O L G :',
'advproxy chgwebpwd change password' => 'Passwort ändern',
@@ -747,12 +746,16 @@
'download root certificate' => 'Root-Zertifikat herunterladen',
'dpd action' => 'Aktion für Dead Peer Detection',
'driver' => 'Treiber',
'drop input' => 'Verworfene Input-Pakete loggen',
'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
'drop action2' => 'Standardverhalten der (Input) Firewall',
'drop forward' => 'Verworfene (Forward) Firewall-Pakete loggen',
'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop output' => 'Verworfene Output-Pakete loggen',
'drop portscan' => 'Verworfene Portscan-Pakete loggen',
'drop proxy' => 'Alle Pakete verwerfen, die nicht direkt an den Proxy gerichtet sind',
'drop samba' => 'Alle Microsoft-Pakete verwerfen, Ports 135,137,138,139,445,1025',
'drop outgoing' => 'Verworfene (Outgoing) Firewall-Pakete loggen',
'drop portscan' => 'Verworfene Portscan Pakete loggen',
'drop proxy' => 'Alle Pakete verwerfen die nicht direkt an den Proxy gerichtet sind',
'drop samba' => 'Alle Microsoft Pakete verwerfen, Ports 135,137,138,139,445,1025',
'drop wirelessforward' => 'Verworfene Wireless Forward Pakete loggen',
'drop wirelessinput' => 'Verworfene Wireless Input Pakete loggen',
'dst port' => 'Ziel-Port',
@@ -882,6 +885,7 @@
'fixed ip lease removed' => 'Feste IP-Zuordnung gelöscht',
'force update' => 'Aktualisierung erzwingen',
'force user' => 'Standardbenutzer für das UNIX Dateisystem',
'forward firewall' => 'Firewall',
'forwarding rule added' => 'Weiterleitungsregel hinzugefügt. Starte Weiterleitung neu',
'forwarding rule removed' => 'Weiterleitungsregel entfernt. Starte Weiterleitung neu',
'forwarding rule updated' => 'Weiterleitungsregel aktualisiert; starte Weiterleitung neu',
@@ -899,7 +903,175 @@
'from email user' => 'Von Email Benutzer',
'from warn email bad' => 'Von Email Adresse ist nicht gültig',
'fw blue' => 'Firewall-Optionen für das Blaue Interface',
'fw default drop' => 'Firewall Policy',
'fw logging' => 'Firewall-Logging',
'fw settings' => 'Firewall-Einstellungen',
'fw settings color' => 'Farben in Regeltabelle anzeigen',
'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw MODE1' => 'Alle Pakete verwerfen',
'fwdfw MODE2' => 'Alle Pakete annehmen',
'fwdfw REJECT' => 'Verweigern (REJECT)',
'fwdfw action' => 'Aktion',
'fwdfw additional' => 'Weitere Einstellungen',
'fwdfw addr grp' => 'Adressgruppen:',
'fwdfw addrule' => 'Regel hinzufügen/ändern:',
'fwdfw change' => 'Aktualisieren',
'fwdfw copy' => 'Kopieren',
'fwdfw cust addr' => 'Custom Adressen:',
'fwdfw cust net' => 'Custom Netzwerke:',
'fwdfw delete' => 'Löschen',
'fwdfw dnat' => 'DNAT/Port-Weiterleitung',
'fwdfw dnat error' => 'Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
'fwdfw dnat porterr' => 'Für NAT-Regeln muss ein einzelner Port oder Portbereich angegeben werden',
'fwdfw edit' => 'Bearbeiten',
'fwdfw err nosrc' => 'Keine Quelle ausgewählt',
'fwdfw err nosrcip' => 'Bitte Quell-IP-Adresse angeben',
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
'fwdfw err same' => 'Quelle und Ziel sind identisch',
'fwdfw err samesub' => 'Quell- und Ziel-IP-Adresse befinden sich im selben Subnetz',
'fwdfw err src_addr' => 'Quell-MAC/IP-Adresse ungültig',
'fwdfw err srcovpn' => 'Die gewählte Quell-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
'fwdfw err srcport' => 'Bitte Quellport angeben',
'fwdfw err tgt_addr' => 'Ungültige Ziel-IP-Adresse',
'fwdfw err tgt_grp' => 'Die Ziel-Dienstgruppe ist leer',
'fwdfw err tgt_mac' => 'MAC-Adressen können nicht als Ziel defininert werden',
'fwdfw err tgt_port' => 'Ungültiger Zielport',
'fwdfw err tgtovpn' => 'Die gewählte Ziel-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
'fwdfw err tgtport' => 'Bitte Zielport angeben',
'fwdfw err time' => 'Es muss mindestens ein Tag ausgewählt werden',
'fwdfw final_rule' => 'Letzte Regel: ',
'fwdfw from' => 'Von:',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
'fwdfw log rule' => 'Logging aktivieren',
'fwdfw man port' => 'Port(s):',
'fwdfw menu' => 'Firewallregeln',
'fwdfw movedown' => 'Herunter',
'fwdfw moveup' => 'Herauf',
'fwdfw natport used' => 'Der eingegebene Port wird bereits von einer anderen DNAT-Regel benutzt.',
'fwdfw newrule' => 'Neue Regel erstellen',
'fwdfw p2p txt' => 'P2P-Netzwerke erlauben/verbieten.',
'fwdfw pol allow' => 'Zugelassen',
'fwdfw pol block' => 'Blockiert',
'fwdfw pol text' => 'Firewall-Standardverhalten für Verbindungen aus lokalen Netzwerken: Alle Verbindungen können entweder zugelassen oder geblockt werden, wenn keine Ausnahmeregel zutrifft. "Blockiert" trennt ebenfalls die Kommunikation zwischen den lokalen Netzwerken.',
'fwdfw pol text1' => 'Firewall-Standardverhalten für von der Firewall selbst initiierte Verbindungen.',
'fwdfw pol title' => 'Standardverhalten der Firewall',
'fwdfw red' => 'ROT',
'fwdfw reread' => 'Übernehmen',
'fwdfw rule action' => 'Regelaktion:',
'fwdfw rule activate' => 'Regel aktivieren',
'fwdfw rulepos' => 'Regelposition',
'fwdfw rules' => 'Regeln',
'fwdfw snat' => 'SNAT (ersetzt die Quell-IP-Adresse mit der hier konfigurierten)',
'fwdfw source' => 'Quelle',
'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
'fwdfw target' => 'Ziel',
'fwdfw targetip' => 'Zieladresse (IP/MAC-Adresse oder Netzwerk):',
'fwdfw till' => 'Bis:',
'fwdfw time' => 'Zeitrahmen',
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw toggle' => 'Aktivieren oder deaktivieren',
'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
'fwdfw use nat' => 'NAT benutzen',
'fwdfw use srcport' => 'Quellport benutzen',
'fwdfw use srv' => 'Zielport benutzen',
'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
'fwdfw wd_fri' => 'Fr',
'fwdfw wd_mon' => 'Mo',
'fwdfw wd_sat' => 'Sa',
'fwdfw wd_sun' => 'So',
'fwdfw wd_thu' => 'Do',
'fwdfw wd_tue' => 'Di',
'fwdfw wd_wed' => 'Mi',
'fwdfw xt access' => 'Input',
'fwhost addgrp' => 'Neue Gruppe hinzufügen:',
'fwhost addgrpname' => 'Gruppenname:',
'fwhost addhost' => 'Neuen Host hinzufügen:',
'fwhost addnet' => 'Neues Netzwerk hinzufügen:',
'fwhost addrule' => 'Regel hinzufügen/ändern:',
'fwhost addservice' => 'Neuen Dienst hinzufügen:',
'fwhost addservicegrp' => 'Neue Dienstgruppe hinzufügen:',
'fwhost any' => 'Alle',
'fwhost attention' => 'ACHTUNG',
'fwhost back' => 'Zurück',
'fwhost blue' => 'Blau',
'fwhost ccdhost' => 'OpenVPN-Clients:',
'fwhost ccdnet' => 'OpenVPN-Netzwerke:',
'fwhost change' => 'Ändern',
'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.',
'fwhost cust addr' => 'Hosts:',
'fwhost cust grp' => 'Gruppen:',
'fwhost cust net' => 'Netzwerke:',
'fwhost cust service' => 'Dienste:',
'fwhost cust srvgrp' => 'Dienstgruppen',
'fwhost deleted' => 'Gelöscht',
'fwhost empty' => 'Keine Regeln definiert',
'fwhost err addr' => 'IP-Adresse oder Subnetzmaske ungültig',
'fwhost err addrgrp' => 'Bitte Gruppennamen angeben',
'fwhost err empty' => 'Bitte alle Felder ausfüllen',
'fwhost err emptytable' => 'Keine Einträge in Gruppe',
'fwhost err groupempty' => 'Die gewählte Gruppe ist leer',
'fwhost err grpexist' => 'Die Gruppe existiert bereits',
'fwhost err hostexist' => 'Ein Host mit diesem Namen existiert bereits',
'fwhost err hostorip' => 'Name oder IP-Adresse ungültig',
'fwhost err ip' => 'IP-Adresse ungültig',
'fwhost err ipcheck' => 'Diese IP-Adresse wird bereits verwendet',
'fwhost err ipmac' => 'Ungültige IP/MAC-Addresse',
'fwhost err ipwithsub' => 'Bitte nur eine IP-Adresse (ohne Subnetzmaske) eingeben',
'fwhost err isccdhost' => 'Dieser Name wird bereits für einen OpenVPN-Host verwendet',
'fwhost err isccdiphost' => 'Diese IP-Adresse wird bereits für einen OpenVPN-Host verwendet',
'fwhost err isccdipnet' => 'Diese IP-Adresse wird bereits für einen OpenVPN-Netzwerk verwendet',
'fwhost err isccdnet' => 'Dieser Name wird bereits für einen OpenVPN-Netzwerk verwendet',
'fwhost err isingrp' => 'Dieser Eintrag existiert bereits in der Gruppe',
'fwhost err mac' => 'Ungültige MAC-Adresse',
'fwhost err name' => 'Ungültiger Name. Erlaubte Zeichen: Klein- und Großbuchstaben, Leerzeichen und Bindestrich.',
'fwhost err name1' => 'Der Name muss ausgefüllt sein',
'fwhost err net' => 'Netzwerk/IP-Adresse existiert bereits',
'fwhost err netexist' => 'Ein Netz mit diesem Namen existiert bereits',
'fwhost err partofnet' => 'Dieses Netzwerk ist ein Subnetz eines bereits existierenden Netzwerks',
'fwhost err port' => 'Port muss gefüllt sein',
'fwhost err remark' => 'Ungültige Bemerkung. Erlaubte Zeichen: Klein- und Großbuchstaben, Bindestrich, Unterstrich, Runde Klammern, Semikolon, Punkt.',
'fwhost err srv exists' => 'Ein Service mit diesem Namen existiert bereits',
'fwhost err srvexist' => 'Dieser Dienst ist bereits in der Gruppe',
'fwhost err sub32' => 'Bitte einen einzelnen Host hinzufügen, keine Netzwerke',
'fwhost green' => 'Grün',
'fwhost hint' => 'Hinweis',
'fwhost hosts' => 'Firewall-Hosts',
'fwhost icmptype' => 'ICMP-Typ:',
'fwhost ip_mac' => 'IP/MAC-Adresse',
'fwhost ipadr' => 'IP-Adresse:',
'fwhost ipsec host' => 'IPsec-Clients:',
'fwhost ipsec net' => 'IPsec-Netzwerke:',
'fwhost menu' => 'Firewallgruppen',
'fwhost netaddress' => 'Netzwerkadresse',
'fwhost newgrp' => 'Netzwerk-/Hostgruppen',
'fwhost newhost' => 'Hosts',
'fwhost newnet' => 'Netzwerke',
'fwhost newservice' => 'Dienst',
'fwhost newservicegrp' => 'Dienstgruppen',
'fwhost orange' => 'Orange',
'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
'fwhost port' => 'Port(s)',
'fwhost prot' => 'Protokoll',
'fwhost reread' => 'Die Firewallregeln müssen neu eingelesen werden.',
'fwhost reset' => 'Abbrechen',
'fwhost services' => 'Dienste',
'fwhost srv_name' => 'Dienstname',
'fwhost stdnet' => 'Standard-Netzwerke:',
'fwhost type' => 'Typ',
'fwhost used' => 'Genutzt',
'fwhost welcome' => 'Hier können einzelne Hosts, Netzwerke oder Dienste zu Gruppen zusammengefasst werden, was das erstellen von Firewallregeln einfacher und schneller macht.',
'fwhost wo subnet' => '(Ohne Subnetz)',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
'gen static key' => 'Statischen Schlüssel erzeugen',
@@ -1289,7 +1461,7 @@
'network traffic graphs others' => 'Netzwerk (sonstige)',
'network updated' => 'Benutzerdefiniertes Netzwerk aktualisiert',
'networks settings' => 'Firewall - Netzwerkeinstellungen',
'new optionsfw later' => 'Ihre Modifikation(en) wird (werden) beim nächsten Neustart aktiv werden',
'new optionsfw later' => 'Einige Einstellungen werden erst nach einem Neustart aktiv',
'new optionsfw must boot' => 'Sie müssen Ihren IPFire neu starten',
'newer' => 'Neuer',
'next' => 'Nächster',
@@ -1353,7 +1525,7 @@
'optional at cmd' => 'zusätzlicher Modembefehl',
'optional data' => '3. Optionale Einstellungen',
'options' => 'Optionen',
'options fw' => 'Firewall Optionen',
'options fw' => 'Firewall-Optionen',
'optionsfw portlist hint' => 'Die Liste der Ports muss durch ein Komma getrennt werden (z.B. 137,138). Sie können maximal bis zu 15 Ports pro Protokoll angeben.',
'optionsfw warning' => 'Verändern dieser Optionen bedingt einen Neustart der Firewall',
'or' => 'oder',
@@ -1553,6 +1725,7 @@
'reconnect' => 'Neu Verbinden',
'reconnection' => 'Wiederverbindung',
'red' => 'Internet',
'red1' => 'ROT',
'references' => 'Referenzen',
'refresh' => 'Aktualisieren',
'refresh index page while connected' => 'Aktualisere index.cgi Seite während der Verbindung',
@@ -2307,7 +2480,7 @@
'wlanap encryption' => 'Verschlüsselung',
'wlanap informations' => 'Informationen',
'wlanap interface' => 'Interface übernehmen',
'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 ASCII-Zeichen lang sein.',
'wlanap invalid wpa' => 'Ungültige Länge in WPA-Passphrase. Muss zwischen 8 und 63 Zeichen lang sein.',
'wlanap link dhcp' => 'Wireless Lan DHCP-Einstellungen',
'wlanap link wireless' => 'Wireless Lan Clients freischalten',
'wlanap no interface' => 'Ausgewähltes Interface ist keine WLAN-Karte!',

186
langs/en/cgi-bin/en.pl
View File

@@ -1,4 +1,4 @@
%tr = (
%tr = (
%tr,
'Act as' => 'Act as:',
@@ -187,7 +187,6 @@
'advproxy banned mac clients' => 'Banned MAC addresses (one per line)',
'advproxy cache management' => 'Cache management',
'advproxy cache replacement policy' => 'Cache replacement policy',
'advproxy cache-digest' => 'Enable Cache-Digest Generation',
'advproxy chgwebpwd ERROR' => 'E R R O R :',
'advproxy chgwebpwd SUCCESS' => 'S U C C E S S :',
'advproxy chgwebpwd change password' => 'Change password',
@@ -771,9 +770,13 @@
'download root certificate' => 'Download root certificate',
'dpd action' => 'Dead Peer Detection action',
'driver' => 'Driver',
'drop action' => 'Default behaviour of (forward) firewall in mode "Blocked"',
'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"',
'drop action2' => 'Default behaviour of (input) firewall',
'drop forward' => 'Log dropped forward packets',
'drop input' => 'Log dropped input packets',
'drop newnotsyn' => 'Log dropped new not syn packets',
'drop output' => 'Log dropped output packets',
'drop outgoing' => 'Log dropped outgoing packets',
'drop portscan' => 'Log dropped portscan packets',
'drop proxy' => 'Drop all packets not addressed to proxy',
'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
@@ -907,6 +910,7 @@
'fixed ip lease removed' => 'Fixed IP lease removed',
'force update' => 'Force update',
'force user' => 'force all new file to user',
'forward firewall' => 'Firewall',
'forwarding rule added' => 'Forwarding rule added; restarting forwarder',
'forwarding rule removed' => 'Forwarding rule removed; restarting forwarder',
'forwarding rule updated' => 'Forwarding rule updated; restarting forwarder',
@@ -924,7 +928,175 @@
'from email user' => 'From e-mail user',
'from warn email bad' => 'From e-mail address is not valid',
'fw blue' => 'Firewall options for BLUE interface',
'fw default drop' => 'Firewall policy',
'fw logging' => 'Firewall logging',
'fw settings' => 'Firewall settings',
'fw settings color' => 'Show colors in ruletable',
'fw settings dropdown' => 'Show all networks on rulecreation site',
'fw settings remark' => 'Show remarks in ruletable',
'fw settings ruletable' => 'Show empty ruletables',
'fwdfw ACCEPT' => 'ACCEPT',
'fwdfw DROP' => 'DROP',
'fwdfw MODE1' => 'Drop all packets',
'fwdfw MODE2' => 'Accept all packets',
'fwdfw REJECT' => 'REJECT',
'fwdfw action' => 'Action',
'fwdfw additional' => 'Additional settings',
'fwdfw addr grp' => 'Adress groups:',
'fwdfw addrule' => 'Add/Edit rule:',
'fwdfw change' => 'Update',
'fwdfw copy' => 'Copy',
'fwdfw cust addr' => 'Custom addresses:',
'fwdfw cust net' => 'Custom networks:',
'fwdfw delete' => 'Delete',
'fwdfw dnat' => 'Port forwarding/Destination NAT',
'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
'fwdfw edit' => 'Edit',
'fwdfw err nosrc' => 'No source selected.',
'fwdfw err nosrcip' => 'Please provide a source IP address.',
'fwdfw err notgt' => 'No destination selected.',
'fwdfw err notgtip' => 'Please provide a destination IP address.',
'fwdfw err prot' => 'Source and destination protocol need to match.',
'fwdfw err remark' => 'Invalid characters in remark.',
'fwdfw err ruleexists' => 'This rule already exists.',
'fwdfw err same' => 'Source and destination are identical.',
'fwdfw err samesub' => 'Source and destination IP addresses are from the same subnet.',
'fwdfw err src_addr' => 'Invalid source MAC/IP address.',
'fwdfw err srcovpn' => 'The entered source IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
'fwdfw err srcport' => 'Please provide a source port.',
'fwdfw err tgt_addr' => 'Invalid destination IP address.',
'fwdfw err tgt_grp' => 'The destination service group is empty',
'fwdfw err tgt_mac' => 'A MAC addresses cannot be used as destination.',
'fwdfw err tgt_port' => 'Invalid destination port.',
'fwdfw err tgtovpn' => 'The entered destination IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
'fwdfw err tgtport' => 'Please provide a destination port.',
'fwdfw err time' => 'You have to select at least one day.',
'fwdfw final_rule' => 'Last rule: ',
'fwdfw from' => 'From:',
'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ',
'fwdfw ipsec network' => 'IPsec networks:',
'fwdfw log rule' => 'Log rule',
'fwdfw man port' => 'Port(s):',
'fwdfw menu' => 'Firewall Rules',
'fwdfw movedown' => 'Move down',
'fwdfw moveup' => 'Move up',
'fwdfw natport used' => 'The given port for NAPT is already in use by an other DNAT rule.',
'fwdfw newrule' => 'New rule',
'fwdfw p2p txt' => 'Grant/deny access to P2P networks.',
'fwdfw pol allow' => 'Allowed',
'fwdfw pol block' => 'Blocked',
'fwdfw pol text' => 'Sets the default firewall behaviour for connections from local networks. You may either allow all new connections or block them by default. Connections between the local networks are also blocked in the latter mode.',
'fwdfw pol text1' => 'Sets the default firewall behaviour for connections initiated by the firewall itself. Attention! You may lock yourself out.',
'fwdfw pol title' => 'Default firewall behaviour',
'fwdfw red' => 'RED',
'fwdfw reread' => 'Apply',
'fwdfw rule action' => 'Rule action:',
'fwdfw rule activate' => 'Activate rule',
'fwdfw rulepos' => 'Rule position',
'fwdfw rules' => 'Rules',
'fwdfw snat' => 'SNAT (replace the source\'s IP address by this IP address)',
'fwdfw source' => 'Source',
'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
'fwdfw std network' => 'Standard networks:',
'fwdfw target' => 'Destination',
'fwdfw targetip' => 'Destination address (MAC/IP address or network):',
'fwdfw till' => 'Until:',
'fwdfw time' => 'Time Constraints',
'fwdfw timeframe' => 'Use time constraints',
'fwdfw toggle' => 'Activate or deactivate',
'fwdfw togglelog' => 'Activate or deactivate logging',
'fwdfw use nat' => 'Use NAT',
'fwdfw use srcport' => 'Use source port',
'fwdfw use srv' => 'Use destination port',
'fwdfw useless rule' => 'This rule is useless.',
'fwdfw wd_fri' => 'Fri',
'fwdfw wd_mon' => 'Mon',
'fwdfw wd_sat' => 'Sat',
'fwdfw wd_sun' => 'Sun',
'fwdfw wd_thu' => 'Thu',
'fwdfw wd_tue' => 'Tue',
'fwdfw wd_wed' => 'Wed',
'fwdfw xt access' => 'Input',
'fwhost addgrp' => 'Add new network/host group:',
'fwhost addgrpname' => 'Group name:',
'fwhost addhost' => 'Add new host:',
'fwhost addnet' => 'Add new hetwork:',
'fwhost addrule' => 'Add/edit rule:',
'fwhost addservice' => 'Add service:',
'fwhost addservicegrp' => 'Add new service group:',
'fwhost any' => 'Any',
'fwhost attention' => 'ATTENTION',
'fwhost back' => 'Back',
'fwhost blue' => 'Blue',
'fwhost ccdhost' => 'OpenVPN clients:',
'fwhost ccdnet' => 'OpenVPN networks:',
'fwhost change' => 'Modify',
'fwhost changeremark' => 'You modified just the remark',
'fwhost cust addr' => 'Hosts:',
'fwhost cust grp' => 'Network/Host Groups:',
'fwhost cust net' => 'Networks:',
'fwhost cust service' => 'Services:',
'fwhost cust srvgrp' => 'Service Groups:',
'fwhost deleted' => 'Deleted',
'fwhost empty' => 'No rules defined',
'fwhost err addr' => 'Invalid IP address or subnet',
'fwhost err addrgrp' => 'Please provide a group name',
'fwhost err empty' => 'Please fill in all input fields',
'fwhost err emptytable' => 'No entries in this group',
'fwhost err groupempty' => 'The selected group is empty',
'fwhost err grpexist' => 'Group already exists',
'fwhost err hostexist' => 'A host with the same name already exists',
'fwhost err hostorip' => 'Invalid name or IP address',
'fwhost err ip' => 'IP address invalid',
'fwhost err ipcheck' => 'This IP address is already in use',
'fwhost err ipmac' => 'IP/MAC address invalid',
'fwhost err ipwithsub' => 'Please provide only an IP address (without subnet mask)',
'fwhost err isccdhost' => 'This name is already used by an OpenVPN client connection',
'fwhost err isccdiphost' => 'This IP address is already used by an OpenVPN client connection',
'fwhost err isccdipnet' => 'This IP address is already used by an OpenVPN network connection',
'fwhost err isccdnet' => 'This name is already used by an OpenVPN network',
'fwhost err isingrp' => 'This entry already exists in the group',
'fwhost err mac' => 'Invalid MAC address',
'fwhost err name' => 'Invalid name. Allowed characters: Upper- and lowercase letters, digits, space and dash.',
'fwhost err name1' => 'Empty name.',
'fwhost err net' => 'Network/IP address already exists',
'fwhost err netexist' => 'A network with the same name already exists',
'fwhost err partofnet' => 'The network is a subnet of an already existing network.',
'fwhost err port' => 'Port is empty',
'fwhost err remark' => 'Invalid remark. Allowed characters: Upper- and lowercase letters, digits, space, dash, braces, semicolon, pipe and dot.',
'fwhost err srv exists' => 'A service with the same name already exists',
'fwhost err srvexist' => 'This service already exists in the group',
'fwhost err sub32' => 'Please add a single host, not a network.',
'fwhost green' => 'Green',
'fwhost hint' => 'Note',
'fwhost hosts' => 'Firewall Hosts',
'fwhost icmptype' => 'ICMP type:',
'fwhost ip_mac' => 'IP/MAC address',
'fwhost ipadr' => 'IP address:',
'fwhost ipsec host' => 'IPsec clients:',
'fwhost ipsec net' => 'IPsec networks:',
'fwhost menu' => 'Firewall Groups',
'fwhost netaddress' => 'Network address',
'fwhost newgrp' => 'Network/Host Groups',
'fwhost newhost' => 'Hosts',
'fwhost newnet' => 'Networks',
'fwhost newservice' => 'Services',
'fwhost newservicegrp' => 'Service Groups',
'fwhost orange' => 'Orange',
'fwhost ovpn_n2n' => 'OpenVPN Net-to-Net',
'fwhost port' => 'Port(s)',
'fwhost prot' => 'Protocol',
'fwhost reread' => 'Firewall rules need to be updated.',
'fwhost reset' => 'Cancel',
'fwhost services' => 'Services:',
'fwhost srv_name' => 'Service name',
'fwhost stdnet' => 'Standard networks:',
'fwhost type' => 'Type',
'fwhost used' => 'Used',
'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
'fwhost wo subnet' => '(without subnet)',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',
'gateway' => 'Gateway',
@@ -1317,7 +1489,7 @@
'network traffic graphs others' => 'Network (others)',
'network updated' => 'Custom Network updated',
'networks settings' => 'Firewall - Network settings',
'new optionsfw later' => 'Your modification(s) will be active on next restart',
'new optionsfw later' => 'Some options need a reboot to take effect',
'new optionsfw must boot' => 'You must reboot your IPFire',
'newer' => 'Newer',
'next' => 'next',
@@ -1543,7 +1715,7 @@
'profile saved' => 'Profile saved: ',
'profiles' => 'Profiles:',
'proto' => 'Proto',
'protocol' => 'Protocol:',
'protocol' => 'Protocol',
'proxy' => 'Proxy',
'proxy access graphs' => 'Proxy access graphs',
'proxy admin password' => 'Cache administrator password',
@@ -1584,6 +1756,7 @@
'reconnect' => 'Reconnect',
'reconnection' => 'Reconnection',
'red' => 'Internet',
'red1' => 'RED',
'references' => 'References',
'refresh' => 'Refresh',
'refresh index page while connected' => 'Refresh index.cgi page while connected',
@@ -2339,13 +2512,12 @@
'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
'wlanap access point' => 'Access Point',
'wlanap channel' => 'Channel',
'wlanap country' => 'Country Code',
'wlanap debugging' => 'Debugging',
'wlanap del interface' => 'Remove selected interface?',
'wlanap encryption' => 'Encryption',
'wlanap informations' => 'Informations',
'wlanap interface' => 'Select interface',
'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 ascii characters.',
'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 characters.',
'wlanap link dhcp' => 'Wireless lan DHCP configuration',
'wlanap link wireless' => 'Activate wireless lan clients',
'wlanap no interface' => 'Selected interface is not a wirless lan card!',

83
lfs/configroot
View File

@@ -50,59 +50,66 @@ $(TARGET) :
@$(PREBUILD)
# Create all directories
for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns dnsforward \
ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \
net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \
outgoing/groups/macgroups ovpn patches pakfire portfw ppp private proxy/advanced/cre \
for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \
ethernet extrahd/bin fwlogs fwhosts forward forward/bin isdn key langs logging mac main menu.d modem net-traffic \
net-traffic/templates nfs optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
wakeonlan wireless xtaccess ; do \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
# Touch empty files
for i in auth/users backup/include.user backup/exclude.user \
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
extrahd/scan extrahd/devices extrahd/partitions extrahd/settings forward/settings forward/config forward/input forward/outgoing forward/dmz forward/nat \
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
touch $(CONFIG_ROOT)/$$i; \
done
# Copy initial configfiles
cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list
cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl
cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler
cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/
cp $(DIR_SRC)/config/cfgroot/sensors-settings $(CONFIG_ROOT)/sensors/settings
cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults
cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings
cp $(DIR_SRC)/config/cfgroot/net-traffic-lib.pl $(CONFIG_ROOT)/net-traffic/net-traffic-lib.pl
cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl
cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl
cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
cp $(DIR_SRC)/config/cfgroot/p2protocols $(CONFIG_ROOT)/outgoing/p2protocols
cp $(DIR_SRC)/config/outgoingfw/outgoingfw.pl $(CONFIG_ROOT)/outgoing/bin/
cp $(DIR_SRC)/config/outgoingfw/defaultservices $(CONFIG_ROOT)/outgoing/
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/xtaccess-config $(CONFIG_ROOT)/xtaccess/config
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
cp $(DIR_SRC)/config/forwardfw/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
cp $(DIR_SRC)/config/forwardfw/convert-xtaccess /usr/sbin/convert-xtaccess
cp $(DIR_SRC)/config/forwardfw/convert-outgoingfw /usr/sbin/convert-outgoingfw
cp $(DIR_SRC)/config/forwardfw/convert-dmz /usr/sbin/convert-dmz
cp $(DIR_SRC)/config/forwardfw/convert-portfw /usr/sbin/convert-portfw
cp $(DIR_SRC)/config/forwardfw/p2protocols $(CONFIG_ROOT)/forward/p2protocols
cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
cp $(DIR_SRC)/config/forwardfw/firewall-policy /usr/sbin/firewall-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
@@ -110,11 +117,29 @@ $(TARGET) :
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPOUTPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPOUTPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY1=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY2=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPPORTSCAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPOUTGOING=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPSAMBA=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPPROXY=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWREMARK=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWCOLORS=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWTABLES=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSINPUT=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSFORWARD=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/forward/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/forward/settings
# set rules.pl executable
chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
# set converters executable
chmod 755 /usr/sbin/convert-*
# Modify variables in header.pl
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
-e "s+VERSION+$(VERSION)+g" \
@@ -131,7 +156,7 @@ $(TARGET) :
# Language files
cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/
# Configroot permissions
chown -R nobody:nobody $(CONFIG_ROOT)
chown root:root $(CONFIG_ROOT)
@@ -140,7 +165,5 @@ $(TARGET) :
done
chown root:nobody $(CONFIG_ROOT)/dhcpc
# Set outgoingfw.pl executable
chmod 755 $(CONFIG_ROOT)/outgoing/bin/outgoingfw.pl
@$(POSTBUILD)

9
lfs/initscripts
View File

@@ -179,20 +179,15 @@ $(TARGET) :
ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
ln -sf ../../firewall /etc/rc.d/init.d/networking/red.up/20-RL-firewall
ln -sf ../../../../../usr/local/bin/outgoingfwctrl \
/etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
ln -sf ../../../../../usr/local/bin/forwardfwctrl \
/etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
ln -sf ../../../../../usr/local/bin/snortctrl \
/etc/rc.d/init.d/networking/red.up/23-RS-snort
ln -sf ../../../../../usr/local/bin/qosctrl \
/etc/rc.d/init.d/networking/red.up/24-RS-qos
ln -sf ../../../../../usr/local/bin/setportfw \
/etc/rc.d/init.d/networking/red.up/25-portfw
ln -sf ../../../../../usr/local/bin/setxtaccess \
/etc/rc.d/init.d/networking/red.up/26-xtaccess
ln -sf ../../../../../usr/local/bin/dialctrl.pl \
/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
ln -sf ../../firewall /etc/rc.d/init.d/networking/red.down/20-RL-firewall
ln -sf ../../../../../usr/local/bin/dialctrl.pl \

3
lfs/strongswan
View File

@@ -76,8 +76,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \

380
src/initscripts/init.d/firewall
View File

@@ -68,11 +68,171 @@ iptables_init() {
# SYN/FIN (QueSO or nmap OS probe)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
# NEW TCP without SYN
/sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN
/sbin/iptables -A BADTCP -p tcp ! --syn -m conntrack --ctstate NEW -j NEWNOTSYN
/sbin/iptables -A INPUT -j BADTCP
/sbin/iptables -A FORWARD -j BADTCP
/sbin/iptables -A INPUT -p tcp -j BADTCP
/sbin/iptables -A FORWARD -p tcp -j BADTCP
# Connection tracking chain
/sbin/iptables -N CONNTRACK
/sbin/iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
# Guardian (IPS) chains
/sbin/iptables -N GUARDIAN
/sbin/iptables -A INPUT -j GUARDIAN
/sbin/iptables -A FORWARD -j GUARDIAN
# Block OpenVPN transfer networks
/sbin/iptables -N OVPNBLOCK
for i in INPUT FORWARD OUTPUT; do
/sbin/iptables -A ${i} -j OVPNBLOCK
done
# OpenVPN transfer network translation
/sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
# IPTV chains for IGMPPROXY
/sbin/iptables -N IPTVINPUT
/sbin/iptables -A INPUT -j IPTVINPUT
/sbin/iptables -N IPTVFORWARD
/sbin/iptables -A FORWARD -j IPTVFORWARD
# filtering from GUI
/sbin/iptables -N GUIINPUT
/sbin/iptables -A INPUT -j GUIINPUT
/sbin/iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT
# Accept everything on loopback
/sbin/iptables -N LOOPBACK
/sbin/iptables -A LOOPBACK -i lo -j ACCEPT
/sbin/iptables -A LOOPBACK -o lo -j ACCEPT
# Filter all packets with loopback addresses on non-loopback interfaces.
/sbin/iptables -A LOOPBACK -s 127.0.0.0/8 -j DROP
/sbin/iptables -A LOOPBACK -d 127.0.0.0/8 -j DROP
for i in INPUT FORWARD OUTPUT; do
/sbin/iptables -A ${i} -j LOOPBACK
done
# Accept everything connected
for i in INPUT FORWARD OUTPUT; do
/sbin/iptables -A ${i} -j CONNTRACK
done
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
/sbin/iptables -N IPSECINPUT
/sbin/iptables -N IPSECFORWARD
/sbin/iptables -N IPSECOUTPUT
/sbin/iptables -A INPUT -j IPSECINPUT
/sbin/iptables -A FORWARD -j IPSECFORWARD
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
/sbin/iptables -t nat -N IPSECNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# localhost and ethernet.
/sbin/iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m conntrack --ctstate NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
# TOR
/sbin/iptables -N TOR_INPUT
/sbin/iptables -A INPUT -j TOR_INPUT
# Jump into the actual firewall ruleset.
/sbin/iptables -N INPUTFW
/sbin/iptables -A INPUT -j INPUTFW
/sbin/iptables -N OUTGOINGFW
/sbin/iptables -A OUTPUT -j OUTGOINGFW
/sbin/iptables -N FORWARDFW
/sbin/iptables -A FORWARD -j FORWARDFW
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -N REDFORWARD
/sbin/iptables -A FORWARD -j REDFORWARD
/sbin/iptables -t nat -N REDNAT
/sbin/iptables -t nat -A POSTROUTING -j REDNAT
iptables_red
# Custom prerouting chains (for transparent proxy)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID
# DNAT rules
/sbin/iptables -t nat -N NAT_DESTINATION
/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
# SNAT rules
/sbin/iptables -t nat -N NAT_SOURCE
/sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW
/sbin/iptables -N UPNPFW
/sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local start
fi
# run openvpn
/usr/local/bin/openvpnctrl --create-chains-and-rules
# run wirelessctrl
/usr/local/bin/wirelessctrl
#POLICY CHAIN
/sbin/iptables -N POLICYIN
/sbin/iptables -A INPUT -j POLICYIN
/sbin/iptables -N POLICYFWD
/sbin/iptables -A FORWARD -j POLICYFWD
/sbin/iptables -N POLICYOUT
/sbin/iptables -A OUTPUT -j POLICYOUT
/usr/sbin/firewall-policy
# read new firewall
/usr/local/bin/forwardfwctrl
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
}
iptables_red() {
@@ -130,223 +290,23 @@ iptables_red() {
case "$1" in
start)
iptables_init
# Limit Packets- helps reduce dos/syn attacks
# original do nothing line
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
# the correct one, but the negative '!' do nothing...
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN ! -m limit --limit 10/sec -j DROP
# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N GUARDIAN
/sbin/iptables -A INPUT -j GUARDIAN
/sbin/iptables -A FORWARD -j GUARDIAN
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -N OUTGOINGFW
/sbin/iptables -N OUTGOINGFWMAC
/sbin/iptables -A OUTPUT -j OUTGOINGFW
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
# IPTV chains for IGMPPROXY
/sbin/iptables -N IPTVINPUT
/sbin/iptables -A INPUT -j IPTVINPUT
/sbin/iptables -N IPTVFORWARD
/sbin/iptables -A FORWARD -j IPTVFORWARD
# filtering from GUI
/sbin/iptables -N GUIINPUT
/sbin/iptables -A INPUT -j GUIINPUT
/sbin/iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT
# Accept everything connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
/sbin/iptables -N IPSECINPUT
/sbin/iptables -N IPSECFORWARD
/sbin/iptables -N IPSECOUTPUT
/sbin/iptables -N OPENSSLVIRTUAL
/sbin/iptables -A INPUT -j IPSECINPUT
/sbin/iptables -A INPUT -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL INPUT"
/sbin/iptables -A FORWARD -j IPSECFORWARD
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
/sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -N IPSECNAT
/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# TOR
/sbin/iptables -N TOR_INPUT
/sbin/iptables -A INPUT -j TOR_INPUT
# Outgoing Firewall
/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
/sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT ! -p icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
# If a host on orange tries to initiate a connection to IPFire's red IP and
# the connection gets DNATed back through a port forward to a server on orange
# we end up with orange -> orange traffic passing through IPFire
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
# OPenSSL
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -N REDFORWARD
/sbin/iptables -A FORWARD -j REDFORWARD
/sbin/iptables -t nat -N REDNAT
/sbin/iptables -t nat -A POSTROUTING -j REDNAT
iptables_red
# DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
# ORANGE to talk to GREEN / BLUE.
/sbin/iptables -N DMZHOLES
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
fi
# XTACCESS chain, used for external access
/sbin/iptables -N XTACCESS
/sbin/iptables -A INPUT -m state --state NEW -j XTACCESS
# PORTFWACCESS chain, used for portforwarding
/sbin/iptables -N PORTFWACCESS
/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
# Custom prerouting chains (for transparent proxy and port forwarding)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID
/sbin/iptables -t nat -N PORTFW
/sbin/iptables -t nat -A PREROUTING -j PORTFW
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW
/sbin/iptables -N UPNPFW
/sbin/iptables -A FORWARD -m state --state NEW -j UPNPFW
# Custom mangle chain (for port fowarding)
/sbin/iptables -t mangle -N PORTFWMANGLE
/sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE
# Postrouting rules (for port forwarding)
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
--to-source $GREEN_ADDRESS
if [ "$BLUE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
fi
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
fi
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local start
fi
# last rule in input and forward chain is for logging.
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPOUTPUT" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
;;
startovpn)
# run openvpn
/usr/local/bin/openvpnctrl --create-chains-and-rules
;;
stop)
iptables_init
# Accept everyting connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT
if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local stop
fi
if [ "$DROPINPUT" == "on" ]; then
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPOUTPUT" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
;;
stopovpn)
# stop openvpn
/usr/local/bin/openvpnctrl --delete-chains-and-rules
;;
;;
reload)
iptables_red
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local reload
fi
;;
restart)
$0 stop
$0 stopovpn
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local stop
fi
$0 start
$0 startovpn
;;
*)
echo "Usage: $0 {start|stop|reload|restart}"
echo "Usage: $0 {start|reload|restart}"
exit 1
;;
esac

4
src/initscripts/init.d/network
View File

@@ -47,9 +47,7 @@ init_networking() {
# (exit ${failed})
# evaluate_retval
boot_mesg "Setting up DMZ pinholes"
/usr/local/bin/setdmzholes; evaluate_retval
if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
boot_mesg "Setting up wireless firewall rules"
/usr/local/bin/wirelessctrl; evaluate_retval

19
src/misc-progs/Makefile
View File

@@ -24,11 +24,10 @@ CFLAGS=-O2 -Wall
COMPILE=$(CC) $(CFLAGS)
PROGS = iowrap
SUID_PROGS = setdmzholes setportfw setxtaccess \
squidctrl sshctrl ipfirereboot \
SUID_PROGS = squidctrl sshctrl ipfirereboot \
ipsecctrl timectrl dhcpctrl snortctrl \
applejuicectrl rebuildhosts backupctrl \
logwatch openvpnctrl outgoingfwctrl \
logwatch openvpnctrl forwardfwctrl \
wirelessctrl getipstat qosctrl launch-ether-wake \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
@@ -86,22 +85,16 @@ smartctrl: smartctrl.c setuid.o ../install+setup/libsmooth/varval.o
clamavctrl: clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ clamavctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
outgoingfwctrl: outgoingfwctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ outgoingfwctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
forwardfwctrl: forwardfwctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ forwardfwctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
timectrl: timectrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ timectrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
launch-ether-wake: launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ launch-ether-wake.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setdmzholes: setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setdmzholes.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setportfw: setportfw.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setportfw.c setuid.o ../install+setup/libsmooth/varval.o -o $@
rebuildhosts: rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ rebuildhosts.c setuid.o ../install+setup/libsmooth/varval.o -o $@

10
src/misc-progs/outgoingfwctrl.c → src/misc-progs/forwardfwctrl.c
View File

@@ -5,20 +5,12 @@
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
safe_system("chmod 755 /var/ipfire/outgoing/bin/outgoingfw.pl");
safe_system("/var/ipfire/outgoing/bin/outgoingfw.pl");
safe_system("/var/ipfire/forward/bin/rules.pl");
return 0;
}

49
src/misc-progs/openvpnctrl.c
View File

@@ -27,6 +27,7 @@ char enableorange[STRING_SIZE] = "off";
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
char OVPNNAT[STRING_SIZE] = "OVPNNAT";
char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
@@ -253,20 +254,13 @@ void setChainRules(char *chain, char *interface, char *protocol, char *port)
sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
executeCommand(str);
sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
executeCommand(str);
sprintf(str, "/sbin/iptables -A %sFORWARD -i tun+ -j ACCEPT", chain);
executeCommand(str);
}
void flushChain(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -F %sINPUT", chain);
sprintf(str, "/sbin/iptables -F %s", chain);
executeCommand(str);
sprintf(str, "/sbin/iptables -F %sFORWARD", chain);
executeCommand(str);
safe_system(str);
}
void flushChainNAT(char *chain) {
@@ -276,15 +270,18 @@ void flushChainNAT(char *chain) {
executeCommand(str);
}
void flushChainINPUT(char *chain) {
char str[STRING_SIZE];
snprintf(str, STRING_SIZE, "%sINPUT", chain);
flushChain(str);
}
void deleteChainReference(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain);
executeCommand(str);
safe_system(str);
sprintf(str, "/sbin/iptables -D FORWARD -j %sFORWARD", chain);
executeCommand(str);
safe_system(str);
}
void deleteChain(char *chain) {
@@ -292,8 +289,6 @@ void deleteChain(char *chain) {
sprintf(str, "/sbin/iptables -X %sINPUT", chain);
executeCommand(str);
sprintf(str, "/sbin/iptables -X %sFORWARD", chain);
executeCommand(str);
}
void deleteAllChains(void) {
@@ -301,28 +296,28 @@ void deleteAllChains(void) {
deleteChainReference(OVPNRED);
deleteChainReference(OVPNBLUE);
deleteChainReference(OVPNORANGE);
flushChain(OVPNRED);
flushChain(OVPNBLUE);
flushChain(OVPNORANGE);
flushChainINPUT(OVPNRED);
flushChainINPUT(OVPNBLUE);
flushChainINPUT(OVPNORANGE);
deleteChain(OVPNRED);
deleteChain(OVPNBLUE);
deleteChain(OVPNORANGE);
// Only flush chains that are created by the firewall
flushChain(OVPNBLOCK);
flushChainNAT(OVPNNAT);
}
void createChainReference(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain);
executeCommand(str);
sprintf(str, "/sbin/iptables -I FORWARD %s -j %sFORWARD", "12", chain);
executeCommand(str);
}
void createChain(char *chain) {
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -N %sINPUT", chain);
executeCommand(str);
sprintf(str, "/sbin/iptables -N %sFORWARD", chain);
executeCommand(str);
}
void createAllChains(void) {
@@ -471,9 +466,10 @@ void setFirewallRules(void) {
freekeyvalues(kv);
// Flush all chains.
flushChain(OVPNRED);
flushChain(OVPNBLUE);
flushChain(OVPNORANGE);
flushChainINPUT(OVPNRED);
flushChainINPUT(OVPNBLUE);
flushChainINPUT(OVPNORANGE);
flushChain(OVPNBLOCK);
flushChainNAT(OVPNNAT);
// set firewall rules
@@ -497,6 +493,11 @@ void setFirewallRules(void) {
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
/* Block all communication from the transfer nets. */
snprintf(command, STRING_SIZE, "/sbin/iptables -A %s -s %s -j DROP",
OVPNBLOCK, conn->transfer_subnet);
executeCommand(command);
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);

162
src/misc-progs/setdmzholes.c
View File

@@ -1,162 +0,0 @@
/* SmoothWall helper program - setdmzhole
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Daniel Goscomb, 2001
*
* Modifications and improvements by Lawrence Manning.
*
* 10/04/01 Aslak added protocol support
* This program reads the list of ports to forward and setups iptables
* and rules in ipmasqadm to enable them.
*
* $Id: setdmzholes.c,v 1.5.2.3 2005/10/18 17:05:27 franck78 Exp $
*
*/
#include "libsmooth.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "setuid.h"
FILE *fwdfile = NULL;
void exithandler(void)
{
if (fwdfile)
fclose(fwdfile);
}
int main(void)
{
int count;
char *protocol;
char *locip;
char *remip;
char *remport;
char *enabled;
char *src_net;
char *dst_net;
char s[STRING_SIZE];
char *result;
struct keyvalue *kv = NULL;
char orange_dev[STRING_SIZE] = "";
char blue_dev[STRING_SIZE] = "";
char green_dev[STRING_SIZE] = "";
char *idev;
char *odev;
char command[STRING_SIZE];
if (!(initsetuid()))
exit(1);
atexit(exithandler);
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "GREEN_DEV", green_dev))
{
fprintf(stderr, "Cannot read GREEN_DEV\n");
exit(1);
}
findkey(kv, "BLUE_DEV", blue_dev);
findkey(kv, "ORANGE_DEV", orange_dev);
if (!(fwdfile = fopen(CONFIG_ROOT "/dmzholes/config", "r")))
{
fprintf(stderr, "Couldn't open dmzholes settings file\n");
exit(1);
}
safe_system("/sbin/iptables -F DMZHOLES");
while (fgets(s, STRING_SIZE, fwdfile) != NULL)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
result = strtok(s, ",");
count = 0;
protocol = NULL;
locip = NULL; remip = NULL;
remport = NULL;
enabled = NULL;
src_net = NULL;
dst_net = NULL;
idev = NULL;
odev = NULL;
while (result)
{
if (count == 0)
protocol = result;
else if (count == 1)
locip = result;
else if (count == 2)
remip = result;
else if (count == 3)
remport = result;
else if (count == 4)
enabled = result;
else if (count == 5)
src_net = result;
else if (count == 6)
dst_net = result;
count++;
result = strtok(NULL, ",");
}
if (!(protocol && locip && remip && remport && enabled))
{
fprintf(stderr, "Bad line:\n");
break;
}
if (!VALID_PROTOCOL(protocol))
{
fprintf(stderr, "Bad protocol: %s\n", protocol);
exit(1);
}
if (!VALID_IP_AND_MASK(locip))
{
fprintf(stderr, "Bad local IP: %s\n", locip);
exit(1);
}
if (!VALID_IP_AND_MASK(remip))
{
fprintf(stderr, "Bad remote IP: %s\n", remip);
exit(1);
}
if (!VALID_PORT_RANGE(remport))
{
fprintf(stderr, "Bad remote port: %s\n", remport);
exit(1);
}
if (!src_net) { src_net = strdup ("orange");}
if (!dst_net) { dst_net = strdup ("green");}
if (!strcmp(src_net, "blue")) { idev = blue_dev; }
if (!strcmp(src_net, "orange")) { idev = orange_dev; }
if (!strcmp(dst_net, "blue")) { odev = blue_dev; }
if (!strcmp(dst_net, "green")) { odev = green_dev; }
if (!strcmp(enabled, "on") && strlen(idev) && strlen (odev))
{
char *ctr;
/* If remport contains a - we need to change it to a : */
if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A DMZHOLES -p %s -i %s -o %s -s %s -d %s --dport %s -j ACCEPT", protocol, idev, odev, locip, remip, remport);
safe_system(command);
}
}
return 0;
}

369
src/misc-progs/setportfw.c
View File

@@ -1,369 +0,0 @@
/* SmoothWall helper program - setportfw
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Daniel Goscomb, 2001
* Copyright (c) 2002/04/13 Steve Bootes - Added source ip support for aliases
*
* Modifications and improvements by Lawrence Manning.
*
* 10/04/01 Aslak added protocol support
* This program reads the list of ports to forward and setups iptables
* and rules in ipmasqadm to enable them.
*
* 02/11/03 Darren Critchley modifications to allow it to open multiple
* source ip addresses
* 02/25/03 Darren Critchley modifications to allow port ranges
* 04/01/03 Darren Critchley modifications to allow gre protocol
* 20/04/03 Robert Kerr Fixed root exploit, validated all variables properly,
* tidied up the iptables logic, killed duplicated code,
* removed srciptmp (unecessary)
*
* $Id: setportfw.c,v 1.3.2.6 2005/08/24 18:44:19 gespinasse Exp $
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "libsmooth.h"
#include "setuid.h"
struct keyvalue *kv = NULL;
FILE *fwdfile = NULL;
void exithandler(void)
{
if(kv)
freekeyvalues(kv);
if (fwdfile)
fclose(fwdfile);
}
int main(void)
{
FILE *ipfile = NULL, *ifacefile = NULL;
int count;
char iface[STRING_SIZE] ="";
char locip[STRING_SIZE] ="";
char greenip[STRING_SIZE] ="", greenmask[STRING_SIZE] ="";
char bluedev[STRING_SIZE] ="", blueip[STRING_SIZE] ="", bluemask[STRING_SIZE] ="";
char orangedev[STRING_SIZE] ="", orangeip[STRING_SIZE] ="", orangemask[STRING_SIZE] ="";
char *protocol;
char *srcip;
char *locport;
char *remip;
char *remport;
char *origip;
char *enabled;
char s[STRING_SIZE];
char *result;
char *key1;
char *key2;
char command[STRING_SIZE];
if (!(initsetuid()))
exit(1);
atexit(exithandler);
/* Read in and verify config */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
{
fprintf(stderr, "Cannot read ethernet settings\n");
exit(1);
}
if (!findkey(kv, "GREEN_ADDRESS", greenip))
{
fprintf(stderr, "Cannot read GREEN_ADDRESS\n");
exit(1);
}
if (!VALID_IP(greenip))
{
fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);
exit(1);
}
if (!findkey(kv, "GREEN_NETMASK", greenmask))
{
fprintf(stderr, "Cannot read GREEN_NETMASK\n");
exit(1);
}
if (!VALID_IP(greenmask))
{
fprintf(stderr, "Bad GREEN_NETMASK: %s\n", greenmask);
exit(1);
}
/* Get the BLUE interface details */
findkey(kv, "BLUE_DEV", bluedev);
if (strlen(bluedev))
{
if (!VALID_DEVICE(bluedev))
{
fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);
exit(1);
}
if (!findkey(kv, "BLUE_ADDRESS", blueip))
{
fprintf(stderr, "Cannot read BLUE_ADDRESS\n");
exit(1);
}
if (!VALID_IP(blueip))
{
fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);
exit(1);
}
if (!findkey(kv, "BLUE_NETMASK", bluemask))
{
fprintf(stderr, "Cannot read BLUE_NETMASK\n");
exit(1);
}
if (!VALID_IP(bluemask))
{
fprintf(stderr, "Bad BLUE_NETMASK: %s\n", bluemask);
exit(1);
}
}
/* Get the ORANGE interface details */
findkey(kv, "ORANGE_DEV", orangedev);
if (strlen(orangedev))
{
if (!VALID_DEVICE(orangedev))
{
fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);
exit(1);
}
if (!findkey(kv, "ORANGE_ADDRESS", orangeip))
{
fprintf(stderr, "Cannot read ORANGE_ADDRESS\n");
exit(1);
}
if (!VALID_IP(orangeip))
{
fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);
exit(1);
}
if (!findkey(kv, "ORANGE_NETMASK", orangemask))
{
fprintf(stderr, "Cannot read ORANGE_NETMASK\n");
exit(1);
}
if (!VALID_IP(orangemask))
{
fprintf(stderr, "Bad ORANGE_NETMASK: %s\n", orangemask);
exit(1);
}
}
if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
{
fprintf(stderr, "Couldn't open local ip file\n");
exit(1);
}
fgets(locip, STRING_SIZE, ipfile);
if (locip[strlen(locip) - 1] == '\n')
locip[strlen(locip) - 1] = '\0';
fclose (ipfile);
if (!VALID_IP(locip))
{
fprintf(stderr, "Bad local IP: %s\n", locip);
exit(1);
}
if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
{
fprintf(stderr, "Couldn't open iface file\n");
exit(1);
}
fgets(iface, STRING_SIZE, ifacefile);
if (iface[strlen(iface) - 1] == '\n')
iface[strlen(iface) - 1] = '\0';
fclose (ifacefile);
if (!VALID_DEVICE(iface))
{
fprintf(stderr, "Bad iface: %s\n", iface);
exit(1);
}
if (!(fwdfile = fopen(CONFIG_ROOT "/portfw/config", "r")))
{
fprintf(stderr, "Couldn't open portfw settings file\n");
exit(1);
}
safe_system("/sbin/iptables -t nat -F PORTFW");
safe_system("/sbin/iptables -t mangle -F PORTFWMANGLE");
safe_system("/sbin/iptables -F PORTFWACCESS");
while (fgets(s, STRING_SIZE, fwdfile) != NULL)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
result = strtok(s, ",");
count = 0;
key1 = NULL;
key2 = NULL;
protocol = NULL;
srcip = NULL;
locport = NULL;
remip = NULL;
origip = NULL;
remport = NULL;
enabled = NULL;
while (result)
{
if (count == 0)
key1 = result;
else if (count == 1)
key2 = result;
else if (count == 2)
protocol = result;
else if (count == 3)
locport = result;
else if (count == 4)
remip = result;
else if (count == 5)
remport = result;
else if (count == 6)
enabled = result;
else if (count == 7)
srcip = result;
else if (count == 8)
origip = result;
count++;
result = strtok(NULL, ",");
}
if (!(key1 && key2 && protocol && locport && remip && remport && enabled
&& srcip && origip))
break;
if (!VALID_PROTOCOL(protocol))
{
fprintf(stderr, "Bad protocol: %s\n", protocol);
exit(1);
}
if (strcmp(protocol, "gre") == 0)
{
locport = "0";
remport = "0";
}
if (strcmp(origip,"0") && !VALID_IP_AND_MASK(origip))
{
fprintf(stderr, "Bad IP: %s\n", origip);
exit(1);
}
if (!VALID_PORT_RANGE(locport))
{
fprintf(stderr, "Bad local port: %s\n", locport);
exit(1);
}
if (!VALID_IP(remip))
{
fprintf(stderr, "Bad remote IP: %s\n", remip);
exit(1);
}
if (!VALID_PORT_RANGE(remport))
{
fprintf(stderr, "Bad remote port: %s\n", remport);
exit(1);
}
/* check for source ip in config file. If it's there
* and it's not 0.0.0.0, use it; else use the
* local ip address. (This makes sure we can use old-style
* config files without the source ip) */
if (!srcip || !strcmp(srcip, "0.0.0.0"))
srcip = locip;
if (strcmp(srcip,"0") && !VALID_IP(srcip))
{
fprintf(stderr, "Bad source IP: %s\n", srcip);
exit(1);
}
/* This may seem complicated... refer to portfw.pl for an explanation of
* the keys and their meaning in certain circumstances */
if (strcmp(enabled, "on") == 0)
{
/* If key2 is a zero, then it is a portfw command, otherwise it is an
* external access command */
if (strcmp(key2, "0") == 0)
{
memset(command, 0, STRING_SIZE);
if (strcmp(protocol, "gre") == 0)
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A PORTFW -p %s -d %s -j DNAT --to %s", protocol, srcip, remip);
else
{
char *ctr;
/* If locport contains a - we need to change it to a : */
if ((ctr = strchr(locport, '-')) != NULL) {*ctr = ':';}
/* If remport contains a : we need to change it to a - */
if ((ctr = strchr(remport,':')) != NULL){*ctr = '-';}
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A PORTFW -p %s -d %s --dport %s -j DNAT --to %s:%s", protocol, srcip, locport, remip, remport);
safe_system(command);
/* Now if remport contains a - we need to change it to a : */
if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 1", protocol, greenip, greenmask, srcip, locport);
if (strlen(bluedev))
{
safe_system(command);
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 2", protocol, blueip, bluemask, srcip, locport);
}
if (strlen(orangedev))
{
safe_system(command);
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t mangle -A PORTFWMANGLE -p %s -s %s/%s -d %s --dport %s -j MARK --set-mark 3", protocol, orangeip, orangemask, srcip, locport);
}
}
safe_system(command);
}
/* if key2 is not "0" then it's an external access rule, if key2 is "0"
* then the portfw rule may contain external access information if origip
* is not "0" (the only defined not 0 value seems to be 0.0.0.0 - open
* to all; again, check portfw.pl for more details) */
if(strcmp(key2, "0") || strcmp(origip,"0") )
{
memset(command, 0, STRING_SIZE);
if (strcmp(protocol, "gre") == 0)
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A PORTFWACCESS -i %s -p %s -s %s -d %s -j ACCEPT", iface, protocol, origip, remip);
else
{
char *ctr;
/* If remport contains a - we need to change it to a : */
if ((ctr = strchr(remport,'-')) != NULL){*ctr = ':';}
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A PORTFWACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT", iface, protocol, origip, remip, remport);
}
safe_system(command);
}
}
}
return 0;
}

168
src/misc-progs/setxtaccess.c
View File

@@ -1,168 +0,0 @@
/* SmoothWall helper program - setxtaccess
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Daniel Goscomb, 2001
*
* Modifications and improvements by Lawrence Manning.
*
* 10/04/01 Aslak added protocol support
*
* (c) Steve Bootes 2002/04/14 - Added source IP support for aliases
*
* 19/04/03 Robert Kerr Fixed root exploit
*
* $Id: setxtaccess.c,v 1.3.2.1 2005/01/04 17:21:40 eoberlander Exp $
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "setuid.h"
FILE *ifacefile = NULL;
FILE *fwdfile = NULL;
FILE *ipfile = NULL;
void exithandler(void)
{
if (fwdfile)
fclose(fwdfile);
}
int main(void)
{
char iface[STRING_SIZE] = "";
char locip[STRING_SIZE] = "";
char s[STRING_SIZE] = "";
int count;
char *protocol;
char *destip;
char *remip;
char *locport;
char *enabled;
char *information;
char *result;
char command[STRING_SIZE];
if (!(initsetuid()))
exit(1);
atexit(exithandler);
if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
{
fprintf(stderr, "Couldn't open local ip file\n");
exit(1);
}
if (fgets(locip, STRING_SIZE, ipfile))
{
if (locip[strlen(locip) - 1] == '\n')
locip[strlen(locip) - 1] = '\0';
}
fclose (ipfile);
if (!VALID_IP(locip))
{
fprintf(stderr, "Bad local IP: %s\n", locip);
exit(1);
}
if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
{
fprintf(stderr, "Couldn't open iface file\n");
exit(1);
}
if (fgets(iface, STRING_SIZE, ifacefile))
{
if (iface[strlen(iface) - 1] == '\n')
iface[strlen(iface) - 1] = '\0';
}
fclose (ifacefile);
if (!VALID_DEVICE(iface))
{
fprintf(stderr, "Bad iface: %s\n", iface);
exit(1);
}
if (!(fwdfile = fopen(CONFIG_ROOT "/xtaccess/config", "r")))
{
fprintf(stderr, "Couldn't open xtaccess settings file\n");
exit(1);
}
safe_system("/sbin/iptables -F XTACCESS");
while (fgets(s, STRING_SIZE, fwdfile) != NULL)
{
if (s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
count = 0;
protocol = NULL;
remip = NULL;
destip = NULL;
locport = NULL;
enabled = NULL;
information = NULL;
result = strtok(s, ",");
while (result)
{
if (count == 0)
protocol = result;
else if (count == 1)
remip = result;
else if (count == 2)
locport = result;
else if (count == 3)
enabled = result;
else if (count == 4)
destip = result;
else
information = result;
count++;
result = strtok(NULL, ",");
}
if (!(protocol && remip && locport && enabled))
break;
if (!VALID_PROTOCOL(protocol))
{
fprintf(stderr, "Bad protocol: %s\n", protocol);
exit(1);
}
if (!VALID_IP_AND_MASK(remip))
{
fprintf(stderr, "Bad remote IP: %s\n", remip);
exit(1);
}
if (!VALID_PORT_RANGE(locport))
{
fprintf(stderr, "Bad local port: %s\n", locport);
exit(1);
}
/* check for destination ip in config file. If it's there
* and it's not 0.0.0.0, use it; else use the current
* local ip address. (This makes sure we can use old-style
* config files without the destination ip) */
if (!destip || !strcmp(destip, "0.0.0.0"))
destip = locip;
if (!VALID_IP(destip))
{
fprintf(stderr, "Bad destination IP: %s\n", remip);
exit(1);
}
if (strcmp(enabled, "on") == 0)
{
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A XTACCESS -i %s -p %s -s %s -d %s --dport %s -j ACCEPT",
iface, protocol, remip, destip, locport);
safe_system(command);
}
}
return 0;
}

12
src/misc-progs/wirelessctrl.c
View File

@@ -154,9 +154,7 @@ int main(void)
(VALID_IP_AND_MASK(ipaddress))) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s ! -o %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j RETURN", macaddress, ipaddress, blue_dev);
safe_system(command);
} else {
@@ -164,18 +162,14 @@ int main(void)
if (strlen(macaddress) == 17) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s ! -o %s -j ACCEPT", macaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j RETURN", macaddress, blue_dev);
safe_system(command);
}
if (VALID_IP_AND_MASK(ipaddress)) {
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s ! -o %s -j ACCEPT", ipaddress, blue_dev, green_dev);
safe_system(command);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j RETURN", ipaddress, blue_dev);
safe_system(command);
}
}

50
src/patches/strongswan-4.5.3_ipfire.patch → src/patches/strongswan-5.0.2_ipfire.patch
View File

@@ -1,7 +1,8 @@
diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_updown/_updown.in
--- strongswan-4.5.3.org/src/_updown/_updown.in 2010-10-22 16:33:30.000000000 +0200
+++ strongswan-4.5.3/src/_updown/_updown.in 2011-09-13 14:19:31.000000000 +0200
@@ -183,6 +183,29 @@
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index 3a40e21..d9f3ea0 100644
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -193,6 +193,29 @@ custom:*) # custom parameters (see above CAUTION comment)
;;
esac
@@ -31,7 +32,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
@@ -387,12 +410,12 @@
@@ -397,12 +420,12 @@ up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
@@ -47,7 +48,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
#
# log IPsec host connection setup
if [ $VPN_LOGGING ]
@@ -400,10 +423,10 @@
@@ -410,10 +433,10 @@ up-host:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
@@ -60,7 +61,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
fi
fi
;;
@@ -411,12 +434,12 @@
@@ -421,12 +444,12 @@ down-host:iptables)
# connection to me, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
@@ -76,7 +77,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
#
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
@@ -424,10 +447,10 @@
@@ -434,10 +457,10 @@ down-host:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
@@ -89,7 +90,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
fi
fi
;;
@@ -437,10 +460,10 @@
@@ -447,24 +470,24 @@ up-client:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
then
@@ -101,9 +102,11 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
+ iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
fi
@@ -449,12 +472,12 @@
#
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
@@ -119,7 +122,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
fi
#
# log IPsec client connection setup
@@ -463,12 +486,51 @@
@@ -473,12 +496,51 @@ up-client:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
@@ -173,7 +176,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
;;
down-client:iptables)
# connection to client subnet, with (left/right)firewall=yes, going down
@@ -476,11 +538,11 @@
@@ -486,28 +548,28 @@ down-client:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
then
@@ -187,8 +190,11 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
+ iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT \
$IPSEC_POLICY_IN -j ACCEPT
@@ -490,14 +552,14 @@
- $IPSEC_POLICY_IN -j ACCEPT
+ $IPSEC_POLICY_IN -j RETURN
fi
#
# a virtual IP requires an INPUT and OUTPUT rule on the host
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
@@ -206,7 +212,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
fi
#
# log IPsec client connection teardown
@@ -506,12 +568,51 @@
@@ -516,12 +578,51 @@ down-client:iptables)
if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
@@ -260,7 +266,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
;;
#
# IPv6
@@ -546,10 +647,10 @@
@@ -556,10 +657,10 @@ up-host-v6:iptables)
# connection to me, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
@@ -273,7 +279,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
@@ -570,10 +671,10 @@
@@ -580,10 +681,10 @@ down-host-v6:iptables)
# connection to me, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
@@ -286,7 +292,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
@@ -596,10 +697,10 @@
@@ -606,10 +707,10 @@ up-client-v6:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
then
@@ -299,7 +305,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
fi
@@ -608,10 +709,10 @@
@@ -618,10 +719,10 @@ up-client-v6:iptables)
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then
@@ -312,7 +318,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
-s $PLUTO_MY_CLIENT $S_MY_PORT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
@@ -635,11 +736,11 @@
@@ -645,11 +746,11 @@ down-client-v6:iptables)
# ones, so do not mess with it; see CAUTION comment up at top.
if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
then
@@ -326,7 +332,7 @@ diff -Naur strongswan-4.5.3.org/src/_updown/_updown.in strongswan-4.5.3/src/_upd
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT \
$IPSEC_POLICY_IN -j ACCEPT
@@ -649,11 +750,11 @@
@@ -659,11 +760,11 @@ down-client-v6:iptables)
# or sometimes host access via the internal IP is needed
if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
then