mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 11:43:25 +02:00
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
This commit is contained in:
Alexander Marx
@@ -251,7 +251,6 @@ sub buildrules
|
|||||||
#print rules to console
|
#print rules to console
|
||||||
foreach my $DPROT (@DPROT){
|
foreach my $DPROT (@DPROT){
|
||||||
$DPORT = &get_port($hash,$key,$DPROT);
|
$DPORT = &get_port($hash,$key,$DPROT);
|
||||||
print "uzlputz DPROT= $DPROT $DPORT\n";
|
|
||||||
$PROT=$DPROT;
|
$PROT=$DPROT;
|
||||||
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
|
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
|
||||||
foreach my $a (sort keys %sourcehash){
|
foreach my $a (sort keys %sourcehash){
|
||||||
@@ -593,6 +592,8 @@ sub get_port
|
|||||||
}else{
|
}else{
|
||||||
return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
|
return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
|
||||||
}
|
}
|
||||||
|
}elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){ #When PROT is ICMP and "use targetport is checked, this is an icmp-service
|
||||||
|
return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
|
||||||
}
|
}
|
||||||
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
|
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
|
||||||
if ($prot ne 'ICMP'){
|
if ($prot ne 'ICMP'){
|
||||||
|
|||||||
@@ -805,7 +805,17 @@ sub checkrule
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#check source and destination protocol if source manual and dest single service
|
#When using source- or targetport, the protocol has to be TCP or UDP
|
||||||
|
if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){
|
||||||
|
$errormessage.=$Lang::tr{'fwdfw err prot_port1'};
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#when icmp selected, no targetport allowed
|
||||||
|
if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
|
||||||
|
$errormessage.=$Lang::tr{'fwdfw err prot_port'};
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#change protocol if prot not equal dest single service
|
||||||
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
|
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
|
||||||
foreach my $key (sort keys %customservice){
|
foreach my $key (sort keys %customservice){
|
||||||
if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
|
if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
|
||||||
@@ -826,7 +836,7 @@ sub checkrule
|
|||||||
if ($fwdfwsettings{'PROT'} eq 'ICMP'){
|
if ($fwdfwsettings{'PROT'} eq 'ICMP'){
|
||||||
$fwdfwsettings{'USE_SRC_PORT'}='';
|
$fwdfwsettings{'USE_SRC_PORT'}='';
|
||||||
$fwdfwsettings{'SRC_PORT'}='';
|
$fwdfwsettings{'SRC_PORT'}='';
|
||||||
$fwdfwsettings{'USESRV'}='';
|
#$fwdfwsettings{'USESRV'}='';
|
||||||
$fwdfwsettings{'TGT_PORT'}='';
|
$fwdfwsettings{'TGT_PORT'}='';
|
||||||
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
|
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
|
||||||
foreach my $key (keys %icmptypes){
|
foreach my $key (keys %icmptypes){
|
||||||
@@ -1254,7 +1264,7 @@ sub get_serviceports
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if($tcp && $udp && $icmp){
|
if($tcp && $udp && $icmp){
|
||||||
push (@protocols,"All");
|
push (@protocols,"TCP,UDP, <br>ICMP");
|
||||||
return @protocols;
|
return @protocols;
|
||||||
}
|
}
|
||||||
if($tcp){
|
if($tcp){
|
||||||
@@ -1656,7 +1666,7 @@ END
|
|||||||
<tr><td><select name='PROT' id='PROT' onchange="getdropdown()">
|
<tr><td><select name='PROT' id='PROT' onchange="getdropdown()">
|
||||||
END
|
END
|
||||||
if ($fwdfwsettings{'PROT'} eq ''){
|
if ($fwdfwsettings{'PROT'} eq ''){
|
||||||
print"<option selected>$Lang::tr{'all'}</option>";
|
print"<option value='' selected>$Lang::tr{'all'}</option>";
|
||||||
}else{
|
}else{
|
||||||
print"<option value=''>$Lang::tr{'all'}</option>";
|
print"<option value=''>$Lang::tr{'all'}</option>";
|
||||||
}
|
}
|
||||||
@@ -2244,7 +2254,7 @@ END
|
|||||||
push (@protocols,$Lang::tr{'all'});
|
push (@protocols,$Lang::tr{'all'});
|
||||||
}
|
}
|
||||||
my $protz=join(",",@protocols);
|
my $protz=join(",",@protocols);
|
||||||
if($protz eq 'ICMP'){
|
if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types'){
|
||||||
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
|
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
|
||||||
foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
|
foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
|
||||||
if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
|
if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
|
||||||
|
|||||||
@@ -933,6 +933,8 @@
|
|||||||
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
|
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
|
||||||
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
|
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
|
||||||
'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
|
'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
|
||||||
|
'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt',
|
||||||
|
'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.',
|
||||||
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
|
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
|
||||||
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
|
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
|
||||||
'fwdfw err same' => 'Quelle und Ziel sind identisch',
|
'fwdfw err same' => 'Quelle und Ziel sind identisch',
|
||||||
|
|||||||
@@ -958,6 +958,8 @@
|
|||||||
'fwdfw err notgt' => 'No destination selected.',
|
'fwdfw err notgt' => 'No destination selected.',
|
||||||
'fwdfw err notgtip' => 'Please provide a destination IP address.',
|
'fwdfw err notgtip' => 'Please provide a destination IP address.',
|
||||||
'fwdfw err prot' => 'Source and destination protocol need to match.',
|
'fwdfw err prot' => 'Source and destination protocol need to match.',
|
||||||
|
'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol',
|
||||||
|
'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol',
|
||||||
'fwdfw err remark' => 'Invalid characters in remark.',
|
'fwdfw err remark' => 'Invalid characters in remark.',
|
||||||
'fwdfw err ruleexists' => 'This rule already exists.',
|
'fwdfw err ruleexists' => 'This rule already exists.',
|
||||||
'fwdfw err same' => 'Source and destination are identical.',
|
'fwdfw err same' => 'Source and destination are identical.',
|
||||||
|
|||||||
Reference in New Issue
Block a user