diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index d6a2f7504..e2e3d81b0 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -1,7 +1,10 @@ net.ipv4.ip_forward = 1 net.ipv4.ip_dynaddr = 1 + net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 +net.ipv4.icmp_ratelimit = 1000 +net.ipv4.icmp_ratemask = 6168 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 182c9482a..4bb40a4f9 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -70,6 +70,8 @@ my $netsettings = "${General::swroot}/ethernet/settings"; &General::readhasharray($configgrp, \%customgrp); &General::get_aliases(\%aliases); +my @log_limit_options = &make_log_limit_options(); + # MAIN &main(); @@ -305,7 +307,7 @@ sub buildrules { } if ($LOG) { - run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j LOG --log-prefix 'DNAT '"); + run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options @log_limit_options -j LOG --log-prefix 'DNAT '"); } run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j DNAT --to-destination $dnat_address"); @@ -317,7 +319,7 @@ sub buildrules { push(@nat_options, @destination_options); if ($LOG) { - run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j LOG --log-prefix 'SNAT '"); + run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options @log_limit_options -j LOG --log-prefix 'SNAT '"); } run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j SNAT --to-source $nat_address"); } @@ -328,7 +330,7 @@ sub buildrules { # Insert firewall rule. if ($LOG && !$NAT) { - run("$IPTABLES -A $chain @options -j LOG"); + run("$IPTABLES -A $chain @options @log_limit_options -j LOG --log-prefix '$chain '"); } run("$IPTABLES -A $chain @options -j $target"); } @@ -764,3 +766,18 @@ sub add_dnat_mangle_rules { run("$IPTABLES -t mangle -A $CHAIN_MANGLE_NAT_DESTINATION_FIX @mangle_options"); } } + +sub make_log_limit_options { + my @options = ("-m", "limit"); + + # Maybe we should get this from the configuration. + my $limit = 10; + + # We limit log messages to $limit messages per minute. + push(@options, ("--limit", "$limit/min")); + + # And we allow bursts of 2x $limit. + push(@options, ("--limit-burst", $limit * 2)); + + return @options; +} diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index dfc746d23..dcd3b08f7 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -333,7 +333,14 @@ CONFIG_ARCH_MULTIPLATFORM=y CONFIG_ARCH_MULTI_V7=y CONFIG_ARCH_MULTI_V6_V7=y # CONFIG_ARCH_MULTI_CPU_AUTO is not set -# CONFIG_ARCH_MVEBU is not set +CONFIG_ARCH_MVEBU=y + +# +# Marvell SOC with device tree +# +CONFIG_MACH_ARMADA_370_XP=y +CONFIG_MACH_ARMADA_370=y +CONFIG_MACH_ARMADA_XP=y # CONFIG_ARCH_BCM is not set # CONFIG_GPIO_PCA953X is not set CONFIG_KEYBOARD_GPIO_POLLED=m @@ -443,7 +450,7 @@ CONFIG_MACH_OMAP4_PANDA=y # CONFIG_OMAP3_SDRC_AC_TIMING is not set # CONFIG_ARCH_SOCFPGA is not set # CONFIG_PLAT_SPEAR is not set -# CONFIG_ARCH_SUNXI is not set +CONFIG_ARCH_SUNXI=y # CONFIG_ARCH_SIRF is not set # CONFIG_ARCH_TEGRA is not set # CONFIG_ARCH_U8500 is not set @@ -460,12 +467,14 @@ CONFIG_ARCH_VIRT=y CONFIG_ARCH_VT8500=y CONFIG_ARCH_WM8850=y CONFIG_ARCH_ZYNQ=y +CONFIG_PLAT_ORION=y CONFIG_PLAT_VERSATILE=y CONFIG_ARM_TIMER_SP804=y # # Processor Type # +CONFIG_CPU_PJ4B=y CONFIG_CPU_V7=y CONFIG_CPU_32v6K=y CONFIG_CPU_32v7=y @@ -502,6 +511,7 @@ CONFIG_ARM_L1_CACHE_SHIFT=6 CONFIG_ARM_DMA_MEM_BUFFERABLE=y CONFIG_ARM_NR_BANKS=8 CONFIG_MULTI_IRQ_HANDLER=y +CONFIG_PJ4B_ERRATA_4742=y CONFIG_ARM_ERRATA_430973=y CONFIG_PL310_ERRATA_588369=y CONFIG_ARM_ERRATA_643719=y @@ -1314,6 +1324,7 @@ CONFIG_CMA_AREAS=7 # # Bus devices # +CONFIG_MVEBU_MBUS=y CONFIG_OMAP_OCP2SCP=y CONFIG_OMAP_INTERCONNECT=y CONFIG_CONNECTOR=y @@ -1402,6 +1413,7 @@ CONFIG_MTD_NAND_IDS=y CONFIG_MTD_NAND_GPMI_NAND=m # CONFIG_MTD_NAND_PLATFORM is not set # CONFIG_MTD_ALAUDA is not set +CONFIG_MTD_NAND_ORION=y CONFIG_MTD_NAND_MXC=m # CONFIG_MTD_ONENAND is not set @@ -1945,7 +1957,9 @@ CONFIG_NET_VENDOR_I825XX=y CONFIG_IP1000=m CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y +CONFIG_MV643XX_ETH=m CONFIG_MVMDIO=m +CONFIG_MVNETA=m CONFIG_SKGE=m # CONFIG_SKGE_DEBUG is not set CONFIG_SKGE_GENESIS=y @@ -2542,8 +2556,10 @@ CONFIG_SERIAL_8250_RSA=y # # Non-8250 serial port support # -CONFIG_SERIAL_AMBA_PL010=m -CONFIG_SERIAL_AMBA_PL011=m +CONFIG_SERIAL_AMBA_PL010=y +CONFIG_SERIAL_AMBA_PL010_CONSOLE=y +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y # CONFIG_SERIAL_MFD_HSU is not set CONFIG_SERIAL_IMX=y CONFIG_SERIAL_IMX_CONSOLE=y @@ -2627,6 +2643,7 @@ CONFIG_I2C_CBUS_GPIO=m CONFIG_I2C_GPIO=m CONFIG_I2C_IMX=m # CONFIG_I2C_INTEL_MID is not set +CONFIG_I2C_MV64XXX=y CONFIG_I2C_NOMADIK=y # CONFIG_I2C_OCORES is not set CONFIG_I2C_OMAP=y @@ -2708,8 +2725,12 @@ CONFIG_PINCTRL_IMX51=y CONFIG_PINCTRL_IMX53=y CONFIG_PINCTRL_IMX6Q=y CONFIG_PINCTRL_SINGLE=y +CONFIG_PINCTRL_SUNXI=y # CONFIG_PINCTRL_EXYNOS is not set # CONFIG_PINCTRL_EXYNOS5440 is not set +CONFIG_PINCTRL_MVEBU=y +CONFIG_PINCTRL_ARMADA_370=y +CONFIG_PINCTRL_ARMADA_XP=y CONFIG_PINCTRL_WMT=y CONFIG_PINCTRL_WM8850=y CONFIG_ARCH_HAVE_CUSTOM_GPIO_H=y @@ -2727,6 +2748,7 @@ CONFIG_GPIO_GENERIC=y # CONFIG_GPIO_GENERIC_PLATFORM=y # CONFIG_GPIO_EM is not set +CONFIG_GPIO_MVEBU=y CONFIG_GPIO_MXC=y CONFIG_GPIO_PL061=y # CONFIG_GPIO_RCAR is not set @@ -2828,6 +2850,7 @@ CONFIG_CHARGER_TWL4030=y # CONFIG_BATTERY_GOLDFISH is not set CONFIG_POWER_RESET=y CONFIG_POWER_RESET_GPIO=y +CONFIG_POWER_RESET_QNAP=y CONFIG_POWER_RESET_RESTART=y CONFIG_POWER_RESET_VEXPRESS=y CONFIG_POWER_AVS=y @@ -2964,6 +2987,7 @@ CONFIG_THERMAL_GOV_USER_SPACE=y CONFIG_CPU_THERMAL=y CONFIG_THERMAL_EMULATION=y CONFIG_IMX_THERMAL=m +CONFIG_ARMADA_THERMAL=m CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y CONFIG_WATCHDOG_NOWAYOUT=y @@ -4147,6 +4171,7 @@ CONFIG_USB_EHCI_TT_NEWSCHED=y CONFIG_USB_EHCI_PCI=y CONFIG_USB_EHCI_MXC=m CONFIG_USB_EHCI_HCD_OMAP=y +CONFIG_USB_EHCI_HCD_ORION=y CONFIG_USB_EHCI_HCD_PLATFORM=y # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set @@ -4345,6 +4370,7 @@ CONFIG_MMC_OMAP=y CONFIG_MMC_OMAP_HS=y CONFIG_MMC_MXC=m # CONFIG_MMC_TIFM_SD is not set +CONFIG_MMC_MVSDIO=y # CONFIG_MMC_CB710 is not set # CONFIG_MMC_VIA_SDMMC is not set CONFIG_MMC_DW=m @@ -4495,6 +4521,7 @@ CONFIG_RTC_DRV_OMAP=y CONFIG_RTC_DRV_PL030=m CONFIG_RTC_DRV_PL031=m CONFIG_RTC_DRV_VT8500=m +CONFIG_RTC_DRV_MV=m CONFIG_RTC_DRV_MXC=m CONFIG_RTC_DRV_SNVS=m @@ -4508,8 +4535,10 @@ CONFIG_DMADEVICES=y # # DMA Devices # +CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y CONFIG_AMBA_PL08X=y # CONFIG_DW_DMAC is not set +CONFIG_MV_XOR=y CONFIG_MX3_IPU=y CONFIG_MX3_IPU_IRQS=4 CONFIG_TIMB_DMA=m @@ -4687,6 +4716,9 @@ CONFIG_COMMON_CLK=y CONFIG_COMMON_CLK_VERSATILE=y CONFIG_COMMON_CLK_SI5351=m CONFIG_COMMON_CLK_AXI_CLKGEN=m +CONFIG_MVEBU_CLK_CORE=y +CONFIG_MVEBU_CLK_CPU=y +CONFIG_MVEBU_CLK_GATING=y CONFIG_HWSPINLOCK=y # @@ -4695,6 +4727,8 @@ CONFIG_HWSPINLOCK=y CONFIG_HWSPINLOCK_OMAP=y CONFIG_CLKSRC_OF=y CONFIG_CLKSRC_MMIO=y +CONFIG_ARMADA_370_XP_TIMER=y +CONFIG_SUN4I_TIMER=y CONFIG_VT8500_TIMER=y CONFIG_CADENCE_TTC_TIMER=y CONFIG_ARM_ARCH_TIMER=y @@ -5457,7 +5491,9 @@ CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_HW=y -# CONFIG_CRYPTO_DEV_HIFN_795X is not set +CONFIG_CRYPTO_DEV_MV_CESA=m +CONFIG_CRYPTO_DEV_HIFN_795X=m +CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y CONFIG_CRYPTO_DEV_OMAP_SHAM=y CONFIG_CRYPTO_DEV_OMAP_AES=y CONFIG_ASYMMETRIC_KEY_TYPE=m diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 30c4d5529..89107a334 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -5,6 +5,12 @@ boot/dtb-KVER-ipfire-multi #boot/dtb-KVER-ipfire-multi/am335x-bone.dtb #boot/dtb-KVER-ipfire-multi/am335x-evm.dtb #boot/dtb-KVER-ipfire-multi/am335x-evmsk.dtb +#boot/dtb-KVER-ipfire-multi/armada-370-db.dtb +#boot/dtb-KVER-ipfire-multi/armada-370-mirabox.dtb +#boot/dtb-KVER-ipfire-multi/armada-370-rd.dtb +#boot/dtb-KVER-ipfire-multi/armada-xp-db.dtb +#boot/dtb-KVER-ipfire-multi/armada-xp-gp.dtb +#boot/dtb-KVER-ipfire-multi/armada-xp-openblocks-ax3-4.dtb #boot/dtb-KVER-ipfire-multi/imx25-karo-tx25.dtb #boot/dtb-KVER-ipfire-multi/imx25-pdk.dtb #boot/dtb-KVER-ipfire-multi/imx27-apf27.dtb @@ -45,6 +51,10 @@ boot/dtb-KVER-ipfire-multi #boot/dtb-KVER-ipfire-multi/omap4-sdp.dtb #boot/dtb-KVER-ipfire-multi/omap4-var-som.dtb #boot/dtb-KVER-ipfire-multi/omap5-evm.dtb +#boot/dtb-KVER-ipfire-multi/sun4i-a10-cubieboard.dtb +#boot/dtb-KVER-ipfire-multi/sun4i-a10-hackberry.dtb +#boot/dtb-KVER-ipfire-multi/sun4i-a10-mini-xplus.dtb +#boot/dtb-KVER-ipfire-multi/sun5i-a13-olinuxino.dtb #boot/dtb-KVER-ipfire-multi/vexpress-v2p-ca15-tc1.dtb #boot/dtb-KVER-ipfire-multi/vexpress-v2p-ca15_a7.dtb #boot/dtb-KVER-ipfire-multi/vexpress-v2p-ca5s.dtb @@ -181,6 +191,9 @@ lib/modules/KVER-ipfire-multi #lib/modules/KVER-ipfire-multi/kernel/drivers/clk/clk-si5351.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/cpufreq #lib/modules/KVER-ipfire-multi/kernel/drivers/cpufreq/imx6q-cpufreq.ko +#lib/modules/KVER-ipfire-multi/kernel/drivers/crypto +#lib/modules/KVER-ipfire-multi/kernel/drivers/crypto/hifn_795x.ko +#lib/modules/KVER-ipfire-multi/kernel/drivers/crypto/mv_cesa.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/dma #lib/modules/KVER-ipfire-multi/kernel/drivers/dma/timb_dma.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/firewire @@ -1135,7 +1148,9 @@ lib/modules/KVER-ipfire-multi #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/intel/ixgbe/ixgbe.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/jme.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell +#lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell/mv643xx_eth.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell/mvmdio.ko +#lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell/mvneta.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell/skge.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/marvell/sky2.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/mellanox @@ -1448,6 +1463,7 @@ lib/modules/KVER-ipfire-multi #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-m48t59.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-max6900.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-msm6242.ko +#lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-mv.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-mxc.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-pcf8523.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/rtc/rtc-pcf8563.ko @@ -1579,14 +1595,13 @@ lib/modules/KVER-ipfire-multi #lib/modules/KVER-ipfire-multi/kernel/drivers/staging/usbip/usbip-host.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/staging/usbip/vhci-hcd.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/thermal +#lib/modules/KVER-ipfire-multi/kernel/drivers/thermal/armada_thermal.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/thermal/imx_thermal.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/n_gsm.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/n_hdlc.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/n_r3964.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/serial -#lib/modules/KVER-ipfire-multi/kernel/drivers/tty/serial/amba-pl010.ko -#lib/modules/KVER-ipfire-multi/kernel/drivers/tty/serial/amba-pl011.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/serial/arc_uart.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/tty/serial/sccnxp.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/uio diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 7b75765b2..7bcb07964 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -21,7 +21,11 @@ use strict; use Sort::Naturally; +use utf8; +use feature 'unicode_strings'; + no warnings 'uninitialized'; + # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; @@ -194,6 +198,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} + #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -223,6 +228,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -264,6 +272,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -307,6 +318,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -498,8 +512,8 @@ sub checksource return $errormessage; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; - return $errormessage; + $fwdfwsettings{'grp1'}='std_net_src'; + $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL'; } #check empty fields @@ -599,8 +613,8 @@ sub checktarget return $errormessage; } }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err notgtip'}; - return $errormessage; + $fwdfwsettings{'grp2'}='std_net_tgt'; + $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL'; } #check for mac in targetgroup if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){ @@ -1286,6 +1300,12 @@ sub getcolor my $val=shift; my $hash=shift; if($optionsfw{'SHOWCOLORS'} eq 'on'){ + # Don't colourise MAC addresses + if (&General::validmac($val)) { + $tdcolor = ""; + return; + } + #custom Hosts if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ foreach my $key (sort keys %$hash){ @@ -1565,7 +1585,7 @@ sub newrule my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;} my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;} + if ($dcidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;} &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); #------SOURCE------------------------------------------------------- print "
"; @@ -2125,6 +2145,9 @@ sub saverule &changerule($configfwdfw); #print"6"; } + $fwdfwsettings{'ruleremark'}=~ s/,/;/g; + utf8::decode($fwdfwsettings{'ruleremark'}); + $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'}); if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; @@ -2260,22 +2283,19 @@ sub saverule sub validremark { # Checks a hostname against RFC1035 - my $remark = $_[0]; + my $remark = $_[0]; - # Each part should be at least two characters in length - # but no more than 63 characters - if (length ($remark) < 1 || length ($remark) > 255) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9(]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { - return 0;} - return 1; + # Try to decode $remark into UTF-8. If this doesn't work, + # we assume that the string it not sane. + if (!utf8::decode($remark)) { + return 0; + } + + # Check if the string only contains of printable characters. + if ($remark =~ /^[[:print:]]*$/) { + return 1; + } + return 0; } sub viewtablerule { diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index efcdfb933..049233c43 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -48,7 +48,7 @@ my %fwfwd=(); my %fwinp=(); my %fwout=(); my %ovpnsettings=(); - +my %netsettings=(); my $errormessage; my $hint; @@ -80,7 +80,7 @@ unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } &General::readhash("$configovpn", \%ovpnsettings); &General::readhasharray("$configipsec", \%ipsecconf); &General::readhash("$configipsecrw", \%ipsecsettings); - +&General::readhash("/var/ipfire/ethernet/settings", \%netsettings); &Header::getcgihash(\%fwhostsettings); &Header::showhttpheaders(); @@ -1211,12 +1211,12 @@ sub addgrp print< - $Lang::tr{'fwhost addgrpname'} - + $Lang::tr{'fwhost addgrpname'} + - $Lang::tr{'remark'}: - + $Lang::tr{'remark'}: +
@@ -1225,16 +1225,16 @@ sub addgrp END }else{ print< + - - + + - +
$Lang::tr{'fwhost addgrpname'}$Lang::tr{'fwhost addgrpname'}
$Lang::tr{'remark'}:
@@ -1246,8 +1246,16 @@ END
- -
$Lang::tr{'fwhost stdnet'} + + + "; if (! -z $confignet){ - print" + "; } if (! -z $confighost){ - print" +
+ + +
$Lang::tr{'fwhost cust net'}: + + +
$Lang::tr{'fwhost cust addr'}: + + +
"; #Inner table right - print"		"; + print""; + print""; print< @@ -1516,50 +1581,79 @@ END sub getcolor { my $c=shift; + my $sip; + my $scidr; + #Check if MAC + if (&General::validmac($c)){ return $c;} + + #Check if we got a full IP with subnet then split it + if($c =~ /^(.*?)\/(.*?)$/){ + ($sip,$scidr) = split ("/",$c); + }else{ + $sip=$c; + } + + #Now check if IP is part of ORANGE,BLUE or GREEN + if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ + $tdcolor="$c"; + return $tdcolor; + } + if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){ + $tdcolor="$c"; + return $tdcolor; + } + if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){ + $tdcolor="$c"; + return $tdcolor; + } + #Check if IP is part of OpenVPN N2N subnet foreach my $key (sort keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ my ($a,$b) = split("/",$ccdhost{$key}[11]); - if (&General::IpInSubnet($c,$a,$b)){ - $tdcolor="style='color:$Header::colourovpn ;'"; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="$c"; return $tdcolor; } } } + #Check if IP is part of OpenVPN dynamic subnet my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); - if (&General::IpInSubnet($c,$a,$b)){ - $tdcolor="style='color: $Header::colourovpn;'"; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="$c"; return $tdcolor; } + #Check if IP is part of OpenVPN static subnet foreach my $key (sort keys %ccdnet){ my ($a,$b) = split("/",$ccdnet{$key}[1]); $b =&General::iporsubtodec($b); - if (&General::IpInSubnet($c,$a,$b)){ - $tdcolor="style='color: $Header::colourovpn;'"; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="$c"; return $tdcolor; } } + #Check if IP is part of IPsec RW network if ($ipsecsettings{'RW_NET'} ne ''){ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'}); $b=&General::iporsubtodec($b); - if (&General::IpInSubnet($c,$a,$b)){ - $tdcolor="style='color: $Header::colourvpn;'"; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="$c"; return $tdcolor; } } + #Check if IP is part of a IPsec N2N network foreach my $key (sort keys %ipsecconf){ my ($a,$b) = split("/",$ipsecconf{$key}[11]); - if (&General::IpInSubnet($c,$a,$b)){ - $tdcolor="style='color: $Header::colourvpn;'"; + if (&General::IpInSubnet($sip,$a,$b)){ + $tdcolor="$c"; return $tdcolor; } } - $tdcolor=''; - return $tdcolor; + return "$c"; } sub viewtablehost { @@ -1598,7 +1692,7 @@ END $customhost{$key}[4]=~s/\s+//g; my $hostcount=0; $hostcount=&gethostcount($customhost{$key}[0]); - print""; + print""; print< @@ -1709,7 +1803,7 @@ sub viewtablegrp }else{ my ($colip,$colsub) = split("/",$ip); $ip="$colip/".&General::subtocidr($colsub) if ($colsub); - print"
"; #OVPN networks if (! -z $configccdnet){ - print" + + + +
$Lang::tr{'fwhost ccdnet'} + $Lang::tr{'fwhost ccdnet'} + + + $Lang::tr{'fwhost ccdhost'} + $Lang::tr{'fwhost ccdhost'} + + + $Lang::tr{'fwhost ovpn_n2n'}: + $Lang::tr{'fwhost ovpn_n2n'}: + + + $Lang::tr{'fwhost ipsec net'} + $Lang::tr{'fwhost ipsec net'} + + + "; - print"
"; + print"
"; &Header::closebox(); } sub addservice @@ -1464,6 +1528,7 @@ sub viewtablenet &General::readhasharray("$fwconfigfwd", \%fwfwd); &General::readhasharray("$fwconfiginp", \%fwinp); &General::readhasharray("$fwconfigout", \%fwout); + if (!keys %customnetwork) { print "
$Lang::tr{'fwhost empty'}"; @@ -1490,7 +1555,7 @@ END } my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]); my $netcount=&getnetcount($customnetwork{$key}[0]); - print"
$customnetwork{$key}[0]
".&Header::colorize($colnet)."$customnetwork{$key}[3]$netcount x$customnetwork{$key}[0]".&getcolor($colnet)."$customnetwork{$key}[3]$netcount x$customhost{$key}[0]".&Header::colorize($ip)."$customhost{$key}[3]$hostcount x$customhost{$key}[0]".&getcolor($ip)."$customhost{$key}[3]$hostcount x".&Header::colorize($ip)."$customgrp{$key}[3]"; + print"".&getcolor($ip)."$customgrp{$key}[3]"; } if ($delflag > 0 && $ip ne ''){ print""; @@ -1920,7 +2014,7 @@ sub checkname } sub checkgroup { - &General::readhasharray("$configsrvgrp", \%customservicegrp ); + &General::readhasharray("$configgrp", \%customgrp ); my $name=shift; foreach my $key (keys %customservicegrp) { if($customservicegrp{$key}[0] eq $name){ diff --git a/html/cgi-bin/gpl.cgi b/html/cgi-bin/gpl.cgi index 5cfbebd15..94187ce7a 100644 --- a/html/cgi-bin/gpl.cgi +++ b/html/cgi-bin/gpl.cgi @@ -29,28 +29,29 @@ require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "/opt/pakfire/lib/functions.pl"; +# If the license has already been accepted. +if ( -e "/var/ipfire/main/gpl_accepted" ) { + &redirect(); +} my %cgiparams; -my $refresh; - -if ( -e "/var/ipfire/main/gpl_accepted" ) { - print "Status: 302 Moved Temporarily\n"; - print "Location: index.cgi\n\n"; - exit (0); -} -&Header::showhttpheaders(); - $cgiparams{'ACTION'} = ''; + &Header::getcgihash(\%cgiparams); -&Header::openpage($Lang::tr{'main page'}, 1, $refresh); -&Header::openbigbox('', 'center'); +# Check if the license agreement has been accepted. +if ($cgiparams{'ACTION'} eq "$Lang::tr{'yes'}" && $cgiparams{'gpl_accepted'} eq '1') { + open(FILE, ">/var/ipfire/main/gpl_accepted"); + close(FILE); -# licence agreement -if ($cgiparams{'ACTION'} eq $Lang::tr{'yes'} && $cgiparams{'gpl_accepted'} eq '1') { - system('touch /var/ipfire/main/gpl_accepted'); + &redirect(); } +&Header::showhttpheaders(); + +&Header::openpage($Lang::tr{'main page'}, 1); +&Header::openbigbox('', 'center'); + &Header::openbox('100%', 'left', $Lang::tr{'gpl license agreement'}); print <