mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-16 05:53:00 +02:00
Forward Firewall: Bugfix: When creating a rule which results in an error, the counters in the firewallgroups where increased.
Bugfix: When using icmp-type "all" there was no rule created Conflicts: html/cgi-bin/forwardfw.cgi
This commit is contained in:
Alexander Marx
committed by
Michael Tremer
Michael Tremer
parent
318685daf4
commit
6233483ba7
@@ -146,8 +146,10 @@ sub buildrules
|
||||
my $nat;
|
||||
my $fwaccessdport;
|
||||
my $natchain;
|
||||
my $icmptype;
|
||||
foreach my $key (sort {$a <=> $b} keys %$hash){
|
||||
next if (($$hash{$key}[6] eq 'RED' || $$hash{$key}[6] eq 'RED1') && $conexists eq 'off' );
|
||||
$command="iptables -A";
|
||||
if ($$hash{$key}[28] eq 'ON'){
|
||||
$command='iptables -t nat -A';
|
||||
$natip=&get_nat_ip($$hash{$key}[29],$$hash{$key}[31]);
|
||||
@@ -260,10 +262,15 @@ sub buildrules
|
||||
if(substr($DPORT, 2, 4) eq 'icmp'){
|
||||
my @icmprule= split(",",substr($DPORT, 12,));
|
||||
foreach (@icmprule){
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
|
||||
$icmptype="--icmp-type ";
|
||||
if ($_ eq "BLANK") {
|
||||
$icmptype="";
|
||||
$_="";
|
||||
}
|
||||
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j LOG\n";
|
||||
}
|
||||
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]\n";
|
||||
}
|
||||
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
|
||||
$natchain='NAT_DESTINATION';
|
||||
@@ -289,7 +296,7 @@ sub buildrules
|
||||
$natchain='NAT_SOURCE';
|
||||
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
|
||||
}
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
if ($$hash{$key}[17] eq 'ON' ){
|
||||
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
|
||||
}
|
||||
if ($PROT ne '-p ICMP'){
|
||||
@@ -315,10 +322,15 @@ sub buildrules
|
||||
if(substr($DPORT, 2, 4) eq 'icmp'){
|
||||
my @icmprule= split(",",substr($DPORT, 12,));
|
||||
foreach (@icmprule){
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
|
||||
$icmptype="--icmp-type ";
|
||||
if ($_ eq "BLANK") {
|
||||
$icmptype="";
|
||||
$_="";
|
||||
}
|
||||
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j LOG");
|
||||
}
|
||||
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]");
|
||||
}
|
||||
#PROCESS DNAT RULE (Portforward)
|
||||
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
|
||||
@@ -346,7 +358,7 @@ sub buildrules
|
||||
$natchain='NAT_SOURCE';
|
||||
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
|
||||
}
|
||||
if ($$hash{$key}[17] eq 'ON'){
|
||||
if ($$hash{$key}[17] eq 'ON' && substr($DPORT, 2, 4) ne 'icmp'){
|
||||
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
|
||||
}
|
||||
#PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
|
||||
|
||||
@@ -183,19 +183,21 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
|
||||
$fwdfwsettings{'nosave2'} = 'on';
|
||||
}
|
||||
}
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
if ($fwdfwsettings{'nobase'} ne 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
}
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configinputfw,$configinput);
|
||||
if (!$errormessage){
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
if ($fwdfwsettings{'nobase'} ne 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
}
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configinputfw,$configinput);
|
||||
}
|
||||
}
|
||||
}elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
|
||||
# OUTGOING PART
|
||||
@@ -237,20 +239,22 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
|
||||
}
|
||||
}
|
||||
#increase counters
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nobase'} eq 'on'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configoutgoingfw,$configoutgoing);
|
||||
if (!$errormessage){
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nobase'} eq 'on'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configoutgoingfw,$configoutgoing);
|
||||
}
|
||||
}
|
||||
}else{
|
||||
#FORWARD PART
|
||||
@@ -292,21 +296,23 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
|
||||
}
|
||||
}
|
||||
#increase counters
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
if (!$errormessage){
|
||||
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
|
||||
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
|
||||
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
|
||||
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
|
||||
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nobase'} eq 'on'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configfwdfw,$configfwdfw);
|
||||
}
|
||||
}
|
||||
if ($fwdfwsettings{'nobase'} eq 'on'){
|
||||
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
|
||||
}
|
||||
if ($fwdfwsettings{'nosave2'} ne 'on'){
|
||||
&saverule(\%configfwdfw,$configfwdfw);
|
||||
}
|
||||
}
|
||||
if ($errormessage){
|
||||
&newrule;
|
||||
|
||||
@@ -47,8 +47,7 @@ my %ipsecsettings=();
|
||||
my %fwfwd=();
|
||||
my %fwinp=();
|
||||
my %ovpnsettings=();
|
||||
my %ipsecconf=();
|
||||
my %ipsecsettings=();
|
||||
|
||||
|
||||
my $errormessage;
|
||||
my $hint;
|
||||
@@ -65,7 +64,6 @@ my $fwconfigfwd = "${General::swroot}/forward/config";
|
||||
my $fwconfiginp = "${General::swroot}/forward/input";
|
||||
my $configovpn = "${General::swroot}/ovpn/settings";
|
||||
my $tdcolor='';
|
||||
my $configipsec = "${General::swroot}/vpn/config";
|
||||
my $configipsecrw = "${General::swroot}/vpn/settings";
|
||||
|
||||
unless (-e $confignet) { system("touch $confignet"); }
|
||||
|
||||
Reference in New Issue
Block a user