webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: fixed 12 Bugs from forum.

Browse Source 
1) Added more possible chars in remark: : / .
2) Added "Internet" to std networks to be able to define internetaccess
3) When renaming a custom address, the firewallrules get updated
4) Ports are now ignored when using GRE as Protocol
5) When saving a customservice, the cursor is now in first textfield
6) Added a customservices file to installation with predefined services
7) Added ESP as protocol
8) Fixed counterproblem
9) Dropdownboxes for customservices and groups now sorted
10) Firewallrules now sorted in right order
11) fixed a Bug when defining manual address in source and target, the hint message is no longer displayed
12) When defining an external access rule, the last forwardrule was deleted
This commit is contained in:
Alexander Marx
2013-01-09 10:22:32 +01:00
committed by Michael Tremer
parent af8bc0d0a8
commit 62fc851166
14 changed files with 224 additions and 1488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
config/forwardfw/firewall-forward-policy Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/sh
eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
iptables -F POLICY
if [ "$POLICY" == "MODE1" ]; then
if [ "$FWPOLICY" == "REJECT" ]; then
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
fi
/sbin/iptables -A POLICY -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
fi
if [ "$FWPOLICY" == "DROP" ]; then
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A POLICY -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
fi
/sbin/iptables -A POLICY -j DROP -m comment --comment "DROP_OUTPUT"
fi
fi

2
config/forwardfw/firewall-lib.pl
View File

@@ -215,6 +215,8 @@ sub get_std_net_ip
return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
}elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
return "0.0.0.0/0 -o red0";
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){

22
config/forwardfw/rules.pl
View File

@@ -88,10 +88,11 @@ if($param eq 'flush'){
&preparerules;
if($MODE eq '0'){
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
#system ("iptables -A $CHAIN -j DROP");
system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
#system ("iptables -A $CHAIN -j ACCEPT");
system ("/usr/sbin/firewall-forward-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE0' || $fwdfwsettings{'POLICY'} eq 'MODE2'){
system ("/usr/sbin/firewall-forward-policy");
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
}
}
@@ -113,9 +114,7 @@ sub preparerules
}
sub buildrules
{
my $hash=shift;
foreach my $key (sort keys %$hash){
if($$hash{$key}[2] eq 'ON'){
#get source ip's
@@ -163,7 +162,7 @@ sub buildrules
if ($DPROT eq ''){$DPROT=' ';}
@DPROT=split(",",$DPROT);
#get time if defined
if($$hash{$key}[18] eq 'ON'){
if($$hash{$key}[19] ne ''){push (@timeframe,"Mon");}
@@ -178,7 +177,7 @@ sub buildrules
$TIMETILL="--timestop $$hash{$key}[27] ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
}
if ($MODE eq '1'){
print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){
@@ -187,7 +186,7 @@ sub buildrules
print "\n";
print"##################################\n";
#print rules to console
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
@@ -206,7 +205,7 @@ sub buildrules
}
print"\n";
}
}elsif($MODE eq '0'){
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
@@ -302,11 +301,12 @@ sub get_port
if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
if ($$hash{$key}[10] ne ''){
return "--sport $$hash{$key}[10] ";
}elsif($$hash{$key}[9] ne ''){
}elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[9] ";
}elsif($$hash{$key}[9] eq 'All ICMP-Types'){
return;
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
if($$hash{$key}[14] eq 'TGT_PORT'){
if ($$hash{$key}[15] ne ''){
return "--dport $$hash{$key}[15] ";
@@ -330,8 +330,6 @@ sub get_port
elsif($prot eq 'ICMP'){
return &fwlib::get_srvgrp_port($$hash{$key}[15],$prot);
}
}
}
}

2
config/rootfiles/common/apache2
View File

@@ -1390,7 +1390,7 @@ srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/dns.cgi
srv/web/ipfire/cgi-bin/ddns.cgi
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/dmzholes.cgi
#srv/web/ipfire/cgi-bin/dmzholes.cgi
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
srv/web/ipfire/cgi-bin/forwardfw.cgi

1
config/rootfiles/common/stage2
View File

@@ -109,6 +109,7 @@ usr/local/bin/update-lang-cache
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
usr/sbin/firewall-forward-policy
#usr/share
#usr/share/doc
#usr/share/doc/licenses

446
html/cgi-bin/dmzholes.cgi
View File

@@ -1,446 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table2colour}, ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my %netsettings=();
my $errormessage = '';
my $filename = "${General::swroot}/dmzholes/config";
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'REMARK'} = '';
$cgiparams{'ACTION'} = '';
$cgiparams{'SRC_IP'} = '';
$cgiparams{'DEST_IP'} ='';
$cgiparams{'DEST_PORT'} = '';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
unless($cgiparams{'PROTOCOL'} =~ /^(tcp|udp)$/) { $errormessage = $Lang::tr{'invalid input'}; }
unless(&General::validipormask($cgiparams{'SRC_IP'})) { $errormessage = $Lang::tr{'source ip bad'}; }
unless($errormessage){$errormessage = &General::validportrange($cgiparams{'DEST_PORT'},'dst');}
unless(&General::validipormask($cgiparams{'DEST_IP'})) { $errormessage = $Lang::tr{'destination ip bad'}; }
unless ($errormessage) {
$errormessage = &validNet($cgiparams{'SRC_NET'},$cgiparams{'DEST_NET'}); }
# Darren Critchley - Remove commas from remarks
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
unless ($errormessage)
{
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'PROTOCOL'},"; # [0]
print FILE "$cgiparams{'SRC_IP'},"; # [1]
print FILE "$cgiparams{'DEST_IP'},"; # [2]
print FILE "$cgiparams{'DEST_PORT'},"; # [3]
print FILE "$cgiparams{'ENABLED'},"; # [4]
print FILE "$cgiparams{'SRC_NET'},"; # [5]
print FILE "$cgiparams{'DEST_NET'},"; # [6]
print FILE "$cgiparams{'REMARK'}\n"; # [7]
} else {
open(FILE,">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'PROTOCOL'},"; # [0]
print FILE "$cgiparams{'SRC_IP'},"; # [1]
print FILE "$cgiparams{'DEST_IP'},"; # [2]
print FILE "$cgiparams{'DEST_PORT'},"; # [3]
print FILE "$cgiparams{'ENABLED'},"; # [4]
print FILE "$cgiparams{'SRC_NET'},"; # [5]
print FILE "$cgiparams{'DEST_NET'},"; # [6]
print FILE "$cgiparams{'REMARK'}\n"; # [7]
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
&General::log($Lang::tr{'dmz pinhole rule added'});
system('/usr/local/bin/setdmzholes');
}
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
system('/usr/local/bin/setdmzholes');
&General::log($Lang::tr{'dmz pinhole rule removed'});
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$cgiparams{'ENABLE'},$temp[5],$temp[6],$temp[7]\n";
}
}
close(FILE);
system('/usr/local/bin/setdmzholes');
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'PROTOCOL'} = $temp[0];
$cgiparams{'SRC_IP'} = $temp[1];
$cgiparams{'DEST_IP'} = $temp[2];
$cgiparams{'DEST_PORT'} = $temp[3];
$cgiparams{'ENABLED'} = $temp[4];
$cgiparams{'SRC_NET'} = $temp[5];
$cgiparams{'DEST_NET'} = $temp[6];
$cgiparams{'REMARK'} = $temp[7];
}
}
}
if ($cgiparams{'ACTION'} eq '')
{
$cgiparams{'PROTOCOL'} = 'tcp';
$cgiparams{'ENABLED'} = 'on';
$cgiparams{'SRC_NET'} = 'orange';
$cgiparams{'DEST_NET'} = 'blue';
}
$selected{'PROTOCOL'}{'udp'} = '';
$selected{'PROTOCOL'}{'tcp'} = '';
$selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = "selected='selected'";
$selected{'SRC_NET'}{'orange'} = '';
$selected{'SRC_NET'}{'blue'} = '';
$selected{'SRC_NET'}{$cgiparams{'SRC_NET'}} = "selected='selected'";
$selected{'DEST_NET'}{'blue'} = '';
$selected{'DEST_NET'}{'green'} = '';
$selected{'DEST_NET'}{$cgiparams{'DEST_NET'}} = "selected='selected'";
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
&Header::openpage($Lang::tr{'dmz pinhole configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
my $buttonText = $Lang::tr{'add'};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
&Header::openbox('100%', 'left', $Lang::tr{'edit a rule'});
$buttonText = $Lang::tr{'update'};
} else {
&Header::openbox('100%', 'left', $Lang::tr{'add a new rule'});
}
print <<END
<table width='100%'>
<tr>
<td>
<select name='PROTOCOL'>
<option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option>
</select>
</td>
<td>
$Lang::tr{'source net'}:</td>
<td>
<select name='SRC_NET'>
END
;
if (&haveOrangeNet()) {
print "<option value='orange' $selected{'SRC_NET'}{'orange'}>$Lang::tr{'orange'}</option>";
}
if (&haveBlueNet()) {
print "<option value='blue' $selected{'SRC_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
}
print <<END
</select>
</td>
<td class='base'>$Lang::tr{'source ip or net'}:</td>
<td><input type='text' name='SRC_IP' value='$cgiparams{'SRC_IP'}' size='15' /></td>
</tr>
<tr>
<td>
&nbsp;</td>
<td>
$Lang::tr{'destination net'}:</td>
<td>
<select name='DEST_NET'>
END
;
if (&haveOrangeNet() && &haveBlueNet()) {
print "<option value='blue' $selected{'DEST_NET'}{'blue'}>$Lang::tr{'blue'}</option>";
}
print <<END
<option value='green' $selected{'DEST_NET'}{'green'}>$Lang::tr{'green'}</option>
</select>
</td>
<td class='base'>
$Lang::tr{'destination ip or net'}:</td>
<td>
<input type='text' name='DEST_IP' value='$cgiparams{'DEST_IP'}' size='15' />
</td>
<td class='base'>
$Lang::tr{'destination port'}:&nbsp;
<input type='text' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' />
</td>
</tr>
</table>
<table width='100%'>
<tr>
<td colspan='3' width='50%' class='base'>
<font class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></font>
<input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' />
</td>
</tr>
<tr>
<td class='base' width='50%'>
<img src='/blob.gif' alt ='*' align='top' />&nbsp;
<font class='base'>$Lang::tr{'this field may be blank'}</font>
</td>
<td class='base' width='25%' align='center'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
<td width='25%' align='center'>
<input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
<input type='submit' name='SUBMIT' value='$buttonText' />
</td>
</tr>
</table>
END
;
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
} else {
print "<input type='hidden' name='EDITING' value='no' />\n";
}
&Header::closebox();
print "</form>\n";
&Header::openbox('100%', 'left', $Lang::tr{'current rules'});
print <<END
<table width='100%'>
<tr>
<td width='7%' class='boldbase' align='center'><b>$Lang::tr{'proto'}</b></td>
<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'source'}</b></td>
<td width='2%' class='boldbase' align='center'>&nbsp;</td>
<td width='3%' class='boldbase' align='center'><b>$Lang::tr{'net'}</b></td>
<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'destination'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
<td width='1%' class='boldbase' align='center'>&nbsp;</td>
<td width='4%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
END
;
# Achim Weber: if i add a new rule, this rule is not displayed?!?
# we re-read always config.
# If something has happeened re-read config
#if($cgiparams{'ACTION'} ne '')
#{
open(FILE, $filename) or die 'Unable to open config file.';
@current = <FILE>;
close(FILE);
#}
my $id = 0;
foreach my $line (@current)
{
my $protocol='';
my $gif='';
my $toggle='';
my $gdesc='';
$id++;
chomp($line);
my @temp = split(/\,/,$line);
if ($temp[0] eq 'udp') { $protocol = 'UDP'; } else { $protocol = 'TCP' }
my $srcnetcolor = ($temp[5] eq 'blue')? ${Header::colourblue} : ${Header::colourorange};
my $destnetcolor = ($temp[6] eq 'blue')? ${Header::colourblue} : ${Header::colourgreen};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "<tr bgcolor='${Header::colouryellow}'>\n"; }
elsif ($id % 2) {
print "<tr bgcolor='${Header::table1colour}'>\n"; }
else {
print "<tr bgcolor='${Header::table2colour}'>\n"; }
if ($temp[4] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif = 'off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
# Darren Critchley - Get Port Service Name if we can - code borrowed from firewalllog.dat
my $dstprt =$temp[3];
$_=$temp[3];
if (/^\d+$/) {
my $servi = uc(getservbyport($temp[3], lc($temp[0])));
if ($servi ne '' && $temp[3] < 1024) {
$dstprt = "$dstprt($servi)"; }
}
# Darren Critchley - If the line is too long, wrap the port numbers
my $dstaddr = "$temp[2] : $dstprt";
if (length($dstaddr) > 26) {
$dstaddr = "$temp[2] :<br /> $dstprt";
}
print <<END
<td align='center'>$protocol</td>
<td bgcolor='$srcnetcolor'></td>
<td align='center'>$temp[1]</td>
<td align='center'><img src='/images/forward.gif' /></td>
<td bgcolor='$destnetcolor'></td>
<td align='center'>$dstaddr</td>
<td align='center'>$temp[7]</td>
<td align='center'>
<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ENABLE' value='$toggle' />
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
</form>
</td>
</tr>
END
;
}
print "</table>\n";
# If the fixed lease file contains entries, print Key to action icons
if ( ! -z "$filename") {
print <<END
<table>
<tr>
<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
sub validNet
{
my $srcNet = $_[0];
my $destNet = $_[1];
if ($srcNet eq $destNet) {
return $Lang::tr{'dmzpinholes for same net not necessary'}; }
unless ($srcNet =~ /^(blue|orange)$/) {
return $Lang::tr{'select source net'}; }
unless ($destNet =~ /^(blue|green)$/) {
return $Lang::tr{'select dest net'}; }
return '';
}
sub haveOrangeNet
{
if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
return 0;
}
sub haveBlueNet
{
if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
return 0;
}

243
html/cgi-bin/forwardfw.cgi
View File

@@ -112,54 +112,50 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
#check if we change an forward rule to an external access
if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire'){
if( $fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{'oldgrp2a'} ne 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'nobase'}='on';
&deleterule;
&checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
#check if we change an external access rule to an forward
if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire'){
if( $fwdfwsettings{'grp2'} ne 'ipfire' && $fwdfwsettings{'oldgrp2a'} eq 'ipfire' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'updatefwrule'}='';
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'nobase'}='on';
&deleterule;
&checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
#INPUT part
if($fwdfwsettings{'grp2'} eq 'ipfire'){
$fwdfwsettings{'chain'} = 'INPUTFW';
#check if we have an identical rule already
foreach my $key (sort keys %configinputfw){
if ("$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'}"
eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[16],$configfwdfw{$key}[17],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[16],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
if ($fwdfwsettings{'nobase'} ne 'on'){
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
}
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
if ($fwdfwsettings{'nobase'} eq 'on'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
if ($fwdfwsettings{'nobase'} ne 'on'){
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
}
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
&saverule(\%configinputfw,$configinput);
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
@@ -181,9 +177,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}else{
$fwdfwsettings{'chain'} = 'FORWARDFW';
#check if we have an identical rule already
@@ -196,9 +189,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
}
#increase counters
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
@@ -206,14 +199,11 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
}elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'updatefwrule'} eq 'on'){
&checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
if ($fwdfwsettings{'nobase'} eq 'on'){
&checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
}
&saverule(\%configfwdfw,$configfwdfw);
#print "Source: $fwdfwsettings{'grp1'} -> $fwdfwsettings{$fwdfwsettings{'grp1'}}<br>";
#print "Sourceport: $fwdfwsettings{'USE_SRC_PORT'}, $fwdfwsettings{'PROT'}, $fwdfwsettings{'ICMP_TYPES'}, $fwdfwsettings{'SRC_PORT'}<br>";
#print "Target: $fwdfwsettings{'grp2'} -> $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
@@ -235,9 +225,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
#print"ALT: $fwdfwsettings{'oldgrp2a'} $fwdfwsettings{'oldgrp2b'} NEU: $fwdfwsettings{'grp2'} $fwdfwsettings{$fwdfwsettings{'grp2'}}<br>";
#print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'} NEU: $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
#print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'} DIENSTE Checkneu:$fwdfwsettings{'USESRV'} DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'} DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
}
if ($errormessage){
&newrule;
@@ -245,7 +232,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
&rules;
&base;
}
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
@@ -264,12 +250,10 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'reset'})
$fwdfwsettings{'POLICY'}='MODE0';
system("rm ${General::swroot}/forward/config");
system("rm ${General::swroot}/forward/input");
%fwdfwsettings = ();
&General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
%fwdfwsettings = ();
&reread_rules;
}
@@ -407,7 +391,7 @@ sub checkcounter
}elsif($base1 eq 'cust_srvgrp'){
&dec_counter($configsrvgrp,\%customservicegrp,$val1);
}
if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
&inc_counter($confignet,\%customnetwork,$val2);
}elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
@@ -426,13 +410,12 @@ sub inc_counter
my %hash=%{(shift)};
my $val=shift;
my $pos;
&General::readhasharray($config, \%hash);
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]+1;
}
}
&General::writehasharray($config, \%hash);
@@ -449,23 +432,21 @@ sub dec_counter
if($hash{$key}[0] eq $val){
$pos=$#{$hash{$key}};
$hash{$key}[$pos] = $hash{$key}[$pos]-1;
}
}
&General::writehasharray($config, \%hash);
}
sub base
{
if ($fwdfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($fwdfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
&hint;
if ($fwdfwsettings{'POLICY'} ne 'MODE0' && $fwdfwsettings{'POLICY'} ne '') {
&addrule;
}
#print"<table width='100' border='1'><tr>";
#foreach (0 .. 40){
#my $i="color".$_;
@@ -494,7 +475,7 @@ sub addrule
{
&error;
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
print "<form method='post'>";
print "<table border='0'>";
print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
@@ -505,7 +486,6 @@ sub addrule
&Header::closebox();
&viewtablerule;
}
sub deleterule
{
@@ -537,7 +517,7 @@ sub deleterule
&General::writehasharray($fwdfwsettings{'config'}, \%delhash);
&rules;
if($fwdfwsettings{'nobase'} ne 'on'){
&base;
}
@@ -553,7 +533,6 @@ sub disable_rule
}
&General::writehasharray("$configfwdfw", \%configfwdfw);
&rules;
}
sub checksource
{
@@ -589,7 +568,7 @@ sub checksource
$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
return $errormessage;
}
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
#check icmp source
@@ -601,6 +580,12 @@ sub checksource
$fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
}
}
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'ICMP_TYPES'}='';
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'ICMP_TYPES'}='';
}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
$fwdfwsettings{'ICMP_TYPES'}='';
}else{
@@ -608,7 +593,7 @@ sub checksource
$fwdfwsettings{'SRC_PORT'}='';
$fwdfwsettings{'PROT'}='';
}
if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
@@ -622,7 +607,7 @@ sub checksource
if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
$fwdfwsettings{'SRC_PORT'} = "$1:65535";
}
$errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
}
return $errormessage;
@@ -630,8 +615,7 @@ sub checksource
sub checktarget
{
my ($ip,$subnet);
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
@@ -658,15 +642,15 @@ sub checktarget
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
}
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
@@ -682,7 +666,7 @@ sub checktarget
}
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP'){
if ($fwdfwsettings{'TGT_PROT'} ne 'ICMP' && $fwdfwsettings{'TGT_PROT'} ne 'GRE'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
#change dashes with :
$fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
@@ -697,19 +681,25 @@ sub checktarget
}
$errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
}
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
$fwdfwsettings{'TGT_PORT'} = '';
$fwdfwsettings{'ICMP_TGT'} = '';
}elsif($fwdfwsettings{'TGT_PORT'} eq 'ESP'){
$fwdfwsettings{'TGT_PORT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
$fwdfwsettings{'TGT_PORT'} = '';
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $key (keys %icmptypes){
if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
$fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
}
}
}
}
}
#check targetport
if ($fwdfwsettings{'USESRV'} ne 'ON'){
$fwdfwsettings{'grp3'}='';
@@ -717,17 +707,12 @@ sub checktarget
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
}
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && $fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && $fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && $fwdfwsettings{'TIME_SUN'} eq ''){
$errormessage=$Lang::tr{'fwdfw err time'};
}
}
return $errormessage;
}
sub checkrule
@@ -741,17 +726,14 @@ sub checkrule
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
my $networkip1=&General::getnetworkip($sip,$scidr);
my $networkip2=&General::getnetworkip($tip,$tcidr);
if ($scidr gt $tcidr){
@@ -759,20 +741,19 @@ sub checkrule
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}elsif($scidr eq $tcidr && $scidr eq '32'){
my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(".",$networkip1);
my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(".",$networkip2);
my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
$hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
}else{
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
}
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
@@ -791,7 +772,6 @@ sub checkrule
}
}
}
}
sub get_ip
{
@@ -842,7 +822,6 @@ sub get_ip
}
}
}
return $a,$b;
}
sub newrule
@@ -858,14 +837,11 @@ sub newrule
&General::readhasharray("$configgrp", \%customgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
my %checked=();
my $helper;
if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
my $config=$fwdfwsettings{'config'};
my %hash=();
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -884,7 +860,6 @@ sub newrule
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
#check if update and get values
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
&General::readhasharray("$config", \%hash);
@@ -917,7 +892,6 @@ sub newrule
$fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -949,9 +923,9 @@ sub newrule
$fwdfwsettings{'ACTIVE'}='ON';
$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
}
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
print <<END;
<form method="post">
<table border='0'>
@@ -962,7 +936,7 @@ END
if($fwdfwsettings{'POLICY'} eq 'MODE2'){
$fwdfwsettings{'RULE_ACTION'} = 'DROP';
}
if ($_ eq $fwdfwsettings{'RULE_ACTION'})
{
print"<option selected>$_</option>";
@@ -975,19 +949,19 @@ END
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
#------SOURCE-------------------------------------------------------
print<<END;
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' ></td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp1' value='std_net_src' $checked{'grp1'}{'std_net_src'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_src' style='min-width:185px;'>
END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
@@ -1030,7 +1004,7 @@ END
}
print<<END;
</select></td></tr>
<tr><td valign='top'><input type='radio' name='grp1' value='cust_grp_src' $checked{'grp1'}{'cust_grp_src'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_src' style='min-width:185px;'>
END
foreach my $key (sort { uc($customgrp{$a}[0]) cmp uc($customgrp{$b}[0]) } keys %customgrp) {
@@ -1038,8 +1012,6 @@ END
print"<option ";
print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $customgrp{$key}[0]);
print ">$customgrp{$key}[0]</option>";
}
$helper=$customgrp{$key}[0];
}
@@ -1058,7 +1030,7 @@ END
print<<END;
</select></td></tr>
END
# <td valign='top'><input type='radio' name='grp1' value='ipsec_host_src' $checked{'grp1'}{'ipsec_host_src'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_src' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1069,15 +1041,12 @@ END
# }
# }
print<<END;
<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
<td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
END
foreach ("TCP","UDP","GRE","ICMP")
foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'PROT'})
{
@@ -1111,19 +1080,17 @@ END
<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' checked></td><td colspan='2'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16'><td><input type='radio' name='grp2' value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>IPFire ($Lang::tr{'external access'})</b></td><td><select name='ipfire' style='min-width:185px;'>
END
print "<option value='Default IP' $selected{'ipfire'}{'Default IP'}>Default IP</option>";
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
}
print<<END;
</td></tr>
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
<tr><td width='1%'><input type='radio' name='grp2' value='std_net_tgt' $checked{'grp2'}{'std_net_tgt'}></td><td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost stdnet'}</td><td width='13%'><select name='std_net_tgt' style='min-width:185px;'>
END
foreach my $network (sort keys %defaultNetworks)
{
print "<option value='$defaultNetworks{$network}{'NAME'}'";
@@ -1134,7 +1101,6 @@ END
</select></td><td width='1%'><input type='radio' name='grp2' value='ovpn_net_tgt' $checked{'grp2'}{'ovpn_net_tgt'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='ovpn_net_tgt' style='min-width:185px;'>
END
&fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{'grp2'}});
print<<END;
</select></td></tr>
<tr><td><input type='radio' name='grp2' value='cust_net_tgt' $checked{'grp2'}{'cust_net_tgt'}></td><td>$Lang::tr{'fwhost cust net'}</td><td><select name='cust_net_tgt' style='min-width:185px;'>
@@ -1168,7 +1134,6 @@ END
}
print<<END;
</select></td></tr>
<tr><td valign='top'><input type='radio' name='grp2' value='cust_grp_tgt' $checked{'grp2'}{'cust_grp_tgt'}></td><td >$Lang::tr{'fwhost cust grp'}</td><td><select name='cust_grp_tgt' style='min-width:185px;'>
END
$helper='';
@@ -1194,7 +1159,6 @@ END
print<<END;
</select></td></tr>
END
# <td valign='top'><input type='radio' name='grp2' value='ipsec_host_tgt' $checked{'grp2'}{'ipsec_host_tgt'}></td><td >$Lang::tr{'fwhost ipsec host'}</td><td><select name='ipsec_host_tgt' style='min-width:185px;'>
#END
# foreach my $key (sort { uc($ipsecconf{$a}[1]) cmp uc($ipsecconf{$b}[1]) } keys %ipsecconf) {
@@ -1208,12 +1172,12 @@ END
</table>
<b>$Lang::tr{'fwhost attention'}:</b><br>
$Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
END
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (sort keys %customservice){
foreach my $key (sort { uc($customservice{$a}[0]) cmp uc($customservice{$b}[0]) } keys %customservice){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
@@ -1224,7 +1188,7 @@ END
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
foreach my $key (sort keys %customservicegrp){
foreach my $key (sort { uc($customservicegrp{$a}[0]) cmp uc($customservicegrp{$b}[0]) } keys %customservicegrp){
if ($helper ne $customservicegrp{$key}[0]){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservicegrp{$key}[0]);
@@ -1236,7 +1200,7 @@ END
</select></td></tr>
<tr><td colspan='2'></td><td><input type='radio' name='grp3' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT'>
END
foreach ("TCP","UDP","GRE","ICMP")
foreach ("TCP","UDP","GRE","ESP","ICMP")
{
if ($_ eq $fwdfwsettings{'TGT_PROT'})
{
@@ -1261,7 +1225,7 @@ END
print<<END;
</select></td></tr>
</table><hr><br><br>
END
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
@@ -1282,7 +1246,6 @@ END
<tr>
<td align='left'>$Lang::tr{'time'}:</td>
<td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
@@ -1297,7 +1260,6 @@ END
<input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
<input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
</td>
<td><select name='TIME_FROM'>
END
for (my $i=0;$i<=23;$i++) {
@@ -1320,7 +1282,7 @@ END
print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
print<<END;
print<<END;
</select></td></tr>
</table><hr>
END
@@ -1345,9 +1307,7 @@ END
<input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
<input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
<input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
</table></form>
END
}
@@ -1355,7 +1315,6 @@ END
}
sub saverule
{
my $hash=shift;
my $config=shift;
&General::readhasharray("$config", $hash);
@@ -1456,7 +1415,7 @@ sub get_name
foreach my $network (sort keys %defaultNetworks)
{
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
}
}
}
sub validremark
{
@@ -1468,13 +1427,13 @@ sub validremark
if (length ($remark) < 1 || length ($remark) > 255) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-\s]*$/) {
if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:\/\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9]*$/) {
if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.]*$/) {
return 0;}
return 1;
}
@@ -1494,7 +1453,7 @@ sub gettgtport
my $key=shift;
my $service;
my $prot;
if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
@@ -1506,7 +1465,7 @@ sub gettgtport
}
}
}elsif($hash{$key}[14] eq 'cust_srvgrp'){
$service=$hash{$key}[15];
}elsif($hash{$key}[14] eq 'TGT_PORT'){
$service=$hash{$key}[15];
@@ -1515,7 +1474,7 @@ sub gettgtport
}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
print" : ($hash{$key}[12]) <br>$hash{$key}[13]";
}
if ($prot ne '' || $service ne ''){
print" :";
if ($prot ne ''){
@@ -1535,7 +1494,7 @@ sub viewtablenew
my $config=shift;
my $title=shift;
my $title1=shift;
if ( ! -z "$config"){
&Header::openbox('100%', 'left',$title);
my $count=0;
@@ -1549,7 +1508,7 @@ sub viewtablenew
print"<b>$title1</b><br>";
print"<table width='100%' border='0' cellspacing='1' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'>";
print"<tr><td align='center' width='1%'><b>#</td><td width='1%'></td><td align='center' width='20%'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center' width='20%'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='70%'><b>$Lang::tr{'remark'}</td><td align='center' colspan='3' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
foreach my $key (sort keys %$hash){
foreach my $key (sort {$a <=> $b} keys %$hash){
@tmpsrc=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
@@ -1558,14 +1517,12 @@ sub viewtablenew
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[6]);
}
foreach my $host (@tmpsrc){
if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
&disable_rule($key);
$$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
@@ -1589,10 +1546,8 @@ sub viewtablenew
$$hash{$key}[3]='';
$$hash{$key}[5]='';
}
$$hash{'ACTIVE'}=$$hash{$key}[2];
$count++;
if($coloryellow eq 'on'){
print"<tr bgcolor='$color{'color14'}' >";
$coloryellow='';
@@ -1604,7 +1559,6 @@ sub viewtablenew
print"<tr bgcolor='$color{'color20'}' >";
}
}
print<<END;
<td align='right'>$key</td>
END
@@ -1636,7 +1590,6 @@ END
}
print<<END;
</td>
<form method='post'>
<td width='1%' align='left'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
<input type='hidden' name='key' value='$key' />
@@ -1662,7 +1615,6 @@ END
}else{
$gif="/images/off.gif"
}
print<<END;
<form method='post'>
@@ -1671,22 +1623,18 @@ END
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
</td></form>
<form method='post'>
<td width='1%' ><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='editrule' />
</td></form></td>
<form method='post'>
<td width='1%'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
<input type='hidden' name='config' value='$config' />
<input type='hidden' name='ACTION' value='copyrule' />
</td></form></td>
<form method='post'>
<td width='1%' ><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
<input type='hidden' name='key' value='$key' />
@@ -1706,7 +1654,6 @@ END
}else{
print"<td></td>";
}
if (exists $$hash{$key+1}){
print<<END;
<form method='post'>
@@ -1729,9 +1676,7 @@ END
if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
my $weekdays=join(",",@days);
if (@days){
print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
print"$weekdays";
@@ -1742,21 +1687,19 @@ END
print"</table>";
&Header::closebox();
}
}
sub fillselect
{
my %hash=%{(shift)};
my $val=shift;
my $key;
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash)
{
if($hash{$key}[0] eq $val){
print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
}else{
print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
}
foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
if($hash{$key}[0] eq $val){
print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
}else{
print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
}
}
}
sub rules
{

56
html/cgi-bin/fwhosts.cgi
View File

@@ -47,6 +47,8 @@ my %defaultNetworks=();
my %mainsettings=();
my %ownnet=();
my %ipsecsettings=();
my %fwfwd=();
my %fwinp=();
my $errormessage;
my $hint;
@@ -59,6 +61,8 @@ my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $fwconfigfwd = "${General::swroot}/forward/config";
my $fwconfiginp = "${General::swroot}/forward/input";
unless (-e $confignet) { system("touch $confignet"); }
unless (-e $confighost) { system("touch $confighost"); }
@@ -116,6 +120,9 @@ if ($fwhostsettings{'ACTION'} eq 'updatehost')
}
}
&General::writehasharray("$confighost", \%customhost);
$fwhostsettings{'actualize'} = 'on';
$fwhostsettings{'ACTION'} = 'savehost';
}
@@ -285,6 +292,28 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
}
}
&General::writehasharray("$configgrp", \%customgrp);
#check if we need to update firewallrules
if ( ! -z $fwconfigfwd ){
&General::readhasharray("$fwconfigfwd", \%fwfwd);
foreach my $line (sort keys %fwfwd){
if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
}
if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
}
}
&General::writehasharray("$fwconfigfwd", \%fwfwd);
}
if ( ! -z $fwconfiginp ){
&General::readhasharray("$fwconfiginp", \%fwinp);
foreach my $line (sort keys %fwinp){
if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
}
}
&General::writehasharray("$fwconfiginp", \%fwinp);
}
}
}
my $key = &General::findhasharraykey (\%customnetwork);
@@ -416,9 +445,29 @@ if ($fwhostsettings{'ACTION'} eq 'savehost')
}
}
&General::writehasharray("$configgrp", \%customgrp);
#check if we need to update firewallrules
if ( ! -z $fwconfigfwd ){
&General::readhasharray("$fwconfigfwd", \%fwfwd);
foreach my $line (sort keys %fwfwd){
if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
}
if ($fwfwd{$line}[6] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[6] = $fwhostsettings{'HOSTNAME'};
}
}
&General::writehasharray("$fwconfigfwd", \%fwfwd);
}
if ( ! -z $fwconfiginp ){
&General::readhasharray("$fwconfiginp", \%fwinp);
foreach my $line (sort keys %fwinp){
if ($fwfwd{$line}[4] eq $fwhostsettings{'orgname'}){
$fwfwd{$line}[4] = $fwhostsettings{'HOSTNAME'};
}
}
&General::writehasharray("$fwconfiginp", \%fwinp);
}
}
}
my $key = &General::findhasharraykey (\%customhost);
foreach my $i (0 .. 3) { $customhost{$key}[$i] = "";}
@@ -1084,6 +1133,7 @@ END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'LOCATION'} eq "IPCOP");
next if($defaultNetworks{$network}{'NAME'} eq "RED");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwhostsettings{'DEFAULT_SRC_ADR'} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
@@ -1186,7 +1236,7 @@ sub addservice
}
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' value='$fwhostsettings{'SRV_NAME'}'></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td width='1%' nowrap='nowrap'><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}'><script>document.getElementById('textbox1').focus()</script></td><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
END
foreach ("TCP","UDP","ICMP")
{

27
html/cgi-bin/optionsfw.cgi
View File

@@ -44,13 +44,16 @@ my $warnmessage = '';
&Header::getcgihash(\%settings);
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
$errormessage = $Lang::tr{'new optionsfw later'};
delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
delete $settings{'__CGI__'};
delete $settings{'x'};
delete $settings{'y'};
&General::writehash($filename, \%settings); # Save good settings
} else {
&General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
}
}else {
&General::readhash($filename, \%settings); # Get saved settings and reset to good if needed
}
system("/usr/local/bin/forwardfwctrl");
&Header::openpage($Lang::tr{'options fw'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
@@ -84,6 +87,7 @@ $checked{'DROPPROXY'}{$settings{'DROPPROXY'}} = "checked='checked'";
$checked{'DROPSAMBA'}{'off'} = '';
$checked{'DROPSAMBA'}{'on'} = '';
$checked{'DROPSAMBA'}{$settings{'DROPSAMBA'}} = "checked='checked'";
$selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
@@ -113,11 +117,20 @@ print <<END
<tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>on <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/
<input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> off</td></tr>
</table>
<br />
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop action'}</td><td><select name='FWPOLICY'>
<option value='DROP' $selected{'FWPOLICY'}{'DROP'}>DROP</option>
<option value='REJECT' $selected{'FWPOLICY'}{'REJECT'}>REJECT</option></select>
</td></tr>
</table>
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
<input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
<input type='submit' name='ACTION' value=$Lang::tr{'save'} />
</form></td></tr>
</table>
</form>
END

849
html/cgi-bin/outgoingfw.cgi
View File

@@ -1,849 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2005-2010 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %outfwsettings = ();
my %checked = ();
my %selected= () ;
my %netsettings = ();
my $errormessage = "";
my $configentry = "";
my @configs = ();
my @configline = ();
my $p2pentry = "";
my @p2ps = ();
my @p2pline = ();
my $configfile = "/var/ipfire/outgoing/rules";
my $configpath = "/var/ipfire/outgoing/groups/";
my $p2pfile = "/var/ipfire/outgoing/p2protocols";
my $servicefile = "/var/ipfire/outgoing/defaultservices";
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&Header::showhttpheaders();
### Values that have to be initialized
$outfwsettings{'ACTION'} = '';
$outfwsettings{'VALID'} = 'yes';
$outfwsettings{'EDIT'} = 'no';
$outfwsettings{'NAME'} = '';
$outfwsettings{'SNET'} = '';
$outfwsettings{'SIP'} = '';
$outfwsettings{'SPORT'} = '';
$outfwsettings{'SMAC'} = '';
$outfwsettings{'DIP'} = '';
$outfwsettings{'DPORT'} = '';
$outfwsettings{'PROT'} = '';
$outfwsettings{'STATE'} = '';
$outfwsettings{'DISPLAY_DIP'} = '';
$outfwsettings{'DISPLAY_DPORT'} = '';
$outfwsettings{'DISPLAY_SMAC'} = '';
$outfwsettings{'DISPLAY_SIP'} = '';
$outfwsettings{'POLICY'} = 'MODE0';
$outfwsettings{'MODE1LOG'} = 'off';
$outfwsettings{'TIME_FROM'} = '00:00';
$outfwsettings{'TIME_TO'} = '00:00';
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
&Header::getcgihash(\%outfwsettings);
###############
# DEBUG DEBUG
#&Header::openbox('100%', 'left', 'DEBUG');
#my $debugCount = 0;
#foreach my $line (sort keys %outfwsettings) {
#print "$line = $outfwsettings{$line}<br />\n";
# $debugCount++;
#}
#print "&nbsp;Count: $debugCount\n";
#&Header::closebox();
# DEBUG DEBUG
###############
$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
$checked{'MODE1LOG'}{'off'} = '';
$checked{'MODE1LOG'}{'on'} = '';
$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
$checked{'TIME_MON'}{'off'} = '';
$checked{'TIME_MON'}{'on'} = '';
$checked{'TIME_MON'}{$outfwsettings{'TIME_MON'}} = "checked='checked'";
$checked{'TIME_TUE'}{'off'} = '';
$checked{'TIME_TUE'}{'on'} = '';
$checked{'TIME_TUE'}{$outfwsettings{'TIME_TUE'}} = "checked='checked'";
$checked{'TIME_WED'}{'off'} = '';
$checked{'TIME_WED'}{'on'} = '';
$checked{'TIME_WED'}{$outfwsettings{'TIME_WED'}} = "checked='checked'";
$checked{'TIME_THU'}{'off'} = '';
$checked{'TIME_THU'}{'on'} = '';
$checked{'TIME_THU'}{$outfwsettings{'TIME_THU'}} = "checked='checked'";
$checked{'TIME_FRI'}{'off'} = '';
$checked{'TIME_FRI'}{'on'} = '';
$checked{'TIME_FRI'}{$outfwsettings{'TIME_FRI'}} = "checked='checked'";
$checked{'TIME_SAT'}{'off'} = '';
$checked{'TIME_SAT'}{'on'} = '';
$checked{'TIME_SAT'}{$outfwsettings{'TIME_SAT'}} = "checked='checked'";
$checked{'TIME_SUN'}{'off'} = '';
$checked{'TIME_SUN'}{'on'} = '';
$checked{'TIME_SUN'}{$outfwsettings{'TIME_SUN'}} = "checked='checked'";
if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
# This is a little hack if poeple don<6F>t mark any date then all will be selected, because they might have forgotten to select
# a valid day. A Rule without any matching day will never work, because the timeranges are new feature people might not notice
# that they have to select a day for the rule.
if ( $outfwsettings{'TIME_MON'} eq "" &&
$outfwsettings{'TIME_TUE'} eq "" &&
$outfwsettings{'TIME_WED'} eq "" &&
$outfwsettings{'TIME_THU'} eq "" &&
$outfwsettings{'TIME_FRI'} eq "" &&
$outfwsettings{'TIME_SAT'} eq "" &&
$outfwsettings{'TIME_SUN'} eq "" )
{
$outfwsettings{'TIME_MON'} = "on";
$outfwsettings{'TIME_TUE'} = "on";
$outfwsettings{'TIME_WED'} = "on";
$outfwsettings{'TIME_THU'} = "on";
$outfwsettings{'TIME_FRI'} = "on";
$outfwsettings{'TIME_SAT'} = "on";
$outfwsettings{'TIME_SUN'} = "on";
}
&Header::openpage($Lang::tr{'outgoing firewall'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
############################################################################################################################
############################################################################################################################
if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
{
$outfwsettings{'POLICY'}='MODE0';
unlink $configfile;
system("/usr/bin/touch $configfile");
my $MODE = $outfwsettings{'POLICY'};
%outfwsettings = ();
$outfwsettings{'POLICY'} = "$MODE";
&General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
{
my $MODE = $outfwsettings{'POLICY'};
my $MODE1LOG = $outfwsettings{'MODE1LOG'};
%outfwsettings = ();
$outfwsettings{'POLICY'} = "$MODE";
$outfwsettings{'MODE1LOG'} = "$MODE1LOG";
&General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq 'enable')
{
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
print FILE "$p2pline[0];$p2pline[1];on;\n";
} else {
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq 'disable')
{
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
if ($p2pline[1] eq $outfwsettings{'P2PROT'}) {
print FILE "$p2pline[0];$p2pline[1];off;\n";
} else {
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'edit'})
{
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
open( FILE, "> $configfile" ) or die "Unable to write $configfile";
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
unless (($configline[0] eq $outfwsettings{'STATE'}) &&
($configline[1] eq $outfwsettings{'ENABLED'}) &&
($configline[2] eq $outfwsettings{'SNET'}) &&
($configline[3] eq $outfwsettings{'PROT'}) &&
($configline[4] eq $outfwsettings{'NAME'}) &&
($configline[5] eq $outfwsettings{'SIP'}) &&
($configline[6] eq $outfwsettings{'SMAC'}) &&
($configline[7] eq $outfwsettings{'DIP'}) &&
($configline[9] eq $outfwsettings{'LOG'}) &&
($configline[8] eq $outfwsettings{'DPORT'}) &&
($configline[10] eq $outfwsettings{'TIME_MON'}) &&
($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
($configline[12] eq $outfwsettings{'TIME_WED'}) &&
($configline[13] eq $outfwsettings{'TIME_THU'}) &&
($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
($configline[18] eq $outfwsettings{'TIME_TO'}))
{
print FILE $configentry;
}
}
close FILE;
$selected{'SNET'}{"$outfwsettings{'SNET'}"} = 'selected';
$selected{'PROT'}{"$outfwsettings{'PROT'}"} = 'selected';
$selected{'LOG'}{"$outfwsettings{'LOG'}"} = 'selected';
&addrule();
&Header::closebigbox();
&Header::closepage();
exit
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'delete'})
{
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
open( FILE, "> $configfile" ) or die "Unable to write $configfile";
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
unless (($configline[0] eq $outfwsettings{'STATE'}) &&
($configline[1] eq $outfwsettings{'ENABLED'}) &&
($configline[2] eq $outfwsettings{'SNET'}) &&
($configline[3] eq $outfwsettings{'PROT'}) &&
($configline[4] eq $outfwsettings{'NAME'}) &&
($configline[5] eq $outfwsettings{'SIP'}) &&
($configline[6] eq $outfwsettings{'SMAC'}) &&
($configline[7] eq $outfwsettings{'DIP'}) &&
($configline[9] eq $outfwsettings{'LOG'}) &&
($configline[8] eq $outfwsettings{'DPORT'}) &&
($configline[10] eq $outfwsettings{'TIME_MON'}) &&
($configline[11] eq $outfwsettings{'TIME_TUE'}) &&
($configline[12] eq $outfwsettings{'TIME_WED'}) &&
($configline[13] eq $outfwsettings{'TIME_THU'}) &&
($configline[14] eq $outfwsettings{'TIME_FRI'}) &&
($configline[15] eq $outfwsettings{'TIME_SAT'}) &&
($configline[16] eq $outfwsettings{'TIME_SUN'}) &&
($configline[17] eq $outfwsettings{'TIME_FROM'}) &&
($configline[18] eq $outfwsettings{'TIME_TO'}))
{
print FILE $configentry;
}
}
close FILE;
system("/usr/local/bin/outgoingfwctrl");
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'add'})
{
if ( $outfwsettings{'VALID'} eq 'yes' ) {
if ( $outfwsettings{'SNET'} eq "all" ) {
$outfwsettings{'SIP'} ="";
$outfwsettings{'SMAC'}="";
}
open( FILE, ">> $configfile" ) or die "Unable to write $configfile";
print FILE <<END
$outfwsettings{'STATE'};$outfwsettings{'ENABLED'};$outfwsettings{'SNET'};$outfwsettings{'PROT'};$outfwsettings{'NAME'};$outfwsettings{'SIP'};$outfwsettings{'SMAC'};$outfwsettings{'DIP'};$outfwsettings{'DPORT'};$outfwsettings{'LOG'};$outfwsettings{'TIME_MON'};$outfwsettings{'TIME_TUE'};$outfwsettings{'TIME_WED'};$outfwsettings{'TIME_THU'};$outfwsettings{'TIME_FRI'};$outfwsettings{'TIME_SAT'};$outfwsettings{'TIME_SUN'};$outfwsettings{'TIME_FROM'};$outfwsettings{'TIME_TO'};
END
;
close FILE;
system("/usr/local/bin/outgoingfwctrl");
} else {
$outfwsettings{'ACTION'} = 'Add rule';
}
}
if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'})
{
&addrule();
exit
}
&General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
############################################################################################################################
############################################################################################################################
if ($outfwsettings{'POLICY'} ne 'MODE0'){
&Header::openbox('100%', 'center', 'Rules');
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' />
</form>
END
;
open( FILE, "< $configfile" ) or die "Unable to read $configfile";
@configs = <FILE>;
close FILE;
if (@configs) {
print <<END
<hr />
<table border='0' width='100%' cellspacing='0'>
<tr bgcolor='$color{'color22'}'>
<td width='14%' align='center'><b>$Lang::tr{'protocol'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'network'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'destination'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'description'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'policy'}</b></td>
<td width='16%' align='center'><b>$Lang::tr{'logging'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'action'}</b></td>
END
;
foreach $configentry (sort @configs)
{
@configline = split( /\;/, $configentry );
$outfwsettings{'STATE'} = $configline[0];
$outfwsettings{'ENABLED'} = $configline[1];
$outfwsettings{'SNET'} = $configline[2];
$outfwsettings{'PROT'} = $configline[3];
$outfwsettings{'NAME'} = $configline[4];
$outfwsettings{'SIP'} = $configline[5];
$outfwsettings{'SMAC'} = $configline[6];
$outfwsettings{'DIP'} = $configline[7];
$outfwsettings{'DPORT'} = $configline[8];
$outfwsettings{'LOG'} = $configline[9];
$configline[10] = "on" if not exists $configline[11];
$configline[11] = "on" if not exists $configline[11];
$configline[12] = "on" if not exists $configline[12];
$configline[13] = "on" if not exists $configline[13];
$configline[14] = "on" if not exists $configline[14];
$configline[15] = "on" if not exists $configline[15];
$configline[16] = "on" if not exists $configline[16];
$configline[17] = "00:00" if not exists $configline[17];
$configline[18] = "00:00" if not exists $configline[18];
$outfwsettings{'TIME_MON'} = $configline[10];
$outfwsettings{'TIME_TUE'} = $configline[11];
$outfwsettings{'TIME_WED'} = $configline[12];
$outfwsettings{'TIME_THU'} = $configline[13];
$outfwsettings{'TIME_FRI'} = $configline[14];
$outfwsettings{'TIME_SAT'} = $configline[15];
$outfwsettings{'TIME_SUN'} = $configline[16];
$outfwsettings{'TIME_FROM'} = $configline[17];
$outfwsettings{'TIME_TO'} = $configline[18];
if ($outfwsettings{'DIP'} eq ''){ $outfwsettings{'DISPLAY_DIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DIP'} = $outfwsettings{'DIP'}; }
if ($outfwsettings{'DPORT'} eq ''){ $outfwsettings{'DISPLAY_DPORT'} = 'ALL'; } else { $outfwsettings{'DISPLAY_DPORT'} = $outfwsettings{'DPORT'}; }
if ($outfwsettings{'STATE'} eq 'DENY'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_stop.png' alt='DENY' />"; }
if ($outfwsettings{'STATE'} eq 'ALLOW'){ $outfwsettings{'DISPLAY_STATE'} = "<img src='/images/stock_ok.png' alt='ALLOW' />"; }
if ((($outfwsettings{'POLICY'} eq 'MODE1') && ($outfwsettings{'STATE'} eq 'ALLOW')) || (($outfwsettings{'POLICY'} eq 'MODE2') && ($outfwsettings{'STATE'} eq 'DENY'))){
if ( $outfwsettings{'ENABLED'} eq "on" ){
print "<tr bgcolor='$color{'color20'}'>";
} else {
print "<tr bgcolor='$color{'color18'}'>";
}
print <<END
<td align='center'>$outfwsettings{'PROT'}
<td align='center'>$outfwsettings{'SNET'}
<td align='center'>$outfwsettings{'DISPLAY_DIP'}:$outfwsettings{'DISPLAY_DPORT'}
<td align='center'>$outfwsettings{'NAME'}
<td align='center'>$outfwsettings{'DISPLAY_STATE'}
<td align='center'>$outfwsettings{'LOG'}
<td align='center'>
<table border='0' cellpadding='0' cellspacing='0'><tr>
<td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
<input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
<input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
<input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
<input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
<input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
<input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
<input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
<input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
<input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
<input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
<input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
<input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
<input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
<input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
<input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
<input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
<input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
<input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
<input type='hidden' name='ACTION' value=$Lang::tr{'edit'} />
<input type='image' src='/images/edit.gif' width="20" height="20" alt=$Lang::tr{'edit'} />
</form>
<td><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='PROT' value='$outfwsettings{'PROT'}' />
<input type='hidden' name='STATE' value='$outfwsettings{'STATE'}' />
<input type='hidden' name='SNET' value='$outfwsettings{'SNET'}' />
<input type='hidden' name='DPORT' value='$outfwsettings{'DPORT'}' />
<input type='hidden' name='DIP' value='$outfwsettings{'DIP'}' />
<input type='hidden' name='SIP' value='$outfwsettings{'SIP'}' />
<input type='hidden' name='NAME' value='$outfwsettings{'NAME'}' />
<input type='hidden' name='SMAC' value='$outfwsettings{'SMAC'}' />
<input type='hidden' name='ENABLED' value='$outfwsettings{'ENABLED'}' />
<input type='hidden' name='LOG' value='$outfwsettings{'LOG'}' />
<input type='hidden' name='TIME_MON' value='$outfwsettings{'TIME_MON'}' />
<input type='hidden' name='TIME_TUE' value='$outfwsettings{'TIME_TUE'}' />
<input type='hidden' name='TIME_WED' value='$outfwsettings{'TIME_WED'}' />
<input type='hidden' name='TIME_THU' value='$outfwsettings{'TIME_THU'}' />
<input type='hidden' name='TIME_FRI' value='$outfwsettings{'TIME_FRI'}' />
<input type='hidden' name='TIME_SAT' value='$outfwsettings{'TIME_SAT'}' />
<input type='hidden' name='TIME_SUN' value='$outfwsettings{'TIME_SUN'}' />
<input type='hidden' name='TIME_FROM' value='$outfwsettings{'TIME_FROM'}' />
<input type='hidden' name='TIME_TO' value='$outfwsettings{'TIME_TO'}' />
<input type='hidden' name='ACTION' value=$Lang::tr{'delete'} />
<input type='image' src='/images/delete.gif' width="20" height="20" alt=$Lang::tr{'delete'} />
</form></table>
END
;
if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) {
unless ($outfwsettings{'SIP'}) {
$outfwsettings{'DISPLAY_SIP'} = 'ALL';
} else {
$outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'};
}
unless ($outfwsettings{'SMAC'}) {
$outfwsettings{'DISPLAY_SMAC'} = 'ALL';
print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>";
print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>";
} else {
$outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'};
print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>";
print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>";
}
}
print <<END
<tr><td width='14%' align='right'>$Lang::tr{'time'} - </td>
<td width='14%' align='left'>
END
;
if ($outfwsettings{'TIME_MON'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy monday'}</font>,";
if ($outfwsettings{'TIME_TUE'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy tuesday'}</font>,";
if ($outfwsettings{'TIME_WED'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy wednesday'}</font>,";
if ($outfwsettings{'TIME_THU'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy thursday'}</font>,";
if ($outfwsettings{'TIME_FRI'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy friday'}</font>,";
if ($outfwsettings{'TIME_SAT'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy saturday'}</font>,";
if ($outfwsettings{'TIME_SUN'} eq 'on') { print "<font color='$Header::colourgreen'>";}
else { print "<font color='$Header::colourred'>";}
print "$Lang::tr{'advproxy sunday'}</font>";
print <<END
</td>
<td width='22%' align='center'>$Lang::tr{'advproxy from'} $outfwsettings{'TIME_FROM'}</td>
<td width='22%' align='center'>$Lang::tr{'advproxy to'} $outfwsettings{'TIME_TO'}</td>
</form>
END
;
}
}
if ($outfwsettings{'POLICY'} eq 'MODE1'){
print <<END
<tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td align='center'>all
<td align='center'>all
<td align='center'>ALL
<td align='center'>drop
<td align='center'><img src='/images/stock_stop.png' alt='DENY' />
<td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
<td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
<table border='0' cellpadding='0' cellspacing='0'><tr>
<td>
<td></table>
END
;
}
print <<END
</table>
END
;
}
&Header::closebox();
}
if ($outfwsettings{'POLICY'} ne 'MODE0'){
open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
&Header::openbox('100%', 'center', 'P2P-Block');
print <<END
<table width='40%'>
<tr bgcolor='$color{'color22'}'><td width='66%' align=center><b>$Lang::tr{'protocol'}</b>
<td width='33%' align=center><b>$Lang::tr{'status'}</b>
END
;
my $id = 1;
foreach $p2pentry (sort @p2ps)
{
@p2pline = split( /\;/, $p2pentry );
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
END
;
print "\t\t\t<tr bgcolor='$color{'color20'}'>\n";
print <<END
<td width='66%' align='center'>$p2pline[0]:
<td width='33%' align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' />
END
;
if ($p2pline[2] eq 'on') {
print <<END
<input type='hidden' name='ACTION' value='disable' />
<input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/>
END
;
} else {
print <<END
<input type='hidden' name='ACTION' value='enable' />
<input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' />
END
;
}
print <<END
</form>
END
;
}
print <<END
</table>
<br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'}
END
;
&Header::closebox();
}
&Header::openbox('100%', 'center', 'Policy');
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr>
<tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr>
<tr><td colspan='3'><hr /></td></tr>
<tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select>
<td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
<td width='45%' align='left'>
END
;
if ($outfwsettings{'POLICY'} ne 'MODE0') {
print <<END
$Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} />
END
;
}
print <<END
</table>
</form>
END
;
&Header::closebox();
############################################################################################################################
############################################################################################################################
sub addrule
{
&Header::openbox('100%', 'center', $Lang::tr{'Add Rule'});
if ($outfwsettings{'ENABLED'} eq 'on') { $selected{'ENABLED'} = 'checked'; }
$selected{'TIME_FROM'}{$outfwsettings{'TIME_FROM'}} = "selected='selected'";
$selected{'TIME_TO'}{$outfwsettings{'TIME_TO'}} = "selected='selected'";
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='80%'>
<tr>
<td width='20%' align='right'>$Lang::tr{'description'}: <img src='/blob.gif' /></td>
<td width='30%' align='left'><input type='text' name='NAME' maxlength='30' value='$outfwsettings{'NAME'}' /></td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'active'}:</td>
<td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'protocol'}</td>
<td width='30%' align='left'>
<select name='PROT'>
<option value='all' $selected{'PROT'}{'all'}>All</option>
<option value='tcp' $selected{'PROT'}{'tcp'}>TCP</option>
<option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
<option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
<option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
</select>
</td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:</td>
<td width='30%' align='left' colspan='2'>
END
;
if ($outfwsettings{'POLICY'} eq 'MODE1'){
print "\t\t\t\tALLOW<input type='hidden' name='STATE' value='ALLOW' />\n";
} elsif ($outfwsettings{'POLICY'} eq 'MODE2'){
print "\t\t\t\tDENY<input type='hidden' name='STATE' value='DENY' />\n";
}
print <<END
</td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'source'}:</td>
<td width='30%' align='left'>
<select name='SNET'>
<optgroup label='---'>
<option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option>
<optgroup label='$Lang::tr{'mac address'}'>
<option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option>
</optgroup>
<optgroup label='$Lang::tr{'ip address'}'>
<option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option>
<option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option>
</optgroup>
<optgroup label='$Lang::tr{'alt vpn'}'>
<option value='ovpn' $selected{'SNET'}{'ovpn'}>OpenVPN $Lang::tr{'interface'}</option>
</optgroup>
<optgroup label='$Lang::tr{'network'}'>
<option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
END
;
if (&Header::blue_used()){
print "\t\t\t\t\t<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>\n";
}
if (&Header::orange_used()){
print "\t\t\t\t\t<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>\n";
}
print <<END
</optgroup>
<optgroup label='IP $Lang::tr{'advproxy NCSA group'}'>
END
;
my @ipgroups = qx(ls $configpath/ipgroups/);
foreach (sort @ipgroups){
chomp($_);
print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
}
print <<END
</optgroup>
<optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'>
END
;
my @macgroups = qx(ls $configpath/macgroups/);
foreach (sort @macgroups){
chomp($_);
print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{$_}>$_</option>\n";
}
print <<END
</optgroup>
</select>
</td>
<td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td>
</tr>
<tr>
<td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td>
<td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td>
</tr>
<tr>
<td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' />
<td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' />
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'logging'}:</td>
<td width='30%' align='left'>
<select name='LOG'>
<option value='$Lang::tr{'active'}' $selected{'LOG'}{$Lang::tr{'active'}}>$Lang::tr{'active'}</option>
<option value='$Lang::tr{'inactive'}' $selected{'LOG'}{$Lang::tr{'inactive'}}>$Lang::tr{'inactive'}</option>
</select>
</td>
<td width='20%' align='right' colspan='2' />
<td width='30%' align='left' colspan='2' />
<tr>
<td width='20%' align='right'>$Lang::tr{'destination ip or net'}: <img src='/blob.gif' /></td>
<td width='30%' align='left'><input type='text' name='DIP' value='$outfwsettings{'DIP'}' /></td>
<td width='20%' align='right' colspan='2'>$Lang::tr{'destination port'}(s) <img src='/blob.gif' /></td>
<td width='30%' align='left' colspan='2'><input type='text' name='DPORT' value='$outfwsettings{'DPORT'}' /></td>
</tr>
<tr>
<td width='20%' align='right'>$Lang::tr{'time'}:</td>
<td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
<td width='20%' align='right' colspan='2' />
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
<tr>
<td width='20%' align='right'></td>
<td width='30%' align='left'>
<input type='checkbox' name='TIME_MON' $checked{'TIME_MON'}{'on'} />
<input type='checkbox' name='TIME_TUE' $checked{'TIME_TUE'}{'on'} />
<input type='checkbox' name='TIME_WED' $checked{'TIME_WED'}{'on'} />
<input type='checkbox' name='TIME_THU' $checked{'TIME_THU'}{'on'} />
<input type='checkbox' name='TIME_FRI' $checked{'TIME_FRI'}{'on'} />
<input type='checkbox' name='TIME_SAT' $checked{'TIME_SAT'}{'on'} />
<input type='checkbox' name='TIME_SUN' $checked{'TIME_SUN'}{'on'} />
</td>
<td width='20%' align='right' colspan='2' />
<td width='15%' align='left'>
<select name='TIME_FROM'>
END
;
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
}
}
print <<END
</select>
</td>
<td width='15%' align='left'><select name='TIME_TO'>
END
;
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
print <<END
</select>
</td>
</tr>
<tr>
<td colspan='6' />
<tr>
<tr>
<td width='40%' align='right' colspan='2'><img src='/blob.gif' />$Lang::tr{'this field may be blank'}</td>
<td width='60%' align='left' colspan='4'><input type='submit' name='ACTION' value=$Lang::tr{'add'} /></td>
</table></form>
END
;
&Header::closebox();
if ($outfwsettings{'POLICY'} eq 'MODE1' || $outfwsettings{'POLICY'} eq 'MODE2')
{
&Header::openbox('100%', 'center', 'Quick Add');
open( FILE, "< /var/ipfire/outgoing/defaultservices" ) or die "Unable to read default services";
my @defservices = <FILE>;
close FILE;
print "<table width='100%'><tr bgcolor='$color{'color20'}'><td><b>$Lang::tr{'service'}</b></td><td><b>$Lang::tr{'description'}</b></td><td><b>$Lang::tr{'port'}</b></td><td><b>$Lang::tr{'protocol'}</b></td><td><b>$Lang::tr{'source net'}</b></td><td><b>$Lang::tr{'logging'}</b></td><td><b>$Lang::tr{'action'}</b></td></tr>";
foreach my $serviceline(@defservices)
{
my @service = split(/,/,$serviceline);
print <<END
<tr><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td>$service[0]<input type='hidden' name='NAME' value='@service[0]' /></td>
<td>$service[3]</td>
<td><a href='http://isc.sans.org/port_details.php?port=$service[1]' target='top'>$service[1]</a><input type='hidden' name='DPORT' value='@service[1]' /></td>
<td>$service[2]<input type='hidden' name='PROT' value='@service[2]' /></td>
<td><select name='SNET'><option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option><option value='green' $selected{'SNET'}{'green'}>$Lang::tr{'green'}</option>
END
;
if (&Header::blue_used()){
print "<option value='blue' $selected{'SNET'}{'blue'}>$Lang::tr{'wireless'}</option>";
}
if (&Header::orange_used()){
print "<option value='orange' $selected{'SNET'}{'orange'}>$Lang::tr{'dmz'}</option>";
}
print <<END
</select></td>
<td><select name='LOG'><option value='$Lang::tr{'active'}'>$Lang::tr{'active'}</option><option value='$Lang::tr{'inactive'}' 'selected'>$Lang::tr{'inactive'}</option></select></td><td>
<input type='hidden' name='ACTION' value=$Lang::tr{'add'} />
<input type='image' alt='$Lang::tr{'add'}' src='/images/add.gif' />
<input type='hidden' name='ENABLED' value='on' />
END
;
if ($outfwsettings{'POLICY'} eq 'MODE1'){ print "<input type='hidden' name='STATE' value='ALLOW' /></form></td></tr>";}
elsif ($outfwsettings{'POLICY'} eq 'MODE2'){print "<input type='hidden' name='STATE' value='DENY' /></form></td></tr>";}
}
print "</table>";
&Header::closebox();
}
}
&Header::closebigbox();
&Header::closepage();

8
langs/de/cgi-bin/de.pl
View File

@@ -747,7 +747,8 @@
'download root certificate' => 'Root-Zertifikat herunterladen',
'dpd action' => 'Aktion für Dead Peer Detection',
'driver' => 'Treiber',
'drop input' => 'Verworfene Input-Pakete loggen',
'drop action' => 'Standardverhalten der Firewall in Modus1',
'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop forward' => 'Verworfene Firewall-Pakete loggen',
'drop portscan' => 'Verworfene Portscan Pakete loggen',
@@ -1033,8 +1034,9 @@
'from email server' => 'Von Email Server',
'from email user' => 'Von Email Benutzer',
'from warn email bad' => 'Von Email Adresse ist nicht gültig',
'fw blue' => 'Firewall-Optionen für das Blaue Interface',
'fw logging' => 'Firewall-Logging',
'fw blue' => 'Firewall Optionen für das Blaue Interface',
'fw default drop' => 'Firewall Policy',
'fw logging' => 'Firewall Logging',
'gateway' => 'Gateway',
'gateway ip' => 'Gateway-IP',
'gen static key' => 'Statischen Schlüssel erzeugen',

4
langs/en/cgi-bin/en.pl
View File

@@ -771,9 +771,10 @@
'download root certificate' => 'Download root certificate',
'dpd action' => 'Dead Peer Detection action',
'driver' => 'Driver',
'drop action' => 'Default behaviour of firewall in mode 1',
'drop input' => 'Log dropped input pakets',
'drop newnotsyn' => 'Log dropped new not syn pakets',
'drop forward' => 'Log dropped firewall pakets',
'drop forward' => 'Log dropped forward pakets',
'drop portscan' => 'Log dropped portscan pakets',
'drop proxy' => 'Drop all packets not addressed to proxy',
'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
@@ -1060,6 +1061,7 @@
'from email user' => 'From e-mail user',
'from warn email bad' => 'From e-mail address is not valid',
'fw blue' => 'Firewall options for BLUE interface',
'fw default drop' => 'Firewall policy',
'fw logging' => 'Firewall logging',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',

1
lfs/configroot
View File

@@ -103,6 +103,7 @@ $(TARGET) :
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
cp $(DIR_SRC)/config/forwardfw/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
cp $(DIR_SRC)/config/forwardfw/firewall-forward-policy /usr/sbin/firewall-forward-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
# Oneliner configfiles

27
src/initscripts/init.d/firewall
View File

@@ -226,12 +226,6 @@ case "$1" in
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
@@ -283,11 +277,16 @@ case "$1" in
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
#if [ "$DROPFORWARD" == "on" ]; then
# /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
#fi
#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
#POLICY CHAIN
/sbin/iptables -N POLICY
/sbin/iptables -A FORWARD -j POLICY
/usr/sbin/firewall-forward-policy
;;
startovpn)
# run openvpn
@@ -320,14 +319,10 @@ case "$1" in
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
fi
/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
#if [ "$DROPOUTPUT" == "on" ]; then
# /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
#fi
#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_OUTPUT"
if [ "$DROPFORWARD" == "on" ]; then
/sbin/iptables -A FORWARDFW -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARDFW "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
/sbin/iptables -A FORWARDFW -j DROP -m comment --comment "DROP_FORWARDFW-oberdropper"
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
;;
stopovpn)
# stop openvpn