Firewall: Some changes in Strings and languagefiles

2026-04-13 04:22:58 +02:00 · 2013-10-17 11:27:48 +02:00
parent fda8c915d6
commit 86a921ee47
5 changed files with 41 additions and 31 deletions
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -53,16 +53,17 @@ my $configoutgoing  = "${General::swroot}/forward/outgoing";
 my $p2pfile			= "${General::swroot}/forward/p2protocols";
 my $configgrp		= "${General::swroot}/fwhosts/customgroups";
 my $netsettings		= "${General::swroot}/ethernet/settings";
-my $errormessage='';
-my $orange;
-my $green;
-my $blue;
+my $errormessage	= '';
+my $orange			= '';
+my $green			= '';
+my $blue			= '';
 my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
-my $CHAIN="FORWARDFW";
-my $conexists='off';
-my $command = 'iptables -A';
-my $dnat='';
-my $snat='';
+my $CHAIN			= "FORWARDFW";
+my $conexists		= 'off';
+my $command			= 'iptables -A';
+my $dnat			='';
+my $snat			='';
+
 &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
 &General::readhash("$netsettings", \%defaultNetworks);
 &General::readhasharray($configfwdfw, \%configfwdfw);
@@ -81,13 +82,13 @@ if (-f "/var/ipfire/red/active"){
 open (CONN1,"/var/ipfire/red/local-ipaddress");
 my $redip = <CONN1>;
 close(CONN1);
-################################
-#    DEBUG/TEST                #
-################################
+#################
+#    DEBUG/TEST #
+#################
 my $MODE=0;     # 0 - normal operation
-				# 1 - print configline and rules to console	
-				# 
-################################		
+				# 1 - print configline and rules to console
+				#
+#################
 my $param=shift;

 if($param eq 'flush'){
@@ -107,7 +108,7 @@ if($param eq 'flush'){
 	if($MODE eq '0'){
 		if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
 			&p2pblock;
-			system ("/usr/sbin/firewall-policy"); 
+			system ("/usr/sbin/firewall-policy");
 		}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
 			&p2pblock;
 			system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
@@ -123,7 +124,7 @@ sub flush
 	system ("iptables -F OUTGOINGFW");
 	system ("iptables -t nat -F NAT_DESTINATION");
 	system ("iptables -t nat -F NAT_SOURCE");
-}			
+}
 sub preparerules
 {
 	if (! -z  "${General::swroot}/forward/config"){
@@ -236,12 +237,12 @@ sub buildrules
 				if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
 				if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
 				$TIME=join(",",@timeframe);
-				
+
 				$TIMEFROM="--timestart $time1 ";
 				$TIMETILL="--timestop $time2 ";
 				$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
 			}
-			if ($MODE eq '1'){	
+			if ($MODE eq '1'){
 				print "NR:$key ";
 				foreach my $i (0 .. $#{$$hash{$key}}){
 					print "$i: $$hash{$key}[$i]  ";
@@ -301,7 +302,10 @@ sub buildrules
 									if ($PROT ne '-p ICMP'){
 										print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
-								}				
+									if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+										print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+									}
+								}
 							}
 						}
 					}
@@ -364,7 +368,11 @@ sub buildrules
 									if ($PROT ne '-p ICMP'){
 										system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
-								}				
+									#PROCESS Prot ICMP and type = All ICMP-Types
+									if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+										system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+									}
+								}
 							}
 						}
 					}
@@ -472,7 +480,7 @@ sub get_address
 	my $type=shift; #src or tgt
 	my $hash;
 	if ($type eq 'src'){
-		$hash=\%sourcehash;	
+		$hash=\%sourcehash;
 	}else{
 		$hash=\%targethash;
 	}
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -1736,7 +1736,7 @@ END
 						<select name='ICMP_TYPES' style='min-width:230px;'>
 END
 		&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
-		print"<option>All ICMP-Types</option>";
+		print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
 		foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
 			if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
 				print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -759,7 +759,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservice')
 			}
 		}
 	}
-	if($ICMP eq ''){$ICMP='BLANK';}
+	if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
 	if (!$errormessage){
 		my $key = &General::findhasharraykey (\%customservice);
 		foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
@@ -1346,7 +1346,7 @@ END
 	<div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
 END
 	&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
-	print"<option>All ICMP-Types</option>";
+	print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
 	foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
 		if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
 			print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
@@ -1679,8 +1679,8 @@ END
 			print<<END;
 			<td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
 END
-			if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-		
+			if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+			elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
 			print<<END;
 			</td><td align='center'>$customservice{$key}[4]x</td>
 			<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -912,6 +912,7 @@
 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
 'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
+'fwdfw all icmp' => 'Alle ICMP-Typen',
 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
 'fwdfw DROP' => 'Verwerfen (DROP)',
 'fwdfw MODE1' => 'Alle Pakete verwerfen',
@@ -987,8 +988,8 @@
 'fwdfw toggle' => 'Aktivieren oder deaktivieren',
 'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
 'fwdfw use nat' => 'NAT benutzen',
-'fwdfw use srcport' => 'Quellport(s) benutzen:',
-'fwdfw use srv' => 'Zielport(s) benutzen:',
+'fwdfw use srcport' => 'Quellport:',
+'fwdfw use srv' => 'Zielport:',
 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
 'fwdfw wd_fri' => 'Fr',
 'fwdfw wd_mon' => 'Mo',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -937,6 +937,7 @@
 'fw settings dropdown' => 'Show all networks on rulecreation site',
 'fw settings remark' => 'Show remarks in ruletable',
 'fw settings ruletable' => 'Show empty ruletables',
+'fwdfw all icmp' => 'All ICMP-Types',
 'fwdfw ACCEPT' => 'ACCEPT',
 'fwdfw DROP' => 'DROP',
 'fwdfw MODE1' => 'Drop all packets',
@@ -1012,8 +1013,8 @@
 'fwdfw toggle' => 'Activate or deactivate',
 'fwdfw togglelog' => 'Activate or deactivate logging',
 'fwdfw use nat' => 'Use NAT',
-'fwdfw use srcport' => 'Use source port(s):',
-'fwdfw use srv' => 'Use destination port(s):',
+'fwdfw use srcport' => 'Source port:',
+'fwdfw use srv' => 'Destination port:',
 'fwdfw useless rule' => 'This rule is useless.',
 'fwdfw wd_fri' => 'Fri',
 'fwdfw wd_mon' => 'Mon',