webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-17 06:23:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: Bugfix: When having more than 1 ICMP rule in a group, the rule is not created.

Browse Source 
Also changed (INPUT) to (Input) in firewall-options
This commit is contained in:
Alexander Marx
2013-03-04 20:56:20 +01:00
committed by Michael Tremer
parent a7d7f5a3da
commit 8cb1afc817
2 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
config/forwardfw/rules.pl
View File

@@ -120,7 +120,6 @@ if($param eq 'flush'){
system ("iptables -A $CHAIN -s $orange -d $blue -j RETURN");
}
}
&p2pblock;
system ("iptables -A $CHAIN -m state --state NEW -j ACCEPT");
system ("/usr/sbin/firewall-policy");
@@ -230,10 +229,20 @@ sub buildrules
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
}
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
}
}else{
if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
}
}
@@ -250,10 +259,20 @@ sub buildrules
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
}
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
}
}else{
if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
}
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]");
}
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]");
}
}
}

2
langs/de/cgi-bin/de.pl
View File

@@ -747,7 +747,7 @@
'driver' => 'Treiber',
'drop action' => 'Standardverhalten der (Forward) Firewall in Modus "Blocked"',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
'drop action2' => 'Standardverhalten der (INPUT) Firewall',
'drop action2' => 'Standardverhalten der (Input) Firewall',
'drop input' => 'Verworfene Input Pakete loggen',
'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
'drop forward' => 'Verworfene (Forward) Firewall-Pakete loggen',