Forward Firewall: Design changes

1) source has a new option "firewall" with dropdown for interfaces 2) source default networks->deleted IPFire, all ip's now in brackets 3) deleted warning message in Target that a mac is not usable 4) changes for "apply" button 5) in ruletable the protocol is now right beneath the ruletype column 6) changed target dropdown "INTERNET" to "RED" 7) renamed OpenVPN N-2N to OpenVPN Net-to-Net 8) set missing default firewall options 9) little changes on the en and de lang files
2026-04-11 03:25:54 +02:00 · 2013-06-28 09:36:31 +02:00
parent 2af92cf5ac
commit a0fb1099ef
6 changed files with 109 additions and 58 deletions
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -209,7 +209,7 @@ sub buildrules
 						&get_address($customgrp{$grp}[3],$customgrp{$grp}[2],"tgt");
 					}
 				}
-			}elsif($$hash{$key}[5] eq 'ipfire'){
+			}elsif($$hash{$key}[5] eq 'ipfire' ){
 				if($$hash{$key}[6] eq 'GREEN'){
 					$targethash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
 				}
@@ -505,6 +505,30 @@ sub get_address
 		$$hash{$key}[0]=&fwlib::get_ovpn_n2n_ip($base2,11);
 	}elsif($base eq 'ipsec_net_src' || $base eq 'ipsec_net_tgt' || $base eq 'IpSec Network'){
 		$$hash{$key}[0]=&fwlib::get_ipsec_net_ip($base2,11);
+	}elsif($base eq 'ipfire_src' ){
+		if($base2 eq 'GREEN'){
+			$$hash{$key}[0]=$defaultNetworks{'GREEN_ADDRESS'};
+		}
+		if($base2 eq 'BLUE'){
+			$$hash{$key}[0]=$defaultNetworks{'BLUE_ADDRESS'};
+		}
+		if($base2 eq 'ORANGE'){
+			$$hash{$key}[0]=$defaultNetworks{'ORANGE_ADDRESS'};
+		}
+		if($base2 eq 'ALL'){
+			$$hash{$key}[0]='0.0.0.0/0';
+		}
+		if($base2 eq 'RED' || $base2 eq 'RED1'){
+			open(FILE, "/var/ipfire/red/local-ipaddress")or die "Couldn't open local-ipaddress";
+			$$hash{$key}[0]= <FILE>;
+			close(FILE);
+		}else{
+			foreach my $alias (sort keys %aliases){
+				if ($base2 eq $alias){
+					$$hash{$key}[0]=$aliases{$alias}{'IPT'};
+				}
+			}
+		}
 	}
 }
 sub get_prot
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -189,8 +189,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 		if($fwdfwsettings{'nosave2'} ne 'on'){
 			&saverule(\%configinputfw,$configinput);
 		}
-	}elsif($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'IPFire' ){
-		# OUTGOING PART
+	}elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+	# OUTGOING PART
 		$fwdfwsettings{'config'}=$configoutgoing;
 		$fwdfwsettings{'chain'} = 'OUTGOINGFW';
 		my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
@@ -378,7 +378,7 @@ sub addrule
 {
 	&error;
 	if (-f "${General::swroot}/forward/reread"){
-		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div</td></tr></table></form><hr><br>";
+		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</div</td></tr></table></form><br>";
 	}
 	&Header::openbox('100%', 'left',  $Lang::tr{'fwdfw menu'});
 	print "<form method='post'>";
@@ -979,6 +979,7 @@ sub gen_dd_block
 	$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} 		= 'CHECKED';
 	$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 	$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
+	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
 print<<END;
 		<table width='100%' border='0'>
@@ -989,13 +990,16 @@ END
 	foreach my $network (sort keys %defaultNetworks)
 		{
 			next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
-			next if($defaultNetworks{$network}{'NAME'} eq "IPFire" && $srctgt eq 'tgt');
+			next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
 			print "<option value='$defaultNetworks{$network}{'NAME'}'";
 			print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
 			my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
-			$ifaces{$defnet} = '0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'ALL');
-			$defnet =  "RED_ADDRESS" if ($defaultNetworks{$network}{'NAME'} eq 'IPFire');
-			print ">$network $ifaces{$defnet} </option>";
+			$ifaces{$defnet}='0.0.0.0' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
+			if ($ifaces{$defnet}){
+				print ">$network ($ifaces{$defnet})</option>";
+			}else{
+				print ">$network</option>";
+			}
 		}
 	print"</select></td></tr>";
 	#custom networks
@@ -1403,6 +1407,7 @@ sub newrule
 	$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 	$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+	$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 	#check if update and get values
 	if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' && !$errormessage){
 		&General::readhasharray("$config", \%hash);
@@ -1462,6 +1467,7 @@ sub newrule
 				$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}}		= 'selected';
 				$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}}			= 'selected';
 				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+				$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
 				$selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
 				$selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
 			}
@@ -1510,9 +1516,24 @@ sub newrule
 	#------SOURCE-------------------------------------------------------
 	print<<END;
 		<table width='100%' border='0'>
-		<tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td colspan='5'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td></tr>
-		<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr>
-		</table>
+		<tr><td width='1%'><input type='radio' name='grp1' value='src_addr'  checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='17'></td><td width='1%'><input type='radio' name='grp1' value='ipfire_src'  $checked{'grp1'}{'ipfire'}></td><td><b>Firewall</b></td>
+END
+		print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
+		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};
+
+		if (! -z "${General::swroot}/ethernet/aliases"){
+			foreach my $alias (sort keys %aliases)
+			{
+				print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+			}
+		}
+		print<<END;
+		</td></tr>
+		<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
 END
 	&gen_dd_block('src','grp1');
 		print<<END;
@@ -1553,14 +1574,14 @@ END
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
 		print<<END;
 		<table width='100%' border='0'>	
-		<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td width='57%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
+		<tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr'  checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' maxlength='17'><td width='1%'><input type='radio' name='grp2' value='ipfire'  $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
 END
 		print"<td align='right'><select name='ipfire' style='width:200px;'>";
-		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'} 0.0.0.0</option>";
-		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} $ifaces{'GREEN_ADDRESS'}</option>" if $ifaces{'GREEN_ADDRESS'};
-		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} $ifaces{'ORANGE_ADDRESS'}</option>" if $ifaces{'ORANGE_ADDRESS'};
-		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} $ifaces{'BLUE_ADDRESS'}</option>" if $ifaces{'BLUE_ADDRESS'};
-		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} $ifaces{'RED_ADDRESS'}</option>" if $ifaces{'RED_ADDRESS'};
+		print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+		print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} ($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
+		print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if $ifaces{'ORANGE_ADDRESS'};
+		print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if $ifaces{'BLUE_ADDRESS'};
+		print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($ifaces{'RED_ADDRESS'})</option>" if $ifaces{'RED_ADDRESS'};

 		if (! -z "${General::swroot}/ethernet/aliases"){
 			foreach my $alias (sort keys %aliases)
@@ -1574,8 +1595,7 @@ END
 END
 		&gen_dd_block('tgt','grp2');
 		print<<END;
-		<b>$Lang::tr{'fwhost attention'}:</b><br>
-		$Lang::tr{'fwhost macwarn'}<br><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
+		<hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '></hr><br>
 		<table width='100%' border='0'>
 		<tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv'style='min-width:230px;' >
 END
@@ -1696,7 +1716,8 @@ END
 			}
 		}
 		print"</select></td></tr>";	
-		print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='40' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+		print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><input type='text' name='ruleremark' size='78' maxlength='255' value='$fwdfwsettings{'ruleremark'}'></td></tr>";
+		#print"<tr><td width='100%'>$Lang::tr{'remark'}:</td><td align='left'><textarea name='ruleremark' cols='70' rows='3' value='$fwdfwsettings{'ruleremark'}'></textarea></td></tr>";
 		if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
 			print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
 			for (my $count =1; $count <= $sum; $count++){ 
@@ -2088,7 +2109,7 @@ sub viewtablenew
 		my $coloryellow='';
 		print"<b>$title1</b><br>";
 		print"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
-		print"<tr><td align='center'><b>#</td><td ></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' width='25'></td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";#<td align='center'><b>$Lang::tr{'fwdfw time'}</td><b>$Lang::tr{'protocol'}</b>
+		print"<tr><td align='center'><b>#</td><td></td><td align='center' width='25'></td><td align='center'><b>$Lang::tr{'fwdfw source'}</td><td width='1%'><b>Log</td><td align='center'><b>$Lang::tr{'fwdfw target'}</td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</td></tr>";
 		foreach my $key (sort  {$a <=> $b} keys %$hash){
 			$tdcolor='';
 			@tmpsrc=();
@@ -2140,9 +2161,11 @@ sub viewtablenew
 				}
 			}
 			print"<tr bgcolor='$color' >";
+			#KEY
 			print<<END;
 			<td align='right' width='18'><b>$key &nbsp</b></td>
 END
+			#RULETYPE (A,R,D)
 			if ($$hash{$key}[0] eq 'ACCEPT'){
 				$ruletype='A';
 				$tooltip='ACCEPT';
@@ -2157,6 +2180,23 @@ END
 				$rulecolor=$color{'color16'};
 			}
 			print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
+			#Get Protocol
+			my $prot;
+			if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+				push (@protocols,$$hash{$key}[8]);
+			}elsif ($$hash{$key}[12]){			#target prot if manual
+				push (@protocols,$$hash{$key}[12]);
+			}elsif($$hash{$key}[14] eq 'cust_srv'){
+				&get_serviceports("service",$$hash{$key}[15]);
+			}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+				&get_serviceports("group",$$hash{$key}[15]);
+			}else{
+				push (@protocols,$Lang::tr{'all'});
+			}
+			my $protz=join(",",@protocols);
+			print"<td align='center'>$protz</td>";
+			@protocols=();
+			#SOURCE
 			&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
 			print"<td align='center' width='160' $tdcolor>";
 			if ($$hash{$key}[3] eq 'std_net_src'){
@@ -2172,10 +2212,11 @@ END
 				print $$hash{$key}[4];
 			}
 			$tdcolor='';
+			#SOURCEPORT
 			&getsrcport(\%$hash,$key);
 			#Is this a SNAT rule?
 			if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
-				print"<br>-> $$hash{$key}[29]";
+				print"<br>->$$hash{$key}[29]";
 				if ($$hash{$key}[30] ne ''){
 					print": $$hash{$key}[30]";
 				}
@@ -2185,6 +2226,7 @@ END
 			}else{
 				$log="/images/off.gif";
 			}
+			#LOGGING
 			print<<END;
 			</td>
 			<form method='post'>
@@ -2194,13 +2236,14 @@ END
 			<input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
 			</td></form>
 END
+			#TARGET
 			&getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
 			print<<END;
 			<td align='center' width='160' $tdcolor>
 END
 			#Is this a DNAT rule?
 			if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
-				print "IPFire ($$hash{$key}[29])";
+				print "Firewall ($$hash{$key}[29])";
 				if($$hash{$key}[30] ne ''){
 					$$hash{$key}[30]=~ tr/|/,/;
 					print": $$hash{$key}[30]";
@@ -2225,25 +2268,10 @@ END
 				print $$hash{$key}[6];
 			}
 			$tdcolor='';
+			#TARGETPORT
 			&gettgtport(\%$hash,$key);
 			print"</td>";
-			#Get Protocol
-			my $prot;
-			if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
-				push (@protocols,$$hash{$key}[8]);
-			}elsif ($$hash{$key}[12]){			#target prot if manual
-				push (@protocols,$$hash{$key}[12]);
-			}elsif($$hash{$key}[14] eq 'cust_srv'){
-				&get_serviceports("service",$$hash{$key}[15]);
-			}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
-				&get_serviceports("group",$$hash{$key}[15]);
-			}else{
-				push (@protocols,$Lang::tr{'all'});
-			}
-			my $protz=join(",",@protocols);
-			print"<td align='center'>$protz</td>";
-			@protocols=();
-
+			#RULE ACTIVE
 			if($$hash{$key}[2] eq 'ON'){
 				$gif="/images/on.gif"
 				
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1061,7 +1061,7 @@ if($fwhostsettings{'ACTION'} eq '')
 sub showmenu
 {
 	if (-f "${General::swroot}/forward/reread"){
-		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</td></tr></table></form><hr><br>";
+		print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>&nbsp &nbsp $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
 	}
 	&Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
 	print<<END;
@@ -1110,7 +1110,6 @@ sub addhost
 	<tr><td>$Lang::tr{'name'}:</td><td><input type='TEXT' name='HOSTNAME' id='textbox1' value='$fwhostsettings{'HOSTNAME'}' $fwhostsettings{'BLK_HOST'} size='14'><script>document.getElementById('textbox1').focus()</script></td></tr>
 	<tr><td>IP/MAC:</td><td><input type='TEXT' name='IP' value='$fwhostsettings{'IP'}' $fwhostsettings{'BLK_IP'} size='14' maxlength='17'></td></tr>
 	<tr><td width='10%'>$Lang::tr{'remark'}:</td><td><input type='TEXT' name='HOSTREMARK' value='$fwhostsettings{'HOSTREMARK'}' style='width:98%;'></td></tr>
-	<tr><td colspan='5'><br><br><b>$Lang::tr{'fwhost attention'}</b><br>$Lang::tr{'fwhost macwarn'}</td></tr>
 	<tr><td colspan='5'><hr></hr></td></tr>
 END

--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -940,7 +940,7 @@
 'fwdfw pol title'		=> 'Standardverhalten der Firewall',
 'fwdfw pol text'		=> 'Standardverhalten für Verbindungen aus den lokalen Netzwerken. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme der konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme erstellten Regeln.',
 'fwdfw pol text1'		=> 'Standardverhalten für Verbindungen von Firewall. Bei "Zugelassen" werden sämtliche Verbindungen zugelassen mit Ausnahme konfigurierten Regeln. Mit "Blockiert" werden alle Verbindungsversuche blockiert, mit Ausnahme der erstellten Regeln.Achtung! Mit diesen Einstellungen kann man sich aussperren. Normalerweise ist keine Änderung nötig.',
-'fwdfw red'				=> 'INTERNET',
+'fwdfw red'				=> 'ROT',
 'fwdfw REJECT'			=> 'Verweigern (REJECT)',
 'fwdfw reread'			=> 'Übernehmen',
 'fwdfw rules'			=> 'Regeln',
@@ -985,11 +985,11 @@
 'fwhost ccdnet'			=> 'OpenVPN Netzwerke:',
 'fwhost change'			=> 'Ändern',
 'fwhost changeremark'	=> 'Es wurde nur die Bemerkung angepasst.',
-'fwhost cust addr' 		=> 'Custom Adressen:',
-'fwhost cust grp'		=> 'Custom Gruppen:',
-'fwhost cust net' 		=> 'Custom Netzwerke:',
-'fwhost cust service'	=> 'Custom Dienste:',
-'fwhost cust srvgrp'	=> 'Custom Dienstgruppen',
+'fwhost cust addr' 		=> 'Adressen:',
+'fwhost cust grp'		=> 'Gruppen:',
+'fwhost cust net' 		=> 'Netzwerke:',
+'fwhost cust service'	=> 'Dienste:',
+'fwhost cust srvgrp'	=> 'Dienstgruppen',
 'fwhost deleted'		=> 'Gelöscht',
 'fwhost empty'			=> 'Keine Regeln definiert',
 'fwhost err addr' 		=> 'IP Adresse oder Subnetzmaske ungültig',
@@ -1034,10 +1034,9 @@
 'fwhost newgrp' 		=> 'Adressgruppierung',
 'fwhost newservice'		=> 'Diensteinstellungen',
 'fwhost newservicegrp'	=> 'Dienstgruppierung',
-'fwhost macwarn'		=> 'MAC Adressen können nicht als Ziel definiert werden. Solche Adressen werden ignoriert.',
 'fwhost menu' 			=> 'Firewallgruppen',
 'fwhost orange'			=> 'Orange',
-'fwhost ovpn_n2n'		=> 'OpenVPN N-2-N',
+'fwhost ovpn_n2n'		=> 'OpenVPN Net-to-Net',
 'fwhost port'			=> 'Port(s)',
 'fwhost prot'			=> 'Protokoll',
 'fwhost reread'			=> 'Die Firewallregeln müssen neu eingelesen werden.',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -965,7 +965,7 @@
 'fwdfw pol title'		=> 'Firewall default behavior',
 'fwdfw pol text'		=> 'Default behavior for connections from local networks. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Also external access and connections to/from the demilitarized zone are configurable here.',
 'fwdfw pol text1'		=> 'Default behavior for connections from IPFire. "Allowed" allows all connections from local networks except the defined rules. "Blocked" prohibits all connections except the defined ones. Attention! You can lock yourself out with these settings. Normally there is no need to change anything here.',
-'fwdfw red'				=> 'INTERNET',
+'fwdfw red'				=> 'RED',
 'fwdfw REJECT'			=> 'REJECT',
 'fwdfw reread'			=> 'Apply',
 'fwdfw rules'			=> 'Rules',
@@ -1010,11 +1010,11 @@
 'fwhost ccdnet'			=> 'OpenVPN networks:',
 'fwhost change'			=> 'Modify',
 'fwhost changeremark'	=> 'You just modified the remark',
-'fwhost cust addr' 		=> 'Custom addresses:',
-'fwhost cust grp'		=> 'Custom groups:',
-'fwhost cust net' 		=> 'Custom networks:',
-'fwhost cust service'	=> 'Custom services:',
-'fwhost cust srvgrp'	=> 'Custom servicegroups',
+'fwhost cust addr' 		=> 'Addresses:',
+'fwhost cust grp'		=> 'Groups:',
+'fwhost cust net' 		=> 'Networks:',
+'fwhost cust service'	=> 'Services:',
+'fwhost cust srvgrp'	=> 'Servicegroups',
 'fwhost deleted'		=> 'Deleted',
 'fwhost empty'			=> 'No rules defined',
 'fwhost err addr' 		=> 'Invalid IP address or subnet',
@@ -1059,10 +1059,9 @@
 'fwhost newgrp' 		=> 'Address grouping',
 'fwhost newservice'		=> 'Service',
 'fwhost newservicegrp'	=> 'Service grouping',
-'fwhost macwarn'		=> 'MAC addresses can not be used as target. Such addresses will be ignored.',
 'fwhost menu' 			=> 'Firewall Groups',
 'fwhost orange'			=> 'Orange',
-'fwhost ovpn_n2n'		=> 'OpenVPN N-2-N',
+'fwhost ovpn_n2n'		=> 'OpenVPN Net-to-Net',
 'fwhost port'			=> 'Port(s)',
 'fwhost prot'			=> 'Protocol',
 'fwhost reread'			=> 'Firewall rules need to be updated.',
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -123,6 +123,8 @@ $(TARGET) :
 	echo  "FWPOLICY2=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPPORTSCAN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPOUTGOING=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPSAMBA=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPPROXY=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWREMARK=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWCOLORS=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "SHOWTABLES=off"		>> $(CONFIG_ROOT)/optionsfw/settings