webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 03:33:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: Firewall sets Internetdevice correctly now (was always red0)

Browse Source
This commit is contained in:
Alexander Marx
2013-03-14 16:24:52 +01:00
committed by Michael Tremer
parent f2ab6fba4a
commit ddcec9d339
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/forwardfw/firewall-lib.pl
View File

@@ -207,6 +207,7 @@ sub get_grp_ip
sub get_std_net_ip sub get_std_net_ip
{ {
my $val=shift; my $val=shift;
my $con=shift;
if ($val eq 'ALL'){ if ($val eq 'ALL'){
return "0.0.0.0/0.0.0.0"; return "0.0.0.0/0.0.0.0";
}elsif($val eq 'GREEN'){ }elsif($val eq 'GREEN'){
@@ -216,7 +217,7 @@ sub get_std_net_ip
}elsif($val eq 'BLUE'){ }elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){ }elsif($val eq 'RED'){
return "0.0.0.0/0 -o red0"; return "0.0.0.0/0 -o $con";
}elsif($val =~ /OpenVPN/i){ }elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}"; return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){ }elsif($val =~ /IPsec/i){

13
config/forwardfw/rules.pl
View File

@@ -65,7 +65,7 @@ my $green;
my $blue; my $blue;
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT); my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW"; my $CHAIN="FORWARDFW";
my $conexists='off';
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks); &General::readhash("$netsettings", \%defaultNetworks);
@@ -76,6 +76,14 @@ my $CHAIN="FORWARDFW";
&General::readhasharray($configgrp, \%customgrp); &General::readhasharray($configgrp, \%customgrp);
&General::get_aliases(\%aliases); &General::get_aliases(\%aliases);
#check if we have an internetconnection
open (CONN,"/var/ipfire/red/iface");
my $con = <CONN>;
close(CONN);
if (-f "/var/ipfire/red/active"){
$conexists='on';
}
################################ ################################
# DEBUG/TEST # # DEBUG/TEST #
################################ ################################
@@ -153,6 +161,7 @@ sub buildrules
my $hash=shift; my $hash=shift;
my $STAG; my $STAG;
foreach my $key (sort {$a <=> $b} keys %$hash){ foreach my $key (sort {$a <=> $b} keys %$hash){
next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' );
$STAG=''; $STAG='';
if($$hash{$key}[2] eq 'ON'){ if($$hash{$key}[2] eq 'ON'){
#get source ip's #get source ip's
@@ -375,7 +384,7 @@ sub get_address
$$hash{$key}[0] = $base2; $$hash{$key}[0] = $base2;
} }
}elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){ }elsif($base eq 'std_net_src' || $base eq 'std_net_tgt' || $base eq 'Standard Network'){
$$hash{$key}[0]=&fwlib::get_std_net_ip($base2); $$hash{$key}[0]=&fwlib::get_std_net_ip($base2,$con);
}elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){ }elsif($base eq 'cust_net_src' || $base eq 'cust_net_tgt' || $base eq 'Custom Network'){
$$hash{$key}[0]=&fwlib::get_net_ip($base2); $$hash{$key}[0]=&fwlib::get_net_ip($base2);
}elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){ }elsif($base eq 'cust_host_src' || $base eq 'cust_host_tgt' || $base eq 'Custom Host'){