mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-12 04:05:53 +02:00
Firewall: DNAT - Show right DNAT interface in ruletable
Now: When using a hostgroup as source there are all corresponding DNAT interfaces shown in ruletable depending on the entries in the group. When in DNAT area "-automatic" is selected, the DNAT interfaces are shown as IP-Addresses, else they are shown as "ORANGE","GREEN","BLUE"... BUGFIX: When there is a MAC address used in a sourcegroup, the rules could not be set. Now MAC addresses get allways the public interface as DNAT
This commit is contained in:
Alexander Marx
committed by
Michael Tremer
Michael Tremer
parent
4e54e3c6f5
commit
fd169d0adc
@@ -51,11 +51,12 @@ my $configipsec = "${General::swroot}/vpn/config";
|
||||
my $configovpn = "${General::swroot}/ovpn/settings";
|
||||
my $val;
|
||||
my $field;
|
||||
my $netsettings = "${General::swroot}/ethernet/settings";
|
||||
|
||||
&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
|
||||
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
|
||||
&General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
|
||||
|
||||
&General::readhash("$netsettings", \%defaultNetworks);
|
||||
|
||||
&General::readhasharray("$confignet", \%customnetwork);
|
||||
&General::readhasharray("$confighost", \%customhost);
|
||||
@@ -253,8 +254,8 @@ sub get_host_ip
|
||||
}
|
||||
}
|
||||
}
|
||||
# Functions used by rules.pl
|
||||
sub get_addresses {
|
||||
sub get_addresses
|
||||
{
|
||||
my $hash = shift;
|
||||
my $key = shift;
|
||||
my $type = shift;
|
||||
@@ -293,7 +294,8 @@ sub get_addresses {
|
||||
|
||||
return @addresses;
|
||||
}
|
||||
sub get_address {
|
||||
sub get_address
|
||||
{
|
||||
my $key = shift;
|
||||
my $value = shift;
|
||||
my $type = shift;
|
||||
@@ -401,21 +403,24 @@ sub get_address {
|
||||
|
||||
return @ret;
|
||||
}
|
||||
sub get_external_interface() {
|
||||
sub get_external_interface()
|
||||
{
|
||||
open(IFACE, "/var/ipfire/red/iface") or return "";
|
||||
my $iface = <IFACE>;
|
||||
close(IFACE);
|
||||
|
||||
return $iface;
|
||||
}
|
||||
sub get_external_address() {
|
||||
sub get_external_address()
|
||||
{
|
||||
open(ADDR, "/var/ipfire/red/local-ipaddress") or return "";
|
||||
my $address = <ADDR>;
|
||||
close(ADDR);
|
||||
|
||||
return $address;
|
||||
}
|
||||
sub get_alias {
|
||||
sub get_alias
|
||||
{
|
||||
my $id = shift;
|
||||
|
||||
foreach my $alias (sort keys %aliases) {
|
||||
@@ -424,13 +429,14 @@ sub get_alias {
|
||||
}
|
||||
}
|
||||
}
|
||||
sub get_nat_address {
|
||||
sub get_nat_address
|
||||
{
|
||||
my $zone = shift;
|
||||
my $source = shift;
|
||||
|
||||
# Any static address of any zone.
|
||||
if ($zone eq "AUTO") {
|
||||
if ($source) {
|
||||
if ($source && ($source !~ m/mac/i )) {
|
||||
my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
|
||||
if ($firewall_ip) {
|
||||
return $firewall_ip;
|
||||
@@ -456,7 +462,8 @@ sub get_nat_address {
|
||||
|
||||
print_error("Could not find NAT address");
|
||||
}
|
||||
sub get_internal_firewall_ip_addresses {
|
||||
sub get_internal_firewall_ip_addresses
|
||||
{
|
||||
my $use_orange = shift;
|
||||
|
||||
my @zones = ("GREEN", "BLUE");
|
||||
@@ -474,7 +481,8 @@ sub get_internal_firewall_ip_addresses {
|
||||
|
||||
return @addresses;
|
||||
}
|
||||
sub get_matching_firewall_address {
|
||||
sub get_matching_firewall_address
|
||||
{
|
||||
my $addr = shift;
|
||||
my $use_orange = shift;
|
||||
|
||||
@@ -498,7 +506,8 @@ sub get_matching_firewall_address {
|
||||
|
||||
return 0;
|
||||
}
|
||||
sub get_internal_firewall_ip_address {
|
||||
sub get_internal_firewall_ip_address
|
||||
{
|
||||
my $subnet = shift;
|
||||
my $use_orange = shift;
|
||||
|
||||
@@ -517,5 +526,4 @@ sub get_internal_firewall_ip_address {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
return 1;
|
||||
|
||||
@@ -989,6 +989,12 @@ sub deleterule
|
||||
&base;
|
||||
}
|
||||
}
|
||||
sub del_double
|
||||
{
|
||||
my %all=();
|
||||
@all{@_}=1;
|
||||
return (keys %all);
|
||||
}
|
||||
sub disable_rule
|
||||
{
|
||||
my $key1=shift;
|
||||
@@ -2551,9 +2557,22 @@ END
|
||||
<td align='center' $tdcolor>
|
||||
END
|
||||
#Is this a DNAT rule?
|
||||
my $natstring;
|
||||
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
|
||||
if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
|
||||
print "Firewall ($$hash{$key}[29])";
|
||||
if ($$hash{$key}[29] eq 'AUTO'){
|
||||
my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
|
||||
my @nat_ifaces;
|
||||
foreach my $val (@src_addresses){
|
||||
my ($ip,$sub)=split("/",$val);
|
||||
push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$ip));
|
||||
}
|
||||
@nat_ifaces=&del_double(@nat_ifaces);
|
||||
$natstring = join(', ', @nat_ifaces);
|
||||
}else{
|
||||
$natstring = $$hash{$key}[29];
|
||||
}
|
||||
print "$Lang::tr{'firewall'} ($natstring)";
|
||||
if($$hash{$key}[30] ne ''){
|
||||
$$hash{$key}[30]=~ tr/|/,/;
|
||||
print": $$hash{$key}[30]";
|
||||
|
||||
Reference in New Issue
Block a user