sync IPFire fwhosts.cgi
commit 2398cc431a3fb2cd4141b6a846f0cd0742f6a97c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:05:32 2025 +0200
fwhosts.cgi: Escape PROT in the right place
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ad995081302f6b28ea11c74e56306d94a7bee076
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:02:18 2025 +0200
fwhosts.cgi: Check country code before proceeding
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a2c624b99dbcecb469e6001505731049ef5cbbd3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:37 2025 +0200
fwhosts.cgi Fix for bug 13876 & bug 13877
Fixes: Bug 13876 savelocationgrp COUNTRY_CODE Stored Cross-Site Scripting
Fixes: Bug 13877 saveservice PROT Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 798556ec29207d5131a7600d5489f1ee92a7b87a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:57 2025 +0000
fwhosts.cgi: Move the tooltip into the usage counter
This will clutter the page less as we don't have any good icon sets.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 61b277aa9c578a9a69e552f593a8bde421b811bc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:56 2025 +0000
fwhosts.cgi: Don't show anything if a host/group is unused
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ca811a746a79f0e02cfb780cbd4543a057131e3a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:55 2025 +0000
fwhosts.cgi: Remove whitespace issues
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5511d94ed0d8ea6fd372d52cba515b4d6726abed
Author: Peer Dietzmann <dietzmann@brecht-schule.hamburg>
Date: Mon Jun 23 17:16:54 2025 +0000
fwhosts.cgi: Show in which firewall rule objects are being used
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 341eb00a821c4254ddd04968beed2e98e5a33aff
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 3 15:10:16 2025 +0200
fwhosts.cgi: Correctly show IP addresses for WireGuard RW peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 50b4c402226cda390832d3124a2a46187cc635c3
Author: Stephen Cuka <stephen@firemypi.org>
Date: Thu Feb 27 16:34:16 2025 -0700
fwhosts.cgi: Add button spacing on 'Firewall/Firewall Groups' page.
Add spacing between showmenu() buttons on Firewall/Firewall Groups page to improve the look of the page.
No changes to the functions of the page.
Signed-off-by: Stephen Cuka <stephen@firemypi.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 23 12:35:52 2025 +0200
firewall: Add support for WireGuard peers to groups
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
iptables multiport only supports up to 15 elements for each protocol (TCP or UDP).
That can be single ports or portranges (they count doubble).
This commit extends the check to calculate the amount of used TCP and/or
UDP ports of all existing entries in a group, by increasing the amount
for the service which should be added.
If the amount of ports for TCP or UDP ports become greater than the
limit of 15 the error message will be displayed.
Fixes#11323.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Previously, the getcolor() function did not correctly process IPsec
N2N connections with more than one remote network configured, resulting
in networks mistakenly marked as being part of a VPN connection, or vice
versa.
Fixes: #11235
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This disables the theme support and makes it impossible to use any other
themes than the ipfire default theme.
The only intention of this patch is to hardcode the theme to ipfire.
To change any cgi we have is an ugly way, but the only way to do this
fast. The colour handling needs certainly to be improved as well, but
this will and should be done in other patches.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Code only changed field 6 of hash (target group) and not field 4 (source group).
Also if using geoip it was only field 4 of hash (source group) and not field 6 of hash (target group)
Added new code that changes both fields to reflect the change in the firewallrules immediately.
fixes: #11825
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch adds the changes to the firewall groups.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When renaming a GeoIP Group, the corresponding names in
firewallrules (if any) are not changed accordingly. Now
when changing a GeoIP Group the firewallrules are renamed
correctly.
Slightly improved first version of this patch (contained
a blank line with trailing whitespace). No functionality
changed, patch has been confirmed as working correctly.
Fixes: #11312
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #11278
When creating networks which are part of an internal network, there was an errormessage displayed and the creation was prohibited.
Now it is possible to create such subnets. This is used at own risk! Users have to take care of the firewallrule sequence.
It is possible to create situations that are not wanted.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If one has an IPSec network named "aaa" and an OpenVPn Host with the same name
it was not possible to group them together because of the same name.
Now the Network type is also checked wich allows Entries with same name, but different networks.
Fixes: #11242
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
in firewallgroups (hosts) an error was created when using ip adresses
like 192.168.000.008. Now all leading zeros are deleted in
firewallgroups and in the firewall itself when using single ip addresses
as source or target.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Read-in firewall config files for detection if the current group is used
by at least one firewall rule and mark the firewall to need a reload if
neccessary.
Fixes#10771.
We added RED to the standard networks and now portforwardings are only
useable from the selected source. If selected "all" the portforwarding
can be used from any internal network. Else the access is only grnated
from the selected source network.
Another Bugfix: Layout of hostgroups was broken when more than 1 vpn
connection is defined. There where dropdownboxes for every vpn
connection instead of only one
Almost all of <input type="image"... has both an alt and a
title attribute, but some are missing title, and when the icon
is not very clear, it makes it harder to understand what the icon
does. By adding title, the browser displays text when mouse pointer
is over the icon.
Also add missing quotes for alt and title attributes where needed.
Now one can create a group, use it in a rule and then delete every entry
from the group. (The firewallrule then will be displayed yellow and
disabled).
