webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 17:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,668 Commits 2 Branches 1 Tag
0203401cf5dcd2fc005eb33a593b625f56258463
Commit Graph

51 Commits

Author SHA1 Message Date
Alexander Marx
6233483ba7 Forward Firewall: Bugfix: When creating a rule which results in an error, the counters in the firewallgroups where increased. 
Bugfix: When using icmp-type "all" there was no rule created

Conflicts:
	html/cgi-bin/forwardfw.cgi
 2013-09-27 10:43:01 +02:00
Alexander Marx
5bee9a9df5 Forward Firewall: edited GPL-header 2013-08-13 13:47:27 +02:00
Alexander Marx
dc21519f68 Forward Firewall: added GPL header to all files 2013-08-13 12:44:01 +02:00
Alexander Marx
93c2de1c66 Forward Firewall: Bugfix: ICMP rules where applied double 2013-08-09 14:49:35 +02:00
Alexander Marx
653a71b951 Forward FIrewall: Bugfix: When using predefined services in rulecreation, the rule was not applied. Bugfix: when in rulecreationpage and pressing "back" the site gets white. 2013-08-09 14:49:35 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
a648546338 Forward Firewall: added "default-rules-table" at the end of forward ruletable 2013-08-09 14:15:31 +02:00
Alexander Marx
7f25a65fc1 Forward Firewall: moved default rules from FORWARDFW to POLICYFWD 2013-08-09 14:15:31 +02:00
Alexander Marx
e17121fee7 Forward Firewall: removed nat part from rules.pl (file nat not existent anymore) 2013-08-09 14:15:31 +02:00
Alexander Marx
a0fb1099ef Forward Firewall: Design changes 
1) source has a new option "firewall" with dropdown for interfaces
2) source default networks->deleted IPFire, all ip's now in brackets
3) deleted warning message in Target that a mac is not usable
4) changes for "apply" button
5) in ruletable the protocol is now right beneath the ruletype column
6) changed target dropdown "INTERNET" to "RED"
7) renamed OpenVPN N-2N to OpenVPN Net-to-Net
8) set missing default firewall options
9) little changes on the en and de lang files
 2013-08-09 14:15:30 +02:00
Alexander Marx
f557ea1e59 Forward Firewall: removed PORTFWACCESS flushing from rules.pl 2013-08-09 14:15:30 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
60607a6c75 Forward Firewall: removed DMZ from rules.pl (does no longer exist, is forward now 2013-08-09 14:15:29 +02:00
Alexander Marx
674f4e9d51 Forward Firewall: on every reload of the new firewall-rules the firewall.local is also reloaded 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
8762442c4e Forward Firewall: INPUT Firewall added "ALL" with ip 0.0.0.0 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Alexander Marx
05d4f131e9 Forward Firewall: Implemented INPUT Firewall (extended external access) 
Now you are able to define INPUT Rules on every interface ip
 2013-08-09 14:15:27 +02:00
Alexander Marx
6fab5bca2a Forward Firewall: edited rules.pl so that in the rules the ip addresses from the remote ovpn N2N subnet are used instead of the openvpn subnet(because its only used as transfer net) 2013-08-09 14:13:11 +02:00
Alexander Marx
08e1c65d85 Forward Firewall: added SNAT multiport support 2013-08-09 14:12:40 +02:00
Alexander Marx
98cee89f94 Forward Firewall: Added multiport support to DNAT/Portforwarding 
Now it is possible to use multiple ports under DNAT when TARGET has no Port, one Port or one Portrange defined
 2013-08-09 14:12:39 +02:00
Alexander Marx
bc912c6e0c Forward Firewall: Version 0.9.9.2 
1) Some changes in en.pl
2) DNAT now supports REJECT/DROP rules
3) Bugfix: comma in remark customservicegroup
4) improved installer
 2013-08-09 14:12:39 +02:00
Alexander Marx
829697d076 Forward Firewall: enabled Portranges for DNAT 2013-08-09 14:11:58 +02:00
Alexander Marx
6be32fe504 Forward Firewall: bugfix: DNAT now correctly creates rules, when customservice defined as target 2013-08-09 14:11:58 +02:00
Alexander Marx
28640b7365 Forward Firewall: fix NAT-rules: iptables rule was not applied correctly in PORTFWACCESS 2013-08-09 14:11:58 +02:00
Alexander Marx
a6edca5a89 Forward Firewall: support for SNAT/DNAT in GUI and rules.pl 2013-08-09 14:11:56 +02:00
Alexander Marx
ddcec9d339 Forward Firewall: Firewall sets Internetdevice correctly now (was always red0) 2013-08-09 14:11:56 +02:00
Alexander Marx
472136c927 Forward Firewall: Fix ruletimes. Now the timevalues which are entered in the gui are saved to the rulefile. 
Wenn rule.pl is called, the script calculates the difference to UTC time and sets the iptables times accordingly.

With this approach there's no need to save if the times are created in summertime or wintertime.
 2013-08-09 14:11:55 +02:00
Alexander Marx
a0f267b92c Forward Firewall: removed --kerneltz from rules.pl. New function timeconvert in forwardfw.cgiu takes care of timeconversion now 2013-08-09 14:11:55 +02:00
Alexander Marx
f38e0c4de0 Forward Firewall: added --kerneltz option to timeframe 2013-08-09 14:11:54 +02:00
Alexander Marx
8cb1afc817 Forward Firewall: Bugfix: When having more than 1 ICMP rule in a group, the rule is not created. 
Also changed (INPUT) to (Input) in firewall-options
 2013-08-09 14:11:54 +02:00
Alexander Marx
31fef6cc2d Forward Firewall: rules.pl supports now DMZ rules. These rules are applied first 2013-08-09 14:09:15 +02:00
Alexander Marx
5d7faa4518 Forward Firewall: First part of adding OUTGOING to th efirewall 2013-08-09 14:08:20 +02:00
Alexander Marx
5b7ed8bbae Forward Firewall: Tablegroup DMZ and WLAN now only show the own rules 2013-08-09 14:08:16 +02:00
Alexander Marx
6adcf1569c Forward Firewall: set standard rules for blue in mode 2 2013-08-09 14:08:16 +02:00
Alexander Marx
210ee67b53 Forward Firewall: deleted mode0, added default Mode2 and fixed /etc/init.d/firewall to reload the rules correctly on reload. Also made it possible to create broadcastrules (To drop broadcastpackets) 2013-08-09 14:08:15 +02:00
Alexander Marx
8d1beadce3 Forward Firewall: 
1) fixed outgoingfw converter: now checkbox for logging is converted corectly
2) edited p2p_block: now a checked prot is allowed
 2013-08-09 14:08:14 +02:00
Alexander Marx
5238a8719d Forward Firewall: minor improvements, if an outgoingrule has a given port and prot "all", there are two new rules generated for UDP and TCP. 
If an outgoingrule has only "all" as prot, but no port, there's only one new rule created
 2013-08-09 14:08:13 +02:00
Alexander Marx
93a5f4a582 Forward Firewall: implemented ne column in ruletable "protocol" 2013-08-09 14:08:12 +02:00
Alexander Marx
8f0b047b4b Forward Firewall: implemented multiport support for source and target ports 2013-08-09 14:08:12 +02:00
Alexander Marx
99e5d97623 Forward Firewall: removed newline when processing rules.pl 2013-08-09 14:08:11 +02:00
Alexander Marx
d7dc9718d3 Forward Firewall: edited rules.pl, so thatrules are created when source and target are 0.0.0.0/0.0.0.0 2013-08-09 14:08:11 +02:00
Alexander Marx
af49e36723 Forward Firewall: edited p2pblock call in rules.pl 2013-08-09 14:08:11 +02:00
Alexander Marx
36196d0d64 Forward Firewall: added P2P Block Option 2013-08-09 14:08:10 +02:00
Alexander Marx
992394d55c Forward Firewall: changed hash sorting to get right ruleorder in Iptables 2013-08-09 14:08:09 +02:00
Alexander Marx
54cb7ff019 Forward Firewall: added check for mac rules 2013-08-09 14:08:08 +02:00
Alexander Marx
b526909163 Forward Firewall: BUGFIX: MAC source addresses where not created as rules 2013-08-09 14:08:08 +02:00
Alexander Marx
62fc851166 Forward Firewall: fixed 12 Bugs from forum. 
1) Added more possible chars in remark: : / .
2) Added "Internet" to std networks to be able to define internetaccess
3) When renaming a custom address, the firewallrules get updated
4) Ports are now ignored when using GRE as Protocol
5) When saving a customservice, the cursor is now in first textfield
6) Added a customservices file to installation with predefined services
7) Added ESP as protocol
8) Fixed counterproblem
9) Dropdownboxes for customservices and groups now sorted
10) Firewallrules now sorted in right order
11) fixed a Bug when defining manual address in source and target, the hint message is no longer displayed
12) When defining an external access rule, the last forwardrule was deleted
 2013-08-09 14:08:04 +02:00
Alexander Marx
fd10a52ca2 Forward firewall: commented out line in init.d/firewall that all Forward traffic from green is allowed and put it in rules.pl. Now rules.pl allows this traffic when firewall is set to Mode0 or Mode2 2013-08-09 14:07:15 +02:00
Alexander Marx
14f7cb87b9 Forward Firewall: fixed rules.pl error when using manual target address 
Signed-off-by: Alexander Marx <amarx@ipfire.org>
 2013-08-09 14:02:21 +02:00