webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-16 05:53:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 2 Branches 1 Tag
4e9a2b57320fc17a2eaee06b60ee508ec79e59b0
Commit Graph

48 Commits

Author SHA1 Message Date
Michael Tremer
4e9a2b5732 general-functions.pl: Replace lots of broken network code. 
The state of some code especially in general-functions.pl
is in such a bad shape and faulty.
This is a first step that replaces some of the network
functions with those who have been tested and work for
undefined inputs.

The old functions have been left in place as stubs
and must be removed at some time.
 2014-07-27 22:46:20 +02:00
Michael Tremer
ff7cb6d60f firewall: Fix accessing port forwardings from internal networks. 
When a different "external port" was used, false rules have
been created in the mangle table.
 2014-04-20 18:13:35 +02:00
Michael Tremer
766c2f601d rules.pl: Rewrite P2P protocol filter. 2014-04-12 15:40:14 +02:00
Michael Tremer
aa5f4b6568 firewall: Fix creation of automatic rules for the firewall. 
If the firewall is part of a local network (e.g. GREEN),
we automatically add rules that grant/forbid access for the firewall,
too.

This has been broken for various default policies other than ALLOWED.
 2014-04-12 15:16:08 +02:00
Michael Tremer
fcc68a4277 firewall: Fix rule generation for protocols without ports. 2014-04-09 14:06:32 +02:00
Michael Tremer
085a20ec8b firewall: Fix using aliases. 
Fix coding errors, actually read aliases configuration
and fall back to default RED IP address if no suitable
alias was found.
 2014-04-05 17:09:56 +02:00
Michael Tremer
025741919a firewall: Fix perl coding error. 
Example:
	my @as = (1, 2, 3);
	foreach my $a (@as) {
		$a += 1;
		print "$a\n";
	}

$a will be a reference to the number in the array and not
copied. Therefore $a += 1 will change the numbers in the
array as well, so that after the loop the content of @as
would be (2, 3, 4).
To avoid that, the number needs to be copied into a new
variable like: my $b = $a; and we are fine.

This caused that the content of the @sources and @destinations
array has been altered for the second run of the loop and
incorrect (i.e. no) rules were created.
 2014-03-31 13:16:26 +02:00
Michael Tremer
51cf3f8be5 firewall: rules.pl: Honour time constraints for NAT rules as well. 2014-03-21 13:39:03 +01:00
Michael Tremer
f98bb538e5 firewall: rules.pl: Catch invalid configurations. 2014-03-21 13:33:08 +01:00
Michael Tremer
c0ce920610 firewall: rules.pl: Allow REDIRECT rules. 2014-03-21 13:28:00 +01:00
Alexander Marx
4e54e3c6f5 Firewall: Move some functions from rules.pl to firewall-lib.pl 2014-03-21 12:51:04 +01:00
Michael Tremer
d7a14d01e1 firewall: rules.pl: Fix rules with other NAT port. 2014-03-21 12:40:55 +01:00
Michael Tremer
b0d9fad3f9 firewall: rules.pl: Add support for auto selection of NAT addresses. 2014-03-18 23:49:23 +01:00
Michael Tremer
da7a2208d3 firewall: rules.pl: Code cleanup. 2014-03-17 18:03:00 +01:00
Michael Tremer
5cf8c8c123 firewall: Fix DNAT rules between internal zones. 2014-03-17 17:39:47 +01:00
Michael Tremer
c2a1af7545 firewall: rules.pl: Sanitise source and destination IP addresses. 
Those variables are now empty if source or destination are
unspecified.
 2014-03-17 16:24:23 +01:00
Michael Tremer
e9b5ba4179 firewall: Add auxiliary rules for firewall access. 
Rules for accessing the firewall are added when access
to networks (GREEN, BLUE, ...) the firewall resides in is allowed.
 2014-03-10 21:31:20 +01:00
Michael Tremer
0bda23f5a1 firewall: Add chain name to logged rules. 
This helps us to debug faster where a packet has been dropped.
 2014-03-04 12:38:13 +01:00
Michael Tremer
3bb4bb3fa1 firewall: Add rate limiting for LOG messages. 
Fixes #10488.
 2014-03-04 12:36:52 +01:00
Michael Tremer
824dc93601 firewall: Add a trailing space to all log prefixes for better readability. 2014-03-02 22:50:29 +01:00
Michael Tremer
9f80e81072 firewall: rules.pl: Remove unused variable $time_constraints. 2014-03-02 22:46:17 +01:00
Michael Tremer
d98aa95a55 firewall: rules.pl: Replace some hardcoded chain names. 2014-03-02 22:44:26 +01:00
Michael Tremer
1c3044d72c firewall: Resurrect port forwardings with different external ports. 2014-03-02 22:35:27 +01:00
Michael Tremer
6e87f0aa53 firewall: Allow accessing port forwardings from internal networks. 2014-03-02 20:37:44 +01:00
Michael Tremer
8f4f4634df firewall: rules.pl: Refactored entire script. 2014-03-02 18:23:28 +01:00
Michael Tremer
b05ec50ac9 firewall: rules.pl: Cleanup time constraints generation. 2014-03-01 20:20:56 +01:00
Michael Tremer
6178953be5 firewall: rules.pl: Cleanup rule generation. 
Various perl coding errors that have been suppressed by "no warnings uninitialized"
have been fixed and lots of helper variables have been introduced to make
it much more clearer what the code is actually doing.
 2014-03-01 19:54:14 +01:00
Michael Tremer
1f9e7b53b7 firewall: rules.pl: Remove $command and introduce $IPTABLES. 2014-03-01 18:19:09 +01:00
Michael Tremer
8531b94ae0 firewall: rules.pl: Remove command line args parsing and rest from old debugging mode. 2014-03-01 18:07:39 +01:00
Michael Tremer
68d1eb1017 firewall: rules.pl: Introduce a more slink debugging mode. 2014-03-01 18:04:40 +01:00
Michael Tremer
97ab0569bd firewall: rules.pl: Fix some coding style. 2014-03-01 17:54:22 +01:00
Michael Tremer
b57edbd8ec firewall: rules.pl: Remove totally bloated debug mode. 2014-03-01 17:49:22 +01:00
Michael Tremer
60fb533157 firewall: rules.pl: Don't reload custom firewall rules here. 2014-03-01 15:01:58 +01:00
Alexander Marx
800077a689 Firewall: Skip rules on boot when red has no ip 2014-02-27 19:42:47 +01:00
Michael Tremer
a8d1d049c6 Revert "Firewall: Fix errormessages on rulecreation when red has no IP" 
This reverts commit f942937c29.

This completely destroys external access rules and is therefore
reverted.
 2014-02-26 20:02:24 +01:00
Alexander Marx
f942937c29 Firewall: Fix errormessages on rulecreation when red has no IP 2014-02-24 19:39:39 +01:00
Alexander Marx
97bf45e516 Firewall: delete -i red0 from DNAT rules 2014-02-24 19:38:57 +01:00
Alexander Marx
525204e00f Firewall: modified DNAT and SNAT rulecreation 2014-02-24 11:54:27 +01:00
Michael Tremer
cc21b588df firewall: Remove rule that allows access to everything. 2014-02-20 13:03:28 +01:00
Michael Tremer
a211fee393 firewall: Use --wait for all iptables commands. 2014-02-14 13:04:18 +01:00
Michael Tremer
73372ed4e6 firewall: Move scripts from /var/ipfire/firewall/bin to /usr/lib/firewall. 2014-01-28 20:48:24 +01:00
Alexander Marx
d334d7cb47 Firewall: Bugfix - when using addressgroups with mac addresses in source, the mac rule was not correctly created. 
Further MAC issues: in target area, the manual ip field was target
ip/mac address - changed to IP-Address
Also implemented a plausicheck, if an addressgroup with mac addresses is
used in target area, theres a hint saying that the rule will not be
applied for mac hosts
 2014-01-21 11:55:56 +01:00
Alexander Marx
82b837cff8 Firewall: Added new feature: Now protocols can be added to servicegroups (GRE,AH,ESP,IPIP,IPV6) 2013-12-06 08:47:11 +01:00
Alexander Marx
784098e4db Firewall: forgot to delete a development test string 2013-12-05 15:51:15 +01:00
Alexander Marx
cdb3536bc8 Firewall: BUGFIX: RUles.pl did not create LOGGING rules properly. 2013-12-05 14:48:59 +01:00
Alexander Marx
14bcb9a23d Firewall: New feature: Now it is possible to define a custom service with a portrange. When using this service in a rule or in a servciegroup, the rule is applied correctly. 2013-11-13 00:30:06 +01:00
Alexander Marx
6d8eb5dec7 Firewall: Renamed directory /var/ipfire/forward to /var/ipfire/firewall 2013-10-24 09:24:12 +02:00
Alexander Marx
6921f0ea0a Firewall: renamed /config/forwardfw to config/firewall 2013-10-24 08:15:48 +02:00