[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-scm
Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. b161bfa8683402036e0d3e08159aa
From: git () ipfire ! org (Michael Tremer)
Date: 2013-10-23 14:34:09
Message-ID: 20131023143409.64D4120870 () argus ! ipfire ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via b161bfa8683402036e0d3e08159aafda5d4c4310 (commit)
via f0befbc3782b2a68fa96bb2e6534f0f6fa6af7f3 (commit)
via 8cdfbf5aeb365378deb2ff2b5f18a83a2fcfe82c (commit)
from 1da42d53f71991f27603b220e33ac49368410949 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b161bfa8683402036e0d3e08159aafda5d4c4310
Author: Alexander Marx <amarx at ipfire.org>
Date: Thu Oct 17 17:14:19 2013 +0200
FIREWALL: renamed forwardfw.cgi in firewall.cgi
commit f0befbc3782b2a68fa96bb2e6534f0f6fa6af7f3
Author: Alexander Marx <amarx at ipfire.org>
Date: Wed Oct 23 16:06:54 2013 +0200
Firewall: Make it possible to use NAT rules with servicegroups.
commit 8cdfbf5aeb365378deb2ff2b5f18a83a2fcfe82c
Author: Alexander Marx <amarx at ipfire.org>
Date: Wed Oct 23 16:05:50 2013 +0200
Firewall: Make it possible to use NAT without Ports specified
-----------------------------------------------------------------------
Summary of changes:
config/forwardfw/rules.pl | 52 +++++++++++++++---------
config/menu/50-firewall.menu | 2 +-
config/rootfiles/common/apache2 | 2 +-
config/rootfiles/core/fifteen/filelists/firewall | 2 +-
html/cgi-bin/{forwardfw.cgi => firewall.cgi} | 4 --
html/cgi-bin/index.cgi | 2 +-
6 files changed, 36 insertions(+), 28 deletions(-)
rename html/cgi-bin/{forwardfw.cgi => firewall.cgi} (99%)
Difference in files:
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index f23430f..b3be47d 100755
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -278,16 +278,22 @@ sub buildrules
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME \
-j LOG --log-prefix 'DNAT' \n"; }
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip \
$fireport $TIME -j $nat --to $ip$DPORT\n";
- $DPORT =~ s/\-/:/g;
- if ($DPORT){
- $fwaccessdport="--dport ".substr($DPORT,1,);
- }elsif(! $DPORT && $$hash{$key}[30] ne ''){
- if ($$hash{$key}[30]=~m/|/i){
- $$hash{$key}[30] =~ s/\|/,/g;
- $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
- }else{
- $fwaccessdport="--dport $$hash{$key}[30]";
+ #Process NAT with servicegroup used
+ if ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat' && \
$$hash{$key}[14] eq 'cust_srvgrp'){ + print "$command $natchain $PROT $STAG \
$sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip $DPORT\n"; \
+ $fwaccessdport=$DPORT; + }else{
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip \
$fireport $TIME -j $nat --to $ip$DPORT\n"; + $DPORT =~ s/\-/:/g;
+ if ($DPORT){
+ $fwaccessdport="--dport ".substr($DPORT,1,);
+ }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+ if ($$hash{$key}[30]=~m/|/i){
+ $$hash{$key}[30] =~ s/\|/,/g;
+ $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+ }else{
+ $fwaccessdport="--dport $$hash{$key}[30]";
+ }
}
}
print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip \
$fwaccessdport $TIME -j $$hash{$key}[0]\n"; @@ -342,16 +348,22 @@ sub buildrules
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME \
-j LOG --log-prefix 'DNAT' \n"; }
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip \
$fireport $TIME -j $nat --to $ip$DPORT\n";
- $DPORT =~ s/\-/:/g;
- if ($DPORT){
- $fwaccessdport="--dport ".substr($DPORT,1,);
- }elsif(! $DPORT && $$hash{$key}[30] ne ''){
- if ($$hash{$key}[30]=~m/|/i){
- $$hash{$key}[30] =~ s/\|/,/g;
- $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
- }else{
- $fwaccessdport="--dport $$hash{$key}[30]";
+ #Process NAT with servicegroup used
+ if ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat' && \
$$hash{$key}[14] eq 'cust_srvgrp'){ + system "$command $natchain $PROT \
$STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $nat --to $ip $DPORT\n"; \
+ $fwaccessdport=$DPORT; + }else{
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip \
$fireport $TIME -j $nat --to $ip$DPORT\n"; + $DPORT =~ s/\-/:/g;
+ if ($DPORT){
+ $fwaccessdport="--dport ".substr($DPORT,1,);
+ }elsif(! $DPORT && $$hash{$key}[30] ne ''){
+ if ($$hash{$key}[30]=~m/|/i){
+ $$hash{$key}[30] =~ s/\|/,/g;
+ $fwaccessdport="-m multiport --dport $$hash{$key}[30]";
+ }else{
+ $fwaccessdport="--dport $$hash{$key}[30]";
+ }
}
}
system "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d \
$ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 2de9e7b..8bc66f9 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -1,6 +1,6 @@
$subfirewall->{'10.forward'} = {
'caption' => $Lang::tr{'fwdfw menu'},
- 'uri' => '/cgi-bin/forwardfw.cgi',
+ 'uri' => '/cgi-bin/firewall.cgi',
'title' => "$Lang::tr{'fwdfw menu'}",
'enabled' => 1,
};
diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 8889b67..a1cd423 100644
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1393,7 +1393,7 @@ srv/web/ipfire/cgi-bin/dhcp.cgi
#srv/web/ipfire/cgi-bin/dmzholes.cgi
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
-srv/web/ipfire/cgi-bin/forwardfw.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
diff --git a/config/rootfiles/core/fifteen/filelists/firewall \
b/config/rootfiles/core/fifteen/filelists/firewall index fc50598..c5c0dac 100644
--- a/config/rootfiles/core/fifteen/filelists/firewall
+++ b/config/rootfiles/core/fifteen/filelists/firewall
@@ -1,6 +1,6 @@
etc/rc.d/init.d/firewall
etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
-srv/web/ipfire/cgi-bin/forwardfw.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/p2p-block.cgi
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
new file mode 100755
index 0000000..fde7e5e
--- /dev/null
+++ b/html/cgi-bin/firewall.cgi
@@ -0,0 +1,2767 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 Alexander Marx <amarx at ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+use Sort::Naturally;
+no warnings 'uninitialized';
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/forward/bin/firewall-lib.pl";
+
+unless (-d "${General::swroot}/forward") { system("mkdir \
${General::swroot}/forward"); } +unless (-e "${General::swroot}/forward/settings") \
{ system("touch ${General::swroot}/forward/settings"); } +unless (-e \
"${General::swroot}/forward/config") { system("touch \
${General::swroot}/forward/config"); } +unless (-e \
"${General::swroot}/forward/input") { system("touch \
${General::swroot}/forward/input"); } +unless (-e \
"${General::swroot}/forward/outgoing") { system("touch \
${General::swroot}/forward/outgoing"); } +
+my %fwdfwsettings=();
+my %selected=() ;
+my %defaultNetworks=();
+my %netsettings=();
+my %customhost=();
+my %customgrp=();
+my %customnetworks=();
+my %customservice=();
+my %customservicegrp=();
+my %ccdnet=();
+my %customnetwork=();
+my %ccdhost=();
+my %configfwdfw=();
+my %configinputfw=();
+my %configoutgoingfw=();
+my %ipsecconf=();
+my %color=();
+my %mainsettings=();
+my %checked=();
+my %icmptypes=();
+my %ovpnsettings=();
+my %ipsecsettings=();
+my %aliases=();
+my %optionsfw=();
+my %ifaces=();
+
+my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE");
+
+my $color;
+my $confignet = "${General::swroot}/fwhosts/customnetworks";
+my $confighost = "${General::swroot}/fwhosts/customhosts";
+my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configsrv = "${General::swroot}/fwhosts/customservices";
+my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
+my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
+my $configipsec = "${General::swroot}/vpn/config";
+my $configipsecrw = "${General::swroot}/vpn/settings";
+my $configfwdfw = "${General::swroot}/forward/config";
+my $configinput = "${General::swroot}/forward/input";
+my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $configovpn = "${General::swroot}/ovpn/settings";
+my $fwoptions = "${General::swroot}/optionsfw/settings";
+my $ifacesettings = "${General::swroot}/ethernet/settings";
+my $errormessage='';
+my $hint='';
+my $ipgrp="${General::swroot}/outgoing/groups";
+my $tdcolor='';
+my $checkorange='';
+my @protocols;
+&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \
\%color); +&General::readhash($fwoptions, \%optionsfw);
+&General::readhash($ifacesettings, \%ifaces);
+&General::readhash("$configovpn", \%ovpnsettings);
+&General::readhash("$configipsecrw", \%ipsecsettings);
+&General::readhasharray("$configipsec", \%ipsecconf);
+&Header::showhttpheaders();
+&Header::getcgihash(\%fwdfwsettings);
+&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
+&Header::openbigbox('100%', 'center',$errormessage);
+#### JAVA SCRIPT ####
+print<<END;
+<script>
+ var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
+
+ var update_protocol = function() {
+ var protocol = \$("#protocol").val();
+
+ if (protocol === undefined)
+ return;
+
+ // Check if a template is/should be used.
+ if (protocol === "template") {
+ \$("#PROTOCOL_TEMPLATE").show();
+ } else {
+ \$("#PROTOCOL_TEMPLATE").hide();
+ }
+
+ // Check if we are dealing with a protocol, that knows ports.
+ if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
+ \$("#PROTOCOL_PORTS").show();
+ } else {
+ \$("#PROTOCOL_PORTS").hide();
+ }
+
+ // Handle ICMP.
+ if (protocol === "ICMP") {
+ \$("#PROTOCOL_ICMP_TYPES").show();
+ } else {
+ \$("#PROTOCOL_ICMP_TYPES").hide();
+ }
+ };
+
+ \$(document).ready(function() {
+ \$("#protocol").change(update_protocol);
+ update_protocol();
+
+ // When nat not used, hide it
+ if (! \$("#USE_NAT").attr("checked")) {
+ \$(".NAT").hide();
+ }
+
+ // Show NAT area when "use nat" checkbox is clicked
+ \$("#USE_NAT").change(function() {
+ \$(".NAT").toggle();
+ });
+
+ // Time constraints
+ if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
+ \$("#TIME_CONSTRAINTS").hide();
+ }
+ \$("#USE_TIME_CONSTRAINTS").change(function() {
+ \$("#TIME_CONSTRAINTS").toggle();
+ });
+
+ // Automatically select radio buttons when corresponding
+ // dropdown menu changes.
+ \$("select").change(function() {
+ var id = \$(this).attr("name");
+
+ // When using SNAT or DNAT, check "USE NAT" Checkbox
+ if (id === 'snat' || id === 'dnat') {
+ \$('#USE_NAT').prop('checked', true);
+ }
+ \$('#' + id).prop("checked", true);
+ });
+ });
+</script>
+END
+
+#### ACTION #####
+
+if ($fwdfwsettings{'ACTION'} eq 'saverule')
+{
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ &General::readhasharray("$configinput", \%configinputfw);
+ &General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ #Set Variables according to the JQuery code in protocol section
+ if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
+ {
+ if ($fwdfwsettings{'SRC_PORT'} ne '')
+ {
+ $fwdfwsettings{'USE_SRC_PORT'} = 'ON';
+ }
+ if ($fwdfwsettings{'TGT_PORT'} ne '')
+ {
+ $fwdfwsettings{'USESRV'} = 'ON';
+ $fwdfwsettings{'grp3'} = 'TGT_PORT';
+ }
+ }
+ if ($fwdfwsettings{'PROT'} eq 'template')
+ {
+ $fwdfwsettings{'USESRV'} = 'ON';
+ }
+ $errormessage=&checksource;
+ if(!$errormessage){&checktarget;}
+ if(!$errormessage){&checkrule;}
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $checkorange='on';
+ }
+ }
+ #check useless rules
+ if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && \
$fwdfwsettings{'grp2'} eq 'ipfire'){ + $errormessage.=$Lang::tr{'fwdfw useless \
rule'}."<br>"; + }
+ #check if we try to break rules
+ if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
+ $errormessage=$Lang::tr{'fwdfw err same'};
+ }
+ #INPUT part
+ if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne \
'ORANGE'){ + $fwdfwsettings{'config'}=$configinput;
+ $fwdfwsettings{'chain'} = 'INPUTFW';
+ my $maxkey=&General::findhasharraykey(\%configinputfw);
+ #check if we have an identical rule already
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configinputfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$co \
nfiginputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$k \
ey}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$confi \
ginputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$k \
ey}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$co \
nfiginputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw \
{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25], \
$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ + $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw \
err remark'}."<br>"; + }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configinputfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$co \
nfiginputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$k \
ey}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$confi \
ginputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$k \
ey}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$co \
nfiginputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw \
{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25], \
$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) { + if($fwdfwsettings{'nosave'} eq 'on' && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ + $errormessage='';
+ $fwdfwsettings{'nosave2'} = 'on';
+ }
+ }
+ if (!$errormessage){
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ($fwdfwsettings{'nobase'} ne 'on'){
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ }
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ \
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configinputfw,$configinput);
+ }
+ }
+ }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+ # OUTGOING PART
+ $fwdfwsettings{'config'}=$configoutgoing;
+ $fwdfwsettings{'chain'} = 'OUTGOINGFW';
+ my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %configoutgoingfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$ke \
y}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6] \
,$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$con \
figoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$confi \
goutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configo \
utgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configout \
goingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgo \
ingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoin \
gfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ + $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw \
err remark'}."<br>"; + }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ print"CHECK OUTGOING DOPPELTE REGEL<br>";
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configoutgoingfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$ke \
y}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6] \
,$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$con \
figoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$confi \
goutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configo \
utgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configout \
goingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgo \
ingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoin \
gfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) { + if($fwdfwsettings{'nosave'} eq 'on' && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ + $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
+ #increase counters
+ if (!$errormessage){
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ \
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configoutgoingfw,$configoutgoing);
+ }
+ }
+ }else{
+ #FORWARD PART
+ $fwdfwsettings{'config'}=$configfwdfw;
+ $fwdfwsettings{'chain'} = 'FORWARDFW';
+ my $maxkey=&General::findhasharraykey(\%configfwdfw);
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ #check if we have an identical rule already
+ foreach my $key (sort keys %configfwdfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TU \
E'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$ \
fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdf \
wsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfw \
dfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$config \
fwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$co \
nfigfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[1 \
5],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$ \
key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configf \
wdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' ){ + $errormessage='';
+ }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=$Lang::tr{'fwdfw \
err remark'}."<br>"; + }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
+ }
+ }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %configfwdfw){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TU \
E'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$ \
fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdf \
wsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfw \
dfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$config \
fwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$co \
nfigfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[1 \
5],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$ \
key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configf \
wdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ }
+ }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) { + if($fwdfwsettings{'nosave'} eq 'on' && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ + $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
+ }
+ }
+ #increase counters
+ if (!$errormessage){
+ &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
+ }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){ \
+ &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nobase'} eq 'on'){
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+ }
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%configfwdfw,$configfwdfw);
+ }
+ }
+ }
+ if ($errormessage){
+ &newrule;
+ }else{
+ if($fwdfwsettings{'nosave2'} ne 'on'){
+ &General::firewall_config_changed();
+ }
+ &base;
+ }
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
+{
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[2] eq \
'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';} + }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &General::firewall_config_changed();
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
+{
+ my %togglehash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
+ foreach my $key (sort keys %togglehash){
+ if ($key eq $fwdfwsettings{'key'}){
+ if ($togglehash{$key}[17] eq \
'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';} + }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
+ &General::firewall_config_changed();
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
+{
+ &General::firewall_reload();
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'editrule')
+{
+ $fwdfwsettings{'updatefwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'deleterule')
+{
+ &deleterule;
+}
+if ($fwdfwsettings{'ACTION'} eq 'moveup')
+{
+ &pos_up;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'movedown')
+{
+ &pos_down;
+ &base;
+}
+if ($fwdfwsettings{'ACTION'} eq 'copyrule')
+{
+ $fwdfwsettings{'copyfwrule'}='on';
+ &newrule;
+}
+if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
+{
+ &base;
+}
+### Functions ####
+sub addrule
+{
+ &error;
+
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
+ print <<END;
+ <form method="POST" action="">
+ <table border='0' width="100%">
+ <tr>
+ <td>
+ <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'>
+ </td>
+ <td align="right">
+END
+
+ if (&General::firewall_needs_reload()) {
+ print <<END;
+ <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' \
style='font-weight: bold; color: green;'> +END
+ }
+
+ print <<END;
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <hr>
+END
+ &Header::closebox();
+ &viewtablerule;
+}
+sub base
+{
+ &hint;
+ &addrule;
+}
+sub changerule
+{
+ my $oldchain=shift;
+ $fwdfwsettings{'updatefwrule'}='';
+ $fwdfwsettings{'config'}=$oldchain;
+ $fwdfwsettings{'nobase'}='on';
+ &deleterule;
+ &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
+}
+sub checksource
+{
+ my ($ip,$subnet);
+ #check ip-address if manual
+ if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'src_addr'} ne ''){ + #check if ip with subnet
+ if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ $fwdfwsettings{'isip'}='on';
+ }
+ #check if only ip
+ if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'src_addr'};
+ $subnet = '32';
+ $fwdfwsettings{'isip'}='on';
+ }
+
+ if ($fwdfwsettings{'isip'} ne 'on'){
+ if (&General::validmac($fwdfwsettings{'src_addr'})){
+ $fwdfwsettings{'ismac'}='on';
+ }
+ }
+ if ($fwdfwsettings{'isip'} eq 'on'){
+ ##check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ #check if net or broadcast
+ $fwdfwsettings{'src_addr'}="$ip/$subnet";
+ if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ }
+ if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
+ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
+ return $errormessage;
+ }
+ }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'src_addr'} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
+ return $errormessage;
+ }
+
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw \
err nosrc'}."<br>";} + if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && \
($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && \
$fwdfwsettings{'SRC_PORT'} ne ''){ + my \
@parts=split(",",$fwdfwsettings{'SRC_PORT'}); + my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'SRC_PORT'}=join("|", at values);
+ }
+ return $errormessage;
+}
+sub checktarget
+{
+ my ($ip,$subnet);
+ &General::readhasharray("$configsrv", \%customservice);
+ #check DNAT settings (has to be single Host and single Port or portrange)
+ if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
+ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq \
'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ + #check if manual \
ip is a single Host (if set) + if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
+ my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ my @tmp1= split ("/",$tmp[3]);
+ if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
+ }
+ #check if Port is a single Port or portrange
+ if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && \
$fwdfwsettings{'TGT_PORT'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": \
".$Lang::tr{'fwdfw dnat porterr'}."<br>"; + return $errormessage;
+ }
+ if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && \
$fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ \
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>"; + return $errormessage;
+ }
+ }
+ }else{
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ return $errormessage;
+ }
+ }
+ if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && \
$fwdfwsettings{'tgt_addr'} ne ''){ + #check if ip with subnet
+ if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
+ ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
+ $subnet = &General::iporsubtocidr($subnet);
+ }
+ #check if only ip
+ if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ $ip=$fwdfwsettings{'tgt_addr'};
+ $subnet='32';
+ }
+ #check if ip is valid
+ if (! &General::validip($ip)){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
+ }
+ #check and form valid IP
+ $ip=&General::ip2dec($ip);
+ $ip=&General::dec2ip($ip);
+ $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
+ if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
+ return $errormessage;
+ }
+ }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && \
$fwdfwsettings{'tgt_addr'} eq ''){ + $errormessage.=$Lang::tr{'fwdfw err notgtip'};
+ return $errormessage;
+ }
+ #check empty fields
+ if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw \
err notgt'}."<br>";} + #check tgt services
+ if ($fwdfwsettings{'USESRV'} eq 'ON'){
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }
+ if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'TGT_PROT'}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ #check target service
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
+ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
+ }
+ }
+ if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
+ if ($fwdfwsettings{'TGT_PORT'} ne ''){
+ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && \
$fwdfwsettings{'nat'} eq 'dnat') { + $errormessage=$Lang::tr{'fwdfw dnat \
porterr'}."<br>"; + return $errormessage;
+ }
+ my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+ }
+ }
+ }
+ $fwdfwsettings{'TGT_PORT'}=join("|", at values);
+ }
+ }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'} = '';
+ }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }elsif ($fwdfwsettings{'PROT'} eq 'AH'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
+ $fwdfwsettings{'TGT_PORT'} = '';
+ }
+ }
+ }
+ #check targetport
+ if ($fwdfwsettings{'USESRV'} ne 'ON'){
+ $fwdfwsettings{'grp3'}='';
+ $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
+ $fwdfwsettings{'ICMP_TGT'}='';
+ }
+ #check timeframe
+ if($fwdfwsettings{'TIME'} eq 'ON'){
+ if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && \
$fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && \
$fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && \
$fwdfwsettings{'TIME_SUN'} eq ''){ + $errormessage=$Lang::tr{'fwdfw err time'};
+ return $errormessage;
+ }
+ }
+ return $errormessage;
+}
+sub check_natport
+{
+ my $val=shift;
+ if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && \
$fwdfwsettings{'dnatport'} ne ''){ + if ($fwdfwsettings{'dnatport'} =~ \
/^(\d+)\-(\d+)$/) { + $fwdfwsettings{'dnatport'} =~ tr/-/:/;
+ if ($fwdfwsettings{'dnatport'} eq "*") {
+ $fwdfwsettings{'dnatport'}="1:65535";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'dnatport'} = "1:$2";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'dnatport'} ="$1:65535";
+ }
+ }
+ return 1;
+ }
+ if ($val =~ "," || $val>65536 || $val<0){
+ return 0;
+ }
+ return 1;
+}
+sub checkrule
+{
+ #check valid port for NAT
+ if($fwdfwsettings{'USE_NAT'} eq 'ON'){
+ #if no port is given in nat area, take target host port
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && \
$fwdfwsettings{'dnatport'} eq \
''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} + #check if port given \
in nat area is a single valid port or portrange + if($fwdfwsettings{'nat'} eq 'dnat' \
&& $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'dnatport'})){ \
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>"; + }elsif($fwdfwsettings{'USESRV'} eq 'ON' && \
$fwdfwsettings{'grp3'} eq 'cust_srv'){ + my $custsrvport;
+ #get servcie Protocol and Port
+ foreach my $key (sort keys %customservice){
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
+ if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>"; + }
+ $custsrvport= $customservice{$key}[1];
+ }
+ }
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq \
''){$fwdfwsettings{'dnatport'}=$custsrvport;} + }
+ #check if DNAT port is multiple
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'dnatport'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
+ }
+ $fwdfwsettings{'dnatport'}=join("|", at values);
+ }
+ }
+ #check valid remark
+ if ($fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){ + $errormessage.=$Lang::tr{'fwdfw err \
remark'}."<br>"; + }
+ #check if source and target identical
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq \
$fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne \
'ALL'){ + $errormessage=$Lang::tr{'fwdfw err same'};
+ return $errormessage;
+ }
+ #get source and targetip address if possible
+ my ($sip,$scidr,$tip,$tcidr);
+ ($sip,$scidr)=&get_ip("src","grp1");
+ ($tip,$tcidr)=&get_ip("tgt","grp2");
+ #check same iprange in source and target
+ if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
+ my $networkip1=&General::getnetworkip($sip,$scidr);
+ my $networkip2=&General::getnetworkip($tip,$tcidr);
+ if ($scidr gt $tcidr){
+ if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }elsif($scidr eq $tcidr && $scidr eq '32'){
+ my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
+ my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
+ if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
+ $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
+ $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: \
$networkip2/$tcidr<br>"; + }
+ }else{
+ if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
+ $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ }
+ }
+ }
+ #When using source- or targetport, the protocol has to be TCP or UDP
+ if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && \
($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && \
($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){ \
+ $errormessage.=$Lang::tr{'fwdfw err prot_port1'}; + return;
+ }
+ #when icmp selected, no targetport allowed
+ if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && \
$fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && \
($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ \
+ $errormessage.=$Lang::tr{'fwdfw err prot_port'}; + return;
+ }
+ #change protocol if prot not equal dest single service
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+ $fwdfwsettings{'PROT'} = $customservice{$key}[2];
+ last;
+ }
+ }
+ }
+ }
+ #check source and destination protocol if source manual and dest servicegroup
+ if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'PROT'} = '';
+ }
+ #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
+ $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated)
+ #Check ICMP Types
+ if ($fwdfwsettings{'PROT'} eq 'ICMP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ #$fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
+ $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
+ }
+ }
+ }elsif($fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'AH'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && \
$fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'PROT'} = '';
+ }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ }
+}
+sub checkcounter
+{
+ my ($base1,$val1,$base2,$val2) = @_;
+
+ if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
+ &dec_counter($confignet,\%customnetwork,$val1);
+ }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
+ &dec_counter($confighost,\%customhost,$val1);
+ }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
+ &dec_counter($configgrp,\%customgrp,$val1);
+ }elsif($base1 eq 'cust_srv'){
+ &dec_counter($configsrv,\%customservice,$val1);
+ }elsif($base1 eq 'cust_srvgrp'){
+ &dec_counter($configsrvgrp,\%customservicegrp,$val1);
+ }
+
+ if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
+ &inc_counter($confignet,\%customnetwork,$val2);
+ }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
+ &inc_counter($confighost,\%customhost,$val2);
+ }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
+ &inc_counter($configgrp,\%customgrp,$val2);
+ }elsif($base2 eq 'cust_srv'){
+ &inc_counter($configsrv,\%customservice,$val2);
+ }elsif($base2 eq 'cust_srvgrp'){
+ &inc_counter($configsrvgrp,\%customservicegrp,$val2);
+ }
+}
+sub checkvpn
+{
+ my $ip=shift;
+ #Test if manual IP is part of static OpenVPN networks
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ foreach my $key (sort keys %ccdnet){
+ my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
+ my $sub=&General::iporsubtodec($vpnsubnet);
+ if (&General::IpInSubnet($ip,$vpnip,$sub)){
+ return 0;
+ }
+ }
+ # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
+ # because if one creates a custom host with the ip, we need to check the color \
there! + # It does not make sense to check this here
+
+ # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
+ # Is also checked in getcolor
+
+ # Test if manual ip is part of an IPsec Network is also checked in getcolor
+ return 1;
+}
+sub checkvpncolor
+{
+
+}
+sub deleterule
+{
+ my %delhash=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
+ foreach my $key (sort {$a <=> $b} keys %delhash){
+ if ($key == $fwdfwsettings{'key'}){
+ #check hosts/net and groups
+ &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
+ &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
+ #check services and groups
+ if ($delhash{$key}[11] eq 'ON'){
+ &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
+ }
+ }
+ if ($key >= $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $delhash{$next}) {
+ foreach my $i (0 .. $#{$delhash{$next}}) {
+ $delhash{$key}[$i] = $delhash{$next}[$i];
+ }
+ }
+ }
+ }
+ # Remove the very last entry.
+ my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
+ delete $delhash{$last_key};
+
+ &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
+ &General::firewall_config_changed();
+
+ if($fwdfwsettings{'nobase'} ne 'on'){
+ &base;
+ }
+}
+sub disable_rule
+{
+ my $key1=shift;
+ &General::readhasharray("$configfwdfw", \%configfwdfw);
+ foreach my $key (sort keys %configfwdfw){
+ if ($key eq $key1 ){
+ if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
+ }
+ }
+ &General::writehasharray("$configfwdfw", \%configfwdfw);
+ &General::firewall_config_changed();
+}
+sub dec_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]-1;
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub error
+{
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub fillselect
+{
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $key;
+ foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
+ }else{
+ print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
+ }
+ }
+}
+sub gen_dd_block
+{
+ my $srctgt = shift;
+ my $grp=shift;
+ my $helper='';
+ my $show='';
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='50%' valign='top'>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='$grp' id='std_net_$srctgt' \
value='std_net_$srctgt' $checked{$grp}{'std_net_'.$srctgt}></td><td>$Lang::tr{'fwhost \
stdnet'}</td><td align='right'><select name='std_net_$srctgt' style='width:200px;'> \
+END + foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$defaultNetworks{$network}{'NAME'}); + my \
$defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS"; + my \
$defsub="$defaultNetworks{$network}{'NAME'}_NETMASK"; + my \
$defsub1=&General::subtocidr($ifaces{$defsub}); + $ifaces{$defnet}='' if \
($defaultNetworks{$network}{'NAME'} eq 'RED'); + if ($ifaces{$defnet}){
+ print ">$network ($ifaces{$defnet}/$defsub1)</option>";
+ }else{
+ print ">$network</option>";
+ }
+ }
+ print"</select></td></tr>";
+ #custom networks
+ if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td><input type='radio' name='$grp' id='cust_net_$srctgt' \
value='cust_net_$srctgt' \
$checked{$grp}{'cust_net_'.$srctgt}></td><td>$Lang::tr{'fwhost cust net'}</td><td \
align='right'><select name='cust_net_$srctgt' style='width:200px;'>"; \
+ &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{$grp}}); \
+ print"</select></td>"; + }
+ #custom hosts
+ if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td><input type='radio' name='$grp' id='cust_host_$srctgt' \
value='cust_host_$srctgt' \
$checked{$grp}{'cust_host_'.$srctgt}></td><td>$Lang::tr{'fwhost cust addr'}</td><td \
align='right'><select name='cust_host_$srctgt' style='width:200px;'>"; \
+ &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{$grp}}); \
+ print"</select></td>"; + }
+ #custom groups
+ if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' \
value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td \
>$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' \
> style='width:200px;'>";
+ foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys \
%customgrp) { + if($helper ne $customgrp{$key}[0]){
+ print"<option ";
+ print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$customgrp{$key}[0]); + print ">$customgrp{$key}[0]</option>";
+ }
+ $helper=$customgrp{$key}[0];
+ }
+ print"</select></td>";
+ }
+ #End left table. start right table (vpn)
+ print"</tr></table></td><td valign='top'><table width='100%' border='0'><tr>";
+ # CCD networks
+ if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' \
value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>"; \
+ &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{$grp}}); \
+ print"</select></td></tr>"; + }
+ #OVPN CCD Hosts
+ foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
+ if ($ccdhost{$key}[33] ne '' ){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' \
value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if \
($show eq ''); + $show='1';
+ print "<option value='$ccdhost{$key}[1]'";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ccdhost{$key}[1]); + print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' \
value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_host_$srctgt' \
style='width:200px;'></select></td></tr>" ; + }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #OVPN N2N
+ foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' \
value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' \
width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' \
align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq \
''); + $show='1';
+ print "<option value='$ccdhost{$key}[1]'";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ccdhost{$key}[1]); + print ">$ccdhost{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' \
value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' \
width='16%'>$Lang::tr{'fwhost ovpn_n2n'}</td><td nowrap='nowrap' width='1%' \
align='right'><select name='ovpn_n2n_$srctgt' \
style='width:200px;'></select></td></tr>" ; + }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+ #IPsec netze
+ foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys \
%ipsecconf) { + if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq \
'on'){ + print"<tr><td valign='top'><input type='radio' name='$grp' \
value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td \
>$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' \
> style='width:200px;'>" if ($show eq '');
+ $show='1';
+ print "<option ";
+ print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ipsecconf{$key}[1]); + print ">$ipsecconf{$key}[1]</option>";
+ }
+ }
+ if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' \
value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td \
>$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' \
> style='width:200px;'><select></td></tr>";
+ }
+ if ($show eq '1'){$show='';print"</select></td></tr>";}
+
+ print"</table>";
+ print"</td></tr></table><br>";
+}
+sub get_ip
+{
+ my $val=shift;
+ my $grp =shift;
+ my $a;
+ my $b;
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
+ if ($fwdfwsettings{$grp} eq $val.'_addr'){
+ ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
+ }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+ $a=$netsettings{'GREEN_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+ $a=$netsettings{'ORANGE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+ $a=$netsettings{'BLUE_NETADDRESS'};
+ $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+ &General::readhash("$configovpn",\%ovpnsettings);
+ ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
+ $b=&General::iporsubtocidr($b);
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
+ &General::readhasharray("$confignet", \%customnetwork);
+ foreach my $key (keys %customnetwork){
+ if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ $a=$customnetwork{$key}[1];
+ $b=&General::iporsubtocidr($customnetwork{$key}[2]);
+ }
+ }
+ }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
+ &General::readhasharray("$confighost", \%customhost);
+ foreach my $key (keys %customhost){
+ if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
+ if ($customhost{$key}[1] eq 'ip'){
+ ($a,$b)=split (/\//,$customhost{$key}[2]);
+ $b=&General::iporsubtocidr($b);
+ }else{
+ if ($grp eq 'grp2'){
+ $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
+ }
+ }
+ }
+ }
+ }
+ }
+ return $a,$b;
+}
+sub get_name
+{
+ my $val=shift;
+ &General::setup_default_networks(\%defaultNetworks);
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
+ }
+}
+sub getsrcport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
+ $hash{$key}[10]=~ s/\|/,/g;
+ print": $hash{$key}[10]";
+ }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
+ print": <br>$hash{$key}[9] ";
+ }
+}
+sub gettgtport
+{
+ my %hash=%{(shift)};
+ my $key=shift;
+ my $service;
+ my $prot;
+ if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
+ if($hash{$key}[14] eq 'cust_srv'){
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $i (sort keys %customservice){
+ if($customservice{$i}[0] eq $hash{$key}[15]){
+ $service = $customservice{$i}[0];
+ }
+ }
+ }elsif($hash{$key}[14] eq 'cust_srvgrp'){
+ $service=$hash{$key}[15];
+ }elsif($hash{$key}[14] eq 'TGT_PORT'){
+ $hash{$key}[15]=~ s/\|/,/g;
+ $service=$hash{$key}[15];
+ }
+ if($service){
+ print": $service";
+ }
+ }
+}
+sub get_serviceports
+{
+ my $type=shift;
+ my $name=shift;
+ &General::readhasharray("$configsrv", \%customservice);
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $tcp;
+ my $udp;
+ my $icmp;
+ @protocols=();
+ if($type eq 'service'){
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys \
%customservice){ + if ($customservice{$key}[0] eq $name){
+ push (@protocols,$customservice{$key}[2]);
+ }
+ }
+ }elsif($type eq 'group'){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } \
keys %customservicegrp){ + if ($customservicegrp{$key}[0] eq $name){
+ foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } \
keys %customservice){ + if ($customservice{$key1}[0] eq \
$customservicegrp{$key}[2]){ + if($customservice{$key1}[2] eq 'TCP'){
+ $tcp='TCP';
+ }elsif($customservice{$key1}[2] eq 'ICMP'){
+ $icmp='ICMP';
+ }elsif($customservice{$key1}[2] eq 'UDP'){
+ $udp='UDP';
+ }
+ }
+ }
+ }
+ }
+ }
+ if($tcp && $udp && $icmp){
+ push (@protocols,"TCP,UDP, <br>ICMP");
+ return @protocols;
+ }
+ if($tcp){
+ push (@protocols,"TCP");
+ }
+ if($udp){
+ push (@protocols,"UDP");
+ }
+ if($icmp){
+ push (@protocols,"ICMP");
+ }
+ return @protocols;
+}
+sub getcolor
+{
+ my $nettype=shift;
+ my $val=shift;
+ my $hash=shift;
+ if($optionsfw{'SHOWCOLORS'} eq 'on'){
+ #custom Hosts
+ if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
+ foreach my $key (sort keys %$hash){
+ if ($$hash{$key}[0] eq $val){
+ $val=$$hash{$key}[2];
+ }
+ }
+ }
+ #standard networks
+ if ($val eq 'GREEN'){
+ $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
+ return;
+ }elsif ($val eq 'ORANGE'){
+ $tdcolor="style='background-color: $Header::colourorange;color:white;'";
+ return;
+ }elsif ($val eq 'BLUE'){
+ $tdcolor="style='background-color: $Header::colourblue;color:white;'";
+ return;
+ }elsif ($val eq 'RED' ||$val eq 'RED1' ){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }elsif ($val eq 'IPFire' ){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }elsif($val =~ /^(.*?)\/(.*?)$/){
+ my ($sip,$scidr) = split ("/",$val);
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourorange;color:white;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
+ return;
+ }
+ if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+ $tdcolor="style='background-color: $Header::colourblue;color:white;'";
+ return;
+ }
+ }elsif ($val eq 'Default IP'){
+ $tdcolor="style='background-color: $Header::colourred;color:white;'";
+ return;
+ }
+ #Check if a manual IP or custom host is part of a VPN
+ if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq \
'cust_host_src' || $nettype eq 'cust_host_tgt'){ + #Check if IP is part of OpenVPN \
dynamic subnet + my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
+ my ($c,$d) = split("/",$val);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ #Check if IP is part of OpenVPN static subnet
+ foreach my $key (sort keys %ccdnet){
+ my ($a,$b) = split("/",$ccdnet{$key}[1]);
+ $b =&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ }
+ #Check if IP is part of OpenVPN N2N subnet
+ foreach my $key (sort keys %ccdhost){
+ if ($ccdhost{$key}[3] eq 'net'){
+ my ($a,$b) = split("/",$ccdhost{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
+ return;
+ }
+ }
+ }
+ #Check if IP is part of IPsec RW network
+ if ($ipsecsettings{'RW_NET'} ne ''){
+ my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
+ $b=&General::iporsubtodec($b);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ }
+ #Check if IP is part of a IPsec N2N network
+ foreach my $key (sort keys %ipsecconf){
+ my ($a,$b) = split("/",$ipsecconf{$key}[11]);
+ if (&General::IpInSubnet($c,$a,$b)){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ }
+ }
+ #VPN networks
+ if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq \
'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || \
$nettype eq 'ovpn_host_tgt'){ + $tdcolor="style='background-color: \
$Header::colourovpn;color:white;'"; + return;
+ }
+ if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
+ $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
+ return;
+ }
+ #ALIASE
+ foreach my $alias (sort keys %aliases)
+ {
+ if ($val eq $alias){
+ $tdcolor="style='background-color:$Header::colourred;color:white;'";
+ return;
+ }
+ }
+ }
+ $tdcolor='';
+ return;
+}
+sub hint
+{
+ if ($hint) {
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
+ print "<class name='base'>$hint\n";
+ print " </class>\n";
+ &Header::closebox();
+ print"<hr>";
+ }
+}
+sub inc_counter
+{
+ my $config=shift;
+ my %hash=%{(shift)};
+ my $val=shift;
+ my $pos;
+
+ &General::readhasharray($config, \%hash);
+ foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
+ if($hash{$key}[0] eq $val){
+ $pos=$#{$hash{$key}};
+ $hash{$key}[$pos] = $hash{$key}[$pos]+1;
+ }
+ }
+ &General::writehasharray($config, \%hash);
+}
+sub newrule
+{
+ &error;
+ &General::setup_default_networks(\%defaultNetworks);
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ #read all configfiles
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$confignet", \%customnetwork);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ &General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configipsec", \%ipsecconf);
+ &General::get_aliases(\%aliases);
+ my %checked=();
+ my $helper;
+ my $sum=0;
+ if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
+ my $config=$fwdfwsettings{'config'};
+ my %hash=();
+ #Get Red IP-ADDRESS
+ open (CONN1,"/var/ipfire/red/local-ipaddress");
+ my $redip = <CONN1>;
+ close(CONN1);
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ #check if update and get values
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' \
&& !$errormessage){ + &General::readhasharray("$config", \%hash);
+ foreach my $key (sort keys %hash){
+ $sum++;
+ if ($key eq $fwdfwsettings{'key'}){
+ $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
+ $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
+ $fwdfwsettings{'chain'} = $hash{$key}[1];
+ $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
+ $fwdfwsettings{'grp1'} = $hash{$key}[3];
+ $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
+ $fwdfwsettings{'grp2'} = $hash{$key}[5];
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
+ $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
+ $fwdfwsettings{'PROT'} = $hash{$key}[8];
+ $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
+ $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
+ $fwdfwsettings{'USESRV'} = $hash{$key}[11];
+ $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
+ $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
+ $fwdfwsettings{'grp3'} = $hash{$key}[14];
+ $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
+ $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
+ $fwdfwsettings{'LOG'} = $hash{$key}[17];
+ $fwdfwsettings{'TIME'} = $hash{$key}[18];
+ $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
+ $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
+ $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
+ $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
+ $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
+ $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
+ $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
+ $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
+ $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
+ $fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
+ $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
+ $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
+ $fwdfwsettings{'dnatport'} = $hash{$key}[30];
+ $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
+ $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
+ $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
+ $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
+ $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
+ $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
+ $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
+ $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
+ $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
+ $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
+ $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
+ $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
+ $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
+ $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
+ $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
+ $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
+ $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
+ $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
+ $selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
+ $selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
+ }
+ }
+ $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+ $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+ $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+ $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
+ $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
+ $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $fwdfwsettings{'oldorange'} ='on';
+ }
+ }
+ }else{
+ $fwdfwsettings{'ACTIVE'}='ON';
+ $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
+ $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
+ $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
+ $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
+ $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
+ $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
+ $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
+ #check if manual ip (source) is orange network
+ if ($fwdfwsettings{'grp1'} eq 'src_addr'){
+ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
+ if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+ $fwdfwsettings{'oldorange'} ='on';
+ }
+ }
+ }
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
+ &Header::closebox();
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
+ #------SOURCE-------------------------------------------------------
+ print "<form method='post'>";
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' \
checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' \
name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td \
width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' \
$checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td> +END
+ print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
+ print "<option value='ALL' \
$selected{'ipfire_src'}{'ALL'}>$Lang::tr{'all'}</option>"; + print "<option \
value='GREEN' $selected{'ipfire_src'}{'GREEN'}>$Lang::tr{'green'} \
($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'}; + print "<option \
value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} \
($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used()); + print "<option \
value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} \
($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used()); + print "<option \
value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip); \
+ if (! -z "${General::swroot}/ethernet/aliases"){ + foreach my $alias (sort keys \
%aliases) + {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' \
/></td></tr></table> +END
+ &gen_dd_block('src','grp1');
+ print"<hr>";
+ &Header::closebox();
+ #---SNAT / DNAT ------------------------------------------------
+ &Header::openbox('100%', 'left', 'NAT');
+ print<<END;
+ <label>
+ <input type='checkbox' name='USE_NAT' id='USE_NAT' value="ON" \
$checked{'USE_NAT'}{'ON'}> + $Lang::tr{'fwdfw use nat'}
+ </label>
+ <div class="NAT">
+ <table width='100%' border='0'>
+ <tr>
+ <td colspan='2'></td>
+ <td width='1%'>
+ <input type='radio' name='nat' id='dnat' value='dnat' checked>
+ </td>
+ <td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
+END
+ print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select \
name='dnat' style='width:140px;'>"; + print "<option value='ALL' \
$selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>"; + print "<option \
value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>"; + foreach \
my $alias (sort keys %aliases) + {
+ print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
+ }
+ print"</select></td></tr>";
+ #SNAT
+ print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' \
id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw \
snat'}</td>"; + print"<td width='8%'>Firewall: </td><td width='20%' \
align='right'><select name='snat' style='width:140px;'>"; + foreach my $alias (sort \
keys %aliases) + {
+ print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>";
+ }
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ next if($defaultNetworks{$network}{'NAME'} eq "ALL");
+ next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq \
$defaultNetworks{$network}{'NAME'}); + print ">$network</option>";
+ }
+ print"</select></td></tr></table>";
+ print"</div>";
+ &Header::closebox();
+ #---TARGET------------------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
+ print<<END;
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' \
checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input \
type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' \
maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' \
value='ipfire' $checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td> +END
+ print"<td align='right'><select name='ipfire' style='width:200px;'>";
+ print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
+ print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} \
($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'}; + print "<option \
value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} \
($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used()); + print "<option \
value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} \
($ifaces{'BLUE_ADDRESS'})</option>"if (&Header::blue_used()); + print "<option \
value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip); \
+ if (! -z "${General::swroot}/ethernet/aliases"){ + foreach my $alias (sort keys \
%aliases) + {
+ print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' \
/></td></tr></table> +END
+ &gen_dd_block('tgt','grp2');
+ print"<hr>";
+ &Header::closebox;
+ #---PROTOCOL------------------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
+ #Fix Protocol for JQuery
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq \
'cust_srvgrp'){ + $fwdfwsettings{'PROT'} = 'template';
+ }
+ print<<END;
+ <div id="prt">
+ <table width='15%' border='0' style="float:left;">
+ <tr>
+ <td>
+ <select name='PROT' id='protocol'>
+END
+ print "<option value=\"\"";
+ if ($fwdfwsettings{'PROT'} eq '') {
+ print " selected=\"selected\"";
+ }
+ print ">$Lang::tr{'all'}</option>";
+
+ print "<option value=\"template\"";
+ print " selected=\"selected\"" if ($fwdfwsettings{'grp3'} eq 'cust_srv' || \
$fwdfwsettings{'grp3'} eq 'cust_srvgrp'); + print ">- $Lang::tr{'template'} \
-</option>"; +
+ foreach (@PROTOCOLS) {
+ print"<option value=\"$_\"";
+ if ($_ eq $fwdfwsettings{'PROT'}) {
+ print " selected=\"selected\"";
+ }
+ print ">$_</option>";
+ }
+ print<<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="PROTOCOL_ICMP_TYPES">
+ <table width='50%' border='0' style="float:left;">
+ <tr>
+ <td width='20%'>$Lang::tr{'fwhost icmptype'}</td>
+ <td colspan='2'>
+ <select name='ICMP_TYPES' style='min-width:230px;'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys \
%icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+
+ print <<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
+END
+
+ $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g;
+ $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
+ $fwdfwsettings{'dnatport'} =~ tr/|/,/;
+
+ # The dnatport may be empty, if it matches TGT_PORT
+ if ($fwdfwsettings{'dnatport'} eq $fwdfwsettings{'TGT_PORT'}) {
+ $fwdfwsettings{'dnatport'} = "";
+ }
+
+ print <<END;
+
+ <div id="PROTOCOL_PORTS">
+ <table border="0">
+ <tr>
+ <!-- #SOURCEPORT -->
+ <td>
+ $Lang::tr{'fwdfw use srcport'}
+ </td>
+ <td>
+ <input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' \
maxlength='20' size='18'> + </td>
+ <td width='10%'>
+ </td>
+
+ <!-- #TARGETPORT -->
+ <td>
+ $Lang::tr{'fwdfw use srv'}
+ </td>
+
+ <td>
+ <input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' \
maxlength='20' size='18'> + </td>
+ </tr>
+ <tr class="NAT">
+ <td colspan='3'></td>
+ <td>$Lang::tr{'fwdfw external port nat'}:</td>
+ <td>
+ <input type='text' name='dnatport' value=\"$fwdfwsettings{'dnatport'}\" \
maxlength='20' size='18'> + </td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="PROTOCOL_TEMPLATE">
+ <table border="0">
+ <tr>
+ <td>
+ <input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked>
+ $Lang::tr{'fwhost cust service'}
+ </td>
+ <td>
+ <select name='cust_srv' style='min-width: 230px;'>
+END
+ &General::readhasharray("$configsrv", \%customservice);
+ foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys \
%customservice){ + print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq \
$customservice{$key}[0]); \
+ print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>"; + }
+
+ print<<END;
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' \
$checked{'grp3'}{'cust_srvgrp'}> + $Lang::tr{'fwhost cust srvgrp'}
+ </td>
+ <td>
+ <select name='cust_srvgrp' style='min-width:230px;'>
+END
+
+ &General::readhasharray("$configsrvgrp", \%customservicegrp);
+ my $helper;
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } \
keys %customservicegrp){ + if ($helper ne $customservicegrp{$key}[0]){
+ print"<option ";
+ print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq \
$customservicegrp{$key}[0]); + print">$customservicegrp{$key}[0]</option>";
+ }
+ $helper=$customservicegrp{$key}[0];
+ }
+ print<<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <br><br><br>
+END
+
+ &Header::closebox;
+
+ $checked{"RULE_ACTION"} = ();
+ foreach ("ACCEPT", "DROP", "REJECT") {
+ $checked{"RULE_ACTION"}{$_} = "";
+ }
+
+ if($fwdfwsettings{'updatefwrule'} eq 'on') {
+ $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked";
+ } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') {
+ $checked{"RULE_ACTION"}{"ACCEPT"} = "checked";
+ } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') {
+ $checked{"RULE_ACTION"}{"DROP"} = "checked";
+ }
+
+ print <<END;
+ <hr><br>
+
+ <center>
+ <table width="80%" border="0">
+ <tr>
+ <td width="33%" align="center" bgcolor="$color{'color17'}">
+ <br>
+ </td>
+ <td width="33%" align="center" bgcolor="$color{'color25'}">
+ <br>
+ </td>
+ <td width="33%" align="center" bgcolor="$color{'color16'}">
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="ACCEPT" \
$checked{"RULE_ACTION"}{"ACCEPT"}> + <strong>$Lang::tr{'fwdfw \
ACCEPT'}</strong> + </label>
+ </td>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="DROP" \
$checked{"RULE_ACTION"}{"DROP"}> + <strong>$Lang::tr{'fwdfw DROP'}</strong>
+ </label>
+ </td>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="REJECT" \
$checked{"RULE_ACTION"}{"REJECT"}> + <strong>$Lang::tr{'fwdfw \
REJECT'}</strong> + </label>
+ </td>
+ </tr>
+ </table>
+ </center>
+
+ <br>
+END
+
+ #---Activate/logging/remark-------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
+ print<<END;
+ <table width='100%' border='0'>
+END
+ print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' \
align='left'><input type='text' name='ruleremark' maxlength='255' \
value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>"; \
+ if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq \
'on'){ + print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select \
name='rulepos' >"; + for (my $count =1; $count <= $sum; $count++){
+ print"<option value='$count' ";
+ print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
+ print">$count</option>";
+ }
+ print"</select></td></tr>";
+ }else{
+ print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' \
name='rulepos' size='2'></td></tr>"; + }
+
+ print<<END;
+ </table>
+ <table width='100%'>
+ <tr>
+END
+
+ if ($fwdfwsettings{'updatefwrule'} eq 'on') {
+ print <<END;
+ <td>
+ <input type='checkbox' name='ACTIVE' value="ON" $checked{'ACTIVE'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw rule activate'}</td>
+END
+ } else {
+ print <<END;
+ <td colspan="2">
+ <input type="hidden" name="ACTIVE" value="ON">
+ </td>
+END
+ }
+
+ print <<END;
+ </tr>
+ <tr>
+ <td>
+ <input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw log rule'}</td>
+ </tr>
+ <tr>
+ <td width='1%'>
+ <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' \
$checked{'TIME'}{'ON'}> + </td>
+ <td>$Lang::tr{'fwdfw timeframe'}</td>
+ </tr>
+ <tr id="TIME_CONSTRAINTS">
+ <td colspan="2">
+ <table width="66%" border="0">
+ <tr>
+ <td width="8em"> </td>
+ <td align="center">$Lang::tr{'advproxy monday'}</td>
+ <td align="center">$Lang::tr{'advproxy tuesday'}</td>
+ <td align="center">$Lang::tr{'advproxy wednesday'}</td>
+ <td align="center">$Lang::tr{'advproxy thursday'}</td>
+ <td align="center">$Lang::tr{'advproxy friday'}</td>
+ <td align="center">$Lang::tr{'advproxy saturday'}</td>
+ <td align="center">$Lang::tr{'advproxy sunday'}</td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td width="8em"> </td>
+ <td align="center"><input type='checkbox' name='TIME_MON' value='on' \
$checked{'TIME_MON'}{'on'} ></td> + <td align="center"><input type='checkbox' \
name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td> + <td \
align="center"><input type='checkbox' name='TIME_WED' value='on' \
$checked{'TIME_WED'}{'on'} ></td> + <td align="center"><input type='checkbox' \
name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td> + <td \
align="center"><input type='checkbox' name='TIME_FRI' value='on' \
$checked{'TIME_FRI'}{'on'} ></td> + <td align="center"><input type='checkbox' \
name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td> + <td \
align="center"><input type='checkbox' name='TIME_SUN' value='on' \
$checked{'TIME_SUN'}{'on'} ></td> + <td>
+ <select name='TIME_FROM'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select> ‐
+ <select name='TIME_TO'>
+END
+ for (my $i=0;$i<=23;$i++) {
+ $i = sprintf("%02s",$i);
+ for (my $j=0;$j<=45;$j+=15) {
+ $j = sprintf("%02s",$j);
+ my $time = $i.":".$j;
+ print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+ }
+ }
+ print<<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ <br><hr>
+END
+
+ #---ACTION------------------------------------------------------
+ if($fwdfwsettings{'updatefwrule'} ne 'on'){
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' \
style='min-width:100px;' /> + <input type='hidden' name='config' value='$config' >
+ <input type='hidden' name='ACTION' value='saverule' ></form>
+ <form method='post' style='display:inline;'><input type='submit' \
value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' \
name='ACTION' value='reset'></form></td></tr> + </table>
+ <br>
+END
+ }else{
+ print<<END;
+ <table border='0' width='100%'>
+ <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' \
style='min-width:100px;' /><input type='hidden' name='updatefwrule' \
value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' \
value='$fwdfwsettings{'key'}'> + <input type='hidden' name='oldgrp1a' \
value='$fwdfwsettings{'oldgrp1a'}' /> + <input type='hidden' name='oldgrp1b' \
value='$fwdfwsettings{'oldgrp1b'}' /> + <input type='hidden' name='oldgrp2a' \
value='$fwdfwsettings{'oldgrp2a'}' /> + <input type='hidden' name='oldgrp2b' \
value='$fwdfwsettings{'oldgrp2b'}' /> + <input type='hidden' name='oldgrp3a' \
value='$fwdfwsettings{'oldgrp3a'}' /> + <input type='hidden' name='oldgrp3b' \
value='$fwdfwsettings{'oldgrp3b'}' /> + <input type='hidden' name='oldusesrv' \
value='$fwdfwsettings{'oldusesrv'}' /> + <input type='hidden' name='oldrulenumber' \
value='$fwdfwsettings{'oldrulenumber'}' /> + <input type='hidden' name='rulenumber' \
value='$fwdfwsettings{'rulepos'}' /> + <input type='hidden' name='oldruleremark' \
value='$fwdfwsettings{'oldruleremark'}' /> + <input type='hidden' name='oldorange' \
value='$fwdfwsettings{'oldorange'}' /> + <input type='hidden' name='oldnat' \
value='$fwdfwsettings{'oldnat'}' /> + <input type='hidden' name='oldruletype' \
value='$fwdfwsettings{'oldruletype'}' /> + <input type='hidden' name='ACTION' \
value='saverule' ></form><form method='post' style='display:inline'><input \
type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input \
type='hidden' name='ACTION' value'reset'></td></td> + </table></form>
+END
+ }
+ &Header::closebox();
+}
+sub pos_up
+{
+ my %uphash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
+ foreach my $key (sort keys %uphash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $last = $key -1;
+ if (exists $uphash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$uphash{$last}}) {
+ $tmp{0}[$y] = $uphash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$uphash{$last}}) {
+ $uphash{$last}[$i] = $uphash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $uphash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
+ &General::firewall_config_changed();
+}
+sub pos_down
+{
+ my %downhash=();
+ my %tmp=();
+ &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
+ foreach my $key (sort keys %downhash){
+ if ($key eq $fwdfwsettings{'key'}) {
+ my $next = $key + 1;
+ if (exists $downhash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$downhash{$next}}) {
+ $tmp{0}[$y] = $downhash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$downhash{$next}}) {
+ $downhash{$next}[$i] = $downhash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $downhash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
+ &General::firewall_config_changed();
+}
+sub saverule
+{
+ my $hash=shift;
+ my $config=shift;
+ &General::readhasharray("$config", $hash);
+ if (!$errormessage){
+ ################################################################
+ #check if we change an INPUT rule to a OUTGOING
+ if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq \
'OUTGOINGFW' ){ + &changerule($configinput);
+ #print"1";
+ }
+ #check if we change an INPUT rule to a FORWARD
+ elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq \
'FORWARDFW' ){ + &changerule($configinput);
+ #print"2";
+ }
+ ################################################################
+ #check if we change an OUTGOING rule to an INPUT
+ elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq \
'INPUTFW' ){ + &changerule($configoutgoing);
+ #print"3";
+ }
+ #check if we change an OUTGOING rule to a FORWARD
+ elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq \
'FORWARDFW' ){ + &changerule($configoutgoing);
+ #print"4";
+ }
+ ################################################################
+ #check if we change a FORWARD rule to an INPUT
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq \
'INPUTFW'){ + &changerule($configfwdfw);
+ #print"5";
+ }
+ #check if we change a FORWARD rule to an OUTGOING
+ elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq \
'OUTGOINGFW'){ + &changerule($configfwdfw);
+ #print"6";
+ }
+ if ($fwdfwsettings{'updatefwrule'} ne 'on'){
+ my $key = &General::findhasharraykey ($hash);
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+ $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
+ &General::writehasharray("$config", $hash);
+ }else{
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if($key eq $fwdfwsettings{'key'}){
+ $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
+ $$hash{$key}[1] = $fwdfwsettings{'chain'};
+ $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
+ $$hash{$key}[3] = $fwdfwsettings{'grp1'};
+ $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
+ $$hash{$key}[5] = $fwdfwsettings{'grp2'};
+ $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
+ $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
+ $$hash{$key}[8] = $fwdfwsettings{'PROT'};
+ $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
+ $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
+ $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
+ $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
+ $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
+ $$hash{$key}[14] = $fwdfwsettings{'grp3'};
+ $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
+ $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
+ $$hash{$key}[17] = $fwdfwsettings{'LOG'};
+ $$hash{$key}[18] = $fwdfwsettings{'TIME'};
+ $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
+ $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
+ $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
+ $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
+ $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
+ $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
+ $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
+ $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
+ $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
+ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
+ $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
+ last;
+ }
+ }
+ }
+ &General::writehasharray("$config", $hash);
+ if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $last = $key -1;
+ if (exists $$hash{$last}){
+ #save rule last
+ foreach my $y (0 .. $#{$$hash{$last}}) {
+ $tmp{0}[$y] = $$hash{$last}[$y];
+ }
+ #copy active rule to last
+ foreach my $i (0 .. $#{$$hash{$last}}) {
+ $$hash{$last}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}--;
+ }
+ &General::writehasharray("$config", $hash);
+ &General::firewall_config_changed();
+ }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
+ my %tmp=();
+ my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
+ for (my $z=0;$z<$val;$z++){
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ if ($key eq $fwdfwsettings{'oldrulenumber'}) {
+ my $next = $key + 1;
+ if (exists $$hash{$next}){
+ #save rule next
+ foreach my $y (0 .. $#{$$hash{$next}}) {
+ $tmp{0}[$y] = $$hash{$next}[$y];
+ }
+ #copy active rule to next
+ foreach my $i (0 .. $#{$$hash{$next}}) {
+ $$hash{$next}[$i] = $$hash{$key}[$i];
+ }
+ #copy saved rule to actual position
+ foreach my $x (0 .. $#{$tmp{0}}) {
+ $$hash{$key}[$x] = $tmp{0}[$x];
+ }
+ }
+ }
+ }
+ $fwdfwsettings{'oldrulenumber'}++;
+ }
+ &General::writehasharray("$config", $hash);
+ &General::firewall_config_changed();
+ }
+ }
+}
+sub validremark
+{
+ # Checks a hostname against RFC1035
+ my $remark = $_[0];
+
+ # Each part should be at least two characters in length
+ # but no more than 63 characters
+ if (length ($remark) < 1 || length ($remark) > 255) {
+ return 0;}
+ # Only valid characters are a-z, A-Z, 0-9 and -
+ if ($remark !~ /^[a-z??????A-Z??????0-9-.:;\|_()\/\s]*$/) {
+ return 0;}
+ # First character can only be a letter or a digit
+ if (substr ($remark, 0, 1) !~ /^[a-z??????A-Z??????0-9]*$/) {
+ return 0;}
+ # Last character can only be a letter or a digit
+ if (substr ($remark, -1, 1) !~ /^[a-z??????A-Z??????0-9.:;_)]*$/) {
+ return 0;}
+ return 1;
+}
+sub viewtablerule
+{
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
+ &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
+ &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
+ &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
+}
+sub viewtablenew
+{
+ my $hash=shift;
+ my $config=shift;
+ my $title=shift;
+ my $title1=shift;
+ my $go='';
+ &General::get_aliases(\%aliases);
+ &General::readhasharray("$confighost", \%customhost);
+ &General::readhasharray("$config", $hash);
+ &General::readhasharray("$configccdnet", \%ccdnet);
+ &General::readhasharray("$configccdhost", \%ccdhost);
+ if( ! -z $config){
+ &Header::openbox('100%', 'left',$title);
+ my $count=0;
+ my ($gif,$log);
+ my $ruletype;
+ my $rulecolor;
+ my $tooltip;
+ my @tmpsrc=();
+ my $coloryellow='';
+ print <<END;
+ <b>$title1</b>
+ <br>
+
+ <table width='100%' cellspacing='0' border='0'>
+ <tr>
+ <th align='right' width='3%'>
+ #
+ </th>
+ <th width='2%'></th>
+ <th align='center'>
+ <b>$Lang::tr{'protocol'}</b>
+ </th>
+ <th align='center' width='30%'>
+ <b>$Lang::tr{'fwdfw source'}</b>
+ </th>
+ <th align='center'>
+ Log <!-- XXX UNTRANSLATED STRING -->
+ </th>
+ <th align='center' width='30%'>
+ <b>$Lang::tr{'fwdfw target'}</b>
+ </th>
+ <th align='center' colspan='6' width='18%'>
+ <b>$Lang::tr{'fwdfw action'}</b>
+ </th>
+ </tr>
+END
+
+ foreach my $key (sort {$a <=> $b} keys %$hash){
+ $tdcolor='';
+ @tmpsrc=();
+ #check if vpn hosts/nets have been deleted
+ if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[4]);
+ }
+ if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+ push (@tmpsrc,$$hash{$key}[6]);
+ }
+ foreach my $host (@tmpsrc){
+ if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
+ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
+ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
+ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq \
'ovpn_host_tgt'){ + if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
+ $coloryellow='on';
+ &disable_rule($key);
+ $$hash{$key}[2]='';
+ }
+ }
+ }
+ $$hash{'ACTIVE'}=$$hash{$key}[2];
+ $count++;
+ if($coloryellow eq 'on'){
+ print"<tr bgcolor='$color{'color14'}' >";
+ $coloryellow='';
+ }elsif($coloryellow eq ''){
+ if ($count % 2){
+ $color="$color{'color22'}";
+ }
+ else{
+ $color="$color{'color20'}";
+ }
+ }
+ print<<END;
+ <tr bgcolor='$color'>
+ <td align='right' width='3%'>
+ <b>$key </b>
+ </td>
+END
+
+ #RULETYPE (A,R,D)
+ if ($$hash{$key}[0] eq 'ACCEPT'){
+ $ruletype='A';
+ $tooltip='ACCEPT';
+ $rulecolor=$color{'color17'};
+ }elsif($$hash{$key}[0] eq 'DROP'){
+ $ruletype='D';
+ $tooltip='DROP';
+ $rulecolor=$color{'color25'};
+ }elsif($$hash{$key}[0] eq 'REJECT'){
+ $ruletype='R';
+ $tooltip='REJECT';
+ $rulecolor=$color{'color16'};
+ }
+
+ print <<END;
+ <td bgcolor='$rulecolor' align='center' width='2%'>
+ <span title='$tooltip'> </span>
+ </td>
+END
+
+ #Get Protocol
+ my $prot;
+ if ($$hash{$key}[8]){
+ push (@protocols,$$hash{$key}[8]);
+ }elsif($$hash{$key}[14] eq 'cust_srv'){
+ &get_serviceports("service",$$hash{$key}[15]);
+ }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
+ &get_serviceports("group",$$hash{$key}[15]);
+ }else{
+ push (@protocols,$Lang::tr{'all'});
+ }
+
+ my $protz=join(",", at protocols);
+ if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne \
'cust_srvgrp'){ + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \
\%icmptypes); + foreach my $keyicmp (sort { \
ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ + if($$hash{$key}[9] \
eq "$icmptypes{$keyicmp}[0]"){ + print "<td align='center'><span \
title='$icmptypes{$keyicmp}[0]'><b>$protz ($icmptypes{$keyicmp}[1])</b></span></td>"; \
+ last; + }
+ }
+ }else{
+ print"<td align='center'>$protz</td>";
+ }
+ @protocols=();
+ #SOURCE
+ my $ipfireiface;
+ &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+ print"<td align='center' width='160' $tdcolor>";
+ if ($$hash{$key}[3] eq 'ipfire_src'){
+ $ipfireiface='Interface ';
+ }
+ if ($$hash{$key}[3] eq 'std_net_src'){
+ print &get_name($$hash{$key}[4]);
+ }elsif ($$hash{$key}[3] eq 'src_addr'){
+ my ($split1,$split2) = split("/",$$hash{$key}[4]);
+ if ($split2 eq '32'){
+ print $split1;
+ }else{
+ print $$hash{$key}[4];
+ }
+ }elsif ($$hash{$key}[4] eq 'RED1'){
+ print "$ipfireiface $Lang::tr{'fwdfw red'}";
+ }else{
+ print "$$hash{$key}[4]";
+ }
+ $tdcolor='';
+ #SOURCEPORT
+ &getsrcport(\%$hash,$key);
+ #Is this a SNAT rule?
+ if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
+ my $net=&get_name($$hash{$key}[29]);
+ if ( ! $net){ $net=$$hash{$key}[29];}
+ print"<br>->$net";
+ if ($$hash{$key}[30] ne ''){
+ print": $$hash{$key}[30]";
+ }
+ }
+ if ($$hash{$key}[17] eq 'ON'){
+ $log="/images/on.gif";
+ }else{
+ $log="/images/off.gif";
+ }
+ #LOGGING
+ print<<END;
+ </td>
+ <td align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' \
title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;'/> + <input type='hidden' name='key' \
value='$key' /> + <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
+ </form>
+ </td>
+END
+ #TARGET
+ &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
+ print<<END;
+ <td align='center' $tdcolor>
+END
+ #Is this a DNAT rule?
+ if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
+ print "Firewall ($$hash{$key}[29])";
+ if($$hash{$key}[30] ne ''){
+ $$hash{$key}[30]=~ tr/|/,/;
+ print": $$hash{$key}[30]";
+ }
+ print"<br>->";
+ }
+ if ($$hash{$key}[5] eq 'ipfire'){
+ $ipfireiface='Interface';
+ }
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || \
$$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq \
'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){ + if ($$hash{$key}[6] eq 'RED1'){
+ print "$ipfireiface $Lang::tr{'red1'}";
+ }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || \
$$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL') + {
+ print "$ipfireiface ".&get_name($$hash{$key}[6]);
+ }else{
+ print $$hash{$key}[6];
+ }
+ }elsif ($$hash{$key}[5] eq 'tgt_addr'){
+ my ($split1,$split2) = split("/",$$hash{$key}[6]);
+ if ($split2 eq '32'){
+ print $split1;
+ }else{
+ print $$hash{$key}[6];
+ }
+ }else{
+ print "$$hash{$key}[6]";
+ }
+ $tdcolor='';
+ #TARGETPORT
+ &gettgtport(\%$hash,$key);
+ print"</td>";
+ #RULE ACTIVE
+ if($$hash{$key}[2] eq 'ON'){
+ $gif="/images/on.gif"
+
+ }else{
+ $gif="/images/off.gif"
+ }
+ print<<END;
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' \
title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' /> + <input \
type='hidden' name='key' value='$key' /> + <input type='hidden' name='config' \
value='$config' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw \
toggle'}' /> + </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' \
title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' /> + <input \
type='hidden' name='key' value='$key' /> + <input type='hidden' name='config' \
value='$config' /> + <input type='hidden' name='ACTION' value='editrule' />
+ </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw \
copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' /> + <input \
type='hidden' name='key' value='$key' /> + <input type='hidden' name='config' \
value='$config' /> + <input type='hidden' name='ACTION' value='copyrule' />
+ </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' \
title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' /> + <input \
type='hidden' name='key' value='$key' /> + <input type='hidden' name='config' \
value='$config' /> + <input type='hidden' name='ACTION' value='deleterule' />
+ </form>
+ </td>
+END
+ if (exists $$hash{$key-1}){
+ print<<END;
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' \
title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' /> + <input \
type='hidden' name='key' value='$key' /> + <input type='hidden' name='config' \
value='$config' /> + <input type='hidden' name='ACTION' value='moveup' />
+ </form>
+ </td>
+END
+ }else{
+ print"<td width='3%'></td>";
+ }
+
+ if (exists $$hash{$key+1}){
+ print<<END;
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw \
movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; \
padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' /> \
+ <input type='hidden' name='key' value='$key' /> + <input type='hidden' \
name='config' value='$config' /> + <input type='hidden' name='ACTION' \
value='movedown' /> + </form>
+ </td>
+ </tr>
+END
+ }else{
+ print"<td width='3%'></td></tr>";
+ }
+ #REMARK
+ if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
+ print <<END;
+ <tr bgcolor='$color'>
+ <td> </td>
+ <td bgcolor='$rulecolor'></td>
+ <td colspan='10'>
+ <em>$$hash{$key}[16]</em>
+ </td>
+ </tr>
+END
+ }
+
+ if ($$hash{$key}[18] eq 'ON'){
+ #TIMEFRAME
+ if ($$hash{$key}[18] eq 'ON'){
+ my @days=();
+ if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
+ if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
+ if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
+ if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
+ if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
+ if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
+ if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
+ my $weekdays=join(",", at days);
+ if (@days){
+ print"<tr bgcolor='$color'>";
+ print"<td> </td><td bgcolor='$rulecolor'></td><td align='left' \
colspan='10'> $weekdays $$hash{$key}[26] - $$hash{$key}[27]</td></tr>"; \
+ } + }
+ }
+ print"<tr bgcolor='FFFFFF'><td colspan='13' height='1'></td></tr>";
+ }
+ print"</table>";
+ #SHOW FINAL RULE
+ print "<table width='100%'rules='cols' border='1'>";
+ my $col;
+ if ($config eq '/var/ipfire/forward/config'){
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ }else{
+ $col="bgcolor='green'";
+ }
+ &show_defaultrules($col,$pol);
+ }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF' >$Lang::tr{'fwdfw pol block'}</font></td></tr>"; + }else{
+ $col="bgcolor='green'";
+ print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF' >$Lang::tr{'fwdfw pol allow'}</font></td></tr>"; + }
+ }else{
+ print"<tr><td bgcolor='darkred' width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td bgcolor='darkred' \
align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>"; \
+ } + print"</table>";
+ print "<hr>";
+ print "<br><br>";
+ &Header::closebox();
+ }else{
+ if ($optionsfw{'SHOWTABLES'} eq 'on'){
+ print "<b>$title1</b><br>";
+ print"<table width='100%' border='0' rules='none'><tr><td height='30' \
bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost \
empty'}</td></tr></table>"; + my $col;
+ if ($config eq '/var/ipfire/forward/config'){
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
+ if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ }else{
+ $col="bgcolor='green'";
+ }
+ &show_defaultrules($col,$pol);
+ }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ print "<table width='100%' rules='cols' border='1'>";
+ my $pol='fwdfw '.$fwdfwsettings{'POLICY1'};
+ if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
+ $col="bgcolor='darkred'";
+ print"<tr><td $col align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>"; + }else{
+ $col="bgcolor='green'";
+ print"<tr><td $col align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>"; + }
+ }else{
+ print "<table width='100%' rules='cols' border='1'>";
+ print"<tr><td bgcolor='darkred' align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td align='center' \
bgcolor='darkred'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol \
block'}</font></td></tr>"; + }
+ print"</table><br><br>";
+ }
+ }
+}
+&Header::closebigbox();
+&Header::closepage();
+
+sub show_defaultrules
+{
+ my $col=shift;
+ my $pol=shift;
+ #STANDARD RULES (From WIKI)
+ print"</table>";
+ if ($col eq "bgcolor='green'"){
+ print "<br><table width='100%' rules='cols' border='1' >";
+ my $blue = "<font color=$Header::colourblue> $Lang::tr{'blue'}</font> \
($Lang::tr{'fwdfw pol block'})" if (&Header::blue_used()); + my $orange = "<font \
color=$Header::colourorange> $Lang::tr{'orange'}</font> ($Lang::tr{'fwdfw pol \
block'})" if (&Header::orange_used()); + my $blue1 = "<font \
color=$Header::colourblue> $Lang::tr{'blue'}</font> ($Lang::tr{'fwdfw pol \
allow'})" if (&Header::blue_used()); + my $orange1 = "<font \
color=$Header::colourorange> $Lang::tr{'orange'}</font> ($Lang::tr{'fwdfw pol \
allow'})" if (&Header::orange_used()); + print"<tr><td align='center'><font \
color='#000000'>$Lang::tr{'green'}</td><td align='center'> <font \
color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol \
allow'})</td>"; + print"<td align='center'>$orange1</td>" if \
(&Header::orange_used()); + print"<td align='center'>$blue1</td>" if \
(&Header::blue_used()); + print"</tr>";
+ if (&Header::orange_used()){
+ print"<tr><td align='center' width='20%'><font \
color='#000000'>$Lang::tr{'orange'}</td><td align='center'> <font \
color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol \
allow'})</td><td align='center'><font color=$Header::colourgreen> \
$Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol block'})</td>"; + print"<td \
align='center'>$blue</td>" if (&Header::blue_used()); + print"</tr>";
+ }
+ if (&Header::blue_used()){
+ print"<tr><td align='center'><font color='#000000'>$Lang::tr{'blue'}</td><td \
align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> \
($Lang::tr{'fwdfw pol allow'})</td>"; + print"<td align='center'>$orange</td>" if \
(&Header::orange_used()); + print"<td align='center'><font \
color=$Header::colourgreen> $Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol \
block'})</td>"; + print"</tr>";
+ }
+ print"<tr><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw \
final_rule'} </font></td><td $col colspan='3' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>"; + }elsif($col eq \
"bgcolor='darkred'"){ + print "<table width='100%' rules='cols' border='1' >";
+ print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>"; + }
+}
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
deleted file mode 100755
index fbee025..0000000
--- a/html/cgi-bin/forwardfw.cgi
+++ /dev/null
@@ -1,2771 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2013 Alexander Marx <amarx at ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-use Sort::Naturally;
-no warnings 'uninitialized';
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-require "${General::swroot}/forward/bin/firewall-lib.pl";
-
-unless (-d "${General::swroot}/forward") { system("mkdir \
${General::swroot}/forward"); }
-unless (-e "${General::swroot}/forward/settings") { system("touch \
${General::swroot}/forward/settings"); }
-unless (-e "${General::swroot}/forward/config") { system("touch \
${General::swroot}/forward/config"); }
-unless (-e "${General::swroot}/forward/input") { system("touch \
${General::swroot}/forward/input"); }
-unless (-e "${General::swroot}/forward/outgoing") { system("touch \
${General::swroot}/forward/outgoing"); }
-
-my %fwdfwsettings=();
-my %selected=() ;
-my %defaultNetworks=();
-my %netsettings=();
-my %customhost=();
-my %customgrp=();
-my %customnetworks=();
-my %customservice=();
-my %customservicegrp=();
-my %ccdnet=();
-my %customnetwork=();
-my %ccdhost=();
-my %configfwdfw=();
-my %configinputfw=();
-my %configoutgoingfw=();
-my %ipsecconf=();
-my %color=();
-my %mainsettings=();
-my %checked=();
-my %icmptypes=();
-my %ovpnsettings=();
-my %ipsecsettings=();
-my %aliases=();
-my %optionsfw=();
-my %ifaces=();
-
-my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE");
-
-my $color;
-my $confignet = "${General::swroot}/fwhosts/customnetworks";
-my $confighost = "${General::swroot}/fwhosts/customhosts";
-my $configgrp = "${General::swroot}/fwhosts/customgroups";
-my $configsrv = "${General::swroot}/fwhosts/customservices";
-my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
-my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
-my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
-my $configipsec = "${General::swroot}/vpn/config";
-my $configipsecrw = "${General::swroot}/vpn/settings";
-my $configfwdfw = "${General::swroot}/forward/config";
-my $configinput = "${General::swroot}/forward/input";
-my $configoutgoing = "${General::swroot}/forward/outgoing";
-my $configovpn = "${General::swroot}/ovpn/settings";
-my $fwoptions = "${General::swroot}/optionsfw/settings";
-my $ifacesettings = "${General::swroot}/ethernet/settings";
-my $errormessage='';
-my $hint='';
-my $ipgrp="${General::swroot}/outgoing/groups";
-my $tdcolor='';
-my $checkorange='';
-my @protocols;
-&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \
\%color);
-&General::readhash($fwoptions, \%optionsfw);
-&General::readhash($ifacesettings, \%ifaces);
-&General::readhash("$configovpn", \%ovpnsettings);
-&General::readhash("$configipsecrw", \%ipsecsettings);
-&General::readhasharray("$configipsec", \%ipsecconf);
-&Header::showhttpheaders();
-&Header::getcgihash(\%fwdfwsettings);
-&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
-&Header::openbigbox('100%', 'center',$errormessage);
-#### JAVA SCRIPT ####
-print<<END;
-<script>
- var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
-
- var update_protocol = function() {
- var protocol = \$("#protocol").val();
-
- if (protocol === undefined)
- return;
-
- // Check if a template is/should be used.
- if (protocol === "template") {
- \$("#PROTOCOL_TEMPLATE").show();
- } else {
- \$("#PROTOCOL_TEMPLATE").hide();
- }
-
- // Check if we are dealing with a protocol, that knows ports.
- if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
- \$("#PROTOCOL_PORTS").show();
- } else {
- \$("#PROTOCOL_PORTS").hide();
- }
-
- // Handle ICMP.
- if (protocol === "ICMP") {
- \$("#PROTOCOL_ICMP_TYPES").show();
- } else {
- \$("#PROTOCOL_ICMP_TYPES").hide();
- }
- };
-
- \$(document).ready(function() {
- \$("#protocol").change(update_protocol);
- update_protocol();
-
- // When nat not used, hide it
- if (! \$("#USE_NAT").attr("checked")) {
- \$(".NAT").hide();
- }
-
- // Show NAT area when "use nat" checkbox is clicked
- \$("#USE_NAT").change(function() {
- \$(".NAT").toggle();
- });
-
- // Time constraints
- if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
- \$("#TIME_CONSTRAINTS").hide();
- }
- \$("#USE_TIME_CONSTRAINTS").change(function() {
- \$("#TIME_CONSTRAINTS").toggle();
- });
-
- // Automatically select radio buttons when corresponding
- // dropdown menu changes.
- \$("select").change(function() {
- var id = \$(this).attr("name");
-
- // When using SNAT or DNAT, check "USE NAT" Checkbox
- if (id === 'snat' || id === 'dnat') {
- \$('#USE_NAT').prop('checked', true);
- }
- \$('#' + id).prop("checked", true);
- });
- });
-</script>
-END
-
-#### ACTION #####
-
-if ($fwdfwsettings{'ACTION'} eq 'saverule')
-{
- &General::readhasharray("$configfwdfw", \%configfwdfw);
- &General::readhasharray("$configinput", \%configinputfw);
- &General::readhasharray("$configoutgoing", \%configoutgoingfw);
- #Set Variables according to the JQuery code in protocol section
- if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
- {
- if ($fwdfwsettings{'SRC_PORT'} ne '')
- {
- $fwdfwsettings{'USE_SRC_PORT'} = 'ON';
- }
- if ($fwdfwsettings{'TGT_PORT'} ne '')
- {
- $fwdfwsettings{'USESRV'} = 'ON';
- $fwdfwsettings{'grp3'} = 'TGT_PORT';
- }
- }
- if ($fwdfwsettings{'PROT'} eq 'template')
- {
- $fwdfwsettings{'USESRV'} = 'ON';
- }
- $errormessage=&checksource;
- if(!$errormessage){&checktarget;}
- if(!$errormessage){&checkrule;}
- #check if manual ip (source) is orange network
- if ($fwdfwsettings{'grp1'} eq 'src_addr'){
- my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
- $checkorange='on';
- }
- }
- #check useless rules
- if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && \
$fwdfwsettings{'grp2'} eq 'ipfire'){
- $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>";
- }
- #check if we try to break rules
- if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
- $errormessage=$Lang::tr{'fwdfw err same'};
- }
- #INPUT part
- if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne \
'ORANGE'){
- $fwdfwsettings{'config'}=$configinput;
- $fwdfwsettings{'chain'} = 'INPUTFW';
- my $maxkey=&General::findhasharraykey(\%configinputfw);
- #check if we have an identical rule already
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$con \
figinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$ke \
y}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$config \
inputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$ke \
y}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$con \
figinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{ \
$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$ \
configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$con \
figinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$ke \
y}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$config \
inputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$ke \
y}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$con \
figinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{ \
$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$ \
configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $errormessage='';
- $fwdfwsettings{'nosave2'} = 'on';
- }
- }
- if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ($fwdfwsettings{'nobase'} ne 'on'){
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- }
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configinputfw,$configinput);
- }
- }
- }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
- # OUTGOING PART
- $fwdfwsettings{'config'}=$configoutgoing;
- $fwdfwsettings{'chain'} = 'OUTGOINGFW';
- my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key \
}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6], \
$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$conf \
igoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$config \
outgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configou \
tgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutg \
oingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoi \
ngfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoing \
fw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- print"CHECK OUTGOING DOPPELTE REGEL<br>";
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$ \
fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfw \
settings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsetti \
ngs{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key \
}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6], \
$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$conf \
igoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$config \
outgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configou \
tgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutg \
oingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoi \
ngfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoing \
fw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $fwdfwsettings{'nosave2'} = 'on';
- $errormessage='';
- }
- }
- #increase counters
- if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configoutgoingfw,$configoutgoing);
- }
- }
- }else{
- #FORWARD PART
- $fwdfwsettings{'config'}=$configfwdfw;
- $fwdfwsettings{'chain'} = 'FORWARDFW';
- my $maxkey=&General::findhasharraykey(\%configfwdfw);
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- #check if we have an identical rule already
- foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TU \
E'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$ \
fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdf \
wsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwd \
fw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configf \
wdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$con \
figfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15 \
],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$k \
ey}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfw \
dfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if ($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' ){
- $errormessage='';
- }elsif($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && \
$fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'gr \
p1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwd \
fwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettin \
gs{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'T \
GT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsetti \
ngs{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TU \
E'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$ \
fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdf \
wsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwd \
fw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configf \
wdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$con \
figfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15 \
],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$k \
ey}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfw \
dfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && \
$fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} \
eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq \
$fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq \
$fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq \
$fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq \
$fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq \
$fwdfwsettings{'chain'}) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $fwdfwsettings{'nosave2'} = 'on';
- $errormessage='';
- }
- }
- #increase counters
- if (!$errormessage){
- &checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
- if($fwdfwsettings{'oldusesrv'} eq '' && $fwdfwsettings{'USESRV'} eq 'ON'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }elsif ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'oldusesrv'} eq 'ON') {
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},0,0);
- }elsif ($fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && \
$fwdfwsettings{'oldgrp3b'} ne $fwdfwsettings{$fwdfwsettings{'grp3'}} && \
$fwdfwsettings{'updatefwrule'} eq 'on'){
- &checkcounter($fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nobase'} eq 'on'){
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
- }
- if ($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configfwdfw,$configfwdfw);
- }
- }
- }
- if ($errormessage){
- &newrule;
- }else{
- if($fwdfwsettings{'nosave2'} ne 'on'){
- &General::firewall_config_changed();
- }
- &base;
- }
-}
-if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw newrule'})
-{
- &newrule;
-}
-if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
-{
- my %togglehash=();
- &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
- foreach my $key (sort keys %togglehash){
- if ($key eq $fwdfwsettings{'key'}){
- if ($togglehash{$key}[2] eq \
'ON'){$togglehash{$key}[2]='';}else{$togglehash{$key}[2]='ON';}
- }
- }
- &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
- &General::firewall_config_changed();
- &base;
-}
-if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
-{
- my %togglehash=();
- &General::readhasharray($fwdfwsettings{'config'}, \%togglehash);
- foreach my $key (sort keys %togglehash){
- if ($key eq $fwdfwsettings{'key'}){
- if ($togglehash{$key}[17] eq \
'ON'){$togglehash{$key}[17]='';}else{$togglehash{$key}[17]='ON';}
- }
- }
- &General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
- &General::firewall_config_changed();
- &base;
-}
-if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &General::firewall_reload();
- &base;
-}
-if ($fwdfwsettings{'ACTION'} eq 'editrule')
-{
- $fwdfwsettings{'updatefwrule'}='on';
- &newrule;
-}
-if ($fwdfwsettings{'ACTION'} eq 'deleterule')
-{
- &deleterule;
-}
-if ($fwdfwsettings{'ACTION'} eq 'moveup')
-{
- &pos_up;
- &base;
-}
-if ($fwdfwsettings{'ACTION'} eq 'movedown')
-{
- &pos_down;
- &base;
-}
-if ($fwdfwsettings{'ACTION'} eq 'copyrule')
-{
- $fwdfwsettings{'copyfwrule'}='on';
- &newrule;
-}
-if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
-{
- &base;
-}
-### Functions ####
-sub addrule
-{
- &error;
-
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
- print <<END;
- <form method="POST" action="">
- <table border='0' width="100%">
- <tr>
- <td>
- <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'>
- </td>
- <td align="right">
-END
-
- if (&General::firewall_needs_reload()) {
- print <<END;
- <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' \
style='font-weight: bold; color: green;'>
-END
- }
-
- print <<END;
- </td>
- </tr>
- </table>
- </form>
-
- <hr>
-END
- &Header::closebox();
- &viewtablerule;
-}
-sub base
-{
- &hint;
- &addrule;
-}
-sub changerule
-{
- my $oldchain=shift;
- $fwdfwsettings{'updatefwrule'}='';
- $fwdfwsettings{'config'}=$oldchain;
- $fwdfwsettings{'nobase'}='on';
- &deleterule;
- &checkcounter(0,0,$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
- &checkcounter(0,0,$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}});
-}
-sub checksource
-{
- my ($ip,$subnet);
- #check ip-address if manual
- if ($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'src_addr'} ne ''){
- #check if ip with subnet
- if ($fwdfwsettings{'src_addr'} =~ /^(.*?)\/(.*?)$/) {
- ($ip,$subnet)=split (/\//,$fwdfwsettings{'src_addr'});
- $subnet = &General::iporsubtocidr($subnet);
- $fwdfwsettings{'isip'}='on';
- }
- #check if only ip
- if($fwdfwsettings{'src_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
- $ip=$fwdfwsettings{'src_addr'};
- $subnet = '32';
- $fwdfwsettings{'isip'}='on';
- }
-
- if ($fwdfwsettings{'isip'} ne 'on'){
- if (&General::validmac($fwdfwsettings{'src_addr'})){
- $fwdfwsettings{'ismac'}='on';
- }
- }
- if ($fwdfwsettings{'isip'} eq 'on'){
- ##check if ip is valid
- if (! &General::validip($ip)){
- $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
- return $errormessage;
- }
- #check and form valid IP
- $ip=&General::ip2dec($ip);
- $ip=&General::dec2ip($ip);
- #check if net or broadcast
- $fwdfwsettings{'src_addr'}="$ip/$subnet";
- if(!&General::validipandmask($fwdfwsettings{'src_addr'})){
- $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
- return $errormessage;
- }
- }
- if ($fwdfwsettings{'isip'} ne 'on' && $fwdfwsettings{'ismac'} ne 'on'){
- $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>";
- return $errormessage;
- }
- }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && \
$fwdfwsettings{'src_addr'} eq ''){
- $errormessage.=$Lang::tr{'fwdfw err nosrcip'};
- return $errormessage;
- }
-
- #check empty fields
- if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw \
err nosrc'}."<br>";}
- if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || \
$fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne \
''){
- my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
- my @values=();
- foreach (@parts){
- chomp($_);
- if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
- my $check;
- #change dashes with :
- $_=~ tr/-/:/;
- if ($_ eq "*") {
- push(@values,"1:65535");
- $check='on';
- }
- if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
- push(@values,"1:$2");
- $check='on';
- }
- if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
- push(@values,"$1:65535");
- $check='on'
- }
- $errormessage .= &General::validportrange($_, 'destination');
- if(!$check){
- push (@values,$_);
- }
- }else{
- if (&General::validport($_)){
- push (@values,$_);
- }else{
-
- }
- }
- }
- $fwdfwsettings{'SRC_PORT'}=join("|", at values);
- }
- return $errormessage;
-}
-sub checktarget
-{
- my ($ip,$subnet);
- &General::readhasharray("$configsrv", \%customservice);
- #check DNAT settings (has to be single Host and single Port or portrange)
- if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
- if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq \
'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
- if ($fwdfwsettings{'USESRV'} eq '' && $fwdfwsettings{'dnatport'} eq ''){
- $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>";
- return $errormessage;
- }
- #check if manual ip is a single Host (if set)
- if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
- my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
- my @tmp1= split ("/",$tmp[3]);
- if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
- {
- $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
- return $errormessage;
- }
- }
- #check if Port is a single Port or portrange
- if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && \
$fwdfwsettings{'TGT_PORT'} eq ''){
- $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>";
- return $errormessage;
- }
- if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && \
$fwdfwsettings{'TGT_PORT'} ne '' && \
!&check_natport($fwdfwsettings{'TGT_PORT'})){
- $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>";
- return $errormessage;
- }
- }
- }else{
- $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
- return $errormessage;
- }
- }
- if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && \
$fwdfwsettings{'tgt_addr'} ne ''){
- #check if ip with subnet
- if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
- ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'});
- $subnet = &General::iporsubtocidr($subnet);
- }
- #check if only ip
- if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
- $ip=$fwdfwsettings{'tgt_addr'};
- $subnet='32';
- }
- #check if ip is valid
- if (! &General::validip($ip)){
- $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
- return $errormessage;
- }
- #check and form valid IP
- $ip=&General::ip2dec($ip);
- $ip=&General::dec2ip($ip);
- $fwdfwsettings{'tgt_addr'}="$ip/$subnet";
- if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
- $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
- return $errormessage;
- }
- }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && \
$fwdfwsettings{'tgt_addr'} eq ''){
- $errormessage.=$Lang::tr{'fwdfw err notgtip'};
- return $errormessage;
- }
- #check empty fields
- if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw \
err notgt'}."<br>";}
- #check tgt services
- if ($fwdfwsettings{'USESRV'} eq 'ON'){
- if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
- $fwdfwsettings{'TGT_PROT'}='';
- $fwdfwsettings{'ICMP_TGT'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- }
- if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
- $fwdfwsettings{'TGT_PROT'}='';
- $fwdfwsettings{'ICMP_TGT'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- #check target service
- if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
- $errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
- }
- }
- if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
- if ($fwdfwsettings{'TGT_PORT'} ne ''){
- if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && \
$fwdfwsettings{'nat'} eq 'dnat') {
- $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
- return $errormessage;
- }
- my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
- my @values=();
- foreach (@parts){
- chomp($_);
- if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
- my $check;
- #change dashes with :
- $_=~ tr/-/:/;
- if ($_ eq "*") {
- push(@values,"1:65535");
- $check='on';
- }
- if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
- push(@values,"1:$2");
- $check='on';
- }
- if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
- push(@values,"$1:65535");
- $check='on'
- }
- $errormessage .= &General::validportrange($_, 'destination');
- if(!$check){
- push (@values,$_);
- }
- }else{
- if (&General::validport($_)){
- push (@values,$_);
- }else{
- }
- }
- }
- $fwdfwsettings{'TGT_PORT'}=join("|", at values);
- }
- }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
- $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
- $fwdfwsettings{'TGT_PORT'} = '';
- $fwdfwsettings{'ICMP_TGT'} = '';
- }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
- $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
- $fwdfwsettings{'TGT_PORT'} = '';
- $fwdfwsettings{'ICMP_TGT'}='';
- }elsif ($fwdfwsettings{'PROT'} eq 'AH'){
- $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
- $fwdfwsettings{'TGT_PORT'} = '';
- $fwdfwsettings{'ICMP_TGT'}='';
- }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
- $fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
- $fwdfwsettings{'TGT_PORT'} = '';
- }
- }
- }
- #check targetport
- if ($fwdfwsettings{'USESRV'} ne 'ON'){
- $fwdfwsettings{'grp3'}='';
- $fwdfwsettings{$fwdfwsettings{'grp3'}}='';
- $fwdfwsettings{'ICMP_TGT'}='';
- }
- #check timeframe
- if($fwdfwsettings{'TIME'} eq 'ON'){
- if($fwdfwsettings{'TIME_MON'} eq '' && $fwdfwsettings{'TIME_TUE'} eq '' && \
$fwdfwsettings{'TIME_WED'} eq '' && $fwdfwsettings{'TIME_THU'} eq '' && \
$fwdfwsettings{'TIME_FRI'} eq '' && $fwdfwsettings{'TIME_SAT'} eq '' && \
$fwdfwsettings{'TIME_SUN'} eq ''){
- $errormessage=$Lang::tr{'fwdfw err time'};
- return $errormessage;
- }
- }
- return $errormessage;
-}
-sub check_natport
-{
- my $val=shift;
- if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && \
$fwdfwsettings{'dnatport'} ne ''){
- if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
- $fwdfwsettings{'dnatport'} =~ tr/-/:/;
- if ($fwdfwsettings{'dnatport'} eq "*") {
- $fwdfwsettings{'dnatport'}="1:65535";
- }
- if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
- $fwdfwsettings{'dnatport'} = "1:$2";
- }
- if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
- $fwdfwsettings{'dnatport'} ="$1:65535";
- }
- }
- return 1;
- }
- if ($val =~ "," || $val>65536 || $val<0){
- return 0;
- }
- return 1;
-}
-sub checkrule
-{
- #check valid port for NAT
- if($fwdfwsettings{'USE_NAT'} eq 'ON'){
- #if no port is given in nat area, take target host port
- if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && \
$fwdfwsettings{'dnatport'} eq \
''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
- #check if port given in nat area is a single valid port or portrange
- if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'TGT_PORT'} ne '' && \
!&check_natport($fwdfwsettings{'dnatport'})){
- $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>";
- }elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
- my $custsrvport;
- #get servcie Protocol and Port
- foreach my $key (sort keys %customservice){
- if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
- if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
- $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat \
porterr'}."<br>";
- }
- $custsrvport= $customservice{$key}[1];
- }
- }
- if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq \
''){$fwdfwsettings{'dnatport'}=$custsrvport;}
- }
- #check if DNAT port is multiple
- if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
- my @parts=split(",",$fwdfwsettings{'dnatport'});
- my @values=();
- foreach (@parts){
- chomp($_);
- if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
- my $check;
- #change dashes with :
- $_=~ tr/-/:/;
- if ($_ eq "*") {
- push(@values,"1:65535");
- $check='on';
- }
- if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
- push(@values,"1:$2");
- $check='on';
- }
- if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
- push(@values,"$1:65535");
- $check='on'
- }
- $errormessage .= &General::validportrange($_, 'destination');
- if(!$check){
- push (@values,$_);
- }
- }else{
- if (&General::validport($_)){
- push (@values,$_);
- }else{
-
- }
- }
- }
- $fwdfwsettings{'dnatport'}=join("|", at values);
- }
- }
- #check valid remark
- if ($fwdfwsettings{'ruleremark'} ne '' && \
!&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- #check if source and target identical
- if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq \
$fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne \
'ALL'){
- $errormessage=$Lang::tr{'fwdfw err same'};
- return $errormessage;
- }
- #get source and targetip address if possible
- my ($sip,$scidr,$tip,$tcidr);
- ($sip,$scidr)=&get_ip("src","grp1");
- ($tip,$tcidr)=&get_ip("tgt","grp2");
- #check same iprange in source and target
- if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
- my $networkip1=&General::getnetworkip($sip,$scidr);
- my $networkip2=&General::getnetworkip($tip,$tcidr);
- if ($scidr gt $tcidr){
- if ( &General::IpInSubnet($networkip1,$tip,&General::iporsubtodec($tcidr))){
- $errormessage.=$Lang::tr{'fwdfw err samesub'};
- }
- }elsif($scidr eq $tcidr && $scidr eq '32'){
- my ($sbyte1,$sbyte2,$sbyte3,$sbyte4)=split(/\./,$networkip1);
- my ($tbyte1,$tbyte2,$tbyte3,$tbyte4)=split(/\./,$networkip2);
- if ($sbyte1 eq $tbyte1 && $sbyte2 eq $tbyte2 && $sbyte3 eq $tbyte3){
- $hint=$Lang::tr{'fwdfw hint ip1'}."<br>";
- $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: \
$networkip2/$tcidr<br>";
- }
- }else{
- if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
- $errormessage.=$Lang::tr{'fwdfw err samesub'};
- }
- }
- }
- #When using source- or targetport, the protocol has to be TCP or UDP
- if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && \
($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && \
($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne \
'UDP')){
- $errormessage.=$Lang::tr{'fwdfw err prot_port1'};
- return;
- }
- #when icmp selected, no targetport allowed
- if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && \
$fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && \
($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} \
eq 'ON')){
- $errormessage.=$Lang::tr{'fwdfw err prot_port'};
- return;
- }
- #change protocol if prot not equal dest single service
- if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
- foreach my $key (sort keys %customservice){
- if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
- if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
- $fwdfwsettings{'PROT'} = $customservice{$key}[2];
- last;
- }
- }
- }
- }
- #check source and destination protocol if source manual and dest servicegroup
- if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
- $fwdfwsettings{'PROT'} = '';
- }
- #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
- $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated)
- #Check ICMP Types
- if ($fwdfwsettings{'PROT'} eq 'ICMP'){
- $fwdfwsettings{'USE_SRC_PORT'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- #$fwdfwsettings{'USESRV'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- foreach my $key (keys %icmptypes){
- if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
- $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
- }
- }
- }elsif($fwdfwsettings{'PROT'} eq 'GRE'){
- $fwdfwsettings{'USE_SRC_PORT'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'USESRV'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- }elsif($fwdfwsettings{'PROT'} eq 'ESP'){
- $fwdfwsettings{'USE_SRC_PORT'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'USESRV'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- }elsif($fwdfwsettings{'PROT'} eq 'AH'){
- $fwdfwsettings{'USE_SRC_PORT'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'USESRV'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){
- $fwdfwsettings{'USE_SRC_PORT'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'USESRV'}='';
- $fwdfwsettings{'TGT_PORT'}='';
- }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && \
$fwdfwsettings{'PROT'} ne 'ICMP'){
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'PROT'} = '';
- }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
- $fwdfwsettings{'ICMP_TYPES'}='';
- }
-}
-sub checkcounter
-{
- my ($base1,$val1,$base2,$val2) = @_;
-
- if($base1 eq 'cust_net_src' || $base1 eq 'cust_net_tgt'){
- &dec_counter($confignet,\%customnetwork,$val1);
- }elsif($base1 eq 'cust_host_src' || $base1 eq 'cust_host_tgt'){
- &dec_counter($confighost,\%customhost,$val1);
- }elsif($base1 eq 'cust_grp_src' || $base1 eq 'cust_grp_tgt'){
- &dec_counter($configgrp,\%customgrp,$val1);
- }elsif($base1 eq 'cust_srv'){
- &dec_counter($configsrv,\%customservice,$val1);
- }elsif($base1 eq 'cust_srvgrp'){
- &dec_counter($configsrvgrp,\%customservicegrp,$val1);
- }
-
- if($base2 eq 'cust_net_src' || $base2 eq 'cust_net_tgt'){
- &inc_counter($confignet,\%customnetwork,$val2);
- }elsif($base2 eq 'cust_host_src' || $base2 eq 'cust_host_tgt'){
- &inc_counter($confighost,\%customhost,$val2);
- }elsif($base2 eq 'cust_grp_src' || $base2 eq 'cust_grp_tgt'){
- &inc_counter($configgrp,\%customgrp,$val2);
- }elsif($base2 eq 'cust_srv'){
- &inc_counter($configsrv,\%customservice,$val2);
- }elsif($base2 eq 'cust_srvgrp'){
- &inc_counter($configsrvgrp,\%customservicegrp,$val2);
- }
-}
-sub checkvpn
-{
- my $ip=shift;
- #Test if manual IP is part of static OpenVPN networks
- &General::readhasharray("$configccdnet", \%ccdnet);
- foreach my $key (sort keys %ccdnet){
- my ($vpnip,$vpnsubnet) = split ("/",$ccdnet{$key}[1]);
- my $sub=&General::iporsubtodec($vpnsubnet);
- if (&General::IpInSubnet($ip,$vpnip,$sub)){
- return 0;
- }
- }
- # A Test if manual ip is part of dynamic openvpn subnet is made in getcolor
- # because if one creates a custom host with the ip, we need to check the color \
there!
- # It does not make sense to check this here
-
- # Test if manual IP is part of an OpenVPN N2N subnet does also not make sense here
- # Is also checked in getcolor
-
- # Test if manual ip is part of an IPsec Network is also checked in getcolor
- return 1;
-}
-sub checkvpncolor
-{
-
-}
-sub deleterule
-{
- my %delhash=();
- &General::readhasharray($fwdfwsettings{'config'}, \%delhash);
- foreach my $key (sort {$a <=> $b} keys %delhash){
- if ($key == $fwdfwsettings{'key'}){
- #check hosts/net and groups
- &checkcounter($delhash{$key}[3],$delhash{$key}[4],,);
- &checkcounter($delhash{$key}[5],$delhash{$key}[6],,);
- #check services and groups
- if ($delhash{$key}[11] eq 'ON'){
- &checkcounter($delhash{$key}[14],$delhash{$key}[15],,);
- }
- }
- if ($key >= $fwdfwsettings{'key'}) {
- my $next = $key + 1;
- if (exists $delhash{$next}) {
- foreach my $i (0 .. $#{$delhash{$next}}) {
- $delhash{$key}[$i] = $delhash{$next}[$i];
- }
- }
- }
- }
- # Remove the very last entry.
- my $last_key = (sort {$a <=> $b} keys %delhash)[-1];
- delete $delhash{$last_key};
-
- &General::writehasharray($fwdfwsettings{'config'}, \%delhash);
- &General::firewall_config_changed();
-
- if($fwdfwsettings{'nobase'} ne 'on'){
- &base;
- }
-}
-sub disable_rule
-{
- my $key1=shift;
- &General::readhasharray("$configfwdfw", \%configfwdfw);
- foreach my $key (sort keys %configfwdfw){
- if ($key eq $key1 ){
- if ($configfwdfw{$key}[2] eq 'ON'){$configfwdfw{$key}[2]='';}
- }
- }
- &General::writehasharray("$configfwdfw", \%configfwdfw);
- &General::firewall_config_changed();
-}
-sub dec_counter
-{
- my $config=shift;
- my %hash=%{(shift)};
- my $val=shift;
- my $pos;
- &General::readhasharray($config, \%hash);
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
- if($hash{$key}[0] eq $val){
- $pos=$#{$hash{$key}};
- $hash{$key}[$pos] = $hash{$key}[$pos]-1;
- }
- }
- &General::writehasharray($config, \%hash);
-}
-sub error
-{
- if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
- print"<hr>";
- }
-}
-sub fillselect
-{
- my %hash=%{(shift)};
- my $val=shift;
- my $key;
- foreach my $key (sort { ncmp($hash{$a}[0],$hash{$b}[0]) } keys %hash){
- if($hash{$key}[0] eq $val){
- print"<option value='$hash{$key}[0]' selected>$hash{$key}[0]</option>";
- }else{
- print"<option value='$hash{$key}[0]'>$hash{$key}[0]</option>";
- }
- }
-}
-sub gen_dd_block
-{
- my $srctgt = shift;
- my $grp=shift;
- my $helper='';
- my $show='';
- $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
- $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
- $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
- $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
- $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
- $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
- $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
- $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
- $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
- $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
- $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
- $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
- $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
- $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
- $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
- $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
- $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
-print<<END;
- <table width='100%' border='0'>
- <tr><td width='50%' valign='top'>
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='$grp' id='std_net_$srctgt' \
value='std_net_$srctgt' $checked{$grp}{'std_net_'.$srctgt}></td><td>$Lang::tr{'fwhost \
stdnet'}</td><td align='right'><select name='std_net_$srctgt' \
style='width:200px;'>
-END
- foreach my $network (sort keys %defaultNetworks)
- {
- next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- print "<option value='$defaultNetworks{$network}{'NAME'}'";
- print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$defaultNetworks{$network}{'NAME'});
- my $defnet="$defaultNetworks{$network}{'NAME'}_NETADDRESS";
- my $defsub="$defaultNetworks{$network}{'NAME'}_NETMASK";
- my $defsub1=&General::subtocidr($ifaces{$defsub});
- $ifaces{$defnet}='' if ($defaultNetworks{$network}{'NAME'} eq 'RED');
- if ($ifaces{$defnet}){
- print ">$network ($ifaces{$defnet}/$defsub1)</option>";
- }else{
- print ">$network</option>";
- }
- }
- print"</select></td></tr>";
- #custom networks
- if (! -z $confignet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
- print"<tr><td><input type='radio' name='$grp' id='cust_net_$srctgt' \
value='cust_net_$srctgt' \
$checked{$grp}{'cust_net_'.$srctgt}></td><td>$Lang::tr{'fwhost cust net'}</td><td \
align='right'><select name='cust_net_$srctgt' style='width:200px;'>";
- &fillselect(\%customnetwork,$fwdfwsettings{$fwdfwsettings{$grp}});
- print"</select></td>";
- }
- #custom hosts
- if (! -z $confighost || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
- print"<tr><td><input type='radio' name='$grp' id='cust_host_$srctgt' \
value='cust_host_$srctgt' \
$checked{$grp}{'cust_host_'.$srctgt}></td><td>$Lang::tr{'fwhost cust addr'}</td><td \
align='right'><select name='cust_host_$srctgt' \
style='width:200px;'>";
- &fillselect(\%customhost,$fwdfwsettings{$fwdfwsettings{$grp}});
- print"</select></td>";
- }
- #custom groups
- if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
- print"<tr><td valign='top'><input type='radio' name='$grp' id='cust_grp_$srctgt' \
value='cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}></td><td \
>$Lang::tr{'fwhost cust grp'}</td><td align='right'><select name='cust_grp_$srctgt' \
> style='width:200px;'>";
- foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys \
%customgrp) {
- if($helper ne $customgrp{$key}[0]){
- print"<option ";
- print "selected='selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$customgrp{$key}[0]);
- print ">$customgrp{$key}[0]</option>";
- }
- $helper=$customgrp{$key}[0];
- }
- print"</select></td>";
- }
- #End left table. start right table (vpn)
- print"</tr></table></td><td valign='top'><table width='100%' border='0'><tr>";
- # CCD networks
- if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
- print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' \
value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_net_$srctgt' \
style='width:200px;'>";
- &fillselect(\%ccdnet,$fwdfwsettings{$fwdfwsettings{$grp}});
- print"</select></td></tr>";
- }
- #OVPN CCD Hosts
- foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost){
- if ($ccdhost{$key}[33] ne '' ){
- print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' \
value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_host_$srctgt' style='width:200px;'>" if \
($show eq '');
- $show='1';
- print "<option value='$ccdhost{$key}[1]'";
- print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ccdhost{$key}[1]);
- print ">$ccdhost{$key}[1]</option>";
- }
- }
- if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
- print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_host_$srctgt' \
value='ovpn_host_$srctgt' $checked{$grp}{'ovpn_host_'.$srctgt}></td><td \
nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' \
width='1%' align='right'><select name='ovpn_host_$srctgt' \
style='width:200px;'></select></td></tr>" ;
- }
- if ($show eq '1'){$show='';print"</select></td></tr>";}
- #OVPN N2N
- foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost){
- if ($ccdhost{$key}[3] eq 'net'){
- print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' \
value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' \
width='16%'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td nowrap='nowrap' width='1%' \
align='right'><select name='ovpn_n2n_$srctgt' style='width:200px;'>" if ($show eq \
'');
- $show='1';
- print "<option value='$ccdhost{$key}[1]'";
- print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ccdhost{$key}[1]);
- print ">$ccdhost{$key}[1]</option>";
- }
- }
- if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
- print"<tr><td width='1%'><input type='radio' name='$grp' id='ovpn_n2n_$srctgt' \
value='ovpn_n2n_$srctgt' $checked{$grp}{'ovpn_n2n_'.$srctgt}></td><td nowrap='nowrap' \
width='16%'>$Lang::tr{'fwhost ovpn_n2n'}</td><td nowrap='nowrap' width='1%' \
align='right'><select name='ovpn_n2n_$srctgt' \
style='width:200px;'></select></td></tr>" ;
- }
- if ($show eq '1'){$show='';print"</select></td></tr>";}
- #IPsec netze
- foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys \
%ipsecconf) {
- if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
- print"<tr><td valign='top'><input type='radio' name='$grp' \
value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td \
>$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' \
> style='width:200px;'>" if ($show eq '');
- $show='1';
- print "<option ";
- print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq \
$ipsecconf{$key}[1]);
- print ">$ipsecconf{$key}[1]</option>";
- }
- }
- if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
- print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' \
value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td \
>$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' \
> style='width:200px;'><select></td></tr>";
- }
- if ($show eq '1'){$show='';print"</select></td></tr>";}
-
- print"</table>";
- print"</td></tr></table><br>";
-}
-sub get_ip
-{
- my $val=shift;
- my $grp =shift;
- my $a;
- my $b;
- &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
- if ($fwdfwsettings{$grp} ne $Lang::tr{'fwhost any'}){
- if ($fwdfwsettings{$grp} eq $val.'_addr'){
- ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
- }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
- if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
- $a=$netsettings{'GREEN_NETADDRESS'};
- $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
- $a=$netsettings{'ORANGE_NETADDRESS'};
- $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
- $a=$netsettings{'BLUE_NETADDRESS'};
- $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
- &General::readhash("$configovpn",\%ovpnsettings);
- ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
- $b=&General::iporsubtocidr($b);
- }
- }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
- &General::readhasharray("$confignet", \%customnetwork);
- foreach my $key (keys %customnetwork){
- if($customnetwork{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
- $a=$customnetwork{$key}[1];
- $b=&General::iporsubtocidr($customnetwork{$key}[2]);
- }
- }
- }elsif($fwdfwsettings{$grp} eq 'cust_host_'.$val){
- &General::readhasharray("$confighost", \%customhost);
- foreach my $key (keys %customhost){
- if($customhost{$key}[0] eq $fwdfwsettings{$fwdfwsettings{$grp}}){
- if ($customhost{$key}[1] eq 'ip'){
- ($a,$b)=split (/\//,$customhost{$key}[2]);
- $b=&General::iporsubtocidr($b);
- }else{
- if ($grp eq 'grp2'){
- $errormessage=$Lang::tr{'fwdfw err tgt_mac'};
- }
- }
- }
- }
- }
- }
- return $a,$b;
-}
-sub get_name
-{
- my $val=shift;
- &General::setup_default_networks(\%defaultNetworks);
- foreach my $network (sort keys %defaultNetworks)
- {
- return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
- }
-}
-sub getsrcport
-{
- my %hash=%{(shift)};
- my $key=shift;
- if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
- $hash{$key}[10]=~ s/\|/,/g;
- print": $hash{$key}[10]";
- }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
- print": <br>$hash{$key}[9] ";
- }
-}
-sub gettgtport
-{
- my %hash=%{(shift)};
- my $key=shift;
- my $service;
- my $prot;
- if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
- if($hash{$key}[14] eq 'cust_srv'){
- &General::readhasharray("$configsrv", \%customservice);
- foreach my $i (sort keys %customservice){
- if($customservice{$i}[0] eq $hash{$key}[15]){
- $service = $customservice{$i}[0];
- }
- }
- }elsif($hash{$key}[14] eq 'cust_srvgrp'){
- $service=$hash{$key}[15];
- }elsif($hash{$key}[14] eq 'TGT_PORT'){
- $hash{$key}[15]=~ s/\|/,/g;
- $service=$hash{$key}[15];
- }
- if($service){
- print": $service";
- }
- }
-}
-sub get_serviceports
-{
- my $type=shift;
- my $name=shift;
- &General::readhasharray("$configsrv", \%customservice);
- &General::readhasharray("$configsrvgrp", \%customservicegrp);
- my $tcp;
- my $udp;
- my $icmp;
- @protocols=();
- if($type eq 'service'){
- foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys \
%customservice){
- if ($customservice{$key}[0] eq $name){
- push (@protocols,$customservice{$key}[2]);
- }
- }
- }elsif($type eq 'group'){
- foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } \
keys %customservicegrp){
- if ($customservicegrp{$key}[0] eq $name){
- foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } \
keys %customservice){
- if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
- if($customservice{$key1}[2] eq 'TCP'){
- $tcp='TCP';
- }elsif($customservice{$key1}[2] eq 'ICMP'){
- $icmp='ICMP';
- }elsif($customservice{$key1}[2] eq 'UDP'){
- $udp='UDP';
- }
- }
- }
- }
- }
- }
- if($tcp && $udp && $icmp){
- push (@protocols,"TCP,UDP, <br>ICMP");
- return @protocols;
- }
- if($tcp){
- push (@protocols,"TCP");
- }
- if($udp){
- push (@protocols,"UDP");
- }
- if($icmp){
- push (@protocols,"ICMP");
- }
- return @protocols;
-}
-sub getcolor
-{
- my $nettype=shift;
- my $val=shift;
- my $hash=shift;
- if($optionsfw{'SHOWCOLORS'} eq 'on'){
- #custom Hosts
- if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
- foreach my $key (sort keys %$hash){
- if ($$hash{$key}[0] eq $val){
- $val=$$hash{$key}[2];
- }
- }
- }
- #standard networks
- if ($val eq 'GREEN'){
- $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
- return;
- }elsif ($val eq 'ORANGE'){
- $tdcolor="style='background-color: $Header::colourorange;color:white;'";
- return;
- }elsif ($val eq 'BLUE'){
- $tdcolor="style='background-color: $Header::colourblue;color:white;'";
- return;
- }elsif ($val eq 'RED' ||$val eq 'RED1' ){
- $tdcolor="style='background-color: $Header::colourred;color:white;'";
- return;
- }elsif ($val eq 'IPFire' ){
- $tdcolor="style='background-color: $Header::colourred;color:white;'";
- return;
- }elsif($val =~ /^(.*?)\/(.*?)$/){
- my ($sip,$scidr) = split ("/",$val);
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
- $tdcolor="style='background-color: $Header::colourorange;color:white;'";
- return;
- }
- if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
- $tdcolor="style='background-color: $Header::colourgreen;color:white;'";
- return;
- }
- if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
- $tdcolor="style='background-color: $Header::colourblue;color:white;'";
- return;
- }
- }elsif ($val eq 'Default IP'){
- $tdcolor="style='background-color: $Header::colourred;color:white;'";
- return;
- }
- #Check if a manual IP or custom host is part of a VPN
- if ($nettype eq 'src_addr' || $nettype eq 'tgt_addr' || $nettype eq \
'cust_host_src' || $nettype eq 'cust_host_tgt'){
- #Check if IP is part of OpenVPN dynamic subnet
- my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
- my ($c,$d) = split("/",$val);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
- return;
- }
- #Check if IP is part of OpenVPN static subnet
- foreach my $key (sort keys %ccdnet){
- my ($a,$b) = split("/",$ccdnet{$key}[1]);
- $b =&General::iporsubtodec($b);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
- return;
- }
- }
- #Check if IP is part of OpenVPN N2N subnet
- foreach my $key (sort keys %ccdhost){
- if ($ccdhost{$key}[3] eq 'net'){
- my ($a,$b) = split("/",$ccdhost{$key}[11]);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
- return;
- }
- }
- }
- #Check if IP is part of IPsec RW network
- if ($ipsecsettings{'RW_NET'} ne ''){
- my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
- $b=&General::iporsubtodec($b);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
- return;
- }
- }
- #Check if IP is part of a IPsec N2N network
- foreach my $key (sort keys %ipsecconf){
- my ($a,$b) = split("/",$ipsecconf{$key}[11]);
- if (&General::IpInSubnet($c,$a,$b)){
- $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
- return;
- }
- }
- }
- #VPN networks
- if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq \
'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || \
$nettype eq 'ovpn_host_tgt'){
- $tdcolor="style='background-color: $Header::colourovpn;color:white;'";
- return;
- }
- if ($nettype eq 'ipsec_net_src' || $nettype eq 'ipsec_net_tgt'){
- $tdcolor="style='background-color: $Header::colourvpn;color:white;'";
- return;
- }
- #ALIASE
- foreach my $alias (sort keys %aliases)
- {
- if ($val eq $alias){
- $tdcolor="style='background-color:$Header::colourred;color:white;'";
- return;
- }
- }
- }
- $tdcolor='';
- return;
-}
-sub hint
-{
- if ($hint) {
- &Header::openbox('100%', 'left', $Lang::tr{'fwhost hint'});
- print "<class name='base'>$hint\n";
- print " </class>\n";
- &Header::closebox();
- print"<hr>";
- }
-}
-sub inc_counter
-{
- my $config=shift;
- my %hash=%{(shift)};
- my $val=shift;
- my $pos;
-
- &General::readhasharray($config, \%hash);
- foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){
- if($hash{$key}[0] eq $val){
- $pos=$#{$hash{$key}};
- $hash{$key}[$pos] = $hash{$key}[$pos]+1;
- }
- }
- &General::writehasharray($config, \%hash);
-}
-sub newrule
-{
- &error;
- &General::setup_default_networks(\%defaultNetworks);
- &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
- #read all configfiles
- &General::readhasharray("$configccdnet", \%ccdnet);
- &General::readhasharray("$confignet", \%customnetwork);
- &General::readhasharray("$configccdhost", \%ccdhost);
- &General::readhasharray("$confighost", \%customhost);
- &General::readhasharray("$configccdhost", \%ccdhost);
- &General::readhasharray("$configgrp", \%customgrp);
- &General::readhasharray("$configipsec", \%ipsecconf);
- &General::get_aliases(\%aliases);
- my %checked=();
- my $helper;
- my $sum=0;
- if($fwdfwsettings{'config'} eq ''){$fwdfwsettings{'config'}=$configfwdfw;}
- my $config=$fwdfwsettings{'config'};
- my %hash=();
- #Get Red IP-ADDRESS
- open (CONN1,"/var/ipfire/red/local-ipaddress");
- my $redip = <CONN1>;
- close(CONN1);
- $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
- $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
- $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
- $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
- $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
- $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
- $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
- $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
- $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
- $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
- $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
- $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
- $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
- $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
- $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
- $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
- $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
- $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
- $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
- #check if update and get values
- if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on' \
&& !$errormessage){
- &General::readhasharray("$config", \%hash);
- foreach my $key (sort keys %hash){
- $sum++;
- if ($key eq $fwdfwsettings{'key'}){
- $fwdfwsettings{'oldrulenumber'} = $fwdfwsettings{'key'};
- $fwdfwsettings{'RULE_ACTION'} = $hash{$key}[0];
- $fwdfwsettings{'chain'} = $hash{$key}[1];
- $fwdfwsettings{'ACTIVE'} = $hash{$key}[2];
- $fwdfwsettings{'grp1'} = $hash{$key}[3];
- $fwdfwsettings{$fwdfwsettings{'grp1'}} = $hash{$key}[4];
- $fwdfwsettings{'grp2'} = $hash{$key}[5];
- $fwdfwsettings{$fwdfwsettings{'grp2'}} = $hash{$key}[6];
- $fwdfwsettings{'USE_SRC_PORT'} = $hash{$key}[7];
- $fwdfwsettings{'PROT'} = $hash{$key}[8];
- $fwdfwsettings{'ICMP_TYPES'} = $hash{$key}[9];
- $fwdfwsettings{'SRC_PORT'} = $hash{$key}[10];
- $fwdfwsettings{'USESRV'} = $hash{$key}[11];
- $fwdfwsettings{'TGT_PROT'} = $hash{$key}[12];
- $fwdfwsettings{'ICMP_TGT'} = $hash{$key}[13];
- $fwdfwsettings{'grp3'} = $hash{$key}[14];
- $fwdfwsettings{$fwdfwsettings{'grp3'}} = $hash{$key}[15];
- $fwdfwsettings{'ruleremark'} = $hash{$key}[16];
- $fwdfwsettings{'LOG'} = $hash{$key}[17];
- $fwdfwsettings{'TIME'} = $hash{$key}[18];
- $fwdfwsettings{'TIME_MON'} = $hash{$key}[19];
- $fwdfwsettings{'TIME_TUE'} = $hash{$key}[20];
- $fwdfwsettings{'TIME_WED'} = $hash{$key}[21];
- $fwdfwsettings{'TIME_THU'} = $hash{$key}[22];
- $fwdfwsettings{'TIME_FRI'} = $hash{$key}[23];
- $fwdfwsettings{'TIME_SAT'} = $hash{$key}[24];
- $fwdfwsettings{'TIME_SUN'} = $hash{$key}[25];
- $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
- $fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
- $fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
- $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
- $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
- $fwdfwsettings{'dnatport'} = $hash{$key}[30];
- $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
- $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
- $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
- $checked{'USE_SRC_PORT'}{$fwdfwsettings{'USE_SRC_PORT'}} = 'CHECKED';
- $checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
- $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
- $checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
- $checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
- $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
- $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
- $checked{'TIME_WED'}{$fwdfwsettings{'TIME_WED'}} = 'CHECKED';
- $checked{'TIME_THU'}{$fwdfwsettings{'TIME_THU'}} = 'CHECKED';
- $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
- $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
- $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
- $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
- $checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
- $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
- $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
- $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
- $selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
- $selected{'dnat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
- $selected{'snat'}{$fwdfwsettings{$fwdfwsettings{'nat'}}} ='selected';
- }
- }
- $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
- $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
- $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
- $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
- $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
- $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
- $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
- $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
- $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
- $fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
- #check if manual ip (source) is orange network
- if ($fwdfwsettings{'grp1'} eq 'src_addr'){
- my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
- $fwdfwsettings{'oldorange'} ='on';
- }
- }
- }else{
- $fwdfwsettings{'ACTIVE'}='ON';
- $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
- $fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
- $fwdfwsettings{'oldgrp1b'}=$fwdfwsettings{$fwdfwsettings{'grp1'}};
- $fwdfwsettings{'oldgrp2a'}=$fwdfwsettings{'grp2'};
- $fwdfwsettings{'oldgrp2b'}=$fwdfwsettings{$fwdfwsettings{'grp2'}};
- $fwdfwsettings{'oldgrp3a'}=$fwdfwsettings{'grp3'};
- $fwdfwsettings{'oldgrp3b'}=$fwdfwsettings{$fwdfwsettings{'grp3'}};
- $fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
- $fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
- $fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
- #check if manual ip (source) is orange network
- if ($fwdfwsettings{'grp1'} eq 'src_addr'){
- my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
- if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
- $fwdfwsettings{'oldorange'} ='on';
- }
- }
- }
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
- &Header::closebox();
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
- #------SOURCE-------------------------------------------------------
- print "<form method='post'>";
- print<<END;
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='grp1' value='src_addr' \
checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' \
name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td \
width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' \
$checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td>
-END
- print"<td align='right'><select name='ipfire_src' style='width:200px;'>";
- print "<option value='ALL' \
$selected{'ipfire_src'}{'ALL'}>$Lang::tr{'all'}</option>";
- print "<option value='GREEN' $selected{'ipfire_src'}{'GREEN'}>$Lang::tr{'green'} \
($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
- print "<option value='ORANGE' \
$selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} \
($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
- print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} \
($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
- print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} \
($redip)" if ($redip);
- if (! -z "${General::swroot}/ethernet/aliases"){
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
- }
- }
- print<<END;
- </select></td></tr>
- <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' \
/></td></tr></table>
-END
- &gen_dd_block('src','grp1');
- print"<hr>";
- &Header::closebox();
- #---SNAT / DNAT ------------------------------------------------
- &Header::openbox('100%', 'left', 'NAT');
- print<<END;
- <label>
- <input type='checkbox' name='USE_NAT' id='USE_NAT' value="ON" \
$checked{'USE_NAT'}{'ON'}>
- $Lang::tr{'fwdfw use nat'}
- </label>
- <div class="NAT">
- <table width='100%' border='0'>
- <tr>
- <td colspan='2'></td>
- <td width='1%'>
- <input type='radio' name='nat' id='dnat' value='dnat' checked>
- </td>
- <td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
-END
- print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select \
name='dnat' style='width:140px;'>";
- print "<option value='ALL' \
$selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
- print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default \
IP</option>";
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
- }
- print"</select></td></tr>";
- #SNAT
- print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' \
id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw \
snat'}</td>";
- print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select \
name='snat' style='width:140px;'>";
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>";
- }
- foreach my $network (sort keys %defaultNetworks)
- {
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- next if($defaultNetworks{$network}{'NAME'} eq "ALL");
- next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
- print "<option value='$defaultNetworks{$network}{'NAME'}'";
- print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq \
$defaultNetworks{$network}{'NAME'});
- print ">$network</option>";
- }
- print"</select></td></tr></table>";
- print"</div>";
- &Header::closebox();
- #---TARGET------------------------------------------------------
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
- print<<END;
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='radio' name='grp2' value='tgt_addr' \
checked></td><td width='60%' nowrap='nowrap'>$Lang::tr{'fwdfw targetip'}<input \
type='TEXT' name='tgt_addr' value='$fwdfwsettings{'tgt_addr'}' size='16' \
maxlength='18'><td width='1%'><input type='radio' name='grp2' id='ipfire' \
value='ipfire' \
$checked{'grp2'}{'ipfire'}></td><td><b>Firewall</b></td>
-END
- print"<td align='right'><select name='ipfire' style='width:200px;'>";
- print "<option value='ALL' $selected{'ipfire'}{'ALL'}>$Lang::tr{'all'}</option>";
- print "<option value='GREEN' $selected{'ipfire'}{'GREEN'}>$Lang::tr{'green'} \
($ifaces{'GREEN_ADDRESS'})</option>" if $ifaces{'GREEN_ADDRESS'};
- print "<option value='ORANGE' $selected{'ipfire'}{'ORANGE'}>$Lang::tr{'orange'} \
($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
- print "<option value='BLUE' $selected{'ipfire'}{'BLUE'}>$Lang::tr{'blue'} \
($ifaces{'BLUE_ADDRESS'})</option>"if (&Header::blue_used());
- print "<option value='RED1' $selected{'ipfire'}{'RED1'}>$Lang::tr{'red1'} \
($redip)" if ($redip);
- if (! -z "${General::swroot}/ethernet/aliases"){
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
- }
- }
- print<<END;
- </select></td></tr>
- <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' \
/></td></tr></table>
-END
- &gen_dd_block('tgt','grp2');
- print"<hr>";
- &Header::closebox;
- #---PROTOCOL------------------------------------------------------
- &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
- #Fix Protocol for JQuery
- if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq \
'cust_srvgrp'){
- $fwdfwsettings{'PROT'} = 'template';
- }
- print<<END;
- <div id="prt">
- <table width='15%' border='0' style="float:left;">
- <tr>
- <td>
- <select name='PROT' id='protocol'>
-END
- print "<option value=\"\"";
- if ($fwdfwsettings{'PROT'} eq '') {
- print " selected=\"selected\"";
- }
- print ">$Lang::tr{'all'}</option>";
-
- print "<option value=\"template\"";
- print " selected=\"selected\"" if ($fwdfwsettings{'grp3'} eq 'cust_srv' || \
$fwdfwsettings{'grp3'} eq 'cust_srvgrp');
- print ">- $Lang::tr{'template'} -</option>";
-
- foreach (@PROTOCOLS) {
- print"<option value=\"$_\"";
- if ($_ eq $fwdfwsettings{'PROT'}) {
- print " selected=\"selected\"";
- }
- print ">$_</option>";
- }
- print<<END;
- </select>
- </td>
- </tr>
- </table>
- </div>
-
- <div id="PROTOCOL_ICMP_TYPES">
- <table width='50%' border='0' style="float:left;">
- <tr>
- <td width='20%'>$Lang::tr{'fwhost icmptype'}</td>
- <td colspan='2'>
- <select name='ICMP_TYPES' style='min-width:230px;'>
-END
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
- foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys \
%icmptypes){
- if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
- print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }else{
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }
- }
-
- print <<END;
- </select>
- </td>
- </tr>
- </table>
- </div>
-END
-
- $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g;
- $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
- $fwdfwsettings{'dnatport'} =~ tr/|/,/;
-
- # The dnatport may be empty, if it matches TGT_PORT
- if ($fwdfwsettings{'dnatport'} eq $fwdfwsettings{'TGT_PORT'}) {
- $fwdfwsettings{'dnatport'} = "";
- }
-
- print <<END;
-
- <div id="PROTOCOL_PORTS">
- <table border="0">
- <tr>
- <!-- #SOURCEPORT -->
- <td>
- $Lang::tr{'fwdfw use srcport'}
- </td>
- <td>
- <input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' \
maxlength='20' size='18'>
- </td>
- <td width='10%'>
- </td>
-
- <!-- #TARGETPORT -->
- <td>
- $Lang::tr{'fwdfw use srv'}
- </td>
-
- <td>
- <input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' \
maxlength='20' size='18'>
- </td>
- </tr>
- <tr class="NAT">
- <td colspan='3'></td>
- <td>$Lang::tr{'fwdfw external port nat'}:</td>
- <td>
- <input type='text' name='dnatport' value=\"$fwdfwsettings{'dnatport'}\" \
maxlength='20' size='18'>
- </td>
- </tr>
- </table>
- </div>
-
- <div id="PROTOCOL_TEMPLATE">
- <table border="0">
- <tr>
- <td>
- <input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked>
- $Lang::tr{'fwhost cust service'}
- </td>
- <td>
- <select name='cust_srv' style='min-width: 230px;'>
-END
- &General::readhasharray("$configsrv", \%customservice);
- foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys \
%customservice){
- print"<option ";
- print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq \
$customservice{$key}[0]);
- print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
- }
-
- print<<END;
- </select>
- </td>
- </tr>
- <tr>
- <td>
- <input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' \
$checked{'grp3'}{'cust_srvgrp'}>
- $Lang::tr{'fwhost cust srvgrp'}
- </td>
- <td>
- <select name='cust_srvgrp' style='min-width:230px;'>
-END
-
- &General::readhasharray("$configsrvgrp", \%customservicegrp);
- my $helper;
- foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } \
keys %customservicegrp){
- if ($helper ne $customservicegrp{$key}[0]){
- print"<option ";
- print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq \
$customservicegrp{$key}[0]);
- print">$customservicegrp{$key}[0]</option>";
- }
- $helper=$customservicegrp{$key}[0];
- }
- print<<END;
- </select>
- </td>
- </tr>
- </table>
- </div>
-
- <br><br><br>
-END
-
- &Header::closebox;
-
- $checked{"RULE_ACTION"} = ();
- foreach ("ACCEPT", "DROP", "REJECT") {
- $checked{"RULE_ACTION"}{$_} = "";
- }
-
- if($fwdfwsettings{'updatefwrule'} eq 'on') {
- $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked";
- } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') {
- $checked{"RULE_ACTION"}{"ACCEPT"} = "checked";
- } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') {
- $checked{"RULE_ACTION"}{"DROP"} = "checked";
- }
-
- print <<END;
- <hr><br>
-
- <center>
- <table width="80%" border="0">
- <tr>
- <td width="33%" align="center" bgcolor="$color{'color17'}">
- <br>
- </td>
- <td width="33%" align="center" bgcolor="$color{'color25'}">
- <br>
- </td>
- <td width="33%" align="center" bgcolor="$color{'color16'}">
- <br>
- </td>
- </tr>
- <tr>
- <td width="33%" align="center">
- <label>
- <input type="radio" name="RULE_ACTION" value="ACCEPT" \
$checked{"RULE_ACTION"}{"ACCEPT"}>
- <strong>$Lang::tr{'fwdfw ACCEPT'}</strong>
- </label>
- </td>
- <td width="33%" align="center">
- <label>
- <input type="radio" name="RULE_ACTION" value="DROP" \
$checked{"RULE_ACTION"}{"DROP"}>
- <strong>$Lang::tr{'fwdfw DROP'}</strong>
- </label>
- </td>
- <td width="33%" align="center">
- <label>
- <input type="radio" name="RULE_ACTION" value="REJECT" \
$checked{"RULE_ACTION"}{"REJECT"}>
- <strong>$Lang::tr{'fwdfw REJECT'}</strong>
- </label>
- </td>
- </tr>
- </table>
- </center>
-
- <br>
-END
-
- #---Activate/logging/remark-------------------------------------
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
- print<<END;
- <table width='100%' border='0'>
-END
- print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' \
align='left'><input type='text' name='ruleremark' maxlength='255' \
value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
- if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq \
'on'){
- print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select \
name='rulepos' >";
- for (my $count =1; $count <= $sum; $count++){
- print"<option value='$count' ";
- print"selected='selected'" if($fwdfwsettings{'oldrulenumber'} eq $count);
- print">$count</option>";
- }
- print"</select></td></tr>";
- }else{
- print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><input type='text' \
name='rulepos' size='2'></td></tr>";
- }
-
- print<<END;
- </table>
- <table width='100%'>
- <tr>
-END
-
- if ($fwdfwsettings{'updatefwrule'} eq 'on') {
- print <<END;
- <td>
- <input type='checkbox' name='ACTIVE' value="ON" $checked{'ACTIVE'}{'ON'}>
- </td>
- <td>$Lang::tr{'fwdfw rule activate'}</td>
-END
- } else {
- print <<END;
- <td colspan="2">
- <input type="hidden" name="ACTIVE" value="ON">
- </td>
-END
- }
-
- print <<END;
- </tr>
- <tr>
- <td>
- <input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'}>
- </td>
- <td>$Lang::tr{'fwdfw log rule'}</td>
- </tr>
- <tr>
- <td width='1%'>
- <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' \
$checked{'TIME'}{'ON'}>
- </td>
- <td>$Lang::tr{'fwdfw timeframe'}</td>
- </tr>
- <tr id="TIME_CONSTRAINTS">
- <td colspan="2">
- <table width="66%" border="0">
- <tr>
- <td width="8em"> </td>
- <td align="center">$Lang::tr{'advproxy monday'}</td>
- <td align="center">$Lang::tr{'advproxy tuesday'}</td>
- <td align="center">$Lang::tr{'advproxy wednesday'}</td>
- <td align="center">$Lang::tr{'advproxy thursday'}</td>
- <td align="center">$Lang::tr{'advproxy friday'}</td>
- <td align="center">$Lang::tr{'advproxy saturday'}</td>
- <td align="center">$Lang::tr{'advproxy sunday'}</td>
- <td> </td>
- </tr>
- <tr>
- <td width="8em"> </td>
- <td align="center"><input type='checkbox' name='TIME_MON' value='on' \
$checked{'TIME_MON'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_TUE' value='on' \
$checked{'TIME_TUE'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_WED' value='on' \
$checked{'TIME_WED'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_THU' value='on' \
$checked{'TIME_THU'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_FRI' value='on' \
$checked{'TIME_FRI'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_SAT' value='on' \
$checked{'TIME_SAT'}{'on'} ></td>
- <td align="center"><input type='checkbox' name='TIME_SUN' value='on' \
$checked{'TIME_SUN'}{'on'} ></td>
- <td>
- <select name='TIME_FROM'>
-END
- for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
- }
- }
- print<<END;
- </select> ‐
- <select name='TIME_TO'>
-END
- for (my $i=0;$i<=23;$i++) {
- $i = sprintf("%02s",$i);
- for (my $j=0;$j<=45;$j+=15) {
- $j = sprintf("%02s",$j);
- my $time = $i.":".$j;
- print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
- }
- }
- print<<END;
- </select>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- <br><hr>
-END
-
- #---ACTION------------------------------------------------------
- if($fwdfwsettings{'updatefwrule'} ne 'on'){
- print<<END;
- <table border='0' width='100%'>
- <tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' \
style='min-width:100px;' />
- <input type='hidden' name='config' value='$config' >
- <input type='hidden' name='ACTION' value='saverule' ></form>
- <form method='post' style='display:inline;'><input type='submit' \
value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' \
name='ACTION' value='reset'></form></td></tr>
- </table>
- <br>
-END
- }else{
- print<<END;
- <table border='0' width='100%'>
- <tr><td align='right'><input type='submit' value='$Lang::tr{'fwdfw change'}' \
style='min-width:100px;' /><input type='hidden' name='updatefwrule' \
value='$fwdfwsettings{'updatefwrule'}'><input type='hidden' name='key' \
value='$fwdfwsettings{'key'}'>
- <input type='hidden' name='oldgrp1a' value='$fwdfwsettings{'oldgrp1a'}' />
- <input type='hidden' name='oldgrp1b' value='$fwdfwsettings{'oldgrp1b'}' />
- <input type='hidden' name='oldgrp2a' value='$fwdfwsettings{'oldgrp2a'}' />
- <input type='hidden' name='oldgrp2b' value='$fwdfwsettings{'oldgrp2b'}' />
- <input type='hidden' name='oldgrp3a' value='$fwdfwsettings{'oldgrp3a'}' />
- <input type='hidden' name='oldgrp3b' value='$fwdfwsettings{'oldgrp3b'}' />
- <input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
- <input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' \
/>
- <input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
- <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' \
/>
- <input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
- <input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
- <input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
- <input type='hidden' name='ACTION' value='saverule' ></form><form method='post' \
style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' \
style='min-width:100px;'><input type='hidden' name='ACTION' \
value'reset'></td></td>
- </table></form>
-END
- }
- &Header::closebox();
-}
-sub pos_up
-{
- my %uphash=();
- my %tmp=();
- &General::readhasharray($fwdfwsettings{'config'}, \%uphash);
- foreach my $key (sort keys %uphash){
- if ($key eq $fwdfwsettings{'key'}) {
- my $last = $key -1;
- if (exists $uphash{$last}){
- #save rule last
- foreach my $y (0 .. $#{$uphash{$last}}) {
- $tmp{0}[$y] = $uphash{$last}[$y];
- }
- #copy active rule to last
- foreach my $i (0 .. $#{$uphash{$last}}) {
- $uphash{$last}[$i] = $uphash{$key}[$i];
- }
- #copy saved rule to actual position
- foreach my $x (0 .. $#{$tmp{0}}) {
- $uphash{$key}[$x] = $tmp{0}[$x];
- }
- }
- }
- }
- &General::writehasharray($fwdfwsettings{'config'}, \%uphash);
- &General::firewall_config_changed();
-}
-sub pos_down
-{
- my %downhash=();
- my %tmp=();
- &General::readhasharray($fwdfwsettings{'config'}, \%downhash);
- foreach my $key (sort keys %downhash){
- if ($key eq $fwdfwsettings{'key'}) {
- my $next = $key + 1;
- if (exists $downhash{$next}){
- #save rule next
- foreach my $y (0 .. $#{$downhash{$next}}) {
- $tmp{0}[$y] = $downhash{$next}[$y];
- }
- #copy active rule to next
- foreach my $i (0 .. $#{$downhash{$next}}) {
- $downhash{$next}[$i] = $downhash{$key}[$i];
- }
- #copy saved rule to actual position
- foreach my $x (0 .. $#{$tmp{0}}) {
- $downhash{$key}[$x] = $tmp{0}[$x];
- }
- }
- }
- }
- &General::writehasharray($fwdfwsettings{'config'}, \%downhash);
- &General::firewall_config_changed();
-}
-sub saverule
-{
- my $hash=shift;
- my $config=shift;
- &General::readhasharray("$config", $hash);
- if (!$errormessage){
- ################################################################
- #check if we change an INPUT rule to a OUTGOING
- if($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq \
'OUTGOINGFW' ){
- &changerule($configinput);
- #print"1";
- }
- #check if we change an INPUT rule to a FORWARD
- elsif($fwdfwsettings{'oldruletype'} eq 'INPUTFW' && $fwdfwsettings{'chain'} eq \
'FORWARDFW' ){
- &changerule($configinput);
- #print"2";
- }
- ################################################################
- #check if we change an OUTGOING rule to an INPUT
- elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq \
'INPUTFW' ){
- &changerule($configoutgoing);
- #print"3";
- }
- #check if we change an OUTGOING rule to a FORWARD
- elsif($fwdfwsettings{'oldruletype'} eq 'OUTGOINGFW' && $fwdfwsettings{'chain'} eq \
'FORWARDFW' ){
- &changerule($configoutgoing);
- #print"4";
- }
- ################################################################
- #check if we change a FORWARD rule to an INPUT
- elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq \
'INPUTFW'){
- &changerule($configfwdfw);
- #print"5";
- }
- #check if we change a FORWARD rule to an OUTGOING
- elsif($fwdfwsettings{'oldruletype'} eq 'FORWARDFW' && $fwdfwsettings{'chain'} eq \
'OUTGOINGFW'){
- &changerule($configfwdfw);
- #print"6";
- }
- if ($fwdfwsettings{'updatefwrule'} ne 'on'){
- my $key = &General::findhasharraykey ($hash);
- $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
- $$hash{$key}[1] = $fwdfwsettings{'chain'};
- $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
- $$hash{$key}[3] = $fwdfwsettings{'grp1'};
- $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
- $$hash{$key}[5] = $fwdfwsettings{'grp2'};
- $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
- $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
- $$hash{$key}[8] = $fwdfwsettings{'PROT'};
- $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
- $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
- $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
- $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
- $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
- $$hash{$key}[14] = $fwdfwsettings{'grp3'};
- $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
- $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
- $$hash{$key}[17] = $fwdfwsettings{'LOG'};
- $$hash{$key}[18] = $fwdfwsettings{'TIME'};
- $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
- $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
- $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
- $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
- $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
- $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
- $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
- $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
- $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
- $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
- $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
- $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
- $$hash{$key}[31] = $fwdfwsettings{'nat'};
- &General::writehasharray("$config", $hash);
- }else{
- foreach my $key (sort {$a <=> $b} keys %$hash){
- if($key eq $fwdfwsettings{'key'}){
- $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
- $$hash{$key}[1] = $fwdfwsettings{'chain'};
- $$hash{$key}[2] = $fwdfwsettings{'ACTIVE'};
- $$hash{$key}[3] = $fwdfwsettings{'grp1'};
- $$hash{$key}[4] = $fwdfwsettings{$fwdfwsettings{'grp1'}};
- $$hash{$key}[5] = $fwdfwsettings{'grp2'};
- $$hash{$key}[6] = $fwdfwsettings{$fwdfwsettings{'grp2'}};
- $$hash{$key}[7] = $fwdfwsettings{'USE_SRC_PORT'};
- $$hash{$key}[8] = $fwdfwsettings{'PROT'};
- $$hash{$key}[9] = $fwdfwsettings{'ICMP_TYPES'};
- $$hash{$key}[10] = $fwdfwsettings{'SRC_PORT'};
- $$hash{$key}[11] = $fwdfwsettings{'USESRV'};
- $$hash{$key}[12] = $fwdfwsettings{'TGT_PROT'};
- $$hash{$key}[13] = $fwdfwsettings{'ICMP_TGT'};
- $$hash{$key}[14] = $fwdfwsettings{'grp3'};
- $$hash{$key}[15] = $fwdfwsettings{$fwdfwsettings{'grp3'}};
- $$hash{$key}[16] = $fwdfwsettings{'ruleremark'};
- $$hash{$key}[17] = $fwdfwsettings{'LOG'};
- $$hash{$key}[18] = $fwdfwsettings{'TIME'};
- $$hash{$key}[19] = $fwdfwsettings{'TIME_MON'};
- $$hash{$key}[20] = $fwdfwsettings{'TIME_TUE'};
- $$hash{$key}[21] = $fwdfwsettings{'TIME_WED'};
- $$hash{$key}[22] = $fwdfwsettings{'TIME_THU'};
- $$hash{$key}[23] = $fwdfwsettings{'TIME_FRI'};
- $$hash{$key}[24] = $fwdfwsettings{'TIME_SAT'};
- $$hash{$key}[25] = $fwdfwsettings{'TIME_SUN'};
- $$hash{$key}[26] = $fwdfwsettings{'TIME_FROM'};
- $$hash{$key}[27] = $fwdfwsettings{'TIME_TO'};
- $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
- $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
- $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
- $$hash{$key}[31] = $fwdfwsettings{'nat'};
- last;
- }
- }
- }
- &General::writehasharray("$config", $hash);
- if($fwdfwsettings{'oldrulenumber'} > $fwdfwsettings{'rulepos'}){
- my %tmp=();
- my $val=$fwdfwsettings{'oldrulenumber'}-$fwdfwsettings{'rulepos'};
- for (my $z=0;$z<$val;$z++){
- foreach my $key (sort {$a <=> $b} keys %$hash){
- if ($key eq $fwdfwsettings{'oldrulenumber'}) {
- my $last = $key -1;
- if (exists $$hash{$last}){
- #save rule last
- foreach my $y (0 .. $#{$$hash{$last}}) {
- $tmp{0}[$y] = $$hash{$last}[$y];
- }
- #copy active rule to last
- foreach my $i (0 .. $#{$$hash{$last}}) {
- $$hash{$last}[$i] = $$hash{$key}[$i];
- }
- #copy saved rule to actual position
- foreach my $x (0 .. $#{$tmp{0}}) {
- $$hash{$key}[$x] = $tmp{0}[$x];
- }
- }
- }
- }
- $fwdfwsettings{'oldrulenumber'}--;
- }
- &General::writehasharray("$config", $hash);
- &General::firewall_config_changed();
- }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
- my %tmp=();
- my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
- for (my $z=0;$z<$val;$z++){
- foreach my $key (sort {$a <=> $b} keys %$hash){
- if ($key eq $fwdfwsettings{'oldrulenumber'}) {
- my $next = $key + 1;
- if (exists $$hash{$next}){
- #save rule next
- foreach my $y (0 .. $#{$$hash{$next}}) {
- $tmp{0}[$y] = $$hash{$next}[$y];
- }
- #copy active rule to next
- foreach my $i (0 .. $#{$$hash{$next}}) {
- $$hash{$next}[$i] = $$hash{$key}[$i];
- }
- #copy saved rule to actual position
- foreach my $x (0 .. $#{$tmp{0}}) {
- $$hash{$key}[$x] = $tmp{0}[$x];
- }
- }
- }
- }
- $fwdfwsettings{'oldrulenumber'}++;
- }
- &General::writehasharray("$config", $hash);
- &General::firewall_config_changed();
- }
- }
-}
-sub validremark
-{
- # Checks a hostname against RFC1035
- my $remark = $_[0];
-
- # Each part should be at least two characters in length
- # but no more than 63 characters
- if (length ($remark) < 1 || length ($remark) > 255) {
- return 0;}
- # Only valid characters are a-z, A-Z, 0-9 and -
- if ($remark !~ /^[a-z??????A-Z??????0-9-.:;\|_()\/\s]*$/) {
- return 0;}
- # First character can only be a letter or a digit
- if (substr ($remark, 0, 1) !~ /^[a-z??????A-Z??????0-9]*$/) {
- return 0;}
- # Last character can only be a letter or a digit
- if (substr ($remark, -1, 1) !~ /^[a-z??????A-Z??????0-9.:;_)]*$/) {
- return 0;}
- return 1;
-}
-sub viewtablerule
-{
- &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
- &viewtablenew(\%configfwdfw,$configfwdfw,"","Forward" );
- &viewtablenew(\%configinputfw,$configinput,"",$Lang::tr{'fwdfw xt access'} );
- &viewtablenew(\%configoutgoingfw,$configoutgoing,"","Outgoing" );
-}
-sub viewtablenew
-{
- my $hash=shift;
- my $config=shift;
- my $title=shift;
- my $title1=shift;
- my $go='';
- &General::get_aliases(\%aliases);
- &General::readhasharray("$confighost", \%customhost);
- &General::readhasharray("$config", $hash);
- &General::readhasharray("$configccdnet", \%ccdnet);
- &General::readhasharray("$configccdhost", \%ccdhost);
- if( ! -z $config){
- &Header::openbox('100%', 'left',$title);
- my $count=0;
- my ($gif,$log);
- my $ruletype;
- my $rulecolor;
- my $tooltip;
- my @tmpsrc=();
- my $coloryellow='';
- print <<END;
- <b>$title1</b>
- <br>
-
- <table width='100%' cellspacing='0' border='0'>
- <tr>
- <th align='right' width='3%'>
- #
- </th>
- <th width='2%'></th>
- <th align='center'>
- <b>$Lang::tr{'protocol'}</b>
- </th>
- <th align='center' width='30%'>
- <b>$Lang::tr{'fwdfw source'}</b>
- </th>
- <th align='center'>
- Log <!-- XXX UNTRANSLATED STRING -->
- </th>
- <th align='center' width='30%'>
- <b>$Lang::tr{'fwdfw target'}</b>
- </th>
- <th align='center' colspan='6' width='18%'>
- <b>$Lang::tr{'fwdfw action'}</b>
- </th>
- </tr>
-END
-
- foreach my $key (sort {$a <=> $b} keys %$hash){
- $tdcolor='';
- @tmpsrc=();
- #check if vpn hosts/nets have been deleted
- if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
- push (@tmpsrc,$$hash{$key}[4]);
- }
- if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
- push (@tmpsrc,$$hash{$key}[6]);
- }
- foreach my $host (@tmpsrc){
- if($$hash{$key}[3] eq 'ipsec_net_src' || $$hash{$key}[5] eq 'ipsec_net_tgt'){
- if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
- $coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
- }
- }elsif($$hash{$key}[3] eq 'ovpn_net_src' || $$hash{$key}[5] eq 'ovpn_net_tgt'){
- if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
- $coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
- }
- }elsif($$hash{$key}[3] eq 'ovpn_n2n_src' || $$hash{$key}[5] eq 'ovpn_n2n_tgt'){
- if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
- $coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
- }
- }elsif($$hash{$key}[3] eq 'ovpn_host_src' || $$hash{$key}[5] eq \
'ovpn_host_tgt'){
- if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
- $coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
- }
- }
- }
- $$hash{'ACTIVE'}=$$hash{$key}[2];
- $count++;
- if($coloryellow eq 'on'){
- print"<tr bgcolor='$color{'color14'}' >";
- $coloryellow='';
- }elsif($coloryellow eq ''){
- if ($count % 2){
- $color="$color{'color22'}";
- }
- else{
- $color="$color{'color20'}";
- }
- }
- print<<END;
- <tr bgcolor='$color'>
- <td align='right' width='3%'>
- <b>$key </b>
- </td>
-END
-
- #RULETYPE (A,R,D)
- if ($$hash{$key}[0] eq 'ACCEPT'){
- $ruletype='A';
- $tooltip='ACCEPT';
- $rulecolor=$color{'color17'};
- }elsif($$hash{$key}[0] eq 'DROP'){
- $ruletype='D';
- $tooltip='DROP';
- $rulecolor=$color{'color25'};
- }elsif($$hash{$key}[0] eq 'REJECT'){
- $ruletype='R';
- $tooltip='REJECT';
- $rulecolor=$color{'color16'};
- }
-
- print <<END;
- <td bgcolor='$rulecolor' align='center' width='2%'>
- <span title='$tooltip'> </span>
- </td>
-END
-
- #Get Protocol
- my $prot;
- if ($$hash{$key}[8]){
- push (@protocols,$$hash{$key}[8]);
- }elsif($$hash{$key}[14] eq 'cust_srv'){
- &get_serviceports("service",$$hash{$key}[15]);
- }elsif($$hash{$key}[14] eq 'cust_srvgrp'){
- &get_serviceports("group",$$hash{$key}[15]);
- }else{
- push (@protocols,$Lang::tr{'all'});
- }
-
- my $protz=join(",", at protocols);
- if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne \
'cust_srvgrp'){
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys \
%icmptypes){
- if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
- print "<td align='center'><span title='$icmptypes{$keyicmp}[0]'><b>$protz \
($icmptypes{$keyicmp}[1])</b></span></td>";
- last;
- }
- }
- }else{
- print"<td align='center'>$protz</td>";
- }
- @protocols=();
- #SOURCE
- my $ipfireiface;
- &getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
- print"<td align='center' width='160' $tdcolor>";
- if ($$hash{$key}[3] eq 'ipfire_src'){
- $ipfireiface='Interface ';
- }
- if ($$hash{$key}[3] eq 'std_net_src'){
- print &get_name($$hash{$key}[4]);
- }elsif ($$hash{$key}[3] eq 'src_addr'){
- my ($split1,$split2) = split("/",$$hash{$key}[4]);
- if ($split2 eq '32'){
- print $split1;
- }else{
- print $$hash{$key}[4];
- }
- }elsif ($$hash{$key}[4] eq 'RED1'){
- print "$ipfireiface $Lang::tr{'fwdfw red'}";
- }else{
- print "$$hash{$key}[4]";
- }
- $tdcolor='';
- #SOURCEPORT
- &getsrcport(\%$hash,$key);
- #Is this a SNAT rule?
- if ($$hash{$key}[31] eq 'snat' && $$hash{$key}[28] eq 'ON'){
- my $net=&get_name($$hash{$key}[29]);
- if ( ! $net){ $net=$$hash{$key}[29];}
- print"<br>->$net";
- if ($$hash{$key}[30] ne ''){
- print": $$hash{$key}[30]";
- }
- }
- if ($$hash{$key}[17] eq 'ON'){
- $log="/images/on.gif";
- }else{
- $log="/images/off.gif";
- }
- #LOGGING
- print<<END;
- </td>
- <td align='center'>
- <form method='POST' action=''>
- <input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' \
title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;'/>
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
- </form>
- </td>
-END
- #TARGET
- &getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
- print<<END;
- <td align='center' $tdcolor>
-END
- #Is this a DNAT rule?
- if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
- print "Firewall ($$hash{$key}[29])";
- if($$hash{$key}[30] ne ''){
- $$hash{$key}[30]=~ tr/|/,/;
- print": $$hash{$key}[30]";
- }
- print"<br>->";
- }
- if ($$hash{$key}[5] eq 'ipfire'){
- $ipfireiface='Interface';
- }
- if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || \
$$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq \
'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
- if ($$hash{$key}[6] eq 'RED1'){
- print "$ipfireiface $Lang::tr{'red1'}";
- }elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || \
$$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL')
- {
- print "$ipfireiface ".&get_name($$hash{$key}[6]);
- }else{
- print $$hash{$key}[6];
- }
- }elsif ($$hash{$key}[5] eq 'tgt_addr'){
- my ($split1,$split2) = split("/",$$hash{$key}[6]);
- if ($split2 eq '32'){
- print $split1;
- }else{
- print $$hash{$key}[6];
- }
- }else{
- print "$$hash{$key}[6]";
- }
- $tdcolor='';
- #TARGETPORT
- &gettgtport(\%$hash,$key);
- print"</td>";
- #RULE ACTIVE
- if($$hash{$key}[2] eq 'ON'){
- $gif="/images/on.gif"
-
- }else{
- $gif="/images/off.gif"
- }
- print<<END;
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' \
title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
- </form>
- </td>
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' \
title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='editrule' />
- </form>
- </td>
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw \
copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='copyrule' />
- </form>
- </td>
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' \
title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='deleterule' />
- </form>
- </td>
-END
- if (exists $$hash{$key-1}){
- print<<END;
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' \
title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; \
padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='moveup' />
- </form>
- </td>
-END
- }else{
- print"<td width='3%'></td>";
- }
-
- if (exists $$hash{$key+1}){
- print<<END;
- <td width='3%' align='center'>
- <form method='POST' action=''>
- <input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw \
movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; \
padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: \
block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='movedown' />
- </form>
- </td>
- </tr>
-END
- }else{
- print"<td width='3%'></td></tr>";
- }
- #REMARK
- if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
- print <<END;
- <tr bgcolor='$color'>
- <td> </td>
- <td bgcolor='$rulecolor'></td>
- <td colspan='10'>
- <em>$$hash{$key}[16]</em>
- </td>
- </tr>
-END
- }
-
- if ($$hash{$key}[18] eq 'ON'){
- #TIMEFRAME
- if ($$hash{$key}[18] eq 'ON'){
- my @days=();
- if($$hash{$key}[19] ne ''){push (@days,$Lang::tr{'fwdfw wd_mon'});}
- if($$hash{$key}[20] ne ''){push (@days,$Lang::tr{'fwdfw wd_tue'});}
- if($$hash{$key}[21] ne ''){push (@days,$Lang::tr{'fwdfw wd_wed'});}
- if($$hash{$key}[22] ne ''){push (@days,$Lang::tr{'fwdfw wd_thu'});}
- if($$hash{$key}[23] ne ''){push (@days,$Lang::tr{'fwdfw wd_fri'});}
- if($$hash{$key}[24] ne ''){push (@days,$Lang::tr{'fwdfw wd_sat'});}
- if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
- my $weekdays=join(",", at days);
- if (@days){
- print"<tr bgcolor='$color'>";
- print"<td> </td><td bgcolor='$rulecolor'></td><td align='left' \
colspan='10'> $weekdays $$hash{$key}[26] - \
$$hash{$key}[27]</td></tr>";
- }
- }
- }
- print"<tr bgcolor='FFFFFF'><td colspan='13' height='1'></td></tr>";
- }
- print"</table>";
- #SHOW FINAL RULE
- print "<table width='100%'rules='cols' border='1'>";
- my $col;
- if ($config eq '/var/ipfire/forward/config'){
- my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
- if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
- $col="bgcolor='darkred'";
- }else{
- $col="bgcolor='green'";
- }
- &show_defaultrules($col,$pol);
- }elsif ($config eq '/var/ipfire/forward/outgoing'){
- if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
- $col="bgcolor='darkred'";
- print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF' >$Lang::tr{'fwdfw pol block'}</font></td></tr>";
- }else{
- $col="bgcolor='green'";
- print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF' >$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
- }
- }else{
- print"<tr><td bgcolor='darkred' width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td bgcolor='darkred' \
align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol \
block'}</font></td></tr>";
- }
- print"</table>";
- print "<hr>";
- print "<br><br>";
- &Header::closebox();
- }else{
- if ($optionsfw{'SHOWTABLES'} eq 'on'){
- print "<b>$title1</b><br>";
- print"<table width='100%' border='0' rules='none'><tr><td height='30' \
bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost \
empty'}</td></tr></table>";
- my $col;
- if ($config eq '/var/ipfire/forward/config'){
- my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
- if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
- $col="bgcolor='darkred'";
- }else{
- $col="bgcolor='green'";
- }
- &show_defaultrules($col,$pol);
- }elsif ($config eq '/var/ipfire/forward/outgoing'){
- print "<table width='100%' rules='cols' border='1'>";
- my $pol='fwdfw '.$fwdfwsettings{'POLICY1'};
- if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
- $col="bgcolor='darkred'";
- print"<tr><td $col align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
- }else{
- $col="bgcolor='green'";
- print"<tr><td $col align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
- }
- }else{
- print "<table width='100%' rules='cols' border='1'>";
- print"<tr><td bgcolor='darkred' align='center' width='20%'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td align='center' \
bgcolor='darkred'><font color='#FFFFFF'>$Lang::tr{'fwdfw pol \
block'}</font></td></tr>";
- }
- print"</table><br><br>";
- }
- }
-}
-&Header::closebigbox();
-&Header::closepage();
-
-sub show_defaultrules
-{
- my $col=shift;
- my $pol=shift;
- #STANDARD RULES (From WIKI)
- print"</table>";
- if ($col eq "bgcolor='green'"){
- print "<br><table width='100%' rules='cols' border='1' >";
- my $blue = "<font color=$Header::colourblue> $Lang::tr{'blue'}</font> \
($Lang::tr{'fwdfw pol block'})" if (&Header::blue_used());
- my $orange = "<font color=$Header::colourorange> $Lang::tr{'orange'}</font> \
($Lang::tr{'fwdfw pol block'})" if (&Header::orange_used());
- my $blue1 = "<font color=$Header::colourblue> $Lang::tr{'blue'}</font> \
($Lang::tr{'fwdfw pol allow'})" if (&Header::blue_used());
- my $orange1 = "<font color=$Header::colourorange> $Lang::tr{'orange'}</font> \
($Lang::tr{'fwdfw pol allow'})" if (&Header::orange_used());
- print"<tr><td align='center'><font color='#000000'>$Lang::tr{'green'}</td><td \
align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> \
($Lang::tr{'fwdfw pol allow'})</td>";
- print"<td align='center'>$orange1</td>" if (&Header::orange_used());
- print"<td align='center'>$blue1</td>" if (&Header::blue_used());
- print"</tr>";
- if (&Header::orange_used()){
- print"<tr><td align='center' width='20%'><font \
color='#000000'>$Lang::tr{'orange'}</td><td align='center'> <font \
color=$Header::colourred> $Lang::tr{'red'}</font> ($Lang::tr{'fwdfw pol \
allow'})</td><td align='center'><font color=$Header::colourgreen> \
$Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol block'})</td>";
- print"<td align='center'>$blue</td>" if (&Header::blue_used());
- print"</tr>";
- }
- if (&Header::blue_used()){
- print"<tr><td align='center'><font color='#000000'>$Lang::tr{'blue'}</td><td \
align='center'> <font color=$Header::colourred> $Lang::tr{'red'}</font> \
($Lang::tr{'fwdfw pol allow'})</td>";
- print"<td align='center'>$orange</td>" if (&Header::orange_used());
- print"<td align='center'><font color=$Header::colourgreen> \
$Lang::tr{'green'}</font> ($Lang::tr{'fwdfw pol block'})</td>";
- print"</tr>";
- }
- print"<tr><td $col align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw \
final_rule'} </font></td><td $col colspan='3' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol allow'}</font></td></tr>";
- }elsif($col eq "bgcolor='darkred'"){
- print "<table width='100%' rules='cols' border='1' >";
- print"<tr><td $col width='20%' align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font \
color='#FFFFFF'>$Lang::tr{'fwdfw pol block'}</font></td></tr>";
- }
-}
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 03ef367..e37540b 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -341,7 +341,7 @@ END
} else { print $Lang::tr{'advproxy off'}; }
}
if ( $netsettings{'ORANGE_DEV'} ) { print <<END;
- <tr><td align='center' bgcolor='$Header::colourorange' width='25%'><a \
href="/cgi-bin/forwardfw.cgi"><font size='2' \
color='white'><b>$Lang::tr{'dmz'}</b></font></a><br> + <tr><td align='center' \
bgcolor='$Header::colourorange' width='25%'><a href="/cgi-bin/firewall.cgi"><font \
size='2' color='white'><b>$Lang::tr{'dmz'}</b></font></a><br> <td width='30%' \
align='center'>$netsettings{'ORANGE_ADDRESS'}
<td width='45%' align='center'><font color=$Header::colourgreen>Online</font>
END
hooks/post-receive
--
IPFire 2.x development tree
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic