From: Alexander Marx <alexander.marx@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/4] BUG11559: firewall.cgi
Date: Wed, 02 May 2018 13:27:05 +0200 [thread overview]
Message-ID: <1525260427-6695-2-git-send-email-alexander.marx@ipfire.org> (raw)
In-Reply-To: <1525260427-6695-1-git-send-email-alexander.marx@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3273 bytes --]
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch has the changes for firewall.cgi
---
html/cgi-bin/firewall.cgi | 36 +++++++++++++++++++++++++++++++++---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index face0f4..499f279 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1161,11 +1161,31 @@ END
#IPsec netze
foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
- print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
+ print"<tr><td valign='top'><input type='radio' name='$grp' id='ipsec_net_$srctgt' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
+
+ #Check if we have more than one REMOTE subnet in config
+ my @arr1 = split /\|/, $ipsecconf{$key}[11];
+ my $cnt1 += @arr1;
+
print "<option ";
- print "selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $ipsecconf{$key}[1]);
- print ">$ipsecconf{$key}[1]</option>";
+ print "value=$ipsecconf{$key}[1]";
+ print " selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]");
+ print ">$ipsecconf{$key}[1] ";
+ print "($Lang::tr{'fwdfw all subnets'})" if $cnt1 > 1; #If this Conenction has more than one subnet, print one option for all subnets
+ print "</option>";
+
+ if ($cnt1 > 1){
+ foreach my $val (@arr1){
+ #normalize subnet to cidr notation
+ my ($val1,$val2) = split /\//, $val;
+ my $val3 = &General::iporsubtocidr($val2);
+ print "<option ";
+ print "value='$ipsecconf{$key}[1]|$val1/$val3'";
+ print "selected " if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "$ipsecconf{$key}[1]|$val1/$val3");
+ print ">$ipsecconf{$key}[1] ($val1/$val3)</option>";
+ }
+ }
}
}
if($optionsfw{'SHOWDROPDOWN'} eq 'on' && $show eq ''){
@@ -2575,6 +2595,11 @@ END
#SOURCE
my $ipfireiface;
&getcolor($$hash{$key}[3],$$hash{$key}[4],\%customhost);
+ # Check SRC Host and replace "|" with space
+ if ($$hash{$key}[4] =~ /\|/){
+ $$hash{$key}[4] =~ s/\|/ (/g;
+ $$hash{$key}[4] = $$hash{$key}[4].")";
+ }
print"<td align='center' width='30%' $tdcolor>";
if ($$hash{$key}[3] eq 'ipfire_src'){
$ipfireiface=$Lang::tr{'fwdfw iface'};
@@ -2640,6 +2665,11 @@ END
print<<END;
<td align='center' $tdcolor>
END
+ # Check TGT Host and replace "|" with space
+ if ($$hash{$key}[6] =~ /\|/){
+ $$hash{$key}[6] =~ s/\|/ (/g;
+ $$hash{$key}[6] = $$hash{$key}[6].")";
+ }
#Is this a DNAT rule?
my $natstring;
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
--
2.7.4
next prev parent reply other threads:[~2018-05-02 11:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-02 11:27 [PATCH 1/4] BUG11559: Languagefiles Alexander Marx
2018-05-02 11:27 ` Alexander Marx [this message]
2018-05-07 16:23 ` [PATCH 2/4] BUG11559: firewall.cgi Peter Müller
2018-05-02 11:27 ` [PATCH 3/4] BUG11559: firewall-lib Alexander Marx
2018-05-07 16:24 ` Peter Müller
2018-05-02 11:27 ` [PATCH 4/4] BUG11559: fwhosts Alexander Marx
2018-05-07 16:24 ` Peter Müller
2018-05-06 20:02 ` [PATCH 1/4] BUG11559: Languagefiles Peter Müller
2018-05-07 10:41 ` Michael Tremer
2018-05-07 16:25 ` Peter Müller
2018-05-07 16:22 ` Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1525260427-6695-2-git-send-email-alexander.marx@ipfire.org \
--to=alexander.marx@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox