I'm sending this through patchwork now, since I've found that the last patches wouldn't apply (they contained *local* paths, sorry for that). Short background of this patch: - It adds [DNS/NTP]_FORCED_ON_[INTERFACE] options to '/var/ipfire/optionsfw/settings'. - The corresponding options should only be visible if the respective interface is actually available. If BLUE interface doesn't exist, there shouldn't be any visible ON/OFF switches for 'DNS/NTP on BLUE' or BLUE logging options. - Language strings were altered accordingly, they come in a later patch of this series. - Screenshots: => https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-firewall/3512/91 ['Masquerading on BLUE' is not shown because screenshots were made on a testmachine.] - One thing that DOESN'T work: For changes to take effect without a complete reboot, it is necessary to restart the firewall rules through '/etc/init.d/firewall restart'. I tried to implement this by adding a 'Save and Restart'-button. But whatever I tried, this won't work through the Web-GUI. Neither by calling the init-file, nor with a newly written 'optionsfwctrl.c' program. The save function is working, but I wasn't able to trigger a restart of the firewall rules. No seen errors, it just won't work. Calling the new 'optionsfwctrl.c' through console or restarting the rules with '/etc/init.d/firewall restart' was ok, though (e.g.). This has been marked in the patch (line 29). Signed-off-by: Matthias Fischer --- html/cgi-bin/optionsfw.cgi | 101 ++++++++++++++++++++++++++++++++----- 1 file changed, 87 insertions(+), 14 deletions(-) diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 47aba59cb..bec90b731 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -69,6 +69,31 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { &General::readhash($filename, \%settings); # Load good settings } +if ($settings{'ACTION'} eq $Lang::tr{'fw settings save and restart'}) { + if ($settings{'defpol'} ne '1'){ + $errormessage .= $Lang::tr{'new optionsfw later'}; + &General::writehash($filename, \%settings); # Save good settings + system("/usr/local/bin/firewallctrl"); + }else{ + if ($settings{'POLICY'} ne ''){ + $fwdfwsettings{'POLICY'} = $settings{'POLICY'}; + } + if ($settings{'POLICY1'} ne ''){ + $fwdfwsettings{'POLICY1'} = $settings{'POLICY1'}; + } + my $MODE = $fwdfwsettings{'POLICY'}; + my $MODE1 = $fwdfwsettings{'POLICY1'}; + %fwdfwsettings = (); + $fwdfwsettings{'POLICY'} = "$MODE"; + $fwdfwsettings{'POLICY1'} = "$MODE1"; + &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings); + &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings); + system("/usr/local/bin/firewallctrl"); + system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1 "); # <--- !THIS DOESN'T WORK! + } + &General::readhash($filename, \%settings); # Load good settings +} + &Header::openpage($Lang::tr{'options fw'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); &General::readhash($filename, \%settings); @@ -158,6 +183,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORANGE'}} = 'selected="sele $selected{'MASQUERADE_BLUE'}{'off'} = ''; $selected{'MASQUERADE_BLUE'}{'on'} = ''; $selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} = 'selected="selected"'; +$checked{'DNS_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'DNS_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} = "checked='checked'"; &Header::openbox('100%', 'center',); print "
"; @@ -207,7 +244,38 @@ END END } - print < + +   + $Lang::tr{'fw green'} + + $Lang::tr{'dns force on green'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on green'}$Lang::tr{'on'} / + $Lang::tr{'off'} +END + + if (&Header::blue_used()) { + print < + $Lang::tr{'fw blue'} +   + + $Lang::tr{'dns force on blue'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on blue'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop proxy'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop samba'}$Lang::tr{'on'} / + $Lang::tr{'off'} + + +END + } + + print <
@@ -224,21 +292,25 @@ END $Lang::tr{'off'} $Lang::tr{'drop portscan'}$Lang::tr{'on'} / $Lang::tr{'off'} -$Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / +END + + if (&Header::blue_used()) { + print < + + $Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / $Lang::tr{'off'} -$Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / + $Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / $Lang::tr{'off'} - -
+ +END + } + + print < + +
- - - - -
$Lang::tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / - $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / - $Lang::tr{'off'}
-
$Lang::tr{'fw settings'}
$Lang::tr{'fw settings color'}$Lang::tr{'on'} / @@ -323,7 +395,8 @@ END
- + +
-- 2.18.0