From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] firewall.cgi: Bring back check for single IP when using DNAT.
Date: Thu, 05 Aug 2021 22:37:04 +0200
Message-ID: <687B9283-E8DB-4EC5-94D4-3592854E41FF@ipfire.org>
In-Reply-To: <20210716182022.3016-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3645221103619283652=="
List-Id: <development.lists.ipfire.org>

--===============3645221103619283652==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 16 Jul 2021, at 20:20, Stefan Schantl <stefan.schantl(a)ipfire.org> wrot=
e:
>=20
> This check has been removed by commit: bbe8e009b824aef745c9ab9718dce9a1b557=
f5fc
>=20
> So it was able to create DNAT rules with a network as target.
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> html/cgi-bin/firewall.cgi | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>=20
> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
> index e168788eb..b328b426c 100644
> --- a/html/cgi-bin/firewall.cgi
> +++ b/html/cgi-bin/firewall.cgi
> @@ -569,6 +569,24 @@ sub checktarget
> 	#check DNAT settings (has to be single Host and single Port or portrange)
> 	if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
> 		if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cus=
t_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
> +			# Check if a manual entered IP is a single Host (if set)
> +			if ($fwdfwsettings{'grp2'} eq 'tgt_addr') {
> +				# Split input into address and prefix (if provided).
> +				my ($address, $subnet) =3D split ('/', $fwdfwsettings{$fwdfwsettings{'=
grp2'}});
> +
> +				# Check if a subnet is given.
> +				if ($subnet) {
> +					# Check if the prefix or subnetmask is for a single host.
> +					unless ($subnet eq "32" || $subnet eq "255.255.255.255") {
> +						# Set error message.
> +						$errormessage=3D$Lang::tr{'fwdfw dnat error'}."<br>";
> +
> +						# Return the error.
> +						return $errormessage;
> +					}
> +				}
> +			}
> +
> 			#check if Port is a single Port or portrange
> 			if ($fwdfwsettings{'nat'} eq 'dnat' &&  $fwdfwsettings{'grp3'} eq 'TGT_P=
ORT'){
> 				if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') =
&& $fwdfwsettings{'TGT_PORT'} eq ''){
> --=20
> 2.30.2
>=20


--===============3645221103619283652==--