From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH 3/4] BUG11559: firewall-lib Date: Mon, 07 May 2018 18:24:12 +0200 Message-ID: <72a2d45a-f83a-4ab9-69d7-bad50ae616b3@link38.eu> In-Reply-To: <1525260427-6695-3-git-send-email-alexander.marx@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0697768569981058019==" List-Id: --===============0697768569981058019== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable When creating firewallrules or using firewall groups, it should be possible to select a single IpSec subnet if there is more than o= ne. This patch has neccessary changes for the firewall-lib. While the network nam= e of the IpSec changes on save (subnet is added to name) we need to split the name or normalise the = field before using it. Signed-off-by: Alexander Marx Tested-by: Peter M=C3=BCller --- config/firewall/firewall-lib.pl | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index eabd9a4..9b7f55c 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -150,6 +150,9 @@ sub get_ipsec_net_ip my $val=3Dshift; my $field=3Dshift; foreach my $key (sort {$a <=3D> $b} keys %ipsecconf){ + #adapt $val to reflect real name without subnet (if rule with only one ips= ec subnet is created) + my @tmpval =3D split (/\|/, $val); + $val =3D $tmpval[0]; if($ipsecconf{$key}[1] eq $val){ return $ipsecconf{$key}[$field]; } @@ -390,10 +393,16 @@ sub get_address =20 # IPsec networks. } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) { - my $network_address =3D &get_ipsec_net_ip($value, 11); - my @nets =3D split(/\|/, $network_address); - foreach my $net (@nets) { - push(@ret, [$net, ""]); + #Check if we have multiple subnets and only want one of them + if ( $value =3D~ /\|/ ){ + my @parts =3D split(/\|/, $value); + push(@ret, [$parts[1], ""]); + }else{ + my $network_address =3D &get_ipsec_net_ip($value, 11); + my @nets =3D split(/\|/, $network_address); + foreach my $net (@nets) { + push(@ret, [$net, ""]); + } } =20 # The firewall's own IP addresses. --=20 2.7.4 --===============0697768569981058019== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q2dBR0JRSmE4SDJzQUFvSkVObEk4Zzk5ZTU5b3lBc1FBSStyRVFmbUZDMHJNTzhtWGZhTnFDODYK czVHTndFWlZMc2ptVFhaWVl4V2dzdGZvOFVIUHE4czR6bzQ2WVlpNnJwQTF6cGhleEYvM05LZnow ZDl0amFxdAprc21lY2laRmNPdldGSDczWXpCbHFhSVZUSlhFR1dxVTlIbGJ4WXNwYkNEWmh4dGNS UndZV2xOQjJrcnR0cmtpCjhKZFBIcG9CT2Zoc3BxUld2REtBRHpVWmF4dkd5OGpCSlF6RkxCM1FV cFNzeGVNWG5qZ2tqeFRVVTVtTjNvengKSVM2bVFJb3UxcEl1bldLK2hYT1k1M1dOeTMyUkRlOFFs aEM4MVF1TlBuMThiaU1nalNzcDEyNStHL3VVajNidQpSRlpLTTJDTmhTK21lOTBrVy8xckYvWmMr WndQVVNSSjU0OTZEbGMvTUlBWjNIbnpBbUVpZjROMUhjdlFhWEJTClg2K2dXak95ZWtEUmtaNzNT aDdVcExpbkl3SDZGRjBvVnQ1V0NDSVBrQkRWOW9NZS9sZjhSdjhnangrMmk5ZEoKeS9vRzNMSWVv NDc3NEMzU2paMi9IQkUxVzAvTitnWWpiQ0lnUk5qYWZDb0ZNN1RKWFBzNHY1anZEdXpTWTF4WgpQ b1B5aHJjN2FlVXFzWEZxa3NYRnFHRUtZd21HMWFKN3ErR1hjcXA4TFVZUk4rN1V5aHlMdzV0cmxQ YkRDWE1pCmZOQWo2U0IyWVBXN2ZpajZlV2lKcFdEZnZMMkUzWGkzNUNCNkVOQ1BBSi9NS1JoLzB4 QlNnVW5PdkxiUGtzVnQKMUtuM0xId2djOURqSjhlb2tpb2pCdWljWHZ6MHN2eHo5S240a1FPQlow ZDhhQ2RtZ215WWVDZEhiSWh0MzFndgpienZuZWpvZzJsUXRMMlpyNnE2Sgo9UnY4eAotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0697768569981058019==--