This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 508b73104f689672260d4f464325c3dc35a32945 (commit)
via f09a0af571c03ef5222e0587e940a6df3926da07 (commit)
via e897bfebe73bb147056f93d120daabe5c09af95d (commit)
via 45762fc662cd8e869af561d6856a909a7dfe6082 (commit)
from 126246a8caba9de88c85603dda188fbb35cfc917 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 508b73104f689672260d4f464325c3dc35a32945
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Nov 15 21:44:09 2010 +0100
Add changes to updater.
commit f09a0af571c03ef5222e0587e940a6df3926da07
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Nov 15 19:39:48 2010 +0100
proxy.cgi: write networks in cidr notation.
commit e897bfebe73bb147056f93d120daabe5c09af95d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Nov 15 19:37:59 2010 +0100
ipsec: write networks in ipsec.conf in cidr notation.
commit 45762fc662cd8e869af561d6856a909a7dfe6082
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Nov 15 19:35:22 2010 +0100
general-functions: add function to convert ip/mask to ip/cidr.
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 7 +++++
config/rootfiles/core/test/filelists/files | 1 +
html/cgi-bin/proxy.cgi | 34 ++++++++++++++++-----------
html/cgi-bin/vpnmain.cgi | 23 ++++++++++++++----
4 files changed, 46 insertions(+), 19 deletions(-)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 84aa8aa..cd4bfd5 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -18,6 +18,7 @@ use strict;
use Socket;
use IO::Socket;
use Net::SSLeay;
+use Net::IPv4Addr;
$|=1; # line buffering
@@ -407,6 +408,12 @@ sub NextIP
);
}
+sub ipcidr
+{
+ my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift);
+ return "$ip\/$cidr";
+}
+
sub validemail {
my $mail = shift;
return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\(a)[0-9a-zA-Z\.\-]+$/ );
diff --git a/config/rootfiles/core/test/filelists/files b/config/rootfiles/core/test/filelists/files
index 5e17384..369dd01 100644
--- a/config/rootfiles/core/test/filelists/files
+++ b/config/rootfiles/core/test/filelists/files
@@ -5,5 +5,6 @@ srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/speed.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/html/images/urlfilter/copy.gif
+var/ipfire/general-functions.pl
usr/local/bin/rebuild-initrd
usr/bin/ldd
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index aaaec87..55d7ec9 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -180,6 +180,12 @@ close(FILE);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+ $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
+}
+
&Header::showhttpheaders();
$proxysettings{'ACTION'} = '';
@@ -1193,10 +1199,10 @@ END
if (!$proxysettings{'SRC_SUBNETS'})
{
- print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ print "$green_cidr\n";
if ($netsettings{'BLUE_DEV'})
{
- print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ print "$blue_cidr\n";
}
} else { print $proxysettings{'SRC_SUBNETS'}; }
@@ -1785,9 +1791,9 @@ print <<END
END
;
if (!$proxysettings{'IDENT_HOSTS'}) {
- print "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ print "$green_cidr\n";
if ($netsettings{'BLUE_DEV'}) {
- print "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ print "$blue_cidr\n";
}
} else {
print $proxysettings{'IDENT_HOSTS'};
@@ -2692,10 +2698,10 @@ sub write_acls
flock(FILE, 2);
if (!$proxysettings{'SRC_SUBNETS'})
{
- print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ print FILE "$green_cidr\n";
if ($netsettings{'BLUE_DEV'})
{
- print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ print FILE "$blue_cidr\n";
}
} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
close(FILE);
@@ -3319,8 +3325,8 @@ END
}
print FILE <<END
-acl all src all
-acl localhost src 127.0.0.1/255.255.255.255
+#acl all src all
+acl localhost src 127.0.0.1/32
END
;
open (PORTS,"$acl_ports_ssl");
@@ -3344,12 +3350,12 @@ acl IPFire_https port $https_port
acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
acl IPFire_networks src "$acl_src_subnets"
acl IPFire_servers dst "$acl_src_subnets"
-acl IPFire_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
-acl IPFire_green_servers dst $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}
+acl IPFire_green_network src $green_cidr
+acl IPFire_green_servers dst $green_cidr
END
;
- if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
- if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; }
+ if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
+ if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
@@ -3397,7 +3403,7 @@ END
my $blue_net = ''; #BLUE empty by default
my $blue_ip = '';
if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
- $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ $blue_net = "$blue_cidr";
$blue_ip = "$netsettings{'BLUE_ADDRESS'}";
}
if (!-z $acl_include)
@@ -3406,7 +3412,7 @@ END
print FILE "\n#Start of custom includes\n\n";
while (<ACL>) {
$_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
- $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+ $_ =~ s/__GREEN_NET__/$green_cidr/;
$_ =~ s/__BLUE_IP__/$blue_ip/;
$_ =~ s/__BLUE_NET__/$blue_net/;
$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 5fb6055..e60a8ba 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -58,6 +58,17 @@ my %mainsettings = ();
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
+my $blue_cidr = "# Blue not defined";
+if ($netsettings{'BLUE_DEV'}) {
+ $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
+}
+my $orange_cidr = "# Orange not defined";
+if ($netsettings{'ORANGE_DEV'}) {
+ $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
+}
+
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
@@ -270,12 +281,12 @@ sub writeipsecfiles {
print CONF "\tnat_traversal=yes\n";
print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16";
- print CONF ",%v4:!$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ print CONF ",%v4:!$green_cidr";
if (length($netsettings{'ORANGE_DEV'}) > 2) {
- print CONF ",%v4:!$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ print CONF ",%v4:!$orange_cidr";
}
if (length($netsettings{'BLUE_DEV'}) > 2) {
- print CONF ",%v4:!$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ print CONF ",%v4:!$blue_cidr";
}
foreach my $key (keys %lconfighash) {
if ($lconfighash{$key}[3] eq 'net') {
@@ -320,13 +331,15 @@ sub writeipsecfiles {
print CONF "conn $lconfighash{$key}[1]\n";
print CONF "\tleft=$localside\n";
print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
- print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+ my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
+ print CONF "\tleftsubnet=$cidr_net\n";
print CONF "\tleftfirewall=yes\n";
print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
if ($lconfighash{$key}[3] eq 'net') {
- print CONF "\trightsubnet=$lconfighash{$key}[11]\n";
+ my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
+ print CONF "\trightsubnet=$cidr_net\n";
print CONF "\trightnexthop=%defaultroute\n";
} elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
print CONF "\trightsubnet=vhost:%no,%priv\n";
hooks/post-receive
--
IPFire 2.x development tree