This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via 5b0bc4ca3d5609bed04a34284b5f746616f768f1 (commit) via 3af3ecd319bdcf8db27e9ca14af72383b4754567 (commit) via 433b7aa8e95f4b075fd259257c61c96a29e03830 (commit) via 64e822fb45db06af7a7e7ddc94961840d5bd1158 (commit) via 90f8339a42506ca95dacb820914881bc922f19db (commit) via 6e62882de69ad42efcb4c3c2097abb5d5c54666c (commit) via 58bda09b683311db948fb5be06b1521386286f03 (commit) via 95c86656e70af668d25f0a33afb3913ee5e2ded0 (commit) via e6e9a8117677eca8319982ce56aa72e93c9b407e (commit) via 73c39dd4bda322d7d9240651c6db003bff477670 (commit) via 9f6da934a3b635f5c9f96ab737977dad2582e498 (commit) via b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd (commit) via 03dd9a2949d953e15bdaceab07af5649bfb21bd5 (commit) via a4c7bf6b73e5a2faae948188591d50cedbf18de3 (commit) via 40d505ea08931038fba56ee3a8da5053ad7ed389 (commit) via bcd9852e2ee73b741f5996ecc05ba3758d330fb8 (commit) via 753bb74ce55d5107d3e8001ed5c15f462261aab3 (commit) via 2ad3c084eef6d82a8690e5d488d84c61e892ef4e (commit) via 285de10662731bb67e946e7e112bb4cf892173bf (commit) via 4c27368a7bc135dc4443711c4eeabec0885ce1ff (commit) via 3bb77d08a689ef0b4ebaa88f48a684fe85ec580d (commit) via 16ba0c00d0d7b223682ab161c23af71315f6826a (commit) via fadcfb73203c97e7062828eb77360b4382555943 (commit) via a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d (commit) via 71670b91cccc3500d03605673f3966d669c93d70 (commit) via 2aeb4b256eb99c8971da60a5dff6bd3929270798 (commit) from 2dcea58cc2faf39bd170cef7366f05e940c62751 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 5b0bc4ca3d5609bed04a34284b5f746616f768f1 Merge: 2dcea58 3af3ecd Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 21:01:13 2013 +0200
Merge commit '3af3ecd319bdcf8db27e9ca14af72383b4754567' into fifteen
commit 3af3ecd319bdcf8db27e9ca14af72383b4754567 Author: Alexander Marx amarx@ipfire.org Date: Wed Oct 9 10:31:35 2013 +0200
Firewall: fix rules.pl when using custom hosts/networks and services no rule was applied because no protokoll could be found Also extended JS code to correctly show ICMP Types only, if NO Targetport is selcted
commit 433b7aa8e95f4b075fd259257c61c96a29e03830 Author: Alexander Marx amarx@ipfire.org Date: Wed Oct 9 08:23:57 2013 +0200
Firewall: fixed typo in en.pl "Add new hetwork"-> "Add new network"
commit 64e822fb45db06af7a7e7ddc94961840d5bd1158 Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 8 10:24:56 2013 +0200
Firewall: Bugfix: when deleting services from a servicegroup,it was possible to delete the last service even if the group was used in a rule.
commit 90f8339a42506ca95dacb820914881bc922f19db Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 8 10:08:09 2013 +0200
Firewall: Bugfix: WHen using servicegroup with only ICMP services, the ruletable was broken. Also fixed another useless if clause in rules.pl
commit 6e62882de69ad42efcb4c3c2097abb5d5c54666c Author: Alexander Marx amarx@ipfire.org Date: Mon Oct 7 14:54:57 2013 +0200
Firewall: fix senseless if clause in rulecreation
commit 58bda09b683311db948fb5be06b1521386286f03 Merge: 95c8665 e6e9a81 Author: Alexander Marx amarx@ipfire.org Date: Mon Oct 7 07:25:42 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 95c86656e70af668d25f0a33afb3913ee5e2ded0 Merge: 9f6da93 1a3dbe9 Author: Alexander Marx amarx@ipfire.org Date: Mon Oct 7 07:25:19 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit e6e9a8117677eca8319982ce56aa72e93c9b407e Author: Alexander Marx amarx@ipfire.org Date: Sat Oct 5 13:50:35 2013 +0200
Firewall: added some more plausichecks and additional errormessages
commit 73c39dd4bda322d7d9240651c6db003bff477670 Merge: 03dd9a2 5c86caa Author: Alexander Marx amarx@ipfire.org Date: Sat Oct 5 13:31:22 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 9f6da934a3b635f5c9f96ab737977dad2582e498 Merge: b4f9428 03dd9a2 Author: Alexander Marx amarx@ipfire.org Date: Fri Oct 4 08:09:18 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd Merge: bcd9852 71ed067 Author: Alexander Marx amarx@ipfire.org Date: Fri Oct 4 07:17:15 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 03dd9a2949d953e15bdaceab07af5649bfb21bd5 Author: Alexander Marx amarx@ipfire.org Date: Thu Oct 3 12:01:19 2013 +0200
Firewall: fixed JS code for toggeling div areas
commit a4c7bf6b73e5a2faae948188591d50cedbf18de3 Author: Alexander Marx amarx@ipfire.org Date: Wed Oct 2 21:28:50 2013 +0200
Firewall: Reorganized layout of rulecreationpage
Protocol is now an extra area containing protocol, ICMP-Type and source/target ports
commit 40d505ea08931038fba56ee3a8da5053ad7ed389 Merge: 753bb74 5b6acb8 Author: Alexander Marx amarx@ipfire.org Date: Wed Oct 2 21:15:22 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit bcd9852e2ee73b741f5996ecc05ba3758d330fb8 Merge: 285de10 ec36876 Author: Alexander Marx amarx@ipfire.org Date: Wed Oct 2 07:22:10 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 753bb74ce55d5107d3e8001ed5c15f462261aab3 Merge: 2ad3c08 ec36876 Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 1 20:30:30 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 2ad3c084eef6d82a8690e5d488d84c61e892ef4e Merge: 3bb77d0 285de10 Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 1 20:30:06 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 285de10662731bb67e946e7e112bb4cf892173bf Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 1 07:45:58 2013 +0200
Firewall: fixed rules.pl (no INPUT rules where created when using port and prot "all") This is a bug which was raised due to the last commit
commit 4c27368a7bc135dc4443711c4eeabec0885ce1ff Merge: fadcfb7 42e4fa8 Author: Alexander Marx amarx@ipfire.org Date: Tue Oct 1 07:44:29 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 3bb77d08a689ef0b4ebaa88f48a684fe85ec580d Merge: 16ba0c0 fadcfb7 Author: Alexander Marx amarx@ipfire.org Date: Mon Sep 30 20:04:38 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 16ba0c00d0d7b223682ab161c23af71315f6826a Merge: 71670b9 83dfa1d Author: Alexander Marx amarx@ipfire.org Date: Mon Sep 30 20:04:05 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit fadcfb73203c97e7062828eb77360b4382555943 Author: Alexander Marx amarx@ipfire.org Date: Mon Sep 30 15:43:51 2013 +0200
Firewall: moved nat part between source and target and moved protocol dropdown behind target area
commit a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d Merge: 2aeb4b2 83dfa1d Author: Alexander Marx amarx@ipfire.org Date: Mon Sep 30 11:06:42 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 71670b91cccc3500d03605673f3966d669c93d70 Merge: 439d2a5 2aeb4b2 Author: Alexander Marx amarx@ipfire.org Date: Fri Sep 27 15:18:05 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 2aeb4b256eb99c8971da60a5dff6bd3929270798 Author: Alexander Marx amarx@ipfire.org Date: Fri Sep 27 10:16:52 2013 +0200
Firewall: Bugfix: wrong counter when using selfdefinded services in a rule that could not be applied Bugfix: When using ICMP-ALL in a rule, the rule was not applied Bugfix: When using selfdefined services (icmp) and group them together. Then when using these services/groups in a rule and afterwards changing the service, the edited service was not applied
-----------------------------------------------------------------------
Summary of changes: config/forwardfw/rules.pl | 67 ++++---- html/cgi-bin/forwardfw.cgi | 404 ++++++++++++++++++++++++++------------------- html/cgi-bin/fwhosts.cgi | 2 +- langs/de/cgi-bin/de.pl | 2 + langs/en/cgi-bin/en.pl | 4 +- 5 files changed, 273 insertions(+), 206 deletions(-)
Difference in files: diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl index 3f491f7..fcaade2 100755 --- a/config/forwardfw/rules.pl +++ b/config/forwardfw/rules.pl @@ -213,14 +213,13 @@ sub buildrules } ##get source prot and port $SRC_TGT='SRC'; - $SPROT = &get_prot($hash,$key); $SPORT = &get_port($hash,$key); $SRC_TGT='';
##get target prot and port $DPROT=&get_prot($hash,$key);
- if ($DPROT eq ''){$DPROT=' ';} + if ($DPROT eq ''){$DPROT=' ';} @DPROT=split(",",$DPROT);
#get time if defined @@ -252,12 +251,12 @@ sub buildrules #print rules to console foreach my $DPROT (@DPROT){ $DPORT = &get_port($hash,$key,$DPROT); - if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;} + $PROT=$DPROT; $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' '); foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ - if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ + if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";} if(substr($DPORT, 2, 4) eq 'icmp'){ my @icmprule= split(",",substr($DPORT, 12,)); @@ -311,12 +310,12 @@ sub buildrules }elsif($MODE eq '0'){ foreach my $DPROT (@DPROT){ $DPORT = &get_port($hash,$key,$DPROT); - if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;} + $PROT=$DPROT; $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' '); foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ - if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ + if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";} #Process ICMP RULE if(substr($DPORT, 2, 4) eq 'icmp'){ @@ -528,33 +527,29 @@ sub get_prot { my $hash=shift; my $key=shift; - if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){ - if ($$hash{$key}[10] ne ''){ - return"$$hash{$key}[8]"; - }elsif($$hash{$key}[9] ne ''){ - return"$$hash{$key}[8]"; - }else{ - return "$$hash{$key}[8]"; - } - }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){ - if ($$hash{$key}[14] eq 'TGT_PORT'){ - if ($$hash{$key}[15] ne ''){ - return "$$hash{$key}[12]"; - }elsif($$hash{$key}[13] ne ''){ - return "$$hash{$key}[12]"; - }else{ - return "$$hash{$key}[12]"; - } - }elsif($$hash{$key}[14] eq 'cust_srv'){ + #check AH,GRE,ESP or ICMP + if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON'){ + return "$$hash{$key}[8]"; + } + if ($$hash{$key}[7] eq 'ON' || $$hash{$key}[11] eq 'ON'){ + #check if servicegroup or service + if($$hash{$key}[14] eq 'cust_srv'){ return &fwlib::get_srv_prot($$hash{$key}[15]); - }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ return &fwlib::get_srvgrp_prot($$hash{$key}[15]); + }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && $$hash{$key}[8] eq ''){ #when ports are used and prot set to "all" + return "TCP,UDP"; + }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && ($$hash{$key}[8] eq 'TCP' || $$hash{$key}[8] eq 'UDP')){ #when ports are used and prot set to "tcp" or "udp" + return "$$hash{$key}[8]"; + }elsif (($$hash{$key}[10] eq '' && $$hash{$key}[15] eq '') && $$hash{$key}[8] ne 'ICMP'){ #when ports are NOT used and prot NOT set to "ICMP" + return "$$hash{$key}[8]"; + }else{ + return "$$hash{$key}[8]"; } } #DNAT if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' && $$hash{$key}[12] ne ''){ - return "$$hash{$key}[12]"; + return "$$hash{$key}[8]"; } } sub get_port @@ -574,10 +569,6 @@ sub get_port return ":$$hash{$key}[10]"; } } - }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){ - return "--icmp-type $$hash{$key}[9] "; - }elsif($$hash{$key}[9] eq 'All ICMP-Types'){ - return; } }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){ if($$hash{$key}[14] eq 'TGT_PORT'){ @@ -593,10 +584,6 @@ sub get_port return ":$$hash{$key}[15]"; } } - }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){ - return "--icmp-type $$hash{$key}[13] "; - }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){ - return; } }elsif($$hash{$key}[14] eq 'cust_srv'){ if ($prot ne 'ICMP'){ @@ -605,10 +592,8 @@ sub get_port }else{ return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot); } - }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){ + }elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){ #When PROT is ICMP and "use targetport is checked, this is an icmp-service return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot); - }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){ - return; } }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ if ($prot ne 'ICMP'){ @@ -619,4 +604,12 @@ sub get_port } } } + #CHECK ICMP + if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON' && $SRC_TGT eq ''){ + if($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){ + return "--icmp-type $$hash{$key}[9] "; + }elsif($$hash{$key}[9] eq 'All ICMP-Types'){ + return; + } + } } diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 405a97d..f8f14ad 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -115,6 +115,45 @@ print<<END; function checkradio(a){ $(a).attr('checked', true); } +function toggle_elements( id ) { + if(document.getElementById(id).style.display== "none") + { + document.getElementById(id).style.display='block'; + } + else{ + document.getElementById(id).style.display='none'; + } + if(document.getElementById('targetport').style.display== "none" && document.getElementById('PROT').value === 'ICMP' ) + { + document.getElementById('PROTOKOLL').style.display='block'; + } + if(document.getElementById('targetport').style.display== "block" && document.getElementById('PROT').value === 'ICMP' ) + { + document.getElementById('PROTOKOLL').style.display='none'; + } + return true; +} +function hide_elements() +{ + var elementNames = hide_elements.arguments; + for (var i=0; i<elementNames.length; i++) + { + var elementName = elementNames[i]; + document.getElementById(elementName).style.display='none'; + } +} +function getdropdown() +{ + d = document.getElementById("PROT").value; + if ( d == 'ICMP' ) + { + document.getElementById('PROTOKOLL').style.display='block'; + } + else + { + document.getElementById('PROTOKOLL').style.display='none'; + } +} </script> END
@@ -128,7 +167,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} - #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -466,32 +504,6 @@ sub checksource
#check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";} - #check icmp source - if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ - $fwdfwsettings{'SRC_PORT'}=''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); - foreach my $key (keys %icmptypes){ - if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ - $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; - } - } - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){ - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'ICMP_TYPES'}=''; - }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){ - $fwdfwsettings{'ICMP_TYPES'}=''; - }else{ - $fwdfwsettings{'ICMP_TYPES'}=''; - $fwdfwsettings{'SRC_PORT'}=''; - $fwdfwsettings{'PROT'}=''; - } - if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){ my @parts=split(",",$fwdfwsettings{'SRC_PORT'}); my @values=(); @@ -552,11 +564,11 @@ sub checktarget } #check if Port is a single Port or portrange if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>"; return $errormessage; } - if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>"; return $errormessage; } @@ -601,17 +613,19 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; } if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ $fwdfwsettings{'TGT_PROT'}=''; $fwdfwsettings{'ICMP_TGT'}=''; + $fwdfwsettings{'TGT_PORT'}=''; #check target service if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err tgt_grp'}; } } if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ + if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>"; @@ -645,34 +659,26 @@ sub checktarget if (&General::validport($_)){ push (@values,$_); }else{ - } } } $fwdfwsettings{'TGT_PORT'}=join("|",@values); } - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){ + }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'} = ''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){ + }elsif ($fwdfwsettings{'PROT'} eq 'AH'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; $fwdfwsettings{'ICMP_TGT'}=''; - }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){ + }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){ $fwdfwsettings{$fwdfwsettings{'grp3'}} = ''; $fwdfwsettings{'TGT_PORT'} = ''; - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); - foreach my $key (keys %icmptypes){ - - if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){ - $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0]; - } - } } } } @@ -807,26 +813,68 @@ sub checkrule } } } - #check source and destination protocol if manual - if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ - if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - } - #check source and destination protocol if source manual and dest servicegrp - if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - foreach my $key (sort keys %customservice){ - if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ - if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ - $errormessage.=$Lang::tr{'fwdfw err prot'}; - last; - } + #When using source- or targetport, the protocol has to be TCP or UDP + if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port1'}; + return; + } + #when icmp selected, no targetport allowed + if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){ + $errormessage.=$Lang::tr{'fwdfw err prot_port'}; + return; + } + #change protocol if prot not equal dest single service + if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ + foreach my $key (sort keys %customservice){ + if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ + if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ + $fwdfwsettings{'PROT'} = $customservice{$key}[2]; + last; } } } } - if( $fwdfwsettings{'USE_SRC_PORT'} ne 'ON' && $fwdfwsettings{'USESRV'} ne 'ON'){ - $fwdfwsettings{'PROT'}=''; - $fwdfwsettings{'TGT_PROT'}=''; + #check source and destination protocol if source manual and dest servicegroup + if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){ + $fwdfwsettings{'PROT'} = ''; + } + #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013 + $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated) + #Check ICMP Types + if ($fwdfwsettings{'PROT'} eq 'ICMP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + #$fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); + foreach my $key (keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){ + $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]"; + } + } + }elsif($fwdfwsettings{'PROT'} eq 'GRE'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'ESP'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} eq 'AH'){ + $fwdfwsettings{'USE_SRC_PORT'}=''; + $fwdfwsettings{'SRC_PORT'}=''; + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'USESRV'}=''; + $fwdfwsettings{'TGT_PORT'}=''; + }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; + $fwdfwsettings{'PROT'} = ''; + }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){ + $fwdfwsettings{'ICMP_TYPES'}=''; } } sub checkcounter @@ -1158,7 +1206,7 @@ sub getsrcport { my %hash=%{(shift)}; my $key=shift; - if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){ + if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){ $hash{$key}[10]=~ s/|/,/g; print": $hash{$key}[10]"; }elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){ @@ -1188,8 +1236,6 @@ sub gettgtport if($service){ print": $service"; } - }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ - print":<br>$hash{$key}[13]"; } } sub get_serviceports @@ -1226,7 +1272,7 @@ sub get_serviceports } } if($tcp && $udp && $icmp){ - push (@protocols,"All"); + push (@protocols,"TCP,UDP, <br>ICMP"); return @protocols; } if($tcp){ @@ -1541,7 +1587,6 @@ END print "<option value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used()); print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used()); print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip); - if (! -z "${General::swroot}/ethernet/aliases"){ foreach my $alias (sort keys %aliases) { @@ -1552,41 +1597,51 @@ END </select></td></tr> <tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table> END - &gen_dd_block('src','grp1'); + &gen_dd_block('src','grp1'); + print"<hr>"; + &Header::closebox(); + #---SNAT / DNAT ------------------------------------------------ + &Header::openbox('100%', 'left', 'NAT'); print<<END; - <table><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table> <table width='100%' border='0'> - <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td> - <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'> + <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'} onclick="toggle_elements('natpart')" ></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr></table> + <div id="natpart" class="noscript"> + <table width=100%' border='0'><tr> + <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td> END - foreach ("TCP","UDP","GRE","ESP","AH","ICMP") + print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>"; + print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>"; + print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>"; + foreach my $alias (sort keys %aliases) { - if ($_ eq $fwdfwsettings{'PROT'}) + print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>"; + } + print"</select></td></tr>"; + $fwdfwsettings{'dnatport'}=~ tr/|/,/; + print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value="$fwdfwsettings{'dnatport'}"> </td></tr>"; + print"<tr><td colspan='8'><br></td></tr>"; + #SNAT + print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>"; + print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>"; + foreach my $alias (sort keys %aliases) { - print"<option selected>$_</option>"; - }else{ - print"<option>$_</option>"; + print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>"; } + foreach my $network (sort keys %defaultNetworks) + { + next if($defaultNetworks{$network}{'NAME'} eq "IPFire"); + next if($defaultNetworks{$network}{'NAME'} eq "ALL"); + next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i); + print "<option value='$defaultNetworks{$network}{'NAME'}'"; + print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'}); + print ">$network</option>"; } - $fwdfwsettings{'SRC_PORT'}=~ s/|/,/g; - print<<END; - </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr> - <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='width:230px;'> -END - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); - print"<option>All ICMP-Types</option>"; - foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %icmptypes){ - if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){ - print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; - }else{ - print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; - } + print"</select></td></tr></table>"; + print"</div><br><hr>"; + if ($fwdfwsettings{'USE_NAT'} ne 'ON'){ + print"<script language='JavaScript'>hide_elements('natpart');</script>"; } - print<<END; - </select></td></tr></table><br><hr> -END &Header::closebox(); - #---TARGET------------------------------------------------------ &Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'}); print<<END; @@ -1610,10 +1665,71 @@ END <tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table> END &gen_dd_block('tgt','grp2'); + print"<hr>"; + &Header::closebox; + #---PROTOCOL------------------------------------------------------ + &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'}); + print<<END; + <table width='15%' border='0' style="float:left;"> + <tr><td><select name='PROT' id='PROT' onchange="getdropdown()"> +END + if ($fwdfwsettings{'PROT'} eq ''){ + print"<option value='' selected>$Lang::tr{'all'}</option>"; + }else{ + print"<option value=''>$Lang::tr{'all'}</option>"; + } + foreach ("TCP","UDP","GRE","ESP","AH","ICMP") + { + if ($_ eq $fwdfwsettings{'PROT'}) + { + print"<option selected>$_</option>"; + }else{ + print"<option>$_</option>"; + } + } + print"</select></td></tr></table>"; + print<<END; + <div id="PROTOKOLL" class="noscript"><table width='30%' border='0' style="float:left;"><tr><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='min-width:230px;'> +END + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); + print"<option>All ICMP-Types</option>"; + foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ + if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){ + print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; + }else{ + print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; + } + } + print<<END; + </select></td></tr> + </table></div><br><br><br> +END + if ($fwdfwsettings{'PROT'} ne 'ICMP'){ + print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>"; + } + #SOURCEPORT + print<<END; + <table width='100%'><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></table> + <table width='100%' border='0'> + <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'} onclick="toggle_elements('srcport')"></td> + <td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td></tr></table> + <div id="srcport" class="noscript"><table width='100%' border='0'><tr> + <td width='70%' nowrap='nowrap' align='right'>$Lang::tr{'fwdfw man port'}</td> +END + $fwdfwsettings{'SRC_PORT'}=~ s/|/,/g; + print<<END; + <td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr> + </table></div><br> +END + if ($fwdfwsettings{'USE_SRC_PORT'} ne 'ON'){ + print"<script language='JavaScript'>hide_elements('srcport');</script>"; + } + #TARGETPORT print<<END; <hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '><br> <table width='100%' border='0'> - <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' > + <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} onclick="toggle_elements('targetport')"></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td></tr></table> + <div id="targetport" class="noscript"><table width='100%' border='0'><tr><td width='80%'></td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' > END &General::readhasharray("$configsrv", %customservice); foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){ @@ -1623,7 +1739,7 @@ END } print<<END; </select></td></tr> - <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' > + <tr><td></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' > END &General::readhasharray("$configsrvgrp", %customservicegrp); my $helper; @@ -1637,74 +1753,20 @@ END } print<<END; </select></td></tr> - <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT' onchange='checkradio(\"#TGT_PORT\")'> + <tr><td></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td> END - foreach ("TCP","UDP","GRE","ESP","AH","ICMP") - { - if ($_ eq $fwdfwsettings{'TGT_PROT'}) - { - print"<option selected>$_</option>"; - }else{ - print"<option>$_</option>"; - } - } $fwdfwsettings{'TGT_PORT'} =~ s/|/,/g; print<<END; - </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio("#TGT_PORT")'></td></tr> - <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT' style='min-width:230px;'> -END - &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); - print"<option>All ICMP-Types</option>"; - foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ - if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){ - print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; - }else{ - print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>"; - } - } - print<<END; - </select></td></tr> - </table><br><hr> - -END - &Header::closebox; - #---SNAT / DNAT ------------------------------------------------ - &Header::openbox('100%', 'left', 'NAT'); - print<<END; - <table width='100%' border='0'> - <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr> - <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td> + <td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio("#TGT_PORT")'></td></tr> + </table></div><br><hr> END - print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>"; - print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>"; - print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>"; - foreach my $alias (sort keys %aliases) - { - print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>"; + if ($fwdfwsettings{'USESRV'} ne 'ON'){ + print"<script language='JavaScript'>hide_elements('targetport');</script>"; } - print"</select></td></tr>"; - $fwdfwsettings{'dnatport'}=~ tr/|/,/; - print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value="$fwdfwsettings{'dnatport'}"> </td></tr>"; - print"<tr><td colspan='8'><br></td></tr>"; - #SNAT - print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>"; - print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>"; - foreach my $alias (sort keys %aliases) - { - print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>"; - } - foreach my $network (sort keys %defaultNetworks) - { - next if($defaultNetworks{$network}{'NAME'} eq "IPFire"); - next if($defaultNetworks{$network}{'NAME'} eq "ALL"); - next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i); - print "<option value='$defaultNetworks{$network}{'NAME'}'"; - print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'}); - print ">$network</option>"; + if ($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){ + print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>"; } - print"</select></td></tr></table>"; - print"<hr>"; - &Header::closebox(); + &Header::closebox; #---Activate/logging/remark------------------------------------- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'}); print<<END; @@ -1715,7 +1777,7 @@ END { if($fwdfwsettings{'updatefwrule'} eq 'on'){ print"<option value='$_'"; - print "selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_); + print " selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_); print">$Lang::tr{'fwdfw '.$_}</option>"; }else{ if($fwdfwsettings{'POLICY'} eq 'MODE2'){ @@ -1757,20 +1819,20 @@ END <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='9'>$Lang::tr{'fwdfw timeframe'}</td></tr> <tr><td colspan='10'> </td></tr> <tr> - <td align='left'>$Lang::tr{'time'}:</td> - <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td> + <td align='left' >$Lang::tr{'time'}: </td> + <td>$Lang::tr{'advproxy monday'}</td><td> $Lang::tr{'advproxy tuesday'} </td><td>$Lang::tr{'advproxy wednesday'}</td><td> $Lang::tr{'advproxy thursday'}</td><td> $Lang::tr{'advproxy friday'}</td><td> $Lang::tr{'advproxy saturday'}</td><td> $Lang::tr{'advproxy sunday'}</td> <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td> <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td> </tr> <tr> <td align='right'></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} /></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} /></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} /></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} /></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} /></td> - <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} /></td> - <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} /></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td> + <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td> + <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td> <td><select name='TIME_FROM'> END for (my $i=0;$i<=23;$i++) { @@ -2193,10 +2255,8 @@ END print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>"; #Get Protocol my $prot; - if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual + if ($$hash{$key}[8]){ push (@protocols,$$hash{$key}[8]); - }elsif ($$hash{$key}[12]){ #target prot if manual - push (@protocols,$$hash{$key}[12]); }elsif($$hash{$key}[14] eq 'cust_srv'){ &get_serviceports("service",$$hash{$key}[15]); }elsif($$hash{$key}[14] eq 'cust_srvgrp'){ @@ -2205,7 +2265,17 @@ END push (@protocols,$Lang::tr{'all'}); } my $protz=join(",",@protocols); - print"<td align='center'>$protz</td>"; + if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){ + &General::readhasharray("${General::swroot}/fwhosts/icmp-types", %icmptypes); + foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){ + if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){ + print "<td align='center'><span title='$icmptypes{$keyicmp}[0]'><b>$protz ($icmptypes{$keyicmp}[1])</b></span></td>"; + last; + } + } + }else{ + print"<td align='center'>$protz</td>"; + } @protocols=(); #SOURCE my $ipfireiface; diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 2d4c69f..90a5594 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1740,7 +1740,7 @@ sub viewtableservicegrp } } print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>"; - if ($number gt '1'){ + if ($delflag gt '1'){ print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />"; } print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 92b8fd0..68dd61a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -933,6 +933,8 @@ 'fwdfw err notgt' => 'Kein Ziel ausgewählt', 'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben', 'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein', +'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt', +'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.', 'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen', 'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits', 'fwdfw err same' => 'Quelle und Ziel sind identisch', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 085ee22..b625a6c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -958,6 +958,8 @@ 'fwdfw err notgt' => 'No destination selected.', 'fwdfw err notgtip' => 'Please provide a destination IP address.', 'fwdfw err prot' => 'Source and destination protocol need to match.', +'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol', +'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol', 'fwdfw err remark' => 'Invalid characters in remark.', 'fwdfw err ruleexists' => 'This rule already exists.', 'fwdfw err same' => 'Source and destination are identical.', @@ -1022,7 +1024,7 @@ 'fwhost addgrp' => 'Add new network/host group:', 'fwhost addgrpname' => 'Group name:', 'fwhost addhost' => 'Add new host:', -'fwhost addnet' => 'Add new hetwork:', +'fwhost addnet' => 'Add new network:', 'fwhost addrule' => 'Add/edit rule:', 'fwhost addservice' => 'Add service:', 'fwhost addservicegrp' => 'Add new service group:',
hooks/post-receive -- IPFire 2.x development tree