This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 508b73104f689672260d4f464325c3dc35a32945 (commit) via f09a0af571c03ef5222e0587e940a6df3926da07 (commit) via e897bfebe73bb147056f93d120daabe5c09af95d (commit) via 45762fc662cd8e869af561d6856a909a7dfe6082 (commit) from 126246a8caba9de88c85603dda188fbb35cfc917 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 508b73104f689672260d4f464325c3dc35a32945 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Nov 15 21:44:09 2010 +0100
Add changes to updater.
commit f09a0af571c03ef5222e0587e940a6df3926da07 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Nov 15 19:39:48 2010 +0100
proxy.cgi: write networks in cidr notation.
commit e897bfebe73bb147056f93d120daabe5c09af95d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Nov 15 19:37:59 2010 +0100
ipsec: write networks in ipsec.conf in cidr notation.
commit 45762fc662cd8e869af561d6856a909a7dfe6082 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Nov 15 19:35:22 2010 +0100
general-functions: add function to convert ip/mask to ip/cidr.
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 7 +++++ config/rootfiles/core/test/filelists/files | 1 + html/cgi-bin/proxy.cgi | 34 ++++++++++++++++----------- html/cgi-bin/vpnmain.cgi | 23 ++++++++++++++---- 4 files changed, 46 insertions(+), 19 deletions(-)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 84aa8aa..cd4bfd5 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -18,6 +18,7 @@ use strict; use Socket; use IO::Socket; use Net::SSLeay; +use Net::IPv4Addr;
$|=1; # line buffering
@@ -407,6 +408,12 @@ sub NextIP ); }
+sub ipcidr +{ + my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); + return "$ip/$cidr"; +} + sub validemail { my $mail = shift; return 0 if ( $mail !~ /^[0-9a-zA-Z.-_]+@[0-9a-zA-Z.-]+$/ ); diff --git a/config/rootfiles/core/test/filelists/files b/config/rootfiles/core/test/filelists/files index 5e17384..369dd01 100644 --- a/config/rootfiles/core/test/filelists/files +++ b/config/rootfiles/core/test/filelists/files @@ -5,5 +5,6 @@ srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/speed.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/html/images/urlfilter/copy.gif +var/ipfire/general-functions.pl usr/local/bin/rebuild-initrd usr/bin/ldd diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index aaaec87..55d7ec9 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -180,6 +180,12 @@ close(FILE); &General::readhash("${General::swroot}/ethernet/settings", %netsettings); &General::readhash("${General::swroot}/main/settings", %mainsettings);
+my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); +my $blue_cidr = "# Blue not defined"; +if ($netsettings{'BLUE_DEV'}) { + $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); +} + &Header::showhttpheaders();
$proxysettings{'ACTION'} = ''; @@ -1193,10 +1199,10 @@ END
if (!$proxysettings{'SRC_SUBNETS'}) { - print "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}\n"; + print "$green_cidr\n"; if ($netsettings{'BLUE_DEV'}) { - print "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; + print "$blue_cidr\n"; } } else { print $proxysettings{'SRC_SUBNETS'}; }
@@ -1785,9 +1791,9 @@ print <<END END ; if (!$proxysettings{'IDENT_HOSTS'}) { - print "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}\n"; + print "$green_cidr\n"; if ($netsettings{'BLUE_DEV'}) { - print "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; + print "$blue_cidr\n"; } } else { print $proxysettings{'IDENT_HOSTS'}; @@ -2692,10 +2698,10 @@ sub write_acls flock(FILE, 2); if (!$proxysettings{'SRC_SUBNETS'}) { - print FILE "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}\n"; + print FILE "$green_cidr\n"; if ($netsettings{'BLUE_DEV'}) { - print FILE "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; + print FILE "$blue_cidr\n"; } } else { print FILE $proxysettings{'SRC_SUBNETS'}; } close(FILE); @@ -3319,8 +3325,8 @@ END }
print FILE <<END -acl all src all -acl localhost src 127.0.0.1/255.255.255.255 +#acl all src all +acl localhost src 127.0.0.1/32 END ; open (PORTS,"$acl_ports_ssl"); @@ -3344,12 +3350,12 @@ acl IPFire_https port $https_port acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'} acl IPFire_networks src "$acl_src_subnets" acl IPFire_servers dst "$acl_src_subnets" -acl IPFire_green_network src $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'} -acl IPFire_green_servers dst $netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'} +acl IPFire_green_network src $green_cidr +acl IPFire_green_servers dst $green_cidr END ; - if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; } - if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}\n"; } + if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; } + if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; } if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src "$acl_src_banned_ip"\n"; } if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp "$acl_src_banned_mac"\n"; } if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src "$acl_src_unrestricted_ip"\n"; } @@ -3397,7 +3403,7 @@ END my $blue_net = ''; #BLUE empty by default my $blue_ip = ''; if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') { - $blue_net = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + $blue_net = "$blue_cidr"; $blue_ip = "$netsettings{'BLUE_ADDRESS'}"; } if (!-z $acl_include) @@ -3406,7 +3412,7 @@ END print FILE "\n#Start of custom includes\n\n"; while (<ACL>) { $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; - $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}/; + $_ =~ s/__GREEN_NET__/$green_cidr/; $_ =~ s/__BLUE_IP__/$blue_ip/; $_ =~ s/__BLUE_NET__/$blue_net/; $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 5fb6055..e60a8ba 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -58,6 +58,17 @@ my %mainsettings = (); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color);
&General::readhash("${General::swroot}/ethernet/settings", %netsettings); + +my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); +my $blue_cidr = "# Blue not defined"; +if ($netsettings{'BLUE_DEV'}) { + $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); +} +my $orange_cidr = "# Orange not defined"; +if ($netsettings{'ORANGE_DEV'}) { + $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); +} + $cgiparams{'ENABLED'} = 'off'; $cgiparams{'EDIT_ADVANCED'} = 'off'; $cgiparams{'ACTION'} = ''; @@ -270,12 +281,12 @@ sub writeipsecfiles { print CONF "\tnat_traversal=yes\n"; print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne ''); print CONF "\tvirtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16"; - print CONF ",%v4:!$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; + print CONF ",%v4:!$green_cidr"; if (length($netsettings{'ORANGE_DEV'}) > 2) { - print CONF ",%v4:!$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; + print CONF ",%v4:!$orange_cidr"; } if (length($netsettings{'BLUE_DEV'}) > 2) { - print CONF ",%v4:!$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; + print CONF ",%v4:!$blue_cidr"; } foreach my $key (keys %lconfighash) { if ($lconfighash{$key}[3] eq 'net') { @@ -320,13 +331,15 @@ sub writeipsecfiles { print CONF "conn $lconfighash{$key}[1]\n"; print CONF "\tleft=$localside\n"; print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute'); - print CONF "\tleftsubnet=$lconfighash{$key}[8]\n"; + my $cidr_net=&General::ipcidr($lconfighash{$key}[8]); + print CONF "\tleftsubnet=$cidr_net\n"; print CONF "\tleftfirewall=yes\n"; print CONF "\tlefthostaccess=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n"; if ($lconfighash{$key}[3] eq 'net') { - print CONF "\trightsubnet=$lconfighash{$key}[11]\n"; + my $cidr_net=&General::ipcidr($lconfighash{$key}[11]); + print CONF "\trightsubnet=$cidr_net\n"; print CONF "\trightnexthop=%defaultroute\n"; } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors? print CONF "\trightsubnet=vhost:%no,%priv\n";
hooks/post-receive -- IPFire 2.x development tree