This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via cdb4dc96305083c0d16977fb6e1db1d665bb6196 (commit) via d9716b067d5ad6c904653840c70d9fde01eac3f7 (commit) from 4247f58a1295e4f8748eea61baf5f9aa03872806 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit cdb4dc96305083c0d16977fb6e1db1d665bb6196 Merge: d9716b0 4247f58 Author: Christian Schmidt christian.schmidt@ipfire.org Date: Thu Sep 2 20:05:11 2010 +0200
Merge branch 'master' of git://git.ipfire.org/ipfire-2.x
commit d9716b067d5ad6c904653840c70d9fde01eac3f7 Author: Christian Schmidt christian.schmidt@ipfire.org Date: Thu Sep 2 20:04:03 2010 +0200
Readded the mac filter to the outgoing firewall. Added mac groups. This feature was requested by bug #0000705.
-----------------------------------------------------------------------
Summary of changes: config/outgoingfw/outgoingfw.pl | 38 +++++--- config/rootfiles/common/configroot | 2 +- html/cgi-bin/outgoingfw.cgi | 55 +++++++++--- html/cgi-bin/outgoinggrp.cgi | 170 +++++++++++++++++++++++++++++++++--- langs/de/cgi-bin/de.pl | 22 +++-- langs/en/cgi-bin/en.pl | 22 +++-- langs/es/cgi-bin/es.pl | 11 ++- langs/fr/cgi-bin/fr.pl | 22 +++-- lfs/configroot | 10 +- src/initscripts/init.d/firewall | 3 + 10 files changed, 276 insertions(+), 79 deletions(-)
Difference in files: diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 1bdd612..b323c38 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -94,7 +94,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) { $outfwsettings{'STATE'} = "DENY"; $POLICY = "ACCEPT"; - $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'"; + $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '"; }
### Initialize IPTables @@ -102,6 +102,10 @@ system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1"); system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1"); system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1");
+system("/sbin/iptables --flush OUTGOINGFWMAC >/dev/null 2>&1"); +system("/sbin/iptables --delete-chain OUTGOINGFWMAC >/dev/null 2>&1"); +system("/sbin/iptables -N OUTGOINGFWMAC >/dev/null 2>&1"); + if ( $outfwsettings{'POLICY'} eq 'MODE0' ) { exit 0 } @@ -109,8 +113,12 @@ if ( $outfwsettings{'POLICY'} eq 'MODE0' ) { if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j ACCEPT"; + if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j ACCEPT"; + if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } }
foreach $configentry (sort @configs) @@ -148,16 +156,20 @@ foreach $configentry (sort @configs) } elsif ($configline[2] eq 'all') { @SOURCE = ("0/0"); $DEV = ""; + } elsif ($configline[2] eq 'mac') { + @SOURCE = ("$configline[6]"); + $DEV = ""; } else { - if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) - { + if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) { @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`; + } elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) { + @SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`; } $DEV = ""; }
if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; } - + if ($configline[3] eq 'tcp') { @PROTO = ("tcp"); } elsif ($configline[3] eq 'udp') { @@ -174,9 +186,14 @@ foreach $configentry (sort @configs) foreach $SOURCE (@SOURCE) { $SOURCE =~ s/\s//gi;
- if ( $SOURCE eq "" ){next;} + if ( $SOURCE eq "" ){next;}
- $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; + if ( $configline[6] ne "" ){ + $SOURCE =~ s/[^a-zA-Z0-9]/:/gi; + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO"; + } else { + $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; + }
if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) { $DPORT = "$configline[8]"; @@ -187,11 +204,6 @@ foreach $configentry (sort @configs) $CMD = "$CMD -i $DEV"; }
- if ($configline[6]) { - $MAC = "$configline[6]"; - $CMD = "$CMD -m mac --mac-source $MAC"; - } - if ($configline[17] && $configline[18]) { if ($configline[10]){$DAY = "Mon,"} if ($configline[11]){$DAY .= "Tue,"} @@ -263,10 +275,10 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { } }
- $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'"; + $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW '"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } -} +} \ No newline at end of file diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index abc1ee3..5f0faf3 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -102,7 +102,7 @@ var/ipfire/outgoing var/ipfire/outgoing/defaultservices #var/ipfire/outgoing/groups #var/ipfire/outgoing/groups/ipgroups -#var/ipfire/outgoing/ipgroups +#var/ipfire/outgoing/groups/macgroups #var/ipfire/outgoing/p2protocols #var/ipfire/outgoing/rules #var/ipfire/outgoing/settings diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index b746a8e..3482f35 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -321,7 +321,7 @@ END $outfwsettings{'ACTION'} = 'Add rule'; } } -if ($outfwsettings{'ACTION'} eq 'Add rule') +if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &addrule(); exit @@ -343,7 +343,7 @@ if ($outfwsettings{'POLICY'} ne 'MODE0'){ &Header::openbox('100%', 'center', 'Rules'); print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='submit' name='ACTION' value='Add rule' /> + <input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' /> </form> END ; @@ -462,14 +462,22 @@ END END ; if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { - unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } - unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } - print <<END - <tr><td width='14%' align='right'>$Lang::tr{'source ip or net'}: - <td width='14%' align='left'>$outfwsettings{'DISPLAY_SIP'} - <td width='44%' colspan='2' align='center'> -END -; + + unless ($outfwsettings{'SIP'}) { + $outfwsettings{'DISPLAY_SIP'} = 'ALL'; + } else { + $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; + } + + unless ($outfwsettings{'SMAC'}) { + $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; + print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>"; + print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>"; + } else { + $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; + print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>"; + print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>"; + } } print <<END <tr><td width='14%' align='right'>$Lang::tr{'time'} - </td> @@ -627,7 +635,7 @@ print <<END <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td> </tr> <tr> - <td width='20%' align='right'>$Lang::tr{'protocol'}:</td> + <td width='20%' align='right'>$Lang::tr{'protocol'}</td> <td width='30%' align='left'> <select name='PROT'> <option value='all' $selected{'PROT'}{'all'}>All</option> @@ -655,6 +663,9 @@ END <select name='SNET'> <optgroup label='---'> <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option> + <optgroup label='$Lang::tr{'mac address'}'> + <option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option> + </optgroup> <optgroup label='$Lang::tr{'ip address'}'> <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option> <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option> @@ -674,7 +685,7 @@ END } print <<END </optgroup> - <optgroup label='$Lang::tr{'advproxy NCSA group'}'> + <optgroup label='IP $Lang::tr{'advproxy NCSA group'}'> END ; my @ipgroups = qx(ls $configpath/ipgroups/); @@ -683,10 +694,26 @@ END } print <<END </optgroup> + <optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'> +END +; + my @macgroups = qx(ls $configpath/macgroups/); + foreach (sort @macgroups){ + print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{'$_'}>$_</option>\n"; + } + print <<END + </optgroup> </select> </td> - <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td> - <td width='30%' align='left' colspan='2'><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td> + <td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoingfw warning'}</font></td> + </tr> + <tr> + <td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td> + <td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td> + </tr> + <tr> + <td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' /> + <td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' /> </tr> <tr> <td width='20%' align='right'>$Lang::tr{'logging'}:</td> diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi index a94ac82..28e5261 100644 --- a/html/cgi-bin/outgoinggrp.cgi +++ b/html/cgi-bin/outgoinggrp.cgi @@ -48,13 +48,13 @@ my %mainsettings = (); ### Values that have to be initialized $outgrpsettings{'ACTION'} = ''; $outgrpsettings{'ipgroup'} = 'none'; -$outgrpsettings{'portgroup'} = 'none'; +$outgrpsettings{'macgroup'} = 'none';
&Header::getcgihash(%outgrpsettings); delete $outgrpsettings{'__CGI__'};delete $outgrpsettings{'x'};delete $outgrpsettings{'y'};
$selected{'ipgroup'}{$outgrpsettings{'ipgroup'}} = "selected='selected'"; -$selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'"; +$selected{'macgroup'}{$outgrpsettings{'macgroup'}} = "selected='selected'";
&Header::openpage($Lang::tr{'outgoing firewall groups'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -75,24 +75,46 @@ $selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'"; ############################################################################################################################ ############################################################################################################################
-if ($errormessage) -{ - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<class name='base'>$errormessage\n"; - print " </class>\n"; - &Header::closebox(); -} - if ($outgrpsettings{'ACTION'} eq 'newipgroup') { &newipgroup(); } elsif ($outgrpsettings{'ACTION'} eq 'deleteipgroup' ) { unlink("$configpath/ipgroups/$outgrpsettings{'ipgroup'}"); } elsif ($outgrpsettings{'ACTION'} eq 'addipgroup') { - open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; - flock (FILE, 2); - print FILE $outgrpsettings{'ipgroupcontent'}."\n"; - close FILE; + + if ( -e "$configpath/macgroups/$outgrpsettings{'ipgroup'}" ){ + $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } else { + open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; + flock (FILE, 2); + print FILE $outgrpsettings{'ipgroupcontent'}."\n"; + close FILE; + } +} + +if ($outgrpsettings{'ACTION'} eq 'newmacgroup') +{ + &newmacgroup(); +} elsif ($outgrpsettings{'ACTION'} eq 'deletemacgroup' ) { + unlink("$configpath/macgroups/$outgrpsettings{'macgroup'}"); +} elsif ($outgrpsettings{'ACTION'} eq 'addmacgroup') { + + if ( -e "$configpath/ipgroups/$outgrpsettings{'macgroup'}" ){ + $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } else { + open (FILE, ">$configpath/macgroups/$outgrpsettings{'macgroup'}") or die "Can't save $outgrpsettings{'macgroup'} settings $!"; + flock (FILE, 2); + print FILE $outgrpsettings{'macgroupcontent'}."\n"; + close FILE; + } +} + +if ($errormessage) +{ + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<class name='base'><font color=red>$errormessage\n</font>"; + print " </class>\n"; + &Header::closebox(); }
############################################################################################################################ @@ -107,6 +129,7 @@ $ipgroupcontent =~ s/\n/<br />/g; &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'});
print <<END +<a name="outgoing showipgroup"</a> <br /> <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> <table width='95%' cellspacing='0'> @@ -171,9 +194,91 @@ END ; &Header::closebox();
+############################################################################################################################ +############################################################################################################################ + +my @macgroups = qx(ls $configpath/macgroups/); +if ($outgrpsettings{'macgroup'} eq "none" and $#macgroups >= 0 ){ $outgrpsettings{'macgroup'} = $macgroups[0];} + +my $macgroupcontent = `cat $configpath/macgroups/$outgrpsettings{'macgroup'} 2>/dev/null`; +$macgroupcontent =~ s/\n/<br />/g; + +&Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall mac groups'}); + +print <<END +<a name="outgoing showmacgroup"</a> +<br /> +<form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> +<table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall mac groups'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'><select name='macgroup' style="width: 200px"> +END +; +foreach my $member (@macgroups) {chomp $member;print" <option value='$member' $selected{'macgroup'}{$member}>$member</option>\n";} +print <<END + </select></td> + <td align='left'> + <input type='hidden' name='ACTION' value='showmacgroup' /> + <input type='image' alt='$Lang::tr{'outgoing firewall view group'}' title='$Lang::tr{'outgoing firewall view group'}' src='/images/format-justify-fill.png' /> + </td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='left'><font size=1>$macgroupcontent</font></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='center'><font size=1>$Lang::tr{'outgoing firewall mac groups'} - $outgrpsettings{'macgroup'}</font></td> + </tr> +</table> +</form> +<table width='10%' cellspacing='0'> +<tr> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='newmacgroup' /> + <input type='image' alt='$Lang::tr{'new'}' title='$Lang::tr{'new'}' src='/images/list-add.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='savemacgroup' /> + <input type='hidden' name='macgroup' value='$outgrpsettings{'macgroup'}' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='deletemacgroup' /> + <input type='hidden' name='macgroup' value='$outgrpsettings{'macgroup'}' /> + <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /> + </form> + </td> +</tr> +</table> + +END +; +&Header::closebox(); + &Header::closebigbox(); &Header::closepage();
+ +############################################################################################################################ +############################################################################################################################ + + sub newipgroup { &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add ip group'}); @@ -210,3 +315,40 @@ END &Header::closepage(); exit 0; } + +sub newmacgroup +{ + &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add mac group'}); + +print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall add mac group'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'> + <input type='text' name='macgroup' value='newgroup' size="30" /> + </td> + <td align='left'> + <input type='hidden' name='ACTION' value='addmacgroup' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </td> + </tr> + <tr> + <td align='left' colspan='3'> + <textarea name="macgroupcontent" cols="20" rows="5" Wrap="off">00:24:F6:04:5F:2b\n14:26:36:5A:5F:2B\n</textarea> + </td> + </tr> + </table> + </form> +END +; + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit 0; +} \ No newline at end of file diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 7d55857..aa09abe 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -22,6 +22,7 @@ 'ConnSched scheduled actions' => 'Geplante Aktionen', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Wähle Profil', +'outgoingfw warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese', 'ConnSched time' => 'Zeit:', 'ConnSched up' => 'Hoch', 'ConnSched weekdays' => 'Wochentage:', @@ -1275,17 +1276,20 @@ 'outgoing firewall groups' => 'Firewall Gruppen', 'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen', 'outgoing firewall ip groups' => 'Ausgehende Firewall IP Adressgruppen', +'outgoing firewall add mac group' => 'MAC Adressgruppen hinzufügen', +'outgoing firewall mac groups' => 'Ausgehende Firewall MAC Adressgruppen', 'outgoing firewall view group' => 'Gruppe anzeigen', +'outgoing firewall group error' => 'Eine Gruppe mit dem selben Namen existiert bereits.', 'outgoing traffic in bytes per second' => 'Abgehender Verkehr', -'outgoingfw mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.', -'outgoingfw mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.', -'outgoingfw mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.', -'outgoingfw p2p description 1' => 'Das Symbol', -'outgoingfw p2p description 2' => 'bedeutet, dass das P2P-Protokoll erlaubt wird oder', -'outgoingfw p2p description 3' => 'das P2P-Protokoll gesperrt wird.', -'outgoingfw p2p deny' => 'P2P-Protokoll ist gesperrt!', -'outgoingfw p2p allow' => 'P2P-Protokoll ist erlaubt!', -'outgoingfw reset' => 'Alle Regeln löschen', +'outgoing firewall mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.', +'outgoing firewall mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.', +'outgoing firewall mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.', +'outgoing firewall p2p description 1' => 'Das Symbol', +'outgoing firewall p2p description 2' => 'bedeutet, dass das P2P-Protokoll erlaubt wird oder', +'outgoing firewall p2p description 3' => 'das P2P-Protokoll gesperrt wird.', +'outgoing firewall p2p deny' => 'P2P-Protokoll ist gesperrt!', +'outgoing firewall p2p allow' => 'P2P-Protokoll ist erlaubt!', +'outgoing firewall reset' => 'Alle Regeln löschen', 'override mtu' => 'Überschreibe Standard MTU', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Verbindungs-Statistik', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a66ec67..7fbeb39 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -19,6 +19,7 @@ 'ConnSched ipsecstop' => 'IPSec stop', 'ConnSched reconnect' => 'Reconnect', 'ConnSched scheduled actions' => 'Scheduled actions', +'outgoingfw warning' => 'Not selecting source ip or mac ignores them', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Select profile', 'modify' => 'Modify', @@ -1304,17 +1305,20 @@ 'outgoing firewall groups' => 'Firewall Groups', 'outgoing firewall add ip group' => 'Add IP Address Group', 'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups', +'outgoing firewall add mac group' => 'Add MAC Address Group', +'outgoing firewall mac groups' => 'Outgoing Firewall MAC Adress Groups', 'outgoing firewall view group' => 'View group', +'outgoing firewall group error' => 'A group with the same name exists.', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', -'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', -'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', -'outgoingfw mode2' => 'Using this mode, all connections are allowed despited off the defined ones.', -'outgoingfw p2p description 1' => 'The button', -'outgoingfw p2p description 2' => 'means that the p2p protocol is allowed or', -'outgoingfw p2p description 3' => 'that the p2p protocol is denied.', -'outgoingfw p2p deny' => 'p2p protocol is denied', -'outgoingfw p2p allow' => 'p2p protocol is allowed', -'outgoingfw reset' => 'Reset all', +'outgoing firewall mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', +'outgoing firewall mode1' => 'Using this mode, only connections based on the defined rules are allowed.', +'outgoing firewall mode2' => 'Using this mode, all connections are allowed despited off the defined ones.', +'outgoing firewall p2p description 1' => 'The button', +'outgoing firewall p2p description 2' => 'means that the p2p protocol is allowed or', +'outgoing firewall p2p description 3' => 'that the p2p protocol is denied.', +'outgoing firewall p2p deny' => 'p2p protocol is denied', +'outgoing firewall p2p allow' => 'p2p protocol is allowed', +'outgoing firewall reset' => 'Reset all', 'override mtu' => 'Override default MTU', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Connection Statistics', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 5a2fbe3..8b7d293 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -18,6 +18,7 @@ 'ConnSched ipsecstop' => 'Detener IPSec', 'ConnSched reconnect' => 'Reconectar', 'ConnSched scheduled actions' => 'Acciones planificadas', +'outgoingfw warning' => 'No seleccionar ip origen o mac las ignora', 'ConnSched scheduler' => 'Planificador', 'ConnSched select profile' => 'Elegir Perfil', 'modify' => 'Modificar', @@ -1300,11 +1301,11 @@ 'outgoing' => 'salida', 'outgoing firewall' => 'Firewall de salida', 'outgoing traffic in bytes per second' => 'Tráfico de salida', -'outgoingfw mode0' => 'Usando este modo, todos los clientes tienen acceso al internet sin restricciones.', -'outgoingfw mode1' => 'Usando este modo, solamente las conexión basadas en las reglas definidas son permitidas.', -'outgoingfw mode2' => 'Usando este modo, todas las conexioens son permitidas sin importar las ya definidias.', -'outgoingfw p2p description' => 'Presiones el botón correspondiente para activar/desactivar el módulo de bloqueo P2P', -'outgoingfw reset' => 'Restablecer todo', +'outgoing firewall mode0' => 'Usando este modo, todos los clientes tienen acceso al internet sin restricciones.', +'outgoing firewall mode1' => 'Usando este modo, solamente las conexión basadas en las reglas definidas son permitidas.', +'outgoing firewall mode2' => 'Usando este modo, todas las conexioens son permitidas sin importar las ya definidias.', +'outgoing firewall p2p description' => 'Presiones el botón correspondiente para activar/desactivar el módulo de bloqueo P2P', +'outgoing firewall reset' => 'Restablecer todo', 'override mtu' => 'Sobreescribir MTU por defecto', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'Estadisticas de conexión OpenVPN', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index dbc11bf..7d76c78 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -18,6 +18,7 @@ 'ConnSched ipsecstart' => 'IPSec (re)démarrage', 'ConnSched ipsecstop' => 'IPSec arrêt', 'ConnSched reconnect' => 'Reconnecter', +'outgoingfw warning' => 'Ne pas choisir IP source ou Mac ignore les', 'ConnSched scheduled actions' => 'Actions planifiées', 'ConnSched scheduler' => 'Planificateur', 'ConnSched select profile' => 'Sélectionner profil', @@ -1301,17 +1302,20 @@ 'outgoing firewall groups' => 'Groupes de pare-feu', 'outgoing firewall add ip group' => 'Ajouter un groupe d'adresses IP', 'outgoing firewall ip groups' => 'Groupes d'adresses IP du pare-feu sortant', +'outgoing firewall add mac group' => 'Ajouter un groupe d'adresses MAC', +'outgoing firewall mac groups' => 'Groupes d'adresses MAC du pare-feu sortant', 'outgoing firewall view group' => 'Voir le groupe', +'outgoing firewall group error' => 'Un groupe portant le même nom existe.', 'outgoing traffic in bytes per second' => 'Trafic sortant', -'outgoingfw mode0' => 'En utilisant ce mode, tous les clients peuvent avoir accès à Internet sans restrictions.', -'outgoingfw mode1' => 'En utilisant ce mode, seules les connexions basées sur les règles prédéfinies sont autorisées.', -'outgoingfw mode2' => 'En utilisant ce mode, toutes les connexions sont autorisées sans tenir compte de la liste de définitions.', -'outgoingfw p2p description 1' => 'Le bouton', -'outgoingfw p2p description 2' => ' signifie que le protocol est autorisé ou', -'outgoingfw p2p description 3' => 'que le protocole p2p est bloqué.', -'outgoingfw p2p deny' => 'le protocole p2p est refusé', -'outgoingfw p2p allow' => 'le protocole p2p est autorisé', -'outgoingfw reset' => 'Tout réinitialiser', +'outgoing firewall mode0' => 'En utilisant ce mode, tous les clients peuvent avoir accès à Internet sans restrictions.', +'outgoing firewall mode1' => 'En utilisant ce mode, seules les connexions basées sur les règles prédéfinies sont autorisées.', +'outgoing firewall mode2' => 'En utilisant ce mode, toutes les connexions sont autorisées sans tenir compte de la liste de définitions.', +'outgoing firewall p2p description 1' => 'Le bouton', +'outgoing firewall p2p description 2' => ' signifie que le protocol est autorisé ou', +'outgoing firewall p2p description 3' => 'que le protocole p2p est bloqué.', +'outgoing firewall p2p deny' => 'le protocole p2p est refusé', +'outgoing firewall p2p allow' => 'le protocole p2p est autorisé', +'outgoing firewall reset' => 'Tout réinitialiser', 'override mtu' => 'Outrepasser le MTU par défaut', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'Statistiques de connexions OpenVPN', diff --git a/lfs/configroot b/lfs/configroot index 544bb25..ff1a206 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -51,12 +51,12 @@ $(TARGET) :
# Create all directories for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns \ - ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ + ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \ - patches pakfire portfw ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red \ - remote sensors snort time tripwire/report updatexlrator/bin updatexlrator/autocheck \ - urlfilter/autoupdate urlfilter/bin upnp vpn \ - wakeonlan wireless xtaccess ; do \ + outgoing/groups/macgroups patches pakfire portfw ppp private proxy/advanced/cre \ + proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ + updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ + wakeonlan wireless xtaccess ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index c38cce5..b9f3908 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -147,6 +147,7 @@ case "$1" in /sbin/iptables -N CUSTOMOUTPUT /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT /sbin/iptables -N OUTGOINGFW + /sbin/iptables -N OUTGOINGFWMAC /sbin/iptables -A OUTPUT -j OUTGOINGFW /sbin/iptables -t nat -N CUSTOMPREROUTING /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING @@ -183,6 +184,8 @@ case "$1" in
# Outgoing Firewall /sbin/iptables -A FORWARD -j OUTGOINGFW + /sbin/iptables -A FORWARD -j OUTGOINGFWMAC + /sbin/iptables -A INPUT -j OUTGOINGFWMAC
# localhost and ethernet. /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
hooks/post-receive -- IPFire 2.x development tree