[git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 50ce309b6ab17dc61648e7d6654117d5e1661cd7 - IPFire-SCM

9 Dec 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
       via  50ce309b6ab17dc61648e7d6654117d5e1661cd7 (commit)
       via  fe2bae3b747530a37cbe37247aa1d974f15f51a6 (commit)
       via  a8ec686f17764d2c4e62692e7ffc94ad9cbdff53 (commit)
       via  82b837cff888157358cfbfbf1a29e3dce5956ca9 (commit)
      from  3a3759c625c593e70a7bea479c11834152681565 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 50ce309b6ab17dc61648e7d6654117d5e1661cd7
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Dec 9 11:06:50 2013 +0100
Firewall: added DNS (UDP,TCP) to default services
commit fe2bae3b747530a37cbe37247aa1d974f15f51a6
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Dec 9 09:33:21 2013 +0100
Firewall: Fix BETA8 - It was not possible to delete single services from servicegroups
commit a8ec686f17764d2c4e62692e7ffc94ad9cbdff53
Merge: 82b837c 3a3759c
Author: Alexander Marx amarx@ipfire.org
Date:   Mon Dec 9 09:29:50 2013 +0100
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen1
commit 82b837cff888157358cfbfbf1a29e3dce5956ca9
Author: Alexander Marx amarx@ipfire.org
Date:   Fri Dec 6 08:47:11 2013 +0100
Firewall: Added new feature: Now protocols can be added to servicegroups (GRE,AH,ESP,IPIP,IPV6)
-----------------------------------------------------------------------
Summary of changes:
 config/firewall/firewall-lib.pl |  5 +++-
 config/firewall/rules.pl        |  6 +++++
 config/fwhosts/customservices   |  8 ++++---
 html/cgi-bin/fwhosts.cgi        | 51 ++++++++++++++++++++++++++++++-----------
 4 files changed, 52 insertions(+), 18 deletions(-)
Difference in files:

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index 8cff76b..fc80555 100755
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -90,7 +90,10 @@ sub get_srvgrp_prot
    			$udp=1;
    		}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
    			$icmp=1;
-			} 
+			}else{
+				#Protocols used in servicegroups
+				push (@ips,$customservicegrp{$key}[2]);
+			}
    	}
    }
    if ($tcp eq '1'){push (@ips,'TCP');}
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c54a2eb..d0a9e20 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -252,6 +252,9 @@ sub buildrules
    			#print rules to console
    			foreach my $DPROT (@DPROT){
    				$DPORT = &get_port($hash,$key,$DPROT);
+					if ($DPROT ne 'TCP' && $DPROT ne 'UDP' && $DPROT ne 'ICMP' ){
+						$DPORT='';
+					}
    				$PROT=$DPROT;
    				$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
    				foreach my $a (sort keys %sourcehash){
@@ -333,6 +336,9 @@ sub buildrules
    				$DPORT = &get_port($hash,$key,$DPROT);
    				$PROT=$DPROT;
    				$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+					if ($DPROT ne 'TCP' && $DPROT ne'UDP' && $DPROT ne 'ICMP' ){
+						$DPORT='';
+					}
    				foreach my $a (sort keys %sourcehash){
    					foreach my $b (sort keys %targethash){
    						if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
diff --git a/config/fwhosts/customservices b/config/fwhosts/customservices
index 07dd3d2..7f9ae3a 100644
--- a/config/fwhosts/customservices
+++ b/config/fwhosts/customservices
@@ -1,15 +1,16 @@
 32,rsync,873,TCP,BLANK,0
+33,DNS (UDP),53,UDP,,0
 21,IMAPS,993,TCP,BLANK,0
 7,WINS,42,TCP,BLANK,0
 26,LPD,515,TCP,BLANK,0
-17,IRC,194,TCP,BLANK,0
 2,FTP-control,21,TCP,BLANK,0
+17,IRC,194,TCP,BLANK,0
 1,FTP-data,20,TCP,BLANK,0
 18,HTTPS,443,TCP,BLANK,0
 30,NFS,2049,TCP,BLANK,0
 16,SNMP,161,UDP,BLANK,0
-25,IPP (UDP),631,UDP,BLANK,0
 27,JetDirect,9100,TCP,BLANK,0
+25,IPP (UDP),631,UDP,BLANK,0
 28,LDAP,389,TCP,BLANK,0
 14,NetBIOS Session Service,139,TCP,BLANK,0
 20,FTPS control,990,TCP,BLANK,0
@@ -18,8 +19,8 @@
 31,Radius,1812,TCP,BLANK,0
 11,NTP,123,UDP,BLANK,0
 22,POP3S,995,TCP,BLANK,0
-13,NetBIOS Datagram Service,138,TCP,BLANK,0
 23,RDP,3389,TCP,BLANK,0
+13,NetBIOS Datagram Service,138,TCP,BLANK,0
 29,LDAPS,636,TCP,BLANK,0
 6,Time,37,TCP,BLANK,0
 3,SSH,22,TCP,BLANK,0
@@ -28,5 +29,6 @@
 15,IMAP,143,TCP,BLANK,0
 8,HTTP,80,TCP,BLANK,0
 4,Telnet,23,UDP,BLANK,0
+34,DNS (TCP),53,TCP,,0
 19,FTPS data,989,TCP,BLANK,0
 5,SMTP,25,TCP,BLANK,0
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index bc9ca85..7f4b63c 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -769,8 +769,8 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
    &General::readhasharray("$configsrvgrp", %customservicegrp );
    &General::readhasharray("$configsrv", %customservice );
    $errormessage=&checkservicegroup;
-	#Check if we have more than 13 services from one Protocol in the group
-	#iptables can only handle 13 ports/portranges via multiport
+	#Check if we have more than 15 services from one Protocol in the group
+	#iptables can only handle 15 ports/portranges via multiport
    foreach my $key (keys %customservicegrp){
    	if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
    		foreach my $key1 (keys %customservice){
@@ -1036,12 +1036,12 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
    				last;
    			}
    		}
-			&General::writehasharray("$configsrv", %customservice);
    		$grpname=$customservicegrp{$key}[0];
    		$grpremark=$customservicegrp{$key}[1];
    		delete $customservicegrp{$key};
    	}
    }
+	&General::writehasharray("$configsrv", %customservice);
    &General::writehasharray("$configsrvgrp", %customservicegrp);
    &General::firewall_config_changed();
    if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
@@ -1116,6 +1116,9 @@ if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
    		&General::writehasharray("$configsrvgrp", %customservicegrp);
    		$fwhostsettings{'updatesrvgrp'}='on';
    		$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'};
+	}elsif($fwhostsettings{'oldsrvrem'} eq $fwhostsettings{'newsrvrem'}){
+		&addservicegrp;
+		&viewtableservicegrp;
    }else{
    	$errormessage=$Lang::tr{'fwhost err remark'};
    	$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'};
@@ -1410,13 +1413,24 @@ END
    if($fwhostsettings{'updatesrvgrp'} eq 'on'){
    print<<END;
    <form method='post'><input type='hidden' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}'><input type='hidden' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'><table border='0' width='100%'>
-	<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+	<tr><td width='1%' nowrap='nowrap'>$Lang::tr{'add'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
 END
    &General::readhasharray("$configsrv", %customservice);
+	#Protocols for use in servicegroups
+	print "<optgroup label='$Lang::tr{'fwhost cust service'}'>";
    foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice)
    {
    	print "<option>$customservice{$key}[0]</option>";
    }
+	print "</optgroup>";
+	print "<optgroup label='$Lang::tr{'protocol'}'>";
+	print "<option>GRE</option>";
+	print "<option>AH</option>";
+	print "<option>ESP</option>";
+	print "<option>IGMP</option>";
+	print "<option>IPIP</option>";
+	print "<option value='IPV6'>IPv6 encap</option>";
+	print "</optgroup>";
    print<<END;
    </select></td></tr>
    <tr><td colspan='4'><br><br></td></tr>
@@ -1716,7 +1730,7 @@ sub viewtableservicegrp
    	&General::readhasharray("$configsrvgrp", %customservicegrp);
    	&General::readhasharray("$configsrv", %customservice);
    	my $number= keys %customservicegrp;
-		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
    		$count++;
    		if ($helper ne $customservicegrp{$key}[0]){
    			$delflag=0;
@@ -1754,6 +1768,16 @@ sub viewtableservicegrp
    		}else{
    			print"<tr bgcolor='$color{'color20'}'>";
    		}
+			#Set fields if we use protocols in servicegroups
+			if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne 'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
+				$port='-';
+			}
+			if ($customservicegrp{$key}[2] eq 'GRE'){$protocol='GRE';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} GRE";}
+			if ($customservicegrp{$key}[2] eq 'ESP'){$protocol='ESP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} ESP";}
+			if ($customservicegrp{$key}[2] eq 'AH'){$protocol='AH';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} AH";}
+			if ($customservicegrp{$key}[2] eq 'IGMP'){$protocol='IGMP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IGMP";}
+			if ($customservicegrp{$key}[2] eq 'IPIP'){$protocol='IPIP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPIP";}
+			if ($customservicegrp{$key}[2] eq 'IPV6'){$protocol='IPV6';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPv6 encapsulation";}
    		print "<td width='39%'>$customservicegrp{$key}[2]</td>";
    		foreach my $srv (sort keys %customservice){
    			if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){
@@ -1766,7 +1790,12 @@ sub viewtableservicegrp
    		if ($delflag gt '1'){
    			print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
    		}
-			print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+			print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'>";
+			if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
+				print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+			}else{
+				print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$protocol,$customservicegrp{$key}[3]'></form></td></tr>";
+			}
    		$helper=$customservicegrp{$key}[0];
    	}
    	print"</table>";
@@ -1823,8 +1852,6 @@ sub checksubnet
 sub checkservicegroup
 {
    &General::readhasharray("$configsrvgrp", %customservicegrp);
-	
-	
    #check name
    if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'}))
    {
@@ -1880,7 +1907,6 @@ sub get_name
    	return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
    }	
 }
-
 sub deletefromgrp
 {
    my $target=shift;
@@ -1888,11 +1914,8 @@ sub deletefromgrp
    my %hash=();
    &General::readhasharray("$config",%hash);
    foreach my $key (keys %hash) {
-		$errormessage.="lese $hash{$key}[2] und $target<br>";
    	if($hash{$key}[2] eq $target){
-			
    		delete $hash{$key};
-			$errormessage.="Habe $target aus Gruppe gelöscht!<br>";
    	}
    }
    &General::writehasharray("$config",%hash);
@@ -2096,8 +2119,8 @@ sub getipforgroup
    	}
    }
 }
-
-sub decrease {
+sub decrease
+{
    my $grp=$_[0];
    &General::readhasharray("$confignet", %customnetwork);
    &General::readhasharray("$confighost", %customhost);
hooks/post-receive
--
IPFire 2.x development tree

    