This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c (commit) from 146636ae7863022e2bdddccac9ef75b8c58d79e0 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c Author: Alexander Marx amarx@ipfire.org Date: Tue Jan 21 11:25:35 2014 +0100
Firewall: Bugfix - when using addressgroups with mac addresses in source, the mac rule was not correctly created.
Further MAC issues: in target area, the manual ip field was target ip/mac address - changed to IP-Address Also implemented a plausicheck, if an addressgroup with mac addresses is used in target area, theres a hint saying that the rule will not be applied for mac hosts
-----------------------------------------------------------------------
Summary of changes: config/firewall/rules.pl | 4 ++++ html/cgi-bin/firewall.cgi | 30 +++++++++++++----------------- langs/de/cgi-bin/de.pl | 3 ++- langs/en/cgi-bin/en.pl | 3 ++- 4 files changed, 21 insertions(+), 19 deletions(-)
Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index d0a9e20..f26ae5f 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -259,6 +259,8 @@ sub buildrules $PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' '); foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ + next if ($targethash{$b}[0] eq 'none'); + $STAG=''; if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";} @@ -341,6 +343,8 @@ sub buildrules } foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ + next if ($targethash{$b}[0] eq 'none'); + $STAG=''; if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";} diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index ee13033..86cba60 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -609,6 +609,19 @@ sub checktarget $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } + #check for mac in targetgroup + if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){ + &General::readhasharray("$configgrp", %customgrp); + &General::readhasharray("$confighost", %customhost); + foreach my $grpkey (sort keys %customgrp){ + foreach my $hostkey (sort keys %customhost){ + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){ + $hint=$Lang::tr{'fwdfw hint mac'}; + return $hint; + } + } + } + } #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";} #check tgt services @@ -1403,24 +1416,7 @@ sub hint print "<class name='base'>$hint\n"; print " </class>\n"; &Header::closebox(); - print"<hr>"; - } -} -sub inc_counter -{ - my $config=shift; - my %hash=%{(shift)}; - my $val=shift; - my $pos; - - &General::readhasharray($config, %hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash){ - if($hash{$key}[0] eq $val){ - $pos=$#{$hash{$key}}; - $hash{$key}[$pos] = $hash{$key}[$pos]+1; - } } - &General::writehasharray($config, %hash); } sub newrule { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c93234b..6fa813a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -959,6 +959,7 @@ 'fwdfw from' => 'Von:', 'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.', 'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ', +'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.', 'fwdfw iface' => 'Interface', 'fwdfw ipsec network' => 'IPsec-Netzwerke:', 'fwdfw log' => 'Log', @@ -988,7 +989,7 @@ 'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):', 'fwdfw std network' => 'Standard Netzwerke:', 'fwdfw target' => 'Ziel', -'fwdfw targetip' => 'Zieladresse (IP/MAC-Adresse oder Netzwerk):', +'fwdfw targetip' => 'Zieladresse (IP-Adresse oder Netzwerk):', 'fwdfw till' => 'Bis:', 'fwdfw time' => 'Zeitrahmen', 'fwdfw timeframe' => 'Zeitrahmen hinzufügen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 67b5dd5..173b8f0 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -985,6 +985,7 @@ 'fwdfw from' => 'From:', 'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.', 'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ', +'fwdfw hint mac' => 'The destination group contains MAC addresses, which will be skipped during rule creation.', 'fwdfw iface' => 'Interface', 'fwdfw ipsec network' => 'IPsec networks:', 'fwdfw log' => 'Log', @@ -1014,7 +1015,7 @@ 'fwdfw sourceip' => 'Source address (MAC/IP address or network):', 'fwdfw std network' => 'Standard networks:', 'fwdfw target' => 'Destination', -'fwdfw targetip' => 'Destination address (MAC/IP address or network):', +'fwdfw targetip' => 'Destination address (IP address or network):', 'fwdfw till' => 'Until:', 'fwdfw time' => 'Time Constraints', 'fwdfw timeframe' => 'Use time constraints',
hooks/post-receive -- IPFire 2.x development tree