[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 48fde0b6f999e12d916127d413357720ac5bd670 (commit) via 99f11a16f62ee8424c3a2b6ae72539678818a33a (commit) via fcc68a4277e7befa744663eac71b17270a983bbd (commit) from b1f11b0402dc6ea12078c44acb64af1a665aaafe (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 48fde0b6f999e12d916127d413357720ac5bd670 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 9 14:19:16 2014 +0200
aliases.cgi: Mark name field as mandatory.
commit 99f11a16f62ee8424c3a2b6ae72539678818a33a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 9 14:16:32 2014 +0200
firewall: Apply destination NAT rules for the firewall itself, too.
commit fcc68a4277e7befa744663eac71b17270a983bbd Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 9 14:06:32 2014 +0200
firewall: Fix rule generation for protocols without ports.
-----------------------------------------------------------------------
Summary of changes: config/firewall/rules.pl | 56 +++++++++++++++++++++-------------------- html/cgi-bin/aliases.cgi | 3 +-- src/initscripts/init.d/firewall | 1 + 3 files changed, 31 insertions(+), 29 deletions(-)
Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index dae2d52..92f1c0a 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -535,43 +535,45 @@ sub get_protocol_options { push(@options, ("-p", $protocol)); }
- # Process source ports. - my $use_src_ports = ($$hash{$key}[7] eq "ON"); - my $src_ports = $$hash{$key}[10]; + if ($protocol ~~ @PROTOCOLS_WITH_PORTS) { + # Process source ports. + my $use_src_ports = ($$hash{$key}[7] eq "ON"); + my $src_ports = $$hash{$key}[10];
- if ($use_src_ports && $src_ports) { - push(@options, &format_ports($src_ports, "src")); - } + if ($use_src_ports && $src_ports) { + push(@options, &format_ports($src_ports, "src")); + }
- # Process destination ports. - my $use_dst_ports = ($$hash{$key}[11] eq "ON"); - my $use_dnat = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat")); + # Process destination ports. + my $use_dst_ports = ($$hash{$key}[11] eq "ON"); + my $use_dnat = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
- if ($use_dst_ports) { - my $dst_ports_mode = $$hash{$key}[14]; - my $dst_ports = $$hash{$key}[15]; + if ($use_dst_ports) { + my $dst_ports_mode = $$hash{$key}[14]; + my $dst_ports = $$hash{$key}[15];
- if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) { - if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) { - $dst_ports = $$hash{$key}[30]; - } - push(@options, &format_ports($dst_ports, "dst")); - - } elsif ($dst_ports_mode eq "cust_srv") { - if ($protocol eq "ICMP") { - push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP"))); - } else { - $dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol)); + if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) { + if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) { + $dst_ports = $$hash{$key}[30]; + } push(@options, &format_ports($dst_ports, "dst")); - }
- } elsif ($dst_ports_mode eq "cust_srvgrp") { - push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol))); + } elsif ($dst_ports_mode eq "cust_srv") { + if ($protocol eq "ICMP") { + push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP"))); + } else { + $dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol)); + push(@options, &format_ports($dst_ports, "dst")); + } + + } elsif ($dst_ports_mode eq "cust_srvgrp") { + push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol))); + } } }
# Check if a single ICMP type is selected. - if (!$use_src_ports && !$use_dst_ports && $protocol eq "icmp") { + if ($protocol eq "icmp") { my $icmp_type = $$hash{$key}[9];
if (($icmp_type ne "All ICMP-Types") && $icmp_type) { diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi index 922d76d..7c3ba91 100644 --- a/html/cgi-bin/aliases.cgi +++ b/html/cgi-bin/aliases.cgi @@ -323,7 +323,7 @@ print <<END <input type='hidden' name='OLDIP' value='$settings{'IP'}' /> <table style='width:100%;'> <tr> -<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}: <img src='/blob.gif' alt='*' /></td> +<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td> <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td> <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}: </td> <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td> @@ -335,7 +335,6 @@ print <<END <hr /> <table style='width:100%;'> <tr> - <td><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td> <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td> </tr> </table> diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 246be37..31aa2c9 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -196,6 +196,7 @@ iptables_init() { # DNAT rules iptables -t nat -N NAT_DESTINATION iptables -t nat -A PREROUTING -j NAT_DESTINATION + iptables -t nat -A OUTPUT -j NAT_DESTINATION
iptables -t mangle -N NAT_DESTINATION iptables -t mangle -A PREROUTING -j NAT_DESTINATION
hooks/post-receive -- IPFire 2.x development tree
-
git@ipfire.org