* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 5b0bc4ca3d5609bed04a34284b5f746616f768f1
@ 2013-10-12 19:01 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-10-12 19:01 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 47607 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 5b0bc4ca3d5609bed04a34284b5f746616f768f1 (commit)
via 3af3ecd319bdcf8db27e9ca14af72383b4754567 (commit)
via 433b7aa8e95f4b075fd259257c61c96a29e03830 (commit)
via 64e822fb45db06af7a7e7ddc94961840d5bd1158 (commit)
via 90f8339a42506ca95dacb820914881bc922f19db (commit)
via 6e62882de69ad42efcb4c3c2097abb5d5c54666c (commit)
via 58bda09b683311db948fb5be06b1521386286f03 (commit)
via 95c86656e70af668d25f0a33afb3913ee5e2ded0 (commit)
via e6e9a8117677eca8319982ce56aa72e93c9b407e (commit)
via 73c39dd4bda322d7d9240651c6db003bff477670 (commit)
via 9f6da934a3b635f5c9f96ab737977dad2582e498 (commit)
via b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd (commit)
via 03dd9a2949d953e15bdaceab07af5649bfb21bd5 (commit)
via a4c7bf6b73e5a2faae948188591d50cedbf18de3 (commit)
via 40d505ea08931038fba56ee3a8da5053ad7ed389 (commit)
via bcd9852e2ee73b741f5996ecc05ba3758d330fb8 (commit)
via 753bb74ce55d5107d3e8001ed5c15f462261aab3 (commit)
via 2ad3c084eef6d82a8690e5d488d84c61e892ef4e (commit)
via 285de10662731bb67e946e7e112bb4cf892173bf (commit)
via 4c27368a7bc135dc4443711c4eeabec0885ce1ff (commit)
via 3bb77d08a689ef0b4ebaa88f48a684fe85ec580d (commit)
via 16ba0c00d0d7b223682ab161c23af71315f6826a (commit)
via fadcfb73203c97e7062828eb77360b4382555943 (commit)
via a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d (commit)
via 71670b91cccc3500d03605673f3966d669c93d70 (commit)
via 2aeb4b256eb99c8971da60a5dff6bd3929270798 (commit)
from 2dcea58cc2faf39bd170cef7366f05e940c62751 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b0bc4ca3d5609bed04a34284b5f746616f768f1
Merge: 2dcea58 3af3ecd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Oct 12 21:01:13 2013 +0200
Merge commit '3af3ecd319bdcf8db27e9ca14af72383b4754567' into fifteen
commit 3af3ecd319bdcf8db27e9ca14af72383b4754567
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 9 10:31:35 2013 +0200
Firewall: fix rules.pl when using custom hosts/networks and services no rule was applied because no protokoll could be found
Also extended JS code to correctly show ICMP Types only, if NO Targetport is selcted
commit 433b7aa8e95f4b075fd259257c61c96a29e03830
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 9 08:23:57 2013 +0200
Firewall: fixed typo in en.pl "Add new hetwork"-> "Add new network"
commit 64e822fb45db06af7a7e7ddc94961840d5bd1158
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 8 10:24:56 2013 +0200
Firewall: Bugfix: when deleting services from a servicegroup,it was possible to delete the last service even if the group was used in a rule.
commit 90f8339a42506ca95dacb820914881bc922f19db
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 8 10:08:09 2013 +0200
Firewall: Bugfix: WHen using servicegroup with only ICMP services, the ruletable was broken. Also fixed another useless if clause in rules.pl
commit 6e62882de69ad42efcb4c3c2097abb5d5c54666c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Oct 7 14:54:57 2013 +0200
Firewall: fix senseless if clause in rulecreation
commit 58bda09b683311db948fb5be06b1521386286f03
Merge: 95c8665 e6e9a81
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Oct 7 07:25:42 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 95c86656e70af668d25f0a33afb3913ee5e2ded0
Merge: 9f6da93 1a3dbe9
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Oct 7 07:25:19 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit e6e9a8117677eca8319982ce56aa72e93c9b407e
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Sat Oct 5 13:50:35 2013 +0200
Firewall: added some more plausichecks and additional errormessages
commit 73c39dd4bda322d7d9240651c6db003bff477670
Merge: 03dd9a2 5c86caa
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Sat Oct 5 13:31:22 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 9f6da934a3b635f5c9f96ab737977dad2582e498
Merge: b4f9428 03dd9a2
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Oct 4 08:09:18 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd
Merge: bcd9852 71ed067
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Oct 4 07:17:15 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 03dd9a2949d953e15bdaceab07af5649bfb21bd5
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Thu Oct 3 12:01:19 2013 +0200
Firewall: fixed JS code for toggeling div areas
commit a4c7bf6b73e5a2faae948188591d50cedbf18de3
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 2 21:28:50 2013 +0200
Firewall: Reorganized layout of rulecreationpage
Protocol is now an extra area containing protocol, ICMP-Type and
source/target ports
commit 40d505ea08931038fba56ee3a8da5053ad7ed389
Merge: 753bb74 5b6acb8
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 2 21:15:22 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit bcd9852e2ee73b741f5996ecc05ba3758d330fb8
Merge: 285de10 ec36876
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 2 07:22:10 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 753bb74ce55d5107d3e8001ed5c15f462261aab3
Merge: 2ad3c08 ec36876
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 1 20:30:30 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 2ad3c084eef6d82a8690e5d488d84c61e892ef4e
Merge: 3bb77d0 285de10
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 1 20:30:06 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 285de10662731bb67e946e7e112bb4cf892173bf
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 1 07:45:58 2013 +0200
Firewall: fixed rules.pl (no INPUT rules where created when using port and prot "all")
This is a bug which was raised due to the last commit
commit 4c27368a7bc135dc4443711c4eeabec0885ce1ff
Merge: fadcfb7 42e4fa8
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 1 07:44:29 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 3bb77d08a689ef0b4ebaa88f48a684fe85ec580d
Merge: 16ba0c0 fadcfb7
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Sep 30 20:04:38 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 16ba0c00d0d7b223682ab161c23af71315f6826a
Merge: 71670b9 83dfa1d
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Sep 30 20:04:05 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit fadcfb73203c97e7062828eb77360b4382555943
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Sep 30 15:43:51 2013 +0200
Firewall: moved nat part between source and target and moved protocol dropdown behind target area
commit a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d
Merge: 2aeb4b2 83dfa1d
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Sep 30 11:06:42 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit 71670b91cccc3500d03605673f3966d669c93d70
Merge: 439d2a5 2aeb4b2
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Sep 27 15:18:05 2013 +0200
Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/amarx/ipfire-2.x into firewall-fifteen
commit 2aeb4b256eb99c8971da60a5dff6bd3929270798
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Sep 27 10:16:52 2013 +0200
Firewall: Bugfix: wrong counter when using selfdefinded services in a rule that could not be applied
Bugfix: When using ICMP-ALL in a rule, the rule was not applied
Bugfix: When using selfdefined services (icmp) and group them together. Then when using these services/groups in a rule and afterwards changing the service, the edited service was not applied
-----------------------------------------------------------------------
Summary of changes:
config/forwardfw/rules.pl | 67 ++++----
html/cgi-bin/forwardfw.cgi | 404 ++++++++++++++++++++++++++-------------------
html/cgi-bin/fwhosts.cgi | 2 +-
langs/de/cgi-bin/de.pl | 2 +
langs/en/cgi-bin/en.pl | 4 +-
5 files changed, 273 insertions(+), 206 deletions(-)
Difference in files:
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index 3f491f7..fcaade2 100755
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -213,14 +213,13 @@ sub buildrules
}
##get source prot and port
$SRC_TGT='SRC';
- $SPROT = &get_prot($hash,$key);
$SPORT = &get_port($hash,$key);
$SRC_TGT='';
##get target prot and port
$DPROT=&get_prot($hash,$key);
- if ($DPROT eq ''){$DPROT=' ';}
+ if ($DPROT eq ''){$DPROT=' ';}
@DPROT=split(",",$DPROT);
#get time if defined
@@ -252,12 +251,12 @@ sub buildrules
#print rules to console
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
- if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT=$DPROT;
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
- if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
@@ -311,12 +310,12 @@ sub buildrules
}elsif($MODE eq '0'){
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
- if ($SPROT ne ''){$PROT=$SPROT;}else{$PROT=$DPROT;}
+ $PROT=$DPROT;
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
- if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+ if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
#Process ICMP RULE
if(substr($DPORT, 2, 4) eq 'icmp'){
@@ -528,33 +527,29 @@ sub get_prot
{
my $hash=shift;
my $key=shift;
- if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
- if ($$hash{$key}[10] ne ''){
- return"$$hash{$key}[8]";
- }elsif($$hash{$key}[9] ne ''){
- return"$$hash{$key}[8]";
- }else{
- return "$$hash{$key}[8]";
- }
- }elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
- if ($$hash{$key}[14] eq 'TGT_PORT'){
- if ($$hash{$key}[15] ne ''){
- return "$$hash{$key}[12]";
- }elsif($$hash{$key}[13] ne ''){
- return "$$hash{$key}[12]";
- }else{
- return "$$hash{$key}[12]";
- }
- }elsif($$hash{$key}[14] eq 'cust_srv'){
+ #check AH,GRE,ESP or ICMP
+ if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON'){
+ return "$$hash{$key}[8]";
+ }
+ if ($$hash{$key}[7] eq 'ON' || $$hash{$key}[11] eq 'ON'){
+ #check if servicegroup or service
+ if($$hash{$key}[14] eq 'cust_srv'){
return &fwlib::get_srv_prot($$hash{$key}[15]);
-
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+ }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && $$hash{$key}[8] eq ''){ #when ports are used and prot set to "all"
+ return "TCP,UDP";
+ }elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && ($$hash{$key}[8] eq 'TCP' || $$hash{$key}[8] eq 'UDP')){ #when ports are used and prot set to "tcp" or "udp"
+ return "$$hash{$key}[8]";
+ }elsif (($$hash{$key}[10] eq '' && $$hash{$key}[15] eq '') && $$hash{$key}[8] ne 'ICMP'){ #when ports are NOT used and prot NOT set to "ICMP"
+ return "$$hash{$key}[8]";
+ }else{
+ return "$$hash{$key}[8]";
}
}
#DNAT
if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' && $$hash{$key}[12] ne ''){
- return "$$hash{$key}[12]";
+ return "$$hash{$key}[8]";
}
}
sub get_port
@@ -574,10 +569,6 @@ sub get_port
return ":$$hash{$key}[10]";
}
}
- }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
- return "--icmp-type $$hash{$key}[9] ";
- }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
- return;
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
if($$hash{$key}[14] eq 'TGT_PORT'){
@@ -593,10 +584,6 @@ sub get_port
return ":$$hash{$key}[15]";
}
}
- }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
- return "--icmp-type $$hash{$key}[13] ";
- }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
- return;
}
}elsif($$hash{$key}[14] eq 'cust_srv'){
if ($prot ne 'ICMP'){
@@ -605,10 +592,8 @@ sub get_port
}else{
return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
}
- }elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
+ }elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){ #When PROT is ICMP and "use targetport is checked, this is an icmp-service
return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
- }elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
- return;
}
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
if ($prot ne 'ICMP'){
@@ -619,4 +604,12 @@ sub get_port
}
}
}
+ #CHECK ICMP
+ if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON' && $SRC_TGT eq ''){
+ if($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
+ return "--icmp-type $$hash{$key}[9] ";
+ }elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+ return;
+ }
+ }
}
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index 405a97d..f8f14ad 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -115,6 +115,45 @@ print<<END;
function checkradio(a){
\$(a).attr('checked', true);
}
+function toggle_elements( id ) {
+ if(document.getElementById(id).style.display== "none")
+ {
+ document.getElementById(id).style.display='block';
+ }
+ else{
+ document.getElementById(id).style.display='none';
+ }
+ if(document.getElementById('targetport').style.display== "none" && document.getElementById('PROT').value === 'ICMP' )
+ {
+ document.getElementById('PROTOKOLL').style.display='block';
+ }
+ if(document.getElementById('targetport').style.display== "block" && document.getElementById('PROT').value === 'ICMP' )
+ {
+ document.getElementById('PROTOKOLL').style.display='none';
+ }
+ return true;
+}
+function hide_elements()
+{
+ var elementNames = hide_elements.arguments;
+ for (var i=0; i<elementNames.length; i++)
+ {
+ var elementName = elementNames[i];
+ document.getElementById(elementName).style.display='none';
+ }
+}
+function getdropdown()
+{
+ d = document.getElementById("PROT").value;
+ if ( d == 'ICMP' )
+ {
+ document.getElementById('PROTOKOLL').style.display='block';
+ }
+ else
+ {
+ document.getElementById('PROTOKOLL').style.display='none';
+ }
+}
</script>
END
@@ -128,7 +167,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
-
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
@@ -466,32 +504,6 @@ sub checksource
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err nosrc'}."<br>";}
- #check icmp source
- if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
- $fwdfwsettings{'SRC_PORT'}='';
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- foreach my $key (keys %icmptypes){
- if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
- $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
- }
- }
- }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'GRE'){
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ESP'){
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'AH'){
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'ICMP_TYPES'}='';
- }elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP'){
- $fwdfwsettings{'ICMP_TYPES'}='';
- }else{
- $fwdfwsettings{'ICMP_TYPES'}='';
- $fwdfwsettings{'SRC_PORT'}='';
- $fwdfwsettings{'PROT'}='';
- }
-
if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
my @values=();
@@ -552,11 +564,11 @@ sub checktarget
}
#check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
+ if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
return $errormessage;
}
- if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
+ if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
return $errormessage;
}
@@ -601,17 +613,19 @@ sub checktarget
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
}
if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
#check target service
if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
$errormessage.=$Lang::tr{'fwdfw err tgt_grp'};
}
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
+ if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') {
$errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
@@ -645,34 +659,26 @@ sub checktarget
if (&General::validport($_)){
push (@values,$_);
}else{
-
}
}
}
$fwdfwsettings{'TGT_PORT'}=join("|",@values);
}
- }elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+ }elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
$fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
$fwdfwsettings{'TGT_PORT'} = '';
$fwdfwsettings{'ICMP_TGT'} = '';
- }elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){
+ }elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
$fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
$fwdfwsettings{'TGT_PORT'} = '';
$fwdfwsettings{'ICMP_TGT'}='';
- }elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){
+ }elsif ($fwdfwsettings{'PROT'} eq 'AH'){
$fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
$fwdfwsettings{'TGT_PORT'} = '';
$fwdfwsettings{'ICMP_TGT'}='';
- }elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+ }elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
$fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
$fwdfwsettings{'TGT_PORT'} = '';
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- foreach my $key (keys %icmptypes){
-
- if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP_TGT'}){
- $fwdfwsettings{'ICMP_TGT'}=$icmptypes{$key}[0];
- }
- }
}
}
}
@@ -807,26 +813,68 @@ sub checkrule
}
}
}
- #check source and destination protocol if manual
- if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
- if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
- $errormessage.=$Lang::tr{'fwdfw err prot'};
- }
- #check source and destination protocol if source manual and dest servicegrp
- if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
- foreach my $key (sort keys %customservice){
- if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
- if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
- $errormessage.=$Lang::tr{'fwdfw err prot'};
- last;
- }
+ #When using source- or targetport, the protocol has to be TCP or UDP
+ if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){
+ $errormessage.=$Lang::tr{'fwdfw err prot_port1'};
+ return;
+ }
+ #when icmp selected, no targetport allowed
+ if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
+ $errormessage.=$Lang::tr{'fwdfw err prot_port'};
+ return;
+ }
+ #change protocol if prot not equal dest single service
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+ foreach my $key (sort keys %customservice){
+ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+ $fwdfwsettings{'PROT'} = $customservice{$key}[2];
+ last;
}
}
}
}
- if( $fwdfwsettings{'USE_SRC_PORT'} ne 'ON' && $fwdfwsettings{'USESRV'} ne 'ON'){
- $fwdfwsettings{'PROT'}='';
- $fwdfwsettings{'TGT_PROT'}='';
+ #check source and destination protocol if source manual and dest servicegroup
+ if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'PROT'} = '';
+ }
+ #ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
+ $fwdfwsettings{'TGT_PROT'}=''; #Set field empty (deprecated)
+ #Check ICMP Types
+ if ($fwdfwsettings{'PROT'} eq 'ICMP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ #$fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $key (keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}[1])"){
+ $fwdfwsettings{'ICMP_TYPES'}="$icmptypes{$key}[0]";
+ }
+ }
+ }elsif($fwdfwsettings{'PROT'} eq 'GRE'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'ESP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'AH'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'PROT'} = '';
+ }elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
+ $fwdfwsettings{'ICMP_TYPES'}='';
}
}
sub checkcounter
@@ -1158,7 +1206,7 @@ sub getsrcport
{
my %hash=%{(shift)};
my $key=shift;
- if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){
+ if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
$hash{$key}[10]=~ s/\|/,/g;
print": $hash{$key}[10]";
}elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
@@ -1188,8 +1236,6 @@ sub gettgtport
if($service){
print": $service";
}
- }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
- print":<br>$hash{$key}[13]";
}
}
sub get_serviceports
@@ -1226,7 +1272,7 @@ sub get_serviceports
}
}
if($tcp && $udp && $icmp){
- push (@protocols,"All");
+ push (@protocols,"TCP,UDP, <br>ICMP");
return @protocols;
}
if($tcp){
@@ -1541,7 +1587,6 @@ END
print "<option value='ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::tr{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
print "<option value='BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'blue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
print "<option value='RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'red1'} ($redip)" if ($redip);
-
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
@@ -1552,41 +1597,51 @@ END
</select></td></tr>
<tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
END
- &gen_dd_block('src','grp1');
+ &gen_dd_block('src','grp1');
+ print"<hr>";
+ &Header::closebox();
+ #---SNAT / DNAT ------------------------------------------------
+ &Header::openbox('100%', 'left', 'NAT');
print<<END;
- <table><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
<table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td>
- <td width='15%' nowrap='nowrap'>$Lang::tr{'fwdfw man port'}</td><td><select name='PROT'>
+ <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'} onclick="toggle_elements('natpart')" ></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr></table>
+ <div id="natpart" class="noscript">
+ <table width=100%' border='0'><tr>
+ <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
END
- foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+ print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
+ print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
+ print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
+ foreach my $alias (sort keys %aliases)
{
- if ($_ eq $fwdfwsettings{'PROT'})
+ print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
+ }
+ print"</select></td></tr>";
+ $fwdfwsettings{'dnatport'}=~ tr/|/,/;
+ print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=\"$fwdfwsettings{'dnatport'}\"> </td></tr>";
+ print"<tr><td colspan='8'><br></td></tr>";
+ #SNAT
+ print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
+ print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
+ foreach my $alias (sort keys %aliases)
{
- print"<option selected>$_</option>";
- }else{
- print"<option>$_</option>";
+ print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>";
}
+ foreach my $network (sort keys %defaultNetworks)
+ {
+ next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+ next if($defaultNetworks{$network}{'NAME'} eq "ALL");
+ next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
+ print "<option value='$defaultNetworks{$network}{'NAME'}'";
+ print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
+ print ">$network</option>";
}
- $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
- print<<END;
- </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
- <tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='width:230px;'>
-END
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
- foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %icmptypes){
- if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
- print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }else{
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }
+ print"</select></td></tr></table>";
+ print"</div><br><hr>";
+ if ($fwdfwsettings{'USE_NAT'} ne 'ON'){
+ print"<script language='JavaScript'>hide_elements('natpart');</script>";
}
- print<<END;
- </select></td></tr></table><br><hr>
-END
&Header::closebox();
-
#---TARGET------------------------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
print<<END;
@@ -1610,10 +1665,71 @@ END
<tr><td colspan='7'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></tr></table>
END
&gen_dd_block('tgt','grp2');
+ print"<hr>";
+ &Header::closebox;
+ #---PROTOCOL------------------------------------------------------
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
+ print<<END;
+ <table width='15%' border='0' style="float:left;">
+ <tr><td><select name='PROT' id='PROT' onchange="getdropdown()">
+END
+ if ($fwdfwsettings{'PROT'} eq ''){
+ print"<option value='' selected>$Lang::tr{'all'}</option>";
+ }else{
+ print"<option value=''>$Lang::tr{'all'}</option>";
+ }
+ foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+ {
+ if ($_ eq $fwdfwsettings{'PROT'})
+ {
+ print"<option selected>$_</option>";
+ }else{
+ print"<option>$_</option>";
+ }
+ }
+ print"</select></td></tr></table>";
+ print<<END;
+ <div id="PROTOKOLL" class="noscript"><table width='30%' border='0' style="float:left;"><tr><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='min-width:230px;'>
+END
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ print"<option>All ICMP-Types</option>";
+ foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
+ if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+ print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }else{
+ print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+ }
+ }
+ print<<END;
+ </select></td></tr>
+ </table></div><br><br><br>
+END
+ if ($fwdfwsettings{'PROT'} ne 'ICMP'){
+ print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>";
+ }
+ #SOURCEPORT
+ print<<END;
+ <table width='100%'><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></table>
+ <table width='100%' border='0'>
+ <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'} onclick="toggle_elements('srcport')"></td>
+ <td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td></tr></table>
+ <div id="srcport" class="noscript"><table width='100%' border='0'><tr>
+ <td width='70%' nowrap='nowrap' align='right'>$Lang::tr{'fwdfw man port'}</td>
+END
+ $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
+ print<<END;
+ <td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
+ </table></div><br>
+END
+ if ($fwdfwsettings{'USE_SRC_PORT'} ne 'ON'){
+ print"<script language='JavaScript'>hide_elements('srcport');</script>";
+ }
+ #TARGETPORT
print<<END;
<hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '><br>
<table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} ></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' >
+ <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} onclick="toggle_elements('targetport')"></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td></tr></table>
+ <div id="targetport" class="noscript"><table width='100%' border='0'><tr><td width='80%'></td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' >
END
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
@@ -1623,7 +1739,7 @@ END
}
print<<END;
</select></td></tr>
- <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' >
+ <tr><td></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' >
END
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
@@ -1637,74 +1753,20 @@ END
}
print<<END;
</select></td></tr>
- <tr><td colspan='2'></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td><td><select name='TGT_PROT' onchange='checkradio(\"#TGT_PORT\")'>
+ <tr><td></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td>
END
- foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
- {
- if ($_ eq $fwdfwsettings{'TGT_PROT'})
- {
- print"<option selected>$_</option>";
- }else{
- print"<option>$_</option>";
- }
- }
$fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
print<<END;
- </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio(\"#TGT_PORT\")'></td></tr>
- <tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT' style='min-width:230px;'>
-END
- &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
- foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
- if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
- print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }else{
- print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
- }
- }
- print<<END;
- </select></td></tr>
- </table><br><hr>
-
-END
- &Header::closebox;
- #---SNAT / DNAT ------------------------------------------------
- &Header::openbox('100%', 'left', 'NAT');
- print<<END;
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr>
- <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
+ <td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio(\"#TGT_PORT\")'></td></tr>
+ </table></div><br><hr>
END
- print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
- print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
- print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
+ if ($fwdfwsettings{'USESRV'} ne 'ON'){
+ print"<script language='JavaScript'>hide_elements('targetport');</script>";
}
- print"</select></td></tr>";
- $fwdfwsettings{'dnatport'}=~ tr/|/,/;
- print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=\"$fwdfwsettings{'dnatport'}\"> </td></tr>";
- print"<tr><td colspan='8'><br></td></tr>";
- #SNAT
- print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
- print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
- foreach my $alias (sort keys %aliases)
- {
- print "<option value='$alias' $selected{'snat'}{$alias}>$alias</option>";
- }
- foreach my $network (sort keys %defaultNetworks)
- {
- next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- next if($defaultNetworks{$network}{'NAME'} eq "ALL");
- next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
- print "<option value='$defaultNetworks{$network}{'NAME'}'";
- print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
- print ">$network</option>";
+ if ($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
+ print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>";
}
- print"</select></td></tr></table>";
- print"<hr>";
- &Header::closebox();
+ &Header::closebox;
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
print<<END;
@@ -1715,7 +1777,7 @@ END
{
if($fwdfwsettings{'updatefwrule'} eq 'on'){
print"<option value='$_'";
- print "selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
+ print " selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
print">$Lang::tr{'fwdfw '.$_}</option>";
}else{
if($fwdfwsettings{'POLICY'} eq 'MODE2'){
@@ -1757,20 +1819,20 @@ END
<tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='9'>$Lang::tr{'fwdfw timeframe'}</td></tr>
<tr><td colspan='10'> </td></tr>
<tr>
- <td align='left'>$Lang::tr{'time'}:</td>
- <td width='30%' align='left'>$Lang::tr{'advproxy monday'} $Lang::tr{'advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursday'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'advproxy sunday'}</td>
+ <td align='left' >$Lang::tr{'time'}: </td>
+ <td>$Lang::tr{'advproxy monday'}</td><td> $Lang::tr{'advproxy tuesday'} </td><td>$Lang::tr{'advproxy wednesday'}</td><td> $Lang::tr{'advproxy thursday'}</td><td> $Lang::tr{'advproxy friday'}</td><td> $Lang::tr{'advproxy saturday'}</td><td> $Lang::tr{'advproxy sunday'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
<td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
</tr>
<tr>
<td align='right'></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} /></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} /></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} /></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} /></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} /></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} /></td>
- <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} /></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td>
+ <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td>
+ <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td>
<td><select name='TIME_FROM'>
END
for (my $i=0;$i<=23;$i++) {
@@ -2193,10 +2255,8 @@ END
print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
#Get Protocol
my $prot;
- if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+ if ($$hash{$key}[8]){
push (@protocols,$$hash{$key}[8]);
- }elsif ($$hash{$key}[12]){ #target prot if manual
- push (@protocols,$$hash{$key}[12]);
}elsif($$hash{$key}[14] eq 'cust_srv'){
&get_serviceports("service",$$hash{$key}[15]);
}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
@@ -2205,7 +2265,17 @@ END
push (@protocols,$Lang::tr{'all'});
}
my $protz=join(",",@protocols);
- print"<td align='center'>$protz</td>";
+ if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
+ &General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
+ foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
+ if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
+ print "<td align='center'><span title='$icmptypes{$keyicmp}[0]'><b>$protz ($icmptypes{$keyicmp}[1])</b></span></td>";
+ last;
+ }
+ }
+ }else{
+ print"<td align='center'>$protz</td>";
+ }
@protocols=();
#SOURCE
my $ipfireiface;
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 2d4c69f..90a5594 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1740,7 +1740,7 @@ sub viewtableservicegrp
}
}
print"<td align='center'>$port</td><td align='center'>$protocol</td><td width='1%'><form method='post'>";
- if ($number gt '1'){
+ if ($delflag gt '1'){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
}
print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 92b8fd0..68dd61a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -933,6 +933,8 @@
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
+'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt',
+'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.',
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
'fwdfw err same' => 'Quelle und Ziel sind identisch',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 085ee22..b625a6c 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -958,6 +958,8 @@
'fwdfw err notgt' => 'No destination selected.',
'fwdfw err notgtip' => 'Please provide a destination IP address.',
'fwdfw err prot' => 'Source and destination protocol need to match.',
+'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol',
+'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol',
'fwdfw err remark' => 'Invalid characters in remark.',
'fwdfw err ruleexists' => 'This rule already exists.',
'fwdfw err same' => 'Source and destination are identical.',
@@ -1022,7 +1024,7 @@
'fwhost addgrp' => 'Add new network/host group:',
'fwhost addgrpname' => 'Group name:',
'fwhost addhost' => 'Add new host:',
-'fwhost addnet' => 'Add new hetwork:',
+'fwhost addnet' => 'Add new network:',
'fwhost addrule' => 'Add/edit rule:',
'fwhost addservice' => 'Add service:',
'fwhost addservicegrp' => 'Add new service group:',
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-10-12 19:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-12 19:01 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 5b0bc4ca3d5609bed04a34284b5f746616f768f1 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox