From mboxrd@z Thu Jan  1 00:00:00 1970
From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen,
 updated. 5b0bc4ca3d5609bed04a34284b5f746616f768f1
Date: Sat, 12 Oct 2013 21:01:23 +0200
Message-ID: <20131012190123.A8FC1208D8@argus.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3717807491977322408=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============3717807491977322408==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  5b0bc4ca3d5609bed04a34284b5f746616f768f1 (commit)
       via  3af3ecd319bdcf8db27e9ca14af72383b4754567 (commit)
       via  433b7aa8e95f4b075fd259257c61c96a29e03830 (commit)
       via  64e822fb45db06af7a7e7ddc94961840d5bd1158 (commit)
       via  90f8339a42506ca95dacb820914881bc922f19db (commit)
       via  6e62882de69ad42efcb4c3c2097abb5d5c54666c (commit)
       via  58bda09b683311db948fb5be06b1521386286f03 (commit)
       via  95c86656e70af668d25f0a33afb3913ee5e2ded0 (commit)
       via  e6e9a8117677eca8319982ce56aa72e93c9b407e (commit)
       via  73c39dd4bda322d7d9240651c6db003bff477670 (commit)
       via  9f6da934a3b635f5c9f96ab737977dad2582e498 (commit)
       via  b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd (commit)
       via  03dd9a2949d953e15bdaceab07af5649bfb21bd5 (commit)
       via  a4c7bf6b73e5a2faae948188591d50cedbf18de3 (commit)
       via  40d505ea08931038fba56ee3a8da5053ad7ed389 (commit)
       via  bcd9852e2ee73b741f5996ecc05ba3758d330fb8 (commit)
       via  753bb74ce55d5107d3e8001ed5c15f462261aab3 (commit)
       via  2ad3c084eef6d82a8690e5d488d84c61e892ef4e (commit)
       via  285de10662731bb67e946e7e112bb4cf892173bf (commit)
       via  4c27368a7bc135dc4443711c4eeabec0885ce1ff (commit)
       via  3bb77d08a689ef0b4ebaa88f48a684fe85ec580d (commit)
       via  16ba0c00d0d7b223682ab161c23af71315f6826a (commit)
       via  fadcfb73203c97e7062828eb77360b4382555943 (commit)
       via  a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d (commit)
       via  71670b91cccc3500d03605673f3966d669c93d70 (commit)
       via  2aeb4b256eb99c8971da60a5dff6bd3929270798 (commit)
      from  2dcea58cc2faf39bd170cef7366f05e940c62751 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b0bc4ca3d5609bed04a34284b5f746616f768f1
Merge: 2dcea58 3af3ecd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Oct 12 21:01:13 2013 +0200

    Merge commit '3af3ecd319bdcf8db27e9ca14af72383b4754567' into fifteen

commit 3af3ecd319bdcf8db27e9ca14af72383b4754567
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Wed Oct 9 10:31:35 2013 +0200

    Firewall: fix rules.pl when using custom hosts/networks and services no r=
ule was applied because no protokoll could be found
    Also extended JS code to correctly show ICMP Types only, if NO Targetport=
 is selcted

commit 433b7aa8e95f4b075fd259257c61c96a29e03830
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Wed Oct 9 08:23:57 2013 +0200

    Firewall: fixed typo in en.pl "Add new hetwork"-> "Add new network"

commit 64e822fb45db06af7a7e7ddc94961840d5bd1158
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 8 10:24:56 2013 +0200

    Firewall: Bugfix: when deleting services from a servicegroup,it was possi=
ble to delete the last service even if the group was used in a rule.

commit 90f8339a42506ca95dacb820914881bc922f19db
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 8 10:08:09 2013 +0200

    Firewall: Bugfix: WHen using servicegroup with only ICMP services, the ru=
letable was broken. Also fixed another useless if clause in rules.pl

commit 6e62882de69ad42efcb4c3c2097abb5d5c54666c
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Oct 7 14:54:57 2013 +0200

    Firewall: fix senseless if clause in rulecreation

commit 58bda09b683311db948fb5be06b1521386286f03
Merge: 95c8665 e6e9a81
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Oct 7 07:25:42 2013 +0200

    Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/am=
arx/ipfire-2.x into firewall-fifteen

commit 95c86656e70af668d25f0a33afb3913ee5e2ded0
Merge: 9f6da93 1a3dbe9
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Oct 7 07:25:19 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit e6e9a8117677eca8319982ce56aa72e93c9b407e
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Oct 5 13:50:35 2013 +0200

    Firewall: added some more plausichecks and additional errormessages

commit 73c39dd4bda322d7d9240651c6db003bff477670
Merge: 03dd9a2 5c86caa
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Oct 5 13:31:22 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 9f6da934a3b635f5c9f96ab737977dad2582e498
Merge: b4f9428 03dd9a2
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Fri Oct 4 08:09:18 2013 +0200

    Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/am=
arx/ipfire-2.x into firewall-fifteen

commit b4f94285ff8ef9b347ee6f3e6fdb53e998ef63dd
Merge: bcd9852 71ed067
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Fri Oct 4 07:17:15 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 03dd9a2949d953e15bdaceab07af5649bfb21bd5
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Thu Oct 3 12:01:19 2013 +0200

    Firewall: fixed JS code for toggeling div areas

commit a4c7bf6b73e5a2faae948188591d50cedbf18de3
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Wed Oct 2 21:28:50 2013 +0200

    Firewall: Reorganized layout of rulecreationpage
   =20
    Protocol is now an extra area containing protocol, ICMP-Type and
    source/target ports

commit 40d505ea08931038fba56ee3a8da5053ad7ed389
Merge: 753bb74 5b6acb8
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Wed Oct 2 21:15:22 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit bcd9852e2ee73b741f5996ecc05ba3758d330fb8
Merge: 285de10 ec36876
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Wed Oct 2 07:22:10 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 753bb74ce55d5107d3e8001ed5c15f462261aab3
Merge: 2ad3c08 ec36876
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 1 20:30:30 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 2ad3c084eef6d82a8690e5d488d84c61e892ef4e
Merge: 3bb77d0 285de10
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 1 20:30:06 2013 +0200

    Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/am=
arx/ipfire-2.x into firewall-fifteen

commit 285de10662731bb67e946e7e112bb4cf892173bf
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 1 07:45:58 2013 +0200

    Firewall: fixed rules.pl (no INPUT rules where created when using port an=
d prot "all")
    This is a bug which was raised due to the last commit

commit 4c27368a7bc135dc4443711c4eeabec0885ce1ff
Merge: fadcfb7 42e4fa8
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Oct 1 07:44:29 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 3bb77d08a689ef0b4ebaa88f48a684fe85ec580d
Merge: 16ba0c0 fadcfb7
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Sep 30 20:04:38 2013 +0200

    Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/am=
arx/ipfire-2.x into firewall-fifteen

commit 16ba0c00d0d7b223682ab161c23af71315f6826a
Merge: 71670b9 83dfa1d
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Sep 30 20:04:05 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit fadcfb73203c97e7062828eb77360b4382555943
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Sep 30 15:43:51 2013 +0200

    Firewall: moved nat part between source and target and moved protocol dro=
pdown behind target area

commit a0a5efd7684e90f8dd8e465f1b54ec4fd043ae4d
Merge: 2aeb4b2 83dfa1d
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Sep 30 11:06:42 2013 +0200

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
rewall-fifteen

commit 71670b91cccc3500d03605673f3966d669c93d70
Merge: 439d2a5 2aeb4b2
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Fri Sep 27 15:18:05 2013 +0200

    Merge branch 'firewall-fifteen' of ssh://git.ipfire.org/pub/git/people/am=
arx/ipfire-2.x into firewall-fifteen

commit 2aeb4b256eb99c8971da60a5dff6bd3929270798
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Fri Sep 27 10:16:52 2013 +0200

    Firewall: Bugfix: wrong counter when using selfdefinded services in a rul=
e that could not be applied
    Bugfix: When using ICMP-ALL in a rule, the rule was not applied
    Bugfix: When using selfdefined services (icmp) and group them together. T=
hen when using these services/groups in a rule and afterwards changing the se=
rvice, the edited service was not applied

-----------------------------------------------------------------------

Summary of changes:
 config/forwardfw/rules.pl  |  67 ++++----
 html/cgi-bin/forwardfw.cgi | 404 ++++++++++++++++++++++++++-----------------=
--
 html/cgi-bin/fwhosts.cgi   |   2 +-
 langs/de/cgi-bin/de.pl     |   2 +
 langs/en/cgi-bin/en.pl     |   4 +-
 5 files changed, 273 insertions(+), 206 deletions(-)

Difference in files:
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index 3f491f7..fcaade2 100755
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -213,14 +213,13 @@ sub buildrules
 			}
 			##get source prot and port
 			$SRC_TGT=3D'SRC';
-			$SPROT =3D &get_prot($hash,$key);
 			$SPORT =3D &get_port($hash,$key);
 			$SRC_TGT=3D'';
=20
 			##get target prot and port
 			$DPROT=3D&get_prot($hash,$key);
=20
-			if ($DPROT eq ''){$DPROT=3D' ';}			=09
+			if ($DPROT eq ''){$DPROT=3D' ';}
 			@DPROT=3Dsplit(",",$DPROT);
=20
 			#get time if defined
@@ -252,12 +251,12 @@ sub buildrules
 				#print rules to console
 				foreach my $DPROT (@DPROT){
 					$DPORT =3D &get_port($hash,$key,$DPROT);
-					if ($SPROT ne ''){$PROT=3D$SPROT;}else{$PROT=3D$DPROT;}
+					$PROT=3D$DPROT;
 					$PROT=3D"-p $PROT" if ($PROT ne '' && $PROT ne ' ');
 					foreach my $a (sort keys %sourcehash){
 						foreach my $b (sort keys %targethash){
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne=
 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
-								if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+								if($DPROT ne ''){
 									if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] =
ne ''){ $STAG=3D"-s";}
 									if(substr($DPORT, 2, 4) eq 'icmp'){
 										my @icmprule=3D split(",",substr($DPORT, 12,));
@@ -311,12 +310,12 @@ sub buildrules
 			}elsif($MODE eq '0'){
 				foreach my $DPROT (@DPROT){
 					$DPORT =3D &get_port($hash,$key,$DPROT);
-					if ($SPROT ne ''){$PROT=3D$SPROT;}else{$PROT=3D$DPROT;}
+					$PROT=3D$DPROT;
 					$PROT=3D"-p $PROT" if ($PROT ne '' && $PROT ne ' ');
 					foreach my $a (sort keys %sourcehash){
 						foreach my $b (sort keys %targethash){
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne=
 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
-								if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
+								if($DPROT ne ''){
 									if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] =
ne ''){ $STAG=3D"-s";}
 									#Process ICMP RULE
 									if(substr($DPORT, 2, 4) eq 'icmp'){
@@ -528,33 +527,29 @@ sub get_prot
 {
 	my $hash=3Dshift;
 	my $key=3Dshift;
-	if ($$hash{$key}[7] eq 'ON' && $SRC_TGT eq 'SRC'){
-		if ($$hash{$key}[10] ne ''){
-			return"$$hash{$key}[8]";
-		}elsif($$hash{$key}[9] ne ''){
-			return"$$hash{$key}[8]";
-		}else{
-			return "$$hash{$key}[8]";
-		}
-	}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
-		if ($$hash{$key}[14] eq 'TGT_PORT'){
-			if ($$hash{$key}[15] ne ''){
-				return "$$hash{$key}[12]";
-			}elsif($$hash{$key}[13] ne ''){
-				return "$$hash{$key}[12]";
-			}else{
-				return "$$hash{$key}[12]";
-			}
-		}elsif($$hash{$key}[14] eq 'cust_srv'){
+	#check AH,GRE,ESP or ICMP
+	if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON'){
+		return "$$hash{$key}[8]";
+	}
+	if ($$hash{$key}[7] eq 'ON' || $$hash{$key}[11] eq 'ON'){
+		#check if servicegroup or service
+		if($$hash{$key}[14] eq 'cust_srv'){
 			return &fwlib::get_srv_prot($$hash{$key}[15]);
-		=09
 		}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
 			return &fwlib::get_srvgrp_prot($$hash{$key}[15]);
+		}elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && $$hash{$key}=
[8] eq ''){ #when ports are used and prot set to "all"
+			return "TCP,UDP";
+		}elsif (($$hash{$key}[10] ne '' || $$hash{$key}[15] ne '') && ($$hash{$key=
}[8] eq 'TCP' || $$hash{$key}[8] eq 'UDP')){ #when ports are used and prot se=
t to "tcp" or "udp"
+			return "$$hash{$key}[8]";
+		}elsif (($$hash{$key}[10] eq '' && $$hash{$key}[15] eq '') && $$hash{$key}=
[8] ne 'ICMP'){ #when ports are NOT used and prot NOT set to "ICMP"
+			return "$$hash{$key}[8]";
+		}else{
+			return "$$hash{$key}[8]";
 		}
 	}
 	#DNAT
 	if ($SRC_TGT eq '' && $$hash{$key}[31] eq 'dnat' && $$hash{$key}[11] eq '' =
&& $$hash{$key}[12] ne ''){
-		return "$$hash{$key}[12]";
+		return "$$hash{$key}[8]";
 	}
 }
 sub get_port
@@ -574,10 +569,6 @@ sub get_port
 					return ":$$hash{$key}[10]";
 				}
 			}
-		}elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
-			return "--icmp-type $$hash{$key}[9] ";
-		}elsif($$hash{$key}[9] eq 'All ICMP-Types'){
-			return;
 		}
 	}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
 		if($$hash{$key}[14] eq 'TGT_PORT'){
@@ -593,10 +584,6 @@ sub get_port
 						 return ":$$hash{$key}[15]";
 					 }
 				}
-			}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
-				return "--icmp-type $$hash{$key}[13] ";
-			}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] eq 'All ICMP-Types'){
-				return;
 			}
 		}elsif($$hash{$key}[14] eq 'cust_srv'){
 			if ($prot ne 'ICMP'){
@@ -605,10 +592,8 @@ sub get_port
 				}else{
 					return "--dport ".&fwlib::get_srv_port($$hash{$key}[15],1,$prot);
 				}
-			}elsif($prot eq 'ICMP' && $$hash{$key}[15] ne 'All ICMP-Types'){
+			}elsif($prot eq 'ICMP' && $$hash{$key}[11] eq 'ON'){        #When PROT is=
 ICMP and "use targetport is checked, this is an icmp-service
 				return "--icmp-type ".&fwlib::get_srv_port($$hash{$key}[15],3,$prot);
-			}elsif($prot eq 'ICMP' && $$hash{$key}[15] eq 'All ICMP-Types'){
-				return;
 			}
 		}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
 			if 	($prot ne 'ICMP'){
@@ -619,4 +604,12 @@ sub get_port
 			}
 		}
 	}
+	#CHECK ICMP
+	if ($$hash{$key}[7] ne 'ON' && $$hash{$key}[11] ne 'ON' && $SRC_TGT eq ''){
+		if($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
+			return "--icmp-type $$hash{$key}[9] ";
+		}elsif($$hash{$key}[9] eq 'All ICMP-Types'){
+			return;
+		}
+	}
 }
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index 405a97d..f8f14ad 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -115,6 +115,45 @@ print<<END;
 function checkradio(a){
 	\$(a).attr('checked', true);
 }
+function toggle_elements( id ) {
+	if(document.getElementById(id).style.display=3D=3D "none")
+	{
+		document.getElementById(id).style.display=3D'block';
+	}
+	else{
+		document.getElementById(id).style.display=3D'none';
+	}
+	if(document.getElementById('targetport').style.display=3D=3D "none" && docu=
ment.getElementById('PROT').value =3D=3D=3D 'ICMP' )
+	{
+		document.getElementById('PROTOKOLL').style.display=3D'block';
+	}
+	if(document.getElementById('targetport').style.display=3D=3D "block" && doc=
ument.getElementById('PROT').value =3D=3D=3D 'ICMP' )
+	{
+		document.getElementById('PROTOKOLL').style.display=3D'none';
+	}
+	return true;
+}
+function hide_elements()
+{
+	var elementNames =3D hide_elements.arguments;
+	for (var i=3D0; i<elementNames.length; i++)
+	{
+		var elementName =3D elementNames[i];
+		document.getElementById(elementName).style.display=3D'none';
+	}
+}
+function getdropdown()
+{
+	d =3D document.getElementById("PROT").value;
+	if ( d =3D=3D 'ICMP' )
+	{
+		document.getElementById('PROTOKOLL').style.display=3D'block';
+	}
+	else
+	{
+		document.getElementById('PROTOKOLL').style.display=3D'none';
+	}
+}
 </script>
 END
=20
@@ -128,7 +167,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 	$errormessage=3D&checksource;
 	if(!$errormessage){&checktarget;}
 	if(!$errormessage){&checkrule;}
-=09
 	#check if manual ip (source) is orange network
 	if ($fwdfwsettings{'grp1'} eq 'src_addr'){
 		my ($sip,$scidr) =3D split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
@@ -466,32 +504,6 @@ sub checksource
=20
 	#check empty fields
 	if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq ''){ $errormessage.=3D$Lang::=
tr{'fwdfw err nosrc'}."<br>";}
-	#check icmp source
-		if ($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'I=
CMP'){
-			$fwdfwsettings{'SRC_PORT'}=3D'';
-			&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmpty=
pes);
-			foreach my $key (keys %icmptypes){
-				if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key=
}[1])"){
-					$fwdfwsettings{'ICMP_TYPES'}=3D"$icmptypes{$key}[0]";
-				}
-			}
-		}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq=
 'GRE'){
-			$fwdfwsettings{'SRC_PORT'}=3D'';
-			$fwdfwsettings{'ICMP_TYPES'}=3D'';
-		}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq=
 'ESP'){
-			$fwdfwsettings{'SRC_PORT'}=3D'';
-			$fwdfwsettings{'ICMP_TYPES'}=3D'';
-		}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} eq=
 'AH'){
-			$fwdfwsettings{'SRC_PORT'}=3D'';
-			$fwdfwsettings{'ICMP_TYPES'}=3D'';=09
-		}elsif($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne=
 'ICMP'){
-			$fwdfwsettings{'ICMP_TYPES'}=3D'';
-		}else{
-			$fwdfwsettings{'ICMP_TYPES'}=3D'';
-			$fwdfwsettings{'SRC_PORT'}=3D'';
-			$fwdfwsettings{'PROT'}=3D'';
-		}
-
 	if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TC=
P' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
 		my @parts=3Dsplit(",",$fwdfwsettings{'SRC_PORT'});
 		my @values=3D();
@@ -552,11 +564,11 @@ sub checktarget
 			}
 			#check if Port is a single Port or portrange
 			if ($fwdfwsettings{'nat'} eq 'dnat' &&  $fwdfwsettings{'grp3'} eq 'TGT_PO=
RT'){
-				if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne =
'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
+				if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') &=
& $fwdfwsettings{'TGT_PORT'} eq ''){
 					$errormessage=3D$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat po=
rterr'}."<br>";
 					return $errormessage;
 				}
-				if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq=
 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings=
{'TGT_PORT'})){
+				if (($fwdfwsettings{'PROT'} eq 'TCP'|| $fwdfwsettings{'PROT'} eq 'UDP') =
&& $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PO=
RT'})){
 					$errormessage=3D$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat po=
rterr'}."<br>";
 					return $errormessage;
 				}
@@ -601,17 +613,19 @@ sub checktarget
 		if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
 			$fwdfwsettings{'TGT_PROT'}=3D'';
 			$fwdfwsettings{'ICMP_TGT'}=3D'';
+			$fwdfwsettings{'TGT_PORT'}=3D'';
 		}
 		if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
 			$fwdfwsettings{'TGT_PROT'}=3D'';
 			$fwdfwsettings{'ICMP_TGT'}=3D'';
+			$fwdfwsettings{'TGT_PORT'}=3D'';
 			#check target service
 			if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq ''){
 				$errormessage.=3D$Lang::tr{'fwdfw err tgt_grp'};
 			}
 		}
 		if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
-			if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq =
'UDP'){
+			if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP'){
 				if ($fwdfwsettings{'TGT_PORT'} ne ''){
 					if ($fwdfwsettings{'TGT_PORT'} =3D~ "," && $fwdfwsettings{'USE_NAT'} &&=
 $fwdfwsettings{'nat'} eq 'dnat') {
 						$errormessage=3D$Lang::tr{'fwdfw dnat porterr'}."<br>";
@@ -645,34 +659,26 @@ sub checktarget
 							if (&General::validport($_)){
 								push (@values,$_);
 							}else{
-							=09
 							}
 						}
 					}
 					$fwdfwsettings{'TGT_PORT'}=3Djoin("|",@values);
 				}
-			}elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
+			}elsif ($fwdfwsettings{'PROT'} eq 'GRE'){
 					$fwdfwsettings{$fwdfwsettings{'grp3'}} =3D '';
 					$fwdfwsettings{'TGT_PORT'} =3D '';
 					$fwdfwsettings{'ICMP_TGT'} =3D '';
-			}elsif($fwdfwsettings{'TGT_PROT'} eq 'ESP'){
+			}elsif ($fwdfwsettings{'PROT'} eq 'ESP'){
 					$fwdfwsettings{$fwdfwsettings{'grp3'}} =3D '';
 					$fwdfwsettings{'TGT_PORT'} =3D '';
 					$fwdfwsettings{'ICMP_TGT'}=3D'';
-			}elsif($fwdfwsettings{'TGT_PROT'} eq 'AH'){
+			}elsif ($fwdfwsettings{'PROT'} eq 'AH'){
 					$fwdfwsettings{$fwdfwsettings{'grp3'}} =3D '';
 					$fwdfwsettings{'TGT_PORT'} =3D '';
 					$fwdfwsettings{'ICMP_TGT'}=3D'';
-			}elsif ($fwdfwsettings{'TGT_PROT'} eq 'ICMP'){
+			}elsif ($fwdfwsettings{'PROT'} eq 'ICMP'){
 				$fwdfwsettings{$fwdfwsettings{'grp3'}} =3D '';
 				$fwdfwsettings{'TGT_PORT'} =3D '';
-				&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmpt=
ypes);
-				foreach my $key (keys %icmptypes){
-				=09
-					if ("$icmptypes{$key}[0] ($icmptypes{$key}[1])" eq $fwdfwsettings{'ICMP=
_TGT'}){
-						$fwdfwsettings{'ICMP_TGT'}=3D$icmptypes{$key}[0];
-					}
-				}
 			}
 		}
 	}
@@ -807,26 +813,68 @@ sub checkrule
 			}
 		}
 	}
-	#check source and destination protocol if manual
-	if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq '=
ON'){
-			if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings=
{'grp3'} eq 'TGT_PORT'){
-			$errormessage.=3D$Lang::tr{'fwdfw err prot'};
-		}
-		#check source and destination protocol if source manual and dest servicegrp
-		if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
-			foreach my $key (sort keys %customservice){
-				if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
-					if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
-						$errormessage.=3D$Lang::tr{'fwdfw err prot'};
-						last;
-					}
+	#When using source- or targetport, the protocol has to be TCP or UDP
+	if (($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq =
'ON') && ($fwdfwsettings{'SRC_PORT'} ne '' || $fwdfwsettings{'TGT_PORT'} ne '=
') && ($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP')){
+		$errormessage.=3D$Lang::tr{'fwdfw err prot_port1'};
+		return;
+	}
+	#when icmp selected, no targetport allowed
+	if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fw=
dfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfws=
ettings{'USE_SRC_PORT'} eq 'ON')){
+		$errormessage.=3D$Lang::tr{'fwdfw err prot_port'};
+		return;
+	}
+	#change protocol if prot not equal dest single service
+	if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
+		foreach my $key (sort keys %customservice){
+			if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
+				if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
+					$fwdfwsettings{'PROT'} =3D $customservice{$key}[2];
+					last;
 				}
 			}
 		}
 	}
-	if( $fwdfwsettings{'USE_SRC_PORT'} ne 'ON' && $fwdfwsettings{'USESRV'} ne '=
ON'){
-		$fwdfwsettings{'PROT'}=3D'';
-		$fwdfwsettings{'TGT_PROT'}=3D'';
+	#check source and destination protocol if source manual and dest servicegro=
up
+	if ($fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+		$fwdfwsettings{'PROT'} =3D '';
+	}
+	#ATTENTION: $fwdfwsetting{'TGT_PROT'} deprecated since 30.09.2013
+	$fwdfwsettings{'TGT_PROT'}=3D''; #Set field empty (deprecated)
+	#Check ICMP Types
+	if ($fwdfwsettings{'PROT'} eq 'ICMP'){
+		$fwdfwsettings{'USE_SRC_PORT'}=3D'';
+		$fwdfwsettings{'SRC_PORT'}=3D'';
+		#$fwdfwsettings{'USESRV'}=3D'';
+		$fwdfwsettings{'TGT_PORT'}=3D'';
+		&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptyp=
es);
+		foreach my $key (keys %icmptypes){
+			if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0] ($icmptypes{$key}=
[1])"){
+				$fwdfwsettings{'ICMP_TYPES'}=3D"$icmptypes{$key}[0]";
+			}
+		}
+	}elsif($fwdfwsettings{'PROT'} eq 'GRE'){
+		$fwdfwsettings{'USE_SRC_PORT'}=3D'';
+		$fwdfwsettings{'SRC_PORT'}=3D'';
+		$fwdfwsettings{'ICMP_TYPES'}=3D'';
+		$fwdfwsettings{'USESRV'}=3D'';
+		$fwdfwsettings{'TGT_PORT'}=3D'';
+	}elsif($fwdfwsettings{'PROT'} eq 'ESP'){
+		$fwdfwsettings{'USE_SRC_PORT'}=3D'';
+		$fwdfwsettings{'SRC_PORT'}=3D'';
+		$fwdfwsettings{'ICMP_TYPES'}=3D'';
+		$fwdfwsettings{'USESRV'}=3D'';
+		$fwdfwsettings{'TGT_PORT'}=3D'';
+	}elsif($fwdfwsettings{'PROT'} eq 'AH'){
+		$fwdfwsettings{'USE_SRC_PORT'}=3D'';
+		$fwdfwsettings{'SRC_PORT'}=3D'';
+		$fwdfwsettings{'ICMP_TYPES'}=3D'';
+		$fwdfwsettings{'USESRV'}=3D'';
+		$fwdfwsettings{'TGT_PORT'}=3D'';
+	}elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' &=
& $fwdfwsettings{'PROT'} ne 'ICMP'){
+		$fwdfwsettings{'ICMP_TYPES'}=3D'';
+		$fwdfwsettings{'PROT'} =3D '';
+	}elsif($fwdfwsettings{'PROT'} ne 'ICMP'){
+		$fwdfwsettings{'ICMP_TYPES'}=3D'';
 	}
 }
 sub checkcounter
@@ -1158,7 +1206,7 @@ sub getsrcport
 {
 	my %hash=3D%{(shift)};
 	my $key=3Dshift;
-	if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne '' && $hash{$key}[10]){
+	if($hash{$key}[7] eq 'ON' && $hash{$key}[10]){
 		$hash{$key}[10]=3D~ s/\|/,/g;
 		print": $hash{$key}[10]";
 	}elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
@@ -1188,8 +1236,6 @@ sub gettgtport
 		if($service){
 			print": $service";
 		}
-	}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
-		print":<br>$hash{$key}[13]";
 	}
 }
 sub get_serviceports
@@ -1226,7 +1272,7 @@ sub get_serviceports
 		}
 	}
 	if($tcp && $udp && $icmp){
-		push (@protocols,"All");
+		push (@protocols,"TCP,UDP, <br>ICMP");
 		return @protocols;
 	}
 	if($tcp){
@@ -1541,7 +1587,6 @@ END
 		print "<option value=3D'ORANGE' $selected{'ipfire_src'}{'ORANGE'}>$Lang::t=
r{'orange'} ($ifaces{'ORANGE_ADDRESS'})</option>" if (&Header::orange_used());
 		print "<option value=3D'BLUE' $selected{'ipfire_src'}{'BLUE'}>$Lang::tr{'b=
lue'} ($ifaces{'BLUE_ADDRESS'})</option>" if (&Header::blue_used());
 		print "<option value=3D'RED1' $selected{'ipfire_src'}{'RED1'}>$Lang::tr{'r=
ed1'} ($redip)" if ($redip);
-
 		if (! -z "${General::swroot}/ethernet/aliases"){
 			foreach my $alias (sort keys %aliases)
 			{
@@ -1552,41 +1597,51 @@ END
 		</select></td></tr>
 		<tr><td colspan=3D'8'><hr style=3D'border:dotted #BFBFBF; border-width:1px=
 0 0 0 ; ' /></td></tr></table>
 END
-	&gen_dd_block('src','grp1');
+		&gen_dd_block('src','grp1');
+		print"<hr>";
+		&Header::closebox();
+		#---SNAT / DNAT ------------------------------------------------
+		&Header::openbox('100%', 'left', 'NAT');
 		print<<END;
-		<table><tr><td colspan=3D'8'><hr style=3D'border:dotted #BFBFBF; border-wi=
dth:1px 0 0 0 ; ' /></td></tr></table>
 		<table width=3D'100%' border=3D'0'>
-		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USE_SRC_PORT' value=
=3D'ON' $checked{'USE_SRC_PORT'}{'ON'}></td><td width=3D'51%' colspan=3D'3'>$=
Lang::tr{'fwdfw use srcport'}</td>
-		<td width=3D'15%' nowrap=3D'nowrap'>$Lang::tr{'fwdfw man port'}</td><td><s=
elect name=3D'PROT'>
+		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USE_NAT' id=3D'USE_N=
AT' value=3D'ON' $checked{'USE_NAT'}{'ON'} onclick=3D"toggle_elements('natpar=
t')" ></td><td width=3D'15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan=3D'5'=
></td></tr></table>
+		<div id=3D"natpart" class=3D"noscript">
+		<table width=3D100%' border=3D'0'><tr>
+		<tr><td colspan=3D'2'></td><td width=3D'1%'><input type=3D'radio' name=3D'=
nat' id=3D'dnat' value=3D'dnat' checked ></td><td width=3D'50%'>$Lang::tr{'fw=
dfw dnat'}</td>
 END
-		foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+		print"<td width=3D'8%'>Firewall: </td><td width=3D'20%' align=3D'right'><s=
elect name=3D'dnat' style=3D'width:140px;'>";
+		print "<option value=3D'ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr=
{'all'}</option>";
+		print "<option value=3D'Default IP' $selected{'dnat'}{'Default IP'}>Defaul=
t IP</option>";
+		foreach my $alias (sort keys %aliases)
 		{
-			if ($_ eq $fwdfwsettings{'PROT'})
+			print "<option value=3D'$alias' $selected{'dnat'}{$alias}>$alias</option>=
";
+		}
+		print"</select></td></tr>";
+		$fwdfwsettings{'dnatport'}=3D~ tr/|/,/;
+		print"<tr><td colspan=3D'4'></td><td>Port: </td><td align=3D'right'><input=
 type=3D'text' name=3D'dnatport' style=3D'width:130px;' value=3D\"$fwdfwsetti=
ngs{'dnatport'}\"> </td></tr>";
+		print"<tr><td colspan=3D'8'><br></td></tr>";
+		#SNAT
+		print"<tr><td colspan=3D'2'></td><td width=3D'1%'><input type=3D'radio' na=
me=3D'nat' id=3D'snat' value=3D'snat'  $checked{'nat'}{'snat'}></td><td width=
=3D'20%'>$Lang::tr{'fwdfw snat'}</td>";
+		print"<td width=3D'8%'>Firewall: </td><td width=3D'20%' align=3D'right'><s=
elect name=3D'snat' style=3D'width:140px;'>";
+		foreach my $alias (sort keys %aliases)
 			{
-				print"<option selected>$_</option>";
-			}else{
-				print"<option>$_</option>";
+				print "<option value=3D'$alias' $selected{'snat'}{$alias}>$alias</option=
>";
 			}
+		foreach my $network (sort keys %defaultNetworks)
+		{
+			next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
+			next if($defaultNetworks{$network}{'NAME'} eq "ALL");
+			next if($defaultNetworks{$network}{'NAME'} =3D~ /OpenVPN/i);
+			print "<option value=3D'$defaultNetworks{$network}{'NAME'}'";
+			print " selected=3D'selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} =
eq $defaultNetworks{$network}{'NAME'});
+			print ">$network</option>";
 		}
-		$fwdfwsettings{'SRC_PORT'}=3D~ s/\|/,/g;
-		print<<END;
-		</select></td><td align=3D'right'><input type=3D'text' name=3D'SRC_PORT' v=
alue=3D'$fwdfwsettings{'SRC_PORT'}' maxlength=3D'20' size=3D'18' ></td></tr>
-		<tr><td></td><td></td><td></td><td></td><td nowrap=3D'nowrap'>$Lang::tr{'f=
whost icmptype'}</td><td colspan=3D'2'><select name=3D'ICMP_TYPES' style=3D'w=
idth:230px;'>
-END
-		&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptyp=
es);
-		print"<option>All ICMP-Types</option>";
-		foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) } keys %=
icmptypes){
-			if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
-				print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option=
>";
-			}else{
-				print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
-			}
+		print"</select></td></tr></table>";
+		print"</div><br><hr>";
+		if ($fwdfwsettings{'USE_NAT'} ne 'ON'){
+			print"<script language=3D'JavaScript'>hide_elements('natpart');</script>";
 		}
-		print<<END;
-		</select></td></tr></table><br><hr>
-END
 		&Header::closebox();
-
 		#---TARGET------------------------------------------------------
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
 		print<<END;
@@ -1610,10 +1665,71 @@ END
 		<tr><td colspan=3D'7'><hr style=3D'border:dotted #BFBFBF; border-width:1px=
 0 0 0 ; ' /></td></tr></table>
 END
 		&gen_dd_block('tgt','grp2');
+		print"<hr>";
+		&Header::closebox;
+		#---PROTOCOL------------------------------------------------------
+		&Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
+		print<<END;
+		<table width=3D'15%' border=3D'0' style=3D"float:left;">
+		<tr><td><select name=3D'PROT'  id=3D'PROT' onchange=3D"getdropdown()">
+END
+		if ($fwdfwsettings{'PROT'} eq ''){
+				print"<option value=3D'' selected>$Lang::tr{'all'}</option>";
+		}else{
+			print"<option value=3D''>$Lang::tr{'all'}</option>";
+		}
+		foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
+		{
+			if ($_ eq $fwdfwsettings{'PROT'})
+			{
+				print"<option selected>$_</option>";
+			}else{
+				print"<option>$_</option>";
+			}
+		}
+		print"</select></td></tr></table>";
+		print<<END;
+		<div id=3D"PROTOKOLL" class=3D"noscript"><table width=3D'30%' border=3D'0'=
 style=3D"float:left;"><tr><td>$Lang::tr{'fwhost icmptype'}</td><td colspan=
=3D'2'><select name=3D'ICMP_TYPES' style=3D'min-width:230px;'>
+END
+		&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptyp=
es);
+		print"<option>All ICMP-Types</option>";
+		foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %i=
cmptypes){
+			if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
+				print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option=
>";
+			}else{
+				print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
+			}
+		}
+		print<<END;
+		</select></td></tr>
+		</table></div><br><br><br>
+END
+		if ($fwdfwsettings{'PROT'} ne 'ICMP'){
+			print"<script language=3D'JavaScript'>hide_elements('PROTOKOLL');</script=
>";
+		}
+		#SOURCEPORT
+		print<<END;
+		<table width=3D'100%'><tr><td colspan=3D'8'><hr style=3D'border:dotted #BF=
BFBF; border-width:1px 0 0 0 ; ' /></td></table>
+		<table width=3D'100%' border=3D'0'>
+		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USE_SRC_PORT' value=
=3D'ON' $checked{'USE_SRC_PORT'}{'ON'} onclick=3D"toggle_elements('srcport')"=
></td>
+		<td width=3D'51%' colspan=3D'3'>$Lang::tr{'fwdfw use srcport'}</td></tr></=
table>
+		<div id=3D"srcport" class=3D"noscript"><table width=3D'100%' border=3D'0'>=
<tr>
+		<td width=3D'70%' nowrap=3D'nowrap' align=3D'right'>$Lang::tr{'fwdfw man p=
ort'}</td>
+END
+		$fwdfwsettings{'SRC_PORT'}=3D~ s/\|/,/g;
+		print<<END;
+		<td align=3D'right'><input type=3D'text' name=3D'SRC_PORT' value=3D'$fwdfw=
settings{'SRC_PORT'}' maxlength=3D'20' size=3D'18' ></td></tr>
+		</table></div><br>
+END
+		if ($fwdfwsettings{'USE_SRC_PORT'} ne 'ON'){
+			print"<script language=3D'JavaScript'>hide_elements('srcport');</script>";
+		}
+		#TARGETPORT
 		print<<END;
 		<hr style=3D'border:dotted #BFBFBF; border-width:1px 0 0 0 ; '><br>
 		<table width=3D'100%' border=3D'0'>
-		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USESRV' value=3D'ON'=
 $checked{'USESRV'}{'ON'} ></td><td width=3D'48%'>$Lang::tr{'fwdfw use srv'}<=
/td><td width=3D'1%'><input type=3D'radio' name=3D'grp3' id=3D'cust_srv' valu=
e=3D'cust_srv' checked></td><td nowrap=3D'nowrap'>$Lang::tr{'fwhost cust serv=
ice'}</td><td width=3D'1%' colspan=3D'2'><select name=3D'cust_srv' style=3D'm=
in-width:230px;' >
+		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USESRV' value=3D'ON'=
 $checked{'USESRV'}{'ON'} onclick=3D"toggle_elements('targetport')"></td><td =
width=3D'48%'>$Lang::tr{'fwdfw use srv'}</td></tr></table>
+		<div id=3D"targetport" class=3D"noscript"><table width=3D'100%' border=3D'=
0'><tr><td width=3D'80%'></td><td width=3D'1%'><input type=3D'radio' name=3D'=
grp3' id=3D'cust_srv' value=3D'cust_srv' checked></td><td nowrap=3D'nowrap'>$=
Lang::tr{'fwhost cust service'}</td><td width=3D'1%' colspan=3D'2'><select na=
me=3D'cust_srv' style=3D'min-width:230px;' >
 END
 		&General::readhasharray("$configsrv", \%customservice);
 		foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) =
} keys %customservice){
@@ -1623,7 +1739,7 @@ END
 		}=09
 		print<<END;
 		</select></td></tr>
-		<tr><td colspan=3D'2'></td><td><input type=3D'radio' name=3D'grp3' id=3D'c=
ust_srvgrp' value=3D'cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td no=
wrap=3D'nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan=3D'2'><select=
 name=3D'cust_srvgrp' style=3D'min-width:230px;' >
+		<tr><td></td><td><input type=3D'radio' name=3D'grp3' id=3D'cust_srvgrp' va=
lue=3D'cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap=3D'nowrap=
'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan=3D'2'><select name=3D'cust_=
srvgrp' style=3D'min-width:230px;' >
 END
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
 		my $helper;
@@ -1637,74 +1753,20 @@ END
 		}=09
 		print<<END;
 		</select></td></tr>
-		<tr><td colspan=3D'2'></td><td><input type=3D'radio' name=3D'grp3' id=3D'T=
GT_PORT' value=3D'TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'=
fwdfw man port'}</td><td><select name=3D'TGT_PROT' onchange=3D'checkradio(\"#=
TGT_PORT\")'>
+		<tr><td></td><td><input type=3D'radio' name=3D'grp3' id=3D'TGT_PORT' value=
=3D'TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port=
'}</td>
 END
-		foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
-		{
-			if ($_ eq $fwdfwsettings{'TGT_PROT'})
-			{
-				print"<option selected>$_</option>";
-			}else{
-				print"<option>$_</option>";
-			}
-		}
 		$fwdfwsettings{'TGT_PORT'} =3D~ s/\|/,/g;
 		print<<END;
-		</select></td><td align=3D'right'><input type=3D'text' name=3D'TGT_PORT' v=
alue=3D'$fwdfwsettings{'TGT_PORT'}' maxlength=3D'20' size=3D'18' onclick=3D'c=
heckradio(\"#TGT_PORT\")'></td></tr>
-		<tr><td colspan=3D'2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><=
td colspan=3D'2'><select name=3D'ICMP_TGT' style=3D'min-width:230px;'>
-END
-		&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptyp=
es);
-		print"<option>All ICMP-Types</option>";
-		foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %i=
cmptypes){
-			if($fwdfwsettings{'ICMP_TGT'} eq "$icmptypes{$key}[0]"){
-				print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option=
>";
-			}else{
-				print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
-			}
-		}
-		print<<END;
-		</select></td></tr>
-		</table><br><hr>
-
-END
-		&Header::closebox;
-		#---SNAT / DNAT ------------------------------------------------
-		&Header::openbox('100%', 'left', 'NAT');
-		print<<END;
-		<table width=3D'100%' border=3D'0'>
-		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'USE_NAT' id=3D'USE_N=
AT' value=3D'ON' $checked{'USE_NAT'}{'ON'}></td><td width=3D'15%'>$Lang::tr{'=
fwdfw use nat'}</td><td colspan=3D'5'></td></tr>
-		<tr><td colspan=3D'2'></td><td width=3D'1%'><input type=3D'radio' name=3D'=
nat' id=3D'dnat' value=3D'dnat' checked ></td><td width=3D'50%'>$Lang::tr{'fw=
dfw dnat'}</td>
+		<td align=3D'right'><input type=3D'text' name=3D'TGT_PORT' value=3D'$fwdfw=
settings{'TGT_PORT'}' maxlength=3D'20' size=3D'18' onclick=3D'checkradio(\"#T=
GT_PORT\")'></td></tr>
+		</table></div><br><hr>
 END
-		print"<td width=3D'8%'>Firewall: </td><td width=3D'20%' align=3D'right'><s=
elect name=3D'dnat' style=3D'width:140px;'>";
-		print "<option value=3D'ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr=
{'all'}</option>";
-		print "<option value=3D'Default IP' $selected{'dnat'}{'Default IP'}>Defaul=
t IP</option>";
-		foreach my $alias (sort keys %aliases)
-		{
-			print "<option value=3D'$alias' $selected{'dnat'}{$alias}>$alias</option>=
";
+		if ($fwdfwsettings{'USESRV'} ne 'ON'){
+			print"<script language=3D'JavaScript'>hide_elements('targetport');</scrip=
t>";
 		}
-		print"</select></td></tr>";
-		$fwdfwsettings{'dnatport'}=3D~ tr/|/,/;
-		print"<tr><td colspan=3D'4'></td><td>Port: </td><td align=3D'right'><input=
 type=3D'text' name=3D'dnatport' style=3D'width:130px;' value=3D\"$fwdfwsetti=
ngs{'dnatport'}\"> </td></tr>";
-		print"<tr><td colspan=3D'8'><br></td></tr>";
-		#SNAT
-		print"<tr><td colspan=3D'2'></td><td width=3D'1%'><input type=3D'radio' na=
me=3D'nat' id=3D'snat' value=3D'snat'  $checked{'nat'}{'snat'}></td><td width=
=3D'20%'>$Lang::tr{'fwdfw snat'}</td>";
-		print"<td width=3D'8%'>Firewall: </td><td width=3D'20%' align=3D'right'><s=
elect name=3D'snat' style=3D'width:140px;'>";
-		foreach my $alias (sort keys %aliases)
-			{
-				print "<option value=3D'$alias' $selected{'snat'}{$alias}>$alias</option=
>";
-			}
-		foreach my $network (sort keys %defaultNetworks)
-		{
-			next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
-			next if($defaultNetworks{$network}{'NAME'} eq "ALL");
-			next if($defaultNetworks{$network}{'NAME'} =3D~ /OpenVPN/i);
-			print "<option value=3D'$defaultNetworks{$network}{'NAME'}'";
-			print " selected=3D'selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} =
eq $defaultNetworks{$network}{'NAME'});
-			print ">$network</option>";
+		if ($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
+			print"<script language=3D'JavaScript'>hide_elements('PROTOKOLL');</script=
>";
 		}
-		print"</select></td></tr></table>";
-		print"<hr>";
-		&Header::closebox();
+		&Header::closebox;
 		#---Activate/logging/remark-------------------------------------
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
 		print<<END;
@@ -1715,7 +1777,7 @@ END
 		{
 			if($fwdfwsettings{'updatefwrule'} eq 'on'){
 				print"<option value=3D'$_'";
-				print "selected=3D'selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
+				print " selected=3D'selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
 				print">$Lang::tr{'fwdfw '.$_}</option>";
 			}else{
 				if($fwdfwsettings{'POLICY'} eq 'MODE2'){
@@ -1757,20 +1819,20 @@ END
 		<tr><td width=3D'1%'><input type=3D'checkbox' name=3D'TIME' value=3D'ON' $=
checked{'TIME'}{'ON'}></td><td colspan=3D'9'>$Lang::tr{'fwdfw timeframe'}</td=
></tr>
 		<tr><td colspan=3D'10'>&nbsp;</td></tr>
 		<tr>
-			<td  align=3D'left'>$Lang::tr{'time'}:</td>
-			<td width=3D'30%' align=3D'left'>$Lang::tr{'advproxy monday'} $Lang::tr{'=
advproxy tuesday'} $Lang::tr{'advproxy wednesday'} $Lang::tr{'advproxy thursd=
ay'} $Lang::tr{'advproxy friday'} $Lang::tr{'advproxy saturday'} $Lang::tr{'a=
dvproxy sunday'}</td>
+			<td  align=3D'left' >$Lang::tr{'time'}:&nbsp</td>
+			<td>$Lang::tr{'advproxy monday'}</td><td> $Lang::tr{'advproxy tuesday'} <=
/td><td>$Lang::tr{'advproxy wednesday'}</td><td> $Lang::tr{'advproxy thursday=
'}</td><td> $Lang::tr{'advproxy friday'}</td><td> $Lang::tr{'advproxy saturda=
y'}</td><td> $Lang::tr{'advproxy sunday'}</td>
 			<td width=3D'15%' align=3D'left'>$Lang::tr{'advproxy from'}</td>
 			<td width=3D'15%' align=3D'left'>$Lang::tr{'advproxy to'}</td>
 		</tr>
 		<tr>
 			<td  align=3D'right'></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_MON=
' value=3D'on' $checked{'TIME_MON'}{'on'} /></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_TUE=
' value=3D'on' $checked{'TIME_TUE'}{'on'} /></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_WED=
' value=3D'on' $checked{'TIME_WED'}{'on'} /></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_THU=
' value=3D'on' $checked{'TIME_THU'}{'on'} /></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_FRI=
' value=3D'on' $checked{'TIME_FRI'}{'on'} /></td>
-			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_SAT=
' value=3D'on' $checked{'TIME_SAT'}{'on'} /></td>
-			<td width=3D'15%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_SU=
N' value=3D'on' $checked{'TIME_SUN'}{'on'} /></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_MON=
' value=3D'on' $checked{'TIME_MON'}{'on'} ></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_TUE=
' value=3D'on' $checked{'TIME_TUE'}{'on'} ></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_WED=
' value=3D'on' $checked{'TIME_WED'}{'on'} ></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_THU=
' value=3D'on' $checked{'TIME_THU'}{'on'} ></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_FRI=
' value=3D'on' $checked{'TIME_FRI'}{'on'} ></td>
+			<td width=3D'1%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_SAT=
' value=3D'on' $checked{'TIME_SAT'}{'on'} ></td>
+			<td width=3D'15%' align=3D'left'><input type=3D'checkbox' name=3D'TIME_SU=
N' value=3D'on' $checked{'TIME_SUN'}{'on'} ></td>
 			<td><select name=3D'TIME_FROM'>
 END
 		for (my $i=3D0;$i<=3D23;$i++) {
@@ -2193,10 +2255,8 @@ END
 			print"<td bgcolor=3D'$rulecolor' align=3D'center' width=3D'10'><span titl=
e=3D'$tooltip'><b>$ruletype</b></span></td>";
 			#Get Protocol
 			my $prot;
-			if ($$hash{$key}[8] && $$hash{$key}[7] eq 'ON'){#source prot if manual
+			if ($$hash{$key}[8]){
 				push (@protocols,$$hash{$key}[8]);
-			}elsif ($$hash{$key}[12]){			#target prot if manual
-				push (@protocols,$$hash{$key}[12]);
 			}elsif($$hash{$key}[14] eq 'cust_srv'){
 				&get_serviceports("service",$$hash{$key}[15]);
 			}elsif($$hash{$key}[14] eq 'cust_srvgrp'){
@@ -2205,7 +2265,17 @@ END
 				push (@protocols,$Lang::tr{'all'});
 			}
 			my $protz=3Djoin(",",@protocols);
-			print"<td align=3D'center'>$protz</td>";
+			if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key=
}[14] ne 'cust_srvgrp'){
+				&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmpt=
ypes);
+				foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }k=
eys %icmptypes){
+					if($$hash{$key}[9] eq "$icmptypes{$keyicmp}[0]"){
+						print "<td align=3D'center'><span title=3D'$icmptypes{$keyicmp}[0]'><b=
>$protz ($icmptypes{$keyicmp}[1])</b></span></td>";
+						last;
+					}
+				}
+			}else{
+				print"<td align=3D'center'>$protz</td>";
+			}
 			@protocols=3D();
 			#SOURCE
 			my $ipfireiface;
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 2d4c69f..90a5594 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1740,7 +1740,7 @@ sub viewtableservicegrp
 				}
 			}
 			print"<td align=3D'center'>$port</td><td align=3D'center'>$protocol</td><=
td width=3D'1%'><form method=3D'post'>";
-			if ($number gt '1'){
+			if ($delflag gt '1'){
 				print"<input type=3D'image' src=3D'/images/delete.gif' align=3D'middle' =
alt=3D$Lang::tr{'delete'} title=3D$Lang::tr{'delete'} />";
 			}
 			print"<input type=3D'hidden' name=3D'ACTION' value=3D'delgrpservice'><inp=
ut type=3D'hidden' name=3D'updatesrvgrp' value=3D'$fwhostsettings{'updatesrvg=
rp'}'><input type=3D'hidden' name=3D'delsrvfromgrp' value=3D'$grpname,$remark=
,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 92b8fd0..68dd61a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -933,6 +933,8 @@
 'fwdfw err notgt' =3D> 'Kein Ziel ausgew=C3=A4hlt',
 'fwdfw err notgtip' =3D> 'Bitte Ziel-IP-Adresse angeben',
 'fwdfw err prot' =3D> 'Quell- und Zielprotokoll m=C3=BCssen identisch sein',
+'fwdfw err prot_port' =3D> 'Bei dem gew=C3=A4hlten Protokoll sind Quell- und=
 Zielport nicht erlaubt',
+'fwdfw err prot_port1' =3D> 'Bei Nutzung von Quell- oder Zielport muss als P=
rotokoll TCP oder UDP gew=C3=A4hlt werden.',
 'fwdfw err remark' =3D> 'Die Bemerkung enth=C3=A4lt ung=C3=BCltige Zeichen',
 'fwdfw err ruleexists' =3D> 'Eine identische Regel existiert bereits',
 'fwdfw err same' =3D> 'Quelle und Ziel sind identisch',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 085ee22..b625a6c 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -958,6 +958,8 @@
 'fwdfw err notgt' =3D> 'No destination selected.',
 'fwdfw err notgtip' =3D> 'Please provide a destination IP address.',
 'fwdfw err prot' =3D> 'Source and destination protocol need to match.',
+'fwdfw err prot_port' =3D> 'Source- or targetport are not allowed with selec=
ted protocol',
+'fwdfw err prot_port1' =3D> 'When using Source- or targetport you have to se=
lect TCP or UDP for protocol',
 'fwdfw err remark' =3D> 'Invalid characters in remark.',
 'fwdfw err ruleexists' =3D> 'This rule already exists.',
 'fwdfw err same' =3D> 'Source and destination are identical.',
@@ -1022,7 +1024,7 @@
 'fwhost addgrp' =3D> 'Add new network/host group:',
 'fwhost addgrpname' =3D> 'Group name:',
 'fwhost addhost' =3D> 'Add new host:',
-'fwhost addnet' =3D> 'Add new hetwork:',
+'fwhost addnet' =3D> 'Add new network:',
 'fwhost addrule' =3D> 'Add/edit rule:',
 'fwhost addservice' =3D> 'Add service:',
 'fwhost addservicegrp' =3D> 'Add new service group:',


hooks/post-receive
--
IPFire 2.x development tree

--===============3717807491977322408==--