* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 1da42d53f71991f27603b220e33ac49368410949
@ 2013-10-22 19:10 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-10-22 19:10 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 100148 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 1da42d53f71991f27603b220e33ac49368410949 (commit)
via 4e6ae999c6740a38876fdbf3b2bd6f4f51d23051 (commit)
via 989d0fd7172efa96382a10cb1ee16e608355af29 (commit)
via 4a75efa5a79a81a9f459e9dc113e474cd2e53df6 (commit)
via 2d5447bb1b9eed087c1f18a25c15e9370e62408e (commit)
via 0e43079789de38841b822b591dbff3be8cd37228 (commit)
via 0eadfdad4a4031c28f5811b4b80ceba8865b17a0 (commit)
via 6bcb5ffe56238dc7e4107f3deba8d1b943253250 (commit)
via 93e0855b6f0fbf51bf2ae8a59b74cf713d4e970e (commit)
via 85d6e8a91011d06cf0a913b7c204e522e6a62c77 (commit)
via d8d7dd3bd8aa6b849dd191588e63947aa4444007 (commit)
via ba338177a02f6c95f938c76b886a970ebd977456 (commit)
via d50ef220b67c53688eaf1cc08ff8cd7f4fc4bbf5 (commit)
via 0c7d0c0883fd0fd6ab45fe1657074f9a8d99b562 (commit)
via f18c38312cb4156858fad253f84d66cfe01811da (commit)
via c9493d6c4f307954c7280f5d31c46d6e352b2893 (commit)
via 8777989d464a11f6f538ec22c2463d0c9c18c7ad (commit)
via 86a921ee47cc1bd24ff01139b4867dc577c3e564 (commit)
via fda8c915d66a8cabe813cc05afc1f2d560e74fab (commit)
via 79bb8c75f29a5321692ae0f02b7b2ca3cbe2d94c (commit)
via 769185b58ec52fcc9eaedab5df42b1b25057d0c7 (commit)
via a1e89f481d13a59a38854a3921f3c0d85a26f4dd (commit)
via ec6fd189ee94eb5fb8f969ff71b9ffae9e13a37c (commit)
via a5cb9aca7838837e41f34b5d29c3584f708444f0 (commit)
via bfc84eb1537ff5f495da2e540d9a62867a05ae0c (commit)
from 278280da9606d394ec7c39127ffadc26a5a3d3d0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1da42d53f71991f27603b220e33ac49368410949
Merge: 278280d 4e6ae99
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 21:10:25 2013 +0200
Merge branch 'firewall-fifteen' into fifteen
commit 4e6ae999c6740a38876fdbf3b2bd6f4f51d23051
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 21:09:01 2013 +0200
firewall: Add proper descriptions/translations for NAT.
commit 989d0fd7172efa96382a10cb1ee16e608355af29
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 20:21:33 2013 +0200
firewall: Straighten the format of the rule table.
Lots of markup and code cleanup.
commit 4a75efa5a79a81a9f459e9dc113e474cd2e53df6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 19:08:35 2013 +0200
p2p-block.cgi: Fix coding style.
commit 2d5447bb1b9eed087c1f18a25c15e9370e62408e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 18:58:15 2013 +0200
P2P block: Fix strings.
commit 0e43079789de38841b822b591dbff3be8cd37228
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 18:53:48 2013 +0200
firewall: Cleanup rules reloading.
This has been messed up a lot because there were multiple
files which indicated that a reload is needed; shell commands
were used to create and remove the indicator file; some
functions were duplicated.
commit 0eadfdad4a4031c28f5811b4b80ceba8865b17a0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 17:39:56 2013 +0200
firewall: Predefine value for checkboxes.
It turns out, that this is not good style, but as the
rest of the CGI depends on it, we need to stick with
this.
commit 6bcb5ffe56238dc7e4107f3deba8d1b943253250
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 17:23:23 2013 +0200
firewall: Move NAT port field to the protocol section.
commit 93e0855b6f0fbf51bf2ae8a59b74cf713d4e970e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 16:59:16 2013 +0200
firewall: Fix collapsing the NAT menu.
Also removing a lot of redundant HTML code and invalid
attributes.
commit 85d6e8a91011d06cf0a913b7c204e522e6a62c77
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 22 16:44:43 2013 +0200
firewall: Update the re-read button.
Change to a more meaningful description and remove the
big green box.
commit d8d7dd3bd8aa6b849dd191588e63947aa4444007
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 17 17:58:45 2013 +0200
firewall: Don't show rule activation checkbox when creating a rule.
Almost certainly, the user wants the new rule to be active when
it is created. We should put as few input elements as possible
on the rule creation page.
commit ba338177a02f6c95f938c76b886a970ebd977456
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 17 17:39:43 2013 +0200
Update translations.
commit d50ef220b67c53688eaf1cc08ff8cd7f4fc4bbf5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 17 17:39:12 2013 +0200
firewall: Fix invalid HTML syntax.
commit 0c7d0c0883fd0fd6ab45fe1657074f9a8d99b562
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 17 17:33:46 2013 +0200
firewall: Simplify rule action selection.
Instead of two clicks, this is now changable with only
one click. The color coding should make the decision easier
and warn to not make unwanted configurations.
commit f18c38312cb4156858fad253f84d66cfe01811da
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 17 16:49:07 2013 +0200
firewall: Make time constraints selection collapsable.
commit c9493d6c4f307954c7280f5d31c46d6e352b2893
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Thu Oct 17 14:27:41 2013 +0200
Firewall: Language changes, JQuery code cleanup
commit 8777989d464a11f6f538ec22c2463d0c9c18c7ad
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Thu Oct 17 12:10:34 2013 +0200
Firewall: some languagefile changes
commit 86a921ee47cc1bd24ff01139b4867dc577c3e564
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Thu Oct 17 11:27:48 2013 +0200
Firewall: Some changes in Strings and languagefiles
commit fda8c915d66a8cabe813cc05afc1f2d560e74fab
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 16 14:55:20 2013 +0200
Firewall: Fixed JQuery code for fwhosts. This is BETA2 base
commit 79bb8c75f29a5321692ae0f02b7b2ca3cbe2d94c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 16 14:27:08 2013 +0200
Firewall: completed michaels JQuery code and some language changes. This is BETA2-base
commit 769185b58ec52fcc9eaedab5df42b1b25057d0c7
Merge: a1e89f4 b64c3fc
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 16 14:22:38 2013 +0200
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen
commit a1e89f481d13a59a38854a3921f3c0d85a26f4dd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Oct 15 21:06:32 2013 +0200
firewall: Simplify protocol selection.
Plausibility checks and removed checkboxed need to be made
functional again. Also proper styling is missing.
commit ec6fd189ee94eb5fb8f969ff71b9ffae9e13a37c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 15 15:45:51 2013 +0200
Firewall: Jquery with errors for michael...
commit a5cb9aca7838837e41f34b5d29c3584f708444f0
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Oct 15 12:05:13 2013 +0200
Firewall: Try to clean up JS code part 1
commit bfc84eb1537ff5f495da2e540d9a62867a05ae0c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Wed Oct 9 16:20:54 2013 +0200
Firewall: added JavaScript for services (hide icmp-types when no ICMP selected)
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 19 +
config/forwardfw/rules.pl | 52 +--
doc/language_issues.de | 13 +-
doc/language_issues.en | 13 +-
doc/language_issues.es | 9 +-
doc/language_issues.fr | 9 +-
doc/language_issues.nl | 9 +-
doc/language_issues.pl | 9 +-
doc/language_issues.ru | 9 +-
doc/language_issues.tr | 9 +-
doc/language_missings | 48 +--
html/cgi-bin/forwardfw.cgi | 737 ++++++++++++++++++++++++------------
html/cgi-bin/fwhosts.cgi | 102 +++--
html/cgi-bin/p2p-block.cgi | 146 +++----
langs/de/cgi-bin/de.pl | 27 +-
langs/en/cgi-bin/en.pl | 27 +-
src/misc-progs/forwardfwctrl.c | 11 +-
17 files changed, 745 insertions(+), 504 deletions(-)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index c592d5d..8236f07 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -1137,4 +1137,23 @@ sub write_file_utf8 ($) {
return;
}
+my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/forward/reread";
+
+sub firewall_config_changed() {
+ open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR";
+ close FILE;
+}
+
+sub firewall_needs_reload() {
+ if (-e "$FIREWALL_RELOAD_INDICATOR") {
+ return 1;
+ }
+
+ return 0;
+}
+
+sub firewall_reload() {
+ system("/usr/local/bin/forwardfwctrl");
+}
+
1;
diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl
index fcaade2..f23430f 100755
--- a/config/forwardfw/rules.pl
+++ b/config/forwardfw/rules.pl
@@ -53,16 +53,17 @@ my $configoutgoing = "${General::swroot}/forward/outgoing";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
-my $errormessage='';
-my $orange;
-my $green;
-my $blue;
+my $errormessage = '';
+my $orange = '';
+my $green = '';
+my $blue = '';
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
-my $CHAIN="FORWARDFW";
-my $conexists='off';
-my $command = 'iptables -A';
-my $dnat='';
-my $snat='';
+my $CHAIN = "FORWARDFW";
+my $conexists = 'off';
+my $command = 'iptables -A';
+my $dnat ='';
+my $snat ='';
+
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configfwdfw, \%configfwdfw);
@@ -81,13 +82,13 @@ if (-f "/var/ipfire/red/active"){
open (CONN1,"/var/ipfire/red/local-ipaddress");
my $redip = <CONN1>;
close(CONN1);
-################################
-# DEBUG/TEST #
-################################
+#################
+# DEBUG/TEST #
+#################
my $MODE=0; # 0 - normal operation
- # 1 - print configline and rules to console
- #
-################################
+ # 1 - print configline and rules to console
+ #
+#################
my $param=shift;
if($param eq 'flush'){
@@ -107,7 +108,7 @@ if($param eq 'flush'){
if($MODE eq '0'){
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
&p2pblock;
- system ("/usr/sbin/firewall-policy");
+ system ("/usr/sbin/firewall-policy");
}elsif($fwdfwsettings{'POLICY'} eq 'MODE2'){
&p2pblock;
system ("iptables -A $CHAIN -m conntrack --ctstate NEW -j ACCEPT");
@@ -123,7 +124,7 @@ sub flush
system ("iptables -F OUTGOINGFW");
system ("iptables -t nat -F NAT_DESTINATION");
system ("iptables -t nat -F NAT_SOURCE");
-}
+}
sub preparerules
{
if (! -z "${General::swroot}/forward/config"){
@@ -236,12 +237,12 @@ sub buildrules
if($$hash{$key}[24] ne ''){push (@timeframe,"Sat");}
if($$hash{$key}[25] ne ''){push (@timeframe,"Sun");}
$TIME=join(",",@timeframe);
-
+
$TIMEFROM="--timestart $time1 ";
$TIMETILL="--timestop $time2 ";
$TIME="-m time --weekdays $TIME $TIMEFROM $TIMETILL";
}
- if ($MODE eq '1'){
+ if ($MODE eq '1'){
print "NR:$key ";
foreach my $i (0 .. $#{$$hash{$key}}){
print "$i: $$hash{$key}[$i] ";
@@ -301,7 +302,10 @@ sub buildrules
if ($PROT ne '-p ICMP'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
- }
+ if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
}
}
}
@@ -364,7 +368,11 @@ sub buildrules
if ($PROT ne '-p ICMP'){
system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
- }
+ #PROCESS Prot ICMP and type = All ICMP-Types
+ if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }
+ }
}
}
}
@@ -472,7 +480,7 @@ sub get_address
my $type=shift; #src or tgt
my $hash;
if ($type eq 'src'){
- $hash=\%sourcehash;
+ $hash=\%sourcehash;
}else{
$hash=\%targethash;
}
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 514a2e9..3393acd 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -186,22 +186,15 @@ WARNING: translation string unused: from email pw
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
-WARNING: translation string unused: fwdfw ACCEPT
-WARNING: translation string unused: fwdfw DROP
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
-WARNING: translation string unused: fwdfw REJECT
-WARNING: translation string unused: fwdfw addr grp
-WARNING: translation string unused: fwdfw cust addr
-WARNING: translation string unused: fwdfw cust net
-WARNING: translation string unused: fwdfw err srcovpn
-WARNING: translation string unused: fwdfw err srcport
WARNING: translation string unused: fwdfw err tgt_port
-WARNING: translation string unused: fwdfw err tgtovpn
-WARNING: translation string unused: fwdfw err tgtport
+WARNING: translation string unused: fwdfw external port nat
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
+WARNING: translation string unused: fwdfw man port
WARNING: translation string unused: fwdfw natport used
+WARNING: translation string unused: fwdfw rule action
WARNING: translation string unused: fwdfw rules
WARNING: translation string unused: fwdfw std network
WARNING: translation string unused: fwdfw till
diff --git a/doc/language_issues.en b/doc/language_issues.en
index ef246b4..77e825d 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -209,22 +209,15 @@ WARNING: translation string unused: from email pw
WARNING: translation string unused: from email server
WARNING: translation string unused: from email user
WARNING: translation string unused: from warn email bad
-WARNING: translation string unused: fwdfw ACCEPT
-WARNING: translation string unused: fwdfw DROP
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
-WARNING: translation string unused: fwdfw REJECT
-WARNING: translation string unused: fwdfw addr grp
-WARNING: translation string unused: fwdfw cust addr
-WARNING: translation string unused: fwdfw cust net
-WARNING: translation string unused: fwdfw err srcovpn
-WARNING: translation string unused: fwdfw err srcport
WARNING: translation string unused: fwdfw err tgt_port
-WARNING: translation string unused: fwdfw err tgtovpn
-WARNING: translation string unused: fwdfw err tgtport
+WARNING: translation string unused: fwdfw external port nat
WARNING: translation string unused: fwdfw from
WARNING: translation string unused: fwdfw ipsec network
+WARNING: translation string unused: fwdfw man port
WARNING: translation string unused: fwdfw natport used
+WARNING: translation string unused: fwdfw rule action
WARNING: translation string unused: fwdfw rules
WARNING: translation string unused: fwdfw std network
WARNING: translation string unused: fwdfw till
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 7bf3829..6faff27 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -630,9 +630,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -644,7 +648,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -658,7 +663,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -671,7 +675,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 70f8ecf..96e691e 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -633,9 +633,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -647,7 +651,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -661,7 +666,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -674,7 +678,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index c27610f..142ec4d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -579,9 +579,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -593,7 +597,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -607,7 +612,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -620,7 +624,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 7bf3829..6faff27 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -630,9 +630,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -644,7 +648,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -658,7 +663,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -671,7 +675,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 35cba16..4be5db7 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -616,9 +616,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -630,7 +634,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -644,7 +649,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -657,7 +661,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index f293e6e..5ebf41a 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -576,9 +576,13 @@ WARNING: untranslated string: fw settings color
WARNING: untranslated string: fw settings dropdown
WARNING: untranslated string: fw settings remark
WARNING: untranslated string: fw settings ruletable
+WARNING: untranslated string: fwdfw ACCEPT
+WARNING: untranslated string: fwdfw DROP
+WARNING: untranslated string: fwdfw REJECT
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw addrule
+WARNING: untranslated string: fwdfw all icmp
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
@@ -590,7 +594,8 @@ WARNING: untranslated string: fwdfw err nosrc
WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
WARNING: untranslated string: fwdfw err notgtip
-WARNING: untranslated string: fwdfw err prot
+WARNING: untranslated string: fwdfw err prot_port
+WARNING: untranslated string: fwdfw err prot_port1
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
WARNING: untranslated string: fwdfw err same
@@ -604,7 +609,6 @@ WARNING: untranslated string: fwdfw final_rule
WARNING: untranslated string: fwdfw hint ip1
WARNING: untranslated string: fwdfw hint ip2
WARNING: untranslated string: fwdfw log rule
-WARNING: untranslated string: fwdfw man port
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -617,7 +621,6 @@ WARNING: untranslated string: fwdfw pol text1
WARNING: untranslated string: fwdfw pol title
WARNING: untranslated string: fwdfw red
WARNING: untranslated string: fwdfw reread
-WARNING: untranslated string: fwdfw rule action
WARNING: untranslated string: fwdfw rule activate
WARNING: untranslated string: fwdfw rulepos
WARNING: untranslated string: fwdfw snat
diff --git a/doc/language_missings b/doc/language_missings
index 2dfa5c7..c5f8ac0 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -95,12 +95,10 @@
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
-< fwdfw addr grp
< fwdfw addrule
+< fwdfw all icmp
< fwdfw change
< fwdfw copy
-< fwdfw cust addr
-< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
@@ -111,21 +109,19 @@
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
-< fwdfw err prot
+< fwdfw err prot_port
+< fwdfw err prot_port1
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
-< fwdfw err srcovpn
-< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
-< fwdfw err tgtovpn
-< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
+< fwdfw external port nat
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
@@ -498,12 +494,10 @@
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
-< fwdfw addr grp
< fwdfw addrule
+< fwdfw all icmp
< fwdfw change
< fwdfw copy
-< fwdfw cust addr
-< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
@@ -514,21 +508,19 @@
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
-< fwdfw err prot
+< fwdfw err prot_port
+< fwdfw err prot_port1
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
-< fwdfw err srcovpn
-< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
-< fwdfw err tgtovpn
-< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
+< fwdfw external port nat
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
@@ -885,12 +877,10 @@
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
-< fwdfw addr grp
< fwdfw addrule
+< fwdfw all icmp
< fwdfw change
< fwdfw copy
-< fwdfw cust addr
-< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
@@ -901,21 +891,19 @@
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
-< fwdfw err prot
+< fwdfw err prot_port
+< fwdfw err prot_port1
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
-< fwdfw err srcovpn
-< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
-< fwdfw err tgtovpn
-< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
+< fwdfw external port nat
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
@@ -1261,12 +1249,10 @@
< fwdfw ACCEPT
< fwdfw action
< fwdfw additional
-< fwdfw addr grp
< fwdfw addrule
+< fwdfw all icmp
< fwdfw change
< fwdfw copy
-< fwdfw cust addr
-< fwdfw cust net
< fwdfw delete
< fwdfw dnat
< fwdfw dnat error
@@ -1277,21 +1263,19 @@
< fwdfw err nosrcip
< fwdfw err notgt
< fwdfw err notgtip
-< fwdfw err prot
+< fwdfw err prot_port
+< fwdfw err prot_port1
< fwdfw err remark
< fwdfw err ruleexists
< fwdfw err same
< fwdfw err samesub
< fwdfw err src_addr
-< fwdfw err srcovpn
-< fwdfw err srcport
< fwdfw err tgt_addr
< fwdfw err tgt_grp
< fwdfw err tgt_mac
-< fwdfw err tgtovpn
-< fwdfw err tgtport
< fwdfw err tgt_port
< fwdfw err time
+< fwdfw external port nat
< fwdfw final_rule
< fwdfw from
< fwdfw hint ip1
diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi
index f8f14ad..fbee025 100755
--- a/html/cgi-bin/forwardfw.cgi
+++ b/html/cgi-bin/forwardfw.cgi
@@ -63,6 +63,8 @@ my %aliases=();
my %optionsfw=();
my %ifaces=();
+my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE");
+
my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
@@ -100,60 +102,70 @@ my @protocols;
#### JAVA SCRIPT ####
print<<END;
<script>
+ var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
+
+ var update_protocol = function() {
+ var protocol = \$("#protocol").val();
+
+ if (protocol === undefined)
+ return;
+
+ // Check if a template is/should be used.
+ if (protocol === "template") {
+ \$("#PROTOCOL_TEMPLATE").show();
+ } else {
+ \$("#PROTOCOL_TEMPLATE").hide();
+ }
+
+ // Check if we are dealing with a protocol, that knows ports.
+ if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
+ \$("#PROTOCOL_PORTS").show();
+ } else {
+ \$("#PROTOCOL_PORTS").hide();
+ }
+
+ // Handle ICMP.
+ if (protocol === "ICMP") {
+ \$("#PROTOCOL_ICMP_TYPES").show();
+ } else {
+ \$("#PROTOCOL_ICMP_TYPES").hide();
+ }
+ };
+
\$(document).ready(function() {
+ \$("#protocol").change(update_protocol);
+ update_protocol();
+
+ // When nat not used, hide it
+ if (! \$("#USE_NAT").attr("checked")) {
+ \$(".NAT").hide();
+ }
+
+ // Show NAT area when "use nat" checkbox is clicked
+ \$("#USE_NAT").change(function() {
+ \$(".NAT").toggle();
+ });
+
+ // Time constraints
+ if(!\$("#USE_TIME_CONSTRAINTS").attr("checked")) {
+ \$("#TIME_CONSTRAINTS").hide();
+ }
+ \$("#USE_TIME_CONSTRAINTS").change(function() {
+ \$("#TIME_CONSTRAINTS").toggle();
+ });
+
// Automatically select radio buttons when corresponding
// dropdown menu changes.
\$("select").change(function() {
var id = \$(this).attr("name");
- //When using SNAT or DNAT, check "USE NAT" Checkbox
- if ( id === 'snat' || id === 'dnat') {
+
+ // When using SNAT or DNAT, check "USE NAT" Checkbox
+ if (id === 'snat' || id === 'dnat') {
\$('#USE_NAT').prop('checked', true);
}
\$('#' + id).prop("checked", true);
});
});
-function checkradio(a){
- \$(a).attr('checked', true);
-}
-function toggle_elements( id ) {
- if(document.getElementById(id).style.display== "none")
- {
- document.getElementById(id).style.display='block';
- }
- else{
- document.getElementById(id).style.display='none';
- }
- if(document.getElementById('targetport').style.display== "none" && document.getElementById('PROT').value === 'ICMP' )
- {
- document.getElementById('PROTOKOLL').style.display='block';
- }
- if(document.getElementById('targetport').style.display== "block" && document.getElementById('PROT').value === 'ICMP' )
- {
- document.getElementById('PROTOKOLL').style.display='none';
- }
- return true;
-}
-function hide_elements()
-{
- var elementNames = hide_elements.arguments;
- for (var i=0; i<elementNames.length; i++)
- {
- var elementName = elementNames[i];
- document.getElementById(elementName).style.display='none';
- }
-}
-function getdropdown()
-{
- d = document.getElementById("PROT").value;
- if ( d == 'ICMP' )
- {
- document.getElementById('PROTOKOLL').style.display='block';
- }
- else
- {
- document.getElementById('PROTOKOLL').style.display='none';
- }
-}
</script>
END
@@ -164,6 +176,23 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
&General::readhasharray("$configfwdfw", \%configfwdfw);
&General::readhasharray("$configinput", \%configinputfw);
&General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ #Set Variables according to the JQuery code in protocol section
+ if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
+ {
+ if ($fwdfwsettings{'SRC_PORT'} ne '')
+ {
+ $fwdfwsettings{'USE_SRC_PORT'} = 'ON';
+ }
+ if ($fwdfwsettings{'TGT_PORT'} ne '')
+ {
+ $fwdfwsettings{'USESRV'} = 'ON';
+ $fwdfwsettings{'grp3'} = 'TGT_PORT';
+ }
+ }
+ if ($fwdfwsettings{'PROT'} eq 'template')
+ {
+ $fwdfwsettings{'USESRV'} = 'ON';
+ }
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}
@@ -356,7 +385,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
&newrule;
}else{
if($fwdfwsettings{'nosave2'} ne 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&base;
}
@@ -375,7 +404,7 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'})
}
}
&General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
- &rules;
+ &General::firewall_config_changed();
&base;
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
@@ -388,12 +417,12 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'})
}
}
&General::writehasharray($fwdfwsettings{'config'}, \%togglehash);
- &rules;
+ &General::firewall_config_changed();
&base;
}
if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
{
- &reread_rules;
+ &General::firewall_reload();
&base;
}
if ($fwdfwsettings{'ACTION'} eq 'editrule')
@@ -428,14 +457,32 @@ if ($fwdfwsettings{'ACTION'} eq '' or $fwdfwsettings{'ACTION'} eq 'reset')
sub addrule
{
&error;
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div></td></tr></table></form><br>";
- }
+
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw menu'});
- print "<form method='post'>";
- print "<table border='0'>";
- print "<tr><td><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'></td>";
- print"</tr></table></form><hr>";
+ print <<END;
+ <form method="POST" action="">
+ <table border='0' width="100%">
+ <tr>
+ <td>
+ <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw newrule'}'>
+ </td>
+ <td align="right">
+END
+
+ if (&General::firewall_needs_reload()) {
+ print <<END;
+ <input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-weight: bold; color: green;'>
+END
+ }
+
+ print <<END;
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <hr>
+END
&Header::closebox();
&viewtablerule;
}
@@ -819,7 +866,7 @@ sub checkrule
return;
}
#when icmp selected, no targetport allowed
- if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
+ if (($fwdfwsettings{'PROT'} ne '' && $fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'template') && ($fwdfwsettings{'USESRV'} eq 'ON' || $fwdfwsettings{'USE_SRC_PORT'} eq 'ON')){
$errormessage.=$Lang::tr{'fwdfw err prot_port'};
return;
}
@@ -870,6 +917,12 @@ sub checkrule
$fwdfwsettings{'ICMP_TYPES'}='';
$fwdfwsettings{'USESRV'}='';
$fwdfwsettings{'TGT_PORT'}='';
+ }elsif($fwdfwsettings{'PROT'} eq 'IGMP'){
+ $fwdfwsettings{'USE_SRC_PORT'}='';
+ $fwdfwsettings{'SRC_PORT'}='';
+ $fwdfwsettings{'ICMP_TYPES'}='';
+ $fwdfwsettings{'USESRV'}='';
+ $fwdfwsettings{'TGT_PORT'}='';
}elsif($fwdfwsettings{'PROT'} ne 'TCP' && $fwdfwsettings{'PROT'} ne 'UDP' && $fwdfwsettings{'PROT'} ne 'ICMP'){
$fwdfwsettings{'ICMP_TYPES'}='';
$fwdfwsettings{'PROT'} = '';
@@ -959,7 +1012,7 @@ sub deleterule
delete $delhash{$last_key};
&General::writehasharray($fwdfwsettings{'config'}, \%delhash);
- &rules;
+ &General::firewall_config_changed();
if($fwdfwsettings{'nobase'} ne 'on'){
&base;
@@ -975,7 +1028,7 @@ sub disable_rule
}
}
&General::writehasharray("$configfwdfw", \%configfwdfw);
- &rules;
+ &General::firewall_config_changed();
}
sub dec_counter
{
@@ -1573,10 +1626,10 @@ sub newrule
}
}
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw addrule'});
- print "<form method='post'>";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
#------SOURCE-------------------------------------------------------
+ print "<form method='post'>";
print<<END;
<table width='100%' border='0'>
<tr><td width='1%'><input type='radio' name='grp1' value='src_addr' checked></td><td width='60%'>$Lang::tr{'fwdfw sourceip'}<input type='TEXT' name='src_addr' value='$fwdfwsettings{'src_addr'}' size='16' maxlength='18' ></td><td width='1%'><input type='radio' name='grp1' id='ipfire_src' value='ipfire_src' $checked{'grp1'}{'ipfire_src'}></td><td><b>Firewall</b></td>
@@ -1603,11 +1656,18 @@ END
#---SNAT / DNAT ------------------------------------------------
&Header::openbox('100%', 'left', 'NAT');
print<<END;
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USE_NAT' id='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'} onclick="toggle_elements('natpart')" ></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr></table>
- <div id="natpart" class="noscript">
- <table width=100%' border='0'><tr>
- <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='dnat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
+ <label>
+ <input type='checkbox' name='USE_NAT' id='USE_NAT' value="ON" $checked{'USE_NAT'}{'ON'}>
+ $Lang::tr{'fwdfw use nat'}
+ </label>
+ <div class="NAT">
+ <table width='100%' border='0'>
+ <tr>
+ <td colspan='2'></td>
+ <td width='1%'>
+ <input type='radio' name='nat' id='dnat' value='dnat' checked>
+ </td>
+ <td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
END
print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
@@ -1617,9 +1677,6 @@ END
print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
}
print"</select></td></tr>";
- $fwdfwsettings{'dnatport'}=~ tr/|/,/;
- print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=\"$fwdfwsettings{'dnatport'}\"> </td></tr>";
- print"<tr><td colspan='8'><br></td></tr>";
#SNAT
print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' id='snat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
print"<td width='8%'>Firewall: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
@@ -1637,10 +1694,7 @@ END
print ">$network</option>";
}
print"</select></td></tr></table>";
- print"</div><br><hr>";
- if ($fwdfwsettings{'USE_NAT'} ne 'ON'){
- print"<script language='JavaScript'>hide_elements('natpart');</script>";
- }
+ print"</div>";
&Header::closebox();
#---TARGET------------------------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw target'});
@@ -1669,30 +1723,50 @@ END
&Header::closebox;
#---PROTOCOL------------------------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwhost prot'});
+ #Fix Protocol for JQuery
+ if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp'){
+ $fwdfwsettings{'PROT'} = 'template';
+ }
print<<END;
- <table width='15%' border='0' style="float:left;">
- <tr><td><select name='PROT' id='PROT' onchange="getdropdown()">
+ <div id="prt">
+ <table width='15%' border='0' style="float:left;">
+ <tr>
+ <td>
+ <select name='PROT' id='protocol'>
END
- if ($fwdfwsettings{'PROT'} eq ''){
- print"<option value='' selected>$Lang::tr{'all'}</option>";
- }else{
- print"<option value=''>$Lang::tr{'all'}</option>";
+ print "<option value=\"\"";
+ if ($fwdfwsettings{'PROT'} eq '') {
+ print " selected=\"selected\"";
}
- foreach ("TCP","UDP","GRE","ESP","AH","ICMP")
- {
- if ($_ eq $fwdfwsettings{'PROT'})
- {
- print"<option selected>$_</option>";
- }else{
- print"<option>$_</option>";
+ print ">$Lang::tr{'all'}</option>";
+
+ print "<option value=\"template\"";
+ print " selected=\"selected\"" if ($fwdfwsettings{'grp3'} eq 'cust_srv' || $fwdfwsettings{'grp3'} eq 'cust_srvgrp');
+ print ">- $Lang::tr{'template'} -</option>";
+
+ foreach (@PROTOCOLS) {
+ print"<option value=\"$_\"";
+ if ($_ eq $fwdfwsettings{'PROT'}) {
+ print " selected=\"selected\"";
}
+ print ">$_</option>";
}
- print"</select></td></tr></table>";
print<<END;
- <div id="PROTOKOLL" class="noscript"><table width='30%' border='0' style="float:left;"><tr><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES' style='min-width:230px;'>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="PROTOCOL_ICMP_TYPES">
+ <table width='50%' border='0' style="float:left;">
+ <tr>
+ <td width='20%'>$Lang::tr{'fwhost icmptype'}</td>
+ <td colspan='2'>
+ <select name='ICMP_TYPES' style='min-width:230px;'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
if($fwdfwsettings{'ICMP_TYPES'} eq "$icmptypes{$key}[0]"){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
@@ -1700,47 +1774,88 @@ END
print"<option>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
}
}
- print<<END;
- </select></td></tr>
- </table></div><br><br><br>
-END
- if ($fwdfwsettings{'PROT'} ne 'ICMP'){
- print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>";
- }
- #SOURCEPORT
- print<<END;
- <table width='100%'><tr><td colspan='8'><hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; ' /></td></table>
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USE_SRC_PORT' value='ON' $checked{'USE_SRC_PORT'}{'ON'} onclick="toggle_elements('srcport')"></td>
- <td width='51%' colspan='3'>$Lang::tr{'fwdfw use srcport'}</td></tr></table>
- <div id="srcport" class="noscript"><table width='100%' border='0'><tr>
- <td width='70%' nowrap='nowrap' align='right'>$Lang::tr{'fwdfw man port'}</td>
-END
- $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
- print<<END;
- <td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
- </table></div><br>
+
+ print <<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
END
- if ($fwdfwsettings{'USE_SRC_PORT'} ne 'ON'){
- print"<script language='JavaScript'>hide_elements('srcport');</script>";
+
+ $fwdfwsettings{'SRC_PORT'} =~ s/\|/,/g;
+ $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
+ $fwdfwsettings{'dnatport'} =~ tr/|/,/;
+
+ # The dnatport may be empty, if it matches TGT_PORT
+ if ($fwdfwsettings{'dnatport'} eq $fwdfwsettings{'TGT_PORT'}) {
+ $fwdfwsettings{'dnatport'} = "";
}
- #TARGETPORT
- print<<END;
- <hr style='border:dotted #BFBFBF; border-width:1px 0 0 0 ; '><br>
- <table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USESRV' value='ON' $checked{'USESRV'}{'ON'} onclick="toggle_elements('targetport')"></td><td width='48%'>$Lang::tr{'fwdfw use srv'}</td></tr></table>
- <div id="targetport" class="noscript"><table width='100%' border='0'><tr><td width='80%'></td><td width='1%'><input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td width='1%' colspan='2'><select name='cust_srv' style='min-width:230px;' >
+
+ print <<END;
+
+ <div id="PROTOCOL_PORTS">
+ <table border="0">
+ <tr>
+ <!-- #SOURCEPORT -->
+ <td>
+ $Lang::tr{'fwdfw use srcport'}
+ </td>
+ <td>
+ <input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18'>
+ </td>
+ <td width='10%'>
+ </td>
+
+ <!-- #TARGETPORT -->
+ <td>
+ $Lang::tr{'fwdfw use srv'}
+ </td>
+
+ <td>
+ <input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18'>
+ </td>
+ </tr>
+ <tr class="NAT">
+ <td colspan='3'></td>
+ <td>$Lang::tr{'fwdfw external port nat'}:</td>
+ <td>
+ <input type='text' name='dnatport' value=\"$fwdfwsettings{'dnatport'}\" maxlength='20' size='18'>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="PROTOCOL_TEMPLATE">
+ <table border="0">
+ <tr>
+ <td>
+ <input type='radio' name='grp3' id='cust_srv' value='cust_srv' checked>
+ $Lang::tr{'fwhost cust service'}
+ </td>
+ <td>
+ <select name='cust_srv' style='min-width: 230px;'>
END
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
print"<option ";
print"selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]);
print"value='$customservice{$key}[0]'>$customservice{$key}[0]</option>";
- }
+ }
+
print<<END;
- </select></td></tr>
- <tr><td></td><td><input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}></td><td nowrap='nowrap'>$Lang::tr{'fwhost cust srvgrp'}</td><td colspan='2'><select name='cust_srvgrp' style='min-width:230px;' >
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <input type='radio' name='grp3' id='cust_srvgrp' value='cust_srvgrp' $checked{'grp3'}{'cust_srvgrp'}>
+ $Lang::tr{'fwhost cust srvgrp'}
+ </td>
+ <td>
+ <select name='cust_srvgrp' style='min-width:230px;'>
END
+
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $helper;
foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
@@ -1752,46 +1867,77 @@ END
$helper=$customservicegrp{$key}[0];
}
print<<END;
- </select></td></tr>
- <tr><td></td><td><input type='radio' name='grp3' id='TGT_PORT' value='TGT_PORT' $checked{'grp3'}{'TGT_PORT'}></td><td>$Lang::tr{'fwdfw man port'}</td>
-END
- $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
- print<<END;
- <td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' onclick='checkradio(\"#TGT_PORT\")'></td></tr>
- </table></div><br><hr>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <br><br><br>
END
- if ($fwdfwsettings{'USESRV'} ne 'ON'){
- print"<script language='JavaScript'>hide_elements('targetport');</script>";
+
+ &Header::closebox;
+
+ $checked{"RULE_ACTION"} = ();
+ foreach ("ACCEPT", "DROP", "REJECT") {
+ $checked{"RULE_ACTION"}{$_} = "";
}
- if ($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'PROT'} eq 'ICMP'){
- print"<script language='JavaScript'>hide_elements('PROTOKOLL');</script>";
+
+ if($fwdfwsettings{'updatefwrule'} eq 'on') {
+ $checked{"RULE_ACTION"}{$fwdfwsettings{'RULE_ACTION'}} = "checked";
+ } elsif ($fwdfwsettings{'POLICY'} eq 'MODE1') {
+ $checked{"RULE_ACTION"}{"ACCEPT"} = "checked";
+ } elsif ($fwdfwsettings{'POLICY'} eq 'MODE2') {
+ $checked{"RULE_ACTION"}{"DROP"} = "checked";
}
- &Header::closebox;
+
+ print <<END;
+ <hr><br>
+
+ <center>
+ <table width="80%" border="0">
+ <tr>
+ <td width="33%" align="center" bgcolor="$color{'color17'}">
+ <br>
+ </td>
+ <td width="33%" align="center" bgcolor="$color{'color25'}">
+ <br>
+ </td>
+ <td width="33%" align="center" bgcolor="$color{'color16'}">
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="ACCEPT" $checked{"RULE_ACTION"}{"ACCEPT"}>
+ <strong>$Lang::tr{'fwdfw ACCEPT'}</strong>
+ </label>
+ </td>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="DROP" $checked{"RULE_ACTION"}{"DROP"}>
+ <strong>$Lang::tr{'fwdfw DROP'}</strong>
+ </label>
+ </td>
+ <td width="33%" align="center">
+ <label>
+ <input type="radio" name="RULE_ACTION" value="REJECT" $checked{"RULE_ACTION"}{"REJECT"}>
+ <strong>$Lang::tr{'fwdfw REJECT'}</strong>
+ </label>
+ </td>
+ </tr>
+ </table>
+ </center>
+
+ <br>
+END
+
#---Activate/logging/remark-------------------------------------
&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
print<<END;
<table width='100%' border='0'>
- <tr><td nowrap>$Lang::tr{'fwdfw rule action'}</td><td><select name='RULE_ACTION'>
END
- foreach ("ACCEPT","DROP","REJECT")
- {
- if($fwdfwsettings{'updatefwrule'} eq 'on'){
- print"<option value='$_'";
- print " selected='selected'" if ($fwdfwsettings{'RULE_ACTION'} eq $_);
- print">$Lang::tr{'fwdfw '.$_}</option>";
- }else{
- if($fwdfwsettings{'POLICY'} eq 'MODE2'){
- $fwdfwsettings{'RULE_ACTION'} = 'DROP';
- }
- if ($_ eq $fwdfwsettings{'RULE_ACTION'})
- {
- print"<option value='$_' selected>$Lang::tr{'fwdfw '.$_}</option>";
- }else{
- print"<option value='$_'>$Lang::tr{'fwdfw '.$_}</option>";
- }
- }
- }
- print"</select></td></tr>";
print"<tr><td width='12%'>$Lang::tr{'remark'}:</td><td width='88%' align='left'><input type='text' name='ruleremark' maxlength='255' value='$fwdfwsettings{'ruleremark'}' style='width:99%;'></td></tr>";
if($fwdfwsettings{'updatefwrule'} eq 'on' || $fwdfwsettings{'copyfwrule'} eq 'on'){
print "<tr><td width='12%'>$Lang::tr{'fwdfw rulepos'}:</td><td><select name='rulepos' >";
@@ -1806,58 +1952,97 @@ END
}
print<<END;
- </table><table width='100%'>
- <tr><td width='1%'><input type='checkbox' name='ACTIVE' value='ON' $checked{'ACTIVE'}{'ON'}></td><td>$Lang::tr{'fwdfw rule activate'}</td></tr>
- <tr><td width='1%'><input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'} ></td><td>$Lang::tr{'fwdfw log rule'}</td></tr>
- </table><br><hr>
+ </table>
+ <table width='100%'>
+ <tr>
END
- &Header::closebox();
- #---ADD TIMEFRAME-----------------------------------------------
- &Header::openbox('100%', 'left', $Lang::tr{'fwdfw timeframe'});
- print<<END;
- <table width='70%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='TIME' value='ON' $checked{'TIME'}{'ON'}></td><td colspan='9'>$Lang::tr{'fwdfw timeframe'}</td></tr>
- <tr><td colspan='10'> </td></tr>
- <tr>
- <td align='left' >$Lang::tr{'time'}: </td>
- <td>$Lang::tr{'advproxy monday'}</td><td> $Lang::tr{'advproxy tuesday'} </td><td>$Lang::tr{'advproxy wednesday'}</td><td> $Lang::tr{'advproxy thursday'}</td><td> $Lang::tr{'advproxy friday'}</td><td> $Lang::tr{'advproxy saturday'}</td><td> $Lang::tr{'advproxy sunday'}</td>
- <td width='15%' align='left'>$Lang::tr{'advproxy from'}</td>
- <td width='15%' align='left'>$Lang::tr{'advproxy to'}</td>
- </tr>
- <tr>
- <td align='right'></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td>
- <td width='1%' align='left'><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td>
- <td width='15%' align='left'><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td>
- <td><select name='TIME_FROM'>
+
+ if ($fwdfwsettings{'updatefwrule'} eq 'on') {
+ print <<END;
+ <td>
+ <input type='checkbox' name='ACTIVE' value="ON" $checked{'ACTIVE'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw rule activate'}</td>
+END
+ } else {
+ print <<END;
+ <td colspan="2">
+ <input type="hidden" name="ACTIVE" value="ON">
+ </td>
+END
+ }
+
+ print <<END;
+ </tr>
+ <tr>
+ <td>
+ <input type='checkbox' name='LOG' value='ON' $checked{'LOG'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw log rule'}</td>
+ </tr>
+ <tr>
+ <td width='1%'>
+ <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' $checked{'TIME'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw timeframe'}</td>
+ </tr>
+ <tr id="TIME_CONSTRAINTS">
+ <td colspan="2">
+ <table width="66%" border="0">
+ <tr>
+ <td width="8em"> </td>
+ <td align="center">$Lang::tr{'advproxy monday'}</td>
+ <td align="center">$Lang::tr{'advproxy tuesday'}</td>
+ <td align="center">$Lang::tr{'advproxy wednesday'}</td>
+ <td align="center">$Lang::tr{'advproxy thursday'}</td>
+ <td align="center">$Lang::tr{'advproxy friday'}</td>
+ <td align="center">$Lang::tr{'advproxy saturday'}</td>
+ <td align="center">$Lang::tr{'advproxy sunday'}</td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td width="8em"> </td>
+ <td align="center"><input type='checkbox' name='TIME_MON' value='on' $checked{'TIME_MON'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_TUE' value='on' $checked{'TIME_TUE'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_WED' value='on' $checked{'TIME_WED'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} ></td>
+ <td align="center"><input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} ></td>
+ <td>
+ <select name='TIME_FROM'>
END
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
+ print "<option $selected{'TIME_FROM'}{$time}>$i:$j</option>\n";
}
}
print<<END;
- </select></td>
- <td><select name='TIME_TO'>
+ </select> ‐
+ <select name='TIME_TO'>
END
for (my $i=0;$i<=23;$i++) {
$i = sprintf("%02s",$i);
for (my $j=0;$j<=45;$j+=15) {
$j = sprintf("%02s",$j);
my $time = $i.":".$j;
- print "\t\t\t\t\t<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
+ print "<option $selected{'TIME_TO'}{$time}>$i:$j</option>\n";
}
}
print<<END;
- </select></td></tr></table><br><hr>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ <br><hr>
END
+
#---ACTION------------------------------------------------------
if($fwdfwsettings{'updatefwrule'} ne 'on'){
print<<END;
@@ -1917,7 +2102,7 @@ sub pos_up
}
}
&General::writehasharray($fwdfwsettings{'config'}, \%uphash);
- &rules;
+ &General::firewall_config_changed();
}
sub pos_down
{
@@ -1944,22 +2129,7 @@ sub pos_down
}
}
&General::writehasharray($fwdfwsettings{'config'}, \%downhash);
- &rules;
-}
-sub rules
-{
- if (!-f "${General::swroot}/forward/reread"){
- system("touch ${General::swroot}/forward/reread");
- system("touch ${General::swroot}/fwhosts/reread");
- }
-}
-sub reread_rules
-{
- system("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/forward/reread"){
- system("rm ${General::swroot}/forward/reread");
- system("rm ${General::swroot}/fwhosts/reread");
- }
+ &General::firewall_config_changed();
}
sub saverule
{
@@ -2101,7 +2271,7 @@ sub saverule
$fwdfwsettings{'oldrulenumber'}--;
}
&General::writehasharray("$config", $hash);
- &rules;
+ &General::firewall_config_changed();
}elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){
my %tmp=();
my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'};
@@ -2128,7 +2298,7 @@ sub saverule
$fwdfwsettings{'oldrulenumber'}++;
}
&General::writehasharray("$config", $hash);
- &rules;
+ &General::firewall_config_changed();
}
}
}
@@ -2180,9 +2350,34 @@ sub viewtablenew
my $tooltip;
my @tmpsrc=();
my $coloryellow='';
- print"<b>$title1</b><br>";
- print"<table width='100%' cellspacing='0' cellpadding='0' border='0'>";
- print"<tr><td align='center'><b>#</b></td><td></td><td align='center' width='25'></td><td align='center'><b>$Lang::tr{'fwdfw source'}</b></td><td width='1%'><b>Log</b></td><td align='center'><b>$Lang::tr{'fwdfw target'}</b></td><td align='center' colspan='6' width='1%'><b>$Lang::tr{'fwdfw action'}</b></td></tr>";
+ print <<END;
+ <b>$title1</b>
+ <br>
+
+ <table width='100%' cellspacing='0' border='0'>
+ <tr>
+ <th align='right' width='3%'>
+ #
+ </th>
+ <th width='2%'></th>
+ <th align='center'>
+ <b>$Lang::tr{'protocol'}</b>
+ </th>
+ <th align='center' width='30%'>
+ <b>$Lang::tr{'fwdfw source'}</b>
+ </th>
+ <th align='center'>
+ Log <!-- XXX UNTRANSLATED STRING -->
+ </th>
+ <th align='center' width='30%'>
+ <b>$Lang::tr{'fwdfw target'}</b>
+ </th>
+ <th align='center' colspan='6' width='18%'>
+ <b>$Lang::tr{'fwdfw action'}</b>
+ </th>
+ </tr>
+END
+
foreach my $key (sort {$a <=> $b} keys %$hash){
$tdcolor='';
@tmpsrc=();
@@ -2233,11 +2428,13 @@ sub viewtablenew
$color="$color{'color20'}";
}
}
- print"<tr bgcolor='$color' >";
- #KEY
print<<END;
- <td align='right' width='18'><b>$key </b></td>
+ <tr bgcolor='$color'>
+ <td align='right' width='3%'>
+ <b>$key </b>
+ </td>
END
+
#RULETYPE (A,R,D)
if ($$hash{$key}[0] eq 'ACCEPT'){
$ruletype='A';
@@ -2252,7 +2449,13 @@ END
$tooltip='REJECT';
$rulecolor=$color{'color16'};
}
- print"<td bgcolor='$rulecolor' align='center' width='10'><span title='$tooltip'><b>$ruletype</b></span></td>";
+
+ print <<END;
+ <td bgcolor='$rulecolor' align='center' width='2%'>
+ <span title='$tooltip'> </span>
+ </td>
+END
+
#Get Protocol
my $prot;
if ($$hash{$key}[8]){
@@ -2264,6 +2467,7 @@ END
}else{
push (@protocols,$Lang::tr{'all'});
}
+
my $protz=join(",",@protocols);
if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
@@ -2317,17 +2521,20 @@ END
}
#LOGGING
print<<END;
- </td>
- <td align='left' width='25'><form method='post'><input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
- </form></td>
+ </td>
+ <td align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='$log' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw togglelog'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;'/>
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw togglelog'}' />
+ </form>
+ </td>
END
#TARGET
&getcolor($$hash{$key}[5],$$hash{$key}[6],\%customhost);
print<<END;
- <td align='center' width='160' $tdcolor>
+ <td align='center' $tdcolor>
END
#Is this a DNAT rule?
if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
@@ -2336,7 +2543,7 @@ END
$$hash{$key}[30]=~ tr/|/,/;
print": $$hash{$key}[30]";
}
- print"<br>->";
+ print"<br>->";
}
if ($$hash{$key}[5] eq 'ipfire'){
$ipfireiface='Interface';
@@ -2372,54 +2579,82 @@ END
$gif="/images/off.gif"
}
print<<END;
- <td width='25'><form method='post'><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
- </form></td>
- <td width='25' ><form method='post'><input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='editrule' />
- </form></td>
- <td width='25'><form method='post'><input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='copyrule' />
- </form></td>
- <td width='25' ><form method='post'><input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='deleterule' />
- </form></td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'fwdfw toggle'}' />
+ </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'fwdfw edit'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='editrule' />
+ </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/addblue.gif' alt='$Lang::tr{'fwdfw copy'}' title='$Lang::tr{'fwdfw copy'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='copyrule' />
+ </form>
+ </td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'fwdfw delete'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='deleterule' />
+ </form>
+ </td>
END
if (exists $$hash{$key-1}){
print<<END;
- <td width='25'><form method='post'><input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='moveup' />
- </form></td>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/up.gif' alt='$Lang::tr{'fwdfw moveup'}' title='$Lang::tr{'fwdfw moveup'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='moveup' />
+ </form>
+ </td>
END
}else{
- print"<td width='25'><input type='image' img src='/images/up.gif' style='visibility:hidden;'></td>";
+ print"<td width='3%'></td>";
}
+
if (exists $$hash{$key+1}){
print<<END;
- <td width='25' ><form method='post'><input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
- <input type='hidden' name='key' value='$key' />
- <input type='hidden' name='config' value='$config' />
- <input type='hidden' name='ACTION' value='movedown' />
- </form></td></tr>
+ <td width='3%' align='center'>
+ <form method='POST' action=''>
+ <input type='image' img src='/images/down.gif' alt='$Lang::tr{'fwdfw movedown'}' title='$Lang::tr{'fwdfw movedown'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' />
+ <input type='hidden' name='key' value='$key' />
+ <input type='hidden' name='config' value='$config' />
+ <input type='hidden' name='ACTION' value='movedown' />
+ </form>
+ </td>
+ </tr>
END
}else{
- print"<td width='25'><input type='image' img src='/images/down.gif' style='visibility:hidden;'></td></tr>";
+ print"<td width='3%'></td></tr>";
}
#REMARK
if ($optionsfw{'SHOWREMARK'} eq 'on' && $$hash{$key}[16] ne ''){
- print"<tr bgcolor='$color'>";
- print"<td> </td><td bgcolor='$rulecolor'></td><td colspan='10'> $$hash{$key}[16]</td></tr>";
+ print <<END;
+ <tr bgcolor='$color'>
+ <td> </td>
+ <td bgcolor='$rulecolor'></td>
+ <td colspan='10'>
+ <em>$$hash{$key}[16]</em>
+ </td>
+ </tr>
+END
}
+
if ($$hash{$key}[18] eq 'ON'){
#TIMEFRAME
if ($$hash{$key}[18] eq 'ON'){
@@ -2434,7 +2669,7 @@ END
my $weekdays=join(",",@days);
if (@days){
print"<tr bgcolor='$color'>";
- print"<td> </td><td bgcolor='$rulecolor'></td><td align='left' colspan='10'> $weekdays $$hash{$key}[26] - $$hash{$key}[27] </td></tr>";
+ print"<td> </td><td bgcolor='$rulecolor'></td><td align='left' colspan='10'> $weekdays $$hash{$key}[26] - $$hash{$key}[27]</td></tr>";
}
}
}
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 90a5594..ebd1fdc 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -88,27 +88,32 @@ unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
#### JAVA SCRIPT ####
print<<END;
<script>
+ var PROTOCOLS_WITH_PORTS = ["TCP", "UDP"];
+ var update_protocol = function() {
+ var protocol = \$("#protocol").val();
+
+ if (protocol === undefined)
+ return;
+
+ // Check if we are dealing with a protocol, that knows ports.
+ if (\$.inArray(protocol, PROTOCOLS_WITH_PORTS) >= 0) {
+ \$("#PORT").show();
+ \$("#PROTOKOLL").hide();
+ } else {
+ \$("#PORT").hide();
+ \$("#PROTOKOLL").show();
+ }
+ };
+
\$(document).ready(function() {
- // Automatically select radio buttons when corresponding
- // dropdown menu changes.
- \$("select").change(function() {
- var id = \$(this).attr("name");
- //When using SNAT or DNAT, check "USE NAT" Checkbox
- if ( id === 'snat' || id === 'dnat') {
- \$('#USE_NAT').prop('checked', true);
- }
- \$('#' + id).prop("checked", true);
- });
+ var protocol = \$("#protocol").val();
+ \$("#protocol").change(update_protocol);
+ update_protocol();
});
</script>
END
## ACTION ####
-if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &reread_rules;
- &showmenu;
-}
# Update
if ($fwhostsettings{'ACTION'} eq 'updatenet' )
{
@@ -244,7 +249,7 @@ if ($fwhostsettings{'ACTION'} eq 'updateservice')
}
$fwhostsettings{'updatesrv'} = '';
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addservice;
}
@@ -406,7 +411,7 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
$fwhostsettings{'NETREMARK'}='';
#check if an edited net affected groups and need to reload rules
if ($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addnet;
&viewtablenet;
@@ -542,7 +547,7 @@ if ($fwhostsettings{'ACTION'} eq 'savehost')
$fwhostsettings{'HOSTREMARK'}='';
#check if we need to update rules while host was edited
if($needrules eq 'on'){
- &rules;
+ &General::firewall_config_changed();
}
&addhost;
&viewtablehost;
@@ -717,7 +722,7 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
#check if ruleupdate is needed
if($count > 0 )
{
- &rules;
+ &General::firewall_config_changed();
}
&addgrp;
&viewtablegrp;
@@ -735,7 +740,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservice')
}
}
}
- if($ICMP eq ''){$ICMP='BLANK';}
+ if($ICMP eq ''){$ICMP=$fwhostsettings{'ICMP_TYPES'};}
if (!$errormessage){
my $key = &General::findhasharraykey (\%customservice);
foreach my $i (0 .. 4) { $customservice{$key}[$i] = "";}
@@ -819,7 +824,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
$fwhostsettings{'updatesrvgrp'}='on';
}
if ($count gt 0){
- &rules;
+ &General::firewall_config_changed();
}
&addservicegrp;
&viewtableservicegrp;
@@ -934,7 +939,9 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
}
}
&General::writehasharray("$configgrp", \%customgrp);
- if ($fwhostsettings{'grpcnt'} > 0){&rules;}
+ if ($fwhostsettings{'grpcnt'} > 0){
+ &General::firewall_config_changed();
+ }
if ($fwhostsettings{'update'} eq 'on'){
$fwhostsettings{'remark'}= $grpremark;
$fwhostsettings{'grp_name'}=$grpname;
@@ -1013,7 +1020,7 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
}
}
&General::writehasharray("$configsrvgrp", \%customservicegrp);
- &rules;
+ &General::firewall_config_changed();
if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
$fwhostsettings{'SRVGRP_NAME'}=$grpname;
$fwhostsettings{'SRVGRP_REMARK'}=$grpremark;
@@ -1102,11 +1109,7 @@ if($fwhostsettings{'ACTION'} eq '')
&showmenu;
}
### FUNCTIONS ###
-sub showmenu
-{
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</td></tr></table></form><br>";
- }
+sub showmenu {
&Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'});
print "$Lang::tr{'fwhost welcome'}";
print<<END;
@@ -1306,7 +1309,7 @@ sub addservice
print<<END;
<table width='100%' border='0'><form method='post'>
<tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost srv_name'}:</td><td><input type='text' name='SRV_NAME' id='textbox1' value='$fwhostsettings{'SRV_NAME'}' size='24'><script>document.getElementById('textbox1').focus()</script></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT'>
+ <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost prot'}:</td><td><select name='PROT' id='protocol' >
END
foreach ("TCP","UDP","ICMP")
{
@@ -1318,11 +1321,11 @@ END
}
}
print<<END;
- </select></td></tr>
- <tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
+ </select></td></tr></table>
+ <div id='PROTOKOLL' class='noscript'><table width=100%' border='0'><tr><td width='10%' nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
- print"<option>All ICMP-Types</option>";
+ print"<option value='All ICMP-Types'>$Lang::tr{'fwdfw all icmp'}</option>";
foreach my $key (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
if ($icmptypes{$key}[0] eq $fwhostsettings{'oldsrvicmp'}){
print"<option selected>$icmptypes{$key}[0] ($icmptypes{$key}[1])</option>";
@@ -1331,9 +1334,9 @@ END
}
}
print<<END;
- </select></td></tr>
- <tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr>
- <tr><td colspan='6'><br><hr></td></tr>
+ </select></td></tr></table></div>
+ <div id='PORT' class='noscript'><table width='100%' border='0'><tr><td width='10%'>$Lang::tr{'fwhost port'}:</td><td><input type='text' name='SRV_PORT' value='$fwhostsettings{'SRV_PORT'}' maxlength='11' size='24'></td></tr></table></div>
+ <table width='100%' border='0'><tr><td colspan='6'><br><hr></td></tr>
<tr><td colspan='6' align='right'>
END
if ($fwhostsettings{'updatesrv'} eq 'on')
@@ -1347,15 +1350,12 @@ END
<input type='hidden' name='oldsrvicmp' value='$fwhostsettings{'oldsrvicmp'}'>
</form>
END
-
- }else{
+ }else{
print"<input type='submit' value='$Lang::tr{'save'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='saveservice'></form>";
}
print<<END;
<form style='display:inline;' method='post'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'></form></td></tr>
</table></form>
-
-
END
&Header::closebox();
&viewtableservice;
@@ -1658,8 +1658,8 @@ END
print<<END;
<td>$customservice{$key}[0]</td><td align='center'>$customservice{$key}[2]</td><td align='center'>$customservice{$key}[1]</td><td align='center'>
END
- if($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
-
+ if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
+ elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
print<<END;
</td><td align='center'>$customservice{$key}[4]x</td>
<td width='1%'><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /><input type='hidden' name='ACTION' value='editservice' />
@@ -2073,24 +2073,8 @@ sub getipforgroup
}
}
}
-sub rules
-{
- if (!-f "${General::swroot}/fwhosts/reread"){
- system("touch ${General::swroot}/fwhosts/reread");
- system("touch ${General::swroot}/forward/reread");
- }
-}
-sub reread_rules
-{
- system ("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/fwhosts/reread"){
- system("rm ${General::swroot}/fwhosts/reread");
- system("rm ${General::swroot}/forward/reread");
- }
-
-}
-sub decrease
-{
+
+sub decrease {
my $grp=$_[0];
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
index cfca542..bb0d0ae 100755
--- a/html/cgi-bin/p2p-block.cgi
+++ b/html/cgi-bin/p2p-block.cgi
@@ -31,104 +31,112 @@ require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
-my $errormessage='';
-my $p2pfile = "${General::swroot}/forward/p2protocols";
+my $errormessage = '';
+my $p2pfile = "${General::swroot}/forward/p2protocols";
my @p2ps = ();
-my %fwdfwsettings=();
-my %color=();
-my %mainsettings=();
+my %fwdfwsettings = ();
+my %color = ();
+my %mainsettings = ();
-&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-
&Header::showhttpheaders();
&Header::getcgihash(\%fwdfwsettings);
-&Header::openpage($Lang::tr{'fwdfw menu'}, 1, '');
-&Header::openbigbox('100%', 'center',$errormessage);
+&Header::openpage($Lang::tr{'p2p block'}, 1, '');
+&Header::openbigbox('100%', 'center', $errormessage);
-if ($fwdfwsettings{'ACTION'} eq ''){
-&p2pblock;
-}
-if ($fwdfwsettings{'ACTION'} eq 'togglep2p')
-{
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
+ open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
- open( FILE, "> $p2pfile" ) or die "Unable to write $p2pfile";
- foreach my $p2pentry (sort @p2ps)
- {
- my @p2pline = split( /\;/, $p2pentry );
+ open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";
+ foreach my $p2pentry (sort @p2ps) {
+ my @p2pline = split( /\;/, $p2pentry);
if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
- if($p2pline[2] eq 'on'){
- $p2pline[2]='off';
- }else{
- $p2pline[2]='on';
+ if ($p2pline[2] eq 'on') {
+ $p2pline[2] = 'off';
+ } else {
+ $p2pline[2] = 'on';
}
}
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}
close FILE;
- &rules;
- &p2pblock;
-}
-if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'})
-{
- &reread_rules;
- &p2pblock;
-}
+ &General::firewall_config_changed();
+ &p2pblock();
+} else {
+ &p2pblock();
+}
-sub p2pblock
-{
- if (-f "${General::swroot}/forward/reread"){
- print "<table border='1' rules='groups' bgcolor='lightgreen' width='100%'><form method='post'><td><div style='font-size:11pt; font-weight: bold;vertical-align: middle; '><input type='submit' name='ACTION' value='$Lang::tr{'fwdfw reread'}' style='font-face: Comic Sans MS; color: green; font-weight: bold; font-size: 14pt;'>    $Lang::tr{'fwhost reread'}</div></td></tr></table></form><br>";
- }
+sub p2pblock {
my $gif;
- open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
+
+ open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
@p2ps = <FILE>;
close FILE;
- &Header::openbox('100%', 'center', 'P2P-Block');
+
+ &Header::openbox('100%', 'center', $Lang::tr{'p2p block'});
print <<END;
- <table width='35%' border='0'>
- <tr bgcolor='$color{'color22'}'><td align=center colspan='2' ><b>$Lang::tr{'protocol'}</b></td><td align='center'><b>$Lang::tr{'status'}</b></td></tr>
+ <table width='35%' border='0'>
+ <tr bgcolor='$color{'color22'}'>
+ <td align=center colspan='2' >
+ <b>$Lang::tr{'protocol'}</b>
+ </td>
+ <td align='center'>
+ <b>$Lang::tr{'status'}</b>
+ </td>
+ </tr>
END
- foreach my $p2pentry (sort @p2ps)
- {
- my @p2pline = split( /\;/, $p2pentry );
- if($p2pline[2] eq 'on'){
- $gif="/images/on.gif"
- }else{
- $gif="/images/off.gif"
+
+ foreach my $p2pentry (sort @p2ps) {
+ my @p2pline = split( /\;/, $p2pentry);
+ if ($p2pline[2] eq 'on') {
+ $gif = "/images/on.gif"
+ } else {
+ $gif = "/images/off.gif"
}
+
print <<END;
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <tr bgcolor='$color{'color20'}'>
- <td align='center' colspan='2' >$p2pline[0]:</td><td align='center'><input type='hidden' name='P2PROT' value='$p2pline[1]' /><input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;' ><input type='hidden' name='ACTION' value='togglep2p'></td></tr></form>
+ <tr bgcolor='$color{'color20'}'>
+ <td align='center' colspan='2'>
+ $p2pline[0]:
+ </td>
+ <td align='center'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='P2PROT' value='$p2pline[1]'>
+ <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
+ <input type='hidden' name='ACTION' value='togglep2p'>
+ </form>
+ </td>
+ </tr>
END
}
- print"<tr><td><img src='/images/on.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p allow'}</td></tr>";
- print"<tr><td><img src='/images/off.gif'></td><td align='left'>$Lang::tr{'outgoing firewall p2p deny'}</td></tr></table>";
- print"<br><br><br><table width='100%'><tr><td align='left'>$Lang::tr{'fwdfw p2p txt'}</td></tr></table>";
+
+ print <<END;
+ <tr>
+ <td>
+ <img src='/images/on.gif'>
+ </td>
+ <td>
+ $Lang::tr{'outgoing firewall p2p allow'}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <img src='/images/off.gif'>
+ </td>
+ <td>
+ $Lang::tr{'outgoing firewall p2p deny'}
+ </td>
+ </tr>
+ </table>
+END
+
&Header::closebox();
}
-sub rules
-{
- if (!-f "${General::swroot}/forward/reread"){
- system("touch ${General::swroot}/forward/reread");
- system("touch ${General::swroot}/fwhosts/reread");
- }
-}
-sub reread_rules
-{
- system("/usr/local/bin/forwardfwctrl");
- if ( -f "${General::swroot}/forward/reread"){
- system("rm ${General::swroot}/forward/reread");
- system("rm ${General::swroot}/fwhosts/reread");
- }
-}
+
&Header::closebigbox();
&Header::closepage();
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index a894ba0..ce48d69 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -919,14 +919,12 @@
'fwdfw REJECT' => 'Verweigern (REJECT)',
'fwdfw action' => 'Aktion',
'fwdfw additional' => 'Weitere Einstellungen',
-'fwdfw addr grp' => 'Adressgruppen:',
'fwdfw addrule' => 'Regel hinzufügen/ändern:',
+'fwdfw all icmp' => 'Alle ICMP-Typen',
'fwdfw change' => 'Aktualisieren',
'fwdfw copy' => 'Kopieren',
-'fwdfw cust addr' => 'Custom Adressen:',
-'fwdfw cust net' => 'Custom Netzwerke:',
'fwdfw delete' => 'Löschen',
-'fwdfw dnat' => 'DNAT/Port-Weiterleitung',
+'fwdfw dnat' => 'Destination-NAT (Port-Weiterleitung)',
'fwdfw dnat error' => 'Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
'fwdfw dnat porterr' => 'Für NAT-Regeln muss ein einzelner Port oder Portbereich angegeben werden',
'fwdfw edit' => 'Bearbeiten',
@@ -934,7 +932,6 @@
'fwdfw err nosrcip' => 'Bitte Quell-IP-Adresse angeben',
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
-'fwdfw err prot' => 'Quell- und Zielprotokoll müssen identisch sein',
'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt',
'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.',
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
@@ -942,15 +939,12 @@
'fwdfw err same' => 'Quelle und Ziel sind identisch',
'fwdfw err samesub' => 'Quell- und Ziel-IP-Adresse befinden sich im selben Subnetz',
'fwdfw err src_addr' => 'Quell-MAC/IP-Adresse ungültig',
-'fwdfw err srcovpn' => 'Die gewählte Quell-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
-'fwdfw err srcport' => 'Bitte Quellport angeben',
'fwdfw err tgt_addr' => 'Ungültige Ziel-IP-Adresse',
'fwdfw err tgt_grp' => 'Die Ziel-Dienstgruppe ist leer',
'fwdfw err tgt_mac' => 'MAC-Adressen können nicht als Ziel defininert werden',
'fwdfw err tgt_port' => 'Ungültiger Zielport',
-'fwdfw err tgtovpn' => 'Die gewählte Ziel-IP-Adresse wird bereits von einem OpenVPN-Client genutzt. Bitte wählen Sie die passende Verbindung direkt aus.',
-'fwdfw err tgtport' => 'Bitte Zielport angeben',
'fwdfw err time' => 'Es muss mindestens ein Tag ausgewählt werden',
+'fwdfw external port nat' => 'Externer Port (NAT)',
'fwdfw final_rule' => 'Letzte Regel: ',
'fwdfw from' => 'Von:',
'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
@@ -970,12 +964,12 @@
'fwdfw pol text1' => 'Firewall-Standardverhalten für von der Firewall selbst initiierte Verbindungen.',
'fwdfw pol title' => 'Standardverhalten der Firewall',
'fwdfw red' => 'ROT',
-'fwdfw reread' => 'Übernehmen',
+'fwdfw reread' => 'Änderungen übernehmen',
'fwdfw rule action' => 'Regelaktion:',
'fwdfw rule activate' => 'Regel aktivieren',
'fwdfw rulepos' => 'Regelposition',
'fwdfw rules' => 'Regeln',
-'fwdfw snat' => 'SNAT (ersetzt die Quell-IP-Adresse mit der hier konfigurierten)',
+'fwdfw snat' => 'Source-NAT',
'fwdfw source' => 'Quelle',
'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
@@ -986,9 +980,9 @@
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw toggle' => 'Aktivieren oder deaktivieren',
'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
-'fwdfw use nat' => 'NAT benutzen',
-'fwdfw use srcport' => 'Quellport benutzen',
-'fwdfw use srv' => 'Zielport benutzen',
+'fwdfw use nat' => 'Network Address Translation (NAT) benutzen',
+'fwdfw use srcport' => 'Quellport:',
+'fwdfw use srv' => 'Zielport:',
'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
'fwdfw wd_fri' => 'Fr',
'fwdfw wd_mon' => 'Mo',
@@ -1562,8 +1556,8 @@
'outgoing firewall mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.',
'outgoing firewall mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.',
'outgoing firewall outgoing firewall reserved groupname' => 'Bitte einen anderen Gruppennamen verwenden, dieser ist ein reserviertes Wort.',
-'outgoing firewall p2p allow' => 'P2P-Protokoll ist erlaubt!',
-'outgoing firewall p2p deny' => 'P2P-Protokoll ist gesperrt!',
+'outgoing firewall p2p allow' => 'P2P-Protokollnutzung ist erlaubt',
+'outgoing firewall p2p deny' => 'P2P-Protokollnutzung ist gesperrt',
'outgoing firewall p2p description 1' => 'Das Symbol',
'outgoing firewall p2p description 2' => 'bedeutet, dass das P2P-Protokoll erlaubt wird oder',
'outgoing firewall p2p description 3' => 'das P2P-Protokoll gesperrt wird.',
@@ -1612,6 +1606,7 @@
'ovpn_processprioVH' => 'Sehr Hoch',
'ovpnstatus log' => 'OVPN-Status-Log',
'ovpnsys log' => 'OVPN-System-Log',
+'p2p block' => 'P2P-Block',
'package failed to install' => 'Programmpaket konnte nicht installiert werden.',
'pagerefresh' => 'Seite wird aktualisiert. Bitte warten.',
'pakfire accept all' => 'Möchten Sie der Installation aller Pakete zustimmen?',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 9eb9a83..c3e4c3e 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -944,14 +944,12 @@
'fwdfw REJECT' => 'REJECT',
'fwdfw action' => 'Action',
'fwdfw additional' => 'Additional settings',
-'fwdfw addr grp' => 'Adress groups:',
'fwdfw addrule' => 'Add/Edit rule:',
+'fwdfw all icmp' => 'All ICMP types',
'fwdfw change' => 'Update',
'fwdfw copy' => 'Copy',
-'fwdfw cust addr' => 'Custom addresses:',
-'fwdfw cust net' => 'Custom networks:',
'fwdfw delete' => 'Delete',
-'fwdfw dnat' => 'Port forwarding/Destination NAT',
+'fwdfw dnat' => 'Destination NAT (Port forwarding)',
'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
'fwdfw edit' => 'Edit',
@@ -959,7 +957,6 @@
'fwdfw err nosrcip' => 'Please provide a source IP address.',
'fwdfw err notgt' => 'No destination selected.',
'fwdfw err notgtip' => 'Please provide a destination IP address.',
-'fwdfw err prot' => 'Source and destination protocol need to match.',
'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol',
'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol',
'fwdfw err remark' => 'Invalid characters in remark.',
@@ -967,15 +964,12 @@
'fwdfw err same' => 'Source and destination are identical.',
'fwdfw err samesub' => 'Source and destination IP addresses are from the same subnet.',
'fwdfw err src_addr' => 'Invalid source MAC/IP address.',
-'fwdfw err srcovpn' => 'The entered source IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
-'fwdfw err srcport' => 'Please provide a source port.',
'fwdfw err tgt_addr' => 'Invalid destination IP address.',
'fwdfw err tgt_grp' => 'The destination service group is empty',
'fwdfw err tgt_mac' => 'A MAC addresses cannot be used as destination.',
'fwdfw err tgt_port' => 'Invalid destination port.',
-'fwdfw err tgtovpn' => 'The entered destination IP address is used by an OpenVPN client. Please use the dropdown menu and select the right client connection.',
-'fwdfw err tgtport' => 'Please provide a destination port.',
'fwdfw err time' => 'You have to select at least one day.',
+'fwdfw external port nat' => 'External port (NAT)',
'fwdfw final_rule' => 'Last rule: ',
'fwdfw from' => 'From:',
'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
@@ -995,12 +989,12 @@
'fwdfw pol text1' => 'Sets the default firewall behaviour for connections initiated by the firewall itself. Attention! You may lock yourself out.',
'fwdfw pol title' => 'Default firewall behaviour',
'fwdfw red' => 'RED',
-'fwdfw reread' => 'Apply',
+'fwdfw reread' => 'Apply changes',
'fwdfw rule action' => 'Rule action:',
'fwdfw rule activate' => 'Activate rule',
'fwdfw rulepos' => 'Rule position',
'fwdfw rules' => 'Rules',
-'fwdfw snat' => 'SNAT (replace the source\'s IP address by this IP address)',
+'fwdfw snat' => 'Source NAT',
'fwdfw source' => 'Source',
'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
'fwdfw std network' => 'Standard networks:',
@@ -1011,9 +1005,9 @@
'fwdfw timeframe' => 'Use time constraints',
'fwdfw toggle' => 'Activate or deactivate',
'fwdfw togglelog' => 'Activate or deactivate logging',
-'fwdfw use nat' => 'Use NAT',
-'fwdfw use srcport' => 'Use source port',
-'fwdfw use srv' => 'Use destination port',
+'fwdfw use nat' => 'Use Network Address Translation (NAT)',
+'fwdfw use srcport' => 'Source port:',
+'fwdfw use srv' => 'Destination port:',
'fwdfw useless rule' => 'This rule is useless.',
'fwdfw wd_fri' => 'Fri',
'fwdfw wd_mon' => 'Mon',
@@ -1591,8 +1585,8 @@
'outgoing firewall mode1' => 'Using this mode, only connections based on the defined rules are allowed.',
'outgoing firewall mode2' => 'Using this mode, all connections are allowed despited off the defined ones.',
'outgoing firewall outgoing firewall reserved groupname' => 'Please use another group name, this name is reserved.',
-'outgoing firewall p2p allow' => 'p2p protocol is allowed',
-'outgoing firewall p2p deny' => 'p2p protocol is denied',
+'outgoing firewall p2p allow' => 'Using the P2P protocol is allowed',
+'outgoing firewall p2p deny' => 'Using the P2P protocol is forbidden',
'outgoing firewall p2p description 1' => 'The button',
'outgoing firewall p2p description 2' => 'means that the p2p protocol is allowed or',
'outgoing firewall p2p description 3' => 'that the p2p protocol is denied.',
@@ -1641,6 +1635,7 @@
'ovpn_processprioVH' => 'Very high',
'ovpnstatus log' => 'OVPN-Status-Log',
'ovpnsys log' => 'OVPN-System-Log',
+'p2p block' => 'P2P block',
'package failed to install' => 'Package failed to install.',
'pagerefresh' => 'Page is beeing refreshed, please wait.',
'pakfire accept all' => 'Do you want to install all packages?',
diff --git a/src/misc-progs/forwardfwctrl.c b/src/misc-progs/forwardfwctrl.c
index 797d27a..9f3f28e 100644
--- a/src/misc-progs/forwardfwctrl.c
+++ b/src/misc-progs/forwardfwctrl.c
@@ -5,12 +5,21 @@
*
*/
+#include <unistd.h>
+
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
- safe_system("/var/ipfire/forward/bin/rules.pl");
+ int retval = safe_system("/var/ipfire/forward/bin/rules.pl");
+
+ /* If rules.pl has been successfully executed, the indicator
+ * file is removed. */
+ if (retval == 0) {
+ unlink("/var/ipfire/forward/reread");
+ }
+
return 0;
}
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-10-22 19:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-22 19:10 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 1da42d53f71991f27603b220e33ac49368410949 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox