* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c
@ 2013-12-05 14:53 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-12-05 14:53 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 12637 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c (commit)
via 0c733ab7502e5eb10e5ecbd4f9ad4196670fe175 (commit)
via 2be048cedc75c8e09233a819d3eae5107a4ab452 (commit)
via 02cb636c8b0abfeb8805d058e29d1a3f8d53ce9a (commit)
via 5558ca2a9614c8d4393dc9287e4c0e7f7f014a95 (commit)
via cdb3536bc82e410b4678a4740c198ecf74ec8bd3 (commit)
from 09efb767f43718512311357a5634d00c8ad8c32e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Thu Dec 5 15:51:15 2013 +0100
Firewall: forgot to delete a development test string
commit 0c733ab7502e5eb10e5ecbd4f9ad4196670fe175
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Dec 2 07:56:01 2013 +0100
Firewall: Bugfix: Fixed wrong language strings in outgoing FW rules when using std networks or ipfire
commit 2be048cedc75c8e09233a819d3eae5107a4ab452
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Nov 29 13:41:57 2013 +0100
Firewall: FIxed wrong language strings in outgoing Firewall
commit 02cb636c8b0abfeb8805d058e29d1a3f8d53ce9a
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Nov 26 13:34:08 2013 +0100
Firewall: Fixes commit http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commitdiff;h=e19a36c4a09ea417ce9d577c262f17242eec4a31
Now all "active" Strings from all languagefiles are checked against the old rule to find out if logging is enabled
Conflicts:
config/firewall/convert-outgoingfw
commit 5558ca2a9614c8d4393dc9287e4c0e7f7f014a95
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Nov 26 13:02:08 2013 +0100
Firewall: fixes commit http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commitdiff;h=1ed4b214d785ad0538b0a864f43babccd55475b1
Conflicts:
html/cgi-bin/firewall.cgi
commit cdb3536bc82e410b4678a4740c198ecf74ec8bd3
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Nov 26 11:45:05 2013 +0100
Firewall: BUGFIX: RUles.pl did not create LOGGING rules properly.
-----------------------------------------------------------------------
Summary of changes:
config/firewall/convert-outgoingfw | 8 +++++++-
config/firewall/rules.pl | 33 +++++++++++++++++++++++++--------
html/cgi-bin/firewall.cgi | 19 +++++++++++--------
langs/de/cgi-bin/de.pl | 2 +-
4 files changed, 44 insertions(+), 18 deletions(-)
Difference in files:
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw
index 0d7f7d3..d7722f4 100755
--- a/config/firewall/convert-outgoingfw
+++ b/config/firewall/convert-outgoingfw
@@ -62,6 +62,7 @@ my %fwconfigout=();
my %fwdsettings=();
my %ownnet=();
my %ovpnSettings = ();
+my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', 'Активен', 'Aktif');
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
&General::readhash($outfwsettings,\%outsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
@@ -382,7 +383,12 @@ sub process_rules
$configline[4] =~ s/,/;/g;
$remark = $configline[4];
}else{$remark = '';}
- if($configline[9] eq 'Active'){ $log='ON';}else{$log='';}
+ #find all "active" tags in all language files and check them against the old config
+ my $logging='0';
+ foreach (@active){
+ $logging='1' if ($_ eq $configline[9]);
+ }
+ if($logging eq '1' ){ $log='ON';}else{$log='';}
if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
$time='';
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f1584f3..c54a2eb 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -259,6 +259,7 @@ sub buildrules
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
if($DPROT ne ''){
if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
+ #Process ICMP RULE
if(substr($DPORT, 2, 4) eq 'icmp'){
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
@@ -272,10 +273,11 @@ sub buildrules
}
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]\n";
}
+ #PROCESS DNAT RULE (Portforward)
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
$natchain='NAT_DESTINATION';
if ($$hash{$key}[17] eq 'ON'){
- print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
#Process NAT with servicegroup used
@@ -298,17 +300,26 @@ sub buildrules
}
print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
next;
+ #PROCESS SNAT RULE
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
$natchain='NAT_SOURCE';
+ if ($$hash{$key}[17] eq 'ON' ){
+ print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT' \n";
+ }
print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
}
- if ($$hash{$key}[17] eq 'ON' ){
- print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
- }
+ #PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
if ($PROT ne '-p ICMP'){
+ if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
+ #PROCESS Prot ICMP and type = All ICMP-Types
if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
}
@@ -345,7 +356,7 @@ sub buildrules
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
$natchain='NAT_DESTINATION';
if ($$hash{$key}[17] eq 'ON'){
- system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my ($ip,$sub) =split("/",$targethash{$b}[0]);
#Process NAT with servicegroup used
@@ -371,17 +382,23 @@ sub buildrules
#PROCESS SNAT RULE
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
$natchain='NAT_SOURCE';
+ if ($$hash{$key}[17] eq 'ON' ){
+ system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT' \n";
+ }
system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
}
- if ($$hash{$key}[17] eq 'ON' && substr($DPORT, 2, 4) ne 'icmp'){
- system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
- }
#PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be applied double)
if ($PROT ne '-p ICMP'){
+ if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
#PROCESS Prot ICMP and type = All ICMP-Types
if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+ if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}
}
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index d2aa217..58b16a5 100755
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1182,7 +1182,7 @@ END
if ($show eq '1'){$show='';print"</select></td></tr>";}
#IPsec netze
foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %ipsecconf) {
- if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+ if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' && $ipsecconf{$key}[3] ne 'host')){
print"<tr><td valign='top'><input type='radio' name='$grp' value='ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{'fwhost ipsec net'}</td><td align='right'><select name='ipsec_net_$srctgt' style='width:200px;'>" if ($show eq '');
$show='1';
print "<option ";
@@ -2579,8 +2579,14 @@ END
}
}elsif ($$hash{$key}[4] eq 'RED1'){
print "$ipfireiface $Lang::tr{'fwdfw red'}";
+ }elsif ($$hash{$key}[4] eq 'ALL'){
+ print "$ipfireiface $Lang::tr{'all'}";
}else{
- print "$$hash{$key}[4]";
+ if ($$hash{$key}[4] eq 'GREEN' || $$hash{$key}[4] eq 'ORANGE' || $$hash{$key}[4] eq 'BLUE' || $$hash{$key}[4] eq 'RED'){
+ print "$ipfireiface $Lang::tr{lc($$hash{$key}[4])}";
+ }else{
+ print "$ipfireiface $$hash{$key}[4]";
+ }
}
$tdcolor='';
#SOURCEPORT
@@ -2625,15 +2631,12 @@ END
}
print"<br>->";
}
- if ($$hash{$key}[5] eq 'ipfire'){
- $ipfireiface='Interface';
- }
- if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire' || $$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+ if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'){
if ($$hash{$key}[6] eq 'RED1'){
- print "$ipfireiface $Lang::tr{'red1'}";
+ print "$Lang::tr{'red1'}";
}elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$hash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL' || $$hash{$key}[6] eq 'RED')
{
- print "$ipfireiface ".&get_name($$hash{$key}[6]);
+ print &get_name($$hash{$key}[6]);
}else{
print $$hash{$key}[6];
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 5bcf5c8..dd7eb78 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -71,7 +71,7 @@
'action' => 'Aktion',
'activate' => 'aktivieren',
'activate user' => 'Benutzer aktivieren',
-'active' => 'aktiv',
+'active' => 'Aktiv',
'add' => 'Hinzufügen',
'add a host' => 'Host hinzufügen:',
'add a new rule' => 'Neue Regel hinzufügen:',
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-12-05 14:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-05 14:53 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox