From mboxrd@z Thu Jan  1 00:00:00 1970
From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen,
 updated. 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c
Date: Thu, 05 Dec 2013 15:53:23 +0100
Message-ID: <20131205145325.7EB2A20AD2@argus.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5686701028177795957=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============5686701028177795957==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c (commit)
       via  0c733ab7502e5eb10e5ecbd4f9ad4196670fe175 (commit)
       via  2be048cedc75c8e09233a819d3eae5107a4ab452 (commit)
       via  02cb636c8b0abfeb8805d058e29d1a3f8d53ce9a (commit)
       via  5558ca2a9614c8d4393dc9287e4c0e7f7f014a95 (commit)
       via  cdb3536bc82e410b4678a4740c198ecf74ec8bd3 (commit)
      from  09efb767f43718512311357a5634d00c8ad8c32e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 784098e4db6b4aca11b4b39d0fec17f8a2d3ad0c
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Thu Dec 5 15:51:15 2013 +0100

    Firewall: forgot to delete a development test string

commit 0c733ab7502e5eb10e5ecbd4f9ad4196670fe175
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Mon Dec 2 07:56:01 2013 +0100

    Firewall: Bugfix: Fixed wrong language strings in outgoing FW rules when =
using std networks or ipfire

commit 2be048cedc75c8e09233a819d3eae5107a4ab452
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Fri Nov 29 13:41:57 2013 +0100

    Firewall: FIxed wrong language strings in outgoing Firewall

commit 02cb636c8b0abfeb8805d058e29d1a3f8d53ce9a
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Nov 26 13:34:08 2013 +0100

    Firewall: Fixes commit http://git.ipfire.org/?p=3Dpeople/amarx/ipfire-2.x=
.git;a=3Dcommitdiff;h=3De19a36c4a09ea417ce9d577c262f17242eec4a31
   =20
    Now all "active" Strings from all languagefiles are checked against the o=
ld rule to find out if logging is enabled
   =20
    Conflicts:
    	config/firewall/convert-outgoingfw

commit 5558ca2a9614c8d4393dc9287e4c0e7f7f014a95
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Nov 26 13:02:08 2013 +0100

    Firewall: fixes commit http://git.ipfire.org/?p=3Dpeople/amarx/ipfire-2.x=
.git;a=3Dcommitdiff;h=3D1ed4b214d785ad0538b0a864f43babccd55475b1
   =20
    Conflicts:
    	html/cgi-bin/firewall.cgi

commit cdb3536bc82e410b4678a4740c198ecf74ec8bd3
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Nov 26 11:45:05 2013 +0100

    Firewall: BUGFIX: RUles.pl did not create LOGGING rules properly.

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/convert-outgoingfw |  8 +++++++-
 config/firewall/rules.pl           | 33 +++++++++++++++++++++++++--------
 html/cgi-bin/firewall.cgi          | 19 +++++++++++--------
 langs/de/cgi-bin/de.pl             |  2 +-
 4 files changed, 44 insertions(+), 18 deletions(-)

Difference in files:
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-out=
goingfw
index 0d7f7d3..d7722f4 100755
--- a/config/firewall/convert-outgoingfw
+++ b/config/firewall/convert-outgoingfw
@@ -62,6 +62,7 @@ my %fwconfigout=3D();
 my %fwdsettings=3D();
 my %ownnet=3D();
 my %ovpnSettings =3D ();
+my @active=3D ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Akt=
ywne', '=D0=90=D0=BA=D1=82=D0=B8=D0=B2=D0=B5=D0=BD', 'Aktif');
 &General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
 &General::readhash($outfwsettings,\%outsettings);
 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
@@ -382,7 +383,12 @@ sub process_rules
 				$configline[4] =3D~ s/,/;/g;
 				$remark =3D $configline[4];
 			}else{$remark =3D '';}
-			if($configline[9] eq 'Active'){ $log=3D'ON';}else{$log=3D'';}
+			#find all "active" tags in all language files and check them against the =
old config
+			my $logging=3D'0';
+			foreach (@active){
+				$logging=3D'1' if ($_ eq $configline[9]);
+			}
+			if($logging eq '1' ){ $log=3D'ON';}else{$log=3D'';}
 			if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] =
eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[=
15] eq 'on' && $configline[16] eq 'on'){
 				if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
 					$time=3D'';
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f1584f3..c54a2eb 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -259,6 +259,7 @@ sub buildrules
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne=
 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
 								if($DPROT ne ''){
 									if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] =
ne ''){ $STAG=3D"-s";}
+									#Process ICMP RULE
 									if(substr($DPORT, 2, 4) eq 'icmp'){
 										my @icmprule=3D split(",",substr($DPORT, 12,));
 										foreach (@icmprule){
@@ -272,10 +273,11 @@ sub buildrules
 											}
 												print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $=
SPORT -d $targethash{$b}[0] $icmptype $_ $TIME -j $$hash{$key}[0]\n";
 										}
+									#PROCESS DNAT RULE (Portforward)
 									}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
 										$natchain=3D'NAT_DESTINATION';
 										if ($$hash{$key}[17] eq 'ON'){
-											print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $firepor=
t $TIME -j LOG --log-prefix 'DNAT' \n";
+											print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT $=
natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
 										}
 										my ($ip,$sub) =3Dsplit("/",$targethash{$b}[0]);
 										#Process NAT with servicegroup used
@@ -298,17 +300,26 @@ sub buildrules
 										}
 										print "iptables -A FORWARDFW $PROT -i $con $STAG $sourcehash{$a}[0=
] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n";
 										next;
+									#PROCESS SNAT RULE
 									}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
 										$natchain=3D'NAT_SOURCE';
+										if ($$hash{$key}[17] eq 'ON' ){
+											print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -=
d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT' \n";
+										}
 										print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -d=
 $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
 									}
-									if ($$hash{$key}[17] eq 'ON' ){
-											print "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -=
d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
-									}
+									#PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be appl=
ied double)
 									if ($PROT ne '-p ICMP'){
+										if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+											print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $S=
PORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+										}
 										print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] =
$SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
+									#PROCESS Prot ICMP and type =3D All ICMP-Types
 									if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+										if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+											print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $S=
PORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+										}
 										print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] =
$SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
 								}
@@ -345,7 +356,7 @@ sub buildrules
 									}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
 										$natchain=3D'NAT_DESTINATION';
 										if ($$hash{$key}[17] eq 'ON'){
-											system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $firepo=
rt $TIME -j LOG --log-prefix 'DNAT' \n";
+											system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT =
$natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
 										}
 										my ($ip,$sub) =3Dsplit("/",$targethash{$b}[0]);
 										#Process NAT with servicegroup used
@@ -371,17 +382,23 @@ sub buildrules
 									#PROCESS SNAT RULE
 									}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
 										$natchain=3D'NAT_SOURCE';
+										if ($$hash{$key}[17] eq 'ON' ){
+											system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT =
-d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT' \n";
+										}
 										system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -=
d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n";
 									}
-									if ($$hash{$key}[17] eq 'ON' && substr($DPORT, 2, 4) ne 'icmp'){
-										system "$command $natchain $PROT $STAG $sourcehash{$a}[0] $SPORT -=
d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
-									}
 									#PROCESS EVERY OTHER RULE (If NOT ICMP, else the rule would be appl=
ied double)
 									if ($PROT ne '-p ICMP'){
+										if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+											system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $=
SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+										}
 										system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0]=
 $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
 									#PROCESS Prot ICMP and type =3D All ICMP-Types
 									if ($PROT eq '-p ICMP' && $$hash{$key}[9] eq 'All ICMP-Types'){
+										if ($$hash{$key}[17] eq 'ON' && $$hash{$key}[28] ne 'ON'){
+											system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $=
SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+										}
 										system "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0]=
 $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
 									}
 								}
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index d2aa217..58b16a5 100755
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1182,7 +1182,7 @@ END
 	if ($show eq '1'){$show=3D'';print"</select></td></tr>";}
 	#IPsec netze
 	foreach my $key (sort { ncmp($ipsecconf{$a}[1],$ipsecconf{$b}[1]) } keys %i=
psecconf) {
-		if ($ipsecconf{$key}[3] eq 'net' || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
+		if ($ipsecconf{$key}[3] eq 'net' || ($optionsfw{'SHOWDROPDOWN'} eq 'on' &&=
 $ipsecconf{$key}[3] ne 'host')){
 			print"<tr><td valign=3D'top'><input type=3D'radio' name=3D'$grp' value=3D=
'ipsec_net_$srctgt' $checked{$grp}{'ipsec_net_'.$srctgt}></td><td >$Lang::tr{=
'fwhost ipsec net'}</td><td align=3D'right'><select name=3D'ipsec_net_$srctgt=
' style=3D'width:200px;'>" if ($show eq '');
 			$show=3D'1';
 			print "<option ";
@@ -2579,8 +2579,14 @@ END
 				}
 			}elsif ($$hash{$key}[4] eq 'RED1'){
 				print "$ipfireiface $Lang::tr{'fwdfw red'}";
+			}elsif ($$hash{$key}[4] eq 'ALL'){
+				print "$ipfireiface $Lang::tr{'all'}";
 			}else{
-				print "$$hash{$key}[4]";
+				if ($$hash{$key}[4] eq 'GREEN' || $$hash{$key}[4] eq 'ORANGE' || $$hash{=
$key}[4] eq 'BLUE' || $$hash{$key}[4] eq 'RED'){
+					print "$ipfireiface $Lang::tr{lc($$hash{$key}[4])}";
+				}else{
+					print "$ipfireiface $$hash{$key}[4]";
+				}
 			}
 			$tdcolor=3D'';
 			#SOURCEPORT
@@ -2625,15 +2631,12 @@ END
 				}
 				print"<br>-&gt;";
 			}
-			if ($$hash{$key}[5] eq 'ipfire'){
-				$ipfireiface=3D'Interface';
-			}
-			if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'  || $=
$hash{$key}[6] eq 'RED1' || $$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq =
'ORANGE' || $$hash{$key}[6] eq 'BLUE' ){
+			if ($$hash{$key}[5] eq 'std_net_tgt' || $$hash{$key}[5] eq 'ipfire'){
 				if ($$hash{$key}[6] eq 'RED1'){
-					print "$ipfireiface $Lang::tr{'red1'}";
+					print "$Lang::tr{'red1'}";
 				}elsif ($$hash{$key}[6] eq 'GREEN' || $$hash{$key}[6] eq 'ORANGE' || $$h=
ash{$key}[6] eq 'BLUE'|| $$hash{$key}[6] eq 'ALL' || $$hash{$key}[6] eq 'RED')
 				{
-					print "$ipfireiface ".&get_name($$hash{$key}[6]);
+					print &get_name($$hash{$key}[6]);
 				}else{
 					print $$hash{$key}[6];
 				}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 5bcf5c8..dd7eb78 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -71,7 +71,7 @@
 'action' =3D> 'Aktion',
 'activate' =3D> 'aktivieren',
 'activate user' =3D> 'Benutzer aktivieren',
-'active' =3D> 'aktiv',
+'active' =3D> 'Aktiv',
 'add' =3D> 'Hinzuf=C3=BCgen',
 'add a host' =3D> 'Host hinzuf=C3=BCgen:',
 'add a new rule' =3D> 'Neue Regel hinzuf=C3=BCgen:',


hooks/post-receive
--
IPFire 2.x development tree

--===============5686701028177795957==--