* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 50ce309b6ab17dc61648e7d6654117d5e1661cd7
@ 2013-12-09 13:05 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-12-09 13:05 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 11858 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 50ce309b6ab17dc61648e7d6654117d5e1661cd7 (commit)
via fe2bae3b747530a37cbe37247aa1d974f15f51a6 (commit)
via a8ec686f17764d2c4e62692e7ffc94ad9cbdff53 (commit)
via 82b837cff888157358cfbfbf1a29e3dce5956ca9 (commit)
from 3a3759c625c593e70a7bea479c11834152681565 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 50ce309b6ab17dc61648e7d6654117d5e1661cd7
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Dec 9 11:06:50 2013 +0100
Firewall: added DNS (UDP,TCP) to default services
commit fe2bae3b747530a37cbe37247aa1d974f15f51a6
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Dec 9 09:33:21 2013 +0100
Firewall: Fix BETA8 - It was not possible to delete single services from servicegroups
commit a8ec686f17764d2c4e62692e7ffc94ad9cbdff53
Merge: 82b837c 3a3759c
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Dec 9 09:29:50 2013 +0100
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen1
commit 82b837cff888157358cfbfbf1a29e3dce5956ca9
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Fri Dec 6 08:47:11 2013 +0100
Firewall: Added new feature: Now protocols can be added to servicegroups (GRE,AH,ESP,IPIP,IPV6)
-----------------------------------------------------------------------
Summary of changes:
config/firewall/firewall-lib.pl | 5 +++-
config/firewall/rules.pl | 6 +++++
config/fwhosts/customservices | 8 ++++---
html/cgi-bin/fwhosts.cgi | 51 ++++++++++++++++++++++++++++++-----------
4 files changed, 52 insertions(+), 18 deletions(-)
Difference in files:
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index 8cff76b..fc80555 100755
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -90,7 +90,10 @@ sub get_srvgrp_prot
$udp=1;
}elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
$icmp=1;
- }
+ }else{
+ #Protocols used in servicegroups
+ push (@ips,$customservicegrp{$key}[2]);
+ }
}
}
if ($tcp eq '1'){push (@ips,'TCP');}
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c54a2eb..d0a9e20 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -252,6 +252,9 @@ sub buildrules
#print rules to console
foreach my $DPROT (@DPROT){
$DPORT = &get_port($hash,$key,$DPROT);
+ if ($DPROT ne 'TCP' && $DPROT ne 'UDP' && $DPROT ne 'ICMP' ){
+ $DPORT='';
+ }
$PROT=$DPROT;
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
foreach my $a (sort keys %sourcehash){
@@ -333,6 +336,9 @@ sub buildrules
$DPORT = &get_port($hash,$key,$DPROT);
$PROT=$DPROT;
$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
+ if ($DPROT ne 'TCP' && $DPROT ne'UDP' && $DPROT ne 'ICMP' ){
+ $DPORT='';
+ }
foreach my $a (sort keys %sourcehash){
foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
diff --git a/config/fwhosts/customservices b/config/fwhosts/customservices
index 07dd3d2..7f9ae3a 100644
--- a/config/fwhosts/customservices
+++ b/config/fwhosts/customservices
@@ -1,15 +1,16 @@
32,rsync,873,TCP,BLANK,0
+33,DNS (UDP),53,UDP,,0
21,IMAPS,993,TCP,BLANK,0
7,WINS,42,TCP,BLANK,0
26,LPD,515,TCP,BLANK,0
-17,IRC,194,TCP,BLANK,0
2,FTP-control,21,TCP,BLANK,0
+17,IRC,194,TCP,BLANK,0
1,FTP-data,20,TCP,BLANK,0
18,HTTPS,443,TCP,BLANK,0
30,NFS,2049,TCP,BLANK,0
16,SNMP,161,UDP,BLANK,0
-25,IPP (UDP),631,UDP,BLANK,0
27,JetDirect,9100,TCP,BLANK,0
+25,IPP (UDP),631,UDP,BLANK,0
28,LDAP,389,TCP,BLANK,0
14,NetBIOS Session Service,139,TCP,BLANK,0
20,FTPS control,990,TCP,BLANK,0
@@ -18,8 +19,8 @@
31,Radius,1812,TCP,BLANK,0
11,NTP,123,UDP,BLANK,0
22,POP3S,995,TCP,BLANK,0
-13,NetBIOS Datagram Service,138,TCP,BLANK,0
23,RDP,3389,TCP,BLANK,0
+13,NetBIOS Datagram Service,138,TCP,BLANK,0
29,LDAPS,636,TCP,BLANK,0
6,Time,37,TCP,BLANK,0
3,SSH,22,TCP,BLANK,0
@@ -28,5 +29,6 @@
15,IMAP,143,TCP,BLANK,0
8,HTTP,80,TCP,BLANK,0
4,Telnet,23,UDP,BLANK,0
+34,DNS (TCP),53,TCP,,0
19,FTPS data,989,TCP,BLANK,0
5,SMTP,25,TCP,BLANK,0
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index bc9ca85..7f4b63c 100755
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -769,8 +769,8 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
&General::readhasharray("$configsrvgrp", \%customservicegrp );
&General::readhasharray("$configsrv", \%customservice );
$errormessage=&checkservicegroup;
- #Check if we have more than 13 services from one Protocol in the group
- #iptables can only handle 13 ports/portranges via multiport
+ #Check if we have more than 15 services from one Protocol in the group
+ #iptables can only handle 15 ports/portranges via multiport
foreach my $key (keys %customservicegrp){
if($customservicegrp{$key}[0] eq $fwhostsettings{'SRVGRP_NAME'}){
foreach my $key1 (keys %customservice){
@@ -1036,12 +1036,12 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
last;
}
}
- &General::writehasharray("$configsrv", \%customservice);
$grpname=$customservicegrp{$key}[0];
$grpremark=$customservicegrp{$key}[1];
delete $customservicegrp{$key};
}
}
+ &General::writehasharray("$configsrv", \%customservice);
&General::writehasharray("$configsrvgrp", \%customservicegrp);
&General::firewall_config_changed();
if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
@@ -1116,6 +1116,9 @@ if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
&General::writehasharray("$configsrvgrp", \%customservicegrp);
$fwhostsettings{'updatesrvgrp'}='on';
$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'newsrvrem'};
+ }elsif($fwhostsettings{'oldsrvrem'} eq $fwhostsettings{'newsrvrem'}){
+ &addservicegrp;
+ &viewtableservicegrp;
}else{
$errormessage=$Lang::tr{'fwhost err remark'};
$fwhostsettings{'SRVGRP_REMARK'}=$fwhostsettings{'oldsrvrem'};
@@ -1410,13 +1413,24 @@ END
if($fwhostsettings{'updatesrvgrp'} eq 'on'){
print<<END;
<form method='post'><input type='hidden' name='SRVGRP_REMARK' value='$fwhostsettings{'SRVGRP_REMARK'}'><input type='hidden' name='SRVGRP_NAME' value='$fwhostsettings{'SRVGRP_NAME'}'><table border='0' width='100%'>
- <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'fwhost cust service'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
+ <tr><td width='1%' nowrap='nowrap'>$Lang::tr{'add'}</td><td><select name='CUST_SRV' style='min-width:185px;'>
END
&General::readhasharray("$configsrv", \%customservice);
+ #Protocols for use in servicegroups
+ print "<optgroup label='$Lang::tr{'fwhost cust service'}'>";
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice)
{
print "<option>$customservice{$key}[0]</option>";
}
+ print "</optgroup>";
+ print "<optgroup label='$Lang::tr{'protocol'}'>";
+ print "<option>GRE</option>";
+ print "<option>AH</option>";
+ print "<option>ESP</option>";
+ print "<option>IGMP</option>";
+ print "<option>IPIP</option>";
+ print "<option value='IPV6'>IPv6 encap</option>";
+ print "</optgroup>";
print<<END;
</select></td></tr>
<tr><td colspan='4'><br><br></td></tr>
@@ -1716,7 +1730,7 @@ sub viewtableservicegrp
&General::readhasharray("$configsrvgrp", \%customservicegrp);
&General::readhasharray("$configsrv", \%customservice);
my $number= keys %customservicegrp;
- foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
+ foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys %customservicegrp){
$count++;
if ($helper ne $customservicegrp{$key}[0]){
$delflag=0;
@@ -1754,6 +1768,16 @@ sub viewtableservicegrp
}else{
print"<tr bgcolor='$color{'color20'}'>";
}
+ #Set fields if we use protocols in servicegroups
+ if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne 'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
+ $port='-';
+ }
+ if ($customservicegrp{$key}[2] eq 'GRE'){$protocol='GRE';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} GRE";}
+ if ($customservicegrp{$key}[2] eq 'ESP'){$protocol='ESP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} ESP";}
+ if ($customservicegrp{$key}[2] eq 'AH'){$protocol='AH';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} AH";}
+ if ($customservicegrp{$key}[2] eq 'IGMP'){$protocol='IGMP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IGMP";}
+ if ($customservicegrp{$key}[2] eq 'IPIP'){$protocol='IPIP';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPIP";}
+ if ($customservicegrp{$key}[2] eq 'IPV6'){$protocol='IPV6';$customservicegrp{$key}[2]="$Lang::tr{'protocol'} IPv6 encapsulation";}
print "<td width='39%'>$customservicegrp{$key}[2]</td>";
foreach my $srv (sort keys %customservice){
if ($customservicegrp{$key}[2] eq $customservice{$srv}[0]){
@@ -1766,7 +1790,12 @@ sub viewtableservicegrp
if ($delflag gt '1'){
print"<input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'delete'} title=$Lang::tr{'delete'} />";
}
- print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'><input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+ print"<input type='hidden' name='ACTION' value='delgrpservice'><input type='hidden' name='updatesrvgrp' value='$fwhostsettings{'updatesrvgrp'}'>";
+ if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
+ print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$customservicegrp{$key}[2],$customservicegrp{$key}[3]'></form></td></tr>";
+ }else{
+ print "<input type='hidden' name='delsrvfromgrp' value='$grpname,$remark,$protocol,$customservicegrp{$key}[3]'></form></td></tr>";
+ }
$helper=$customservicegrp{$key}[0];
}
print"</table>";
@@ -1823,8 +1852,6 @@ sub checksubnet
sub checkservicegroup
{
&General::readhasharray("$configsrvgrp", \%customservicegrp);
-
-
#check name
if ( ! &validhostname($fwhostsettings{'SRVGRP_NAME'}))
{
@@ -1880,7 +1907,6 @@ sub get_name
return "$network" if ($val eq $defaultNetworks{$network}{'NAME'});
}
}
-
sub deletefromgrp
{
my $target=shift;
@@ -1888,11 +1914,8 @@ sub deletefromgrp
my %hash=();
&General::readhasharray("$config",\%hash);
foreach my $key (keys %hash) {
- $errormessage.="lese $hash{$key}[2] und $target<br>";
if($hash{$key}[2] eq $target){
-
delete $hash{$key};
- $errormessage.="Habe $target aus Gruppe gelöscht!<br>";
}
}
&General::writehasharray("$config",\%hash);
@@ -2096,8 +2119,8 @@ sub getipforgroup
}
}
}
-
-sub decrease {
+sub decrease
+{
my $grp=$_[0];
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-12-09 13:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-09 13:05 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 50ce309b6ab17dc61648e7d6654117d5e1661cd7 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox