From mboxrd@z Thu Jan  1 00:00:00 1970
From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen,
 updated. 30491c6ac70ce55d4bfbcec5aee6096808b3c193
Date: Sat, 11 Jan 2014 13:08:36 +0100
Message-ID: <20140111120836.76D05211F2@argus.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3067883741165929530=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============3067883741165929530==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  30491c6ac70ce55d4bfbcec5aee6096808b3c193 (commit)
       via  68e89a2f2828084bbe7a8fa15a16ae9626d4c74e (commit)
       via  8c252e6aa83f0a45d248dc59ae2bbc2ca717b229 (commit)
       via  7d44bfeef1614ca2ae0e60ddd020f004a3f3b071 (commit)
       via  f536ab266173dd7d6ec5ddd984e0a458c1aedbc2 (commit)
       via  aeefcc9caa329cfd1ca8b8cdafdc845aab7507b2 (commit)
       via  82f7d1b4d8f2d504ed750da549416a1110814cc6 (commit)
      from  b5890e73693cb323b115cf5245964177cb902f64 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 30491c6ac70ce55d4bfbcec5aee6096808b3c193
Merge: 68e89a2 b5890e7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 11 13:08:27 2014 +0100

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
fteen
   =20
    Conflicts:
    	html/html/themes/ipfire/include/css/style.css

commit 68e89a2f2828084bbe7a8fa15a16ae9626d4c74e
Merge: 8c252e6 0f9894a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 11 12:46:56 2014 +0100

    Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fi=
fteen

commit 8c252e6aa83f0a45d248dc59ae2bbc2ca717b229
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date:   Sat Jan 11 12:38:53 2014 +0100

    OpenVPN: Check if port is smaller than 1024.
   =20
    Bug #10459.

commit 7d44bfeef1614ca2ae0e60ddd020f004a3f3b071
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Jan 11 06:05:29 2014 +0100

    changes pagetitle in vpnmain.cgi

commit f536ab266173dd7d6ec5ddd984e0a458c1aedbc2
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Jan 11 05:51:44 2014 +0100

    language changes in Menu and on statuspage (index.cgi)

commit aeefcc9caa329cfd1ca8b8cdafdc845aab7507b2
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Jan 11 05:30:46 2014 +0100

    Firewall: modified firewall-groups so that they can be empty even if used=
 in rules
   =20
    Now one can create a group, use it in a rule and then delete every entry
    from the group. (The firewallrule then will be displayed yellow and
    disabled).

commit 82f7d1b4d8f2d504ed750da549416a1110814cc6
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Sat Jan 11 05:32:16 2014 +0100

    Edited stylecss so that TR:first-child td {} has a top border (for firewa=
ll rulecreation)

-----------------------------------------------------------------------

Summary of changes:
 config/menu/40-services.menu                  |   2 +-
 config/menu/50-firewall.menu                  |   2 +-
 html/cgi-bin/firewall.cgi                     |  24 +++++-
 html/cgi-bin/fwhosts.cgi                      | 111 ++++++++++++++++--------=
--
 html/cgi-bin/index.cgi                        |   2 +-
 html/cgi-bin/ovpnmain.cgi                     |  26 +++++-
 html/cgi-bin/p2p-block.cgi                    |   0
 html/cgi-bin/shutdown.cgi                     |   0
 html/cgi-bin/tor.cgi                          |   0
 html/cgi-bin/vpnmain.cgi                      |  20 ++---
 html/html/themes/ipfire/include/css/style.css |   2 +-
 langs/de/cgi-bin/de.pl                        |   7 +-
 langs/en/cgi-bin/en.pl                        |   5 +-
 13 files changed, 133 insertions(+), 68 deletions(-)
 mode change 100755 =3D> 100644 html/cgi-bin/firewall.cgi
 mode change 100755 =3D> 100644 html/cgi-bin/p2p-block.cgi
 mode change 100755 =3D> 100644 html/cgi-bin/shutdown.cgi
 mode change 100755 =3D> 100644 html/cgi-bin/tor.cgi

Difference in files:
diff --git a/config/menu/40-services.menu b/config/menu/40-services.menu
index 9901e8f..2f4d96e 100644
--- a/config/menu/40-services.menu
+++ b/config/menu/40-services.menu
@@ -1,5 +1,5 @@
     $subservices->{'10.ipsec'} =3D {
-				'caption' =3D> 'IPSec',
+				'caption' =3D> $Lang::tr{'ipsec'},
 			     	'uri' =3D> '/cgi-bin/vpnmain.cgi',
 			     	'title' =3D> "$Lang::tr{'virtual private networking'}",
 			     	'enabled' =3D> 1,
diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 8bc66f9..ce6fd9d 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -17,7 +17,7 @@
 				'enabled' =3D> 1,
 				};
 	$subfirewall->{'40.p2p'} =3D {
-				'caption' =3D> 'P2P-Block',
+				'caption' =3D> $Lang::tr{'p2p block'},
 				'uri' =3D> '/cgi-bin/p2p-block.cgi',
 				'title' =3D> "P2P-Block",
 				'enabled' =3D> 1,
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
old mode 100755
new mode 100644
index ceaab56..7ffe59c
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1050,7 +1050,7 @@ END
 	if (! -z $configgrp || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
 		print"<tr><td valign=3D'top'><input type=3D'radio' name=3D'$grp' id=3D'cus=
t_grp_$srctgt' value=3D'cust_grp_$srctgt' $checked{$grp}{'cust_grp_'.$srctgt}=
></td><td >$Lang::tr{'fwhost cust grp'}</td><td align=3D'right'><select name=
=3D'cust_grp_$srctgt' style=3D'width:200px;'>";
 		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } keys %=
customgrp) {
-			if($helper ne $customgrp{$key}[0]){
+			if($helper ne $customgrp{$key}[0] && $customgrp{$key}[2] ne 'none'){
 				print"<option ";
 				print "selected=3D'selected' " if ($fwdfwsettings{$fwdfwsettings{$grp}} =
eq $customgrp{$key}[0]);
 				print ">$customgrp{$key}[0]</option>";
@@ -1824,7 +1824,7 @@ END
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
 		my $helper;
 		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b=
}[0]) } keys %customservicegrp){
-			if ($helper ne $customservicegrp{$key}[0]){
+			if ($helper ne $customservicegrp{$key}[0] && $customservicegrp{$key}[2] n=
e 'none'){
 				print"<option ";
 				print"selected=3D'selected'" if ($fwdfwsettings{$fwdfwsettings{'grp3'}} =
eq $customservicegrp{$key}[0]);
 				print">$customservicegrp{$key}[0]</option>";
@@ -1847,7 +1847,7 @@ END
 		print <<END;
 			<br>
 			<center>
-				<table width=3D"80%" border=3D"0">
+				<table width=3D"80%" class=3D'tbl'>
 					<tr>
 						<td width=3D"33%" align=3D"center" bgcolor=3D"$color{'color17'}">
 							&nbsp;<br>&nbsp;
@@ -1884,7 +1884,6 @@ END
=20
 			<br>
 END
-
 		#---Activate/logging/remark-------------------------------------
 		&Header::openbox('100%', 'left', $Lang::tr{'fwdfw additional'});
 		print<<END;
@@ -2298,6 +2297,8 @@ sub viewtablenew
 	&General::readhasharray("$config", $hash);
 	&General::readhasharray("$configccdnet", \%ccdnet);
 	&General::readhasharray("$configccdhost", \%ccdhost);
+	&General::readhasharray("$configgrp", \%customgrp);
+	&General::readhasharray("$configsrvgrp", \%customservicegrp);
=20
 	&Header::openbox('100%', 'left', $title);
 	print "<table width=3D'100%' cellspacing=3D'0' class=3D'tbl'>";
@@ -2401,6 +2402,21 @@ END
 					}
 				}
 			}
+			#check if networkgroups or servicegroups are empty
+			foreach my $netgroup (sort keys %customgrp){
+				if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $c=
ustomgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
+					$coloryellow=3D'on';
+					&disable_rule($key);
+					$$hash{$key}[2]=3D'';
+				}
+			}
+			foreach my $srvgroup (sort keys %customservicegrp){
+				if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservice=
grp{$srvgroup}[2] eq 'none'){
+					$coloryellow=3D'on';
+					&disable_rule($key);
+					$$hash{$key}[2]=3D'';
+				}
+			}
 			$$hash{'ACTIVE'}=3D$$hash{$key}[2];
 			$count++;
 			if($coloryellow eq 'on'){
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 16c91bd..baecde3 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -780,7 +780,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp')
 		}
 		#on update, we have to delete the dummy entry
 		foreach my $key (keys %customservicegrp){
-			if ($customservicegrp{$key}[2] eq 'none'){
+			if ($customservicegrp{$key}[2] eq 'none' && $customservicegrp{$key}[0] eq=
 $fwhostsettings{'SRVGRP_NAME'}){
 				delete $customservicegrp{$key};
 				last;
 			}
@@ -893,33 +893,22 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
 	&General::readhasharray("$configgrp", \%customgrp);
 	foreach my $key (keys %customgrp){
 		if($customgrp{$key}[0].",".$customgrp{$key}[1].",".$customgrp{$key}[2].","=
.$customgrp{$key}[3] eq $fwhostsettings{'delhost'}){
-			#decrease count from source host/net
-			if ($customgrp{$key}[3] eq 'Custom Network'){
-				&General::readhasharray("$confignet", \%customnetwork);
-				foreach my $key1 (keys %customnetwork){
-						if ($customnetwork{$key1}[0] eq $customgrp{$key}[2]){
-						$customnetwork{$key1}[4] =3D $customnetwork{$key1}[4]-1;
-						last;
-					}
-				}
-				&General::writehasharray("$confignet", \%customnetwork);
-			}
-			if ($customgrp{$key}[3] eq 'Custom Host'){
-				&General::readhasharray("$confighost", \%customhost);
-				foreach my $key1 (keys %customhost){
-					if ($customhost{$key1}[0] eq $customgrp{$key}[2]){
-						$customhost{$key1}[4] =3D $customhost{$key1}[4]-1;
-						last;
-					}
-				}
-				&General::writehasharray("$confighost", \%customhost);
-			}
 			$grpname=3D$customgrp{$key}[0];
 			$grpremark=3D$customgrp{$key}[1];
-			delete $customgrp{$key};
+			#check if we delete the last entry, then generate dummy
+			if ($fwhostsettings{'last'} eq 'on'){
+				$customgrp{$key}[1] =3D '';
+				$customgrp{$key}[2] =3D 'none';
+				$customgrp{$key}[3] =3D '';
+				$fwhostsettings{'last'}=3D'';
+				last;
+			}else{
+				delete $customgrp{$key};
+			}
 		}
 	}
 	&General::writehasharray("$configgrp", \%customgrp);
+	&General::firewall_config_changed();
 	if ($fwhostsettings{'grpcnt'} > 0){
 		&General::firewall_config_changed();
 	}
@@ -982,23 +971,20 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
 	my $grpname;
 	my $grpremark;
 	&General::readhasharray("$configsrvgrp", \%customservicegrp);
-	&General::readhasharray("$configsrv", \%customservice);
 	foreach my $key (keys %customservicegrp){
 		if($customservicegrp{$key}[0].",".$customservicegrp{$key}[1].",".$customse=
rvicegrp{$key}[2] eq $fwhostsettings{'delsrvfromgrp'})
 		{
-			#decrease count from source service
-			foreach my $key1 (sort keys %customservice){
-				if($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
-					$customservice{$key1}[4]--;
-					last;
-				}
-			}
 			$grpname=3D$customservicegrp{$key}[0];
 			$grpremark=3D$customservicegrp{$key}[1];
-			delete $customservicegrp{$key};
+			if($fwhostsettings{'last'} eq 'on'){
+				$customservicegrp{$key}[2] =3D 'none';
+				$fwhostsettings{'last'} =3D '';
+				last;
+			}else{
+				delete $customservicegrp{$key};
+			}
 		}
 	}
-	&General::writehasharray("$configsrv", \%customservice);
 	&General::writehasharray("$configsrvgrp", \%customservicegrp);
 	&General::firewall_config_changed();
 	if ($fwhostsettings{'updatesrvgrp'} eq 'on'){
@@ -1007,7 +993,6 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice')
 	}
 	&addservicegrp;
 	&viewtableservicegrp;
-=09
 }
 if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newnet'})
 {
@@ -1497,11 +1482,11 @@ END
 			}elsif ($count % 2)
 			{=20
 				$col=3D"bgcolor=3D'$color{'color20'}'";
-				print" <tr>";# bgcolor=3D'$color{'color20'}'>";
+				print" <tr>";
 			}else
 			{
 				$col=3D"bgcolor=3D'$color{'color22'}'";
-				print" <tr>";# bgcolor=3D'$color{'color22'}'>";
+				print" <tr>";
 			}
 			my $colnet=3D"$customnetwork{$key}[1]/".&General::subtocidr($customnetwor=
k{$key}[2]);
 			my $netcount=3D&getnetcount($customnetwork{$key}[0]);
@@ -1655,10 +1640,19 @@ sub viewtablegrp
 	my $remark;
 	my $number;
 	my $delflag;
+	my @counter;
+	my %hash;
 	if (!keys %customgrp)=20
 	{
 		print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
 	}else{
+		#get all groups in a hash
+		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort {=
 ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
+			push (@counter,$customgrp{$key}[0]);
+		}
+		foreach my $key1 (@counter) {
+			$hash{$key1}++ ;
+		}
 		foreach my $key (sort { ncmp($customgrp{$a}[0],$customgrp{$b}[0]) } sort {=
 ncmp($customgrp{$a}[2],$customgrp{$b}[2]) } keys %customgrp){
 			$count++;
 			if ($helper ne $customgrp{$key}[0]){
@@ -1676,7 +1670,7 @@ sub viewtablegrp
 				if ($customgrp{$key}[2] eq "none"){$customgrp{$key}[2]=3D$Lang::tr{'fwho=
st err emptytable'};}
 				$grpname=3D$customgrp{$key}[0];
 				$remark=3D"$customgrp{$key}[1]";
-				if($count gt 1){ print"</table>";}
+				if($count gt 1){ print"</table>";$count=3D1;}
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp;";
 				print " <b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp " if ($remark ne =
'');
 				my $netgrpcount=3D&getnetcount($grpname);
@@ -1694,10 +1688,10 @@ sub viewtablegrp
 				$col=3D"bgcolor=3D'${Header::colouryellow}'";
 			}elsif ($count %2 =3D=3D 0){
 				print"<tr>";
-				$col=3D"bgcolor=3D'$color{'color22'}'";
+				$col=3D"bgcolor=3D'$color{'color20'}'";
 			}else{
 				print"<tr>";
-				$col=3D"bgcolor=3D'$color{'color20'}'";
+				$col=3D"bgcolor=3D'$color{'color22'}'";
 			}
 			my $ip=3D&getipforgroup($customgrp{$key}[2],$customgrp{$key}[3]);=09
 			if ($ip eq ''){
@@ -1717,8 +1711,14 @@ sub viewtablegrp
 				$ip=3D"$colip/".&General::subtocidr($colsub) if ($colsub);
 				print"<td align=3D'center' $col ".&getcolor($colip).">".&Header::coloriz=
e($ip)."</td><td align=3D'center' $col>$customgrp{$key}[3]</td><td width=3D'1=
%' $col><form method=3D'post'>";
 			}
-			if ($delflag > 1 && $ip ne ''){
+			if ($delflag > 0 && $ip ne ''){
 				print"<input type=3D'image' src=3D'/images/delete.gif' align=3D'middle' =
alt=3D$Lang::tr{'delete'} title=3D$Lang::tr{'delete'} />";
+				#check if this group has only one entry
+				foreach my $key2 (keys %hash) {
+					if ($hash{$key2}<2 && $key2 eq $customgrp{$key}[0]){
+						print "<input type=3D'hidden' name=3D'last' value=3D'on'>"  ;
+					}
+				}
 			}
 			print"<input type=3D'hidden' name=3D'ACTION' value=3D'deletegrphost'><inp=
ut type=3D'hidden' name=3D'grpcnt' value=3D'$customgrp{$key}[4]'><input type=
=3D'hidden' name=3D'update' value=3D'$fwhostsettings{'update'}'><input type=
=3D'hidden' name=3D'delhost' value=3D'$grpname,$remark,$customgrp{$key}[2],$c=
ustomgrp{$key}[3]'></form></td></tr>";
 		=09
@@ -1793,11 +1793,15 @@ sub viewtableservicegrp
 	my $grpname;
 	my $remark;
 	my $helper;
+	my $helper1;
 	my $port;
 	my $protocol;
 	my $delflag;
 	my $grpcount=3D0;
 	my $col=3D'';
+	my $lastentry=3D0;
+	my @counter;
+	my %hash;
 	if (! -z $configsrvgrp){
 		&Header::openbox('100%', 'left', $Lang::tr{'fwhost cust srvgrp'});
 		&General::readhasharray("$configsrvgrp", \%customservicegrp);
@@ -1807,6 +1811,12 @@ sub viewtableservicegrp
 		&General::readhasharray("$fwconfigout", \%fwout);
 		my $number=3D keys %customservicegrp;
 		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b=
}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys =
%customservicegrp){
+			push (@counter,$customservicegrp{$key}[0]);
+		}
+		foreach my $key1 (@counter) {
+			$hash{$key1}++ ;
+		}
+		foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b=
}[0]) } sort { ncmp($customservicegrp{$a}[2],$customservicegrp{$b}[2]) }keys =
%customservicegrp){
 			$count++;
 			if ($helper ne $customservicegrp{$key}[0]){
 				#Get used groupcounter
@@ -1823,12 +1833,12 @@ sub viewtableservicegrp
 				}
 				$grpname=3D$customservicegrp{$key}[0];
 				if ($customservicegrp{$key}[2] eq "none"){
-					$customservicegrp{$key}[2]=3D$Lang::tr{'fwhost empty'};
+					$customservicegrp{$key}[2]=3D$Lang::tr{'fwhost err emptytable'};
 					$port=3D'';
 					$protocol=3D'';
 				}
 				$remark=3D"$customservicegrp{$key}[1]";
-				if($count >=3D2){print"</table>";}
+				if($count >0){print"</table>";$count=3D1;}
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp; ";
 				print "<b>$Lang::tr{'remark'}:</b>&nbsp; $remark " if ($remark ne '');
 				print "&nbsp; <b>$Lang::tr{'used'}:</b> $grpcount x";
@@ -1849,6 +1859,11 @@ sub viewtableservicegrp
 				print"<tr>";
 				$col=3D"bgcolor=3D'$color{'color22'}'";
 			}
+			#make lines yellow if it is a dummy entry
+			if ($customservicegrp{$key}[2] eq $Lang::tr{'fwhost err emptytable'}){
+				print"<tr>";
+				$col=3D"bgcolor=3D'${Header::colouryellow}'";
+			}
 			#Set fields if we use protocols in servicegroups
 			if ($customservicegrp{$key}[2] ne 'TCP' || $customservicegrp{$key}[2] ne =
'UDP' || $customservicegrp{$key}[2] ne 'ICMP'){
 				$port=3D'-';
@@ -1868,8 +1883,16 @@ sub viewtableservicegrp
 				}
 			}
 			print"<td align=3D'center' $col>$port</td><td align=3D'center' $col>$prot=
ocol</td><td width=3D'1%' $col><form method=3D'post'>";
-			if ($delflag gt '1'){
-				print"<input type=3D'image' src=3D'/images/delete.gif' align=3D'middle' =
alt=3D$Lang::tr{'delete'} title=3D$Lang::tr{'delete'} />";
+			if ($delflag gt '0'){
+				if ($customservicegrp{$key}[2] ne $Lang::tr{'fwhost err emptytable'}){
+					print"<input type=3D'image' src=3D'/images/delete.gif' align=3D'middle'=
 alt=3D$Lang::tr{'delete'} title=3D$Lang::tr{'delete'} />";
+				}
+				#check if this group has only one entry
+				foreach my $key2 (keys %hash) {
+					if ($hash{$key2}<2 && $key2 eq $customservicegrp{$key}[0]){
+						print "<input type=3D'hidden' name=3D'last' value=3D'on'>"  ;
+					}
+				}
 			}
 			print"<input type=3D'hidden' name=3D'ACTION' value=3D'delgrpservice'><inp=
ut type=3D'hidden' name=3D'updatesrvgrp' value=3D'$fwhostsettings{'updatesrvg=
rp'}'>";
 			if($protocol eq 'TCP' || $protocol eq 'UDP' || $protocol eq 'ICMP'){
diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 5143e5e..b3a2629 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -286,7 +286,7 @@ if ( `cat /var/ipfire/vpn/settings | grep ^ENABLED=3Don` =
||
 	$haveipsec=3D1;
 	my $ipsecip =3D `cat /var/ipfire/vpn/settings | grep ^VPN_IP=3D | cut -c 8-=
`;
 print<<END;
-		<tr><td align=3D'center' bgcolor=3D'$Header::colourvpn' width=3D'25%'><a h=
ref=3D"/cgi-bin/vpnmain.cgi"><font size=3D'2' color=3D'white'><b>$Lang::tr{'v=
pn'}</b></font></a><br>
+		<tr><td align=3D'center' bgcolor=3D'$Header::colourvpn' width=3D'25%'><a h=
ref=3D"/cgi-bin/vpnmain.cgi"><font size=3D'2' color=3D'white'><b>$Lang::tr{'i=
psec'}</b></font></a><br>
 		<td width=3D'30%' align=3D'center'>$ipsecip
 		<td width=3D'45%' align=3D'center'><font color=3D$Header::colourgreen>Onli=
ne</font>
 END
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 7b1654f..75b6c75 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1163,6 +1163,12 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgip=
arams{'TYPE'} eq '' && $cg
 	$errormessage =3D $Lang::tr{'invalid port'};
 	goto SETTINGS_ERROR;
     }
+=09
+	if ($cgiparams{'DDEST_PORT'} <=3D 1023) {
+		$errormessage =3D $Lang::tr{'ovpn port in root range'};
+		goto SETTINGS_ERROR;
+	}
+
     $vpnsettings{'ENABLED_BLUE'} =3D $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =3D$cgiparams{'ENABLED_ORANGE'};
     $vpnsettings{'ENABLED'} =3D $cgiparams{'ENABLED'};
@@ -3534,10 +3540,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'=
NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Re=
moving Directory fail: $!";
 		  goto VPNCONF_ERROR;
-		}=20
+		}
+=09
+	if ($cgiparams{'DEST_PORT'} <=3D 1023) {
+		$errormessage =3D $Lang::tr{'ovpn port in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'=
NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Re=
moving Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		}
=20
-    if ($cgiparams{'OVPN_MGMT'} eq  '') {
-			$cgiparams{'OVPN_MGMT'} =3D $cgiparams{'DEST_PORT'};	=09
+	if ($cgiparams{'OVPN_MGMT'} eq  '') {
+		$cgiparams{'OVPN_MGMT'} =3D $cgiparams{'DEST_PORT'};	=09
+		}
+=09
+	if ($cgiparams{'OVPN_MGMT'} <=3D 1023) {
+		$errormessage =3D $Lang::tr{'ovpn mgmt in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'=
NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Re=
moving Directory fail: $!";
+		  goto VPNCONF_ERROR;
 		}
   =20
 }
diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/shutdown.cgi b/html/cgi-bin/shutdown.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
old mode 100755
new mode 100644
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 3e92d4b..7e90649 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -511,7 +511,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgipara=
ms{'TYPE'} eq '' && $cg
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', '');
     &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
     print <<END
@@ -607,7 +607,7 @@ END
=20
     if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
 	my $output =3D `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$caha=
sh{$cgiparams{'KEY'}}[0]cert.pem`;
@@ -683,7 +683,7 @@ END
 	}
 	if ($assignedcerts) {
 	    &Header::showhttpheaders();
-	    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	    &Header::openbigbox('100%', 'left', '', '');
 	    &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
 	    print <<END
@@ -728,7 +728,7 @@ END
 	$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
     my $output;
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', '');
     if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
 	&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
@@ -1054,7 +1054,7 @@ END
=20
     ROOTCERT_ERROR:
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
     if ($errormessage) {
         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
@@ -1141,7 +1141,7 @@ END
=20
     if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.=
pem") {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
 	my $output =3D `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$c=
onfighash{$cgiparams{'KEY'}}[1]cert.pem`;
@@ -1231,7 +1231,7 @@ END
 ###
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '=
') {
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
 	&Header::openbigbox('100%', 'left', '', '');
 	&Header::openbox('100%', 'left', $Lang::tr{'connection type'});
 	print <<END
@@ -1911,7 +1911,7 @@ END
     $checked{'AUTH'}{$cgiparams{'AUTH'}} =3D "checked=3D'checked'";
=20
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
     if ($errormessage) {
 	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
@@ -2353,7 +2353,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     $selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} =3D "selected=3D'selec=
ted'";
=20
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
=20
     if ($errormessage) {
@@ -2602,7 +2602,7 @@ EOF
     $checked{'ENABLED'} =3D $cgiparams{'ENABLED'} eq 'on' ? "checked=3D'chec=
ked'" : '';
=20
     &Header::showhttpheaders();
-    &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+    &Header::openpage($Lang::tr{'ipsec'}, 1, '');
     &Header::openbigbox('100%', 'left', '', $errormessage);
=20
     if ($errormessage) {
diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes=
/ipfire/include/css/style.css
index e33c6e1..9f3e25b 100644
--- a/html/html/themes/ipfire/include/css/style.css
+++ b/html/html/themes/ipfire/include/css/style.css
@@ -300,7 +300,7 @@ table {
 	border-right: 1px solid lightgrey;
 }
=20
-.tbl tr:first-child td:only-child {
+.tbl tr:first-child td {
 	border-top: 1px solid lightgrey;
 }
=20
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 3671c52..b4753a6 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1269,9 +1269,10 @@
 'ipfire side is invalid' =3D> 'IPFire Seite ist ung=C3=BCltig.',
 'ipfires hostname' =3D> 'IPFire\'s Hostname',
 'ipinfo' =3D> 'IP-Info',
-'ipsec network' =3D> 'IPsec-Netzwerke',
 'iptable rules' =3D> 'IPTable-Regeln',
 'iptmangles' =3D> 'IPTable Mangles',
+'ipsec' =3D> 'IPsec',
+'ipsec network' =3D> 'IPsec-Netzwerke',
 'iptnats' =3D> 'IPTable Network Address Translation',
 'ipts' =3D> 'iptables',
 'isdn' =3D> 'ISDN',
@@ -1605,6 +1606,8 @@
 'ovpn on blue' =3D> 'OpenVPN auf BLAU',
 'ovpn on orange' =3D> 'OpenVPN auf ORANGE',
 'ovpn on red' =3D> 'OpenVPN auf ROT',
+'ovpn mgmt in root range' =3D> 'Ein Port von 1024 oder h=C3=B6her ist erford=
erlich.',
+'ovpn port in root range' =3D> 'Ein Port von 1024 oder h=C3=B6her ist erford=
erlich.',
 'ovpn routes push' =3D> 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.2=
55.0 192.168.20.0/24',
 'ovpn routes push options' =3D> 'Route push Optionen',
 'ovpn server status' =3D> 'OpenVPN-Server-Status',
@@ -1627,7 +1630,7 @@
 'ovpn_processprioVH' =3D> 'Sehr Hoch',
 'ovpnstatus log' =3D> 'OVPN-Status-Log',
 'ovpnsys log' =3D> 'OVPN-System-Log',
-'p2p block' =3D> 'P2P-Block',
+'p2p block' =3D> 'P2P-Netzwerke',
 'p2p block save notice' =3D> 'Bitte lesen Sie die Firewallregeln neu ein, da=
mit die =C3=84nderungen aktiv werden.',
 'package failed to install' =3D> 'Programmpaket konnte nicht installiert wer=
den.',
 'pagerefresh' =3D> 'Seite wird aktualisiert. Bitte warten.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index f04a17e..3d9a5eb 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1298,6 +1298,7 @@
 'ipfire side is invalid' =3D> 'IPFire side is invalid.',
 'ipfires hostname' =3D> 'IPFire\'s Hostname',
 'ipinfo' =3D> 'IP info',
+'ipsec' =3D> 'IPsec',
 'ipsec network' =3D> 'IPsec network',
 'iptable rules' =3D> 'IPTable rules',
 'iptmangles' =3D> 'IPTable Mangles',
@@ -1635,6 +1636,8 @@
 'ovpn on blue' =3D> 'OpenVPN on BLUE',
 'ovpn on orange' =3D> 'OpenVPN on ORANGE',
 'ovpn on red' =3D> 'OpenVPN on RED',
+'ovpn mgmt in root range' =3D> 'A port number of 1024 or higher is required.=
',
+'ovpn port in root range' =3D> 'A port number of 1024 or higher is required.=
',
 'ovpn routes push' =3D> 'Routes (one per line) e.g. 192.168.10.0/255.255.255=
.0 192.168.20.0/24',
 'ovpn routes push options' =3D> 'Route push options',
 'ovpn server status' =3D> 'Current OpenVPN server status:',
@@ -1657,7 +1660,7 @@
 'ovpn_processprioVH' =3D> 'Very high',
 'ovpnstatus log' =3D> 'OVPN-Status-Log',
 'ovpnsys log' =3D> 'OVPN-System-Log',
-'p2p block' =3D> 'P2P block',
+'p2p block' =3D> 'P2P networks',
 'p2p block save notice' =3D> 'Please reload the firewall ruleset in order to=
 apply your changes.',
 'package failed to install' =3D> 'Package failed to install.',
 'pagerefresh' =3D> 'Page is beeing refreshed, please wait.',


hooks/post-receive
--
IPFire 2.x development tree

--===============3067883741165929530==--