[git.ipfire.org] IPFire 2.x development tree branch, next, updated. d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c
Date: Tue, 21 Jan 2014 11:56:12 +0100	[thread overview]
Message-ID: <20140121105612.7C80820AEB@argus.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6244 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c (commit)
      from  146636ae7863022e2bdddccac9ef75b8c58d79e0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c
Author: Alexander Marx <amarx(a)ipfire.org>
Date:   Tue Jan 21 11:25:35 2014 +0100

    Firewall: Bugfix - when using addressgroups with mac addresses in source, the mac rule was not correctly created.
    
    Further MAC issues: in target area, the manual ip field was target
    ip/mac address - changed to IP-Address
    Also implemented a plausicheck, if an addressgroup with mac addresses is
    used in target area, theres a hint saying that the rule will not be
    applied for mac hosts

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl  |  4 ++++
 html/cgi-bin/firewall.cgi | 30 +++++++++++++-----------------
 langs/de/cgi-bin/de.pl    |  3 ++-
 langs/en/cgi-bin/en.pl    |  3 ++-
 4 files changed, 21 insertions(+), 19 deletions(-)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index d0a9e20..f26ae5f 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -259,6 +259,8 @@ sub buildrules
 					$PROT="-p $PROT" if ($PROT ne '' && $PROT ne ' ');
 					foreach my $a (sort keys %sourcehash){
 						foreach my $b (sort keys %targethash){
+							next if ($targethash{$b}[0] eq 'none');
+							$STAG='';
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
 								if($DPROT ne ''){
 									if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
@@ -341,6 +343,8 @@ sub buildrules
 					}
 					foreach my $a (sort keys %sourcehash){
 						foreach my $b (sort keys %targethash){
+							next if ($targethash{$b}[0] eq 'none');
+							$STAG='';
 							if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){
 								if($DPROT ne ''){
 									if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] ne ''){ $STAG="-s";}
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index ee13033..86cba60 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -609,6 +609,19 @@ sub checktarget
 		$errormessage.=$Lang::tr{'fwdfw err notgtip'};
 		return $errormessage;
 	}
+	#check for mac in targetgroup
+	if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
+		&General::readhasharray("$configgrp", \%customgrp);
+		&General::readhasharray("$confighost", \%customhost);
+		foreach my $grpkey (sort keys %customgrp){
+			foreach my $hostkey (sort keys %customhost){
+				if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$hostkey}[1] eq 'mac'){
+					$hint=$Lang::tr{'fwdfw hint mac'};
+					return $hint;
+				}
+			}
+		}
+	}
 	#check empty fields
 	if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
 	#check tgt services
@@ -1403,24 +1416,7 @@ sub hint
 		print "<class name='base'>$hint\n";
 		print "&nbsp;</class>\n";
 		&Header::closebox();
-		print"<hr>";
-	}
-}
-sub inc_counter
-{
-	my $config=shift;
-	my %hash=%{(shift)};
-	my $val=shift;
-	my $pos;
-
-	&General::readhasharray($config, \%hash);
-	foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) }  keys %hash){
-		if($hash{$key}[0] eq $val){
-			$pos=$#{$hash{$key}};
-			$hash{$key}[$pos] = $hash{$key}[$pos]+1;
-		}
 	}
-	&General::writehasharray($config, \%hash);
 }
 sub newrule
 {
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index c93234b..6fa813a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -959,6 +959,7 @@
 'fwdfw from' => 'Von:',
 'fwdfw hint ip1' => 'Die zuletzt erzeugte Regel mag eventuell niemals zutreffen, da sich Quelle und Ziel überlappen.',
 'fwdfw hint ip2' => 'Bitte überprüfen Sie, ob diese Regel Sinn macht: ',
+'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.',
 'fwdfw iface' => 'Interface',
 'fwdfw ipsec network' => 'IPsec-Netzwerke:',
 'fwdfw log' => 'Log',
@@ -988,7 +989,7 @@
 'fwdfw sourceip' => 'Quelladresse (IP/MAC-Adresse oder Netzwerk):',
 'fwdfw std network' => 'Standard Netzwerke:',
 'fwdfw target' => 'Ziel',
-'fwdfw targetip' => 'Zieladresse (IP/MAC-Adresse oder Netzwerk):',
+'fwdfw targetip' => 'Zieladresse (IP-Adresse oder Netzwerk):',
 'fwdfw till' => 'Bis:',
 'fwdfw time' => 'Zeitrahmen',
 'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 67b5dd5..173b8f0 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -985,6 +985,7 @@
 'fwdfw from' => 'From:',
 'fwdfw hint ip1' => 'The last generated rule may never match, because source and destination subnets may overlap.',
 'fwdfw hint ip2' => 'Please double-check if this rule makes sense: ',
+'fwdfw hint mac' => 'The destination group contains MAC addresses, which will be skipped during rule creation.',
 'fwdfw iface' => 'Interface',
 'fwdfw ipsec network' => 'IPsec networks:',
 'fwdfw log' => 'Log',
@@ -1014,7 +1015,7 @@
 'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
 'fwdfw std network' => 'Standard networks:',
 'fwdfw target' => 'Destination',
-'fwdfw targetip' => 'Destination address (MAC/IP address or network):',
+'fwdfw targetip' => 'Destination address (IP address or network):',
 'fwdfw till' => 'Until:',
 'fwdfw time' => 'Time Constraints',
 'fwdfw timeframe' => 'Use time constraints',


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2014-01-21 10:56 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140121105612.7C80820AEB@argus.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox