From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c Date: Tue, 21 Jan 2014 11:56:12 +0100 Message-ID: <20140121105612.7C80820AEB@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7643930231007170965==" List-Id: --===============7643930231007170965== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c (commit) from 146636ae7863022e2bdddccac9ef75b8c58d79e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d334d7cb47ad4b55a24d54ff7f7081e9bb60ed1c Author: Alexander Marx Date: Tue Jan 21 11:25:35 2014 +0100 Firewall: Bugfix - when using addressgroups with mac addresses in source,= the mac rule was not correctly created. =20 Further MAC issues: in target area, the manual ip field was target ip/mac address - changed to IP-Address Also implemented a plausicheck, if an addressgroup with mac addresses is used in target area, theres a hint saying that the rule will not be applied for mac hosts ----------------------------------------------------------------------- Summary of changes: config/firewall/rules.pl | 4 ++++ html/cgi-bin/firewall.cgi | 30 +++++++++++++----------------- langs/de/cgi-bin/de.pl | 3 ++- langs/en/cgi-bin/en.pl | 3 ++- 4 files changed, 21 insertions(+), 19 deletions(-) Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index d0a9e20..f26ae5f 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -259,6 +259,8 @@ sub buildrules $PROT=3D"-p $PROT" if ($PROT ne '' && $PROT ne ' '); foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ + next if ($targethash{$b}[0] eq 'none'); + $STAG=3D''; if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne= 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] = ne ''){ $STAG=3D"-s";} @@ -341,6 +343,8 @@ sub buildrules } foreach my $a (sort keys %sourcehash){ foreach my $b (sort keys %targethash){ + next if ($targethash{$b}[0] eq 'none'); + $STAG=3D''; if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne= 'none' || $sourcehash{$a}[0] eq '0.0.0.0/0.0.0.0'){ if($DPROT ne ''){ if(substr($sourcehash{$a}[0], 3, 3) ne 'mac' && $sourcehash{$a}[0] = ne ''){ $STAG=3D"-s";} diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index ee13033..86cba60 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -609,6 +609,19 @@ sub checktarget $errormessage.=3D$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } + #check for mac in targetgroup + if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){ + &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$confighost", \%customhost); + foreach my $grpkey (sort keys %customgrp){ + foreach my $hostkey (sort keys %customhost){ + if ($customgrp{$grpkey}[2] eq $customhost{$hostkey}[0] && $customhost{$h= ostkey}[1] eq 'mac'){ + $hint=3D$Lang::tr{'fwdfw hint mac'}; + return $hint; + } + } + } + } #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=3D$Lang::= tr{'fwdfw err notgt'}."
";} #check tgt services @@ -1403,24 +1416,7 @@ sub hint print "$hint\n"; print " \n"; &Header::closebox(); - print"
"; - } -} -sub inc_counter -{ - my $config=3Dshift; - my %hash=3D%{(shift)}; - my $val=3Dshift; - my $pos; - - &General::readhasharray($config, \%hash); - foreach my $key (sort { uc($hash{$a}[0]) cmp uc($hash{$b}[0]) } keys %hash= ){ - if($hash{$key}[0] eq $val){ - $pos=3D$#{$hash{$key}}; - $hash{$key}[$pos] =3D $hash{$key}[$pos]+1; - } } - &General::writehasharray($config, \%hash); } sub newrule { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c93234b..6fa813a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -959,6 +959,7 @@ 'fwdfw from' =3D> 'Von:', 'fwdfw hint ip1' =3D> 'Die zuletzt erzeugte Regel mag eventuell niemals zutr= effen, da sich Quelle und Ziel =C3=BCberlappen.', 'fwdfw hint ip2' =3D> 'Bitte =C3=BCberpr=C3=BCfen Sie, ob diese Regel Sinn m= acht: ', +'fwdfw hint mac' =3D> 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werd= en bei der Regelerstellung =C3=BCbersprungen.', 'fwdfw iface' =3D> 'Interface', 'fwdfw ipsec network' =3D> 'IPsec-Netzwerke:', 'fwdfw log' =3D> 'Log', @@ -988,7 +989,7 @@ 'fwdfw sourceip' =3D> 'Quelladresse (IP/MAC-Adresse oder Netzwerk):', 'fwdfw std network' =3D> 'Standard Netzwerke:', 'fwdfw target' =3D> 'Ziel', -'fwdfw targetip' =3D> 'Zieladresse (IP/MAC-Adresse oder Netzwerk):', +'fwdfw targetip' =3D> 'Zieladresse (IP-Adresse oder Netzwerk):', 'fwdfw till' =3D> 'Bis:', 'fwdfw time' =3D> 'Zeitrahmen', 'fwdfw timeframe' =3D> 'Zeitrahmen hinzuf=C3=BCgen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 67b5dd5..173b8f0 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -985,6 +985,7 @@ 'fwdfw from' =3D> 'From:', 'fwdfw hint ip1' =3D> 'The last generated rule may never match, because sour= ce and destination subnets may overlap.', 'fwdfw hint ip2' =3D> 'Please double-check if this rule makes sense: ', +'fwdfw hint mac' =3D> 'The destination group contains MAC addresses, which w= ill be skipped during rule creation.', 'fwdfw iface' =3D> 'Interface', 'fwdfw ipsec network' =3D> 'IPsec networks:', 'fwdfw log' =3D> 'Log', @@ -1014,7 +1015,7 @@ 'fwdfw sourceip' =3D> 'Source address (MAC/IP address or network):', 'fwdfw std network' =3D> 'Standard networks:', 'fwdfw target' =3D> 'Destination', -'fwdfw targetip' =3D> 'Destination address (MAC/IP address or network):', +'fwdfw targetip' =3D> 'Destination address (IP address or network):', 'fwdfw till' =3D> 'Until:', 'fwdfw time' =3D> 'Time Constraints', 'fwdfw timeframe' =3D> 'Use time constraints', hooks/post-receive -- IPFire 2.x development tree --===============7643930231007170965==--