[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670
Date: Wed, 09 Apr 2014 14:19:32 +0200	[thread overview]
Message-ID: <20140409121932.671792080B@argus.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6175 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  48fde0b6f999e12d916127d413357720ac5bd670 (commit)
       via  99f11a16f62ee8424c3a2b6ae72539678818a33a (commit)
       via  fcc68a4277e7befa744663eac71b17270a983bbd (commit)
      from  b1f11b0402dc6ea12078c44acb64af1a665aaafe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 48fde0b6f999e12d916127d413357720ac5bd670
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:19:16 2014 +0200

    aliases.cgi: Mark name field as mandatory.

commit 99f11a16f62ee8424c3a2b6ae72539678818a33a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:16:32 2014 +0200

    firewall: Apply destination NAT rules for the firewall itself, too.

commit fcc68a4277e7befa744663eac71b17270a983bbd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:06:32 2014 +0200

    firewall: Fix rule generation for protocols without ports.

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl        | 56 +++++++++++++++++++++--------------------
 html/cgi-bin/aliases.cgi        |  3 +--
 src/initscripts/init.d/firewall |  1 +
 3 files changed, 31 insertions(+), 29 deletions(-)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index dae2d52..92f1c0a 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -535,43 +535,45 @@ sub get_protocol_options {
 		push(@options, ("-p", $protocol));
 	}
 
-	# Process source ports.
-	my $use_src_ports = ($$hash{$key}[7] eq "ON");
-	my $src_ports     = $$hash{$key}[10];
+	if ($protocol ~~ @PROTOCOLS_WITH_PORTS) {
+		# Process source ports.
+		my $use_src_ports = ($$hash{$key}[7] eq "ON");
+		my $src_ports     = $$hash{$key}[10];
 
-	if ($use_src_ports && $src_ports) {
-		push(@options, &format_ports($src_ports, "src"));
-	}
+		if ($use_src_ports && $src_ports) {
+			push(@options, &format_ports($src_ports, "src"));
+		}
 
-	# Process destination ports.
-	my $use_dst_ports  = ($$hash{$key}[11] eq "ON");
-	my $use_dnat       = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
+		# Process destination ports.
+		my $use_dst_ports  = ($$hash{$key}[11] eq "ON");
+		my $use_dnat       = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
 
-	if ($use_dst_ports) {
-		my $dst_ports_mode = $$hash{$key}[14];
-		my $dst_ports      = $$hash{$key}[15];
+		if ($use_dst_ports) {
+			my $dst_ports_mode = $$hash{$key}[14];
+			my $dst_ports      = $$hash{$key}[15];
 
-		if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
-			if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
-				$dst_ports = $$hash{$key}[30];
-			}
-			push(@options, &format_ports($dst_ports, "dst"));
-
-		} elsif ($dst_ports_mode eq "cust_srv") {
-			if ($protocol eq "ICMP") {
-				push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
-			} else {
-				$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
+			if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
+				if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
+					$dst_ports = $$hash{$key}[30];
+				}
 				push(@options, &format_ports($dst_ports, "dst"));
-			}
 
-		} elsif ($dst_ports_mode eq "cust_srvgrp") {
-			push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
+			} elsif ($dst_ports_mode eq "cust_srv") {
+				if ($protocol eq "ICMP") {
+					push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
+				} else {
+					$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
+					push(@options, &format_ports($dst_ports, "dst"));
+				}
+
+			} elsif ($dst_ports_mode eq "cust_srvgrp") {
+				push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
+			}
 		}
 	}
 
 	# Check if a single ICMP type is selected.
-	if (!$use_src_ports && !$use_dst_ports && $protocol eq "icmp") {
+	if ($protocol eq "icmp") {
 		my $icmp_type = $$hash{$key}[9];
 
 		if (($icmp_type ne "All ICMP-Types") && $icmp_type) {
diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index 922d76d..7c3ba91 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -323,7 +323,7 @@ print <<END
 <input type='hidden' name='OLDIP' value='$settings{'IP'}' />
 <table style='width:100%;'>
 <tr>
-<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
 <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
 <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}:&nbsp;</td>
 <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
@@ -335,7 +335,6 @@ print <<END
 <hr />
 <table style='width:100%;'>
 <tr>
-    <td><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
     <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
 </tr>
 </table>
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 246be37..31aa2c9 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,6 +196,7 @@ iptables_init() {
 	# DNAT rules
 	iptables -t nat -N NAT_DESTINATION
 	iptables -t nat -A PREROUTING -j NAT_DESTINATION
+	iptables -t nat -A OUTPUT -j NAT_DESTINATION
 
 	iptables -t mangle -N NAT_DESTINATION
 	iptables -t mangle -A PREROUTING -j NAT_DESTINATION


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2014-04-09 12:19 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140409121932.671792080B@argus.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox