[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670
@ 2014-04-09 12:19 git
  0 siblings, 0 replies; only message in thread
From: git @ 2014-04-09 12:19 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 6175 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  48fde0b6f999e12d916127d413357720ac5bd670 (commit)
       via  99f11a16f62ee8424c3a2b6ae72539678818a33a (commit)
       via  fcc68a4277e7befa744663eac71b17270a983bbd (commit)
      from  b1f11b0402dc6ea12078c44acb64af1a665aaafe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 48fde0b6f999e12d916127d413357720ac5bd670
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:19:16 2014 +0200

    aliases.cgi: Mark name field as mandatory.

commit 99f11a16f62ee8424c3a2b6ae72539678818a33a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:16:32 2014 +0200

    firewall: Apply destination NAT rules for the firewall itself, too.

commit fcc68a4277e7befa744663eac71b17270a983bbd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 9 14:06:32 2014 +0200

    firewall: Fix rule generation for protocols without ports.

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl        | 56 +++++++++++++++++++++--------------------
 html/cgi-bin/aliases.cgi        |  3 +--
 src/initscripts/init.d/firewall |  1 +
 3 files changed, 31 insertions(+), 29 deletions(-)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index dae2d52..92f1c0a 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -535,43 +535,45 @@ sub get_protocol_options {
 		push(@options, ("-p", $protocol));
 	}
 
-	# Process source ports.
-	my $use_src_ports = ($$hash{$key}[7] eq "ON");
-	my $src_ports     = $$hash{$key}[10];
+	if ($protocol ~~ @PROTOCOLS_WITH_PORTS) {
+		# Process source ports.
+		my $use_src_ports = ($$hash{$key}[7] eq "ON");
+		my $src_ports     = $$hash{$key}[10];
 
-	if ($use_src_ports && $src_ports) {
-		push(@options, &format_ports($src_ports, "src"));
-	}
+		if ($use_src_ports && $src_ports) {
+			push(@options, &format_ports($src_ports, "src"));
+		}
 
-	# Process destination ports.
-	my $use_dst_ports  = ($$hash{$key}[11] eq "ON");
-	my $use_dnat       = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
+		# Process destination ports.
+		my $use_dst_ports  = ($$hash{$key}[11] eq "ON");
+		my $use_dnat       = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
 
-	if ($use_dst_ports) {
-		my $dst_ports_mode = $$hash{$key}[14];
-		my $dst_ports      = $$hash{$key}[15];
+		if ($use_dst_ports) {
+			my $dst_ports_mode = $$hash{$key}[14];
+			my $dst_ports      = $$hash{$key}[15];
 
-		if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
-			if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
-				$dst_ports = $$hash{$key}[30];
-			}
-			push(@options, &format_ports($dst_ports, "dst"));
-
-		} elsif ($dst_ports_mode eq "cust_srv") {
-			if ($protocol eq "ICMP") {
-				push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
-			} else {
-				$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
+			if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
+				if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
+					$dst_ports = $$hash{$key}[30];
+				}
 				push(@options, &format_ports($dst_ports, "dst"));
-			}
 
-		} elsif ($dst_ports_mode eq "cust_srvgrp") {
-			push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
+			} elsif ($dst_ports_mode eq "cust_srv") {
+				if ($protocol eq "ICMP") {
+					push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
+				} else {
+					$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
+					push(@options, &format_ports($dst_ports, "dst"));
+				}
+
+			} elsif ($dst_ports_mode eq "cust_srvgrp") {
+				push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
+			}
 		}
 	}
 
 	# Check if a single ICMP type is selected.
-	if (!$use_src_ports && !$use_dst_ports && $protocol eq "icmp") {
+	if ($protocol eq "icmp") {
 		my $icmp_type = $$hash{$key}[9];
 
 		if (($icmp_type ne "All ICMP-Types") && $icmp_type) {
diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index 922d76d..7c3ba91 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -323,7 +323,7 @@ print <<END
 <input type='hidden' name='OLDIP' value='$settings{'IP'}' />
 <table style='width:100%;'>
 <tr>
-<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
 <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
 <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}:&nbsp;</td>
 <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
@@ -335,7 +335,6 @@ print <<END
 <hr />
 <table style='width:100%;'>
 <tr>
-    <td><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
     <td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
 </tr>
 </table>
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 246be37..31aa2c9 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,6 +196,7 @@ iptables_init() {
 	# DNAT rules
 	iptables -t nat -N NAT_DESTINATION
 	iptables -t nat -A PREROUTING -j NAT_DESTINATION
+	iptables -t nat -A OUTPUT -j NAT_DESTINATION
 
 	iptables -t mangle -N NAT_DESTINATION
 	iptables -t mangle -A PREROUTING -j NAT_DESTINATION


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-04-09 12:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-09 12:19 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 48fde0b6f999e12d916127d413357720ac5bd670 git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox