[3/4] BUG11559: firewall-lib
Commit Message
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes
on save (subnet is added to name) we need to split the name or normalise the field before using it.
---
config/firewall/firewall-lib.pl | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
Comments
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes
on save (subnet is added to name) we need to split the name or normalise the field before using it.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
---
config/firewall/firewall-lib.pl | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index eabd9a4..9b7f55c 100644
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -150,6 +150,9 @@ sub get_ipsec_net_ip
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+ #adapt $val to reflect real name without subnet (if rule with only one ipsec subnet is created)
+ my @tmpval = split (/\|/, $val);
+ $val = $tmpval[0];
if($ipsecconf{$key}[1] eq $val){
return $ipsecconf{$key}[$field];
}
@@ -390,10 +393,16 @@ sub get_address
# IPsec networks.
} elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
- my $network_address = &get_ipsec_net_ip($value, 11);
- my @nets = split(/\|/, $network_address);
- foreach my $net (@nets) {
- push(@ret, [$net, ""]);
+ #Check if we have multiple subnets and only want one of them
+ if ( $value =~ /\|/ ){
+ my @parts = split(/\|/, $value);
+ push(@ret, [$parts[1], ""]);
+ }else{
+ my $network_address = &get_ipsec_net_ip($value, 11);
+ my @nets = split(/\|/, $network_address);
+ foreach my $net (@nets) {
+ push(@ret, [$net, ""]);
+ }
}
# The firewall's own IP addresses.
@@ -150,6 +150,9 @@ sub get_ipsec_net_ip
my $val=shift;
my $field=shift;
foreach my $key (sort {$a <=> $b} keys %ipsecconf){
+ #adapt $val to reflect real name without subnet (if rule with only one ipsec subnet is created)
+ my @tmpval = split (/\|/, $val);
+ $val = $tmpval[0];
if($ipsecconf{$key}[1] eq $val){
return $ipsecconf{$key}[$field];
}
@@ -390,10 +393,16 @@ sub get_address
# IPsec networks.
} elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
- my $network_address = &get_ipsec_net_ip($value, 11);
- my @nets = split(/\|/, $network_address);
- foreach my $net (@nets) {
- push(@ret, [$net, ""]);
+ #Check if we have multiple subnets and only want one of them
+ if ( $value =~ /\|/ ){
+ my @parts = split(/\|/, $value);
+ push(@ret, [$parts[1], ""]);
+ }else{
+ my $network_address = &get_ipsec_net_ip($value, 11);
+ my @nets = split(/\|/, $network_address);
+ foreach my $net (@nets) {
+ push(@ret, [$net, ""]);
+ }
}
# The firewall's own IP addresses.