BUG11805: Firewallrule with source orange and target firewall-interface-orange not possible
| Message ID | 20180822092316.25418-1-alexander.marx@ipfire.org |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id DB38C61842 for <patchwork@web02.i.ipfire.org>; Wed, 22 Aug 2018 11:23:26 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id F04B410C14A8; Wed, 22 Aug 2018 10:23:25 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1534929806; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references:list-id: list-unsubscribe:list-subscribe:list-post; bh=si0tFWWqyr6VVwqRZkP2hkhOrB73U3pQy12ZfeJshhU=; b=Py+o6nhy5ykX16JaPGo2XA60IduPTM1k2DdHVHR5rsjf7y766qF8hTQIHRKY/FF2ugVuss fkU+G9mPQm/UhZ8pZHM7JjEIYKHfGByvYN4sOIY17+UYw57/LBUF9lsvuhAkX9Noj/zKVk YQdPRydpa5TEJpWZJVZWkhptKF7HH+NBLH4/uD1JrLfRM7uMZwQezSaCpBZN0kXa4l8a7k LKVGmO6BgB2aviEw6S4z5B3gVtei1tQ8HGBkstmq8s8E11LE4CGMvwwtHuiXpNao2rr40O BSIwjWBU1rLI9GhDyI0fQ3lzYz7yVCwAXtVziJjAXo5/nBlDGUv1eScbdV2VhQ== Received: from localhost.localdomain (business-90-187-3-157.pool2.vodafone-ip.de [90.187.3.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id D2087109102F; Wed, 22 Aug 2018 10:23:22 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1534929803; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=si0tFWWqyr6VVwqRZkP2hkhOrB73U3pQy12ZfeJshhU=; b=gUuN5s6IDlWbWdpi8mSTsk+Ss7olpAOU/dFtXOEtgP5ZmmrkE+KeNL3n72VU+mDTnWtFFB det0/yV3FY2V0mUEEhdiG2yD24NFiAUdIm7incOY3x5Kgy6bl7klr2G4hmUH/1a4f6265i gjDoag3bYgXADlcUWcM9x/EylruyEfTtpCrmu2xrH2cHSfLjKEgHv9Qgk9klBherA5OVUe HC7ZKi9RvdYUeC93Q62ACd65HJP9k2Ek1fdMlbc/g4/ODsfe0/C6gl7Jvr9tEKAKIVn+ZS VtGwNpp6hUGBOqaLbQbo196gQwA2EjSdcydGeJp8wwt0y5Vqx49dmgH8AclRiw== From: Alexander Marx <alexander.marx@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] BUG11805: Firewallrule with source orange and target firewall-interface-orange not possible Date: Wed, 22 Aug 2018 11:23:16 +0200 Message-Id: <20180822092316.25418-1-alexander.marx@ipfire.org> X-Mailer: git-send-email 2.17.1 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=amarx smtp.mailfrom=alexander.marx@ipfire.org X-Spamd-Result: default: False [-4.78 / 11.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DKIM_SIGNED(0.00)[]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-2.68)[-0.895,0]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:31334, ipnet:90.187.0.0/16, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] X-Spam-Status: No, score=-4.78 X-Rspamd-Server: mail01.i.ipfire.org Cc: Alexander Marx <amarx@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
BUG11805: Firewallrule with source orange and target firewall-interface-orange not possible
|
|
Commit Message
Alexander Marx
22 Aug 2018, 7:23 p.m. UTC
From: Alexander Marx <amarx@ipfire.org> Now its possible to create a rule with orange source and target orange interface of the firewall. fixes: #11805 Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> --- html/cgi-bin/firewall.cgi | 4 ---- lfs/apcupsd | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-)
Comments
Hi, On Wed, 2018-08-22 at 11:23 +0200, Alexander Marx wrote: > From: Alexander Marx <amarx@ipfire.org> > > Now its possible to create a rule with orange source and target orange interface of the firewall. > > fixes: #11805 > > Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> > --- > html/cgi-bin/firewall.cgi | 4 ---- > lfs/apcupsd | 2 +- > 2 files changed, 1 insertion(+), 5 deletions(-) > > diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi > index 499f279d1..fb1c25dfd 100644 > --- a/html/cgi-bin/firewall.cgi > +++ b/html/cgi-bin/firewall.cgi > @@ -241,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') > $checkorange='on'; > } > } > - #check useless rules > - if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){ > - $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>"; > - } Does this exist for any other zones, too? > #check if we try to break rules > if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ > $errormessage=$Lang::tr{'fwdfw err same'}; > diff --git a/lfs/apcupsd b/lfs/apcupsd > index ce36c3c6f..773dace74 100644 > --- a/lfs/apcupsd > +++ b/lfs/apcupsd > @@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > cd $(DIR_APP) && ./configure --prefix=/usr --enable-usb --enable-cgi \ > - --with-cgi-bin=/srv/web/ipfire/cgi-bin > + --with-cgi-bin=/srv/web/ipfire/cgi-bin --sysconfdir=/var/ipfire/ups This doesn't belong here. > cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install >
Am 22.08.2018 um 12:14 schrieb Michael Tremer: > Hi, > > On Wed, 2018-08-22 at 11:23 +0200, Alexander Marx wrote: >> From: Alexander Marx <amarx@ipfire.org> >> >> Now its possible to create a rule with orange source and target orange interface of the firewall. >> >> fixes: #11805 >> >> Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> >> --- >> html/cgi-bin/firewall.cgi | 4 ---- >> lfs/apcupsd | 2 +- >> 2 files changed, 1 insertion(+), 5 deletions(-) >> >> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi >> index 499f279d1..fb1c25dfd 100644 >> --- a/html/cgi-bin/firewall.cgi >> +++ b/html/cgi-bin/firewall.cgi >> @@ -241,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') >> $checkorange='on'; >> } >> } >> - #check useless rules >> - if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){ >> - $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>"; >> - } > Does this exist for any other zones, too? No. Thats the only point in code where a useless rule is checked > >> #check if we try to break rules >> if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ >> $errormessage=$Lang::tr{'fwdfw err same'}; >> diff --git a/lfs/apcupsd b/lfs/apcupsd >> index ce36c3c6f..773dace74 100644 >> --- a/lfs/apcupsd >> +++ b/lfs/apcupsd >> @@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) >> cd $(DIR_APP) && ./configure --prefix=/usr --enable-usb --enable-cgi \ >> - --with-cgi-bin=/srv/web/ipfire/cgi-bin >> + --with-cgi-bin=/srv/web/ipfire/cgi-bin --sysconfdir=/var/ipfire/ups > This doesn't belong here. right. Please ignore this part. > >> cd $(DIR_APP) && make $(MAKETUNING) >> cd $(DIR_APP) && make install >>
On Wed, 2018-08-22 at 14:24 +0200, Alexander Marx wrote: > > Am 22.08.2018 um 12:14 schrieb Michael Tremer: > > Hi, > > > > On Wed, 2018-08-22 at 11:23 +0200, Alexander Marx wrote: > > > From: Alexander Marx <amarx@ipfire.org> > > > > > > Now its possible to create a rule with orange source and target orange interface of the firewall. > > > > > > fixes: #11805 > > > > > > Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> > > > --- > > > html/cgi-bin/firewall.cgi | 4 ---- > > > lfs/apcupsd | 2 +- > > > 2 files changed, 1 insertion(+), 5 deletions(-) > > > > > > diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi > > > index 499f279d1..fb1c25dfd 100644 > > > --- a/html/cgi-bin/firewall.cgi > > > +++ b/html/cgi-bin/firewall.cgi > > > @@ -241,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') > > > $checkorange='on'; > > > } > > > } > > > - #check useless rules > > > - if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){ > > > - $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>"; > > > - } > > > > Does this exist for any other zones, too? > > No. Thats the only point in code where a useless rule is checked Well, it is actually not that useless :) Best, -Michael > > > > > #check if we try to break rules > > > if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ > > > $errormessage=$Lang::tr{'fwdfw err same'}; > > > diff --git a/lfs/apcupsd b/lfs/apcupsd > > > index ce36c3c6f..773dace74 100644 > > > --- a/lfs/apcupsd > > > +++ b/lfs/apcupsd > > > @@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > > > @$(PREBUILD) > > > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > > > cd $(DIR_APP) && ./configure --prefix=/usr --enable-usb --enable-cgi \ > > > - --with-cgi-bin=/srv/web/ipfire/cgi-bin > > > + --with-cgi-bin=/srv/web/ipfire/cgi-bin --sysconfdir=/var/ipfire/ups > > > > This doesn't belong here. > > right. Please ignore this part. > > > > > cd $(DIR_APP) && make $(MAKETUNING) > > > cd $(DIR_APP) && make install > > > > >
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 499f279d1..fb1c25dfd 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -241,10 +241,6 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $checkorange='on'; } } - #check useless rules - if( ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq 'ORANGE' || $checkorange eq 'on') && $fwdfwsettings{'grp2'} eq 'ipfire'){ - $errormessage.=$Lang::tr{'fwdfw useless rule'}."<br>"; - } #check if we try to break rules if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){ $errormessage=$Lang::tr{'fwdfw err same'}; diff --git a/lfs/apcupsd b/lfs/apcupsd index ce36c3c6f..773dace74 100644 --- a/lfs/apcupsd +++ b/lfs/apcupsd @@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure --prefix=/usr --enable-usb --enable-cgi \ - --with-cgi-bin=/srv/web/ipfire/cgi-bin + --with-cgi-bin=/srv/web/ipfire/cgi-bin --sysconfdir=/var/ipfire/ups cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install