firewall.cgi: Allow to creating input rules from Orange to another zone.

Message ID 20210716163558.3779-1-stefan.schantl@ipfire.org
State Accepted
Commit a9611629cc90f716fbf4fc7050a95f0b7b285df3
Headers show
Series firewall.cgi: Allow to creating input rules from Orange to another zone. | expand

Commit Message

Stefan Schantl July 16, 2021, 4:35 p.m. UTC
It was not able to create a firewall rule from the orange network to a
different network address of the firewall. ( For example: Orange -> IPFire's green address)

These rules always have been handled as FORWARD rules which is totaly
wrong.

Fixes #12265.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
---
 html/cgi-bin/firewall.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Tremer July 17, 2021, 12:14 p.m. UTC | #1
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 16 Jul 2021, at 17:35, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
> 
> It was not able to create a firewall rule from the orange network to a
> different network address of the firewall. ( For example: Orange -> IPFire's green address)
> 
> These rules always have been handled as FORWARD rules which is totaly
> wrong.
> 
> Fixes #12265.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> Tested-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> html/cgi-bin/firewall.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
> index 70dee8d3c..e50a98179 100644
> --- a/html/cgi-bin/firewall.cgi
> +++ b/html/cgi-bin/firewall.cgi
> @@ -247,7 +247,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
> 		$errormessage=$Lang::tr{'fwdfw err same'};
> 	}
> 	# INPUT part
> -	if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
> +	if ($fwdfwsettings{'grp2'} eq 'ipfire') {
> 		$fwdfwsettings{'config'}=$configinput;
> 		$fwdfwsettings{'chain'} = 'INPUTFW';
> 		$maxkey=&General::findhasharraykey(\%configinputfw);
> -- 
> 2.30.2
>

Patch

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 70dee8d3c..e50a98179 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -247,7 +247,7 @@  if ($fwdfwsettings{'ACTION'} eq 'saverule')
 		$errormessage=$Lang::tr{'fwdfw err same'};
 	}
 	# INPUT part
-	if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+	if ($fwdfwsettings{'grp2'} eq 'ipfire') {
 		$fwdfwsettings{'config'}=$configinput;
 		$fwdfwsettings{'chain'} = 'INPUTFW';
 		$maxkey=&General::findhasharraykey(\%configinputfw);