firewall.cgi: Map rule if manual target address belongs to IPFire
Commit Message
Automatically map the rule target if a manual entered target address is
assigned to a network zone.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
html/cgi-bin/firewall.cgi | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
> On 16 Jul 2021, at 18:15, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
>
> Automatically map the rule target if a manual entered target address is
> assigned to a network zone.
>
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> html/cgi-bin/firewall.cgi | 33 +++++++++++++++++++++++++++++++++
> 1 file changed, 33 insertions(+)
>
> diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
> index e50a98179..e168788eb 100644
> --- a/html/cgi-bin/firewall.cgi
> +++ b/html/cgi-bin/firewall.cgi
> @@ -213,6 +213,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
> &General::readhasharray("$configfwdfw", \%configfwdfw);
> &General::readhasharray("$configinput", \%configinputfw);
> &General::readhasharray("$configoutgoing", \%configoutgoingfw);
> + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
> my $maxkey;
> #Set Variables according to the JQuery code in protocol section
> if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
> @@ -231,6 +232,38 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
> {
> $fwdfwsettings{'USESRV'} = 'ON';
> }
> +
> + # Check if a manual target IP is one of the IPFire's addresses.
> + if ($fwdfwsettings{'grp2'} eq 'tgt_addr') {
> + # Grab all available network zones.
> + my @network_zones = &Network::get_available_network_zones();
> +
> + # Loop through the array of network zones.
> + foreach my $zone (@network_zones) {
> + # Skip red network zone.
> + next if $zone eq "red";
> +
> + # Convert current zone name into upper case.
> + $zone = uc($zone);
> +
> + # Generate key to access the required data from the netsettings hash.
> + my $key = $zone . "_ADDRESS";
> +
> + # Obtain the configured address for the current zone from the netsettings hash.
> + my $zone_address = $netsettings{$key};
> +
> + # Check if the given address and the current processed zone address are the same.
> + if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $zone_address) {
> + # Map the type and target.
> + $fwdfwsettings{'grp2'} = 'ipfire';
> + $fwdfwsettings{$fwdfwsettings{'grp2'}} = $zone;
> +
> + # End loop.
> + last;
> + }
> + }
> + }
> +
> $errormessage=&checksource;
> if(!$errormessage){&checktarget;}
> if(!$errormessage){&checkrule;}
> --
> 2.30.2
>
@@ -213,6 +213,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
&General::readhasharray("$configfwdfw", \%configfwdfw);
&General::readhasharray("$configinput", \%configinputfw);
&General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
my $maxkey;
#Set Variables according to the JQuery code in protocol section
if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
@@ -231,6 +232,38 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
{
$fwdfwsettings{'USESRV'} = 'ON';
}
+
+ # Check if a manual target IP is one of the IPFire's addresses.
+ if ($fwdfwsettings{'grp2'} eq 'tgt_addr') {
+ # Grab all available network zones.
+ my @network_zones = &Network::get_available_network_zones();
+
+ # Loop through the array of network zones.
+ foreach my $zone (@network_zones) {
+ # Skip red network zone.
+ next if $zone eq "red";
+
+ # Convert current zone name into upper case.
+ $zone = uc($zone);
+
+ # Generate key to access the required data from the netsettings hash.
+ my $key = $zone . "_ADDRESS";
+
+ # Obtain the configured address for the current zone from the netsettings hash.
+ my $zone_address = $netsettings{$key};
+
+ # Check if the given address and the current processed zone address are the same.
+ if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $zone_address) {
+ # Map the type and target.
+ $fwdfwsettings{'grp2'} = 'ipfire';
+ $fwdfwsettings{$fwdfwsettings{'grp2'}} = $zone;
+
+ # End loop.
+ last;
+ }
+ }
+ }
+
$errormessage=&checksource;
if(!$errormessage){&checktarget;}
if(!$errormessage){&checkrule;}