From patchwork Fri Jul 16 16:35:58 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 4541
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GRH1R4l6Tz3xGl
	for <patchwork@web04.haj.ipfire.org>; Fri, 16 Jul 2021 16:36:11 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4GRH1P1rKvz1Zh;
	Fri, 16 Jul 2021 16:36:09 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GRH1N1bjTz2xhq;
	Fri, 16 Jul 2021 16:36:08 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GRH1M6CJ0z2xJj
 for <development@lists.ipfire.org>; Fri, 16 Jul 2021 16:36:07 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4GRH1L35SMz14c;
 Fri, 16 Jul 2021 16:36:06 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1626453366;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=KBt6O5rVeLba4+UYLAyJfdmVbiB9EI8m30STVL2oXZk=;
 b=EaPWiU0bOW5/G/3xFx9xs9Z1TD+llSDTo0FxgmdFFIXdGRuC7RLwx1ZUBgsGzEf+56XMy1
 4C/NrZN4CppyZyCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1626453366;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=KBt6O5rVeLba4+UYLAyJfdmVbiB9EI8m30STVL2oXZk=;
 b=jdnENnHWu5jOlbRpmPDKoiLcA5nDD0XcnZh3I/4g3/VE7LDPdj1qvOXM4U8Qr+vw/5cBC9
 l4/IB3aSJQ63W+Got0cHv+SBETQL1QtrVBc0ywGmrFtJT7XKydBp7NJYd0AX5D/oMBgsI5
 qDEX97yDnfCZ7F8vVjVI2VyavZz3WY0QRPuJv9/AAKzPg4YbXaPvs0MEIJqANz6IrqBbgC
 0/uePO0In+wgFGYGpIdmnW7M2OEDFlIV2pc7I+I/sRDdK/0q0BIxklppbGLCDUgsFDgrwu
 rChCxqhEd3/yu0a8BQfpLoNqAbZu2bCDOamaehykwWnkP3HT9ipVAl46DQjz0Q==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] firewall.cgi: Allow to creating input rules from Orange to
 another zone.
Date: Fri, 16 Jul 2021 18:35:58 +0200
Message-Id: <20210716163558.3779-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

It was not able to create a firewall rule from the orange network to a
different network address of the firewall. ( For example: Orange -> IPFire's green address)

These rules always have been handled as FORWARD rules which is totaly
wrong.

Fixes #12265.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/firewall.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 70dee8d3c..e50a98179 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -247,7 +247,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 		$errormessage=$Lang::tr{'fwdfw err same'};
 	}
 	# INPUT part
-	if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+	if ($fwdfwsettings{'grp2'} eq 'ipfire') {
 		$fwdfwsettings{'config'}=$configinput;
 		$fwdfwsettings{'chain'} = 'INPUTFW';
 		$maxkey=&General::findhasharraykey(\%configinputfw);