From patchwork Fri Jul 16 17:15:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 4542 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GRHty3Wfbz3xGl for ; Fri, 16 Jul 2021 17:15:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4GRHtw4xz1z17t; Fri, 16 Jul 2021 17:15:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GRHtw0k9Vz2xmx; Fri, 16 Jul 2021 17:15:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GRHtv4P7rz2xJj for ; Fri, 16 Jul 2021 17:15:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4GRHtt5dHdzkW; Fri, 16 Jul 2021 17:15:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1626455735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=iI4OnyKZ+9pbf0vm6a8J3b0ndoxJ3gEONc0wF8HoHgI=; b=XY17Fb+Cl7rV/n+ghAsvozlrNz4M2W6HVS8Wfy5tzDLkdhnnGna4PeZ0yzSmENaiZbSVC3 bByfLGmpxTeU9PAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1626455735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=iI4OnyKZ+9pbf0vm6a8J3b0ndoxJ3gEONc0wF8HoHgI=; b=t+4OcNWbGkCsd8uPLtfXZ90ZM02F+huKDk34tb5KW6iMQ8fMVRytVFoWMH0Is0KTxyFemD YkEebDfFKRzT63RYL463MKF9ZyFSyj5S9WIAVq3JUgh/kKPmE9CaWpTNqFFCjCqijyy0DD ZOalFYIBL/Hufj0atNNOYTjcxwhvquYqOdKLMUlWzyzf1ta/DjbDGHEdx9cMzoFsI+Z7CL dE1t7sqjWzRsM4JBM4V+FshNnyaS0UVT8c6PYXdSHxl9xzSh+QIuSaZtw0BY4AFhIxAaa1 rEZlb016Q+qfZWcAAcXNqmCK+OhmzyrQZgQRaZNKLpjTH70Ab+zjggOMgQv2NA== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] firewall.cgi: Map rule if manual target address belongs to IPFire Date: Fri, 16 Jul 2021 19:15:28 +0200 Message-Id: <20210716171528.2652-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Automatically map the rule target if a manual entered target address is assigned to a network zone. Signed-off-by: Stefan Schantl Reviewed-by: Michael Tremer --- html/cgi-bin/firewall.cgi | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index e50a98179..e168788eb 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -213,6 +213,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &General::readhasharray("$configfwdfw", \%configfwdfw); &General::readhasharray("$configinput", \%configinputfw); &General::readhasharray("$configoutgoing", \%configoutgoingfw); + &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); my $maxkey; #Set Variables according to the JQuery code in protocol section if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') @@ -231,6 +232,38 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') { $fwdfwsettings{'USESRV'} = 'ON'; } + + # Check if a manual target IP is one of the IPFire's addresses. + if ($fwdfwsettings{'grp2'} eq 'tgt_addr') { + # Grab all available network zones. + my @network_zones = &Network::get_available_network_zones(); + + # Loop through the array of network zones. + foreach my $zone (@network_zones) { + # Skip red network zone. + next if $zone eq "red"; + + # Convert current zone name into upper case. + $zone = uc($zone); + + # Generate key to access the required data from the netsettings hash. + my $key = $zone . "_ADDRESS"; + + # Obtain the configured address for the current zone from the netsettings hash. + my $zone_address = $netsettings{$key}; + + # Check if the given address and the current processed zone address are the same. + if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq $zone_address) { + # Map the type and target. + $fwdfwsettings{'grp2'} = 'ipfire'; + $fwdfwsettings{$fwdfwsettings{'grp2'}} = $zone; + + # End loop. + last; + } + } + } + $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;}