Index: make/avm-firewall/files/root/usr/lib/cgi-bin/avm-firewall.cgi =================================================================== --- make/avm-firewall/files/root/usr/lib/cgi-bin/avm-firewall.cgi (Revision 4308) +++ make/avm-firewall/files/root/usr/lib/cgi-bin/avm-firewall.cgi (Arbeitskopie) @@ -1,5 +1,5 @@ #!/bin/sh -VERSION="2.0.4_rc2" +VERSION="2.0.4_rc3" PATH=/bin:/usr/bin:/sbin:/usr/sbin:/var/mod/sbin CONFIG=/mod/etc/conf/avm-firewall.cfg . /usr/lib/libmodcgi.sh @@ -14,8 +14,10 @@ sec_begin '$(lang en:"Mode" de:"Ansicht") Firewall / Port Forwarding' cat << EOF -Firewall -Forwarding + + + + EOF @@ -34,7 +36,7 @@ - + EOF @@ -52,7 +54,7 @@ - + EOF @@ -75,8 +77,8 @@ @@ -122,7 +124,7 @@ dslifaces rules lowinput$(lang en:"Default policy" de:"Implizite Standard-Regel"):   Permit   Deny # $(lang en:"Source" de:"Quelle") $(lang en:"Destination" de:"Ziel") $(lang en:"Protocol" de:"Protokoll") - Service/Port A$(lang en:"c" de:"k")tion $(lang en:"Configure" de:"Bearbeiten") + Service/Port A$(lang en:"c" de:"k")tion $(lang en:"  Configure  " de:"  Bearbeiten  ") EOF row=0 while [ $row -lt 50 ]; do @@ -155,18 +157,18 @@
-    (Start-)Port: -    (End-)Port: +    (Start-)Port: +    (End-)Port:
$(lang en:"Destination" de:"Ziel"): -
    (Start-)Port: +
    (Start-)Port:
@@ -256,6 +258,14 @@ Init_FWDTable(); build_new_fwdrule(); +function onlynum(elem){ + elem.value=elem.value.replace(/[^0-9]+/g,''); +} + +function onlynumpoint(elem){ + elem.value=elem.value.replace(/[^0-9\.]+/g,''); +} + function split_fwdrules(){ count=0; while ( allfwdrules[count]){ @@ -417,21 +427,21 @@ function build_new_rule(){ elem_proto=document.getElementById("id_proto"); - tmp=document.getElementById("id_action").value + " " + elem_proto.value.replace(/\s+/g,"") + " "; + tmp=document.getElementById("id_action").value + " " + elem_proto.value + " "; switch ( document.getElementById("source_type").value ){ - case "host": tmp += "host " + document.getElementById("id_source").value.replace(/\s+/g,"") + " "; break; - case "net": tmp += document.getElementById("id_source").value.replace(/\s+/g,"") + " "+ document.getElementById("id_ssubnet").value + " "; break; + case "host": tmp += "host " + document.getElementById("id_source").value + " "; break; + case "net": tmp += document.getElementById("id_source").value + " "+ document.getElementById("id_ssubnet").value + " "; break; case "any": tmp += "any " ; break; } switch ( document.getElementById("dest_type").value ){ - case "host": tmp += "host " + document.getElementById("id_dest").value.replace(/\s+/g,""); break; - case "net": tmp += document.getElementById("id_dest").value.replace(/\s+/g,"") + " "+ document.getElementById("id_dsubnet").value; break; + case "host": tmp += "host " + document.getElementById("id_dest").value; break; + case "net": tmp += document.getElementById("id_dest").value + " "+ document.getElementById("id_dsubnet").value; break; case "any": tmp += "any" ; break; } if ( elem_proto.value.charAt(0) != "i" ){ - eport = document.getElementById("id_eport").value.replace(/\s+/g,"") ; + eport = document.getElementById("id_eport").value ; if ( eport != "" ) { tmp += " range "} else { tmp += " eq "} ; - tmp += document.getElementById("id_sport").value.replace(/\s+/g,"") ; + tmp += document.getElementById("id_sport").value ; if ( eport !="" ) { tmp += " " + eport } ; } else { @@ -555,8 +565,34 @@ EOF sec_end cat << EOF -$(lang en:"\"Defaults\" will load AVM default firewall rules (only loads into this GUI, use \"Apply\" to save them)" de:"\"Standard\" lädt AVM Default-Regeln in die GUI. Zum Speichern \"Übernehmen\"-Knopf drücken").
-$(lang en:"Saving will not activate new rules by default! Check to activate rules when saving:" de:"Regeln werden beim Speichern standardmäßig nicht aktiviert! Zum Aktivieren hier klicken:") -   $(lang en:"(Sometimes box will reboot!)" de:"(Kann zum Reboot führen!)") +$(lang en:"Saving will not activate rules or new dsld switches by default! To be safe, just save settings here and then reboot your box." de:"Regelwerk und dsld Schalter werden standardmäßig nicht aktiviert! Das Sicherste ist, nach dem Speichern die Box zu rebooten.")
+$(lang en:"You may try to restart the daemons listed below:" de:"Aktivierung ist auch per Neustart von AVM-Dienste möglich. ") +   $(lang en:"This might crash your box or even restore factory defaults!" de:"Kann zum Absturz oder sogar zum Werksreset führen!")   + ++ + + + + + + + + + + + + + + + + + + + +
$(lang en:"Activate forwardings" de:"Forwardings aktivieren")$(lang en:"Activate rules and dsld switches" de:"Regeln und dsld-Schalter aktivieren")$(lang en:"Upate AVM GUI" de:"AVM-GUI aktualisieren")$(lang en:"both" de:"Beides")
(SIGHUP dsld)(Restart dsld)(HUP dsld + Restart ctlmgr)(Restart dsld $(lang en:"and" de:"und") ctlmgr)
+

$(lang en:"Some explanations: If you do not restart ctlmgr, AVM services are not aware of the changes. So any other change made in the regular AVM GUI might reverse the settings you made here. To activate port forwardings, it is sufficient to send HUP signal to dsld, to activate firewall rules or the dsld switches, dsld has to be restated" de:"Kurze Erklärung: Wenn ctlmgr nicht neu gestartet wird, sind die hier gemachten Änderungen für die AVM Dienste nicht erkennbar. Jede Änderung in der AVM GUI kann deshalb die hier gemachten Einstellungen überschreiben. Um Portweiterleitungen zu aktivieren reicht es, ein HUP Signal an den dsld zu schicken. Um die Firewall-Regeln zu aktivieren oder veränderte dsld Schalter muss dsld neu gestartet werden")

+
$(lang en:"\"Defaults\" will load AVM default firewall rules (only loads into this GUI, use \"Apply\" to save them)" de:"\"Standard\" lädt AVM Default-Regeln in die GUI. Zum Speichern \"Übernehmen\"-Knopf drücken").
EOF + Index: make/avm-firewall/files/root/etc/init.d/rc.avm-firewall =================================================================== --- make/avm-firewall/files/root/etc/init.d/rc.avm-firewall (Revision 4308) +++ make/avm-firewall/files/root/etc/init.d/rc.avm-firewall (Arbeitskopie) @@ -68,14 +68,9 @@ esac start() { - if [ ! -r "/mod/etc/conf/$DAEMON.cfg" ]; then - echo "Error[$DAEMON]: not configured" 1>&2 - exit 1 - fi - if ` grep "*gui*" /mod/etc/conf/avm-firewall.cfg `; then echo "`sed -e "s/\*gui\*//g" $CONFIG`" > $CONFIG - echo "Saving new firewall rules..." + echo -n "Saving new firewall rules... " # Die LI-Accesslist (vorne "Spaces", dann die "Rules" ans Ende ", letzte Zeile "; ) TMPACCL="" && [ -n "$AVM_FIREWALL_RULESTABLE_LI" ] && TMPACCL="$RET$ACCL$RET"`echo "$AVM_FIREWALL_RULESTABLE_LI" | sed "s/^/$SPACES\"/ ; s%\(..\)[ ]*\(/\*.*\*/\)*[ ]*$%\1\", \2 % ; $ s/, /;/"` @@ -90,56 +85,33 @@ # echte ar7.cfg schreiben cat $REALCOPY > $REAL - if [ "$AVM_FIREWALL_DO_ACTIVATE" == "yes" ]; then - echo "Requested activation of rule set. Restarting dsld ..." - eval dsld -s - eval ctlmgr -s - sleep 1 - killall -9 dsld 2> /dev/null - killall -9 ctlmgr 2> /dev/null - ctlmgr - [ "$AVM_FIREWALL_LOG_DROPPED" != "yes" ] && LOGG="-n" || LOGG="" - if [ "$AVM_FIREWALL_LOG" == "yes" ]; then - dsld $LOGG -D AVM_FW - else - dsld $LOGG - fi - echo "done"; - fi else echo "ERROR: Can only used by GUI." fi } -stop () { - echo "Stoping firewall is not possible. Firewall is running by AVM per default." - exit 1 -} - case "$1" in + ""|load) + modreg cgi $DAEMON AVM-Firewall + modreg daemon --hide avm-firewall + ;; + unload) + stop + modunreg cgi $DAEMON + modunreg daemon avm-firewall + ;; start) start ;; stop) - stop ;; restart) start ;; status) - echo 'running' ;; - ""|load) - modreg cgi $DAEMON AVM-Firewall - modreg daemon --disable avm-firewall - ;; - unload) - stop - modunreg cgi $DAEMON - modunreg daemon avm-firewall - ;; *) - echo "Usage: $0 [start|stop|restart|status]" 1>&2 + echo "Usage: $0 [load|unload|start|stop|restart|status]" 1>&2 exit 1 ;; esac Index: make/avm-firewall/files/root/etc/default.avm-firewall/avm-firewall.save =================================================================== --- make/avm-firewall/files/root/etc/default.avm-firewall/avm-firewall.save (Revision 0) +++ make/avm-firewall/files/root/etc/default.avm-firewall/avm-firewall.save (Revision 0) @@ -0,0 +1,41 @@ +pkg_apply_save() +{ + /mod/etc/init.d/rc.avm-firewall restart +} + +pkg_apply_def() +{ + /mod/etc/init.d/rc.avm-firewall restart +} + +pkg_post_save() +{ + [ -f /mod/etc/conf/avm-firewall.cfg ] && . /mod/etc/conf/avm-firewall.cfg + if $(echo "$AVM_FIREWALL_DO_ACTIVATE" | grep -q dsld ) ; then + [ "$AVM_FIREWALL_LOG_DROPPED" != "yes" ] && LOGD="-n" || LOGD="" + [ "$AVM_FIREWALL_LOG" == "yes" ] && LOG ="-D AVM_FW" || LOG="" + echo -n "Restarting dsld ... " + dsld -s + sleep 1 + killall -9 dsld 2> /dev/null + echo -n "dsld stopped ... " + . /var/env.cache + dsld $LOGD $LOG > /dev/null 2>&1 + echo "dsld startet" + else + if [ "$AVM_FIREWALL_DO_ACTIVATE" ]; then + echo 'Sending "SIGHUP" to dsld' + dsld -I > /dev/null 2>&1 + fi + fi + if $(echo "$AVM_FIREWALL_DO_ACTIVATE" | grep -q ctlmgr) ; then + echo -n "Restarting ctlmgr ... " + ctlmgr -s + sleep 1 + killall -9 ctlmgr 2> /dev/null + echo -n "ctlmgr stopped ... " + . /var/env.cache + ctlmgr 2>&1 + echo "ctlmgr startet" + fi +} Index: make/avm-firewall/Config.in =================================================================== --- make/avm-firewall/Config.in (Revision 4308) +++ make/avm-firewall/Config.in (Arbeitskopie) @@ -1,5 +1,5 @@ config FREETZ_PACKAGE_AVM_FIREWALL - bool "AVM-firewall 2.0.4_rc2" + bool "AVM-firewall 2.0.4_rc3" depends on !FREETZ_REMOVE_DSLD default n Index: make/avm-firewall/avm-firewall.mk =================================================================== --- make/avm-firewall/avm-firewall.mk (Revision 4308) +++ make/avm-firewall/avm-firewall.mk (Arbeitskopie) @@ -1,4 +1,4 @@ -$(call PKG_INIT_BIN, 2.0.4_rc2) +$(call PKG_INIT_BIN, 2.0.4_rc3) $(PKG)_STARTLEVEL=40 $(PKG_UNPACKED)