Revision: 2872
http://ipcop.svn.sourceforge.net/ipcop/?rev=2872&view=rev
Author: owes
Date: 2009-05-19 14:04:55 +0000 (Tue, 19 May 2009)
Log Message:
-----------
Allow DHCP on Blue also for devices not configured in Blue Access
Modified Paths:
--------------
ipcop/trunk/src/scripts/puzzleFwRules.pl
Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl 2009-05-19 06:29:00 UTC (rev
2871)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl 2009-05-19 14:04:55 UTC (rev
2872)
@@ -964,13 +964,16 @@
# Special treatment for Blue / Blue Access first
if ($FW::interfaces{$inIface}{'COLOR'} eq 'BLUE_COLOR') {
+ my @serviceXYZ;
+ my $protoPort;
+
# Allow IPsec if enabled, IPsec access does not need Blue Access
entry so it much come first
# but only if we have policy half-open/open
if (($ipsecSettings{'ENABLED'} eq 'on') &&
($ifacePolicies{$inIface}{'POLICY'} =~ /^half-open|open$/)) {
my @ipcopServices = ('IPCop isakmp', 'IPCop ESP', 'IPCop AH');
foreach my $service (@ipcopServices) {
- my @serviceXYZ = &buildServiceParamsDefault($service, "");
- foreach my $protoPort (@serviceXYZ) {
+ @serviceXYZ = &buildServiceParamsDefault($service, "");
+ foreach $protoPort (@serviceXYZ) {
&prepareRule("-A FW_IPCOP -i
$FW::interfaces{$inIface}{'IFACE'} $protoPort -j ACCEPT");
}
}
@@ -979,12 +982,18 @@
# Allow OpenVPN if enabled on blue, OpenVPN access does not need
Blue Access entry so it much come first
# but only if we have policy half-open/open
if (($ovpnSettings{'ENABLED_BLUE_1'} eq 'on') &&
($ifacePolicies{$inIface}{'POLICY'} =~ /^half-open|open$/)) {
- my @serviceXYZ = &buildServiceParamsDefault('IPCop OpenVPN',
"");
- foreach my $protoPort (@serviceXYZ) {
+ @serviceXYZ = &buildServiceParamsDefault('IPCop OpenVPN', "");
+ foreach $protoPort (@serviceXYZ) {
&prepareRule("-A FW_IPCOP -i
$FW::interfaces{$inIface}{'IFACE'} $protoPort -j ACCEPT");
}
}
+ # Open DHCP, even for those not in Blue Access
+ @serviceXYZ = &buildServiceParamsDefault('IPCop dhcp', "");
+ foreach $protoPort (@serviceXYZ) {
+ &prepareRule("-A FW_IPCOP -i
$FW::interfaces{$inIface}{'IFACE'} $protoPort -j ACCEPT");
+ }
+
if ($ifacePolicies{$inIface}{'BLUE_ACCESS'} eq 'on') {
$doUpdateWirelessRules = 1;
&prepareRule("-A FW_IPCOP -i
$FW::interfaces{$inIface}{'IFACE'} -j WIRELESSINPUT");
@@ -1036,9 +1045,9 @@
if ($FW::interfaces{$inIface}{'COLOR'} =~ /^GREEN_COLOR$/) {
@ipcopServices = ('IPCop dhcp', 'IPCop dns', 'IPCop ntp',
'IPCop proxy', 'Ping');
}
- # Some IPCop services for Blue (IPsec and/or OpenVPN are already
opened above)
+ # Some IPCop services for Blue (DHCP, IPsec, OpenVPN are already
opened above)
if ($FW::interfaces{$inIface}{'COLOR'} =~ /^BLUE_COLOR$/) {
- @ipcopServices = ('IPCop dhcp', 'IPCop dns', 'IPCop ntp',
'IPCop proxy', 'Ping');
+ @ipcopServices = ('IPCop dns', 'IPCop ntp', 'IPCop proxy',
'Ping');
}
# Some IPCop services for Orange
if ($FW::interfaces{$inIface}{'COLOR'} =~ /^ORANGE_COLOR$/) {
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
