From 0e3b7e4d9401316c269c3b85180eabc806e01ffc Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 27 Dec 2021 13:27:31 -0800
Subject: [PATCH] IPset code cleanup and better rule description

---
 firewall/firewall-lib.pl |  3 +++
 firewall/index.cgi       | 50 ++++++++++++++++++++--------------------
 firewall/lang/en         |  2 ++
 3 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/firewall/firewall-lib.pl b/firewall/firewall-lib.pl
index 4950a63ca..dcd9f06c0 100755
--- a/firewall/firewall-lib.pl
+++ b/firewall/firewall-lib.pl
@@ -281,6 +281,9 @@ foreach $d ('p', 's', 'd', 'i', 'o', 'f', 'dport',
 			if ($d eq 's' || $d eq 'd' );
 		# compose desc_$n$d to get myized message, provide values
 		# as $1, ..., $n
+		if ($d eq 'match-set') {
+			$v[1] = $text{'desc_'.$d.'_'.$v[1]} || $v[1];
+			}
 		my $txt = &text("desc_$d$n", map { "<b>$_</b>" } @v);
 		push(@c, $txt) if ($txt);
 		}
diff --git a/firewall/index.cgi b/firewall/index.cgi
index 4fb221a6b..c66e39870 100755
--- a/firewall/index.cgi
+++ b/firewall/index.cgi
@@ -435,34 +435,34 @@ else {
         # may need to check if they are used by firewall rules
 	@ipsets = &get_ipsets_active();
 	if (@ipsets) {	
-	    print &ui_hr();
-	    print "<b>$text{'index_ipset_title'}</b>";
+		print &ui_hr();
+		print "<b>$text{'index_ipset_title'}</b>";
 
-	    # Generate the header
-	    @hcols = ( $text{'index_ipset'},
-		       $text{'index_ipset_name'},
-		       $text{'index_ipset_type'},
-		       $text{'index_ipset_elem'},
-		       $text{'index_ipset_maxe'},
-		       $text{'index_ipset_size'} );
-	    print &ui_columns_start(\@hcols, 100, 0);
+		# Generate the header
+		@hcols = ( $text{'index_ipset'},
+			   $text{'index_ipset_name'},
+			   $text{'index_ipset_type'},
+			   $text{'index_ipset_elem'},
+			   $text{'index_ipset_maxe'},
+			   $text{'index_ipset_size'} );
+		print &ui_columns_start(\@hcols, 100, 0);
 
-	    # Generate a row for each rule
-	    foreach $s (@ipsets) {
-		my @h = split(/ /, $s->{'Header'});
-		# print matching pínet version
-		if ($h[1] =~ /inet${ipvx}$/) {
-			my @cols = ( "$h[0] $h[1]",
-				     $s->{'Name'},
-				     $s->{'Type'},
-				     $s->{'Number'} || 0,
-				     $h[5],
-				     $s->{'Size'} );
-			print &ui_columns_row(\@cols);
+		# Generate a row for each rule
+		foreach $s (@ipsets) {
+			my @h = split(/ /, $s->{'Header'});
+			# print matching pínet version
+			if ($h[1] =~ /inet${ipvx}$/) {
+				my @cols = ( "$h[0] $h[1]",
+					     $s->{'Name'},
+					     $s->{'Type'},
+					     $s->{'Number'} || 0,
+					     $h[5],
+					     $s->{'Size'} );
+				print &ui_columns_row(\@cols);
+				}
 			}
-                }
-	    print &ui_columns_end();
-	    }
+		print &ui_columns_end();
+		}
 
 	# Display buttons for applying and un-applying the configuration,
 	# and for creating an init script if possible
diff --git a/firewall/lang/en b/firewall/lang/en
index f366dfa10..3e2fb438b 100644
--- a/firewall/lang/en
+++ b/firewall/lang/en
@@ -142,6 +142,8 @@ desc_tos=type of service field is $1
 desc_tos!=type of service field is not $1
 desc_match-set=$2 matches IPset $1
 desc_match-set!=$2 does not match IPset $1
+desc_match-set_src=incoming traffic
+desc_match-set_dst=outgoing traffic
 desc_physdev-in=input physical interface is $1
 desc_physdev-in!=input physical interface is not $1
 desc_physdev-out=output physical interface is $1