From f003b029b67eaace5be7a273755eeb2f1139b67d Mon Sep 17 00:00:00 2001 From: Kay Marquardt Date: Wed, 10 May 2017 10:07:05 +0200 Subject: [PATCH 1/4] hotfix for filter_chain: use only with direct --- firewall/firewall-lib.pl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/firewall/firewall-lib.pl b/firewall/firewall-lib.pl index 974dcee5b..85a6b890b 100755 --- a/firewall/firewall-lib.pl +++ b/firewall/firewall-lib.pl @@ -58,12 +58,9 @@ while() { local $read_comment; s/\r|\n//g; # regex to filter out chains not managed by firewall, i.e. fail2ban - if ($config{'filter_chain'}) { + if ($config{'direct'} && $config{'filter_chain'}) { foreach $filter (split(',', $config{'filter_chain'})) { - # :chain ... -> skip line if machtes filter_chain - if (/^.?:(\S+)\s+.*/) { - next LINE if($1 =~ /^$filter$/); - } + # NOTE: keep ":chain ..." as reference to avoid error when rebuild active config # -A|-I chain ... -j chain -> skip line if machtes filter_chain if (/^.?-(A|I)\s+(\S+).*\s+-j\s+(.*)/) { next LINE if($2 =~ /^$filter$/); From fe265aa65b357b725354a3f62242c7f6287f93a3 Mon Sep 17 00:00:00 2001 From: Kay Marquardt Date: Wed, 10 May 2017 10:36:58 +0200 Subject: [PATCH 2/4] add description to mention direct must be active --- firewall/config.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/config.info b/firewall/config.info index a7291eaee..763aa32c5 100644 --- a/firewall/config.info +++ b/firewall/config.info @@ -11,4 +11,4 @@ after_apply_cmd=Command to run after applying configuration,3,None line1=System configuration,11 save_file=IPtables save file to edit,3,Use operating system or Webmin default direct=Directly edit firewall rules instead of save file?,1,1-Yes,0-No -filter_chain=Comma sepeated list of regexes to filter out chains not managed by firewall,0 +filter_chain=List of regexes to filter out chains not managed by firewall. You must activate "direct edit firewall rules" to use this feature,0 From b9507b0d77f5cfdbbf996e16816408cad06d285d Mon Sep 17 00:00:00 2001 From: Kay Marquardt Date: Wed, 10 May 2017 10:37:41 +0200 Subject: [PATCH 3/4] adjust description direct must be active --- firewall/config.info.de | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/config.info.de b/firewall/config.info.de index 648bb0c94..cb71f039d 100644 --- a/firewall/config.info.de +++ b/firewall/config.info.de @@ -11,4 +11,4 @@ after_apply_cmd=Befehle zum Anwendung der Konfiguration,3,Keiner line1=System Konfiguration,11 save_file=IPtables Speicherdatei zum Bearbeiten,3,Verwendung des Betriebssystems oder Webmin Standard direct=Direktes Bearbeiten der Firewall-Regeln anstatt von gespeicherter Datei?,1,1-Ja,0-Nein -filter_chain=Komma getrennte Liste von Regex zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden,0 +filter_chain=Liste von RegEx zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden. Die Option "Direktes Bearbeiten der Firewall-Regeln" muss aktiv sein,0 From f5927981a6e13423dc2313d25747ba7953d347d9 Mon Sep 17 00:00:00 2001 From: Kay Marquardt Date: Wed, 10 May 2017 14:28:54 +0200 Subject: [PATCH 4/4] keep -j CHAIN to statisfy iptables-restore --- firewall/firewall-lib.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/firewall-lib.pl b/firewall/firewall-lib.pl index 85a6b890b..c5735ec6b 100755 --- a/firewall/firewall-lib.pl +++ b/firewall/firewall-lib.pl @@ -64,7 +64,7 @@ while() { # -A|-I chain ... -j chain -> skip line if machtes filter_chain if (/^.?-(A|I)\s+(\S+).*\s+-j\s+(.*)/) { next LINE if($2 =~ /^$filter$/); - next LINE if($3 =~ /^$filter$/); + #next LINE if($3 =~ /^$filter$/); } } }