diff --git a/firewall/firewall_library.php b/firewall/firewall_library.php
new file mode 100644
index 0000000..f1cf65c
--- /dev/null
+++ b/firewall/firewall_library.php
@@ -0,0 +1,186 @@
+<?php
+function genera () {
+
+//	$file_in	= 	"/etc/sysconfig/scripts/SuSEfirewall2-custom"; 
+	$file_in	= 	"tmp/fw.new";
+	$file_out 	= 	"tmp/fw.new";
+
+	$FW 		= file ($file_in);
+	$prima 		= array ();
+	$dopo 		= array ();
+	$vecchie_u 	= array ();
+	$vecchie_i 	= array ();
+	$stato		= 0;
+
+	foreach ($FW as $riga) {
+		switch ($stato) {
+			case 0:
+				array_push($prima, $riga);
+				if (preg_match('/# REGOLE DINAMICHE/', $riga)) $stato++;
+			break;
+
+			case 1:
+				if (preg_match('/START (REGOLA-U\d+)/', $riga, $trovata)) array_push($vecchie_u, $trovata[1]);
+				if (preg_match('/START (REGOLA-I\d+)/', $riga, $trovata)) array_push($vecchie_i, $trovata[1]);
+
+				if (preg_match('/# FINE REGOLE DINAMICHE/', $riga)) {
+					$stato++;
+					array_push($dopo, $riga);
+				}
+			break;
+
+			case 2:
+				array_push($dopo, $riga);
+			break;
+		}
+
+
+
+	}
+
+	$nuove_ext 	= genera_ext ();
+
+	$cancellare 	= array_diff($vecchie_u, $nuove_ext[0]);
+	$aggiungere 	= array_diff($nuove_ext[0], $vecchie_u);
+
+	foreach ($aggiungere as $regola) {
+		exec ($nuove_ext[2][$regola]);
+	}
+
+	foreach ($cancellare as $regola) {
+		elimina ($regola);
+	}
+
+
+	$new = array_merge($prima,$nuove_ext[1], $dopo);
+	file_put_contents ($file_out, $new, LOCK_EX);
+
+}
+
+function genera_ext () {
+	global $UTENTE, $DB_ID, $CONF;
+
+	$FW_conf = carica_conf ("Firewall");
+
+	$query = "	SELECT
+				firewall_versoesterno_regole.id,
+				firewall_versoesterno_regole.stato,
+				firewall_versoesterno.proto,
+				firewall_versoesterno.int_port,
+				firewall_versoesterno.ext_port,
+				proxy_pool.ip AS int_ip,
+				firewall_macchine_ext.ip AS ext_ip
+				
+			FROM
+				firewall_versoesterno_regole
+
+			JOIN
+				firewall_versoesterno
+				ON
+					firewall_versoesterno_regole.id_firewall_versoesterno = firewall_versoesterno.id
+			JOIN
+				firewall_macchine
+				ON
+					firewall_versoesterno.id_firewall_macchine = firewall_macchine.id
+			JOIN
+				proxy_pool
+				ON
+					firewall_macchine.id_proxy_pool = proxy_pool.id
+			JOIN
+				firewall_macchine_ext
+				ON
+					firewall_versoesterno.id_firewall_macchine_ext = firewall_macchine_ext.id
+
+
+			WHERE
+				firewall_versoesterno_regole.attivo = 1
+				AND
+				firewall_versoesterno_regole.stato > 0
+			GROUP BY
+				firewall_versoesterno_regole.id_firewall_versoesterno
+	";
+
+	$nomi 		= array ();
+	$file 		= array ();
+	$esegui 	= array ();
+
+	$res = mysql_query( $query, $DB_ID );
+	while ($dato = mysql_fetch_array ( $res )) {
+				$id 		= $dato['id'];
+				$proto 		= $dato['proto'];
+				$stato 		= $dato['stato'];
+				$int_port 	= $dato['int_port'];
+				$ext_port 	= $dato['ext_port'];
+				$int_ip 	= $dato['int_ip'];
+				$ext_ip 	= $dato['ext_ip'];
+				$portaIN	= $FW_conf['portaIN'];
+
+				array_push($nomi, "REGOLA-U$id");
+
+				if ($stato == 2) $perm = "PERMANENTE"; else $perm = "";
+				if ($int_ip != "") { 
+					$ipint1 = "-s $int_ip"; 
+					$ipint2 = "-d $int_ip"; 
+				} else {
+					$ipint1 = "";
+					$ipint2 = "";
+				}
+				if ($ext_ip != "") { 
+					$ipext1 = "-d $ext_ip"; 
+					$ipext2 = "-s $ext_ip"; 
+				} else {
+					$ipext1 = "";
+					$ipext2 = "";
+				}
+				if ($int_port != "") {
+					$ptint1 = "--sport $int_port"; 
+					$ptint2 = "--dport $int_port"; 
+				} else {
+					$ptint1 = "";
+					$ptint2 = "";
+				}
+				if ($ext_port != "") {
+					$ptext1 = "--dport $ext_port"; 
+					$ptext2 = "--sport $ext_port"; 
+				} else {
+					$ptext1 = "";
+					$ptext2 = "";
+				}
+
+				$regola  = "### START REGOLA-U$id $perm ###\n";
+				$regola .= "iptables -N REGOLA-U$id\n";
+				$regola .= "iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT\n";
+				$regola .= "iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT\n";
+				$regola .= "iptables -I FORWARD -j REGOLA-U$id\n";
+				$regola .= "### STOP REGOLA-U$id $perm ###\n";
+
+				array_push($file, $regola);
+				
+				$regola  = "sudo iptables -N REGOLA-U$id; ";
+				$regola .= "sudo iptables -I REGOLA-U$id -p $proto -o $portaIN $ipint1 $ptint1 $ipext1 $ptext1 -j ACCEPT; ";
+				$regola .= "sudo iptables -I REGOLA-U$id -p $proto -i $portaIN $ipint2 $ptint2 $ipext2 $ptext2 -j ACCEPT; ";
+				$regola .= "sudo iptables -I FORWARD -j REGOLA-U$id";
+
+				$esegui['REGOLA-U'.$id] = $regola;
+
+	}
+
+	$ritorna[0] = $nomi;
+	$ritorna[1] = $file;
+	$ritorna[2] = $esegui;
+
+	return $ritorna;
+}
+
+function elimina ($cerca) {
+
+	exec ("sudo iptables -nL FORWARD --line-numbers | grep $cerca", $ritorno);
+	foreach (array_reverse($ritorno) as $riga) {
+		$pezzi = explode (" " , $riga);
+		exec ("sudo iptables -D FORWARD ".$pezzi[0]);
+		exec ("sudo iptables -F $cerca");
+		exec ("sudo iptables -X $cerca");
+	}
+}
+
+?>
diff --git a/firewall/firewall_regolesterno.php b/firewall/firewall_regolesterno.php
index 82c13f1..c7ebc4c 100755
--- a/firewall/firewall_regolesterno.php
+++ b/firewall/firewall_regolesterno.php
@@ -10,6 +10,7 @@ if (isset($_POST['nome'])) {
 	$int_port 	= 	$_POST['int_port'];
 	$ext_id 	= 	$_POST['ext_id'];
 	$ext_port 	= 	$_POST['ext_port'];
+	$proto	 	= 	$_POST['proto'];
 
 	$query = "	INSERT INTO
 				firewall_versoesterno
@@ -19,6 +20,7 @@ if (isset($_POST['nome'])) {
 				int_port = $int_port,
 				id_firewall_macchine_ext = $ext_id,
 				ext_port = $ext_port,
+				proto = $proto,
 				data = NOW(),
 				attivo = 1
 	";
@@ -55,7 +57,7 @@ $query = "	SELECT
 ";
 $res_macchine_ext = mysql_query( $query, $DB_ID );
 
-$tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0));
+$tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,5,2,15,0));
 ?>
 <form name="" method="post">
 	<tr>
@@ -64,10 +66,12 @@ $tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0));
 		<td class="descrizione">Nome regola</td>
 		<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="descrizione">Macchina interna</td>
-		<td class="descrizione">Porta</td>
+		<td class="descrizione_c">Porta</td>
 		<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="descrizione">Macchina esterna</td>
-		<td class="descrizione">Porta</td>
+		<td class="descrizione_c">Porta</td>
+		<td rowspan=2 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td class="descrizione_c">Proto</td>
 		<td rowspan=2 colspan=3 class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 
 
@@ -92,6 +96,13 @@ $tabella = new html (0,"90%",array(3,3,2,15,2,15,5,2,15,5,2,15,0));
 			</select>
 		</td>
 		<td class="colip"><input type="text" size="3" name="ext_port"></td>
+		<td class="colip">
+			<select name="proto">
+				<option value="" selected="selected">---</option>
+				<option value="tcp">TCP</option>
+				<option value="udp">UDP</option>
+			</select>
+		</td>
 
 	</tr>
 </form>
@@ -100,6 +111,7 @@ $tabella->riga();
 $query = "	SELECT 
 			firewall_versoesterno.id,
 			firewall_versoesterno.nome,
+			firewall_versoesterno.proto,
 			proxy_pool.ip AS int_ip,
 			proxy_pool.nome AS int_nome,
 			firewall_versoesterno.int_port,
@@ -142,10 +154,12 @@ while ($dato = mysql_fetch_array ( $res )) {
 		<td rowspan=2 class="descrizione"><?php print $dato['nome'] ?></td>
 		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="descrizione"><?php print $dato['int_nome'] ?></td>
-		<td rowspan=2 class="descrizione"><?php print $dato['int_port'] ?></td>
+		<td rowspan=2 class="descrizione_c"><?php print $dato['int_port'] ?></td>
 		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td class="descrizione"><?php print $dato['ext_nome'] ?></td>
-		<td rowspan=2 class="descrizione"><?php print $dato['ext_port'] ?></td>
+		<td rowspan=2 class="descrizione_c"><?php print $dato['ext_port'] ?></td>
+		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
+		<td rowspan=2 class="descrizione_c"><?php print $dato['proto'] ?></td>
 		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
 		<td rowspan=2 class="descrizione"><?php print $dato['data'] ?></td>
 		<td rowspan=2 class="spazioh"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
diff --git a/firewall/index.php b/firewall/index.php
index 73a19e2..21f1e29 100755
--- a/firewall/index.php
+++ b/firewall/index.php
@@ -1,5 +1,6 @@
 <?php
 include_once ("../core/config.php");
+include_once ("firewall_library.php");
 $UTENTE = login();
 $DIRITTI = diritti('Utente');
 view_top();
@@ -7,6 +8,8 @@ view_top();
 if (isset($_POST['utente'])) {
 	$utente = $_POST['utente'];
 
+	$modificato = 0;
+
 	$old = $new = array();
 	foreach ($_POST as $id => $valore) {
 		if (preg_match ("/^new-(\d+)/", $id, $ris)) $new[$ris[1]] = $valore;
@@ -16,6 +19,7 @@ if (isset($_POST['utente'])) {
 	foreach ($new as $id => $valore) {
 		if ($new[$id] == $old[$id]) continue;
 
+		$modificato = 1;
 		if ($valore >1) 
 			$stato = 1;
 		else
@@ -51,7 +55,12 @@ if (isset($_POST['utente'])) {
 					data = NOW()
 		";
 		$res = mysql_query( $query, $DB_ID );
+
 	}
+
+
+	if ($modificato) genera();
+
 }
 
 $tabella = new html (0,"90%",array(15,2,20,2,5,0));
diff --git a/firewall/tmp/fw.new b/firewall/tmp/fw.new
new file mode 100644
index 0000000..21706a1
--- /dev/null
+++ b/firewall/tmp/fw.new
@@ -0,0 +1,41 @@
+fw_custom_after_chain_creation() {
+
+	# REGOLE DINAMICHE
+### START REGOLA-U1  ###
+iptables -N REGOLA-U1
+iptables -I REGOLA-U1 -p tcp -o bond0 -s 192.168.1.1 --sport 25 -d 151.1.219.70 --dport 443 -j ACCEPT
+iptables -I REGOLA-U1 -p tcp -i bond0 -d 192.168.1.1 --dport 25 -s 151.1.219.70 --sport 443 -j ACCEPT
+iptables -I FORWARD -j REGOLA-U1
+### STOP REGOLA-U1  ###
+### START REGOLA-U3  ###
+iptables -N REGOLA-U3
+iptables -I REGOLA-U3 -p udp -o bond0 -s 192.168.1.3 --sport 45 -d 151.1.219.70 --dport 6754 -j ACCEPT
+iptables -I REGOLA-U3 -p udp -i bond0 -d 192.168.1.3 --dport 45 -s 151.1.219.70 --sport 6754 -j ACCEPT
+iptables -I FORWARD -j REGOLA-U3
+### STOP REGOLA-U3  ###
+	# FINE REGOLE DINAMICHE
+
+
+
+    true
+}
+
+fw_custom_before_port_handling() { 
+
+    true
+}
+
+fw_custom_before_masq() { 
+
+    true
+}
+
+fw_custom_before_denyall() { 
+
+    true
+}
+
+fw_custom_after_finished() {
+
+    true
+}
diff --git a/risorse/stili/stile.css b/risorse/stili/stile.css
index 83ae152..31afc69 100644
--- a/risorse/stili/stile.css
+++ b/risorse/stili/stile.css
@@ -32,6 +32,8 @@ td.campoc 	{ font-family: verdana; font-size: 14px; text-align: center; vertical
 td.valorec 	{ font-family: verdana; font-size: 14px; text-align: center; vertical-align:text-top; text-decoration: none; color: #000000; }
 td.descrizione 	{ font-family: verdana; font-size: 11px; text-align: left; width:50px; text-decoration: none; color: #8e8e8e; }
 td.descrizione_c{ font-family: verdana; font-size: 11px; text-align: center; width:50px; text-decoration: none; color: #8e8e8e; }
+td.descrizione_l{ font-family: verdana; font-size: 11px; text-align: left; width:50px; text-decoration: none; color: #8e8e8e; }
+td.descrizione_r{ font-family: verdana; font-size: 11px; text-align: right; width:50px; text-decoration: none; color: #8e8e8e; }
 td.spaziol 	{ font-family: verdana; font-size: 11px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; }
 td.radio 	{ font-family: verdana; font-size: 11px; text-align: center; height:1px; text-decoration: none; color: #8e8e8e; }
 td.sep	 	{ font-family: verdana; font-size:  1px; text-align: left; height:1px; text-decoration: none; color: #8e8e8e; }