system("/usr/sbin/ovpn-ccd-convert");
#OUTGOINGFW CONVERTER
if( -d "${General::swroot}/outgoing"){
- if( -f "${General::swroot}/forward/config" ){
- unlink("${General::swroot}/forward/config");
- system("touch ${General::swroot}/forward/config");
- chown 99,99,"${General::swroot}/forward/config";
+ if( -f "${General::swroot}/firewall/config" ){
+ unlink("${General::swroot}/firewall/config");
+ system("touch ${General::swroot}/firewall/config");
+ chown 99,99,"${General::swroot}/firewall/config";
}
- if( -f "${General::swroot}/forward/outgoing" ){
- unlink("${General::swroot}/forward/outgoing");
- system("touch ${General::swroot}/forward/outgoing");
- chown 99,99,"${General::swroot}/forward/outgoing";
+ if( -f "${General::swroot}/firewall/outgoing" ){
+ unlink("${General::swroot}/firewall/outgoing");
+ system("touch ${General::swroot}/firewall/outgoing");
+ chown 99,99,"${General::swroot}/firewall/outgoing";
}
unlink("${General::swroot}/fwhosts/customgroups");
unlink("${General::swroot}/fwhosts/customhosts");
}
#XTACCESS CONVERTER
if( -d "${General::swroot}/xtaccess"){
- if( -f "${General::swroot}/forward/input" ){
- unlink("${General::swroot}/forward/input");
- system("touch ${General::swroot}/forward/input");
+ if( -f "${General::swroot}/firewall/input" ){
+ unlink("${General::swroot}/firewall/input");
+ system("touch ${General::swroot}/firewall/input");
}
#START CONVERTER "XTACCESS"
system("/usr/sbin/convert-xtaccess");
- chown 99,99,"${General::swroot}/forward/input";
+ chown 99,99,"${General::swroot}/firewall/input";
rmtree("${General::swroot}/xtaccess");
}
#DMZ-HOLES CONVERTER
- if( -d "${General::swroot}/dmzholes"){
- if( -f "${General::swroot}/forward/dmz" ){
- unlink("${General::swroot}/forward/dmz");
- system("touch ${General::swroot}/forward/dmz");
+ if( -d "${General::swroot}/dmzholes" || -d "${General::swroot}/portfw"){
+ if( -f "${General::swroot}/firewall/config" ){
+ unlink("${General::swroot}/firewall/config");
+ system("touch ${General::swroot}/firewall/config");
}
#START CONVERTER "DMZ-HOLES"
system("/usr/sbin/convert-dmz");
- chown 99,99,"${General::swroot}/forward/dmz";
+ chown 99,99,"${General::swroot}/firewall/config";
rmtree("${General::swroot}/dmzholes");
}
#PORTFORWARD CONVERTER
if( -d "${General::swroot}/portfw"){
- if( -f "${General::swroot}/forward/nat" ){
- unlink("${General::swroot}/forward/nat");
- system("touch ${General::swroot}/forward/nat");
- }
- #START CONVERTER "PORTFW"
- system("/usr/sbin/convert-portfw");
- chown 99,99,"${General::swroot}/forward/nat";
- rmtree("${General::swroot}/portfw");
+ #START CONVERTER "PORTFW"
+ System("/usr/sbin/convert-portfw");
+ rmtree("${General::swroot}/portfw");
}
system("/usr/local/bin/forwardfwctrl");
}
*.tmp
/var/ipfire/ethernet/settings
-/var/ipfire/forward/bin/*
+/var/ipfire/firewall/bin/*
/var/ipfire/proxy/calamaris/bin/*
/var/ipfire/qos/bin/qos.pl
/var/ipfire/urlfilter/blacklists/*/*.db
-/var/ipfire/forward/bin/*
/var/ipfire/auth/users
/var/ipfire/dhcp/*
/var/ipfire/dnsforward/*
-/var/ipfire/forward
+/var/ipfire/firewall
/var/ipfire/fwhosts
/var/ipfire/main/*
/var/ipfire/ovpn
return;
}
-my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/forward/reread";
+my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/firewall/reread";
sub firewall_config_changed() {
open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR";
my %configfwdfw=();
require '/var/ipfire/general-functions.pl';
my $dmzconfig = "${General::swroot}/dmzholes/config";
-my $fwdfwconfig = "${General::swroot}/forward/config";
+my $fwdfwconfig = "${General::swroot}/firewall/config";
my $ifacesettings = "${General::swroot}/ethernet/settings";
my $field0 = 'ACCEPT';
my $field1 = 'FORWARDFW';
my $ovpnsettings = "${General::swroot}/ovpn/settings";
my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig";
my $ccdconfig = "${General::swroot}/ovpn/ccd.conf";
-my $fwdfwconfig = "${General::swroot}/forward/config";
-my $outfwconfig = "${General::swroot}/forward/outgoing";
-my $fwdfwsettings = "${General::swroot}/forward/settings";
+my $fwdfwconfig = "${General::swroot}/firewall/config";
+my $outfwconfig = "${General::swroot}/firewall/outgoing";
+my $fwdfwsettings = "${General::swroot}/firewall/settings";
my @ipgroups = qx(ls $ipgrouppath);
my @macgroups = qx(ls $macgrouppath);
my @hostarray=();
}
sub process_p2p
{
- copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols");
- chmod oct('0777'), '/var/ipfire/forward/p2protocols';
+ copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/firewall/p2protocols");
+ chmod oct('0777'), '/var/ipfire/firewall/p2protocols';
}
# STEP1: read old config and normalize settings #
# STEP2: create new rules from old ones #
# STEP3: check if rule already exists, when not, put it into #
-# /var/ipfire/forward/nat #
+# /var/ipfire/firewall/config #
###############################################################################
require '/var/ipfire/general-functions.pl';
my @values=();
my @built_rules=();
my %nat=();
my $portfwconfig = "${General::swroot}/portfw/config";
-my $confignat = "${General::swroot}/forward/config";
+my $confignat = "${General::swroot}/firewall/config";
my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
my $count=0;
my %configinputfw=();
require '/var/ipfire/general-functions.pl';
my $xtaccessconfig = "${General::swroot}/xtaccess/config";
-my $inputfwconfig = "${General::swroot}/forward/input";
+my $inputfwconfig = "${General::swroot}/firewall/input";
my $aliasconfig = "${General::swroot}/ethernet/aliases";
my $field0='ACCEPT';
my $field1='INPUTFW';
###############################################################################
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-eval $(/usr/local/bin/readhash /var/ipfire/forward/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/firewall/settings)
eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
iptables -F POLICYFWD
my @p2ps=();
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
-require "${General::swroot}/forward/bin/firewall-lib.pl";
+require "${General::swroot}/firewall/bin/firewall-lib.pl";
-my $configfwdfw = "${General::swroot}/forward/config";
-my $configinput = "${General::swroot}/forward/input";
-my $configoutgoing = "${General::swroot}/forward/outgoing";
-my $p2pfile = "${General::swroot}/forward/p2protocols";
+my $configfwdfw = "${General::swroot}/firewall/config";
+my $configinput = "${General::swroot}/firewall/input";
+my $configoutgoing = "${General::swroot}/firewall/outgoing";
+my $p2pfile = "${General::swroot}/firewall/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
my $errormessage = '';
my $dnat ='';
my $snat ='';
-&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configfwdfw, \%configfwdfw);
&General::readhasharray($configinput, \%configinputfw);
}
sub preparerules
{
- if (! -z "${General::swroot}/forward/config"){
+ if (! -z "${General::swroot}/firewall/config"){
&buildrules(\%configfwdfw);
}
- if (! -z "${General::swroot}/forward/input"){
+ if (! -z "${General::swroot}/firewall/input"){
&buildrules(\%configinputfw);
}
- if (! -z "${General::swroot}/forward/outgoing"){
+ if (! -z "${General::swroot}/firewall/outgoing"){
&buildrules(\%configoutgoingfw);
}
}
#var/ipfire/extrahd/partitions
#var/ipfire/extrahd/scan
#var/ipfire/extrahd/settings
-var/ipfire/forward
-#var/ipfire/forward/bin
-#var/ipfire/forward/bin/firewall-lib.pl
-#var/ipfire/forward/bin/rules.pl
-#var/ipfire/forward/config
-#var/ipfire/forward/dmz
-#var/ipfire/forward/input
-#var/ipfire/forward/nat
-#var/ipfire/forward/outgoing
-#var/ipfire/forward/p2protocols
-#var/ipfire/forward/settings
+var/ipfire/firewall
+#var/ipfire/firewall/bin
+#var/ipfire/firewall/bin/firewall-lib.pl
+#var/ipfire/firewall/bin/rules.pl
+#var/ipfire/firewall/config
+#var/ipfire/firewall/dmz
+#var/ipfire/firewall/input
+#var/ipfire/firewall/nat
+#var/ipfire/firewall/outgoing
+#var/ipfire/firewall/p2protocols
+#var/ipfire/firewall/settings
var/ipfire/fwhosts
#var/ipfire/fwhosts/customgroups
#var/ipfire/fwhosts/customhosts
usr/sbin/convert-portfw
usr/sbin/convert-xtaccess
usr/sbin/firewall-policy
-var/ipfire/forward
-var/ipfire/forward/bin/firewall-lib.pl
-var/ipfire/forward/bin/rules.pl
-var/ipfire/forward/config
-var/ipfire/forward/dmz
-var/ipfire/forward/input
-var/ipfire/forward/nat
-var/ipfire/forward/outgoing
-var/ipfire/forward/p2protocols
-var/ipfire/forward/settings
+var/ipfire/firewall
+var/ipfire/firewall/bin/firewall-lib.pl
+var/ipfire/firewall/bin/rules.pl
+var/ipfire/firewall/config
+var/ipfire/firewall/dmz
+var/ipfire/firewall/input
+var/ipfire/firewall/nat
+var/ipfire/firewall/outgoing
+var/ipfire/firewall/p2protocols
+var/ipfire/firewall/settings
var/ipfire/fwhosts
var/ipfire/fwhosts/customhosts
var/ipfire/fwhosts/customnetworks
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
-require "${General::swroot}/forward/bin/firewall-lib.pl";
+require "${General::swroot}/firewall/bin/firewall-lib.pl";
-unless (-d "${General::swroot}/forward") { system("mkdir ${General::swroot}/forward"); }
-unless (-e "${General::swroot}/forward/settings") { system("touch ${General::swroot}/forward/settings"); }
-unless (-e "${General::swroot}/forward/config") { system("touch ${General::swroot}/forward/config"); }
-unless (-e "${General::swroot}/forward/input") { system("touch ${General::swroot}/forward/input"); }
-unless (-e "${General::swroot}/forward/outgoing") { system("touch ${General::swroot}/forward/outgoing"); }
+unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); }
+unless (-e "${General::swroot}/firewall/settings") { system("touch ${General::swroot}/firewall/settings"); }
+unless (-e "${General::swroot}/firewall/config") { system("touch ${General::swroot}/firewall/config"); }
+unless (-e "${General::swroot}/firewall/input") { system("touch ${General::swroot}/firewall/input"); }
+unless (-e "${General::swroot}/firewall/outgoing") { system("touch ${General::swroot}/firewall/outgoing"); }
my %fwdfwsettings=();
my %selected=() ;
my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
my $configipsec = "${General::swroot}/vpn/config";
my $configipsecrw = "${General::swroot}/vpn/settings";
-my $configfwdfw = "${General::swroot}/forward/config";
-my $configinput = "${General::swroot}/forward/input";
-my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $configfwdfw = "${General::swroot}/firewall/config";
+my $configinput = "${General::swroot}/firewall/input";
+my $configoutgoing = "${General::swroot}/firewall/outgoing";
my $configovpn = "${General::swroot}/ovpn/settings";
my $fwoptions = "${General::swroot}/optionsfw/settings";
my $ifacesettings = "${General::swroot}/ethernet/settings";
my $tdcolor='';
my $checkorange='';
my @protocols;
-&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&General::readhash($fwoptions, \%optionsfw);
#SHOW FINAL RULE
print "<table width='100%'rules='cols' border='1'>";
my $col;
- if ($config eq '/var/ipfire/forward/config'){
+ if ($config eq '/var/ipfire/firewall/config'){
my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
$col="bgcolor='darkred'";
$col="bgcolor='green'";
}
&show_defaultrules($col,$pol);
- }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ }elsif ($config eq '/var/ipfire/firewall/outgoing'){
if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
$col="bgcolor='darkred'";
print"<tr><td $col width='20%' align='center'><font color='#FFFFFF'>$Lang::tr{'fwdfw final_rule'}</td><td $col align='center'><font color='#FFFFFF' >$Lang::tr{'fwdfw pol block'}</font></td></tr>";
print "<b>$title1</b><br>";
print"<table width='100%' border='0' rules='none'><tr><td height='30' bgcolor=$color{'color22'} align='center'>$Lang::tr{'fwhost empty'}</td></tr></table>";
my $col;
- if ($config eq '/var/ipfire/forward/config'){
+ if ($config eq '/var/ipfire/firewall/config'){
my $pol='fwdfw '.$fwdfwsettings{'POLICY'};
if ($fwdfwsettings{'POLICY'} eq 'MODE1'){
$col="bgcolor='darkred'";
$col="bgcolor='green'";
}
&show_defaultrules($col,$pol);
- }elsif ($config eq '/var/ipfire/forward/outgoing'){
+ }elsif ($config eq '/var/ipfire/firewall/outgoing'){
print "<table width='100%' rules='cols' border='1'>";
my $pol='fwdfw '.$fwdfwsettings{'POLICY1'};
if ($fwdfwsettings{'POLICY1'} eq 'MODE1'){
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
-my $fwconfigfwd = "${General::swroot}/forward/config";
-my $fwconfiginp = "${General::swroot}/forward/input";
+my $fwconfigfwd = "${General::swroot}/firewall/config";
+my $fwconfiginp = "${General::swroot}/firewall/input";
my $configovpn = "${General::swroot}/ovpn/settings";
my $tdcolor='';
my $configipsecrw = "${General::swroot}/vpn/settings";
my %configfwdfw=();
my %configoutgoingfw=();
-my $configfwdfw = "${General::swroot}/forward/config";
-my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $configfwdfw = "${General::swroot}/firewall/config";
+my $configoutgoing = "${General::swroot}/firewall/outgoing";
my $errormessage = '';
my $warnmessage = '';
my $filename = "${General::swroot}/optionsfw/settings";
-&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+&General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
&Header::showhttpheaders();
#Get GUI values
%fwdfwsettings = ();
$fwdfwsettings{'POLICY'} = "$MODE";
$fwdfwsettings{'POLICY1'} = "$MODE1";
- &General::writehash("${General::swroot}/forward/settings", \%fwdfwsettings);
- &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
+ &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings);
+ &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings);
system("/usr/local/bin/forwardfwctrl");
}
&General::readhash($filename, \%settings); # Load good settings
my $DPORT = shift;
my $DPROT = shift;
my %natconfig =();
- my $confignat = "${General::swroot}/forward/config";
+ my $confignat = "${General::swroot}/firewall/config";
$DPROT= uc ($DPROT);
&General::readhasharray($confignat, \%natconfig);
foreach my $key (sort keys %natconfig){
require "${General::swroot}/header.pl";
my $errormessage = '';
-my $p2pfile = "${General::swroot}/forward/p2protocols";
+my $p2pfile = "${General::swroot}/firewall/p2protocols";
my @p2ps = ();
my %fwdfwsettings = ();
# Create all directories
for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
- ethernet extrahd/bin fwlogs fwhosts forward forward/bin isdn key langs logging mac main \
+ ethernet extrahd/bin fwlogs fwhosts firewall firewall/bin isdn key langs logging mac main \
menu.d modem net-traffic net-traffic/templates nfs optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
for i in auth/users backup/include.user backup/exclude.user \
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
- ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings forward/settings forward/config forward/input forward/outgoing forward/dmz forward/nat \
+ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/input firewall/outgoing \
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
- cp $(DIR_SRC)/config/firewall/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
+ cp $(DIR_SRC)/config/firewall/rules.pl $(CONFIG_ROOT)/firewall/bin/rules.pl
cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess
cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw
cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
- cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/forward/p2protocols
- cp $(DIR_SRC)/config/firewall/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
+ cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols
+ cp $(DIR_SRC)/config/firewall/firewall-lib.pl $(CONFIG_ROOT)/firewall/bin/firewall-lib.pl
cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
- echo "POLICY=MODE2" >> $(CONFIG_ROOT)/forward/settings
- echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/forward/settings
+ echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
+ echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
# set rules.pl executable
- chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
+ chmod 755 $(CONFIG_ROOT)/firewall/bin/rules.pl
# set converters executable
chmod 755 /usr/sbin/convert-*
if (!(initsetuid()))
exit(1);
- int retval = safe_system("/var/ipfire/forward/bin/rules.pl");
+ int retval = safe_system("/var/ipfire/firewall/bin/rules.pl");
/* If rules.pl has been successfully executed, the indicator
* file is removed. */
if (retval == 0) {
- unlink("/var/ipfire/forward/reread");
+ unlink("/var/ipfire/firewall/reread");
}
return 0;