projects / people / teissler / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 27f4a6b1 | 1 | #!/usr/bin/perl |
| 8343fd12 AM |
2 | ######################################################################## |
| 3 | # Script: convert-outgoingfw | |
| 4 | # Date: 21.03.2013 | |
| 5 | # Author: Alexander Marx (amarx@ipfire.org) | |
| 6 | ######################################################################## | |
| 7 | # | |
| 8 | # This script converts old groups and firewallrules | |
| 9 | # to the new one. This is a 3-step process. | |
| 10 | # STEP1: convert groups ->LOG /var/log/converters | |
| 11 | # STEP2: convert rules ->LOG /var/log/converters | |
| 12 | # STEP3: convert P2P rules | |
| 13 | # | |
| 14 | ######################################################################## | |
| 27f4a6b1 AM |
15 | |
| 16 | require '/var/ipfire/general-functions.pl'; | |
| 5a9fd5db | 17 | |
| 27f4a6b1 | 18 | use Socket; |
| 8f0b047b | 19 | use File::Path; |
| 5a9fd5db AM |
20 | use File::Copy; |
| 21 | ||
| 27f4a6b1 AM |
22 | my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/"; |
| 23 | my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/"; | |
| 24 | my $outgoingrules = "${General::swroot}/outgoing/rules"; | |
| 25 | my $outfwsettings = "${General::swroot}/outgoing/settings"; | |
| 26 | my $host = "Converted "; | |
| 27 | my $confighosts = "${General::swroot}/fwhosts/customhosts"; | |
| 28 | my $confignets = "${General::swroot}/fwhosts/customnetworks"; | |
| 29 | my $configgroups = "${General::swroot}/fwhosts/customgroups"; | |
| 30 | my $ovpnsettings = "${General::swroot}/ovpn/settings"; | |
| 31 | my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig"; | |
| 32 | my $ccdconfig = "${General::swroot}/ovpn/ccd.conf"; | |
| 33 | my $fwdfwconfig = "${General::swroot}/forward/config"; | |
| 6128ded8 | 34 | my $outfwconfig = "${General::swroot}/forward/outgoing"; |
| 27f4a6b1 AM |
35 | my $fwdfwsettings = "${General::swroot}/forward/settings"; |
| 36 | my @ipgroups = qx(ls $ipgrouppath); | |
| 37 | my @macgroups = qx(ls $macgrouppath); | |
| 38 | my @hostarray=(); | |
| 39 | my %outsettings=(); | |
| 40 | my %hosts=(); | |
| 41 | my %nets=(); | |
| 42 | my %groups=(); | |
| 43 | my %settingsovpn=(); | |
| 44 | my %configovpn=(); | |
| 45 | my %ccdconf=(); | |
| 6128ded8 AM |
46 | my %fwconfig=(); |
| 47 | my %fwconfigout=(); | |
| 27f4a6b1 AM |
48 | my %fwdsettings=(); |
| 49 | &General::readhash($outfwsettings,\%outsettings); | |
| 8343fd12 AM |
50 | #ONLY RUN if /var/ipfire/outgoing exists |
| 51 | if ( -d "/var/ipfire/outgoing"){ | |
| 52 | &process_groups; | |
| 53 | &process_rules; | |
| 54 | &process_p2p; | |
| 55 | } | |
| 5238a871 | 56 | system("/usr/local/bin/forwardfwctrl"); |
| 27f4a6b1 AM |
57 | sub process_groups |
| 58 | { | |
| 2833f567 | 59 | if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} |
| 8f0b047b | 60 | if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");} |
| 2833f567 | 61 | open (LOG, ">/var/log/converters/groups-convert.log") or die $!; |
| 27f4a6b1 AM |
62 | #IP Group processing |
| 63 | foreach my $group (@ipgroups){ | |
| 64 | chomp $group; | |
| 5a9fd5db | 65 | print LOG "\nProcessing IP-GROUP: $group...\n"; |
| 27f4a6b1 AM |
66 | open (DATEI, "<$ipgrouppath/$group"); |
| 67 | my @zeilen = <DATEI>; | |
| 68 | foreach my $ip (@zeilen){ | |
| 69 | chomp($ip); | |
| 70 | $ip =~ s/\s//gi; | |
| 5a9fd5db | 71 | print LOG "Check IP $ip from Group $group "; |
| 27f4a6b1 AM |
72 | my $val=&check_ip($ip); |
| 73 | if($val){ | |
| 74 | push(@hostarray,$val.",ip"); | |
| 5a9fd5db | 75 | print LOG "-> OK\n"; |
| 27f4a6b1 AM |
76 | } |
| 77 | else{ | |
| 78 | print LOG "-> IP \"$ip\" from group $group not converted (invalid IP) \n"; | |
| 79 | } | |
| 80 | $val=''; | |
| 81 | } | |
| 82 | &new_hostgrp($group,'ip'); | |
| 83 | @hostarray=(); | |
| 84 | } | |
| 85 | $group=''; | |
| 86 | @zeilen=(); | |
| 87 | @hostarray=(); | |
| 88 | #MAC Group processing | |
| 89 | foreach my $group (@macgroups){ | |
| 90 | chomp $group; | |
| 5a9fd5db | 91 | print LOG "\nProcessing MAC-GROUP: $group...\n"; |
| 27f4a6b1 AM |
92 | open (DATEI, "<$macgrouppath/$group"); |
| 93 | my @zeilen = <DATEI>; | |
| 94 | foreach my $mac (@zeilen){ | |
| 95 | chomp($mac); | |
| 96 | $mac =~ s/\s//gi; | |
| 5a9fd5db | 97 | print LOG "Checking MAC $mac from group $group "; |
| 27f4a6b1 AM |
98 | #MAC checking |
| 99 | if(&General::validmac($mac)){ | |
| 100 | $val=$mac; | |
| 101 | } | |
| 102 | if($val){ | |
| 103 | push(@hostarray,$val.",mac"); | |
| 5a9fd5db | 104 | print LOG "-> OK\n"; |
| 27f4a6b1 AM |
105 | } |
| 106 | else{ | |
| 107 | print LOG "-> Mac $mac from group $group not converted (invalid MAC)\n"; | |
| 108 | } | |
| 109 | $val=''; | |
| 110 | } | |
| 111 | &new_hostgrp($group,'mac'); | |
| 112 | @hostarray=(); | |
| 05612a54 | 113 | @zeilen=(); |
| 27f4a6b1 AM |
114 | } |
| 115 | close (LOG); | |
| 116 | } | |
| 117 | sub check_ip | |
| 118 | { | |
| 119 | my $adr=shift; | |
| 120 | my $a; | |
| 121 | #ip with subnet in decimal | |
| 122 | if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){ | |
| 123 | $adr=int($1).".".int($2).".".int($3).".".int($4); | |
| 124 | my $b = &General::iporsubtodec($5); | |
| 125 | $a=$adr."/".$b; | |
| e3afaf88 | 126 | }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ |
| 27f4a6b1 AM |
127 | $adr=int($1).".".int($2).".".int($3).".".int($4); |
| 128 | if(&General::validip($adr)){ | |
| 129 | $a=$adr."/255.255.255.255"; | |
| 130 | } | |
| 131 | } | |
| 132 | if(&General::validipandmask($adr)){ | |
| 133 | $a=&General::iporsubtodec($adr); | |
| 134 | } | |
| 135 | return $a; | |
| 136 | } | |
| 137 | sub new_hostgrp | |
| 138 | { | |
| 139 | &General::readhasharray($confighosts,\%hosts); | |
| 140 | &General::readhasharray($confignets,\%nets); | |
| 141 | &General::readhasharray($configgroups,\%groups); | |
| 142 | my $grp=shift; | |
| 143 | my $run=shift; | |
| 144 | my $name; #"converted" | |
| 145 | my $name2; | |
| 146 | my $name3; #custom host/custom net | |
| 147 | foreach my $adr (@hostarray){ | |
| 148 | if($run eq 'ip'){ | |
| 149 | my ($ip,$type) = split(",",$adr); | |
| 150 | my ($ippart,$subnet) = split("/",$ip); | |
| 151 | my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet); | |
| 5a9fd5db AM |
152 | if($byte4 eq '255'){ |
| 153 | print LOG "Processing SINGLE HOST $ippart/$subnet from group $grp\n"; | |
| 27f4a6b1 AM |
154 | if(!&check_host($ip)){ |
| 155 | my $key = &General::findhasharraykey(\%hosts); | |
| 156 | $name="host "; | |
| 157 | $name2=$name.$ippart; | |
| 158 | $name3="Custom Host"; | |
| 159 | $hosts{$key}[0] = $name2; | |
| 160 | $hosts{$key}[1] = $type; | |
| 161 | $hosts{$key}[2] = $ip; | |
| 05612a54 AM |
162 | $hosts{$key}[3] = ''; |
| 163 | $hosts{$key}[4] = 1; | |
| 5a9fd5db | 164 | print LOG "->Host (IP) $ip added to custom hosts\n" |
| 27f4a6b1 | 165 | }else{ |
| 05612a54 AM |
166 | print LOG "->Host (IP) $ip already exists in custom hosts\n"; |
| 167 | $name="host "; | |
| 168 | $name2=$name.$ippart; | |
| 8343fd12 AM |
169 | foreach my $key (sort keys %hosts){ |
| 170 | if($hosts{$key}[0] eq $name2){ | |
| 171 | $hosts{$key}[4]++; | |
| 172 | } | |
| 173 | } | |
| 174 | $name="host "; | |
| 175 | $name2=$name.$ippart; | |
| 05612a54 | 176 | $name3="Custom Host"; |
| 27f4a6b1 AM |
177 | } |
| 178 | }elsif($byte4 < '255'){ | |
| 5a9fd5db | 179 | print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n"; |
| 27f4a6b1 AM |
180 | if(!&check_net($ippart,$subnet)){ |
| 181 | my $netkey = &General::findhasharraykey(\%nets); | |
| 182 | $name="net "; | |
| 183 | $name2=$name.$ippart; | |
| 184 | $name3="Custom Network"; | |
| 185 | $nets{$netkey}[0] = $name2; | |
| 186 | $nets{$netkey}[1] = $ippart; | |
| 187 | $nets{$netkey}[2] = $subnet; | |
| 05612a54 AM |
188 | $nets{$netkey}[3] = ''; |
| 189 | $nets{$netkey}[4] = 1; | |
| 5a9fd5db | 190 | print LOG "->Network $ippart/$subnet added to custom networks\n"; |
| 27f4a6b1 | 191 | }else{ |
| 05612a54 AM |
192 | print LOG "Network $ippart already exists in custom networks\n"; |
| 193 | $name="net "; | |
| 194 | $name2=$name.$ippart; | |
| 8343fd12 AM |
195 | foreach my $key (sort keys %nets){ |
| 196 | if($nets{$key}[0] eq $name2){ | |
| 197 | $nets{$key}[4]++; | |
| 198 | } | |
| 199 | } | |
| 200 | $name="net "; | |
| 201 | $name2=$name.$ippart; | |
| 05612a54 | 202 | $name3="Custom Network"; |
| 27f4a6b1 AM |
203 | } |
| 204 | } | |
| f2ab6fba | 205 | if($name2 && !&check_grp($grp,$name2)){ |
| 27f4a6b1 AM |
206 | my $grpkey = &General::findhasharraykey(\%groups); |
| 207 | $groups{$grpkey}[0] = $grp; | |
| 208 | $groups{$grpkey}[1] = ''; | |
| 209 | $groups{$grpkey}[2] = $name2; | |
| 210 | $groups{$grpkey}[3] = $name3; | |
| 211 | $groups{$grpkey}[4] = 0; | |
| 5a9fd5db | 212 | print LOG "->$name2 added to group $grp\n"; |
| 27f4a6b1 AM |
213 | } |
| 214 | }elsif($run eq 'mac'){ | |
| 215 | #MACRUN | |
| 216 | my ($mac,$type) = split(",",$adr); | |
| 5a9fd5db | 217 | print LOG "Processing HOST (MAC) $mac\n"; |
| 27f4a6b1 AM |
218 | if(!&check_host($mac)){ |
| 219 | my $key = &General::findhasharraykey(\%hosts); | |
| 220 | $name="host "; | |
| 221 | $name2=$name.$mac; | |
| 222 | $name3="Custom Host"; | |
| 223 | $hosts{$key}[0] = $name2; | |
| 224 | $hosts{$key}[1] = $type; | |
| 225 | $hosts{$key}[2] = $mac; | |
| fccf52cf AM |
226 | $hosts{$key}[3] = ''; |
| 227 | $hosts{$key}[4] = 1; | |
| 5a9fd5db | 228 | print LOG "->Host (MAC) $mac added to custom hosts\n"; |
| 27f4a6b1 | 229 | }else{ |
| 05612a54 AM |
230 | print LOG "->Host (MAC) $mac already exists in custom hosts \n"; |
| 231 | $name="host "; | |
| 232 | $name2=$name.$mac; | |
| 8343fd12 AM |
233 | foreach my $key (sort keys %hosts){ |
| 234 | if($hosts{$key}[0] eq $name2){ | |
| 235 | $hosts{$key}[4]++; | |
| 236 | } | |
| 237 | } | |
| 238 | $name="host "; | |
| 239 | $name2=$name.$mac; | |
| 05612a54 | 240 | $name3="Custom Host"; |
| 27f4a6b1 | 241 | } |
| f2ab6fba | 242 | if($name2 && !&check_grp($grp,$name2)){ |
| 27f4a6b1 AM |
243 | my $grpkey = &General::findhasharraykey(\%groups); |
| 244 | $groups{$grpkey}[0] = $grp; | |
| 245 | $groups{$grpkey}[1] = ''; | |
| 246 | $groups{$grpkey}[2] = $name2; | |
| 247 | $groups{$grpkey}[3] = $name3; | |
| 248 | $groups{$grpkey}[4] = 0; | |
| 5a9fd5db | 249 | print LOG "->$name2 added to group $grp\n"; |
| 27f4a6b1 AM |
250 | } |
| 251 | } | |
| 252 | } | |
| 5a9fd5db | 253 | @hostarray=(); |
| 27f4a6b1 AM |
254 | &General::writehasharray($confighosts,\%hosts); |
| 255 | &General::writehasharray($configgroups,\%groups); | |
| 256 | &General::writehasharray($confignets,\%nets); | |
| 70d38e50 | 257 | |
| 27f4a6b1 AM |
258 | } |
| 259 | sub check_host | |
| 260 | { | |
| 261 | my $ip=shift; | |
| 262 | foreach my $key (sort keys %hosts) | |
| 263 | { | |
| 264 | if($hosts{$key}[2] eq $ip) | |
| 265 | { | |
| 266 | return 1; | |
| 267 | } | |
| 268 | } | |
| 269 | return 0; | |
| 270 | } | |
| 271 | sub check_net | |
| 272 | { | |
| 273 | my $ip=shift; | |
| 274 | my $sub=shift; | |
| 275 | foreach my $key (sort keys %nets) | |
| 276 | { | |
| 277 | if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub) | |
| 278 | { | |
| 279 | return 1; | |
| 280 | } | |
| 281 | } | |
| 282 | return 0; | |
| 283 | } | |
| 284 | sub check_grp | |
| 285 | { | |
| 286 | my $grp=shift; | |
| 287 | my $value=shift; | |
| 288 | foreach my $key (sort keys %groups) | |
| 289 | { | |
| 290 | if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value) | |
| 291 | { | |
| 292 | return 1; | |
| 293 | } | |
| 294 | } | |
| 295 | return 0; | |
| 296 | } | |
| 297 | sub process_rules | |
| 298 | { | |
| 6128ded8 | 299 | my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to); |
| 27f4a6b1 | 300 | &General::readhash($fwdfwsettings,\%fwdsettings); |
| 12a43202 AM |
301 | if ($outsettings{'POLICY'} eq 'MODE1'){ |
| 302 | $fwdfwsettings{'POLICY'}='MODE1'; | |
| 27f4a6b1 AM |
303 | $type='ALLOW'; |
| 304 | $action='ACCEPT'; | |
| 305 | }elsif($outsettings{'POLICY'} eq 'MODE2'){ | |
| fccf52cf | 306 | $fwdsettings{'POLICY'}='MODE2'; |
| 27f4a6b1 AM |
307 | $type='DENY'; |
| 308 | $action='DROP'; | |
| 309 | }else{ | |
| 310 | return; | |
| 311 | } | |
| fccf52cf AM |
312 | &General::writehash($fwdfwsettings,\%fwdsettings); |
| 313 | ||
| 6128ded8 AM |
314 | #open LOG |
| 315 | if( -f "/var/log/converters/outgoingfw-convert.log"){unlink ("/var/log/converters/outgoingfw-convert.log");} | |
| 316 | open (LOG, ">/var/log/converters/outgoingfw-convert.log") or die $!; | |
| 27f4a6b1 AM |
317 | open (DATEI, "<$outgoingrules"); |
| 318 | my @lines = <DATEI>; | |
| 319 | foreach my $rule (@lines) | |
| 320 | { | |
| 321 | chomp($rule); | |
| 99e698d0 | 322 | $port=''; |
| 27f4a6b1 | 323 | print LOG "processing: $rule\n"; |
| 99e698d0 AM |
324 | my @configline=(); |
| 325 | @configline = split( /\;/, $rule ); | |
| 27f4a6b1 AM |
326 | my @prot=(); |
| 327 | if($configline[0] eq $type){ | |
| 328 | #some variables we can use from old config | |
| 329 | if($configline[1] eq 'on'){ $active='ON';}else{$active='';} | |
| 5238a871 AM |
330 | if($configline[3] eq 'all' && $configline[8] ne ''){ |
| 331 | push(@prot,"TCP"); | |
| 332 | push(@prot,"UDP"); | |
| 333 | }elsif($configline[3] eq 'all' && $configline[8] eq ''){ | |
| 5a9fd5db | 334 | push(@prot,""); |
| 27f4a6b1 AM |
335 | }else{ |
| 336 | push(@prot,$configline[3]); | |
| 27f4a6b1 | 337 | } |
| 5238a871 AM |
338 | if($configline[4] ne ''){ |
| 339 | $configline[4] =~ s/,/;/g; | |
| 340 | $remark = $configline[4]; | |
| 341 | }else{$remark = '';} | |
| 8d1beadc | 342 | if($configline[9] eq 'Active'){ $log='ON';}else{$log='';} |
| 27f4a6b1 AM |
343 | if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){ |
| 344 | if($configline[17] eq '00:00' && $configline[18] eq '00:00'){ | |
| 345 | $time=''; | |
| 346 | }else{ | |
| 347 | $time='ON'; | |
| 348 | } | |
| 349 | }else{ | |
| 350 | $time='ON'; | |
| 351 | } | |
| 352 | $time_mon=$configline[10]; | |
| 353 | $time_tue=$configline[11]; | |
| 354 | $time_wed=$configline[12]; | |
| 355 | $time_thu=$configline[13]; | |
| 356 | $time_fri=$configline[14]; | |
| 357 | $time_sat=$configline[15]; | |
| 358 | $time_sun=$configline[16]; | |
| 359 | $time_from=$configline[17]; | |
| 360 | $time_to=$configline[18]; | |
| 361 | ############################################################ | |
| 362 | #sourcepart | |
| 363 | if ($configline[2] eq 'green') { | |
| 364 | $grp1='std_net_src'; | |
| 365 | $source='GREEN'; | |
| 366 | }elsif ($configline[2] eq 'orange') { | |
| 367 | $grp1='std_net_src'; | |
| 368 | $source='ORANGE'; | |
| 369 | }elsif ($configline[2] eq 'red') { | |
| 6128ded8 AM |
370 | $grp1='std_net_src'; |
| 371 | $source='IPFire'; | |
| 372 | &General::readhash($fwdfwsettings,\%fwdsettings); | |
| 373 | $fwdsettings{'POLICY1'}=$outsettings{'POLICY'}; | |
| fccf52cf | 374 | $fwdsettings{'POLICY'}=$outsettings{'POLICY'}; |
| 6128ded8 | 375 | &General::writehash($fwdfwsettings,\%fwdsettings); |
| 27f4a6b1 AM |
376 | }elsif ($configline[2] eq 'blue') { |
| 377 | $grp1='std_net_src'; | |
| 378 | $source='BLUE'; | |
| 379 | }elsif ($configline[2] eq 'ipsec') { | |
| 380 | print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n"; | |
| 381 | next; | |
| 382 | }elsif ($configline[2] eq 'ovpn') { | |
| 99e698d0 AM |
383 | &build_ovpn_grp; |
| 384 | $grp1='cust_grp_src'; | |
| 385 | $source='ovpn' | |
| 27f4a6b1 AM |
386 | }elsif ($configline[2] eq 'ip') { |
| 387 | my $z=&check_ip($configline[5]); | |
| 388 | if($z){ | |
| 3b81fad4 AM |
389 | my ($ipa,$subn) = split("/",$z); |
| 390 | $subn=&General::iporsubtocidr($subn); | |
| 27f4a6b1 | 391 | $grp1='src_addr'; |
| 3b81fad4 | 392 | $source="$ipa/$subn"; |
| 27f4a6b1 AM |
393 | }else{ |
| 394 | print LOG "-> Rule not converted, missing/invalid source ip \"$configline[5]\"\n"; | |
| 395 | next; | |
| 396 | } | |
| 397 | }elsif ($configline[2] eq 'mac') { | |
| 398 | if(&General::validmac($configline[6])){ | |
| 399 | $grp1='src_addr'; | |
| 400 | $source=$configline[6]; | |
| 401 | }else{ | |
| 402 | print LOG"-> Rule not converted, invalid MAC \"$configline[6]\" \n"; | |
| 403 | next; | |
| 404 | } | |
| 405 | }elsif ($configline[2] eq 'all') { | |
| 406 | $grp1='std_net_src'; | |
| 407 | $source='ALL'; | |
| 408 | }else{ | |
| 27f4a6b1 AM |
409 | foreach my $key (sort keys %groups){ |
| 410 | if($groups{$key}[0] eq $configline[2]){ | |
| 411 | $grp1='cust_grp_src'; | |
| 412 | $source=$configline[2]; | |
| 413 | } | |
| 414 | } | |
| 415 | if ($grp1 eq '' || $source eq ''){ | |
| 416 | print LOG "-> Rule not converted, no valid source recognised\n"; | |
| 417 | } | |
| 418 | } | |
| 419 | ############################################################ | |
| 420 | #destinationpart | |
| 421 | if($configline[7] ne ''){ | |
| 422 | my $address=&check_ip($configline[7]); | |
| 423 | if($address){ | |
| 3b81fad4 AM |
424 | my ($dip,$dsub) = split("/",$address); |
| 425 | $dsub=&General::iporsubtocidr($dsub); | |
| 27f4a6b1 | 426 | $grp2='tgt_addr'; |
| 3b81fad4 | 427 | $target="$dip/$dsub"; |
| 27f4a6b1 AM |
428 | }elsif(!$address){ |
| 429 | my $getwebsiteip=&get_ip_from_domain($configline[7]); | |
| 430 | if ($getwebsiteip){ | |
| 431 | $grp2='tgt_addr'; | |
| 432 | $target=$getwebsiteip; | |
| 5a9fd5db | 433 | $remark.=" $configline[7]"; |
| 27f4a6b1 AM |
434 | }else{ |
| 435 | print LOG "-> Rule not converted, invalid domain \"$configline[7]\"\n"; | |
| 436 | next; | |
| 437 | } | |
| 438 | } | |
| 439 | }else{ | |
| 440 | $grp2='std_net_tgt'; | |
| 441 | $target='ALL'; | |
| 442 | } | |
| 87946296 | 443 | if($configline[8] ne '' && $configline[3] ne 'gre' && $configline[3] ne 'esp'){ |
| 8f0b047b AM |
444 | my @values=(); |
| 445 | my @parts=split(",",$configline[8]); | |
| 446 | foreach (@parts){ | |
| fccf52cf | 447 | $_=~ tr/-/:/; |
| 8f0b047b AM |
448 | if (!($_ =~ /^(\d+)\:(\d+)$/)) { |
| 449 | if(&General::validport($_)){ | |
| 450 | $useport='ON'; | |
| 8f0b047b AM |
451 | push (@values,$_); |
| 452 | $grp3='TGT_PORT'; | |
| 453 | }else{ | |
| 454 | print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; | |
| 455 | next; | |
| 456 | } | |
| 27f4a6b1 | 457 | }else{ |
| 8b3dd791 AM |
458 | my ($a1,$a2) = split(/\:/,$_); |
| 459 | if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){ | |
| 8f0b047b | 460 | $useport='ON'; |
| 8f0b047b AM |
461 | push (@values,"$a1:$a2"); |
| 462 | $grp3='TGT_PORT'; | |
| 8b3dd791 | 463 | }else{ |
| 8f0b047b AM |
464 | print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; |
| 465 | next; | |
| 8b3dd791 | 466 | } |
| 8f0b047b | 467 | } |
| 27f4a6b1 | 468 | } |
| 8b3dd791 AM |
469 | $port=join("|",@values); |
| 470 | @values=(); | |
| 99e698d0 | 471 | @parts=(); |
| 27f4a6b1 AM |
472 | } |
| 473 | }else{ | |
| 474 | print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n"; | |
| 475 | } | |
| 476 | &General::readhasharray($fwdfwconfig,\%fwconfig); | |
| 6128ded8 | 477 | &General::readhasharray($outfwconfig,\%fwconfigout); |
| 27f4a6b1 | 478 | my $check; |
| 6128ded8 | 479 | my $chain; |
| 27f4a6b1 | 480 | foreach my $protocol (@prot){ |
| 6128ded8 AM |
481 | if ($source eq 'IPFire'){ |
| 482 | $chain='OUTGOINGFW'; | |
| 483 | }else{ | |
| 484 | $chain='FORWARDFW'; | |
| 485 | } | |
| 27f4a6b1 | 486 | $protocol=uc($protocol); |
| 6128ded8 | 487 | print LOG "-> Converted: $action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n"; |
| 27f4a6b1 AM |
488 | #Put rules into system.... |
| 489 | ########################### | |
| 27f4a6b1 AM |
490 | #check for double rules |
| 491 | foreach my $key (sort keys %fwconfig){ | |
| 6128ded8 | 492 | if("$action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to" |
| 27f4a6b1 AM |
493 | eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){ |
| 494 | $check='on'; | |
| 495 | next; | |
| 496 | } | |
| 497 | } | |
| 498 | if($check ne 'on'){ | |
| 499 | #increase groupcounter | |
| 500 | my $check1; | |
| 501 | if($grp1 eq 'cust_grp_src'){ | |
| 502 | foreach my $key (sort keys %groups){ | |
| 503 | if($groups{$key}[0] eq $source){ | |
| 504 | $groups{$key}[4]++; | |
| 505 | $check1='on'; | |
| 506 | } | |
| 507 | } | |
| 508 | if($check1 eq 'on'){ | |
| 27f4a6b1 AM |
509 | &General::writehasharray($configgroups,\%groups); |
| 510 | } | |
| 511 | } | |
| 6128ded8 AM |
512 | if ($chain eq 'FORWARDFW'){ |
| 513 | my $key = &General::findhasharraykey(\%fwconfig); | |
| 514 | $fwconfig{$key}[0] = $action; | |
| 515 | $fwconfig{$key}[1] = $chain; | |
| 516 | $fwconfig{$key}[2] = $active; | |
| 517 | $fwconfig{$key}[3] = $grp1; | |
| 518 | $fwconfig{$key}[4] = $source; | |
| 519 | $fwconfig{$key}[5] = $grp2; | |
| 520 | $fwconfig{$key}[6] = $target; | |
| 521 | $fwconfig{$key}[11] = $useport; | |
| 522 | $fwconfig{$key}[12] = $protocol; | |
| 523 | $fwconfig{$key}[14] = $grp3; | |
| 524 | $fwconfig{$key}[15] = $port; | |
| 525 | $fwconfig{$key}[16] = $remark; | |
| 526 | $fwconfig{$key}[17] = $log; | |
| 527 | $fwconfig{$key}[18] = $time; | |
| 528 | $fwconfig{$key}[19] = $time_mon; | |
| 529 | $fwconfig{$key}[20] = $time_tue; | |
| 530 | $fwconfig{$key}[21] = $time_wed; | |
| 531 | $fwconfig{$key}[22] = $time_thu; | |
| 532 | $fwconfig{$key}[23] = $time_fri; | |
| 533 | $fwconfig{$key}[24] = $time_sat; | |
| 534 | $fwconfig{$key}[25] = $time_sun; | |
| 535 | $fwconfig{$key}[26] = $time_from; | |
| 536 | $fwconfig{$key}[27] = $time_to; | |
| 537 | }else{ | |
| 538 | my $key = &General::findhasharraykey(\%fwconfigout); | |
| 539 | $fwconfigout{$key}[0] = $action; | |
| 540 | $fwconfigout{$key}[1] = $chain; | |
| 541 | $fwconfigout{$key}[2] = $active; | |
| 542 | $fwconfigout{$key}[3] = $grp1; | |
| 543 | $fwconfigout{$key}[4] = $source; | |
| 544 | $fwconfigout{$key}[5] = $grp2; | |
| 545 | $fwconfigout{$key}[6] = $target; | |
| 546 | $fwconfigout{$key}[11] = $useport; | |
| 547 | $fwconfigout{$key}[12] = $protocol; | |
| 548 | $fwconfigout{$key}[14] = $grp3; | |
| 549 | $fwconfigout{$key}[15] = $port; | |
| 550 | $fwconfigout{$key}[16] = $remark; | |
| 551 | $fwconfigout{$key}[17] = $log; | |
| 552 | $fwconfigout{$key}[18] = $time; | |
| 553 | $fwconfigout{$key}[19] = $time_mon; | |
| 554 | $fwconfigout{$key}[20] = $time_tue; | |
| 555 | $fwconfigout{$key}[21] = $time_wed; | |
| 556 | $fwconfigout{$key}[22] = $time_thu; | |
| 557 | $fwconfigout{$key}[23] = $time_fri; | |
| 558 | $fwconfigout{$key}[24] = $time_sat; | |
| 559 | $fwconfigout{$key}[25] = $time_sun; | |
| 560 | $fwconfigout{$key}[26] = $time_from; | |
| 561 | $fwconfigout{$key}[27] = $time_to; | |
| 562 | } | |
| 563 | &General::writehasharray($fwdfwconfig,\%fwconfig); | |
| 564 | &General::writehasharray($outfwconfig,\%fwconfigout); | |
| 27f4a6b1 AM |
565 | } |
| 566 | } | |
| 27f4a6b1 AM |
567 | @prot=(); |
| 568 | } | |
| 569 | close(LOG); | |
| 570 | @lines=(); | |
| 571 | } | |
| 572 | sub get_ip_from_domain | |
| 573 | { | |
| 574 | $web=shift; | |
| 575 | my $resolvedip; | |
| 576 | my $checked; | |
| 577 | my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web); | |
| 578 | if(@addrs){ | |
| 579 | $resolvedip=inet_ntoa($addrs[0]); | |
| 580 | return $resolvedip; | |
| 581 | } | |
| 582 | return; | |
| 583 | } | |
| 584 | sub build_ovpn_grp | |
| 585 | { | |
| 586 | &General::readhasharray($confighosts,\%hosts); | |
| 587 | &General::readhasharray($confignets,\%nets); | |
| 588 | &General::readhasharray($configgroups,\%groups); | |
| 589 | &General::readhasharray($ovpnconfig,\%configovpn); | |
| 590 | &General::readhasharray($ccdconfig,\%ccdconf); | |
| 591 | &General::readhash($ovpnsettings,\%settingsovpn); | |
| 592 | #get ovpn nets | |
| 593 | my @ovpnnets=(); | |
| 594 | if($settingsovpn{'DOVPN_SUBNET'}){ | |
| 595 | my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'}); | |
| 596 | push (@ovpnnets,"$net,$subnet,dynamic"); | |
| 597 | } | |
| 598 | foreach my $key (sort keys %ccdconf){ | |
| 599 | my ($net,$subnet)=split("/",$ccdconf{$key}[1]); | |
| 600 | $subnet=&General::iporsubtodec($subnet); | |
| 601 | push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]"); | |
| 602 | } | |
| 603 | foreach my $key (sort keys %configovpn){ | |
| 604 | if ($configovpn{$key}[3] eq 'net'){ | |
| 605 | my ($net,$subnet)=split("/",$configovpn{$key}[27]); | |
| 606 | push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]"); | |
| 607 | } | |
| 608 | } | |
| 609 | #add ovpn nets to customnetworks/groups | |
| 610 | foreach my $line (@ovpnnets){ | |
| 611 | my ($net,$subnet,$name) = split(",",$line); | |
| 612 | if (!&check_net($net,$subnet)){ | |
| 613 | my $netkey = &General::findhasharraykey(\%nets); | |
| 614 | $name2=$name."(ovpn)".$net; | |
| 615 | $name3="Custom Network"; | |
| 616 | $nets{$netkey}[0] = $name2; | |
| 617 | $nets{$netkey}[1] = $net; | |
| 618 | $nets{$netkey}[2] = $subnet; | |
| 619 | $nets{$netkey}[3] = 1; | |
| 620 | }else{ | |
| 621 | print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n"; | |
| 622 | } | |
| 623 | if($name2){ | |
| 624 | my $grpkey = &General::findhasharraykey(\%groups); | |
| 625 | $groups{$grpkey}[0] = "ovpn"; | |
| 626 | $groups{$grpkey}[1] = ''; | |
| 627 | $groups{$grpkey}[2] = $name2; | |
| 628 | $groups{$grpkey}[3] = "Custom Network"; | |
| 629 | $groups{$grpkey}[4] = 0; | |
| 630 | } | |
| 631 | $name2=''; | |
| 632 | } | |
| 633 | @ovpnnets=(); | |
| 634 | &General::writehasharray($confighosts,\%hosts); | |
| 635 | &General::writehasharray($configgroups,\%groups); | |
| 636 | &General::writehasharray($confignets,\%nets); | |
| 637 | } | |
| 5a9fd5db AM |
638 | sub process_p2p |
| 639 | { | |
| 640 | copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols"); | |
| 70d38e50 | 641 | chmod oct('0777'), '/var/ipfire/forward/p2protocols'; |
| 5a9fd5db | 642 | } |