]>
Commit | Line | Data |
---|---|---|
27f4a6b1 | 1 | #!/usr/bin/perl |
8343fd12 AM |
2 | ######################################################################## |
3 | # Script: convert-outgoingfw | |
4 | # Date: 21.03.2013 | |
5 | # Author: Alexander Marx (amarx@ipfire.org) | |
6 | ######################################################################## | |
7 | # | |
8 | # This script converts old groups and firewallrules | |
9 | # to the new one. This is a 3-step process. | |
10 | # STEP1: convert groups ->LOG /var/log/converters | |
11 | # STEP2: convert rules ->LOG /var/log/converters | |
12 | # STEP3: convert P2P rules | |
13 | # | |
14 | ######################################################################## | |
27f4a6b1 AM |
15 | |
16 | require '/var/ipfire/general-functions.pl'; | |
5a9fd5db | 17 | |
27f4a6b1 | 18 | use Socket; |
8f0b047b | 19 | use File::Path; |
5a9fd5db AM |
20 | use File::Copy; |
21 | ||
27f4a6b1 AM |
22 | my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/"; |
23 | my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/"; | |
24 | my $outgoingrules = "${General::swroot}/outgoing/rules"; | |
25 | my $outfwsettings = "${General::swroot}/outgoing/settings"; | |
26 | my $host = "Converted "; | |
27 | my $confighosts = "${General::swroot}/fwhosts/customhosts"; | |
28 | my $confignets = "${General::swroot}/fwhosts/customnetworks"; | |
29 | my $configgroups = "${General::swroot}/fwhosts/customgroups"; | |
30 | my $ovpnsettings = "${General::swroot}/ovpn/settings"; | |
31 | my $ovpnconfig = "${General::swroot}/ovpn/ovpnconfig"; | |
32 | my $ccdconfig = "${General::swroot}/ovpn/ccd.conf"; | |
33 | my $fwdfwconfig = "${General::swroot}/forward/config"; | |
6128ded8 | 34 | my $outfwconfig = "${General::swroot}/forward/outgoing"; |
27f4a6b1 AM |
35 | my $fwdfwsettings = "${General::swroot}/forward/settings"; |
36 | my @ipgroups = qx(ls $ipgrouppath); | |
37 | my @macgroups = qx(ls $macgrouppath); | |
38 | my @hostarray=(); | |
39 | my %outsettings=(); | |
40 | my %hosts=(); | |
41 | my %nets=(); | |
42 | my %groups=(); | |
43 | my %settingsovpn=(); | |
44 | my %configovpn=(); | |
45 | my %ccdconf=(); | |
6128ded8 AM |
46 | my %fwconfig=(); |
47 | my %fwconfigout=(); | |
27f4a6b1 AM |
48 | my %fwdsettings=(); |
49 | &General::readhash($outfwsettings,\%outsettings); | |
8343fd12 AM |
50 | #ONLY RUN if /var/ipfire/outgoing exists |
51 | if ( -d "/var/ipfire/outgoing"){ | |
52 | &process_groups; | |
53 | &process_rules; | |
54 | &process_p2p; | |
55 | } | |
5238a871 | 56 | system("/usr/local/bin/forwardfwctrl"); |
27f4a6b1 AM |
57 | sub process_groups |
58 | { | |
2833f567 | 59 | if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} |
8f0b047b | 60 | if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");} |
2833f567 | 61 | open (LOG, ">/var/log/converters/groups-convert.log") or die $!; |
27f4a6b1 AM |
62 | #IP Group processing |
63 | foreach my $group (@ipgroups){ | |
64 | chomp $group; | |
5a9fd5db | 65 | print LOG "\nProcessing IP-GROUP: $group...\n"; |
27f4a6b1 AM |
66 | open (DATEI, "<$ipgrouppath/$group"); |
67 | my @zeilen = <DATEI>; | |
68 | foreach my $ip (@zeilen){ | |
69 | chomp($ip); | |
70 | $ip =~ s/\s//gi; | |
5a9fd5db | 71 | print LOG "Check IP $ip from Group $group "; |
27f4a6b1 AM |
72 | my $val=&check_ip($ip); |
73 | if($val){ | |
74 | push(@hostarray,$val.",ip"); | |
5a9fd5db | 75 | print LOG "-> OK\n"; |
27f4a6b1 AM |
76 | } |
77 | else{ | |
78 | print LOG "-> IP \"$ip\" from group $group not converted (invalid IP) \n"; | |
79 | } | |
80 | $val=''; | |
81 | } | |
82 | &new_hostgrp($group,'ip'); | |
83 | @hostarray=(); | |
84 | } | |
85 | $group=''; | |
86 | @zeilen=(); | |
87 | @hostarray=(); | |
88 | #MAC Group processing | |
89 | foreach my $group (@macgroups){ | |
90 | chomp $group; | |
5a9fd5db | 91 | print LOG "\nProcessing MAC-GROUP: $group...\n"; |
27f4a6b1 AM |
92 | open (DATEI, "<$macgrouppath/$group"); |
93 | my @zeilen = <DATEI>; | |
94 | foreach my $mac (@zeilen){ | |
95 | chomp($mac); | |
96 | $mac =~ s/\s//gi; | |
5a9fd5db | 97 | print LOG "Checking MAC $mac from group $group "; |
27f4a6b1 AM |
98 | #MAC checking |
99 | if(&General::validmac($mac)){ | |
100 | $val=$mac; | |
101 | } | |
102 | if($val){ | |
103 | push(@hostarray,$val.",mac"); | |
5a9fd5db | 104 | print LOG "-> OK\n"; |
27f4a6b1 AM |
105 | } |
106 | else{ | |
107 | print LOG "-> Mac $mac from group $group not converted (invalid MAC)\n"; | |
108 | } | |
109 | $val=''; | |
110 | } | |
111 | &new_hostgrp($group,'mac'); | |
112 | @hostarray=(); | |
05612a54 | 113 | @zeilen=(); |
27f4a6b1 AM |
114 | } |
115 | close (LOG); | |
116 | } | |
117 | sub check_ip | |
118 | { | |
119 | my $adr=shift; | |
120 | my $a; | |
121 | #ip with subnet in decimal | |
122 | if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){ | |
123 | $adr=int($1).".".int($2).".".int($3).".".int($4); | |
124 | my $b = &General::iporsubtodec($5); | |
125 | $a=$adr."/".$b; | |
e3afaf88 | 126 | }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ |
27f4a6b1 AM |
127 | $adr=int($1).".".int($2).".".int($3).".".int($4); |
128 | if(&General::validip($adr)){ | |
129 | $a=$adr."/255.255.255.255"; | |
130 | } | |
131 | } | |
132 | if(&General::validipandmask($adr)){ | |
133 | $a=&General::iporsubtodec($adr); | |
134 | } | |
135 | return $a; | |
136 | } | |
137 | sub new_hostgrp | |
138 | { | |
139 | &General::readhasharray($confighosts,\%hosts); | |
140 | &General::readhasharray($confignets,\%nets); | |
141 | &General::readhasharray($configgroups,\%groups); | |
142 | my $grp=shift; | |
143 | my $run=shift; | |
144 | my $name; #"converted" | |
145 | my $name2; | |
146 | my $name3; #custom host/custom net | |
147 | foreach my $adr (@hostarray){ | |
148 | if($run eq 'ip'){ | |
149 | my ($ip,$type) = split(",",$adr); | |
150 | my ($ippart,$subnet) = split("/",$ip); | |
151 | my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet); | |
5a9fd5db AM |
152 | if($byte4 eq '255'){ |
153 | print LOG "Processing SINGLE HOST $ippart/$subnet from group $grp\n"; | |
27f4a6b1 AM |
154 | if(!&check_host($ip)){ |
155 | my $key = &General::findhasharraykey(\%hosts); | |
156 | $name="host "; | |
157 | $name2=$name.$ippart; | |
158 | $name3="Custom Host"; | |
159 | $hosts{$key}[0] = $name2; | |
160 | $hosts{$key}[1] = $type; | |
161 | $hosts{$key}[2] = $ip; | |
05612a54 AM |
162 | $hosts{$key}[3] = ''; |
163 | $hosts{$key}[4] = 1; | |
5a9fd5db | 164 | print LOG "->Host (IP) $ip added to custom hosts\n" |
27f4a6b1 | 165 | }else{ |
05612a54 AM |
166 | print LOG "->Host (IP) $ip already exists in custom hosts\n"; |
167 | $name="host "; | |
168 | $name2=$name.$ippart; | |
8343fd12 AM |
169 | foreach my $key (sort keys %hosts){ |
170 | if($hosts{$key}[0] eq $name2){ | |
171 | $hosts{$key}[4]++; | |
172 | } | |
173 | } | |
174 | $name="host "; | |
175 | $name2=$name.$ippart; | |
05612a54 | 176 | $name3="Custom Host"; |
27f4a6b1 AM |
177 | } |
178 | }elsif($byte4 < '255'){ | |
5a9fd5db | 179 | print LOG "Processing NETWORK $ippart/$subnet from Group $grp\n"; |
27f4a6b1 AM |
180 | if(!&check_net($ippart,$subnet)){ |
181 | my $netkey = &General::findhasharraykey(\%nets); | |
182 | $name="net "; | |
183 | $name2=$name.$ippart; | |
184 | $name3="Custom Network"; | |
185 | $nets{$netkey}[0] = $name2; | |
186 | $nets{$netkey}[1] = $ippart; | |
187 | $nets{$netkey}[2] = $subnet; | |
05612a54 AM |
188 | $nets{$netkey}[3] = ''; |
189 | $nets{$netkey}[4] = 1; | |
5a9fd5db | 190 | print LOG "->Network $ippart/$subnet added to custom networks\n"; |
27f4a6b1 | 191 | }else{ |
05612a54 AM |
192 | print LOG "Network $ippart already exists in custom networks\n"; |
193 | $name="net "; | |
194 | $name2=$name.$ippart; | |
8343fd12 AM |
195 | foreach my $key (sort keys %nets){ |
196 | if($nets{$key}[0] eq $name2){ | |
197 | $nets{$key}[4]++; | |
198 | } | |
199 | } | |
200 | $name="net "; | |
201 | $name2=$name.$ippart; | |
05612a54 | 202 | $name3="Custom Network"; |
27f4a6b1 AM |
203 | } |
204 | } | |
f2ab6fba | 205 | if($name2 && !&check_grp($grp,$name2)){ |
27f4a6b1 AM |
206 | my $grpkey = &General::findhasharraykey(\%groups); |
207 | $groups{$grpkey}[0] = $grp; | |
208 | $groups{$grpkey}[1] = ''; | |
209 | $groups{$grpkey}[2] = $name2; | |
210 | $groups{$grpkey}[3] = $name3; | |
211 | $groups{$grpkey}[4] = 0; | |
5a9fd5db | 212 | print LOG "->$name2 added to group $grp\n"; |
27f4a6b1 AM |
213 | } |
214 | }elsif($run eq 'mac'){ | |
215 | #MACRUN | |
216 | my ($mac,$type) = split(",",$adr); | |
5a9fd5db | 217 | print LOG "Processing HOST (MAC) $mac\n"; |
27f4a6b1 AM |
218 | if(!&check_host($mac)){ |
219 | my $key = &General::findhasharraykey(\%hosts); | |
220 | $name="host "; | |
221 | $name2=$name.$mac; | |
222 | $name3="Custom Host"; | |
223 | $hosts{$key}[0] = $name2; | |
224 | $hosts{$key}[1] = $type; | |
225 | $hosts{$key}[2] = $mac; | |
fccf52cf AM |
226 | $hosts{$key}[3] = ''; |
227 | $hosts{$key}[4] = 1; | |
5a9fd5db | 228 | print LOG "->Host (MAC) $mac added to custom hosts\n"; |
27f4a6b1 | 229 | }else{ |
05612a54 AM |
230 | print LOG "->Host (MAC) $mac already exists in custom hosts \n"; |
231 | $name="host "; | |
232 | $name2=$name.$mac; | |
8343fd12 AM |
233 | foreach my $key (sort keys %hosts){ |
234 | if($hosts{$key}[0] eq $name2){ | |
235 | $hosts{$key}[4]++; | |
236 | } | |
237 | } | |
238 | $name="host "; | |
239 | $name2=$name.$mac; | |
05612a54 | 240 | $name3="Custom Host"; |
27f4a6b1 | 241 | } |
f2ab6fba | 242 | if($name2 && !&check_grp($grp,$name2)){ |
27f4a6b1 AM |
243 | my $grpkey = &General::findhasharraykey(\%groups); |
244 | $groups{$grpkey}[0] = $grp; | |
245 | $groups{$grpkey}[1] = ''; | |
246 | $groups{$grpkey}[2] = $name2; | |
247 | $groups{$grpkey}[3] = $name3; | |
248 | $groups{$grpkey}[4] = 0; | |
5a9fd5db | 249 | print LOG "->$name2 added to group $grp\n"; |
27f4a6b1 AM |
250 | } |
251 | } | |
252 | } | |
5a9fd5db | 253 | @hostarray=(); |
27f4a6b1 AM |
254 | &General::writehasharray($confighosts,\%hosts); |
255 | &General::writehasharray($configgroups,\%groups); | |
256 | &General::writehasharray($confignets,\%nets); | |
70d38e50 | 257 | |
27f4a6b1 AM |
258 | } |
259 | sub check_host | |
260 | { | |
261 | my $ip=shift; | |
262 | foreach my $key (sort keys %hosts) | |
263 | { | |
264 | if($hosts{$key}[2] eq $ip) | |
265 | { | |
266 | return 1; | |
267 | } | |
268 | } | |
269 | return 0; | |
270 | } | |
271 | sub check_net | |
272 | { | |
273 | my $ip=shift; | |
274 | my $sub=shift; | |
275 | foreach my $key (sort keys %nets) | |
276 | { | |
277 | if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub) | |
278 | { | |
279 | return 1; | |
280 | } | |
281 | } | |
282 | return 0; | |
283 | } | |
284 | sub check_grp | |
285 | { | |
286 | my $grp=shift; | |
287 | my $value=shift; | |
288 | foreach my $key (sort keys %groups) | |
289 | { | |
290 | if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value) | |
291 | { | |
292 | return 1; | |
293 | } | |
294 | } | |
295 | return 0; | |
296 | } | |
297 | sub process_rules | |
298 | { | |
6128ded8 | 299 | my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to); |
27f4a6b1 | 300 | &General::readhash($fwdfwsettings,\%fwdsettings); |
12a43202 AM |
301 | if ($outsettings{'POLICY'} eq 'MODE1'){ |
302 | $fwdfwsettings{'POLICY'}='MODE1'; | |
27f4a6b1 AM |
303 | $type='ALLOW'; |
304 | $action='ACCEPT'; | |
305 | }elsif($outsettings{'POLICY'} eq 'MODE2'){ | |
fccf52cf | 306 | $fwdsettings{'POLICY'}='MODE2'; |
27f4a6b1 AM |
307 | $type='DENY'; |
308 | $action='DROP'; | |
309 | }else{ | |
310 | return; | |
311 | } | |
fccf52cf AM |
312 | &General::writehash($fwdfwsettings,\%fwdsettings); |
313 | ||
6128ded8 AM |
314 | #open LOG |
315 | if( -f "/var/log/converters/outgoingfw-convert.log"){unlink ("/var/log/converters/outgoingfw-convert.log");} | |
316 | open (LOG, ">/var/log/converters/outgoingfw-convert.log") or die $!; | |
27f4a6b1 AM |
317 | open (DATEI, "<$outgoingrules"); |
318 | my @lines = <DATEI>; | |
319 | foreach my $rule (@lines) | |
320 | { | |
321 | chomp($rule); | |
99e698d0 | 322 | $port=''; |
27f4a6b1 | 323 | print LOG "processing: $rule\n"; |
99e698d0 AM |
324 | my @configline=(); |
325 | @configline = split( /\;/, $rule ); | |
27f4a6b1 AM |
326 | my @prot=(); |
327 | if($configline[0] eq $type){ | |
328 | #some variables we can use from old config | |
329 | if($configline[1] eq 'on'){ $active='ON';}else{$active='';} | |
5238a871 AM |
330 | if($configline[3] eq 'all' && $configline[8] ne ''){ |
331 | push(@prot,"TCP"); | |
332 | push(@prot,"UDP"); | |
333 | }elsif($configline[3] eq 'all' && $configline[8] eq ''){ | |
5a9fd5db | 334 | push(@prot,""); |
27f4a6b1 AM |
335 | }else{ |
336 | push(@prot,$configline[3]); | |
27f4a6b1 | 337 | } |
5238a871 AM |
338 | if($configline[4] ne ''){ |
339 | $configline[4] =~ s/,/;/g; | |
340 | $remark = $configline[4]; | |
341 | }else{$remark = '';} | |
8d1beadc | 342 | if($configline[9] eq 'Active'){ $log='ON';}else{$log='';} |
27f4a6b1 AM |
343 | if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){ |
344 | if($configline[17] eq '00:00' && $configline[18] eq '00:00'){ | |
345 | $time=''; | |
346 | }else{ | |
347 | $time='ON'; | |
348 | } | |
349 | }else{ | |
350 | $time='ON'; | |
351 | } | |
352 | $time_mon=$configline[10]; | |
353 | $time_tue=$configline[11]; | |
354 | $time_wed=$configline[12]; | |
355 | $time_thu=$configline[13]; | |
356 | $time_fri=$configline[14]; | |
357 | $time_sat=$configline[15]; | |
358 | $time_sun=$configline[16]; | |
359 | $time_from=$configline[17]; | |
360 | $time_to=$configline[18]; | |
361 | ############################################################ | |
362 | #sourcepart | |
363 | if ($configline[2] eq 'green') { | |
364 | $grp1='std_net_src'; | |
365 | $source='GREEN'; | |
366 | }elsif ($configline[2] eq 'orange') { | |
367 | $grp1='std_net_src'; | |
368 | $source='ORANGE'; | |
369 | }elsif ($configline[2] eq 'red') { | |
6128ded8 AM |
370 | $grp1='std_net_src'; |
371 | $source='IPFire'; | |
372 | &General::readhash($fwdfwsettings,\%fwdsettings); | |
373 | $fwdsettings{'POLICY1'}=$outsettings{'POLICY'}; | |
fccf52cf | 374 | $fwdsettings{'POLICY'}=$outsettings{'POLICY'}; |
6128ded8 | 375 | &General::writehash($fwdfwsettings,\%fwdsettings); |
27f4a6b1 AM |
376 | }elsif ($configline[2] eq 'blue') { |
377 | $grp1='std_net_src'; | |
378 | $source='BLUE'; | |
379 | }elsif ($configline[2] eq 'ipsec') { | |
380 | print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n"; | |
381 | next; | |
382 | }elsif ($configline[2] eq 'ovpn') { | |
99e698d0 AM |
383 | &build_ovpn_grp; |
384 | $grp1='cust_grp_src'; | |
385 | $source='ovpn' | |
27f4a6b1 AM |
386 | }elsif ($configline[2] eq 'ip') { |
387 | my $z=&check_ip($configline[5]); | |
388 | if($z){ | |
3b81fad4 AM |
389 | my ($ipa,$subn) = split("/",$z); |
390 | $subn=&General::iporsubtocidr($subn); | |
27f4a6b1 | 391 | $grp1='src_addr'; |
3b81fad4 | 392 | $source="$ipa/$subn"; |
27f4a6b1 AM |
393 | }else{ |
394 | print LOG "-> Rule not converted, missing/invalid source ip \"$configline[5]\"\n"; | |
395 | next; | |
396 | } | |
397 | }elsif ($configline[2] eq 'mac') { | |
398 | if(&General::validmac($configline[6])){ | |
399 | $grp1='src_addr'; | |
400 | $source=$configline[6]; | |
401 | }else{ | |
402 | print LOG"-> Rule not converted, invalid MAC \"$configline[6]\" \n"; | |
403 | next; | |
404 | } | |
405 | }elsif ($configline[2] eq 'all') { | |
406 | $grp1='std_net_src'; | |
407 | $source='ALL'; | |
408 | }else{ | |
27f4a6b1 AM |
409 | foreach my $key (sort keys %groups){ |
410 | if($groups{$key}[0] eq $configline[2]){ | |
411 | $grp1='cust_grp_src'; | |
412 | $source=$configline[2]; | |
413 | } | |
414 | } | |
415 | if ($grp1 eq '' || $source eq ''){ | |
416 | print LOG "-> Rule not converted, no valid source recognised\n"; | |
417 | } | |
418 | } | |
419 | ############################################################ | |
420 | #destinationpart | |
421 | if($configline[7] ne ''){ | |
422 | my $address=&check_ip($configline[7]); | |
423 | if($address){ | |
3b81fad4 AM |
424 | my ($dip,$dsub) = split("/",$address); |
425 | $dsub=&General::iporsubtocidr($dsub); | |
27f4a6b1 | 426 | $grp2='tgt_addr'; |
3b81fad4 | 427 | $target="$dip/$dsub"; |
27f4a6b1 AM |
428 | }elsif(!$address){ |
429 | my $getwebsiteip=&get_ip_from_domain($configline[7]); | |
430 | if ($getwebsiteip){ | |
431 | $grp2='tgt_addr'; | |
432 | $target=$getwebsiteip; | |
5a9fd5db | 433 | $remark.=" $configline[7]"; |
27f4a6b1 AM |
434 | }else{ |
435 | print LOG "-> Rule not converted, invalid domain \"$configline[7]\"\n"; | |
436 | next; | |
437 | } | |
438 | } | |
439 | }else{ | |
440 | $grp2='std_net_tgt'; | |
441 | $target='ALL'; | |
442 | } | |
87946296 | 443 | if($configline[8] ne '' && $configline[3] ne 'gre' && $configline[3] ne 'esp'){ |
8f0b047b AM |
444 | my @values=(); |
445 | my @parts=split(",",$configline[8]); | |
446 | foreach (@parts){ | |
fccf52cf | 447 | $_=~ tr/-/:/; |
8f0b047b AM |
448 | if (!($_ =~ /^(\d+)\:(\d+)$/)) { |
449 | if(&General::validport($_)){ | |
450 | $useport='ON'; | |
8f0b047b AM |
451 | push (@values,$_); |
452 | $grp3='TGT_PORT'; | |
453 | }else{ | |
454 | print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; | |
455 | next; | |
456 | } | |
27f4a6b1 | 457 | }else{ |
8b3dd791 AM |
458 | my ($a1,$a2) = split(/\:/,$_); |
459 | if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){ | |
8f0b047b | 460 | $useport='ON'; |
8f0b047b AM |
461 | push (@values,"$a1:$a2"); |
462 | $grp3='TGT_PORT'; | |
8b3dd791 | 463 | }else{ |
8f0b047b AM |
464 | print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; |
465 | next; | |
8b3dd791 | 466 | } |
8f0b047b | 467 | } |
27f4a6b1 | 468 | } |
8b3dd791 AM |
469 | $port=join("|",@values); |
470 | @values=(); | |
99e698d0 | 471 | @parts=(); |
27f4a6b1 AM |
472 | } |
473 | }else{ | |
474 | print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n"; | |
475 | } | |
476 | &General::readhasharray($fwdfwconfig,\%fwconfig); | |
6128ded8 | 477 | &General::readhasharray($outfwconfig,\%fwconfigout); |
27f4a6b1 | 478 | my $check; |
6128ded8 | 479 | my $chain; |
27f4a6b1 | 480 | foreach my $protocol (@prot){ |
6128ded8 AM |
481 | if ($source eq 'IPFire'){ |
482 | $chain='OUTGOINGFW'; | |
483 | }else{ | |
484 | $chain='FORWARDFW'; | |
485 | } | |
27f4a6b1 | 486 | $protocol=uc($protocol); |
6128ded8 | 487 | print LOG "-> Converted: $action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n"; |
27f4a6b1 AM |
488 | #Put rules into system.... |
489 | ########################### | |
27f4a6b1 AM |
490 | #check for double rules |
491 | foreach my $key (sort keys %fwconfig){ | |
6128ded8 | 492 | if("$action,$chain,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to" |
27f4a6b1 AM |
493 | eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){ |
494 | $check='on'; | |
495 | next; | |
496 | } | |
497 | } | |
498 | if($check ne 'on'){ | |
499 | #increase groupcounter | |
500 | my $check1; | |
501 | if($grp1 eq 'cust_grp_src'){ | |
502 | foreach my $key (sort keys %groups){ | |
503 | if($groups{$key}[0] eq $source){ | |
504 | $groups{$key}[4]++; | |
505 | $check1='on'; | |
506 | } | |
507 | } | |
508 | if($check1 eq 'on'){ | |
27f4a6b1 AM |
509 | &General::writehasharray($configgroups,\%groups); |
510 | } | |
511 | } | |
6128ded8 AM |
512 | if ($chain eq 'FORWARDFW'){ |
513 | my $key = &General::findhasharraykey(\%fwconfig); | |
514 | $fwconfig{$key}[0] = $action; | |
515 | $fwconfig{$key}[1] = $chain; | |
516 | $fwconfig{$key}[2] = $active; | |
517 | $fwconfig{$key}[3] = $grp1; | |
518 | $fwconfig{$key}[4] = $source; | |
519 | $fwconfig{$key}[5] = $grp2; | |
520 | $fwconfig{$key}[6] = $target; | |
521 | $fwconfig{$key}[11] = $useport; | |
522 | $fwconfig{$key}[12] = $protocol; | |
523 | $fwconfig{$key}[14] = $grp3; | |
524 | $fwconfig{$key}[15] = $port; | |
525 | $fwconfig{$key}[16] = $remark; | |
526 | $fwconfig{$key}[17] = $log; | |
527 | $fwconfig{$key}[18] = $time; | |
528 | $fwconfig{$key}[19] = $time_mon; | |
529 | $fwconfig{$key}[20] = $time_tue; | |
530 | $fwconfig{$key}[21] = $time_wed; | |
531 | $fwconfig{$key}[22] = $time_thu; | |
532 | $fwconfig{$key}[23] = $time_fri; | |
533 | $fwconfig{$key}[24] = $time_sat; | |
534 | $fwconfig{$key}[25] = $time_sun; | |
535 | $fwconfig{$key}[26] = $time_from; | |
536 | $fwconfig{$key}[27] = $time_to; | |
537 | }else{ | |
538 | my $key = &General::findhasharraykey(\%fwconfigout); | |
539 | $fwconfigout{$key}[0] = $action; | |
540 | $fwconfigout{$key}[1] = $chain; | |
541 | $fwconfigout{$key}[2] = $active; | |
542 | $fwconfigout{$key}[3] = $grp1; | |
543 | $fwconfigout{$key}[4] = $source; | |
544 | $fwconfigout{$key}[5] = $grp2; | |
545 | $fwconfigout{$key}[6] = $target; | |
546 | $fwconfigout{$key}[11] = $useport; | |
547 | $fwconfigout{$key}[12] = $protocol; | |
548 | $fwconfigout{$key}[14] = $grp3; | |
549 | $fwconfigout{$key}[15] = $port; | |
550 | $fwconfigout{$key}[16] = $remark; | |
551 | $fwconfigout{$key}[17] = $log; | |
552 | $fwconfigout{$key}[18] = $time; | |
553 | $fwconfigout{$key}[19] = $time_mon; | |
554 | $fwconfigout{$key}[20] = $time_tue; | |
555 | $fwconfigout{$key}[21] = $time_wed; | |
556 | $fwconfigout{$key}[22] = $time_thu; | |
557 | $fwconfigout{$key}[23] = $time_fri; | |
558 | $fwconfigout{$key}[24] = $time_sat; | |
559 | $fwconfigout{$key}[25] = $time_sun; | |
560 | $fwconfigout{$key}[26] = $time_from; | |
561 | $fwconfigout{$key}[27] = $time_to; | |
562 | } | |
563 | &General::writehasharray($fwdfwconfig,\%fwconfig); | |
564 | &General::writehasharray($outfwconfig,\%fwconfigout); | |
27f4a6b1 AM |
565 | } |
566 | } | |
27f4a6b1 AM |
567 | @prot=(); |
568 | } | |
569 | close(LOG); | |
570 | @lines=(); | |
571 | } | |
572 | sub get_ip_from_domain | |
573 | { | |
574 | $web=shift; | |
575 | my $resolvedip; | |
576 | my $checked; | |
577 | my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web); | |
578 | if(@addrs){ | |
579 | $resolvedip=inet_ntoa($addrs[0]); | |
580 | return $resolvedip; | |
581 | } | |
582 | return; | |
583 | } | |
584 | sub build_ovpn_grp | |
585 | { | |
586 | &General::readhasharray($confighosts,\%hosts); | |
587 | &General::readhasharray($confignets,\%nets); | |
588 | &General::readhasharray($configgroups,\%groups); | |
589 | &General::readhasharray($ovpnconfig,\%configovpn); | |
590 | &General::readhasharray($ccdconfig,\%ccdconf); | |
591 | &General::readhash($ovpnsettings,\%settingsovpn); | |
592 | #get ovpn nets | |
593 | my @ovpnnets=(); | |
594 | if($settingsovpn{'DOVPN_SUBNET'}){ | |
595 | my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'}); | |
596 | push (@ovpnnets,"$net,$subnet,dynamic"); | |
597 | } | |
598 | foreach my $key (sort keys %ccdconf){ | |
599 | my ($net,$subnet)=split("/",$ccdconf{$key}[1]); | |
600 | $subnet=&General::iporsubtodec($subnet); | |
601 | push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]"); | |
602 | } | |
603 | foreach my $key (sort keys %configovpn){ | |
604 | if ($configovpn{$key}[3] eq 'net'){ | |
605 | my ($net,$subnet)=split("/",$configovpn{$key}[27]); | |
606 | push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]"); | |
607 | } | |
608 | } | |
609 | #add ovpn nets to customnetworks/groups | |
610 | foreach my $line (@ovpnnets){ | |
611 | my ($net,$subnet,$name) = split(",",$line); | |
612 | if (!&check_net($net,$subnet)){ | |
613 | my $netkey = &General::findhasharraykey(\%nets); | |
614 | $name2=$name."(ovpn)".$net; | |
615 | $name3="Custom Network"; | |
616 | $nets{$netkey}[0] = $name2; | |
617 | $nets{$netkey}[1] = $net; | |
618 | $nets{$netkey}[2] = $subnet; | |
619 | $nets{$netkey}[3] = 1; | |
620 | }else{ | |
621 | print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n"; | |
622 | } | |
623 | if($name2){ | |
624 | my $grpkey = &General::findhasharraykey(\%groups); | |
625 | $groups{$grpkey}[0] = "ovpn"; | |
626 | $groups{$grpkey}[1] = ''; | |
627 | $groups{$grpkey}[2] = $name2; | |
628 | $groups{$grpkey}[3] = "Custom Network"; | |
629 | $groups{$grpkey}[4] = 0; | |
630 | } | |
631 | $name2=''; | |
632 | } | |
633 | @ovpnnets=(); | |
634 | &General::writehasharray($confighosts,\%hosts); | |
635 | &General::writehasharray($configgroups,\%groups); | |
636 | &General::writehasharray($confignets,\%nets); | |
637 | } | |
5a9fd5db AM |
638 | sub process_p2p |
639 | { | |
640 | copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols"); | |
70d38e50 | 641 | chmod oct('0777'), '/var/ipfire/forward/p2protocols'; |
5a9fd5db | 642 | } |