]>
Commit | Line | Data |
---|---|---|
27f4a6b1 | 1 | #!/usr/bin/perl |
dc21519f AM |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2013 # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | # Author: Alexander Marx (amarx@ipfire.org) # | |
22 | ############################################################################### | |
23 | # # | |
24 | #This script converts old xtaccess rules to new firewall # | |
25 | #Logfiles are created under /var/log/converters # | |
26 | # # | |
27 | ############################################################################### | |
27f4a6b1 AM |
28 | my @current=(); |
29 | my @alias=(); | |
30 | my %configinputfw=(); | |
31 | require '/var/ipfire/general-functions.pl'; | |
32 | my $xtaccessconfig = "${General::swroot}/xtaccess/config"; | |
33 | my $inputfwconfig = "${General::swroot}/forward/input"; | |
34 | my $aliasconfig = "${General::swroot}/ethernet/aliases"; | |
35 | my $field0='ACCEPT'; | |
36 | my $field1='INPUTFW'; | |
37 | my $field2=''; #ON or emtpy | |
38 | my $field3=''; #std_net_src or src_addr | |
39 | my $field4=''; #ALL or IP-Address with /32 | |
40 | my $field5='ipfire'; | |
41 | my $field6=''; #Default IP or alias name | |
42 | my $field11='ON'; #use target port | |
43 | my $field12=''; #TCP or UDP | |
44 | my $field13='All ICMP-Types'; | |
45 | my $field14='TGT_PORT'; | |
46 | my $field15=''; #Port Number | |
47 | my $field16=''; #remark | |
48 | my $field26='00:00'; | |
49 | my $field27='00:00'; | |
ac9e77e3 AM |
50 | my $field28 = ''; |
51 | my $field29 = 'ALL'; | |
52 | my $field30 = ''; | |
53 | my $field31 = 'dnat'; | |
27f4a6b1 AM |
54 | open(FILE, $xtaccessconfig) or die 'Unable to open config file.'; |
55 | my @current = <FILE>; | |
56 | close(FILE); | |
57 | open(FILE1, $aliasconfig) or die 'Unable to open config file.'; | |
58 | my @alias = <FILE1>; | |
59 | close(FILE1); | |
60 | &General::readhasharray($inputfwconfig,\%configinputfw); | |
61 | ||
62 | foreach my $line (@current){ | |
63 | my ($a,$b,$c,$d,$e,$f) = split (",",$line); | |
64 | $e =~ s/\R//g; | |
65 | if ($f gt ''){ | |
66 | $f =~ s/\R//g; | |
67 | $field16=$f; | |
68 | } | |
69 | #active or not | |
70 | $field2=uc($d); | |
71 | #get protocol | |
72 | if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';} | |
73 | #check source address | |
74 | if ($b eq '0.0.0.0/0'){ | |
75 | $field3='std_net_src'; | |
76 | $field4='ALL'; | |
77 | }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ | |
78 | $field3='src_addr'; | |
79 | $field4=$b."/32"; | |
80 | }elsif ($b =~ /^(.*?)\/(.*?)$/) { | |
81 | $field3='src_addr'; | |
82 | $field4=$b; | |
83 | }else{ | |
84 | print "Regel konnte nicht konvertiert werden!\n"; | |
85 | } | |
86 | #check ipfire address | |
87 | if ($e eq '0.0.0.0'){ | |
fb0ce575 | 88 | $field6 = 'RED1'; |
27f4a6b1 AM |
89 | }else{ |
90 | foreach my $line (@alias){ | |
91 | my ($ip,$state,$aliasname) = split (",",$line); | |
92 | if ($ip eq $e){ | |
93 | $aliasname =~ s/\R//g; | |
94 | $field6 = $aliasname; | |
95 | } | |
96 | } | |
97 | } | |
98 | #get target port | |
99 | $c=~ s/\R//g; | |
100 | $c=~ tr/-/:/; | |
101 | if ($c =~ /^(\D)\:(\d+)$/) { | |
102 | $c = "1:$2"; | |
103 | } | |
104 | if ($c =~ /^(\d+)\:(\D)$/) { | |
105 | $c = "$1:65535"; | |
106 | } | |
107 | $field15=$c; | |
27f4a6b1 | 108 | my $key = &General::findhasharraykey (\%configinputfw); |
ac9e77e3 | 109 | foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";} |
27f4a6b1 AM |
110 | $configinputfw{$key}[0] = $field0; |
111 | $configinputfw{$key}[1] = $field1; | |
112 | $configinputfw{$key}[2] = $field2; | |
113 | $configinputfw{$key}[3] = $field3; | |
114 | $configinputfw{$key}[4] = $field4; | |
115 | $configinputfw{$key}[5] = $field5; | |
116 | $configinputfw{$key}[6] = $field6; | |
117 | $configinputfw{$key}[7] = ''; | |
118 | $configinputfw{$key}[8] = ''; | |
119 | $configinputfw{$key}[9] = ''; | |
120 | $configinputfw{$key}[10] = ''; | |
121 | $configinputfw{$key}[11] = $field11; | |
122 | $configinputfw{$key}[12] = $field12; | |
123 | $configinputfw{$key}[13] = $field13; | |
124 | $configinputfw{$key}[14] = $field14; | |
125 | $configinputfw{$key}[15] = $field15; | |
126 | $configinputfw{$key}[16] = $field16; | |
127 | $configinputfw{$key}[17] = ''; | |
128 | $configinputfw{$key}[18] = ''; | |
129 | $configinputfw{$key}[19] = ''; | |
130 | $configinputfw{$key}[20] = ''; | |
131 | $configinputfw{$key}[21] = ''; | |
132 | $configinputfw{$key}[22] = ''; | |
133 | $configinputfw{$key}[23] = ''; | |
134 | $configinputfw{$key}[24] = ''; | |
135 | $configinputfw{$key}[25] = ''; | |
136 | $configinputfw{$key}[26] = $field26; | |
137 | $configinputfw{$key}[27] = $field27; | |
ac9e77e3 AM |
138 | $configinputfw{$key}[28] = $field28; |
139 | $configinputfw{$key}[29] = $field29; | |
140 | $configinputfw{$key}[30] = $field30; | |
141 | $configinputfw{$key}[31] = $field31; | |
27f4a6b1 AM |
142 | &General::writehasharray($inputfwconfig,\%configinputfw); |
143 | } |