]>
Commit | Line | Data |
---|---|---|
6b681c40 | 1 | #!/usr/bin/perl |
dc21519f AM |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5bee9a9d | 5 | # Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # |
dc21519f AM |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
dc21519f AM |
21 | # # |
22 | # This script converts old portforwarding rules from old Firewall # | |
23 | # to the new one. This is a 3-step process. # | |
24 | # STEP1: read old config and normalize settings # | |
25 | # STEP2: create new rules from old ones # | |
26 | # STEP3: check if rule already exists, when not, put it into # | |
6d8eb5de | 27 | # /var/ipfire/firewall/config # |
dc21519f | 28 | ############################################################################### |
6b681c40 AM |
29 | require '/var/ipfire/general-functions.pl'; |
30 | my @values=(); | |
31 | my @built_rules=(); | |
32 | my %nat=(); | |
33 | my $portfwconfig = "${General::swroot}/portfw/config"; | |
6d8eb5de | 34 | my $confignat = "${General::swroot}/firewall/config"; |
6b681c40 AM |
35 | my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark); |
36 | my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1); | |
37 | my $count=0; | |
38 | my $jump; | |
37c84696 SS |
39 | |
40 | if (! -e "$portfwconfig") { | |
41 | print "Config file for portforward not found. Exiting!\n"; | |
42 | exit(1); | |
43 | } | |
44 | ||
45 | if (! -s "$portfwconfig") { | |
46 | print "Empty portforward configuration file. Nothing to do. Exiting...\n"; | |
47 | exit(0); | |
48 | } | |
49 | ||
6b681c40 AM |
50 | if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} |
51 | open(FILE, $portfwconfig) or die 'Unable to open config file.'; | |
52 | my @current = <FILE>; | |
53 | close(FILE); | |
54 | open (LOG, ">/var/log/converters/portfw-convert.log") or die $!; | |
55 | open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; | |
56 | my @alias = <ALIAS>; | |
57 | close(ALIAS); | |
58 | &get_config; | |
59 | &build_rules; | |
60 | &write_rules; | |
61 | sub get_config | |
62 | { | |
63 | print LOG "STEP 1: Get config from old portforward\n#########################################\n"; | |
64 | foreach my $line (@current){ | |
65 | if($jump eq '1'){ | |
66 | $jump=''; | |
67 | $count++; | |
68 | next; | |
69 | } | |
70 | my $u=$count+1; | |
71 | ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line); | |
72 | ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]); | |
73 | if ($flag1 eq '1'){ | |
74 | $source=$source1; | |
75 | $jump='1'; | |
76 | } | |
77 | my $now=localtime; | |
78 | chomp($remark); | |
79 | print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n"; | |
80 | push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark); | |
81 | $count++; | |
82 | } | |
83 | } | |
84 | sub build_rules | |
85 | { | |
86 | print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n"; | |
87 | my $src; | |
88 | my $src1; | |
89 | my $ipfireip; | |
90 | my $count=0; | |
91 | my $stop; | |
92 | #build rules for new firewall | |
93 | foreach my $line (@values){ | |
94 | chomp ($line); | |
95 | ($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line); | |
96 | $count++; | |
97 | #get sourcepart | |
98 | if($source eq '0.0.0.0/0'){ | |
99 | $src = 'std_net_src'; | |
100 | $src1 = 'ALL'; | |
101 | }else{ | |
102 | $src = 'src_addr'; | |
103 | my ($a,$b) = split("/",$source); | |
104 | $src1 = $a."/32"; | |
105 | } | |
106 | #get ipfire ip | |
107 | if($alias eq '0.0.0.0'){ | |
1d9c1c30 | 108 | $alias='Default IP'; |
6b681c40 AM |
109 | }else{ |
110 | foreach my $ali (@alias){ | |
111 | my ($alias_ip,$alias_active,$alias_name) = split (",",$ali); | |
54d68637 AM |
112 | if($alias eq $alias_ip){ |
113 | chomp($alias_name); | |
6b681c40 AM |
114 | $alias=$alias_name; |
115 | } | |
116 | } | |
117 | } | |
118 | $active = uc $active; | |
119 | $prot = uc $prot; | |
54d68637 | 120 | chomp($remark); |
6ee90535 | 121 | push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat"); |
6b681c40 | 122 | my $now=localtime; |
6ee90535 | 123 | print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,*,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n"; |
6b681c40 AM |
124 | } |
125 | } | |
126 | sub write_rules | |
127 | { | |
128 | my $skip=''; | |
129 | my $id; | |
130 | print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n"; | |
131 | &General::readhasharray($confignat,\%nat); | |
132 | foreach my $line (@built_rules){ | |
133 | $skip=''; | |
6ee90535 | 134 | my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$dummy,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line); |
6b681c40 | 135 | foreach my $key (sort keys %nat){ |
6ee90535 | 136 | if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){ |
6b681c40 | 137 | my $now=localtime; |
6ee90535 | 138 | print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n"; |
6b681c40 AM |
139 | $skip='1'; |
140 | } | |
141 | } | |
142 | if ($skip ne '1'){ | |
6ee90535 AM |
143 | if ( $prot eq 'GRE'){ |
144 | $tgt_port=''; | |
145 | $tgt_port1=''; | |
146 | $use_port=''; | |
147 | $ipfireport=''; | |
148 | $use_prot=''; | |
149 | } | |
6b681c40 AM |
150 | $id = &General::findhasharraykey(\%nat); |
151 | $nat{$id}[0] = $action; | |
152 | $nat{$id}[1] = $chain; | |
153 | $nat{$id}[2] = $active; | |
154 | $nat{$id}[3] = $src; | |
155 | $nat{$id}[4] = $src1; | |
156 | $nat{$id}[5] = $tgt; | |
157 | $nat{$id}[6] = $tgt1; | |
6ee90535 AM |
158 | $nat{$id}[7] = $dummy; |
159 | $nat{$id}[8] = $prot; | |
160 | $nat{$id}[11] = $use_port; | |
6b681c40 AM |
161 | $nat{$id}[14] = $tgt_port; |
162 | $nat{$id}[15] = $tgt_port1; | |
163 | $nat{$id}[16] = $remark; | |
164 | $nat{$id}[26] = $from; | |
165 | $nat{$id}[27] = $to; | |
166 | $nat{$id}[28] = $use_port; | |
167 | $nat{$id}[29] = $alias; | |
168 | $nat{$id}[30] = $ipfireport; | |
169 | $nat{$id}[31] = $dnat; | |
170 | my $now=localtime; | |
171 | print LOG "$now NEW RULE-> Rule $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n"; | |
172 | } | |
173 | } | |
174 | &General::writehasharray($confignat,\%nat); | |
175 | } | |
176 | close (LOG); |