]>
Commit | Line | Data |
---|---|---|
27f4a6b1 | 1 | #!/usr/bin/perl |
dc21519f AM |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5bee9a9d | 5 | # Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # |
dc21519f AM |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
dc21519f AM |
21 | # # |
22 | #This script converts old xtaccess rules to new firewall # | |
23 | #Logfiles are created under /var/log/converters # | |
24 | # # | |
25 | ############################################################################### | |
27f4a6b1 AM |
26 | my @current=(); |
27 | my @alias=(); | |
28 | my %configinputfw=(); | |
29 | require '/var/ipfire/general-functions.pl'; | |
30 | my $xtaccessconfig = "${General::swroot}/xtaccess/config"; | |
6d8eb5de | 31 | my $inputfwconfig = "${General::swroot}/firewall/input"; |
27f4a6b1 AM |
32 | my $aliasconfig = "${General::swroot}/ethernet/aliases"; |
33 | my $field0='ACCEPT'; | |
34 | my $field1='INPUTFW'; | |
35 | my $field2=''; #ON or emtpy | |
36 | my $field3=''; #std_net_src or src_addr | |
37 | my $field4=''; #ALL or IP-Address with /32 | |
38 | my $field5='ipfire'; | |
39 | my $field6=''; #Default IP or alias name | |
40 | my $field11='ON'; #use target port | |
41 | my $field12=''; #TCP or UDP | |
42 | my $field13='All ICMP-Types'; | |
43 | my $field14='TGT_PORT'; | |
44 | my $field15=''; #Port Number | |
45 | my $field16=''; #remark | |
46 | my $field26='00:00'; | |
47 | my $field27='00:00'; | |
ac9e77e3 AM |
48 | my $field28 = ''; |
49 | my $field29 = 'ALL'; | |
50 | my $field30 = ''; | |
51 | my $field31 = 'dnat'; | |
37c84696 SS |
52 | |
53 | if (! -e "$xtaccessconfig") { | |
54 | print "Config file for external access not found. Exiting!\n"; | |
55 | exit(1); | |
56 | } | |
57 | ||
58 | if (! -s "$xtaccessconfig") { | |
59 | print "Empty external access configuration file. Nothing to do. Exiting...\n"; | |
60 | exit(0); | |
61 | } | |
62 | ||
27f4a6b1 AM |
63 | open(FILE, $xtaccessconfig) or die 'Unable to open config file.'; |
64 | my @current = <FILE>; | |
65 | close(FILE); | |
66 | open(FILE1, $aliasconfig) or die 'Unable to open config file.'; | |
67 | my @alias = <FILE1>; | |
68 | close(FILE1); | |
69 | &General::readhasharray($inputfwconfig,\%configinputfw); | |
70 | ||
71 | foreach my $line (@current){ | |
72 | my ($a,$b,$c,$d,$e,$f) = split (",",$line); | |
73 | $e =~ s/\R//g; | |
74 | if ($f gt ''){ | |
75 | $f =~ s/\R//g; | |
76 | $field16=$f; | |
77 | } | |
78 | #active or not | |
79 | $field2=uc($d); | |
80 | #get protocol | |
81 | if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';} | |
82 | #check source address | |
83 | if ($b eq '0.0.0.0/0'){ | |
84 | $field3='std_net_src'; | |
85 | $field4='ALL'; | |
86 | }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ | |
87 | $field3='src_addr'; | |
88 | $field4=$b."/32"; | |
89 | }elsif ($b =~ /^(.*?)\/(.*?)$/) { | |
90 | $field3='src_addr'; | |
91 | $field4=$b; | |
92 | }else{ | |
93 | print "Regel konnte nicht konvertiert werden!\n"; | |
94 | } | |
95 | #check ipfire address | |
96 | if ($e eq '0.0.0.0'){ | |
fb0ce575 | 97 | $field6 = 'RED1'; |
27f4a6b1 AM |
98 | }else{ |
99 | foreach my $line (@alias){ | |
100 | my ($ip,$state,$aliasname) = split (",",$line); | |
101 | if ($ip eq $e){ | |
102 | $aliasname =~ s/\R//g; | |
103 | $field6 = $aliasname; | |
104 | } | |
105 | } | |
106 | } | |
107 | #get target port | |
108 | $c=~ s/\R//g; | |
109 | $c=~ tr/-/:/; | |
110 | if ($c =~ /^(\D)\:(\d+)$/) { | |
111 | $c = "1:$2"; | |
112 | } | |
113 | if ($c =~ /^(\d+)\:(\D)$/) { | |
114 | $c = "$1:65535"; | |
115 | } | |
116 | $field15=$c; | |
27f4a6b1 | 117 | my $key = &General::findhasharraykey (\%configinputfw); |
ac9e77e3 | 118 | foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";} |
27f4a6b1 AM |
119 | $configinputfw{$key}[0] = $field0; |
120 | $configinputfw{$key}[1] = $field1; | |
121 | $configinputfw{$key}[2] = $field2; | |
122 | $configinputfw{$key}[3] = $field3; | |
123 | $configinputfw{$key}[4] = $field4; | |
124 | $configinputfw{$key}[5] = $field5; | |
125 | $configinputfw{$key}[6] = $field6; | |
126 | $configinputfw{$key}[7] = ''; | |
a8ccb45c | 127 | $configinputfw{$key}[8] = $field12; |
27f4a6b1 AM |
128 | $configinputfw{$key}[9] = ''; |
129 | $configinputfw{$key}[10] = ''; | |
130 | $configinputfw{$key}[11] = $field11; | |
a8ccb45c AM |
131 | $configinputfw{$key}[12] = ''; |
132 | $configinputfw{$key}[13] = ''; | |
27f4a6b1 AM |
133 | $configinputfw{$key}[14] = $field14; |
134 | $configinputfw{$key}[15] = $field15; | |
135 | $configinputfw{$key}[16] = $field16; | |
136 | $configinputfw{$key}[17] = ''; | |
137 | $configinputfw{$key}[18] = ''; | |
138 | $configinputfw{$key}[19] = ''; | |
139 | $configinputfw{$key}[20] = ''; | |
140 | $configinputfw{$key}[21] = ''; | |
141 | $configinputfw{$key}[22] = ''; | |
142 | $configinputfw{$key}[23] = ''; | |
143 | $configinputfw{$key}[24] = ''; | |
144 | $configinputfw{$key}[25] = ''; | |
145 | $configinputfw{$key}[26] = $field26; | |
146 | $configinputfw{$key}[27] = $field27; | |
ac9e77e3 AM |
147 | $configinputfw{$key}[28] = $field28; |
148 | $configinputfw{$key}[29] = $field29; | |
149 | $configinputfw{$key}[30] = $field30; | |
150 | $configinputfw{$key}[31] = $field31; | |
27f4a6b1 AM |
151 | &General::writehasharray($inputfwconfig,\%configinputfw); |
152 | } |