]>
git.ipfire.org Git - ipfire-2.x.git/blob - config/firewall/firewall-lib.pl
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
23 no warnings
'uninitialized';
31 my %customservicegrp=();
39 require '/var/ipfire/general-functions.pl';
41 my $confignet = "${General::swroot}/fwhosts/customnetworks";
42 my $confighost = "${General::swroot}/fwhosts/customhosts";
43 my $configgrp = "${General::swroot}/fwhosts/customgroups";
44 my $configsrv = "${General::swroot}/fwhosts/customservices";
45 my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
46 my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
47 my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
48 my $configipsec = "${General::swroot}/vpn/config";
49 my $configovpn = "${General::swroot}/ovpn/settings";
53 &General
::readhash
("/var/ipfire/ethernet/settings", \
%netsettings);
54 &General
::readhash
("${General::swroot}/ovpn/settings", \
%ovpnsettings);
55 &General
::readhash
("${General::swroot}/vpn/settings", \
%ipsecsettings);
58 &General
::readhasharray
("$confignet", \
%customnetwork);
59 &General
::readhasharray
("$confighost", \
%customhost);
60 &General
::readhasharray
("$configgrp", \
%customgrp);
61 &General
::readhasharray
("$configccdnet", \
%ccdnet);
62 &General
::readhasharray
("$configccdhost", \
%ccdhost);
63 &General
::readhasharray
("$configipsec", \
%ipsecconf);
64 &General
::readhasharray
("$configsrv", \
%customservice);
65 &General
::readhasharray
("$configsrvgrp", \
%customservicegrp);
70 foreach my $key (sort {$a <=> $b} keys %customservice){
71 if($customservice{$key}[0] eq $val){
72 if ($customservice{$key}[0] eq $val){
73 return $customservice{$key}[2];
85 foreach my $key (sort {$a <=> $b} keys %customservicegrp){
86 if($customservicegrp{$key}[0] eq $val){
87 if (&get_srv_prot
($customservicegrp{$key}[2]) eq 'TCP'){
89 }elsif(&get_srv_prot
($customservicegrp{$key}[2]) eq 'UDP'){
91 }elsif(&get_srv_prot
($customservicegrp{$key}[2]) eq 'ICMP'){
94 #Protocols used in servicegroups
95 push (@ips,$customservicegrp{$key}[2]);
99 if ($tcp eq '1'){push (@ips,'TCP');}
100 if ($udp eq '1'){push (@ips,'UDP');}
101 if ($icmp eq '1'){push (@ips,'ICMP');}
102 my $back=join(",",@ips);
113 foreach my $key (sort {$a <=> $b} keys %customservice){
114 if($customservice{$key}[0] eq $val && $customservice{$key}[2] eq $prot){
115 return $customservice{$key}[$field];
126 foreach my $key (sort {$a <=> $b} keys %customservicegrp){
127 if($customservicegrp{$key}[0] eq $val){
128 if ($prot ne 'ICMP'){
129 $value=&get_srv_port
($customservicegrp{$key}[2],1,$prot);
130 }elsif ($prot eq 'ICMP'){
131 $value=&get_srv_port
($customservicegrp{$key}[2],3,$prot);
133 push (@ips,$value) if ($value ne '') ;
137 if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
138 }elsif ($prot eq 'ICMP'){
139 $back="--icmp-type ";
142 $back.=join(",",@ips);
149 foreach my $key (sort {$a <=> $b} keys %ipsecconf){
150 if($ipsecconf{$key}[1] eq $val){
151 return $ipsecconf{$key}[$field];
155 sub get_ipsec_host_ip
159 foreach my $key (sort {$a <=> $b} keys %ipsecconf){
160 if($ipsecconf{$key}[1] eq $val){
161 return $ipsecconf{$key}[$field];
169 foreach my $key (sort {$a <=> $b} keys %ccdhost){
170 if($ccdhost{$key}[1] eq $val){
171 return $ccdhost{$key}[$field];
179 foreach my $key (sort {$a <=> $b} keys %ccdhost){
180 if($ccdhost{$key}[1] eq $val){
181 return $ccdhost{$key}[$field];
190 foreach my $key (sort {$a <=> $b} keys %ccdnet){
191 if($ccdnet{$key}[0] eq $val){
192 return $ccdnet{$key}[$field];
200 foreach my $key (sort {$a <=> $b} keys %customgrp){
201 if ($customgrp{$key}[0] eq $val){
202 &get_address
($customgrp{$key}[3],$src);
212 return "0.0.0.0/0.0.0.0";
213 }elsif($val eq 'GREEN'){
214 return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
215 }elsif($val eq 'ORANGE'){
216 return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
217 }elsif($val eq 'BLUE'){
218 return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
219 }elsif($val eq 'RED'){
220 return "0.0.0.0/0 -o $con";
221 }elsif($val =~ /OpenVPN/i){
222 return "$ovpnsettings{'DOVPN_SUBNET'}";
223 }elsif($val =~ /IPsec/i){
224 return "$ipsecsettings{'RW_NET'}";
225 }elsif($val eq 'IPFire'){
232 foreach my $key (sort {$a <=> $b} keys %customnetwork){
233 if($customnetwork{$key}[0] eq $val){
234 return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
242 foreach my $key (sort {$a <=> $b} keys %customhost){
243 if($customhost{$key}[0] eq $val){
244 if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
245 return "-m mac --mac-source $customhost{$key}[2]";
246 }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
247 return "$customhost{$key}[2]";
248 }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
249 return "$customhost{$key}[2]";
250 }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){