my $fwdfwconfig = "${General::swroot}/firewall/config";
my $outfwconfig = "${General::swroot}/firewall/outgoing";
my $fwdfwsettings = "${General::swroot}/firewall/settings";
-my @ipgroups = qx(ls $ipgrouppath);
-my @macgroups = qx(ls $macgrouppath);
+my @ipgroups = qx(ls $ipgrouppath 2>/dev/null);
+my @macgroups = qx(ls $macgrouppath 2>/dev/null);
my @hostarray=();
my %outsettings=();
my %hosts=();
my %ovpnSettings = ();
my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', 'Активен', 'Aktif');
&General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
-&General::readhash($outfwsettings,\%outsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+if (-e "$outfwsettings") {
+ &General::readhash($outfwsettings,\%outsettings);
+}
+else
+{
+ print "Config file for outgoing-firewall not found. Exiting!\n";
+ exit(1);
+}
+
+if (! -s "$outfwsettings") {
+ print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+ #Fill the firewall settings file
+ open (SETTINGS, ">/var/ipfire/firewall/settings");
+ print SETTINGS "POLICY=MODE2\n";
+ print SETTINGS "POLICY1=MODE2\n";
+ close (SETTINGS);
+ exit(0);
+}
+
#ONLY RUN if /var/ipfire/outgoing exists
if ( -d "/var/ipfire/outgoing"){
&process_groups;
&process_rules;
&process_p2p;
}
+else
+{
+ print "/var/ipfire/outgoing not found. Exiting!\n";
+ exit 1
+}
+
system("/usr/local/bin/firewallctrl");
+
sub process_groups
{
if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
foreach my $group (@macgroups){
chomp $group;
print LOG "\nProcessing MAC-GROUP: $group...\n";
- open (DATEI, "<$macgrouppath/$group");
+ open (DATEI, "<$macgrouppath/$group") or die 'Unable to open config file.';
my @zeilen = <DATEI>;
foreach my $mac (@zeilen){
chomp($mac);
$grp1='std_net_src';
$source='ORANGE';
}elsif ($configline[2] eq 'red') {
- $grp1='std_net_src';
- $source='IPFire';
+ $grp1='ipfire_src';
+ $source='RED1';
&General::readhash($fwdfwsettings,\%fwdsettings);
$fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
$fwdsettings{'POLICY'}=$outsettings{'POLICY'};
my $chain;
foreach my $protocol (@prot){
my $now=localtime;
- if ($source eq 'IPFire'){
+ if ($source eq 'RED1'){
$chain='OUTGOINGFW';
}else{
$chain='FORWARDFW';
sub process_p2p
{
copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/firewall/p2protocols");
- chmod oct('0777'), '/var/ipfire/firewall/p2protocols';
+ chown 99, 99, '/var/ipfire/firewall/p2protocols';
}