]>
Commit | Line | Data |
---|---|---|
2a81ab0d AM |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5bee9a9d | 5 | # Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> # |
2a81ab0d AM |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
2a81ab0d AM |
21 | |
22 | use strict; | |
23 | no warnings 'uninitialized'; | |
24 | ||
25 | package fwlib; | |
26 | ||
27 | my %customnetwork=(); | |
28 | my %customhost=(); | |
29 | my %customgrp=(); | |
b9ca2fa6 | 30 | my %customgeoipgrp=(); |
2a81ab0d AM |
31 | my %customservice=(); |
32 | my %customservicegrp=(); | |
33 | my %ccdnet=(); | |
34 | my %ccdhost=(); | |
35 | my %ipsecconf=(); | |
36 | my %ipsecsettings=(); | |
37 | my %netsettings=(); | |
38 | my %ovpnsettings=(); | |
4e54e3c6 | 39 | my %aliases=(); |
2a81ab0d AM |
40 | |
41 | require '/var/ipfire/general-functions.pl'; | |
42 | ||
43 | my $confignet = "${General::swroot}/fwhosts/customnetworks"; | |
44 | my $confighost = "${General::swroot}/fwhosts/customhosts"; | |
45 | my $configgrp = "${General::swroot}/fwhosts/customgroups"; | |
b9ca2fa6 | 46 | my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; |
2a81ab0d AM |
47 | my $configsrv = "${General::swroot}/fwhosts/customservices"; |
48 | my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; | |
49 | my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; | |
50 | my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; | |
51 | my $configipsec = "${General::swroot}/vpn/config"; | |
52 | my $configovpn = "${General::swroot}/ovpn/settings"; | |
53 | my $val; | |
54 | my $field; | |
fd169d0a | 55 | my $netsettings = "${General::swroot}/ethernet/settings"; |
2a81ab0d AM |
56 | |
57 | &General::readhash("/var/ipfire/ethernet/settings", \%netsettings); | |
58 | &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings); | |
59 | &General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings); | |
2a81ab0d AM |
60 | |
61 | &General::readhasharray("$confignet", \%customnetwork); | |
62 | &General::readhasharray("$confighost", \%customhost); | |
63 | &General::readhasharray("$configgrp", \%customgrp); | |
b9ca2fa6 | 64 | &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); |
2a81ab0d AM |
65 | &General::readhasharray("$configccdnet", \%ccdnet); |
66 | &General::readhasharray("$configccdhost", \%ccdhost); | |
67 | &General::readhasharray("$configipsec", \%ipsecconf); | |
68 | &General::readhasharray("$configsrv", \%customservice); | |
69 | &General::readhasharray("$configsrvgrp", \%customservicegrp); | |
085a20ec | 70 | &General::get_aliases(\%aliases); |
2a81ab0d AM |
71 | |
72 | sub get_srv_prot | |
73 | { | |
74 | my $val=shift; | |
992394d5 | 75 | foreach my $key (sort {$a <=> $b} keys %customservice){ |
2a81ab0d AM |
76 | if($customservice{$key}[0] eq $val){ |
77 | if ($customservice{$key}[0] eq $val){ | |
78 | return $customservice{$key}[2]; | |
79 | } | |
80 | } | |
81 | } | |
82 | } | |
83 | sub get_srvgrp_prot | |
84 | { | |
85 | my $val=shift; | |
86 | my @ips=(); | |
87 | my $tcp; | |
88 | my $udp; | |
89 | my $icmp; | |
992394d5 | 90 | foreach my $key (sort {$a <=> $b} keys %customservicegrp){ |
2a81ab0d AM |
91 | if($customservicegrp{$key}[0] eq $val){ |
92 | if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){ | |
93 | $tcp=1; | |
94 | }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){ | |
95 | $udp=1; | |
96 | }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){ | |
97 | $icmp=1; | |
82b837cf AM |
98 | }else{ |
99 | #Protocols used in servicegroups | |
100 | push (@ips,$customservicegrp{$key}[2]); | |
101 | } | |
2a81ab0d AM |
102 | } |
103 | } | |
104 | if ($tcp eq '1'){push (@ips,'TCP');} | |
105 | if ($udp eq '1'){push (@ips,'UDP');} | |
106 | if ($icmp eq '1'){push (@ips,'ICMP');} | |
107 | my $back=join(",",@ips); | |
108 | return $back; | |
109 | ||
110 | } | |
2a81ab0d AM |
111 | sub get_srv_port |
112 | { | |
113 | my $val=shift; | |
114 | my $field=shift; | |
115 | my $prot=shift; | |
992394d5 | 116 | foreach my $key (sort {$a <=> $b} keys %customservice){ |
14bcb9a2 AM |
117 | if($customservice{$key}[0] eq $val && $customservice{$key}[2] eq $prot){ |
118 | return $customservice{$key}[$field]; | |
2a81ab0d AM |
119 | } |
120 | } | |
121 | } | |
122 | sub get_srvgrp_port | |
123 | { | |
124 | my $val=shift; | |
125 | my $prot=shift; | |
126 | my $back; | |
127 | my $value; | |
128 | my @ips=(); | |
992394d5 | 129 | foreach my $key (sort {$a <=> $b} keys %customservicegrp){ |
2a81ab0d AM |
130 | if($customservicegrp{$key}[0] eq $val){ |
131 | if ($prot ne 'ICMP'){ | |
132 | $value=&get_srv_port($customservicegrp{$key}[2],1,$prot); | |
133 | }elsif ($prot eq 'ICMP'){ | |
134 | $value=&get_srv_port($customservicegrp{$key}[2],3,$prot); | |
135 | } | |
136 | push (@ips,$value) if ($value ne '') ; | |
137 | } | |
138 | } | |
139 | if($prot ne 'ICMP'){ | |
140 | if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";} | |
141 | }elsif ($prot eq 'ICMP'){ | |
142 | $back="--icmp-type "; | |
143 | } | |
144 | ||
145 | $back.=join(",",@ips); | |
146 | return $back; | |
147 | } | |
148 | sub get_ipsec_net_ip | |
149 | { | |
150 | my $val=shift; | |
151 | my $field=shift; | |
992394d5 | 152 | foreach my $key (sort {$a <=> $b} keys %ipsecconf){ |
2a81ab0d AM |
153 | if($ipsecconf{$key}[1] eq $val){ |
154 | return $ipsecconf{$key}[$field]; | |
155 | } | |
156 | } | |
157 | } | |
158 | sub get_ipsec_host_ip | |
159 | { | |
160 | my $val=shift; | |
161 | my $field=shift; | |
992394d5 | 162 | foreach my $key (sort {$a <=> $b} keys %ipsecconf){ |
2a81ab0d AM |
163 | if($ipsecconf{$key}[1] eq $val){ |
164 | return $ipsecconf{$key}[$field]; | |
165 | } | |
166 | } | |
167 | } | |
168 | sub get_ovpn_n2n_ip | |
169 | { | |
170 | my $val=shift; | |
171 | my $field=shift; | |
992394d5 | 172 | foreach my $key (sort {$a <=> $b} keys %ccdhost){ |
2a81ab0d AM |
173 | if($ccdhost{$key}[1] eq $val){ |
174 | return $ccdhost{$key}[$field]; | |
175 | } | |
176 | } | |
177 | } | |
178 | sub get_ovpn_host_ip | |
179 | { | |
180 | my $val=shift; | |
181 | my $field=shift; | |
992394d5 | 182 | foreach my $key (sort {$a <=> $b} keys %ccdhost){ |
2a81ab0d AM |
183 | if($ccdhost{$key}[1] eq $val){ |
184 | return $ccdhost{$key}[$field]; | |
185 | } | |
186 | } | |
187 | } | |
188 | sub get_ovpn_net_ip | |
189 | { | |
190 | ||
191 | my $val=shift; | |
192 | my $field=shift; | |
992394d5 | 193 | foreach my $key (sort {$a <=> $b} keys %ccdnet){ |
2a81ab0d AM |
194 | if($ccdnet{$key}[0] eq $val){ |
195 | return $ccdnet{$key}[$field]; | |
196 | } | |
197 | } | |
198 | } | |
199 | sub get_grp_ip | |
200 | { | |
201 | my $val=shift; | |
202 | my $src=shift; | |
992394d5 | 203 | foreach my $key (sort {$a <=> $b} keys %customgrp){ |
2a81ab0d AM |
204 | if ($customgrp{$key}[0] eq $val){ |
205 | &get_address($customgrp{$key}[3],$src); | |
206 | } | |
207 | } | |
208 | ||
209 | } | |
210 | sub get_std_net_ip | |
211 | { | |
212 | my $val=shift; | |
ddcec9d3 | 213 | my $con=shift; |
2a81ab0d AM |
214 | if ($val eq 'ALL'){ |
215 | return "0.0.0.0/0.0.0.0"; | |
216 | }elsif($val eq 'GREEN'){ | |
217 | return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"; | |
218 | }elsif($val eq 'ORANGE'){ | |
219 | return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"; | |
220 | }elsif($val eq 'BLUE'){ | |
221 | return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; | |
62fc8511 | 222 | }elsif($val eq 'RED'){ |
48f07c19 | 223 | return "0.0.0.0/0"; |
2a81ab0d AM |
224 | }elsif($val =~ /OpenVPN/i){ |
225 | return "$ovpnsettings{'DOVPN_SUBNET'}"; | |
226 | }elsif($val =~ /IPsec/i){ | |
227 | return "$ipsecsettings{'RW_NET'}"; | |
5d7faa45 AM |
228 | }elsif($val eq 'IPFire'){ |
229 | return ; | |
2a81ab0d AM |
230 | } |
231 | } | |
48f07c19 AM |
232 | sub get_interface |
233 | { | |
234 | my $net=shift; | |
235 | if($net eq "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"){ | |
236 | return "$netsettings{'GREEN_DEV'}"; | |
237 | } | |
238 | if($net eq "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"){ | |
239 | return "$netsettings{'ORANGE_DEV'}"; | |
240 | } | |
241 | if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){ | |
242 | return "$netsettings{'BLUE_DEV'}"; | |
243 | } | |
a21f2f6a MT |
244 | if($net eq "0.0.0.0/0") { |
245 | return &get_external_interface(); | |
48f07c19 AM |
246 | } |
247 | return ""; | |
248 | } | |
2a81ab0d AM |
249 | sub get_net_ip |
250 | { | |
251 | my $val=shift; | |
992394d5 | 252 | foreach my $key (sort {$a <=> $b} keys %customnetwork){ |
2a81ab0d AM |
253 | if($customnetwork{$key}[0] eq $val){ |
254 | return "$customnetwork{$key}[1]/$customnetwork{$key}[2]"; | |
255 | } | |
256 | } | |
257 | } | |
258 | sub get_host_ip | |
259 | { | |
260 | my $val=shift; | |
261 | my $src=shift; | |
992394d5 | 262 | foreach my $key (sort {$a <=> $b} keys %customhost){ |
2a81ab0d AM |
263 | if($customhost{$key}[0] eq $val){ |
264 | if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){ | |
265 | return "-m mac --mac-source $customhost{$key}[2]"; | |
266 | }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){ | |
267 | return "$customhost{$key}[2]"; | |
268 | }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){ | |
269 | return "$customhost{$key}[2]"; | |
270 | }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){ | |
271 | return "none"; | |
272 | } | |
273 | } | |
274 | } | |
275 | } | |
fd169d0a AM |
276 | sub get_addresses |
277 | { | |
4e54e3c6 AM |
278 | my $hash = shift; |
279 | my $key = shift; | |
280 | my $type = shift; | |
281 | ||
282 | my @addresses = (); | |
283 | my $addr_type; | |
284 | my $value; | |
285 | my $group_name; | |
286 | ||
287 | if ($type eq "src") { | |
288 | $addr_type = $$hash{$key}[3]; | |
289 | $value = $$hash{$key}[4]; | |
290 | ||
291 | } elsif ($type eq "tgt") { | |
292 | $addr_type = $$hash{$key}[5]; | |
293 | $value = $$hash{$key}[6]; | |
294 | } | |
295 | ||
296 | if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) { | |
297 | foreach my $grp (sort {$a <=> $b} keys %customgrp) { | |
298 | if ($customgrp{$grp}[0] eq $value) { | |
299 | my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); | |
300 | ||
b9ca2fa6 AM |
301 | if (@address) { |
302 | push(@addresses, @address); | |
303 | } | |
304 | } | |
305 | } | |
306 | }elsif ($addr_type ~~ ["cust_geoip_src", "cust_geoip_tgt"] && $value =~ "group:") { | |
307 | $value=substr($value,6); | |
308 | foreach my $grp (sort {$a <=> $b} keys %customgeoipgrp) { | |
309 | if ($customgeoipgrp{$grp}[0] eq $value) { | |
310 | my @address = &get_address($addr_type, $customgeoipgrp{$grp}[2], $type); | |
311 | ||
4e54e3c6 AM |
312 | if (@address) { |
313 | push(@addresses, @address); | |
314 | } | |
315 | } | |
316 | } | |
317 | } else { | |
318 | my @address = &get_address($addr_type, $value, $type); | |
319 | ||
320 | if (@address) { | |
321 | push(@addresses, @address); | |
322 | } | |
323 | } | |
324 | ||
325 | return @addresses; | |
326 | } | |
fd169d0a AM |
327 | sub get_address |
328 | { | |
4e54e3c6 AM |
329 | my $key = shift; |
330 | my $value = shift; | |
331 | my $type = shift; | |
332 | ||
333 | my @ret = (); | |
334 | ||
335 | # If the user manually typed an address, we just check if it is a MAC | |
336 | # address. Otherwise, we assume that it is an IP address. | |
337 | if ($key ~~ ["src_addr", "tgt_addr"]) { | |
338 | if (&General::validmac($value)) { | |
48f07c19 | 339 | push(@ret, ["-m mac --mac-source $value", ""]); |
4e54e3c6 | 340 | } else { |
48f07c19 | 341 | push(@ret, [$value, ""]); |
4e54e3c6 AM |
342 | } |
343 | ||
344 | # If a default network interface (GREEN, BLUE, etc.) is selected, we | |
345 | # try to get the corresponding address of the network. | |
346 | } elsif ($key ~~ ["std_net_src", "std_net_tgt", "Standard Network"]) { | |
347 | my $external_interface = &get_external_interface(); | |
348 | ||
349 | my $network_address = &get_std_net_ip($value, $external_interface); | |
48f07c19 | 350 | |
4e54e3c6 | 351 | if ($network_address) { |
48f07c19 AM |
352 | my $interface = &get_interface($network_address); |
353 | push(@ret, [$network_address, $interface]); | |
4e54e3c6 AM |
354 | } |
355 | ||
356 | # Custom networks. | |
357 | } elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) { | |
358 | my $network_address = &get_net_ip($value); | |
359 | if ($network_address) { | |
48f07c19 | 360 | push(@ret, [$network_address, ""]); |
4e54e3c6 AM |
361 | } |
362 | ||
363 | # Custom hosts. | |
364 | } elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) { | |
365 | my $host_address = &get_host_ip($value, $type); | |
366 | if ($host_address) { | |
48f07c19 | 367 | push(@ret, [$host_address, ""]); |
4e54e3c6 AM |
368 | } |
369 | ||
370 | # OpenVPN networks. | |
371 | } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { | |
372 | my $network_address = &get_ovpn_net_ip($value, 1); | |
373 | if ($network_address) { | |
48f07c19 | 374 | push(@ret, [$network_address, ""]); |
4e54e3c6 AM |
375 | } |
376 | ||
377 | # OpenVPN hosts. | |
378 | } elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) { | |
379 | my $host_address = &get_ovpn_host_ip($value, 33); | |
380 | if ($host_address) { | |
48f07c19 | 381 | push(@ret, [$host_address, ""]); |
4e54e3c6 AM |
382 | } |
383 | ||
384 | # OpenVPN N2N. | |
385 | } elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) { | |
386 | my $network_address = &get_ovpn_n2n_ip($value, 11); | |
387 | if ($network_address) { | |
48f07c19 | 388 | push(@ret, [$network_address, ""]); |
4e54e3c6 AM |
389 | } |
390 | ||
391 | # IPsec networks. | |
392 | } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) { | |
393 | my $network_address = &get_ipsec_net_ip($value, 11); | |
394 | if ($network_address) { | |
48f07c19 | 395 | push(@ret, [$network_address, ""]); |
4e54e3c6 AM |
396 | } |
397 | ||
398 | # The firewall's own IP addresses. | |
399 | } elsif ($key ~~ ["ipfire", "ipfire_src"]) { | |
400 | # ALL | |
401 | if ($value eq "ALL") { | |
48f07c19 | 402 | push(@ret, ["0/0", ""]); |
4e54e3c6 AM |
403 | |
404 | # GREEN | |
405 | } elsif ($value eq "GREEN") { | |
48f07c19 | 406 | push(@ret, [$netsettings{"GREEN_ADDRESS"}, ""]); |
4e54e3c6 AM |
407 | |
408 | # BLUE | |
409 | } elsif ($value eq "BLUE") { | |
48f07c19 | 410 | push(@ret, [$netsettings{"BLUE_ADDRESS"}, ""]); |
4e54e3c6 AM |
411 | |
412 | # ORANGE | |
413 | } elsif ($value eq "ORANGE") { | |
48f07c19 | 414 | push(@ret, [$netsettings{"ORANGE_ADDRESS"}, ""]); |
4e54e3c6 AM |
415 | |
416 | # RED | |
417 | } elsif ($value ~~ ["RED", "RED1"]) { | |
418 | my $address = &get_external_address(); | |
419 | if ($address) { | |
48f07c19 | 420 | push(@ret, [$address, ""]); |
4e54e3c6 AM |
421 | } |
422 | ||
423 | # Aliases | |
424 | } else { | |
085a20ec MT |
425 | my $alias = &get_alias($value); |
426 | if ($alias) { | |
48f07c19 | 427 | push(@ret, [$alias, ""]); |
4e54e3c6 AM |
428 | } |
429 | } | |
430 | ||
b9ca2fa6 AM |
431 | # Handle rule options with GeoIP as source. |
432 | } elsif ($key eq "cust_geoip_src") { | |
433 | # Get external interface. | |
434 | my $external_interface = &get_external_interface(); | |
435 | ||
436 | push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); | |
437 | ||
438 | # Handle rule options with GeoIP as target. | |
439 | } elsif ($key eq "cust_geoip_tgt") { | |
440 | # Get external interface. | |
441 | my $external_interface = &get_external_interface(); | |
442 | ||
443 | push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); | |
444 | ||
4e54e3c6 AM |
445 | # If nothing was selected, we assume "any". |
446 | } else { | |
48f07c19 | 447 | push(@ret, ["0/0", ""]); |
4e54e3c6 AM |
448 | } |
449 | ||
450 | return @ret; | |
451 | } | |
fd169d0a AM |
452 | sub get_external_interface() |
453 | { | |
4e54e3c6 AM |
454 | open(IFACE, "/var/ipfire/red/iface") or return ""; |
455 | my $iface = <IFACE>; | |
456 | close(IFACE); | |
457 | ||
458 | return $iface; | |
459 | } | |
fd169d0a AM |
460 | sub get_external_address() |
461 | { | |
4e54e3c6 AM |
462 | open(ADDR, "/var/ipfire/red/local-ipaddress") or return ""; |
463 | my $address = <ADDR>; | |
464 | close(ADDR); | |
465 | ||
466 | return $address; | |
467 | } | |
fd169d0a AM |
468 | sub get_alias |
469 | { | |
4e54e3c6 AM |
470 | my $id = shift; |
471 | ||
472 | foreach my $alias (sort keys %aliases) { | |
473 | if ($id eq $alias) { | |
085a20ec | 474 | return $aliases{$alias}{"IPT"}; |
4e54e3c6 AM |
475 | } |
476 | } | |
477 | } | |
085a20ec MT |
478 | |
479 | sub get_nat_address { | |
4e54e3c6 AM |
480 | my $zone = shift; |
481 | my $source = shift; | |
482 | ||
483 | # Any static address of any zone. | |
484 | if ($zone eq "AUTO") { | |
fd169d0a | 485 | if ($source && ($source !~ m/mac/i )) { |
4e54e3c6 AM |
486 | my $firewall_ip = &get_internal_firewall_ip_address($source, 1); |
487 | if ($firewall_ip) { | |
488 | return $firewall_ip; | |
489 | } | |
490 | ||
491 | $firewall_ip = &get_matching_firewall_address($source, 1); | |
492 | if ($firewall_ip) { | |
493 | return $firewall_ip; | |
494 | } | |
495 | } | |
496 | ||
497 | return &get_external_address(); | |
498 | ||
499 | } elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") { | |
c71499d8 | 500 | return $netsettings{$zone . "_ADDRESS"}; |
4e54e3c6 | 501 | |
085a20ec | 502 | } elsif ($zone ~~ ["Default IP", "ALL"]) { |
4e54e3c6 AM |
503 | return &get_external_address(); |
504 | ||
505 | } else { | |
085a20ec MT |
506 | my $alias = &get_alias($zone); |
507 | unless ($alias) { | |
508 | $alias = &get_external_address(); | |
509 | } | |
510 | return $alias; | |
4e54e3c6 AM |
511 | } |
512 | ||
513 | print_error("Could not find NAT address"); | |
514 | } | |
085a20ec | 515 | |
fd169d0a AM |
516 | sub get_internal_firewall_ip_addresses |
517 | { | |
4e54e3c6 AM |
518 | my $use_orange = shift; |
519 | ||
520 | my @zones = ("GREEN", "BLUE"); | |
521 | if ($use_orange) { | |
522 | push(@zones, "ORANGE"); | |
523 | } | |
524 | ||
525 | my @addresses = (); | |
526 | for my $zone (@zones) { | |
c71499d8 | 527 | next unless (exists $netsettings{$zone . "_ADDRESS"}); |
4e54e3c6 | 528 | |
c71499d8 | 529 | my $zone_address = $netsettings{$zone . "_ADDRESS"}; |
4e54e3c6 AM |
530 | push(@addresses, $zone_address); |
531 | } | |
532 | ||
533 | return @addresses; | |
534 | } | |
fd169d0a AM |
535 | sub get_matching_firewall_address |
536 | { | |
4e54e3c6 AM |
537 | my $addr = shift; |
538 | my $use_orange = shift; | |
539 | ||
540 | my ($address, $netmask) = split("/", $addr); | |
541 | ||
542 | my @zones = ("GREEN", "BLUE"); | |
543 | if ($use_orange) { | |
544 | push(@zones, "ORANGE"); | |
545 | } | |
546 | ||
547 | foreach my $zone (@zones) { | |
c71499d8 | 548 | next unless (exists $netsettings{$zone . "_ADDRESS"}); |
4e54e3c6 | 549 | |
c71499d8 AM |
550 | my $zone_subnet = $netsettings{$zone . "_NETADDRESS"}; |
551 | my $zone_mask = $netsettings{$zone . "_NETMASK"}; | |
4e54e3c6 AM |
552 | |
553 | if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) { | |
c71499d8 | 554 | return $netsettings{$zone . "_ADDRESS"}; |
4e54e3c6 AM |
555 | } |
556 | } | |
557 | ||
558 | return 0; | |
559 | } | |
fd169d0a AM |
560 | sub get_internal_firewall_ip_address |
561 | { | |
4e54e3c6 AM |
562 | my $subnet = shift; |
563 | my $use_orange = shift; | |
564 | ||
565 | my ($net_address, $net_mask) = split("/", $subnet); | |
566 | if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) { | |
567 | return 0; | |
568 | } | |
569 | ||
aa5f4b65 MT |
570 | # Convert net mask into correct format for &General::IpInSubnet(). |
571 | $net_mask = &General::iporsubtodec($net_mask); | |
572 | ||
4e54e3c6 AM |
573 | my @addresses = &get_internal_firewall_ip_addresses($use_orange); |
574 | foreach my $zone_address (@addresses) { | |
575 | if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) { | |
576 | return $zone_address; | |
577 | } | |
578 | } | |
579 | ||
580 | return 0; | |
581 | } | |
582 | ||
593c3227 SS |
583 | sub get_geoip_locations() { |
584 | # Path to the directory which contains the binary geoip | |
585 | # databases. | |
586 | my $directory="/usr/share/xt_geoip/LE"; | |
587 | ||
588 | # Array to store the final country list. | |
589 | my @country_codes = (); | |
590 | ||
591 | # Open location and do a directory listing. | |
592 | opendir(DIR, "$directory"); | |
593 | my @locations = readdir(DIR); | |
594 | closedir(DIR); | |
595 | ||
596 | # Loop through the directory listing, and cut of the file extensions. | |
597 | foreach my $location (sort @locations) { | |
598 | # skip . and .. | |
599 | next if($location =~ /^\.$/); | |
600 | next if($location =~ /^\.\.$/); | |
601 | ||
602 | # Remove whitespaces. | |
603 | chomp($location); | |
604 | ||
605 | # Cut-off file extension. | |
192a8266 | 606 | my ($country_code, $extension) = split(/\./, $location); |
593c3227 SS |
607 | |
608 | # Add country code to array. | |
192a8266 | 609 | push(@country_codes, $country_code); |
593c3227 SS |
610 | } |
611 | ||
612 | # Return final array. | |
613 | return @country_codes; | |
614 | } | |
615 | ||
2a81ab0d | 616 | return 1; |