From 37c84696a2c0eecda7bed87bea042018469c4120 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 18 Jan 2014 18:11:09 +0100 Subject: [PATCH 1/1] Make firewall convert scripts more robust. The converter scripts procude a lot of error, when they get executed on a system with a previously installed version of the New Firewall or they get run twice. In this case the scripts will detect that their input files are missing and will exit with an error message. The scripts now also check if the input files are empty (no corresponding rules created) and will exit with an nothing to do message. --- config/firewall/convert-dmz | 9 +++++++++ config/firewall/convert-outgoingfw | 28 ++++++++++++++++++++++++---- config/firewall/convert-portfw | 11 +++++++++++ config/firewall/convert-xtaccess | 11 +++++++++++ 4 files changed, 55 insertions(+), 4 deletions(-) diff --git a/config/firewall/convert-dmz b/config/firewall/convert-dmz index fbcc4cf9cd..7b7704548c 100755 --- a/config/firewall/convert-dmz +++ b/config/firewall/convert-dmz @@ -55,6 +55,15 @@ my $field29 = 'ALL'; my $field30 = ''; my $field31 = 'dnat'; +if (! -e "$dmzconfig") { + print "DMZ config file not found. Exiting!\n"; + exit(1); +} + +if (! -s "$dmzconfig") { + print "Empty DMZ configuration file. Nothing to do. Exiting...\n"; + exit(0); +} open(FILE, $dmzconfig) or die 'Unable to open config file.'; my @current = ; diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw index 4f8bcdc9ec..ea493752e1 100755 --- a/config/firewall/convert-outgoingfw +++ b/config/firewall/convert-outgoingfw @@ -48,8 +48,8 @@ my $ccdconfig = "${General::swroot}/ovpn/ccd.conf"; my $fwdfwconfig = "${General::swroot}/firewall/config"; my $outfwconfig = "${General::swroot}/firewall/outgoing"; my $fwdfwsettings = "${General::swroot}/firewall/settings"; -my @ipgroups = qx(ls $ipgrouppath); -my @macgroups = qx(ls $macgrouppath); +my @ipgroups = qx(ls $ipgrouppath 2>/dev/null); +my @macgroups = qx(ls $macgrouppath 2>/dev/null); my @hostarray=(); my %outsettings=(); my %hosts=(); @@ -65,16 +65,36 @@ my %ownnet=(); my %ovpnSettings = (); my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', 'Активен', 'Aktif'); &General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings); -&General::readhash($outfwsettings,\%outsettings); &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); +if (-e "$outfwsettings") { + &General::readhash($outfwsettings,\%outsettings); +} +else +{ + print "Config file for outgoing-firewall not found. Exiting!\n"; + exit(1); +} + +if (! -s "$outfwsettings") { + print "Empty DMZ configuration file. Nothing to do. Exiting...\n"; + exit(0); +} + #ONLY RUN if /var/ipfire/outgoing exists if ( -d "/var/ipfire/outgoing"){ &process_groups; &process_rules; &process_p2p; } +else +{ + print "/var/ipfire/outgoing not found. Exiting!\n"; + exit 1 +} + system("/usr/local/bin/firewallctrl"); + sub process_groups { if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} @@ -111,7 +131,7 @@ sub process_groups foreach my $group (@macgroups){ chomp $group; print LOG "\nProcessing MAC-GROUP: $group...\n"; - open (DATEI, "<$macgrouppath/$group"); + open (DATEI, "<$macgrouppath/$group") or die 'Unable to open config file.'; my @zeilen = ; foreach my $mac (@zeilen){ chomp($mac); diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw index 447ef90a76..fedddeeb3d 100755 --- a/config/firewall/convert-portfw +++ b/config/firewall/convert-portfw @@ -36,6 +36,17 @@ my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$rem my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1); my $count=0; my $jump; + +if (! -e "$portfwconfig") { + print "Config file for portforward not found. Exiting!\n"; + exit(1); +} + +if (! -s "$portfwconfig") { + print "Empty portforward configuration file. Nothing to do. Exiting...\n"; + exit(0); +} + if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} open(FILE, $portfwconfig) or die 'Unable to open config file.'; my @current = ; diff --git a/config/firewall/convert-xtaccess b/config/firewall/convert-xtaccess index 363af7af73..d11e09c7c6 100755 --- a/config/firewall/convert-xtaccess +++ b/config/firewall/convert-xtaccess @@ -49,6 +49,17 @@ my $field28 = ''; my $field29 = 'ALL'; my $field30 = ''; my $field31 = 'dnat'; + +if (! -e "$xtaccessconfig") { + print "Config file for external access not found. Exiting!\n"; + exit(1); +} + +if (! -s "$xtaccessconfig") { + print "Empty external access configuration file. Nothing to do. Exiting...\n"; + exit(0); +} + open(FILE, $xtaccessconfig) or die 'Unable to open config file.'; my @current = ; close(FILE); -- 2.39.2