[people/pmueller/ipfire-2.x.git] / config / firewall / convert-xtaccess

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################
#                                                                             #
#This script converts old xtaccess rules to new firewall                      #
#Logfiles are created under /var/log/converters                               #
#                                                                             #
###############################################################################
my @current=();
my @alias=();
my %configinputfw=();
require '/var/ipfire/general-functions.pl';
my $xtaccessconfig 	= "${General::swroot}/xtaccess/config";
my $inputfwconfig = "${General::swroot}/firewall/input";
my $aliasconfig 	= "${General::swroot}/ethernet/aliases";
my $field0='ACCEPT';
my $field1='INPUTFW';
my $field2=''; #ON or emtpy
my $field3=''; #std_net_src or src_addr
my $field4=''; #ALL or IP-Address with /32
my $field5='ipfire';
my $field6=''; #Default IP or alias name
my $field11='ON'; #use target port 
my $field12=''; #TCP or UDP
my $field13='All ICMP-Types';
my $field14='TGT_PORT';
my $field15=''; #Port Number
my $field16=''; #remark
my $field26='00:00';
my $field27='00:00';
my $field28 = '';
my $field29 = 'ALL';
my $field30 = '';
my $field31 = 'dnat';

if (! -e "$xtaccessconfig") {
        print "Config file for external access not found. Exiting!\n";
        exit(1);
}

if (! -s "$xtaccessconfig") {
        print "Empty external access configuration file. Nothing to do. Exiting...\n";
        exit(0);
}

open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
open(FILE1, $aliasconfig) or die 'Unable to open config file.';
my @alias = <FILE1>;
close(FILE1);
&General::readhasharray($inputfwconfig,\%configinputfw);

foreach my $line (@current){
	my ($a,$b,$c,$d,$e,$f) = split (",",$line);
	$e =~ s/\R//g;
	if ($f gt ''){
		$f =~ s/\R//g;
		$field16=$f;
	}
	#active or not
	$field2=uc($d);
	#get protocol
	if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
	#check source address
	if ($b eq '0.0.0.0/0'){
		$field3='std_net_src';
		$field4='ALL';
	}elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
		$field3='src_addr';
		$field4=$b."/32";
	}elsif ($b =~ /^(.*?)\/(.*?)$/) {
		$field3='src_addr';
		$field4=$b;
	}else{
		print "Regel konnte nicht konvertiert werden!\n";
	}
	#check ipfire address
	if ($e eq '0.0.0.0'){ 
		$field6 = 'RED1';
	}else{
		foreach my $line (@alias){
			my ($ip,$state,$aliasname) = split (",",$line);
			if ($ip eq $e){
				$aliasname =~ s/\R//g; 
				$field6 = $aliasname;
			}
		}
	}
	#get target port
	$c=~ s/\R//g;
	$c=~ tr/-/:/;
	if ($c =~ /^(\D)\:(\d+)$/) {
		$c = "1:$2";
	}
	if ($c =~ /^(\d+)\:(\D)$/) {
		$c = "$1:65535";
	}
	$field15=$c;
	my $key = &General::findhasharraykey (\%configinputfw);
	foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
	$configinputfw{$key}[0] = $field0;
	$configinputfw{$key}[1] = $field1;
	$configinputfw{$key}[2] = $field2;
	$configinputfw{$key}[3] = $field3;
	$configinputfw{$key}[4] = $field4;
	$configinputfw{$key}[5] = $field5;
	$configinputfw{$key}[6] = $field6;
	$configinputfw{$key}[7] = '';
	$configinputfw{$key}[8] = $field12;
	$configinputfw{$key}[9] = '';
	$configinputfw{$key}[10] = '';
	$configinputfw{$key}[11] = $field11;
	$configinputfw{$key}[12] = '';
	$configinputfw{$key}[13] = '';
	$configinputfw{$key}[14] = $field14;
	$configinputfw{$key}[15] = $field15;
	$configinputfw{$key}[16] = $field16;
	$configinputfw{$key}[17] = '';
	$configinputfw{$key}[18] = '';
	$configinputfw{$key}[19] = '';
	$configinputfw{$key}[20] = '';
	$configinputfw{$key}[21] = '';
	$configinputfw{$key}[22] = '';
	$configinputfw{$key}[23] = '';
	$configinputfw{$key}[24] = '';
	$configinputfw{$key}[25] = '';
	$configinputfw{$key}[26] = $field26;
	$configinputfw{$key}[27] = $field27;
	$configinputfw{$key}[28] = $field28;
	$configinputfw{$key}[29] = $field29;
	$configinputfw{$key}[30] = $field30;
	$configinputfw{$key}[31] = $field31;
	&General::writehasharray($inputfwconfig,\%configinputfw);
}
Commit	Line	Data
27f4a6b1	1	#!/usr/bin/perl
dc21519f AM	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
5bee9a9d	5	# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
dc21519f AM	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
dc21519f AM	21	# #
	22	#This script converts old xtaccess rules to new firewall #
	23	#Logfiles are created under /var/log/converters #
	24	# #
	25	###############################################################################
27f4a6b1 AM	26	my @current=();
	27	my @alias=();
	28	my %configinputfw=();
	29	require '/var/ipfire/general-functions.pl';
	30	my $xtaccessconfig = "${General::swroot}/xtaccess/config";
6d8eb5de	31	my $inputfwconfig = "${General::swroot}/firewall/input";
27f4a6b1 AM	32	my $aliasconfig = "${General::swroot}/ethernet/aliases";
	33	my $field0='ACCEPT';
	34	my $field1='INPUTFW';
	35	my $field2=''; #ON or emtpy
	36	my $field3=''; #std_net_src or src_addr
	37	my $field4=''; #ALL or IP-Address with /32
	38	my $field5='ipfire';
	39	my $field6=''; #Default IP or alias name
	40	my $field11='ON'; #use target port
	41	my $field12=''; #TCP or UDP
	42	my $field13='All ICMP-Types';
	43	my $field14='TGT_PORT';
	44	my $field15=''; #Port Number
	45	my $field16=''; #remark
	46	my $field26='00:00';
	47	my $field27='00:00';
ac9e77e3 AM	48	my $field28 = '';
	49	my $field29 = 'ALL';
	50	my $field30 = '';
	51	my $field31 = 'dnat';
37c84696 SS	52
	53	if (! -e "$xtaccessconfig") {
	54	print "Config file for external access not found. Exiting!\n";
	55	exit(1);
	56	}
	57
	58	if (! -s "$xtaccessconfig") {
	59	print "Empty external access configuration file. Nothing to do. Exiting...\n";
	60	exit(0);
	61	}
	62
27f4a6b1 AM	63	open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
	64	my @current = <FILE>;
	65	close(FILE);
	66	open(FILE1, $aliasconfig) or die 'Unable to open config file.';
	67	my @alias = <FILE1>;
	68	close(FILE1);
	69	&General::readhasharray($inputfwconfig,\%configinputfw);
	70
	71	foreach my $line (@current){
	72	my ($a,$b,$c,$d,$e,$f) = split (",",$line);
	73	$e =~ s/\R//g;
	74	if ($f gt ''){
	75	$f =~ s/\R//g;
	76	$field16=$f;
	77	}
	78	#active or not
	79	$field2=uc($d);
	80	#get protocol
	81	if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
	82	#check source address
	83	if ($b eq '0.0.0.0/0'){
	84	$field3='std_net_src';
	85	$field4='ALL';
	86	}elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
	87	$field3='src_addr';
	88	$field4=$b."/32";
	89	}elsif ($b =~ /^(.?)\/(.?)$/) {
	90	$field3='src_addr';
	91	$field4=$b;
	92	}else{
	93	print "Regel konnte nicht konvertiert werden!\n";
	94	}
	95	#check ipfire address
	96	if ($e eq '0.0.0.0'){
fb0ce575	97	$field6 = 'RED1';
27f4a6b1 AM	98	}else{
	99	foreach my $line (@alias){
	100	my ($ip,$state,$aliasname) = split (",",$line);
	101	if ($ip eq $e){
	102	$aliasname =~ s/\R//g;
	103	$field6 = $aliasname;
	104	}
	105	}
	106	}
	107	#get target port
	108	$c=~ s/\R//g;
	109	$c=~ tr/-/:/;
	110	if ($c =~ /^(\D)\:(\d+)$/) {
	111	$c = "1:$2";
	112	}
	113	if ($c =~ /^(\d+)\:(\D)$/) {
	114	$c = "$1:65535";
	115	}
	116	$field15=$c;
27f4a6b1	117	my $key = &General::findhasharraykey (\%configinputfw);
ac9e77e3	118	foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
27f4a6b1 AM	119	$configinputfw{$key}[0] = $field0;
	120	$configinputfw{$key}[1] = $field1;
	121	$configinputfw{$key}[2] = $field2;
	122	$configinputfw{$key}[3] = $field3;
	123	$configinputfw{$key}[4] = $field4;
	124	$configinputfw{$key}[5] = $field5;
	125	$configinputfw{$key}[6] = $field6;
	126	$configinputfw{$key}[7] = '';
a8ccb45c	127	$configinputfw{$key}[8] = $field12;
27f4a6b1 AM	128	$configinputfw{$key}[9] = '';
	129	$configinputfw{$key}[10] = '';
	130	$configinputfw{$key}[11] = $field11;
a8ccb45c AM	131	$configinputfw{$key}[12] = '';
a8ccb45c AM	132	$configinputfw{$key}[13] = '';
27f4a6b1 AM	133	$configinputfw{$key}[14] = $field14;
	134	$configinputfw{$key}[15] = $field15;
	135	$configinputfw{$key}[16] = $field16;
	136	$configinputfw{$key}[17] = '';
	137	$configinputfw{$key}[18] = '';
	138	$configinputfw{$key}[19] = '';
	139	$configinputfw{$key}[20] = '';
	140	$configinputfw{$key}[21] = '';
	141	$configinputfw{$key}[22] = '';
	142	$configinputfw{$key}[23] = '';
	143	$configinputfw{$key}[24] = '';
	144	$configinputfw{$key}[25] = '';
	145	$configinputfw{$key}[26] = $field26;
	146	$configinputfw{$key}[27] = $field27;
ac9e77e3 AM	147	$configinputfw{$key}[28] = $field28;
	148	$configinputfw{$key}[29] = $field29;
	149	$configinputfw{$key}[30] = $field30;
	150	$configinputfw{$key}[31] = $field31;
27f4a6b1 AM	151	&General::writehasharray($inputfwconfig,\%configinputfw);
27f4a6b1 AM	152	}