]>
Commit | Line | Data |
---|---|---|
6b681c40 AM |
1 | #!/usr/bin/perl |
2 | ||
3 | ######################################################################## | |
4 | # Script: convert-portfw | |
5 | # Date: 19.03.2013 | |
6 | # Author: Alexander Marx (amarx@ipfire.org) | |
7 | ######################################################################## | |
8 | # | |
9 | # This script converts old portforwarding rules from old Firewall | |
10 | # to the new one. This is a 3-step process. | |
11 | # STEP1: read old config and normalize settings | |
12 | # STEP2: create new rules from old ones | |
13 | # STEP3: check if rule already exists, when not, put it into | |
14 | # /var/ipfire/forward/nat | |
15 | ######################################################################## | |
16 | require '/var/ipfire/general-functions.pl'; | |
17 | my @values=(); | |
18 | my @built_rules=(); | |
19 | my %nat=(); | |
20 | my $portfwconfig = "${General::swroot}/portfw/config"; | |
21 | my $confignat = "${General::swroot}/forward/nat"; | |
22 | my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark); | |
23 | my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1); | |
24 | my $count=0; | |
25 | my $jump; | |
26 | if(! -d "/var/log/converters"){ mkdir("/var/log/converters");} | |
27 | open(FILE, $portfwconfig) or die 'Unable to open config file.'; | |
28 | my @current = <FILE>; | |
29 | close(FILE); | |
30 | open (LOG, ">/var/log/converters/portfw-convert.log") or die $!; | |
31 | open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.'; | |
32 | my @alias = <ALIAS>; | |
33 | close(ALIAS); | |
34 | &get_config; | |
35 | &build_rules; | |
36 | &write_rules; | |
37 | sub get_config | |
38 | { | |
39 | print LOG "STEP 1: Get config from old portforward\n#########################################\n"; | |
40 | foreach my $line (@current){ | |
41 | if($jump eq '1'){ | |
42 | $jump=''; | |
43 | $count++; | |
44 | next; | |
45 | } | |
46 | my $u=$count+1; | |
47 | ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line); | |
48 | ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]); | |
49 | if ($flag1 eq '1'){ | |
50 | $source=$source1; | |
51 | $jump='1'; | |
52 | } | |
53 | my $now=localtime; | |
54 | chomp($remark); | |
55 | print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n"; | |
56 | push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark); | |
57 | $count++; | |
58 | } | |
59 | } | |
60 | sub build_rules | |
61 | { | |
62 | print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n"; | |
63 | my $src; | |
64 | my $src1; | |
65 | my $ipfireip; | |
66 | my $count=0; | |
67 | my $stop; | |
68 | #build rules for new firewall | |
69 | foreach my $line (@values){ | |
70 | chomp ($line); | |
71 | ($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line); | |
72 | $count++; | |
73 | #get sourcepart | |
74 | if($source eq '0.0.0.0/0'){ | |
75 | $src = 'std_net_src'; | |
76 | $src1 = 'ALL'; | |
77 | }else{ | |
78 | $src = 'src_addr'; | |
79 | my ($a,$b) = split("/",$source); | |
80 | $src1 = $a."/32"; | |
81 | } | |
82 | #get ipfire ip | |
83 | if($alias eq '0.0.0.0'){ | |
84 | $alias='ALL'; | |
85 | }else{ | |
86 | foreach my $ali (@alias){ | |
87 | my ($alias_ip,$alias_active,$alias_name) = split (",",$ali); | |
88 | if($alias eq $alias_name){ | |
89 | $alias=$alias_name; | |
90 | } | |
91 | } | |
92 | } | |
93 | $active = uc $active; | |
94 | $prot = uc $prot; | |
95 | $remark = chomp($remark); | |
96 | push (@built_rules,"ACCEPT,NAT_DESTINATION,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat"); | |
97 | my $now=localtime; | |
98 | print LOG "$now Converted-> KEY: $count ACCEPT,NAT_DESTINATION,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n"; | |
99 | } | |
100 | } | |
101 | sub write_rules | |
102 | { | |
103 | my $skip=''; | |
104 | my $id; | |
105 | print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n"; | |
106 | &General::readhasharray($confignat,\%nat); | |
107 | foreach my $line (@built_rules){ | |
108 | $skip=''; | |
109 | my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line); | |
110 | foreach my $key (sort keys %nat){ | |
111 | if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){ | |
112 | my $now=localtime; | |
113 | print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n"; | |
114 | $skip='1'; | |
115 | } | |
116 | } | |
117 | if ($skip ne '1'){ | |
118 | $id = &General::findhasharraykey(\%nat); | |
119 | $nat{$id}[0] = $action; | |
120 | $nat{$id}[1] = $chain; | |
121 | $nat{$id}[2] = $active; | |
122 | $nat{$id}[3] = $src; | |
123 | $nat{$id}[4] = $src1; | |
124 | $nat{$id}[5] = $tgt; | |
125 | $nat{$id}[6] = $tgt1; | |
126 | $nat{$id}[11] = $use_prot; | |
127 | $nat{$id}[12] = $prot; | |
128 | $nat{$id}[13] = $dummy; | |
129 | $nat{$id}[14] = $tgt_port; | |
130 | $nat{$id}[15] = $tgt_port1; | |
131 | $nat{$id}[16] = $remark; | |
132 | $nat{$id}[26] = $from; | |
133 | $nat{$id}[27] = $to; | |
134 | $nat{$id}[28] = $use_port; | |
135 | $nat{$id}[29] = $alias; | |
136 | $nat{$id}[30] = $ipfireport; | |
137 | $nat{$id}[31] = $dnat; | |
138 | my $now=localtime; | |
139 | print LOG "$now NEW RULE-> Rule $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n"; | |
140 | } | |
141 | } | |
142 | &General::writehasharray($confignat,\%nat); | |
143 | } | |
144 | close (LOG); |