core125: Ship JSON-C

[people/pmueller/ipfire-2.x.git] / config / firewall / convert-outgoingfw
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw

index d2672cbe0bdc3fed67888481c3aebe910665ad05..c917f8438491b243f2c99866b084fe4be301a26e 100755 (executable)
--- a/config/firewall/convert-outgoingfw
+++ b/config/firewall/convert-outgoingfw
@@ -48,8 +48,8 @@ my $ccdconfig         = "${General::swroot}/ovpn/ccd.conf";
  my $fwdfwconfig                = "${General::swroot}/firewall/config";
  my $outfwconfig                = "${General::swroot}/firewall/outgoing";
  my $fwdfwsettings      = "${General::swroot}/firewall/settings";
-my @ipgroups = qx(ls $ipgrouppath);
-my @macgroups = qx(ls $macgrouppath);
+my @ipgroups = qx(ls $ipgrouppath 2>/dev/null);
+my @macgroups = qx(ls $macgrouppath 2>/dev/null);
  my @hostarray=();
  my %outsettings=();
  my %hosts=();
@@ -65,16 +65,41 @@ my %ownnet=();
  my %ovpnSettings = ();
  my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', 'Активен', 'Aktif');
  &General::readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
-&General::readhash($outfwsettings,\%outsettings);
  &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
  
+if (-e "$outfwsettings") {
+       &General::readhash($outfwsettings,\%outsettings);
+}
+else
+{
+       print "Config file for outgoing-firewall not found. Exiting!\n";
+       exit(1);
+}
+
+if (! -s "$outfwsettings") {
+        print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+        #Fill the firewall settings file
+       open (SETTINGS, ">/var/ipfire/firewall/settings");
+       print SETTINGS "POLICY=MODE2\n";
+       print SETTINGS "POLICY1=MODE2\n";
+       close (SETTINGS);
+        exit(0);
+}
+
  #ONLY RUN if /var/ipfire/outgoing exists
  if ( -d "/var/ipfire/outgoing"){
         &process_groups;
         &process_rules;
         &process_p2p;
  }
+else
+{
+       print "/var/ipfire/outgoing not found. Exiting!\n";
+       exit 1
+}
+
  system("/usr/local/bin/firewallctrl");
+
  sub process_groups
  {
         if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
@@ -111,7 +136,7 @@ sub process_groups
         foreach my $group (@macgroups){
                 chomp $group;
                 print LOG "\nProcessing MAC-GROUP: $group...\n";
-               open (DATEI, "<$macgrouppath/$group");
+               open (DATEI, "<$macgrouppath/$group") or die 'Unable to open config file.';
                 my @zeilen = <DATEI>;
                 foreach my $mac (@zeilen){
                         chomp($mac);
@@ -402,8 +427,8 @@ sub process_rules
                                 $grp1='std_net_src';
                                 $source='ORANGE';
                         }elsif ($configline[2] eq 'red') {
-                               $grp1='std_net_src';
-                               $source='IPFire';
+                               $grp1='ipfire_src';
+                               $source='RED1';
                                 &General::readhash($fwdfwsettings,\%fwdsettings);
                                 $fwdsettings{'POLICY1'}=$outsettings{'POLICY'};
                                 $fwdsettings{'POLICY'}=$outsettings{'POLICY'};
@@ -513,7 +538,7 @@ sub process_rules
                 my $chain;
                 foreach my $protocol (@prot){
                         my $now=localtime;
-                       if ($source eq 'IPFire'){
+                       if ($source eq 'RED1'){
                                 $chain='OUTGOINGFW';
                         }else{
                                 $chain='FORWARDFW';
@@ -675,5 +700,5 @@ sub build_ovpn_grp
  sub process_p2p
  {
         copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/firewall/p2protocols");
-       chmod oct('0777'), '/var/ipfire/firewall/p2protocols';
+       chown 99, 99, '/var/ipfire/firewall/p2protocols';
  }