Forward Firewall: cleanup unused code
[people/teissler/ipfire-2.x.git] / config / forwardfw / convert-dmz
CommitLineData
a60dbb4b
AM
1#!/usr/bin/perl
2
3########################################################################
4# Script: convert-dmz
5# Date: 03.04.2013
6# Author: Alexander Marx (amarx@ipfire.org)
7########################################################################
8#
9# This script converts old dmz holes rules from old Firewall
10# to the new one. This is a 2-step process.
11# STEP1: read old config and normalize settings
12# STEP2: check valid ip and save valid rules to new firewall
13#
14########################################################################
15my @current=();
16my @alias=();
17my %configdmz=();
18my %ifaces=();
19my %configfwdfw=();
20require '/var/ipfire/general-functions.pl';
21my $dmzconfig = "${General::swroot}/dmzholes/config";
22my $fwdfwconfig = "${General::swroot}/forward/dmz";
23my $ifacesettings = "${General::swroot}/ethernet/settings";
24my $field0 = 'ACCEPT';
25my $field1 = 'FORWARDFW';
26my $field2 = ''; #ON or emtpy
27my $field3 = ''; #std_net_src or src_addr
28my $field4 = ''; #ALL or IP-Address with /32
29my $field5 = ''; #std_net_tgt or tgt_addr
30my $field6 = ''; #IP or network name
31my $field11 = 'ON'; #use target port
32my $field12 = ''; #TCP or UDP
33my $field13 = 'All ICMP-Types';
34my $field14 = 'TGT_PORT';
35my $field15 = ''; #Port Number
36my $field16 = ''; #remark
37my $field26 = '00:00';
38my $field27 = '00:00';
39open(FILE, $dmzconfig) or die 'Unable to open config file.';
40my @current = <FILE>;
41close(FILE);
42#open LOGFILE
43open (LOG, ">/var/log/converters/dmz-convert.log") or die $!;
44&General::readhash($ifacesettings, \%ifaces);
45&General::readhasharray($fwdfwconfig,\%configfwdfw);
46&process_rules;
47sub process_rules{
48 foreach my $line (@current){
49 my $now=localtime;
50 #get values from old configfile
51 my ($a,$b,$c,$d,$e,$f,$g,$h) = split (",",$line);
f7e649dd
AM
52 $h =~ s/\s*\n//gi;
53 print LOG "$now Processing A: $a B: $b C: $c D: $d E: $e F: $f G: $g H: $h\n";
a60dbb4b
AM
54 #Now convert values and check ip addresses
55 $a=uc($a);
56 $e=uc($e);
57 $field2=$e if($e eq 'ON');
58 #SOURCE IP-check
59 $b=&check_ip($b);
60 if (&General::validipandmask($b)){
61 #When ip valid, check if we have a network
62 my ($ip,$subnet) = split ("/",$b);
63 if ($f eq 'orange' && $ip eq $ifaces{'ORANGE_NETADDRESS'}){
64 $field3='std_net_src';
65 $field4='ORANGE';
66 }elsif($f eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
67 $field3='std_net_src';
68 $field4='BLUE';
69 }elsif($f eq 'orange' && &General::IpInSubnet($ip,$ifaces{'ORANGE_NETADDRESS'},$ifaces{'ORANGE_NETMASK'})){
70 $field3='src_addr';
71 $field4=$b;
72 }elsif($f eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
73 $field3='src_addr';
74 $field4=$b;
75 }else{
76 print LOG "$now ->NOT Converted, source ip $b not part of source network $f \n\n";
77 next;
78 }
79 }else{
80 print LOG "$now -> SOURCE IP INVALID. \n\n";
81 next;
82 }
83 #TARGET IP-check
84 $c=&check_ip($c);
85 if (&General::validipandmask($c)){
86 my $now=localtime;
87 #When ip valid, check if we have a network
88 my ($ip,$subnet) = split ("/",$c);
89 if ($g eq 'green' && $ip eq $ifaces{'GREEN_NETADDRESS'}){
90 $field5='std_net_tgt';
91 $field6='GREEN';
92 }elsif($g eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
93 $field5='std_net_tgt';
94 $field6='BLUE';
95 }elsif($g eq 'green' && &General::IpInSubnet($ip,$ifaces{'GREEN_NETADDRESS'},$ifaces{'GREEN_NETMASK'})){
96 $field5='tgt_addr';
97 $field6=$c;
98 }elsif($g eq 'blue' && &General::IpInSubnet($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
99 $field5='tgt_addr';
100 $field6=$c;
101 }else{
f7e649dd 102 print LOG "$now ->NOT Converted, target ip $c not part of target network $g \n\n";
a60dbb4b
AM
103 next;
104 }
105 }else{
f7e649dd 106 print LOG "$now -> TARGET IP INVALID. \n\n";
a60dbb4b
AM
107 next;
108 }
109 $field12=$a;
110 #convert portrange
111 $d =~ tr/-/:/;
112 $field15=$d;
113 $field16=$h;
a60dbb4b
AM
114 my $key = &General::findhasharraykey (\%configfwdfw);
115 foreach my $i (0 .. 27) { $configfwdfw{$key}[$i] = "";}
116 $configfwdfw{$key}[0] = $field0;
117 $configfwdfw{$key}[1] = $field1;
118 $configfwdfw{$key}[2] = $field2;
119 $configfwdfw{$key}[3] = $field3;
120 $configfwdfw{$key}[4] = $field4;
121 $configfwdfw{$key}[5] = $field5;
122 $configfwdfw{$key}[6] = $field6;
123 $configfwdfw{$key}[7] = '';
124 $configfwdfw{$key}[8] = '';
125 $configfwdfw{$key}[9] = '';
126 $configfwdfw{$key}[10] = '';
127 $configfwdfw{$key}[11] = $field11;
128 $configfwdfw{$key}[12] = $field12;
129 $configfwdfw{$key}[13] = $field13;
130 $configfwdfw{$key}[14] = $field14;
131 $configfwdfw{$key}[15] = $field15;
132 $configfwdfw{$key}[16] = $field16;
133 $configfwdfw{$key}[17] = '';
134 $configfwdfw{$key}[18] = '';
135 $configfwdfw{$key}[19] = '';
136 $configfwdfw{$key}[20] = '';
137 $configfwdfw{$key}[21] = '';
138 $configfwdfw{$key}[22] = '';
139 $configfwdfw{$key}[23] = '';
140 $configfwdfw{$key}[24] = '';
141 $configfwdfw{$key}[25] = '';
142 $configfwdfw{$key}[26] = $field26;
143 $configfwdfw{$key}[27] = $field27;
144 print LOG "$Now -> Converted to $field0,$field1,$field2,$field3,$field4,$field5,$field6,,,,,$field11,$field12,$field13,$field14,$field15,$field16,,,,,,,,,,$field26,$field27\n";
145 }
146 &General::writehasharray($fwdfwconfig,\%configfwdfw);
147close (LOG);
148}
149
150sub check_ip
151{
152 my $adr=shift;
153 my $a;
154 #ip with subnet in decimal
155 if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
156 $adr=int($1).".".int($2).".".int($3).".".int($4);
157 my $b = &General::iporsubtodec($5);
158 $a=$adr."/".$b;
159 }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
160 $adr=int($1).".".int($2).".".int($3).".".int($4);
161 if(&General::validip($adr)){
162 $a=$adr."/32";
163 }
164 }
165 if(&General::validipandmask($adr)){
166 $a=&General::iporsubtodec($adr);
167 }
168 return $a;
169}