]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - config/firewall/firewall-lib.pl
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard...
[people/teissler/ipfire-2.x.git] / config / firewall / firewall-lib.pl
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 no warnings 'uninitialized';
24
25 package fwlib;
26
27 my %customnetwork=();
28 my %customhost=();
29 my %customgrp=();
30 my %customservice=();
31 my %customservicegrp=();
32 my %ccdnet=();
33 my %ccdhost=();
34 my %ipsecconf=();
35 my %ipsecsettings=();
36 my %netsettings=();
37 my %ovpnsettings=();
38
39 require '/var/ipfire/general-functions.pl';
40
41 my $confignet = "${General::swroot}/fwhosts/customnetworks";
42 my $confighost = "${General::swroot}/fwhosts/customhosts";
43 my $configgrp = "${General::swroot}/fwhosts/customgroups";
44 my $configsrv = "${General::swroot}/fwhosts/customservices";
45 my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
46 my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
47 my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
48 my $configipsec = "${General::swroot}/vpn/config";
49 my $configovpn = "${General::swroot}/ovpn/settings";
50 my $val;
51 my $field;
52
53 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
54 &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
55 &General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
56
57
58 &General::readhasharray("$confignet", \%customnetwork);
59 &General::readhasharray("$confighost", \%customhost);
60 &General::readhasharray("$configgrp", \%customgrp);
61 &General::readhasharray("$configccdnet", \%ccdnet);
62 &General::readhasharray("$configccdhost", \%ccdhost);
63 &General::readhasharray("$configipsec", \%ipsecconf);
64 &General::readhasharray("$configsrv", \%customservice);
65 &General::readhasharray("$configsrvgrp", \%customservicegrp);
66
67 sub get_srv_prot
68 {
69 my $val=shift;
70 foreach my $key (sort {$a <=> $b} keys %customservice){
71 if($customservice{$key}[0] eq $val){
72 if ($customservice{$key}[0] eq $val){
73 return $customservice{$key}[2];
74 }
75 }
76 }
77 }
78 sub get_srvgrp_prot
79 {
80 my $val=shift;
81 my @ips=();
82 my $tcp;
83 my $udp;
84 my $icmp;
85 foreach my $key (sort {$a <=> $b} keys %customservicegrp){
86 if($customservicegrp{$key}[0] eq $val){
87 if (&get_srv_prot($customservicegrp{$key}[2]) eq 'TCP'){
88 $tcp=1;
89 }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'UDP'){
90 $udp=1;
91 }elsif(&get_srv_prot($customservicegrp{$key}[2]) eq 'ICMP'){
92 $icmp=1;
93 }
94 }
95 }
96 if ($tcp eq '1'){push (@ips,'TCP');}
97 if ($udp eq '1'){push (@ips,'UDP');}
98 if ($icmp eq '1'){push (@ips,'ICMP');}
99 my $back=join(",",@ips);
100 return $back;
101
102 }
103
104
105 sub get_srv_port
106 {
107 my $val=shift;
108 my $field=shift;
109 my $prot=shift;
110 foreach my $key (sort {$a <=> $b} keys %customservice){
111 if($customservice{$key}[0] eq $val && $customservice{$key}[2] eq $prot){
112 return $customservice{$key}[$field];
113 }
114 }
115 }
116 sub get_srvgrp_port
117 {
118 my $val=shift;
119 my $prot=shift;
120 my $back;
121 my $value;
122 my @ips=();
123 foreach my $key (sort {$a <=> $b} keys %customservicegrp){
124 if($customservicegrp{$key}[0] eq $val){
125 if ($prot ne 'ICMP'){
126 $value=&get_srv_port($customservicegrp{$key}[2],1,$prot);
127 }elsif ($prot eq 'ICMP'){
128 $value=&get_srv_port($customservicegrp{$key}[2],3,$prot);
129 }
130 push (@ips,$value) if ($value ne '') ;
131 }
132 }
133 if($prot ne 'ICMP'){
134 if ($#ips gt 0){$back="-m multiport --dports ";}else{$back="--dport ";}
135 }elsif ($prot eq 'ICMP'){
136 $back="--icmp-type ";
137 }
138
139 $back.=join(",",@ips);
140 return $back;
141 }
142 sub get_ipsec_net_ip
143 {
144 my $val=shift;
145 my $field=shift;
146 foreach my $key (sort {$a <=> $b} keys %ipsecconf){
147 if($ipsecconf{$key}[1] eq $val){
148 return $ipsecconf{$key}[$field];
149 }
150 }
151 }
152 sub get_ipsec_host_ip
153 {
154 my $val=shift;
155 my $field=shift;
156 foreach my $key (sort {$a <=> $b} keys %ipsecconf){
157 if($ipsecconf{$key}[1] eq $val){
158 return $ipsecconf{$key}[$field];
159 }
160 }
161 }
162 sub get_ovpn_n2n_ip
163 {
164 my $val=shift;
165 my $field=shift;
166 foreach my $key (sort {$a <=> $b} keys %ccdhost){
167 if($ccdhost{$key}[1] eq $val){
168 return $ccdhost{$key}[$field];
169 }
170 }
171 }
172 sub get_ovpn_host_ip
173 {
174 my $val=shift;
175 my $field=shift;
176 foreach my $key (sort {$a <=> $b} keys %ccdhost){
177 if($ccdhost{$key}[1] eq $val){
178 return $ccdhost{$key}[$field];
179 }
180 }
181 }
182 sub get_ovpn_net_ip
183 {
184
185 my $val=shift;
186 my $field=shift;
187 foreach my $key (sort {$a <=> $b} keys %ccdnet){
188 if($ccdnet{$key}[0] eq $val){
189 return $ccdnet{$key}[$field];
190 }
191 }
192 }
193 sub get_grp_ip
194 {
195 my $val=shift;
196 my $src=shift;
197 foreach my $key (sort {$a <=> $b} keys %customgrp){
198 if ($customgrp{$key}[0] eq $val){
199 &get_address($customgrp{$key}[3],$src);
200 }
201 }
202
203 }
204 sub get_std_net_ip
205 {
206 my $val=shift;
207 my $con=shift;
208 if ($val eq 'ALL'){
209 return "0.0.0.0/0.0.0.0";
210 }elsif($val eq 'GREEN'){
211 return "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
212 }elsif($val eq 'ORANGE'){
213 return "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
214 }elsif($val eq 'BLUE'){
215 return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
216 }elsif($val eq 'RED'){
217 return "0.0.0.0/0 -o $con";
218 }elsif($val =~ /OpenVPN/i){
219 return "$ovpnsettings{'DOVPN_SUBNET'}";
220 }elsif($val =~ /IPsec/i){
221 return "$ipsecsettings{'RW_NET'}";
222 }elsif($val eq 'IPFire'){
223 return ;
224 }
225 }
226 sub get_net_ip
227 {
228 my $val=shift;
229 foreach my $key (sort {$a <=> $b} keys %customnetwork){
230 if($customnetwork{$key}[0] eq $val){
231 return "$customnetwork{$key}[1]/$customnetwork{$key}[2]";
232 }
233 }
234 }
235 sub get_host_ip
236 {
237 my $val=shift;
238 my $src=shift;
239 foreach my $key (sort {$a <=> $b} keys %customhost){
240 if($customhost{$key}[0] eq $val){
241 if ($customhost{$key}[1] eq 'mac' && $src eq 'src'){
242 return "-m mac --mac-source $customhost{$key}[2]";
243 }elsif($customhost{$key}[1] eq 'ip' && $src eq 'src'){
244 return "$customhost{$key}[2]";
245 }elsif($customhost{$key}[1] eq 'ip' && $src eq 'tgt'){
246 return "$customhost{$key}[2]";
247 }elsif($customhost{$key}[1] eq 'mac' && $src eq 'tgt'){
248 return "none";
249 }
250 }
251 }
252 }
253
254 return 1;
Timo's tree of IPFire 2.x