]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - config/forwardfw/convert-dmz
3 ########################################################################
6 # Author: Alexander Marx (amarx@ipfire.org)
7 ########################################################################
9 # This script converts old dmz holes rules from old Firewall
10 # to the new one. This is a 2-step process.
11 # STEP1: read old config and normalize settings
12 # STEP2: check valid ip and save valid rules to new firewall
14 ########################################################################
20 require '/var/ipfire/general-functions.pl';
21 my $dmzconfig = "${General::swroot}/dmzholes/config";
22 my $fwdfwconfig = "${General::swroot}/forward/config";
23 my $ifacesettings = "${General::swroot}/ethernet/settings";
24 my $field0 = 'ACCEPT';
25 my $field1 = 'FORWARDFW';
26 my $field2 = ''; #ON or emtpy
27 my $field3 = ''; #std_net_src or src_addr
28 my $field4 = ''; #ALL or IP-Address with /32
29 my $field5 = ''; #std_net_tgt or tgt_addr
30 my $field6 = ''; #IP or network name
31 my $field11 = 'ON'; #use target port
32 my $field12 = ''; #TCP or UDP
33 my $field13 = 'All ICMP-Types';
34 my $field14 = 'TGT_PORT';
35 my $field15 = ''; #Port Number
36 my $field16 = ''; #remark
37 my $field26 = '00:00';
38 my $field27 = '00:00';
45 open(FILE
, $dmzconfig) or die 'Unable to open config file.';
49 open (LOG
, ">/var/log/converters/dmz-convert.log") or die $!;
50 &General
::readhash
($ifacesettings, \
%ifaces);
51 &General
::readhasharray
($fwdfwconfig,\
%configfwdfw);
54 foreach my $line (@current){
56 #get values from old configfile
57 my ($a,$b,$c,$d,$e,$f,$g,$h) = split (",",$line);
59 print LOG
"$now Processing A: $a B: $b C: $c D: $d E: $e F: $f G: $g H: $h\n";
60 #Now convert values and check ip addresses
63 $field2=$e if($e eq 'ON');
66 if (&General
::validipandmask
($b)){
67 #When ip valid, check if we have a network
68 my ($ip,$subnet) = split ("/",$b);
69 if ($f eq 'orange' && $ip eq $ifaces{'ORANGE_NETADDRESS'}){
70 $field3='std_net_src';
72 }elsif($f eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
73 $field3='std_net_src';
75 }elsif($f eq 'orange' && &General
::IpInSubnet
($ip,$ifaces{'ORANGE_NETADDRESS'},$ifaces{'ORANGE_NETMASK'})){
78 }elsif($f eq 'blue' && &General
::IpInSubnet
($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
82 print LOG
"$now ->NOT Converted, source ip $b not part of source network $f \n\n";
86 print LOG
"$now -> SOURCE IP INVALID. \n\n";
91 if (&General
::validipandmask
($c)){
93 #When ip valid, check if we have a network
94 my ($ip,$subnet) = split ("/",$c);
95 if ($g eq 'green' && $ip eq $ifaces{'GREEN_NETADDRESS'}){
96 $field5='std_net_tgt';
98 }elsif($g eq 'blue' && $ip eq $ifaces{'BLUE_NETADDRESS'}){
99 $field5='std_net_tgt';
101 }elsif($g eq 'green' && &General
::IpInSubnet
($ip,$ifaces{'GREEN_NETADDRESS'},$ifaces{'GREEN_NETMASK'})){
104 }elsif($g eq 'blue' && &General
::IpInSubnet
($ip,$ifaces{'BLUE_NETADDRESS'},$ifaces{'BLUE_NETMASK'})){
108 print LOG
"$now ->NOT Converted, target ip $c not part of target network $g \n\n";
112 print LOG
"$now -> TARGET IP INVALID. \n\n";
120 my $key = &General
::findhasharraykey
(\
%configfwdfw);
121 foreach my $i (0 .. 27) { $configfwdfw{$key}[$i] = "";}
122 $configfwdfw{$key}[0] = $field0;
123 $configfwdfw{$key}[1] = $field1;
124 $configfwdfw{$key}[2] = $field2;
125 $configfwdfw{$key}[3] = $field3;
126 $configfwdfw{$key}[4] = $field4;
127 $configfwdfw{$key}[5] = $field5;
128 $configfwdfw{$key}[6] = $field6;
129 $configfwdfw{$key}[7] = '';
130 $configfwdfw{$key}[8] = '';
131 $configfwdfw{$key}[9] = '';
132 $configfwdfw{$key}[10] = '';
133 $configfwdfw{$key}[11] = $field11;
134 $configfwdfw{$key}[12] = $field12;
135 $configfwdfw{$key}[13] = $field13;
136 $configfwdfw{$key}[14] = $field14;
137 $configfwdfw{$key}[15] = $field15;
138 $configfwdfw{$key}[16] = $field16;
139 $configfwdfw{$key}[17] = '';
140 $configfwdfw{$key}[18] = '';
141 $configfwdfw{$key}[19] = '';
142 $configfwdfw{$key}[20] = '';
143 $configfwdfw{$key}[21] = '';
144 $configfwdfw{$key}[22] = '';
145 $configfwdfw{$key}[23] = '';
146 $configfwdfw{$key}[24] = '';
147 $configfwdfw{$key}[25] = '';
148 $configfwdfw{$key}[26] = $field26;
149 $configfwdfw{$key}[27] = $field27;
150 $configfwdfw{$key}[28] = $field28;
151 $configfwdfw{$key}[29] = $field29;
152 $configfwdfw{$key}[30] = $field30;
153 $configfwdfw{$key}[31] = $field31;
154 print LOG
"$Now -> Converted to $field0,$field1,$field2,$field3,$field4,$field5,$field6,,,,,$field11,$field12,$field13,$field14,$field15,$field16,,,,,,,,,,$field26,$field27\n";
156 &General
::writehasharray
($fwdfwconfig,\
%configfwdfw);
164 #ip with subnet in decimal
165 if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d
{1,2})$/){
166 $adr=int($1).".".int($2).".".int($3).".".int($4);
167 my $b = &General
::iporsubtodec
($5);
169 }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
170 $adr=int($1).".".int($2).".".int($3).".".int($4);
171 if(&General
::validip
($adr)){
175 if(&General
::validipandmask
($adr)){
176 $a=&General
::iporsubtodec
($adr);