]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - config/forwardfw/convert-portfw
projects / people / teissler / ipfire-2.x.git / blob
? search:


691cfb429a0a632114d423f43d8ecf1f95c0bd16
[people/teissler/ipfire-2.x.git] / config / forwardfw / convert-portfw
1 #!/usr/bin/perl
2
3 ########################################################################
4 # Script: convert-portfw
5 # Date: 21.03.2013
6 # Author: Alexander Marx (amarx@ipfire.org)
7 ########################################################################
8 #
9 # This script converts old portforwarding rules from old Firewall
10 # to the new one. This is a 3-step process.
11 # STEP1: read old config and normalize settings
12 # STEP2: create new rules from old ones
13 # STEP3: check if rule already exists, when not, put it into
14 # /var/ipfire/forward/nat
15 ########################################################################
16 require '/var/ipfire/general-functions.pl';
17 my @values=();
18 my @built_rules=();
19 my %nat=();
20 my $portfwconfig = "${General::swroot}/portfw/config";
21 my $confignat = "${General::swroot}/forward/config";
22 my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark);
23 my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
24 my $count=0;
25 my $jump;
26 if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
27 open(FILE, $portfwconfig) or die 'Unable to open config file.';
28 my @current = <FILE>;
29 close(FILE);
30 open (LOG, ">/var/log/converters/portfw-convert.log") or die $!;
31 open(ALIAS, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
32 my @alias = <ALIAS>;
33 close(ALIAS);
34 &get_config;
35 &build_rules;
36 &write_rules;
37 sub get_config
38 {
39 print LOG "STEP 1: Get config from old portforward\n#########################################\n";
40 foreach my $line (@current){
41 if($jump eq '1'){
42 $jump='';
43 $count++;
44 next;
45 }
46 my $u=$count+1;
47 ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line);
48 ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]);
49 if ($flag1 eq '1'){
50 $source=$source1;
51 $jump='1';
52 }
53 my $now=localtime;
54 chomp($remark);
55 print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
56 push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
57 $count++;
58 }
59 }
60 sub build_rules
61 {
62 print LOG "\nSTEP 2: Convert old portforwardrules in a useable format\n########################################################\n";
63 my $src;
64 my $src1;
65 my $ipfireip;
66 my $count=0;
67 my $stop;
68 #build rules for new firewall
69 foreach my $line (@values){
70 chomp ($line);
71 ($prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark)=split(",",$line);
72 $count++;
73 #get sourcepart
74 if($source eq '0.0.0.0/0'){
75 $src = 'std_net_src';
76 $src1 = 'ALL';
77 }else{
78 $src = 'src_addr';
79 my ($a,$b) = split("/",$source);
80 $src1 = $a."/32";
81 }
82 #get ipfire ip
83 if($alias eq '0.0.0.0'){
84 $alias='ALL';
85 }else{
86 foreach my $ali (@alias){
87 my ($alias_ip,$alias_active,$alias_name) = split (",",$ali);
88 if($alias eq $alias_ip){
89 chomp($alias_name);
90 $alias=$alias_name;
91 }
92 }
93 }
94 $active = uc $active;
95 $prot = uc $prot;
96 chomp($remark);
97 push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
98 my $now=localtime;
99 print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
100 }
101 }
102 sub write_rules
103 {
104 my $skip='';
105 my $id;
106 print LOG "\nSTEP 3: Create DNAT rules in new firewall\n#########################################\n";
107 &General::readhasharray($confignat,\%nat);
108 foreach my $line (@built_rules){
109 $skip='';
110 my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
111 foreach my $key (sort keys %nat){
112 if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
113 my $now=localtime;
114 print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
115 $skip='1';
116 }
117 }
118 if ($skip ne '1'){
119 $id = &General::findhasharraykey(\%nat);
120 $nat{$id}[0] = $action;
121 $nat{$id}[1] = $chain;
122 $nat{$id}[2] = $active;
123 $nat{$id}[3] = $src;
124 $nat{$id}[4] = $src1;
125 $nat{$id}[5] = $tgt;
126 $nat{$id}[6] = $tgt1;
127 $nat{$id}[11] = $use_prot;
128 $nat{$id}[12] = $prot;
129 $nat{$id}[13] = $dummy;
130 $nat{$id}[14] = $tgt_port;
131 $nat{$id}[15] = $tgt_port1;
132 $nat{$id}[16] = $remark;
133 $nat{$id}[26] = $from;
134 $nat{$id}[27] = $to;
135 $nat{$id}[28] = $use_port;
136 $nat{$id}[29] = $alias;
137 $nat{$id}[30] = $ipfireport;
138 $nat{$id}[31] = $dnat;
139 my $now=localtime;
140 print LOG "$now NEW RULE-> Rule $nat{$id}[0],$nat{$id}[1],$nat{$id}[2],$nat{$id}[3],$nat{$id}[4],$nat{$id}[5],$nat{$id}[6],$nat{$id}[11],$nat{$id}[12],$nat{$id}[13],$nat{$id}[14],$nat{$id}[15],$nat{$id}[16],$nat{$id}[26],$nat{$id}[27],$nat{$id}[28],$nat{$id}[29],$nat{$id}[30],$nat{$id}[31]\n";
141 }
142 }
143 &General::writehasharray($confignat,\%nat);
144 }
145 close (LOG);
Timo's tree of IPFire 2.x