$logmessage = $1;
system('logger', '-t', $tag, $logmessage);
}
+sub setup_default_networks
+{
+ my %netsettings=();
+ my $defaultNetworks = shift;
+
+ &readhash("/var/ipfire/ethernet/settings", \%netsettings);
+
+ # Get current defined networks (Red, Green, Blue, Orange)
+ $defaultNetworks->{$Lang::tr{'fwhost any'}}{'IPT'} = "0.0.0.0/0.0.0.0";
+ $defaultNetworks->{$Lang::tr{'fwhost any'}}{'NAME'} = "ALL";
+
+ $defaultNetworks->{$Lang::tr{'green'}}{'IPT'} = "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'green'}}{'NET'} = "$netsettings{'GREEN_ADDRESS'}";
+ $defaultNetworks->{$Lang::tr{'green'}}{'NAME'} = "GREEN";
+
+ if ($netsettings{'RED_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'IPT'} = "$netsettings{'RED_NETADDRESS'}/$netsettings{'RED_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NET'} = "$netsettings{'RED_ADDRESS'}";
+ $defaultNetworks->{$Lang::tr{'fwdfw red'}}{'NAME'} = "RED";
+ }
+ if ($netsettings{'ORANGE_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'orange'}}{'IPT'} = "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'orange'}}{'NET'} = "$netsettings{'ORANGE_ADDRESS'}";
+ $defaultNetworks->{$Lang::tr{'orange'}}{'NAME'} = "ORANGE";
+ }
+
+ if ($netsettings{'BLUE_DEV'} ne ''){
+ $defaultNetworks->{$Lang::tr{'blue'}}{'IPT'} = "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
+ $defaultNetworks->{$Lang::tr{'blue'}}{'NET'} = "$netsettings{'BLUE_ADDRESS'}";
+ $defaultNetworks->{$Lang::tr{'blue'}}{'NAME'} = "BLUE";
+ }
+
+ #IPFire himself
+ $defaultNetworks->{'IPFire'}{'NAME'} = "IPFire";
+
+ # OpenVPN
+ if(-e "${General::swroot}/ovpn/settings")
+ {
+ my %ovpnSettings = ();
+ &readhash("${General::swroot}/ovpn/settings", \%ovpnSettings);
+
+ # OpenVPN on Red?
+ if(defined($ovpnSettings{'DOVPN_SUBNET'}))
+ {
+ my ($ip,$sub) = split(/\//,$ovpnSettings{'DOVPN_SUBNET'});
+ $sub=&General::iporsubtocidr($sub);
+ my @tempovpnsubnet = split("\/", $ovpnSettings{'DOVPN_SUBNET'});
+ $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'ADR'} = $tempovpnsubnet[0];
+ $defaultNetworks->{'OpenVPN ' ."($ip/$sub)"}{'NAME'} = "OpenVPN-Dyn";
+ }
+ } # end OpenVPN
+ # IPsec RW NET
+ if(-e "${General::swroot}/vpn/settings")
+ {
+ my %ipsecsettings = ();
+ &readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
+ if($ipsecsettings{'RW_NET'} ne '')
+ {
+ my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
+ $sub=&General::iporsubtocidr($sub);
+ my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
+ $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'ADR'} = $tempipsecsubnet[0];
+ $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NAME'} = "IPsec RW";
+ $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
+ }
+ }
+}
+sub get_aliases
+{
+
+ my $defaultNetworks = shift;
+ open(FILE, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
+ my @current = <FILE>;
+ close(FILE);
+ my $ctr = 0;
+ foreach my $line (@current)
+ {
+ if ($line ne ''){
+ chomp($line);
+ my @temp = split(/\,/,$line);
+ if ($temp[2] eq '') {
+ $temp[2] = "Alias $ctr : $temp[0]";
+ }
+ $defaultNetworks->{$temp[2]}{'IPT'} = "$temp[0]";
+ $defaultNetworks->{$temp[2]}{'NET'} = "$temp[0]";
+
+ $ctr++;
+ }
+ }
+}
sub readhash
{
close FILE;
}
-sub age
-{
+sub age {
my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
- $atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0];
- my $now = time;
- my $timestring = '';
- my $dset = 0; # Day is set, when > 0
- my $hset = 0; # Hour is set, when > 0
- my $mset = 0; # Minute is set, when > 0
-
- my $totalsecs = $now - $mtime;
- my $days = int($totalsecs / 86400);
- my $totalhours = int($totalsecs / 3600);
- my $hours = $totalhours % 24;
- my $totalmins = int($totalsecs / 60);
- my $mins = $totalmins % 60;
- my $secs = $totalsecs % 60;
+ $atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0];
+ my $totalsecs = time() - $mtime;
+ my @s = ();
- if ($days > 1) {
- ${timestring} .= ${days}.' '.$Lang::tr{'days'}.', ';
- $dset = 1;
- }
- elsif ($days == 1) {
- ${timestring} .= ${days}.' '.$Lang::tr{'day'}.', ';
- $dset = 1;
+ my $secs = $totalsecs % 60;
+ $totalsecs /= 60;
+ if ($secs > 0) {
+ push(@s, "${secs}s");
}
- if (($hours > 1) && !($dset)) {
- ${timestring} .= ${hours}.' '.$Lang::tr{'hours'}.', ';
- $hset = 1;
- }
- elsif (($hours == 1) && !($dset)) {
- ${timestring} .= ${hours}.' '.$Lang::tr{'hour'}.', ';
- $hset = 1;
- }
- elsif ($dset) {
- ${timestring} .= ${hours}.' '.$Lang::tr{'age shour'}.', ';
- $hset = 1;
+ my $min = $totalsecs % 60;
+ $totalsecs /= 60;
+ if ($min > 0) {
+ push(@s, "${min}m");
}
- if ((($mins > 1) || ($mins == 0)) && !($dset || $hset)) {
- ${timestring} .= ${mins}.' '.$Lang::tr{'minutes'}.', ';
- $mset = 1;
- }
- elsif (($mins == 1) && !($dset || $hset)) {
- ${timestring} .= ${mins}.' '.$Lang::tr{'minute'}.', ';
- $mset = 1;
- }
- else {
- ${timestring} .= ${mins}.' '.$Lang::tr{'age sminute'}.', ';
- $mset = 1;
+ my $hrs = $totalsecs % 24;
+ $totalsecs /= 24;
+ if ($hrs > 0) {
+ push(@s, "${hrs}h");
}
- if ((($secs > 1) || ($secs == 0)) && !($dset || $hset || $mset)) {
- ${timestring} .= ${secs}.' '.$Lang::tr{'age seconds'};
+ my $days = int($totalsecs);
+ if ($days > 0) {
+ push(@s, "${days}d");
}
- elsif (($secs == 1) && !($dset || $hset || $mset)) {
- ${timestring} .= $secs.' '.$Lang::tr{'age second'};
- }
- else { ${timestring} .= $secs.' '.$Lang::tr{'age ssecond'}; }
- return ${timestring};
+ return join(" ", reverse(@s));
}
sub validip
sub checksubnets
{
- my %ccdconfhash=();
- my @ccdconf=();
- my $ccdname=$_[0];
- my $ccdnet=$_[1];
+ my %ccdconfhash=();
+ my %ovpnconfhash=();
+ my %vpnconf=();
+ my %ipsecconf=();
+ my %ownnet=();
+ my %ovpnconf=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $ownnet=$_[2];
my $errormessage;
my ($ip,$cidr)=split(/\//,$ccdnet);
$cidr=&iporsubtocidr($cidr);
+
#get OVPN-Subnet (dynamic range)
- my %ovpnconf=();
&readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
$ovpncidr=&iporsubtocidr($ovpncidr);
+
#check if we try to use same network as ovpn server
if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
return $errormessage;
}
- #check if we use a network-name/subnet that already exists
+
+ #check if we try to use same network as another ovpn N2N
+ if($ownnet ne 'ovpn'){
+ &readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfhash);
+ foreach my $key (keys %ovpnconfhash) {
+ if ($ovpnconfhash{$key}[3] eq 'net'){
+ my @ovpnnet=split (/\//,$ovpnconfhash{$key}[11]);
+ if (&IpInSubnet($ip,$ovpnnet[0],&iporsubtodec($ovpnnet[1]))){
+ $errormessage=$errormessage.$Lang::tr{'ccd err isovpnn2n'}." $ovpnconfhash{$key}[1] <br>";
+ return $errormessage;
+ }
+ }
+ }
+ }
+
+ #check if we use a network-name/subnet (static-ovpn) that already exists
&readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
foreach my $key (keys %ccdconfhash) {
@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
my ($newip,$newsub) = split(/\//,$ccdnet);
if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1])))
{
- $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+ $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}." $ccdconfhash{$key}[0]<br>";
return $errormessage;
}
}
+
#check if we use a ipsec right network which is already defined
- my %ipsecconf=();
- &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
- foreach my $key (keys %ipsecconf){
- if ($ipsecconf{$key}[11] ne ''){
- my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
- $ipsecsub=&iporsubtodec($ipsecsub);
- if($ipsecconf{$key}[1] ne $ccdname){
- if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
- $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]";
- return $errormessage;
+ if($ownnet ne 'ipsec'){
+ &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+ foreach my $key (keys %ipsecconf){
+ if ($ipsecconf{$key}[11] ne ''){
+ my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+ $ipsecsub=&iporsubtodec($ipsecsub);
+ if($ipsecconf{$key}[1] ne $ccdname){
+ if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+ $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]";
+ return $errormessage;
+ }
}
}
}
}
+
+ #check if we use the ipsec RW Network (if defined)
+ &readhash("${General::swroot}/vpn/settings", \%vpnconf);
+ if ($vpnconf{'RW_NET'} ne ''){
+ my ($ipsecrwnet,$ipsecrwsub)=split (/\//, $vpnconf{'RW_NET'});
+ if (&IpInSubnet($ip,$ipsecrwnet,&iporsubtodec($ipsecrwsub)))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err isipsecrw'}."<br>";
+ return $errormessage;
+ }
+ }
+
#check if we use one of ipfire's networks (green,orange,blue)
- my %ownnet=();
&readhash("${General::swroot}/ethernet/settings", \%ownnet);
- if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
- if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
- if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
- if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
}
'SKIP',
'Photur', #40
'Experimental');
- if ($index>41) {return 'unknown'} else {return @icmp_description[$index]};
+ if ($index>41) {return 'unknown'} else {return $icmp_description[$index]};
}
sub GetCoreUpdateVersion() {
return;
}
+my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/firewall/reread";
+
+sub firewall_config_changed() {
+ open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR";
+ close FILE;
+}
+
+sub firewall_needs_reload() {
+ if (-e "$FIREWALL_RELOAD_INDICATOR") {
+ return 1;
+ }
+
+ return 0;
+}
+
+sub firewall_reload() {
+ system("/usr/local/bin/firewallctrl");
+}
+
1;
projects / people / teissler / ipfire-2.x.git / blobdiff