Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard...
[people/teissler/ipfire-2.x.git] / config / firewall / convert-portfw
index f6ddd25a5322a85ec542c6de576e80a51d3b6fc8..447ef90a760784689fb142ed8835f1957f01450e 100755 (executable)
@@ -107,9 +107,9 @@ sub build_rules
                $active = uc $active;
                $prot   = uc $prot;
                chomp($remark);
-               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
+               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
                my $now=localtime;
-               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
+               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,*,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
        }
 }
 sub write_rules
@@ -120,15 +120,22 @@ sub write_rules
        &General::readhasharray($confignat,\%nat);
        foreach my $line (@built_rules){
                $skip='';
-               my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
+               my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$dummy,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
                foreach my $key (sort keys %nat){
-                       if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
+                       if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
                                my $now=localtime;
-                               print LOG "$now         SKIP->  Rule  $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
+                               print LOG "$now         SKIP->  Rule  $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
                                $skip='1';
                        }
                }
                if ($skip ne '1'){
+                       if ( $prot eq 'GRE'){
+                               $tgt_port='';
+                               $tgt_port1='';
+                               $use_port='';
+                               $ipfireport='';
+                               $use_prot='';
+                       }
                        $id = &General::findhasharraykey(\%nat);
                        $nat{$id}[0]  = $action;
                        $nat{$id}[1]  = $chain;
@@ -137,9 +144,9 @@ sub write_rules
                        $nat{$id}[4]  = $src1;
                        $nat{$id}[5]  = $tgt;
                        $nat{$id}[6]  = $tgt1;
-                       $nat{$id}[11] = $use_prot;
-                       $nat{$id}[12] = $prot;
-                       $nat{$id}[13] = $dummy;
+                       $nat{$id}[7]  = $dummy;
+                       $nat{$id}[8]  = $prot;
+                       $nat{$id}[11] = $use_port;
                        $nat{$id}[14] = $tgt_port;
                        $nat{$id}[15] = $tgt_port1;
                        $nat{$id}[16] = $remark;