&process_groups;
&process_rules;
&process_p2p;
-
+system("/usr/local/bin/forwardfwctrl");
sub process_groups
{
if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
$adr=int($1).".".int($2).".".int($3).".".int($4);
my $b = &General::iporsubtodec($5);
$a=$adr."/".$b;
- }
- if($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+ }elsif($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$adr=int($1).".".int($2).".".int($3).".".int($4);
if(&General::validip($adr)){
$a=$adr."/255.255.255.255";
&General::writehasharray($confighosts,\%hosts);
&General::writehasharray($configgroups,\%groups);
&General::writehasharray($confignets,\%nets);
-
+
}
sub check_host
{
&General::readhash($fwdfwsettings,\%fwdsettings);
if($fwdsettings{'POLICY'} ne $outsettings{'POLICY'}){
$fwdsettings{'POLICY'}=$outsettings{'POLICY'};
+ $fwdsettings{'POLICY1'}='MODE2';
&General::writehash($fwdfwsettings,\%fwdsettings);
}
#open LOG
if($configline[0] eq $type){
#some variables we can use from old config
if($configline[1] eq 'on'){ $active='ON';}else{$active='';}
- if($configline[3] eq 'all'){
+ if($configline[3] eq 'all' && $configline[8] ne ''){
+ push(@prot,"TCP");
+ push(@prot,"UDP");
+ }elsif($configline[3] eq 'all' && $configline[8] eq ''){
push(@prot,"");
- $useport='ON';
- $grp3='TGT_PORT';
}else{
push(@prot,$configline[3]);
- $useport='ON';
- $grp3='TGT_PORT';
}
- if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';}
- if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';}
+
+ if($configline[4] ne ''){
+ $configline[4] =~ s/,/;/g;
+ $remark = $configline[4];
+ }else{$remark = '';}
+ if($configline[9] eq 'Active'){ $log='ON';}else{$log='';}
if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
$time='';
}elsif ($configline[2] eq 'ip') {
my $z=&check_ip($configline[5]);
if($z){
+ my ($ipa,$subn) = split("/",$z);
+ $subn=&General::iporsubtocidr($subn);
$grp1='src_addr';
- $source=$z;
+ $source="$ipa/$subn";
}else{
print LOG "-> Rule not converted, missing/invalid source ip \"$configline[5]\"\n";
next;
if($configline[7] ne ''){
my $address=&check_ip($configline[7]);
if($address){
+ my ($dip,$dsub) = split("/",$address);
+ $dsub=&General::iporsubtocidr($dsub);
$grp2='tgt_addr';
- $target=$address;
+ $target="$dip/$dsub";
}elsif(!$address){
my $getwebsiteip=&get_ip_from_domain($configline[7]);
if ($getwebsiteip){
}
}
&General::writehasharray($fwdfwconfig,\%fwconfig);
- system("/usr/local/bin/forwardfwctrl");
@prot=();
}
close(LOG);
sub process_p2p
{
copy("/var/ipfire/outgoing/p2protocols","/var/ipfire/forward/p2protocols");
- chmod oct(0777), '/var/ipfire/forward/p2protocols';
+ chmod oct('0777'), '/var/ipfire/forward/p2protocols';
}