Forward Firewall: added converters for old exaccess rules and old rules from outgoing...
authorAlexander Marx <amarx@ipfire.org>
Fri, 18 Jan 2013 07:35:25 +0000 (08:35 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 9 Aug 2013 12:08:11 +0000 (14:08 +0200)
Also fixed a Bug: Day SUN was not checked when in rule-edit mode

config/forwardfw/convert-outgoingfw [new file with mode: 0644]
config/forwardfw/convert-xtaccess [new file with mode: 0644]
config/rootfiles/common/stage2
html/cgi-bin/forwardfw.cgi
lfs/configroot

diff --git a/config/forwardfw/convert-outgoingfw b/config/forwardfw/convert-outgoingfw
new file mode 100644 (file)
index 0000000..282a017
--- /dev/null
@@ -0,0 +1,525 @@
+#!/usr/bin/perl
+
+
+require '/var/ipfire/general-functions.pl';
+use Socket;
+
+my $ipgrouppath        = "${General::swroot}/outgoing/groups/ipgroups/";
+my $macgrouppath       = "${General::swroot}/outgoing/groups/macgroups/";
+my $outgoingrules      = "${General::swroot}/outgoing/rules";
+my $outfwsettings      = "${General::swroot}/outgoing/settings";
+my $host                       = "Converted ";
+my $confighosts                = "${General::swroot}/fwhosts/customhosts";
+my $confignets         = "${General::swroot}/fwhosts/customnetworks";
+my $configgroups       = "${General::swroot}/fwhosts/customgroups";
+my $ovpnsettings       = "${General::swroot}/ovpn/settings";
+my $ovpnconfig         = "${General::swroot}/ovpn/ovpnconfig";
+my $ccdconfig          = "${General::swroot}/ovpn/ccd.conf";
+my $fwdfwconfig                = "${General::swroot}/forward/config";
+my $fwdfwsettings      = "${General::swroot}/forward/settings";
+my @ipgroups = qx(ls $ipgrouppath);
+my @macgroups = qx(ls $macgrouppath);
+my @hostarray=();
+my %outsettings=();
+my %hosts=();
+my %nets=();
+my %groups=();
+my %settingsovpn=();
+my %configovpn=();
+my %ccdconf=();
+my %fwconf=();
+my %fwdsettings=();
+&General::readhash($outfwsettings,\%outsettings);
+
+
+&process_groups;
+&process_rules;
+
+
+
+sub process_groups
+{
+       if(! -d "/var/log/firewall"){ mkdir("/var/log/firewall");}
+       if( -f "/var/log/firewall/ip-convert.log"){unlink ("/var/log/firewall/ip-convert.log");}
+       open (LOG, ">/var/log/firewall/ip-convert.log") or die $!;
+       #IP Group processing
+       foreach my $group (@ipgroups){
+               chomp $group;
+               open (DATEI, "<$ipgrouppath/$group");
+               my @zeilen = <DATEI>;
+               foreach my $ip (@zeilen){
+                       chomp($ip);
+                       $ip =~ s/\s//gi;
+                       my $val=&check_ip($ip);
+                       if($val){
+                               push(@hostarray,$val.",ip");
+                       }
+                       else{
+                               print LOG "-> IP \"$ip\" from group $group not converted (invalid IP) \n";
+                       }
+                       $val='';
+               }
+               &new_hostgrp($group,'ip');
+               @hostarray=();
+       }
+       $group='';
+       @zeilen=();
+       @hostarray=();
+       #MAC Group processing
+       foreach my $group (@macgroups){
+               chomp $group;
+               open (DATEI, "<$macgrouppath/$group");
+               my @zeilen = <DATEI>;
+               foreach my $mac (@zeilen){
+                       chomp($mac);
+                       $mac =~ s/\s//gi;
+                       #MAC checking
+                       if(&General::validmac($mac)){
+                               $val=$mac;
+                       }
+                       if($val){
+                               push(@hostarray,$val.",mac");
+                       }
+                       else{
+                               print LOG "-> Mac $mac from group $group not converted (invalid MAC)\n";
+                       }
+                       $val='';
+               }
+               &new_hostgrp($group,'mac');
+               @hostarray=();
+       }
+       close (LOG);
+}
+sub check_ip
+{
+       my $adr=shift;
+       my $a;
+       #ip with subnet in decimal
+       if($adr =~ m/^(\d\d?\d?).(\d\d?\d?).(\d\d?\d?).(\d\d?\d?)\/(\d{1,2})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               my $b = &General::iporsubtodec($5);
+               $a=$adr."/".$b;
+       }
+       if($adr =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+               $adr=int($1).".".int($2).".".int($3).".".int($4);
+               if(&General::validip($adr)){
+                       $a=$adr."/255.255.255.255";
+               }
+       }
+       if(&General::validipandmask($adr)){
+               $a=&General::iporsubtodec($adr);
+       }
+       return $a;
+}
+sub new_hostgrp
+{
+       &General::readhasharray($confighosts,\%hosts);
+       &General::readhasharray($confignets,\%nets);
+       &General::readhasharray($configgroups,\%groups);
+       my $grp=shift;
+       my $run=shift;
+       my $name; #"converted"
+       my $name2;
+       my $name3; #custom host/custom net
+       foreach my $adr (@hostarray){
+               if($run eq 'ip'){
+                       my ($ip,$type)                  = split(",",$adr);
+                       my ($ippart,$subnet)    = split("/",$ip);
+                       my ($byte1,$byte2,$byte3,$byte4) = split(/\./,$subnet);
+                       if($byte4 eq '255'){ 
+                               if(!&check_host($ip)){
+                                       my $key         = &General::findhasharraykey(\%hosts);
+                                       $name="host ";
+                                       $name2=$name.$ippart;
+                                       $name3="Custom Host";
+                                       $hosts{$key}[0] = $name2;
+                                       $hosts{$key}[1] = $type;
+                                       $hosts{$key}[2] = $ip;
+                                       $hosts{$key}[3] = 1;
+                               }else{
+                                       print LOG "Host (IP) $ip already exists\n";
+                               }
+                       }elsif($byte4 < '255'){
+                               if(!&check_net($ippart,$subnet)){
+                                       my $netkey      =  &General::findhasharraykey(\%nets);
+                                       $name="net ";
+                                       $name2=$name.$ippart;
+                                       $name3="Custom Network";
+                                       $nets{$netkey}[0] = $name2;
+                                       $nets{$netkey}[1] = $ippart;
+                                       $nets{$netkey}[2] = $subnet;
+                                       $nets{$netkey}[3] = 1;
+                               }else{
+                                       print LOG "Network $ippart already exists\n";
+                               }
+                       }
+                       if($name2){
+                               my $grpkey      = &General::findhasharraykey(\%groups);
+                               $groups{$grpkey}[0]     = $grp;
+                               $groups{$grpkey}[1]     = '';
+                               $groups{$grpkey}[2]     = $name2;
+                               $groups{$grpkey}[3]     = $name3;
+                               $groups{$grpkey}[4]     = 0;
+                       }
+               }elsif($run eq 'mac'){
+                       #MACRUN
+                       my ($mac,$type)                         = split(",",$adr);
+                       if(!&check_host($mac)){
+                               my $key         = &General::findhasharraykey(\%hosts);
+                               $name="host ";
+                               $name2=$name.$mac;
+                               $name3="Custom Host";
+                               $hosts{$key}[0] = $name2;
+                               $hosts{$key}[1] = $type;
+                               $hosts{$key}[2] = $mac;
+                               $hosts{$key}[3] = 1;
+                       }else{
+                               print LOG "Host (MAC) $mac already exists\n";
+                       }
+                       if($name2){
+                               my $grpkey      = &General::findhasharraykey(\%groups);
+                               $groups{$grpkey}[0]     = $grp;
+                               $groups{$grpkey}[1]     = '';
+                               $groups{$grpkey}[2]     = $name2;
+                               $groups{$grpkey}[3]     = $name3;
+                               $groups{$grpkey}[4]     = 0;
+                       }
+               }
+       }
+       &General::writehasharray($confighosts,\%hosts);
+       &General::writehasharray($configgroups,\%groups);
+       &General::writehasharray($confignets,\%nets);
+}
+sub check_host
+{
+       my $ip=shift;
+       foreach my $key (sort keys %hosts)
+       {
+               if($hosts{$key}[2] eq $ip)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub check_net
+{
+       my $ip=shift;
+       my $sub=shift;
+       foreach my $key (sort keys %nets)
+       {
+               if($nets{$key}[1] eq $ip && $nets{$key}[2] eq $sub)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub check_grp
+{
+       my $grp=shift;
+       my $value=shift;
+       foreach my $key (sort keys %groups)
+       {
+               if($groups{$key}[0] eq $grp && $groups{$key}[2] eq $value)
+               {
+                       return 1;
+               }
+       }
+       return 0;
+}
+sub process_rules
+{
+       print "Outgoing ist im Mode $outsettings{'POLICY'}\n";
+       &General::readhash($fwdfwsettings,\%fwdsettings);
+       if($fwdsettings{'POLICY'} ne $outsettings{'POLICY'}){
+               $fwdsettings{'POLICY'}=$outsettings{'POLICY'};
+               &General::writehash($fwdfwsettings,\%fwdsettings);
+       }
+       #open LOG
+       if( -f "/var/log/firewall/rule-convert.log"){unlink ("/var/log/firewall/rule-convert.log");}
+       open (LOG, ">/var/log/firewall/rule-convert.log") or die $!;
+
+       my ($type,$action,$active,$grp1,$source,$grp2,$useport,$port,$prot,$grp3,$target,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to);
+       if ($outsettings{'POLICY'} eq 'MODE1'){
+               $type='ALLOW';
+               $action='ACCEPT';
+       }elsif($outsettings{'POLICY'} eq 'MODE2'){
+               $type='DENY';
+               $action='DROP';
+       }else{
+               return;
+       }
+       open (DATEI, "<$outgoingrules");
+       my @lines = <DATEI>;
+       foreach my $rule (@lines)
+       {
+               chomp($rule);
+               print LOG "processing: $rule\n";
+               print "$rule\n";
+               my @configline = split( /\;/, $rule );
+               my @prot=();
+               if($configline[0] eq $type){
+                       #some variables we can use from old config
+                       if($configline[1] eq 'on'){ $active='ON';}else{$active='';}
+                       if($configline[3] eq 'all'){ 
+                               push(@prot,"tcp");
+                               push(@prot,"udp");
+                               $useport='ON';
+                               $grp3='TGT_PORT';
+                               
+                       }else{
+                               push(@prot,$configline[3]);
+                               $useport='ON';
+                               $grp3='TGT_PORT';
+                       }
+                       if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';}
+                       if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';}
+                       
+                       if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
+                               if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
+                                       $time='';
+                               }else{
+                                       $time='ON';                                     
+                               }
+                       }else{
+                               $time='ON';     
+                       } 
+                       $time_mon=$configline[10];
+                       $time_tue=$configline[11];
+                       $time_wed=$configline[12];
+                       $time_thu=$configline[13];
+                       $time_fri=$configline[14];
+                       $time_sat=$configline[15];
+                       $time_sun=$configline[16];
+                       $time_from=$configline[17];
+                       $time_to=$configline[18];
+                       ############################################################
+                       #sourcepart                     
+                       if ($configline[2] eq 'green') {
+                               $grp1='std_net_src';
+                               $source='GREEN';
+                       }elsif ($configline[2] eq 'orange') {
+                               $grp1='std_net_src';
+                               $source='ORANGE';
+                       }elsif ($configline[2] eq 'red') {
+                               print LOG "-> Rule not converted, is an outgoing rule.Please put it manually in /etc/sysconfig/firewall.local \n";
+                               next;
+                       }elsif ($configline[2] eq 'blue') {
+                               $grp1='std_net_src';
+                               $source='BLUE';
+                       }elsif ($configline[2] eq 'ipsec') {
+                               print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n";
+                               next;
+                       }elsif ($configline[2] eq 'ovpn') {
+                               &build_ovpn_grp;                                
+                       }elsif ($configline[2] eq 'ip') {
+                               my $z=&check_ip($configline[5]);
+                               if($z){
+                                       $grp1='src_addr';
+                                       $source=$z;
+                               }else{
+                                       print LOG "-> Rule not converted, missing/invalid source ip \"$configline[5]\"\n";
+                                       next;
+                               }
+                       }elsif ($configline[2] eq 'mac') {
+                               if(&General::validmac($configline[6])){
+                                       $grp1='src_addr';
+                                       $source=$configline[6];
+                               }else{
+                                       print LOG"-> Rule not converted, invalid MAC \"$configline[6]\" \n";
+                                       next;
+                               }
+                       }elsif ($configline[2] eq 'all') {
+                               $grp1='std_net_src';
+                               $source='ALL';
+                       }else{
+                               #&General::readhasharray($configgroups,\%groups);
+                               foreach my $key (sort keys %groups){
+                                       if($groups{$key}[0] eq $configline[2]){
+                                               $grp1='cust_grp_src';
+                                               $source=$configline[2];
+                                       }
+                               }
+                               if ($grp1 eq '' || $source eq ''){
+                                       print LOG "-> Rule not converted, no valid source recognised\n";
+                               }
+                       }
+                       ############################################################
+                       #destinationpart
+                       if($configline[7] ne ''){
+                               my $address=&check_ip($configline[7]);
+                                if($address){
+                                        $grp2='tgt_addr';
+                                        $target=$address;
+                                }elsif(!$address){
+                                       my $getwebsiteip=&get_ip_from_domain($configline[7]);
+                                       if ($getwebsiteip){
+                                               $grp2='tgt_addr';
+                                               $target=$getwebsiteip;  
+                                       }else{
+                                               print LOG "-> Rule not converted, invalid domain \"$configline[7]\"\n";
+                                               next;
+                                       }
+                                }
+                       }else{
+                               $grp2='std_net_tgt';
+                               $target='ALL';
+                       }
+                       if($configline[8] ne ''){
+                               if (!($configline[8] =~ /^(\d+)\:(\d+)$/)) {
+                                       if(&General::validport($configline[8])){
+                                               $useport='ON';  
+                                               $port=$configline[8];
+                                               $grp3='TGT_PORT';
+                                       }else{
+                                               print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+                                               next;
+                                       }
+                                }else{
+                                        my ($a1,$a2) = split(/\:/,$configline[8]);
+                                        if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
+                                               $useport='ON';  
+                                               $port=$configline[8];
+                                               $grp3='TGT_PORT';
+                                        }else{
+                                               print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n"; 
+                                               next;
+                                        } 
+                                }
+                       }
+               }else{
+                       print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";
+               }
+               &General::readhasharray($fwdfwconfig,\%fwconfig);
+               my $check;
+               foreach my $protocol (@prot){
+                       $protocol=uc($protocol);
+                       print"0:$action 1:FORWARDFW 2:$active 3:$grp1 4:$source 5:$grp2 6:$target 7:src_srv(leer) 8:srcprot(leer) 9:icmp(leer) 10:srcport(leer) 11:$useport 12:$protocol 13:icmp(leer) 14:$grp3 15:$port 16:$remark 17:$log 18:$time 19:$time_mon 20:$time_tue 21:$time_wed 22:$time_thu 23:$time_fri 24:$time_sat 25:$time_sun 26:$time_from 27:$time_to\n\n";
+                       print LOG "-> Converted: $action,FORWARDFW,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to\n";
+                       #Put rules into system....
+                       ###########################
+                       
+                       #check for double rules
+                       foreach my $key (sort keys %fwconfig){
+                               if("$action,FORWARDFW,$active,$grp1,$source,$grp2,$target,,,,,$useport,$protocol,,$grp3,$port,$remark,$log,$time,$time_mon,$time_tue,$time_wed,$time_thu,$time_fri,$time_sat,$time_sun,$time_from,$time_to" 
+                                       eq "$fwconfig{$key}[0],$fwconfig{$key}[1],$fwconfig{$key}[2],$fwconfig{$key}[3],$fwconfig{$key}[4],$fwconfig{$key}[5],$fwconfig{$key}[6],,,,,$fwconfig{$key}[11],$fwconfig{$key}[12],,$fwconfig{$key}[14],$fwconfig{$key}[15],$fwconfig{$key}[16],$fwconfig{$key}[17],$fwconfig{$key}[18],$fwconfig{$key}[19],$fwconfig{$key}[20],$fwconfig{$key}[21],$fwconfig{$key}[22],$fwconfig{$key}[23],$fwconfig{$key}[24],$fwconfig{$key}[25],$fwconfig{$key}[26],$fwconfig{$key}[27]"){
+                                               $check='on';
+                                               next;
+                               }
+                       }
+                       if($check ne 'on'){
+                               #increase groupcounter
+                               my $check1;
+                               if($grp1 eq 'cust_grp_src'){
+                                       foreach my $key (sort keys %groups){
+                                               if($groups{$key}[0] eq $source){
+                                                       $groups{$key}[4]++;
+                                                       $check1='on'; 
+                                               }
+                                       }
+                                       if($check1 eq 'on'){
+                                               print" schreibe in gruppe\n";
+                                               &General::writehasharray($configgroups,\%groups);
+                                       }
+                               }
+                               print"SCHREIBE REGEL!\n";
+                               my $key = &General::findhasharraykey(\%fwconfig);
+                               $fwconfig{$key}[0]      = $action;
+                               $fwconfig{$key}[1]      = "FORWARDFW";
+                               $fwconfig{$key}[2]      = $active;
+                               $fwconfig{$key}[3]      = $grp1;
+                               $fwconfig{$key}[4]      = $source;
+                               $fwconfig{$key}[5]      = $grp2;
+                               $fwconfig{$key}[6]      = $target;
+                               $fwconfig{$key}[11] = $useport;
+                               $fwconfig{$key}[12] = $protocol;
+                               $fwconfig{$key}[14] = $grp3;
+                               $fwconfig{$key}[15] = $port;
+                               $fwconfig{$key}[16] = $remark;
+                               $fwconfig{$key}[17] = $log;
+                               $fwconfig{$key}[18] = $time;
+                               $fwconfig{$key}[19] = $time_mon;
+                               $fwconfig{$key}[20] = $time_tue;
+                               $fwconfig{$key}[21] = $time_wed;
+                               $fwconfig{$key}[22] = $time_thu;
+                               $fwconfig{$key}[23] = $time_fri;
+                               $fwconfig{$key}[24] = $time_sat;
+                               $fwconfig{$key}[25] = $time_sun;
+                               $fwconfig{$key}[26] = $time_from;
+                               $fwconfig{$key}[27] = $time_to;
+                       }
+               }
+               &General::writehasharray($fwdfwconfig,\%fwconfig);
+               system("/usr/local/bin/forwardfwctrl");
+               @prot=();
+       }
+       close(LOG);
+       @lines=();
+}
+sub get_ip_from_domain
+{
+       $web=shift;
+       my $resolvedip;
+       my $checked;
+       my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($web);
+       if(@addrs){
+               $resolvedip=inet_ntoa($addrs[0]);
+               return $resolvedip;
+       }
+       return;
+}
+sub build_ovpn_grp
+{
+       &General::readhasharray($confighosts,\%hosts);
+       &General::readhasharray($confignets,\%nets);
+       &General::readhasharray($configgroups,\%groups);
+       &General::readhasharray($ovpnconfig,\%configovpn);
+       &General::readhasharray($ccdconfig,\%ccdconf);
+       &General::readhash($ovpnsettings,\%settingsovpn);
+       #get ovpn nets
+       my @ovpnnets=();
+       if($settingsovpn{'DOVPN_SUBNET'}){
+               my ($net,$subnet)=split("/",$settingsovpn{'DOVPN_SUBNET'});
+               push (@ovpnnets,"$net,$subnet,dynamic");
+       }
+       foreach my $key (sort keys %ccdconf){
+               my ($net,$subnet)=split("/",$ccdconf{$key}[1]);
+               $subnet=&General::iporsubtodec($subnet);
+               push (@ovpnnets,"$net,$subnet,$ccdconf{$key}[0]");
+       }
+       foreach my $key (sort keys %configovpn){
+               if ($configovpn{$key}[3] eq 'net'){
+                       my ($net,$subnet)=split("/",$configovpn{$key}[27]);
+                       push (@ovpnnets,"$net,$subnet,$configovpn{$key}[2]");
+               }
+       }
+       #add ovpn nets to customnetworks/groups
+       foreach my $line (@ovpnnets){
+               my ($net,$subnet,$name) = split(",",$line);
+               if (!&check_net($net,$subnet)){
+                       my $netkey      =  &General::findhasharraykey(\%nets);
+                       $name2=$name."(ovpn)".$net;
+                       $name3="Custom Network";
+                       $nets{$netkey}[0] = $name2;
+                       $nets{$netkey}[1] = $net;
+                       $nets{$netkey}[2] = $subnet;
+                       $nets{$netkey}[3] = 1;
+               }else{
+                       print LOG "-> Custom Network with same IP already exist \"$net/$subnet\" (you can ignore this, if this run was manual from shell)\n"; 
+               }
+               if($name2){
+                       my $grpkey      = &General::findhasharraykey(\%groups);
+                       $groups{$grpkey}[0]     = "ovpn";
+                       $groups{$grpkey}[1]     = '';
+                       $groups{$grpkey}[2]     = $name2;
+                       $groups{$grpkey}[3]     = "Custom Network";
+                       $groups{$grpkey}[4]     = 0;
+               }
+               $name2='';
+       }
+       @ovpnnets=();
+       &General::writehasharray($confighosts,\%hosts);
+       &General::writehasharray($configgroups,\%groups);
+       &General::writehasharray($confignets,\%nets);
+}
diff --git a/config/forwardfw/convert-xtaccess b/config/forwardfw/convert-xtaccess
new file mode 100644 (file)
index 0000000..3db7da6
--- /dev/null
@@ -0,0 +1,111 @@
+#!/usr/bin/perl
+my @current=();
+my @alias=();
+my %configinputfw=();
+require '/var/ipfire/general-functions.pl';
+my $xtaccessconfig     = "${General::swroot}/xtaccess/config";
+my $inputfwconfig = "${General::swroot}/forward/input";
+my $aliasconfig        = "${General::swroot}/ethernet/aliases";
+my $field0='ACCEPT';
+my $field1='INPUTFW';
+my $field2=''; #ON or emtpy
+my $field3=''; #std_net_src or src_addr
+my $field4=''; #ALL or IP-Address with /32
+my $field5='ipfire';
+my $field6=''; #Default IP or alias name
+my $field11='ON'; #use target port 
+my $field12=''; #TCP or UDP
+my $field13='All ICMP-Types';
+my $field14='TGT_PORT';
+my $field15=''; #Port Number
+my $field16=''; #remark
+my $field26='00:00';
+my $field27='00:00';
+open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
+my @current = <FILE>;
+close(FILE);
+open(FILE1, $aliasconfig) or die 'Unable to open config file.';
+my @alias = <FILE1>;
+close(FILE1);
+&General::readhasharray($inputfwconfig,\%configinputfw);
+
+foreach my $line (@current){
+       my ($a,$b,$c,$d,$e,$f) = split (",",$line);
+       $e =~ s/\R//g;
+       if ($f gt ''){
+               $f =~ s/\R//g;
+               $field16=$f;
+       }
+       #active or not
+       $field2=uc($d);
+       #get protocol
+       if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
+       #check source address
+       if ($b eq '0.0.0.0/0'){
+               $field3='std_net_src';
+               $field4='ALL';
+       }elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
+               $field3='src_addr';
+               $field4=$b."/32";
+       }elsif ($b =~ /^(.*?)\/(.*?)$/) {
+               $field3='src_addr';
+               $field4=$b;
+       }else{
+               print "Regel konnte nicht konvertiert werden!\n";
+       }
+       #check ipfire address
+       if ($e eq '0.0.0.0'){ 
+               $field6 = 'Default IP';
+       }else{
+               foreach my $line (@alias){
+                       my ($ip,$state,$aliasname) = split (",",$line);
+                       if ($ip eq $e){
+                               $aliasname =~ s/\R//g; 
+                               $field6 = $aliasname;
+                       }
+               }
+       }
+       #get target port
+       $c=~ s/\R//g;
+       $c=~ tr/-/:/;
+       if ($c =~ /^(\D)\:(\d+)$/) {
+               $c = "1:$2";
+       }
+       if ($c =~ /^(\d+)\:(\D)$/) {
+               $c = "$1:65535";
+       }
+       $field15=$c;
+       #Ausgabe
+       #print  "0:$field0 1:$field1 2:$field2  3:$field3  4:$field4  5:$field5  6:$field6  11:$field11   12:$field12 13:$field13 14:$field14 15:$field15 16:$field16 26:$field26 27:$field27\n";
+       my $key = &General::findhasharraykey (\%configinputfw);
+       foreach my $i (0 .. 27) { $configinputfw{$key}[$i] = "";}
+       $configinputfw{$key}[0] = $field0;
+       $configinputfw{$key}[1] = $field1;
+       $configinputfw{$key}[2] = $field2;
+       $configinputfw{$key}[3] = $field3;
+       $configinputfw{$key}[4] = $field4;
+       $configinputfw{$key}[5] = $field5;
+       $configinputfw{$key}[6] = $field6;
+       $configinputfw{$key}[7] = '';
+       $configinputfw{$key}[8] = '';
+       $configinputfw{$key}[9] = '';
+       $configinputfw{$key}[10] = '';
+       $configinputfw{$key}[11] = $field11;
+       $configinputfw{$key}[12] = $field12;
+       $configinputfw{$key}[13] = $field13;
+       $configinputfw{$key}[14] = $field14;
+       $configinputfw{$key}[15] = $field15;
+       $configinputfw{$key}[16] = $field16;
+       $configinputfw{$key}[17] = '';
+       $configinputfw{$key}[18] = '';
+       $configinputfw{$key}[19] = '';
+       $configinputfw{$key}[20] = '';
+       $configinputfw{$key}[21] = '';
+       $configinputfw{$key}[22] = '';
+       $configinputfw{$key}[23] = '';
+       $configinputfw{$key}[24] = '';
+       $configinputfw{$key}[25] = '';
+       $configinputfw{$key}[26] = $field26;
+       $configinputfw{$key}[27] = $field27;
+       &General::writehasharray($inputfwconfig,\%configinputfw);
+}
index 4755f07f077c3fc5d1af48e5086e2760c255b339..f772be335397975b8fd1e24c1547ac22bc5a3453 100644 (file)
@@ -110,6 +110,8 @@ usr/local/bin/update-lang-cache
 #usr/sbin
 usr/sbin/ovpn-ccd-convert
 usr/sbin/firewall-forward-policy
+usr/sbin/convert-xtaccess
+usr/sbin/convert-outgoingfw
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
index 8e1100b45e8caa8f5e6d2fa2f4e6aaf8865e544e..8fae77123c016675fc038f88f46941694be28dc2 100755 (executable)
@@ -192,6 +192,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
                #print"ALT: $fwdfwsettings{'oldgrp3a'} $fwdfwsettings{'oldgrp3b'}       NEU:    $fwdfwsettings{'grp3'} $fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
                #print"DIENSTE Checkalt:$fwdfwsettings{'oldusesrv'}  DIENSTE Checkneu:$fwdfwsettings{'USESRV'}    DIENST ALT:$fwdfwsettings{'oldgrp3a'},$fwdfwsettings{'oldgrp3b'}   DIENST NEU:$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}}<br>";
        }else{
+               #FORWARD PART
                $fwdfwsettings{'chain'} = 'FORWARDFW';
                if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
                        #check if we have an identical rule already
@@ -798,7 +799,7 @@ sub checkrule
                $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
        }
        #check if source and target identical
-       if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}}){
+       if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
                $errormessage.=$Lang::tr{'fwdfw err same'};
                return $errormessage;
        }
@@ -1349,7 +1350,7 @@ END
                                <input type='checkbox' name='TIME_THU' value='on' $checked{'TIME_THU'}{'on'} />
                                <input type='checkbox' name='TIME_FRI' value='on' $checked{'TIME_FRI'}{'on'} />
                                <input type='checkbox' name='TIME_SAT' value='on' $checked{'TIME_SAT'}{'on'} />
-                               <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{$Lang::tr{'fwdfw wd_sun'}} />
+                               <input type='checkbox' name='TIME_SUN' value='on' $checked{'TIME_SUN'}{'on'} />
                        </td>
                        <td><select name='TIME_FROM'>
 END
@@ -1826,7 +1827,7 @@ END
                                if($$hash{$key}[25] ne ''){push (@days,$Lang::tr{'fwdfw wd_sun'});}
                                my $weekdays=join(",",@days);
                                if (@days){
-                                       print"<tr bgcolor='#FFE4B5'><td colspan='4'>$Lang::tr{'fwdfw time'} ";
+                                       print"<tr bgcolor='#FFE4B5'><td colspan='6'>$Lang::tr{'fwdfw time'} ";
                                        print"$weekdays";
                                        print "&nbsp $Lang::tr{'fwdfw from'} $$hash{$key}[26] &nbsp $Lang::tr{'fwdfw till'} $$hash{$key}[27]</td><td colspan='8'></d></tr>";
                                }
index 829e124c52e085cd7fa6f9302d416a148a29f8d7..e0babd2359d1172e718aad5d00044a17e18a6535 100644 (file)
@@ -101,6 +101,8 @@ $(TARGET) :
        cp $(DIR_SRC)/config/cfgroot/ethernet-vlans             $(CONFIG_ROOT)/ethernet/vlans
        cp $(DIR_SRC)/langs/list                                                $(CONFIG_ROOT)/langs/
        cp $(DIR_SRC)/config/forwardfw/rules.pl                 $(CONFIG_ROOT)/forward/bin/rules.pl
+       cp $(DIR_SRC)/config/forwardfw/convert-xtaccess /usr/sbin/convert-xtaccess
+       cp $(DIR_SRC)/config/forwardfw/convert-outgoingfw       /usr/sbin/convert-outgoingfw
        cp $(DIR_SRC)/config/forwardfw/p2protocols              $(CONFIG_ROOT)/forward/p2protocols
        cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl  $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
        cp $(DIR_SRC)/config/forwardfw/firewall-forward-policy  /usr/sbin/firewall-forward-policy
@@ -120,6 +122,7 @@ $(TARGET) :
        
        # set rules.pl executable
        chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
+               
        # Modify variables in header.pl
        sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
            -e "s+VERSION+$(VERSION)+g" \