Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard...
authorAlexander Marx <amarx@ipfire.org>
Wed, 13 Nov 2013 09:44:42 +0000 (10:44 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 14 Nov 2013 10:44:11 +0000 (11:44 +0100)
config/cfgroot/general-functions.pl
config/firewall/convert-portfw

index 778a39b1ceec918398ca413e40f02d972ce544b7..9d9ee5d900cd9f6833caa87c501405f6b53f7427 100644 (file)
@@ -100,9 +100,9 @@ sub setup_default_networks
                        my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
                        $sub=&General::iporsubtocidr($sub);
                        my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
-                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
-                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
-                       $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NET'} = &getnextip($ip);
+                       $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'ADR'} = $tempipsecsubnet[0];
+                       $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NAME'} = "IPsec RW";
+                       $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
                }
        }
 }
index f6ddd25a5322a85ec542c6de576e80a51d3b6fc8..447ef90a760784689fb142ed8835f1957f01450e 100755 (executable)
@@ -107,9 +107,9 @@ sub build_rules
                $active = uc $active;
                $prot   = uc $prot;
                chomp($remark);
-               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
+               push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
                my $now=localtime;
-               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
+               print LOG "$now    Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,*,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
        }
 }
 sub write_rules
@@ -120,15 +120,22 @@ sub write_rules
        &General::readhasharray($confignat,\%nat);
        foreach my $line (@built_rules){
                $skip='';
-               my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
+               my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$dummy,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
                foreach my $key (sort keys %nat){
-                       if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
+                       if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
                                my $now=localtime;
-                               print LOG "$now         SKIP->  Rule  $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
+                               print LOG "$now         SKIP->  Rule  $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
                                $skip='1';
                        }
                }
                if ($skip ne '1'){
+                       if ( $prot eq 'GRE'){
+                               $tgt_port='';
+                               $tgt_port1='';
+                               $use_port='';
+                               $ipfireport='';
+                               $use_prot='';
+                       }
                        $id = &General::findhasharraykey(\%nat);
                        $nat{$id}[0]  = $action;
                        $nat{$id}[1]  = $chain;
@@ -137,9 +144,9 @@ sub write_rules
                        $nat{$id}[4]  = $src1;
                        $nat{$id}[5]  = $tgt;
                        $nat{$id}[6]  = $tgt1;
-                       $nat{$id}[11] = $use_prot;
-                       $nat{$id}[12] = $prot;
-                       $nat{$id}[13] = $dummy;
+                       $nat{$id}[7]  = $dummy;
+                       $nat{$id}[8]  = $prot;
+                       $nat{$id}[11] = $use_port;
                        $nat{$id}[14] = $tgt_port;
                        $nat{$id}[15] = $tgt_port1;
                        $nat{$id}[16] = $remark;