require '/var/ipfire/general-functions.pl';
use Socket;
-
+use File::Path;
my $ipgrouppath = "${General::swroot}/outgoing/groups/ipgroups/";
my $macgrouppath = "${General::swroot}/outgoing/groups/macgroups/";
my $outgoingrules = "${General::swroot}/outgoing/rules";
sub process_groups
{
if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
- if( -f "/var/log/converters/groups-convert.log"){unlink ("/var/log/converters/groups-convert.log");}
+ if( -f "/var/log/converters/groups-convert.log"){rmtree("var/log/converters");}
open (LOG, ">/var/log/converters/groups-convert.log") or die $!;
#IP Group processing
foreach my $group (@ipgroups){
$target='ALL';
}
if($configline[8] ne ''){
- if (!($configline[8] =~ /^(\d+)\:(\d+)$/)) {
- if(&General::validport($configline[8])){
- $useport='ON';
- $port=$configline[8];
- $grp3='TGT_PORT';
- }else{
- print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n";
- next;
- }
- }else{
- my ($a1,$a2) = split(/\:/,$configline[8]);
- if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
- $useport='ON';
- $port=$configline[8];
- $grp3='TGT_PORT';
+ my @values=();
+ my @parts=split(",",$configline[8]);
+ foreach (@parts){
+ print"PRüfe port $_\n";
+ if (!($_ =~ /^(\d+)\:(\d+)$/)) {
+ if(&General::validport($_)){
+ $useport='ON';
+ print" push single\n";
+ push (@values,$_);
+ $grp3='TGT_PORT';
+ }else{
+ print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+ next;
+ }
}else{
- print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n";
- next;
- }
+ my ($a1,$a2) = split(/\:/,$_);
+ if (&General::validport($a1) && &General::validport($a2) && $a1 < $a2){
+ $useport='ON';
+ print"push range $_\n";
+ push (@values,"$a1:$a2");
+ $grp3='TGT_PORT';
+ }else{
+ print LOG "-> Rule not converted, invalid destination Port \"$configline[8]\"\n";
+ next;
+ }
+ }
}
+ $port=join("|",@values);
+ print"fertig, habe \"$port\"\n";
+ @values=();
}
}else{
print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";
}
}
#check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} ) {
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} ) {
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'nosave2'} = 'on';
$errormessage='';
}
}
+
#increase counters
&checkcounter($fwdfwsettings{'oldgrp1a'},$fwdfwsettings{'oldgrp1b'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}});
&checkcounter($fwdfwsettings{'oldgrp2a'},$fwdfwsettings{'oldgrp2b'},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}});
$fwdfwsettings{'PROT'}='';
}
- if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'PROT'} ne 'ICMP' && $fwdfwsettings{'SRC_PORT'} ne ''){
- #change dashes with :
- $fwdfwsettings{'SRC_PORT'}=~ tr/-/:/;
-
- if ($fwdfwsettings{'SRC_PORT'} eq "*") {
- $fwdfwsettings{'SRC_PORT'} = "1:65535";
- }
- if ($fwdfwsettings{'SRC_PORT'} =~ /^(\D)\:(\d+)$/) {
- $fwdfwsettings{'SRC_PORT'} = "1:$2";
- }
- if ($fwdfwsettings{'SRC_PORT'} =~ /^(\d+)\:(\D)$/) {
- $fwdfwsettings{'SRC_PORT'} = "$1:65535";
+ if($fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP') && $fwdfwsettings{'SRC_PORT'} ne ''){
+ my @parts=split(",",$fwdfwsettings{'SRC_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
}
-
- $errormessage.=&General::validportrange($fwdfwsettings{'SRC_PORT'},'src');
+ $fwdfwsettings{'SRC_PORT'}=join("|",@values);
+ return $errormessage;
}
- return $errormessage;
}
sub checktarget
{
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
- #change dashes with :
- $fwdfwsettings{'TGT_PORT'}=~ tr/-/:/;
- if ($fwdfwsettings{'TGT_PORT'} eq "*") {
- $fwdfwsettings{'TGT_PORT'} = "1:65535";
- }
- if ($fwdfwsettings{'TGT_PORT'} =~ /^(\D)\:(\d+)$/) {
- $fwdfwsettings{'TGT_PORT'} = "1:$2";
- }
- if ($fwdfwsettings{'TGT_PORT'} =~ /^(\d+)\:(\D)$/) {
- $fwdfwsettings{'TGT_PORT'} = "$1:65535";
+ my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
+ my @values=();
+ foreach (@parts){
+ chomp($_);
+ if ($_ =~ /^(\d+)\:(\d+)$/) {
+ my $check;
+ #change dashes with :
+ $_=~ tr/-/:/;
+ if ($_ eq "*") {
+ push(@values,"1:65535");
+ $check='on';
+ }
+ if ($_ =~ /^(\D)\:(\d+)$/) {
+ push(@values,"1:$2");
+ $check='on';
+ }
+ if ($_ =~ /^(\d+)\:(\D)$/) {
+ push(@values,"$1:65535");
+ $check='on'
+ }
+ $errormessage .= &General::validportrange($_, 'destination');
+ if(!$check){
+ push (@values,$_);
+ }
+ }else{
+ if (&General::validport($_)){
+ push (@values,$_);
+ }else{
+
+ }
+ }
}
- $errormessage .= &General::validportrange($fwdfwsettings{'TGT_PORT'}, 'destination');
+ $fwdfwsettings{'TGT_PORT'}=join("|",@values);
}
}elsif ($fwdfwsettings{'TGT_PROT'} eq 'GRE'){
$fwdfwsettings{$fwdfwsettings{'grp3'}} = '';
$fwdfwsettings{$fwdfwsettings{'grp3'}}='';
$fwdfwsettings{'TGT_PROT'}='';
$fwdfwsettings{'ICMP_TGT'}='';
-
}
#check timeframe
if($fwdfwsettings{'TIME'} eq 'ON'){
print"<option>$_</option>";
}
}
+ $fwdfwsettings{'SRC_PORT'}=~ s/\|/,/g;
print<<END;
- </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='11' size='9' ></td></tr>
+ </select></td><td align='right'><input type='text' name='SRC_PORT' value='$fwdfwsettings{'SRC_PORT'}' maxlength='20' size='18' ></td></tr>
<tr><td></td><td></td><td></td><td></td><td nowrap='nowrap'>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TYPES'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
print"<option>$_</option>";
}
}
+ $fwdfwsettings{'TGT_PORT'} =~ s/\|/,/g;
print<<END;
- </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='11' size='9' ></td></tr>
+ </select></td><td align='right'><input type='text' name='TGT_PORT' value='$fwdfwsettings{'TGT_PORT'}' maxlength='20' size='18' ></td></tr>
<tr><td colspan='2'></td><td></td><td>$Lang::tr{'fwhost icmptype'}</td><td colspan='2'><select name='ICMP_TGT'>
END
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
<input type='hidden' name='oldusesrv' value='$fwdfwsettings{'oldusesrv'}' />
<input type='hidden' name='oldrulenumber' value='$fwdfwsettings{'oldrulenumber'}' />
<input type='hidden' name='rulenumber' value='$fwdfwsettings{'rulepos'}' />
+ <input type='hidden' name='oldruleremark' value='$fwdfwsettings{'oldruleremark'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
</table></form>
END
{
my %hash=%{(shift)};
my $key=shift;
- if($hash{$key}[7] eq 'ON' && $hash{$key}[8] ne 'ICMP'){
+ if($hash{$key}[7] eq 'ON' && ($hash{$key}[8] eq 'TCP' || $hash{$key}[8] eq 'UDP')){
+ $hash{$key}[10]=~ s/\|/,/g;
print" : ($hash{$key}[8]) $hash{$key}[10]";
}elsif($hash{$key}[7] eq 'ON' && $hash{$key}[8] eq 'ICMP'){
print" : ($hash{$key}[8]) <br> $hash{$key}[9]";
if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
foreach my $i (sort keys %customservice){
- #print "HHUHU: $customservice{$i}[0] und $hash{$key}[15]<br>";
if($customservice{$i}[0] eq $hash{$key}[15]){
$prot = $hash{$key}[12];
$service = $customservice{$i}[0];
$service=$hash{$key}[15];
}elsif($hash{$key}[14] eq 'TGT_PORT'){
+ $hash{$key}[15]=~ s/\|/,/g;
$service=$hash{$key}[15];
$prot=$hash{$key}[12];
}