From 99e698d03387f4ad40db1d2bd737c0d6cdc55a23 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Sat, 19 Jan 2013 20:51:12 +0100 Subject: [PATCH] Forward Firewall: Minor changes... 1) improved convert-outgoingfw. source was wrong when tun+ interface 2) target had always a ":" in ruletable 3) convert-outgoingfw bugfix: ports where not cleared for next rule --- config/backup/backup.pl | 6 ++---- config/forwardfw/convert-outgoingfw | 14 ++++++++++---- html/cgi-bin/forwardfw.cgi | 6 +++--- lfs/configroot | 3 +++ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 0d7585321..28129e46e 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -64,14 +64,12 @@ elsif ($ARGV[0] eq 'restore') { system("cd / && tar -xvz -p -f /tmp/restore.ipf"); #Here some converter scripts to correct old Backups (before core 65) system("/usr/sbin/ovpn-ccd-convert"); - system("/usr/sbin/convert-xtaccess"); - system("/usr/sbin/convert-outgoingfw"); - - #clean up system, if an old backup was restored if( -d "/var/ipfire/outgoing"){ + system("/usr/sbin/convert-outgoingfw"); rmtree("/var/ipfire/outgoing"); } if( -d "/var/ipfire/xtaccess"){ + system("/usr/sbin/convert-xtaccess"); rmtree("/var/ipfire/xtaccess"); } } diff --git a/config/forwardfw/convert-outgoingfw b/config/forwardfw/convert-outgoingfw index cef4f0c1c..e94692abe 100644 --- a/config/forwardfw/convert-outgoingfw +++ b/config/forwardfw/convert-outgoingfw @@ -182,10 +182,12 @@ sub new_hostgrp $groups{$grpkey}[4] = 0; } } + @hostarray=(); } &General::writehasharray($confighosts,\%hosts); &General::writehasharray($configgroups,\%groups); &General::writehasharray($confignets,\%nets); + } sub check_host { @@ -251,8 +253,10 @@ sub process_rules foreach my $rule (@lines) { chomp($rule); + $port=''; print LOG "processing: $rule\n"; - my @configline = split( /\;/, $rule ); + my @configline=(); + @configline = split( /\;/, $rule ); my @prot=(); if($configline[0] eq $type){ #some variables we can use from old config @@ -262,7 +266,6 @@ sub process_rules push(@prot,"udp"); $useport='ON'; $grp3='TGT_PORT'; - }else{ push(@prot,$configline[3]); $useport='ON'; @@ -270,7 +273,6 @@ sub process_rules } if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';} if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';} - if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){ if($configline[17] eq '00:00' && $configline[18] eq '00:00'){ $time=''; @@ -307,7 +309,9 @@ sub process_rules print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n"; next; }elsif ($configline[2] eq 'ovpn') { - &build_ovpn_grp; + &build_ovpn_grp; + $grp1='cust_grp_src'; + $source='ovpn' }elsif ($configline[2] eq 'ip') { my $z=&check_ip($configline[5]); if($z){ @@ -385,9 +389,11 @@ sub process_rules next; } } + } $port=join("|",@values); @values=(); + @parts=(); } }else{ print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n"; diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 9b4ca0d2a..4391f1228 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -1654,7 +1654,6 @@ sub gettgtport my $key=shift; my $service; my $prot; - if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ if($hash{$key}[14] eq 'cust_srv'){ &General::readhasharray("$configsrv", \%customservice); @@ -1669,8 +1668,9 @@ sub gettgtport $hash{$key}[15]=~ s/\|/,/g; $service=$hash{$key}[15]; } - - print": $service"; + if($service){ + print": $service"; + } }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ print":
$hash{$key}[13]"; } diff --git a/lfs/configroot b/lfs/configroot index e0babd235..4c039977b 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -123,6 +123,9 @@ $(TARGET) : # set rules.pl executable chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl + # set converters executable + chmod 755 /usr/sbin/convert-* + # Modify variables in header.pl sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ -e "s+VERSION+$(VERSION)+g" \ -- 2.39.2