From 6ee9053548341eceba9e0126a8e903872384a961 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Wed, 13 Nov 2013 10:44:42 +0100 Subject: [PATCH] Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard network "IPsec RW" now has brackets around the Ip (when set) --- config/cfgroot/general-functions.pl | 6 +++--- config/firewall/convert-portfw | 23 +++++++++++++++-------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 778a39b1c..9d9ee5d90 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -100,9 +100,9 @@ sub setup_default_networks my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'}); $sub=&General::iporsubtocidr($sub); my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'}); - $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0]; - $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW"; - $defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NET'} = &getnextip($ip); + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'ADR'} = $tempipsecsubnet[0]; + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NAME'} = "IPsec RW"; + $defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip); } } } diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw index f6ddd25a5..447ef90a7 100755 --- a/config/firewall/convert-portfw +++ b/config/firewall/convert-portfw @@ -107,9 +107,9 @@ sub build_rules $active = uc $active; $prot = uc $prot; chomp($remark); - push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat"); + push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat"); my $now=localtime; - print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n"; + print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,*,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n"; } } sub write_rules @@ -120,15 +120,22 @@ sub write_rules &General::readhasharray($confignat,\%nat); foreach my $line (@built_rules){ $skip=''; - my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line); + my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$dummy,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line); foreach my $key (sort keys %nat){ - if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){ + if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){ my $now=localtime; - print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n"; + print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n"; $skip='1'; } } if ($skip ne '1'){ + if ( $prot eq 'GRE'){ + $tgt_port=''; + $tgt_port1=''; + $use_port=''; + $ipfireport=''; + $use_prot=''; + } $id = &General::findhasharraykey(\%nat); $nat{$id}[0] = $action; $nat{$id}[1] = $chain; @@ -137,9 +144,9 @@ sub write_rules $nat{$id}[4] = $src1; $nat{$id}[5] = $tgt; $nat{$id}[6] = $tgt1; - $nat{$id}[11] = $use_prot; - $nat{$id}[12] = $prot; - $nat{$id}[13] = $dummy; + $nat{$id}[7] = $dummy; + $nat{$id}[8] = $prot; + $nat{$id}[11] = $use_port; $nat{$id}[14] = $tgt_port; $nat{$id}[15] = $tgt_port1; $nat{$id}[16] = $remark; -- 2.39.2