webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 18:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard network "IPsec RW" now has brackets around the Ip (when set)

Browse Source
This commit is contained in:
Alexander Marx
2013-11-13 10:44:42 +01:00
committed by Michael Tremer
parent 1187d46e65
commit 6ee9053548
2 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/cfgroot/general-functions.pl
View File

@@ -100,9 +100,9 @@ sub setup_default_networks
my ($ip,$sub) = split(/\//,$ipsecsettings{'RW_NET'});
$sub=&General::iporsubtocidr($sub);
my @tempipsecsubnet = split("\/", $ipsecsettings{'RW_NET'});
$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'ADR'} = $tempipsecsubnet[0];
$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NAME'} = "IPsec RW";
$defaultNetworks->{'IPsec RW ' .$ip."/".$sub}{'NET'} = &getnextip($ip);
$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'ADR'} = $tempipsecsubnet[0];
$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NAME'} = "IPsec RW";
$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
}
}
}

23
config/firewall/convert-portfw
View File

@@ -107,9 +107,9 @@ sub build_rules
$active = uc $active;
$prot = uc $prot;
chomp($remark);
push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
push (@built_rules,"ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat");
my $now=localtime;
print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,ON,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
print LOG "$now Converted-> KEY: $count ACCEPT,FORWARDFW,$active,$src,$src1,tgt_addr,$target/32,*,$prot,,TGT_PORT,$targetport,$remark,00:00,00:00,ON,$alias,$ipfireport,dnat\n";
}
}
sub write_rules
@@ -120,15 +120,22 @@ sub write_rules
&General::readhasharray($confignat,\%nat);
foreach my $line (@built_rules){
$skip='';
my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$use_prot,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
my ($action,$chain,$active,$src,$src1,$tgt,$tgt1,$dummy,$prot,$dummy,$tgt_port,$tgt_port1,$remark,$from,$to,$use_port,$alias,$ipfireport,$dnat) = split (",",$line);
foreach my $key (sort keys %nat){
if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
if ($line eq "$nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31]"){
my $now=localtime;
print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[11],$nat{$key}[12],$nat{$key}[13],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
print LOG "$now SKIP-> Rule $nat{$key}[0],$nat{$key}[1],$nat{$key}[2],$nat{$key}[3],$nat{$key}[4],$nat{$key}[5],$nat{$key}[6],$nat{$key}[7],$nat{$key}[8],$nat{$key}[11],$nat{$key}[14],$nat{$key}[15],$nat{$key}[16],$nat{$key}[26],$nat{$key}[27],$nat{$key}[28],$nat{$key}[29],$nat{$key}[30],$nat{$key}[31] ->EXISTS\n";
$skip='1';
}
}
if ($skip ne '1'){
if ( $prot eq 'GRE'){
$tgt_port='';
$tgt_port1='';
$use_port='';
$ipfireport='';
$use_prot='';
}
$id = &General::findhasharraykey(\%nat);
$nat{$id}[0] = $action;
$nat{$id}[1] = $chain;
@@ -137,9 +144,9 @@ sub write_rules
$nat{$id}[4] = $src1;
$nat{$id}[5] = $tgt;
$nat{$id}[6] = $tgt1;
$nat{$id}[11] = $use_prot;
$nat{$id}[12] = $prot;
$nat{$id}[13] = $dummy;
$nat{$id}[7] = $dummy;
$nat{$id}[8] = $prot;
$nat{$id}[11] = $use_port;
$nat{$id}[14] = $tgt_port;
$nat{$id}[15] = $tgt_port1;
$nat{$id}[16] = $remark;