webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 19:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: Minor changes...

Browse Source 
1) improved convert-outgoingfw. source was wrong when tun+ interface
2) target had always a ":" in ruletable
3) convert-outgoingfw bugfix: ports where not cleared for next rule
This commit is contained in:
Alexander Marx
2013-01-19 20:51:12 +01:00
committed by Michael Tremer
parent 93a5f4a582
commit 99e698d033
4 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/backup/backup.pl
View File

@@ -64,14 +64,12 @@ elsif ($ARGV[0] eq 'restore') {
system("cd / && tar -xvz -p -f /tmp/restore.ipf"); system("cd / && tar -xvz -p -f /tmp/restore.ipf");
#Here some converter scripts to correct old Backups (before core 65) #Here some converter scripts to correct old Backups (before core 65)
system("/usr/sbin/ovpn-ccd-convert"); system("/usr/sbin/ovpn-ccd-convert");
system("/usr/sbin/convert-xtaccess");
system("/usr/sbin/convert-outgoingfw");
#clean up system, if an old backup was restored
if( -d "/var/ipfire/outgoing"){ if( -d "/var/ipfire/outgoing"){
system("/usr/sbin/convert-outgoingfw");
rmtree("/var/ipfire/outgoing"); rmtree("/var/ipfire/outgoing");
} }
if( -d "/var/ipfire/xtaccess"){ if( -d "/var/ipfire/xtaccess"){
system("/usr/sbin/convert-xtaccess");
rmtree("/var/ipfire/xtaccess"); rmtree("/var/ipfire/xtaccess");
} }
} }

14
config/forwardfw/convert-outgoingfw
View File

@@ -182,10 +182,12 @@ sub new_hostgrp
$groups{$grpkey}[4] = 0; $groups{$grpkey}[4] = 0;
} }
} }
@hostarray=();
} }
&General::writehasharray($confighosts,\%hosts); &General::writehasharray($confighosts,\%hosts);
&General::writehasharray($configgroups,\%groups); &General::writehasharray($configgroups,\%groups);
&General::writehasharray($confignets,\%nets); &General::writehasharray($confignets,\%nets);
} }
sub check_host sub check_host
{ {
@@ -251,8 +253,10 @@ sub process_rules
foreach my $rule (@lines) foreach my $rule (@lines)
{ {
chomp($rule); chomp($rule);
$port='';
print LOG "processing: $rule\n"; print LOG "processing: $rule\n";
my @configline = split( /\;/, $rule ); my @configline=();
@configline = split( /\;/, $rule );
my @prot=(); my @prot=();
if($configline[0] eq $type){ if($configline[0] eq $type){
#some variables we can use from old config #some variables we can use from old config
@@ -262,7 +266,6 @@ sub process_rules
push(@prot,"udp"); push(@prot,"udp");
$useport='ON'; $useport='ON';
$grp3='TGT_PORT'; $grp3='TGT_PORT';
}else{ }else{
push(@prot,$configline[3]); push(@prot,$configline[3]);
$useport='ON'; $useport='ON';
@@ -270,7 +273,6 @@ sub process_rules
} }
if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';} if($configline[4] ne ''){ $remark=$configline[4];}else{$remark='';}
if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';} if($configline[9] eq 'aktiv'){ $log='ON';}else{$log='';}
if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){ if($configline[10] eq 'on' && $configline[11] eq 'on' && $configline[12] eq 'on' && $configline[13] eq 'on' && $configline[14] eq 'on' && $configline[15] eq 'on' && $configline[16] eq 'on'){
if($configline[17] eq '00:00' && $configline[18] eq '00:00'){ if($configline[17] eq '00:00' && $configline[18] eq '00:00'){
$time=''; $time='';
@@ -307,7 +309,9 @@ sub process_rules
print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n"; print LOG "-> Rule not converted, ipsec+ interface is obsolet since IPFire 2.7 \n";
next; next;
}elsif ($configline[2] eq 'ovpn') { }elsif ($configline[2] eq 'ovpn') {
&build_ovpn_grp; &build_ovpn_grp;
$grp1='cust_grp_src';
$source='ovpn'
}elsif ($configline[2] eq 'ip') { }elsif ($configline[2] eq 'ip') {
my $z=&check_ip($configline[5]); my $z=&check_ip($configline[5]);
if($z){ if($z){
@@ -385,9 +389,11 @@ sub process_rules
next; next;
} }
} }
} }
$port=join("|",@values); $port=join("|",@values);
@values=(); @values=();
@parts=();
} }
}else{ }else{
print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n"; print LOG "-> Rule not converted because not for Firewall mode $outsettings{'POLICY'} (we are only converting for actual mode)\n";

6
html/cgi-bin/forwardfw.cgi
View File

@@ -1654,7 +1654,6 @@ sub gettgtport
my $key=shift; my $key=shift;
my $service; my $service;
my $prot; my $prot;
if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){ if($hash{$key}[11] eq 'ON' && $hash{$key}[12] ne 'ICMP'){
if($hash{$key}[14] eq 'cust_srv'){ if($hash{$key}[14] eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice); &General::readhasharray("$configsrv", \%customservice);
@@ -1669,8 +1668,9 @@ sub gettgtport
$hash{$key}[15]=~ s/\|/,/g; $hash{$key}[15]=~ s/\|/,/g;
$service=$hash{$key}[15]; $service=$hash{$key}[15];
} }
if($service){
print": $service"; print": $service";
}
}elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){ }elsif($hash{$key}[11] eq 'ON' && $hash{$key}[12] eq 'ICMP'){
print":<br>$hash{$key}[13]"; print":<br>$hash{$key}[13]";
} }

3
lfs/configroot
View File

@@ -123,6 +123,9 @@ $(TARGET) :
# set rules.pl executable # set rules.pl executable
chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
# set converters executable
chmod 755 /usr/sbin/convert-*
# Modify variables in header.pl # Modify variables in header.pl
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
-e "s+VERSION+$(VERSION)+g" \ -e "s+VERSION+$(VERSION)+g" \