webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
bpfire/config/firewall/convert-xtaccess
Stefan Schantl 37c84696a2 Make firewall convert scripts more robust. 
The converter scripts procude a lot of error, when they get executed on a system with
a previously installed version of the New Firewall or they get run twice.

In this case the scripts will detect that their input files are missing and will exit with
an error message. The scripts now also check if the input files are empty (no corresponding
rules created) and will exit with an nothing to do message.
2014-01-18 18:28:07 +01:00

153 lines
5.4 KiB
Perl
Executable File
Raw Permalink Blame History

#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
#This script converts old xtaccess rules to new firewall #
#Logfiles are created under /var/log/converters #
# #
###############################################################################
my @current=();
my @alias=();
my %configinputfw=();
require '/var/ipfire/general-functions.pl';
my $xtaccessconfig = "${General::swroot}/xtaccess/config";
my $inputfwconfig = "${General::swroot}/firewall/input";
my $aliasconfig = "${General::swroot}/ethernet/aliases";
my $field0='ACCEPT';
my $field1='INPUTFW';
my $field2=''; #ON or emtpy
my $field3=''; #std_net_src or src_addr
my $field4=''; #ALL or IP-Address with /32
my $field5='ipfire';
my $field6=''; #Default IP or alias name
my $field11='ON'; #use target port
my $field12=''; #TCP or UDP
my $field13='All ICMP-Types';
my $field14='TGT_PORT';
my $field15=''; #Port Number
my $field16=''; #remark
my $field26='00:00';
my $field27='00:00';
my $field28 = '';
my $field29 = 'ALL';
my $field30 = '';
my $field31 = 'dnat';
if (! -e "$xtaccessconfig") {
print "Config file for external access not found. Exiting!\n";
exit(1);
}
if (! -s "$xtaccessconfig") {
print "Empty external access configuration file. Nothing to do. Exiting...\n";
exit(0);
}
open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
open(FILE1, $aliasconfig) or die 'Unable to open config file.';
my @alias = <FILE1>;
close(FILE1);
&General::readhasharray($inputfwconfig,\%configinputfw);
foreach my $line (@current){
my ($a,$b,$c,$d,$e,$f) = split (",",$line);
$e =~ s/\R//g;
if ($f gt ''){
$f =~ s/\R//g;
$field16=$f;
}
#active or not
$field2=uc($d);
#get protocol
if ($a eq 'tcp'){ $field12 ='TCP';}else{$field12='UDP';}
#check source address
if ($b eq '0.0.0.0/0'){
$field3='std_net_src';
$field4='ALL';
}elsif($b =~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){
$field3='src_addr';
$field4=$b."/32";
}elsif ($b =~ /^(.*?)\/(.*?)$/) {
$field3='src_addr';
$field4=$b;
}else{
print "Regel konnte nicht konvertiert werden!\n";
}
#check ipfire address
if ($e eq '0.0.0.0'){
$field6 = 'RED1';
}else{
foreach my $line (@alias){
my ($ip,$state,$aliasname) = split (",",$line);
if ($ip eq $e){
$aliasname =~ s/\R//g;
$field6 = $aliasname;
}
}
}
#get target port
$c=~ s/\R//g;
$c=~ tr/-/:/;
if ($c =~ /^(\D)\:(\d+)$/) {
$c = "1:$2";
}
if ($c =~ /^(\d+)\:(\D)$/) {
$c = "$1:65535";
}
$field15=$c;
my $key = &General::findhasharraykey (\%configinputfw);
foreach my $i (0 .. 31) { $configinputfw{$key}[$i] = "";}
$configinputfw{$key}[0] = $field0;
$configinputfw{$key}[1] = $field1;
$configinputfw{$key}[2] = $field2;
$configinputfw{$key}[3] = $field3;
$configinputfw{$key}[4] = $field4;
$configinputfw{$key}[5] = $field5;
$configinputfw{$key}[6] = $field6;
$configinputfw{$key}[7] = '';
$configinputfw{$key}[8] = $field12;
$configinputfw{$key}[9] = '';
$configinputfw{$key}[10] = '';
$configinputfw{$key}[11] = $field11;
$configinputfw{$key}[12] = '';
$configinputfw{$key}[13] = '';
$configinputfw{$key}[14] = $field14;
$configinputfw{$key}[15] = $field15;
$configinputfw{$key}[16] = $field16;
$configinputfw{$key}[17] = '';
$configinputfw{$key}[18] = '';
$configinputfw{$key}[19] = '';
$configinputfw{$key}[20] = '';
$configinputfw{$key}[21] = '';
$configinputfw{$key}[22] = '';
$configinputfw{$key}[23] = '';
$configinputfw{$key}[24] = '';
$configinputfw{$key}[25] = '';
$configinputfw{$key}[26] = $field26;
$configinputfw{$key}[27] = $field27;
$configinputfw{$key}[28] = $field28;
$configinputfw{$key}[29] = $field29;
$configinputfw{$key}[30] = $field30;
$configinputfw{$key}[31] = $field31;
&General::writehasharray($inputfwconfig,\%configinputfw);
}
Reference in New Issue View Git Blame Copy Permalink