From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Marx <alexander.marx@ipfire.org>
To: development@lists.ipfire.org
Subject:
 [PATCH] BUG10984: Fix portforwardconverter for upgrades before core 77
Date: Mon, 16 Nov 2015 12:01:07 +0100
Message-ID: <1447671667-9414-1-git-send-email-alexander.marx@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2020637067162252274=="
List-Id: <development.lists.ipfire.org>

--===============2020637067162252274==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

When upgrading from a post core-77 installation, the portforwarding
rules seem to get broken. With this patch the sourceports and the
subnetmasks from the rules are converted correctly.

Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
---
 config/firewall/convert-portfw | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw
index 8660e7c..8383b5a 100755
--- a/config/firewall/convert-portfw
+++ b/config/firewall/convert-portfw
@@ -60,24 +60,24 @@ close(ALIAS);
 &write_rules;
 sub get_config
 {
+	my $baseipfireport;
+	my $basesource;
 	print LOG "STEP 1:   Get config from old portforward\n#####################=
####################\n";
 	foreach my $line (@current){
-		if($jump eq '1'){
-			$jump=3D'';
-			$count++;
-			next;
-		}
 		my $u=3D$count+1;
 		($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$=
remark) =3D split(",",$line);
 		($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$=
source1,$remark1) =3D split(",",$current[$u]);
-		if ($flag1 eq '1'){
-			$source=3D$source1;
-			$jump=3D'1';
+		if ($key =3D=3D $key1 && $flag =3D=3D '0'){
+			$baseipfireport =3D $ipfireport;
+		}
+		if ($key =3D=3D $key1 && $flag1 =3D=3D '1'){
+			$count++;
+			next;
 		}
 		my $now=3Dlocaltime;
 		chomp($remark);
-		print LOG "$now   processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT:=
 $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $ali=
as SOURCE: $source REM: $remark Doublerule: $jump\n";
-		push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$activ=
e.",".$alias.",".$source.",".$remark);
+		print LOG "$now   processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT:=
 $baseipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: =
$alias SOURCE: $source REM: $remark Doublerule: $jump\n";
+		push (@values,$prot.",".$baseipfireport.",".$target.",".$targetport.",".$a=
ctive.",".$alias.",".$source.",".$remark);
 		$count++;
 	}
 }
@@ -101,10 +101,15 @@ sub build_rules
 		}else{
 			$src  =3D 'src_addr';
 			my ($a,$b) =3D split("/",$source);
-			$src1 =3D $a."/32";
+			if ($b !=3D ''){
+				$b =3D &General::iporsubtocidr($b);
+			}else{
+				$b =3D "32";
+			}
+			$src1 =3D $a."/".$b;
 		}
 		#get ipfire ip
-		if($alias eq '0.0.0.0'){
+		if($alias eq '0.0.0.0' || $alias eq '0'){
 			$alias=3D'Default IP';
 		}else{
 			foreach my $ali (@alias){
--=20
1.9.1


--===============2020637067162252274==--