I've recently migrated my firewall from a custom implementation based
upon pebble--a small linux distro--to mOnowall. So far I have been very
pleased with the ease of administration and added functionality like
"Traffic Shaping".
The only real challenge in the migration was "populating" the
respective host tables for "DNS forwarder" and for "DHCP". As I have
roughly 50 hosts on the LAN, entering 100 separate records by hand was
at best inelegant, and at worst error-prone. My solution was to write a
small perl script (sorry, I don't know PHP) that would merge a
previously generated "config.xml" file with a flat file database
containing records for each host in the following format:
# NET IP HOST
DOMAIN NOTE MAC
# [DMZ|LAN|OTHER] ip-address host-name host-domain
comments mac-address
DMZ 10.10.9.1 shire-DMZ
whatever.com router 01:23:45:67:89:aa
DMZ 10.10.9.5 saruman
whatever.com server-1-DMZ 01:23:45:67:89:ab
LAN 10.10.10.1 shire
whatever.com router 01:23:45:67:89:ac
LAN 10.10.10.4 aragorn
whatever.com Bob 01:23:45:67:89:ad
The result is a new file "config_out.xml" that includes the xml records
for each host in the "DNS forwarder" and "DHCP" tables. This new
"config_out.xml" file can now be "Restored" to mOnOwall.
Note: This script makes no other changes to the original "config.xml"
file.
The usual caveats apply. This is a very basic script. It includes
minimal error checking. Back up everything before using it. Don't blame
me if it doesn't work.
C. Bryan Daniels
<Instructions>
<Save script as "make_config_out.pl">
<Install perl "module XML::Simple">
<chmod +x make_config_out.pl>
<Script Follows>
------------------------------------------------------------------------
------------------------------------------------------------------------
-------ù
#! /usr/bin/perl
# C. Bryan Daniels
# quendor at nandor dot net
# 8/28/04
# make_config_out.pl
#
# This merges 'config.xml', a backup configuration produced by mOnO and
a
# host_map for a particular network
#
# Usage: make_cofig_out.pl config.xml host_map
# The resulting file is config_out.xml, which can be restored to
mOnOwall
#
# host_map is assumed to have the following format:
#
# NET IP HOST DOMAIN NOTE
MAC
# [DMZ|LAN|OTHER] ip-address host-name host-domain
comments mac-address
#
use XML::Simple;
die "Usage: make_cofig_out.pl config.xml host_map\n" if ($#ARGV != 1);
die "Usage: make_cofig_out.pl config.xml host_map
config.xml *must* end in .xml\n" if not $ARGV[0] =~ /\.xml$/;
$config_in = $ARGV[0];
$ARGV[0] =~ s/\.xml$/_out.xml/;
$config_out = $ARGV[0];
open("OUT", ">$config_out");
while (<>) {
chomp;
($net, $ip, $host, $domain, $note, $mac) = split(/\s+/);
next if ($net =~ /\#/);
next if ($net =~ /^$/);
if ($mac =~ /^\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}$/) {
if ($net eq 'LAN') {
push(@lan_dhcp,
{'descr' =>[$note], 'mac' =>[$mac], 'ipaddr' => [$ip] })};
if ($net eq 'DMZ') {
push(@dmz_dhcp,
{'descr' =>[$note], 'mac' =>[$mac], 'ipaddr' => [$ip] })};
};
if ($ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
push(@dns_masq,
{'host' =>[$host], 'ip' =>[$ip], 'descr' => [$note] ,
'domain' => [$domain]});
};
}
$ref = XMLin("$config_in", ForceArray => 1);
$ref->{'dhcpd'}[0]{lan}[0]{staticmap} = [@lan_dhcp];
$ref->{'dhcpd'}[0]{opt1}[0]{staticmap} = [@dmz_dhcp];
$ref->{'dnsmasq'}[0]{hosts} = [@dns_masq];
print OUT XMLout($ref, XMLDecl => '<?xml version="1.0"?>', RootName =>
'm0n0wall');
------------------------------------------------------------------------
------------------------------------------------------------------------
------- | 