###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
+
my @squidversion = `/usr/sbin/squid -v`;
my $http_port='81';
my $https_port='444';
if ($proxysettings{'VALID'} eq 'yes')
{
+ # Determine if suricata may needs to be restarted.
+ my $suricata_proxy_ports_changed;
+
+ # Check if the IDS is running
+ if(&IDS::ids_is_running()) {
+ my %oldproxysettings;
+
+ # Read-in current proxy settings and store them as oldsettings hash.
+ &General::readhash("${General::swroot}/proxy/advanced/settings", \%oldproxysettings);
+
+ # Check if the proxy port has been changed.
+ unless ($proxysettings{'PROXY_PORT'} eq $oldproxysettings{'PROXY_PORT'}) {
+ # Port has changed, suricata needs to be adjusted.
+ $suricata_proxy_ports_changed = 1;
+ }
+
+ # Check if the transparent port has been changed.
+ unless ($proxysettings{'TRANSPARENT_PORT'} eq $oldproxysettings{'TRANSPARENT_PORT'}) {
+ # Transparent port has changed, suricata needs to be adjusted.
+ $suricata_proxy_ports_changed = 1;
+ }
+ }
+
&write_acls;
delete $proxysettings{'SRC_SUBNETS'};
if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); }
+
+ # Check if the suricata_proxy_ports_changed flag has been set.
+ if ($suricata_proxy_ports_changed) {
+ # Re-generate HTTP ports file.
+ &IDS::generate_http_ports_file();
+
+ # Restart suricata.
+ &IDS::call_suricatactrl("restart");
+ }
}
}
sub writepacfile
{
+ my %vpnconfig=();
+ my %ovpnconfig=();
+ &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac");
flock(FILE, 2);
print FILE "function FindProxyForURL(url, host)\n";
}
}
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
+ if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
+ my @networks = split(/\|/, $vpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
+ print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
+ foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
+ my @networks = split(/\|/, $ovpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
} else {
&deluser($str_user);
- my $htpasswd = new Apache::Htpasswd("$userdb");
+ my %htpasswd_options = (
+ passwdFile => "$userdb",
+ UseMD5 => 1,
+ );
+
+ my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
+
$htpasswd->htpasswd($str_user, $str_pass);
}