]> git.ipfire.org Git - people/mfischer/ipfire-2.x.git/commitdiff
projects / people / mfischer / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f140007)
firewall: Drop support for blocking P2P protocols.
authorStefan Schantl <stefan.schantl@ipfire.org>
Mon, 14 Feb 2022 19:03:04 +0000 (20:03 +0100)
committerPeter Müller <peter.mueller@ipfire.org>
Tue, 15 Feb 2022 18:12:59 +0000 (18:12 +0000)
The main P2P (peer-to-peer) aera has passed for several year now, so
this kind of feature is realy out-dated.

The feature only supports a handfull of P2P protocols (mostly unencrypted)
for applications, which have been superseeded by various other
applications and protocols.

So, this fairly is not longer required and safely can be dropped.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
config/firewall/rules.pl patch | blob | blame | history

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index c0878059a5040c217d4a344e349f979a683afda6..25d01e0e38da2ca4889ca229936b4f5a7426b215 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -72,12 +72,9 @@ my %locationsettings = (
 );
 my %loaded_ipset_lists=();
 
-my @p2ps=();
-
 my $configfwdfw                = "${General::swroot}/firewall/config";
 my $configinput            = "${General::swroot}/firewall/input";
 my $configoutgoing  = "${General::swroot}/firewall/outgoing";
-my $p2pfile                    = "${General::swroot}/firewall/p2protocols";
 my $locationfile               = "${General::swroot}/firewall/locationblock";
 my $configgrp          = "${General::swroot}/fwhosts/customgroups";
 my $netsettings                = "${General::swroot}/ethernet/settings";
@@ -134,9 +131,6 @@ sub main {
                &buildrules(\%configfwdfw);
        }
 
-       # Load P2P block rules.
-       &p2pblock();
-
        # Load Location block rules.
        &locationblock();
 
@@ -656,23 +650,6 @@ sub time_convert_to_minutes {
        return ($hrs * 60) + $min;
 }
 
-sub p2pblock {
-       open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
-       my @protocols = ();
-       foreach my $p2pentry (<FILE>) {
-               my @p2pline = split(/\;/, $p2pentry);
-               next unless ($p2pline[2] eq "off");
-
-               push(@protocols, "--$p2pline[1]");
-       }
-       close(FILE);
-
-       run("$IPTABLES -F P2PBLOCK");
-       if (@protocols) {
-               run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
-       }
-}
-
 sub locationblock {
        # The LOCATIONBLOCK chain now gets flushed by the flush() function.
 
Matthias' tree of IPFire 2.x