From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 29 Apr 2016 08:55:32 +0000 (+0200)
Subject: guardian.cgi: Add function to generate the guardian.ignore file.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=97849142bd882820c336bec357b62381cae8a5c4;p=people%2Fms%2Fipfire-2.x.git

guardian.cgi: Add function to generate the guardian.ignore file.

This function is responsible for collecting all required data,
like the green, blue, orange (if the interfaces are available),
red, gateway and used DNS server IP-addresses.

It will add als these addresses and the configured and enabled
user-defined ignored addresses/networks to the ignore file of
guardian to prevent from blocking any of them.

Note:

The IPFire and RED inteface related addresses also will be added
to the ignore file, even if there is no user-defined entry in the
list.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index eddbb6e956..634f87d534 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -202,7 +202,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 		&General::writehasharray($ignoredfile, \%ignored);
 
 		# Regenerate the ignore file.
-		# &GenerateIgnoreFile();
+		&GenerateIgnoreFile();
 	}
 
 	# Check if guardian is running.
@@ -245,7 +245,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 		&General::writehasharray($ignoredfile, \%ignored);
 
 		# Regenerate the ignore file.
-		# &GenerateIgnoreFile();
+		&GenerateIgnoreFile();
 
 		# Check if guardian is running.
 		if ($pid > 0) {
@@ -272,7 +272,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	&General::writehasharray($ignoredfile, \%ignored);
 
 	# Regenerate the ignore file.
-	# &GenerateIgnoreFile();
+	&GenerateIgnoreFile();
 
 	# Check if guardian is running.
 	if ($pid > 0) {
@@ -928,3 +928,119 @@ sub BuildConfiguration() {
 		system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
 	}
 }
+
+sub GenerateIgnoreFile() {
+	my %ignored = ();
+
+	# Read-in ignoredfile.
+	&General::readhasharray($ignoredfile, \%ignored);
+
+	# Open ignorefile for writing.
+	open(FILE, ">$ignorefile");
+
+	# Config file header.
+	print FILE "# Autogenerated configuration file.\n";
+	print FILE "# All user modifications will be overwritten.\n\n";
+
+	# Add IFPire interfaces and gateway to the ignore file.
+	#
+	# Assign some temporary variables for the IPFire interfaces.
+	my $green = $netsettings{'GREEN_ADDRESS'};
+	my $blue = $netsettings{'BLUE_ADDRESS'};
+	my $orange = $netsettings{'ORANGE_ADDRESS'};
+	my $red = $netsettings{'RED_ADDRESS'};
+
+	# File declarations.
+	my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
+	my $dns1file = "${General::swroot}/red/dns1";
+	my $dns2file = "${General::swroot}/red/dns2";
+
+	# Get gateway address.
+	my $gateway = &_get_address_from_file($gatewayfile);
+
+	# Get addresses from the used dns servers.
+	my $dns1 = &_get_address_from_file($dns1file);
+	my $dns2 = &_get_address_from_file($dns2file);
+
+	# Write the obtained addresses to the ignore file.
+	print FILE "# IPFire local interfaces.\n";
+	print FILE "$green\n";
+
+	# Check if a blue interface exists.
+	if ($blue) {
+		# Add blue address.
+		print FILE "$blue\n";
+	}
+
+	# Check if an orange interface exists.
+	if ($orange) {
+		# Add orange address.
+		print FILE "$orange\n";
+	}
+
+	print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n";
+	print FILE "$red\n";
+	print FILE "$gateway\n";
+	print FILE "$dns1\n";
+	print FILE "$dns2\n";
+
+	# Add all user defined hosts and networks to the ignore file.
+	#
+	# Check if the hash contains any elements.
+	if (keys (%ignored)) {
+		# Write headline.
+		print FILE "# User defined hosts/networks.\n";
+
+		# Loop through the entire hash and write the host/network
+		# and remark to the ignore file.
+		while ( (my $key) = each %ignored) {
+			my $address = $ignored{$key}[0];
+			my $remark = $ignored{$key}[1];
+			my $status = $ignored{$key}[2];
+
+			# Check if the status of the entry is "enabled".
+			if ($status eq "enabled") {
+				# Check if the address/network is valid.
+				if ((&General::validip($address)) || (&General::validipandmask($address))) {
+					# Write the remark to the file.
+					print FILE "# $remark\n";
+
+					# Write the address/network to the ignore file.
+					print FILE "$address\n\n";
+				}
+			}
+                }
+	}
+
+	close(FILE);
+}
+
+# Private subfunction to obtain IP-addresses from given file names.
+#
+sub _get_address_from_file ($) {
+	my $file = shift;
+
+	# Check if the file exists.
+	if (-e $file) {
+		# Open the given file.
+		open(FILE, "$file") or die "Could not open $file.";
+
+		# Obtain the address from the first line of the file.
+		my $address = <FILE>;
+
+		# Close filehandle
+		close(FILE);
+
+		# Remove newlines.
+		chomp $address;
+
+		# Check if the grabbed address is valid.
+		if (&General::validip($address)) {
+			# Return the address.
+			return $address;
+		}
+	}
+
+	# Return nothing.
+	return;
+}