ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup.

[people/pmueller/ipfire-2.x.git] / config / cfgroot / ids-functions.pl

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 425b5e5a09cf78f5896eee05c1c40a55a0e4cb17..88734a3caababc80bf42d54384d49d980da55ca4 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -174,28 +174,18 @@ sub downloadruleset {
 
        # Check if an upstream proxy is configured.
        if ($proxysettings{'UPSTREAM_PROXY'}) {
-               my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
                my $proxy_url;
 
-               # Check if we got a peer.
-               if ($peer) {
-                       $proxy_url = "http://";
+               $proxy_url = "http://";
 
-                       # Check if the proxy requires authentication.
-                       if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
-                               $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
-                       }
-
-                       # Add proxy server address and port.
-                       $proxy_url .= "$peer\:$peerport";
-               } else {
-                       # Log error message and break.
-                       &_log_to_syslog("Could not proper configure the proxy server access.");
-
-                       # Return "1" - false.
-                       return 1;
+               # Check if the proxy requires authentication.
+               if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
+                       $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
                }
 
+               # Add proxy server address and port.
+               $proxy_url .= $proxysettings{'UPSTREAM_PROXY'};
+
                # Setup proxy settings.
                $downloader->proxy(['http', 'https'], $proxy_url);
        }
@@ -324,7 +314,7 @@ sub oinkmaster () {
        openlog('oinkmaster', 'cons,pid', 'user');
 
        # Call oinkmaster to generate ruleset.
-       open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
+       open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
 
        # Log output of oinkmaster to syslog.
        while(<OINKMASTER>) {
@@ -582,6 +572,9 @@ sub _cleanup_rulesdir() {
                # Skip element if it has config as file extension.
                next if ($file =~ m/\.config$/);
 
+               # Skip rules file for whitelisted hosts.
+               next if ("$rulespath/$file" eq $whitelist_file);
+
                # Delete the current processed file, if not, exit this function
                # and return an error message.
                unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
@@ -742,9 +735,6 @@ sub write_modify_sids_file($) {
        # Write file header.
        print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
-       # Tune rules to monitor in both directions.
-       print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
-
        # Check if the traffic only should be monitored.
        unless($ruleaction eq "alert") {
                # Tell oinkmaster to switch all rules from alert to drop.