Merge branch 'master' into perl_5.12.2

diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl
index 6709ee603fb997c96e695d685aedc56eae240f65..53462db483d99c747e1325e24d4472f02c7eadb2 100644 (file)
--- a/config/outgoingfw/outgoingfw.pl
+++ b/config/outgoingfw/outgoingfw.pl
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2007-2011  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,6 +25,7 @@ use strict;
 #use warnings;
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
 
 my %outfwsettings = ();
 my %checked = ();
@@ -218,7 +219,13 @@ foreach $configentry (sort @configs)
 
                                $CMD = "$CMD -o $netsettings{'RED_DEV'}";
 
-                               if ($configline[9] eq "aktiv") {
+                               if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
+                                       if ($DEBUG) {
+                                               print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '\n";
+                                       } else {
+                                               system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '");
+                                       }
+                               } elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
                                        if ($DEBUG) {
                                                print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '\n";
                                        } else {

diff --git a/config/rootfiles/core/45/filelists/files b/config/rootfiles/core/45/filelists/files
index f6d15ca787a8518bfb95c0cc1181f32b299d80c4..ae685d5382103ccf73dbc49681953ee1e9228c88 100644 (file)
--- a/config/rootfiles/core/45/filelists/files
+++ b/config/rootfiles/core/45/filelists/files
@@ -6,3 +6,6 @@ srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/sbin/updxlrator
+var/ipfire/outgoing/bin/outgoingfw.pl
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+usr/local/bin/vpn-watch

diff --git a/config/rootfiles/core/45/update.sh b/config/rootfiles/core/45/update.sh
index 1197905cd362845ff3b318e7d883e0a3999e754b..d22779172099f7fd2bce7b6b9278ab76a3e9a4e2 100644 (file)
--- a/config/rootfiles/core/45/update.sh
+++ b/config/rootfiles/core/45/update.sh
@@ -28,6 +28,8 @@
 #Stop services
 echo Stopping Proxy
 /etc/init.d/squid stop 2>/dev/null
+echo Stopping vpn-watch
+killall vpn-watch
 
 #
 #Extract files
@@ -37,6 +39,10 @@ extract_files
 #Start services
 echo Starting Proxy
 /etc/init.d/squid start 2>/dev/null
+echo Rewriting Outgoing FW Rules
+/var/ipfire/outgoing/bin/outgoingfw.pl
+echo Starting vpn-watch
+/usr/local/bin/vpn-watch &
 
 #
 #Update Language cache

diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 8e623c96afba617949e4ba5753c76a678a3c6fb8..0dcadb0b2223de184030087642135b1a189c7b5c 100644 (file)
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -407,7 +407,7 @@ if ($used / $mem > 90) {
 # Diskspace usage warning
 my @temp=();
 my $temp2=();
-my @df = `/bin/df -B M -x rootfs`;
+my @df = `/bin/df -B M -P -x rootfs`;
 foreach my $line (@df) {
        next if $line =~ m/^Filesystem/;
        if ($line =~ m/root/ ) {

diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 5979a76791b4618bf4c33425d680445cbd4fd65e..2c4fb14f03aa04dc72513c2249567d9c0c79ed48 100644 (file)
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -333,7 +333,7 @@ foreach $_ (@log)
         my $comment = $3; 
         my $packet = $4;
 
-        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 eq "27" ){ $iface="";}
+        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 eq "27" || $1 eq "20"){ $iface="";}
         $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
         $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
         $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;

diff --git a/html/cgi-bin/media.cgi b/html/cgi-bin/media.cgi
index 6a89ca86774710c29dc19f3398aa800f4b344568..9456c3c220b4072f59435513ba3fe275c88c5be2 100644 (file)
--- a/html/cgi-bin/media.cgi
+++ b/html/cgi-bin/media.cgi
@@ -70,7 +70,7 @@ if ( $querry[0] =~ "sd?" || $querry[0] =~ "hd?" || $querry[0] =~ "xvd??"){
        
        &Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
        print "<table width='95%' cellspacing='5'>\n";
-       open(DF,'/bin/df -B M -x rootfs|');
+       open(DF,'/bin/df -P -B M -x rootfs|');
        while(<DF>){
                if ($_ =~ m/^Filesystem/ ){
                        print <<END
@@ -108,7 +108,7 @@ END
        close DF;
        print "<tr><td colspan='7'>&nbsp;\n<tr><td colspan='7'><h3>Inodes</h3>\n";
 
-       open(DF,'/bin/df -i -x rootfs|');
+       open(DF,'/bin/df -P -i -x rootfs|');
        while(<DF>){
                if ($_ =~ m/^Filesystem/ ){
                        print <<END

diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch
index 0c5f62d59f8c85e6651db7cf13679085d87d6f50..466aaa62dc1725fb6a8dccdb2b7c08643a2167f0 100755 (executable)
--- a/src/scripts/vpn-watch
+++ b/src/scripts/vpn-watch
@@ -1,6 +1,6 @@
 #!/usr/bin/perl 
 ##################################################
-#####     VPN-Watch.pl     Version 0.5       #####
+#####     VPN-Watch.pl     Version 0.6       #####
 ##################################################
 #                                                #
 #   VPN-Watch is part of the IPFire Firewall     #
@@ -32,7 +32,7 @@ while ( $i == 0){
   $round++;
 
    # Reset roundcounter after 10 min. To do established check.
-  if ($round > 9) { $round=0 }
+  if ($round > 9) { $round=0; }
 
   if (open(FILE, "<${General::swroot}/vpn/config")) {    @vpnsettings = <FILE>;
     close(FILE);
@@ -55,17 +55,22 @@ foreach (@vpnsettings){
   my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip);
   if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}}
   my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`;
-  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; 
+  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
   
-  if ( $ipmatch eq '' ){
+  if ( $round == 0 && $ipmatch eq '' && $status ne ''){
     logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again
   }
-  if ( ($round = 0) && ($established eq '')) {
+
+  if ($debug){logger("Round=".$round." and established=".$established);}
+
+  if ( ($round == 0) && ($established eq '')) {
     logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again