###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
+# Copyright (C) 2007-2011 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
#use warnings;
require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
my %outfwsettings = ();
my %checked = ();
$CMD = "$CMD -o $netsettings{'RED_DEV'}";
- if ($configline[9] eq "aktiv") {
+ if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
+ if ($DEBUG) {
+ print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '\n";
+ } else {
+ system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '");
+ }
+ } elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
if ($DEBUG) {
print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '\n";
} else {
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
usr/sbin/updxlrator
+var/ipfire/outgoing/bin/outgoingfw.pl
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+usr/local/bin/vpn-watch
#Stop services
echo Stopping Proxy
/etc/init.d/squid stop 2>/dev/null
+echo Stopping vpn-watch
+killall vpn-watch
#
#Extract files
#Start services
echo Starting Proxy
/etc/init.d/squid start 2>/dev/null
+echo Rewriting Outgoing FW Rules
+/var/ipfire/outgoing/bin/outgoingfw.pl
+echo Starting vpn-watch
+/usr/local/bin/vpn-watch &
#
#Update Language cache
# Diskspace usage warning
my @temp=();
my $temp2=();
-my @df = `/bin/df -B M -x rootfs`;
+my @df = `/bin/df -B M -P -x rootfs`;
foreach my $line (@df) {
next if $line =~ m/^Filesystem/;
if ($line =~ m/root/ ) {
my $comment = $3;
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 eq "27" ){ $iface="";}
+ $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 eq "27" || $1 eq "20"){ $iface="";}
$packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
$packet =~ /DST=([\d\.]+)/; my $dstaddr=$1;
$packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
print "<table width='95%' cellspacing='5'>\n";
- open(DF,'/bin/df -B M -x rootfs|');
+ open(DF,'/bin/df -P -B M -x rootfs|');
while(<DF>){
if ($_ =~ m/^Filesystem/ ){
print <<END
close DF;
print "<tr><td colspan='7'> \n<tr><td colspan='7'><h3>Inodes</h3>\n";
- open(DF,'/bin/df -i -x rootfs|');
+ open(DF,'/bin/df -P -i -x rootfs|');
while(<DF>){
if ($_ =~ m/^Filesystem/ ){
print <<END
#!/usr/bin/perl
##################################################
-##### VPN-Watch.pl Version 0.5 #####
+##### VPN-Watch.pl Version 0.6 #####
##################################################
# #
# VPN-Watch is part of the IPFire Firewall #
$round++;
# Reset roundcounter after 10 min. To do established check.
- if ($round > 9) { $round=0 }
+ if ($round > 9) { $round=0; }
if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = <FILE>;
close(FILE);
my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip);
if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}}
my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`;
- my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
+ my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
- if ( $ipmatch eq '' ){
+ if ( $round == 0 && $ipmatch eq '' && $status ne ''){
logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec.");
system("/usr/local/bin/ipsecctrl S $settings[0]");
+ $round=0;
last; #all connections will reloaded
#remove this if ipsecctrl can restart single con again
}
- if ( ($round = 0) && ($established eq '')) {
+
+ if ($debug){logger("Round=".$round." and established=".$established);}
+
+ if ( ($round == 0) && ($established eq '')) {
logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec.");
system("/usr/local/bin/ipsecctrl S $settings[0]");
+ $round=0;
last; #all connections will reloaded
#remove this if ipsecctrl can restart single con again