guardian: Remove code for DNS servers.

In the past this code was used to add the DNS servers
to the ignore list and prevent them from being blocked by
guardian.

Because of the switch to suricata as IPS, guardian now prevents
from password brute-forcing on SSH and/or the webserver, so this
code is not longer needed and safly can be removed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 36d84bb5b8454c08a159491dd265c444d8cbb064..71316523fa203536d4499f137ca66777a814a037 100644 (file)
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -280,15 +280,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 
        # File declarations.
        my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
-       my $dns1file = "${General::swroot}/red/dns1";
-       my $dns2file = "${General::swroot}/red/dns2";
 
        # Get gateway address.
-       my $gateway = &_get_address_from_file($gatewayfile);
-
-       # Get addresses from the used dns servers.
-       my $dns1 = &_get_address_from_file($dns1file);
-       my $dns2 = &_get_address_from_file($dns2file);
+       my $gateway = &General::grab_address_from_file($gatewayfile);
 
        # Check if any input has been performed.
        if ($input eq '') {
@@ -306,7 +300,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
        }
 
        # Check if the given input is one of the interface addresses or our gateway.
-       elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") {
+       elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway") {
                $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
        }
 
@@ -989,8 +983,6 @@ sub GenerateIgnoreFile() {
        # File declarations.
        my $public_address_file = "${General::swroot}/red/local-ipaddress";
        my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
-       my $dns1file = "${General::swroot}/red/dns1";
-       my $dns2file = "${General::swroot}/red/dns2";
 
        # Write the obtained addresses to the ignore file.
        print FILE "# IPFire local interfaces.\n";
@@ -1012,8 +1004,6 @@ sub GenerateIgnoreFile() {
        print FILE "# Include the corresponding files to obtain the addresses.\n";
        print FILE "Include_File = $public_address_file\n";
        print FILE "Include_File = $gatewayfile\n";
-       print FILE "Include_File = $dns1file\n";
-       print FILE "Include_File = $dns2file\n";
 
        # Add all user defined hosts and networks to the ignore file.
        #
@@ -1045,33 +1035,3 @@ sub GenerateIgnoreFile() {
 
        close(FILE);
 }
-
-# Private subfunction to obtain IP-addresses from given file names.
-#
-sub _get_address_from_file ($) {
-       my $file = shift;
-
-       # Check if the file exists.
-       if (-e $file) {
-               # Open the given file.
-               open(FILE, "$file") or die "Could not open $file.";
-
-               # Obtain the address from the first line of the file.
-               my $address = <FILE>;
-
-               # Close filehandle
-               close(FILE);
-
-               # Remove newlines.
-               chomp $address;
-
-               # Check if the grabbed address is valid.
-               if (&General::validip($address)) {
-                       # Return the address.
-                       return $address;
-               }
-       }
-
-       # Return nothing.
-       return;
-}

diff --git a/lfs/guardian b/lfs/guardian
index 31d1dcb43ca46843c7179c6d489e5e14d659a5c4..a40480c0c8ad1d5792028bf582e432bf311a3a7e 100644 (file)
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 PROG       = guardian
-PAK_VER    = 17
+PAK_VER    = 18
 
 DEPS       = "perl-inotify2 perl-Net-IP"