rules.pl: Rewrite P2P protocol filter.
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 12 Apr 2014 13:39:08 +0000 (15:39 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 12 Apr 2014 13:40:14 +0000 (15:40 +0200)
config/firewall/rules.pl

index 5bd7412..2c314d1 100755 (executable)
@@ -495,29 +495,29 @@ sub time_convert_to_minutes {
 }
 
 sub p2pblock {
-       my $P2PSTRING = "";
-       my $DO;
-       open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile";
-       @p2ps = <FILE>;
-       close FILE;
-       my $CMD = "-m ipp2p";
-       foreach my $p2pentry (sort @p2ps) {
-               my @p2pline = split( /\;/, $p2pentry );
-               if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) {
-                       $DO = "ACCEPT";
-                       if ("$p2pline[2]" eq "on") {
-                               $P2PSTRING = "$P2PSTRING --$p2pline[1]";
-                       }
-               }else {
-                       $DO = "RETURN";
-                       if ("$p2pline[2]" eq "off") {
-                               $P2PSTRING = "$P2PSTRING --$p2pline[1]";
-                       }
-               }
+       my $search_action;
+       my $target;
+
+       if ($fwdfwsettings{"POLICY"} eq "MODE1") {
+               $search_action = "on";
+               $target = "ACCEPT";
+       } else {
+               $search_action = "off";
+               $target = "DROP";
+       }
+
+       open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
+       my @protocols = ();
+       foreach my $p2pentry (<FILE>) {
+               my @p2pline = split(/\;/, $p2pentry);
+               next unless ($p2pline[2] eq $search_action);
+
+               push(@protocols, "--$p2pline[1]");
        }
+       close(FILE);
 
-       if($P2PSTRING) {
-               run("$IPTABLES -A FORWARDFW $CMD $P2PSTRING -j $DO");
+       if (@protocols) {
+               run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target");
        }
 }