From: Michael Tremer Date: Sat, 12 Apr 2014 13:39:08 +0000 (+0200) Subject: rules.pl: Rewrite P2P protocol filter. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=766c2f601dc6015a04855420f338eebcd4e815e3 rules.pl: Rewrite P2P protocol filter. --- diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 5bd7412e7..2c314d16e 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -495,29 +495,29 @@ sub time_convert_to_minutes { } sub p2pblock { - my $P2PSTRING = ""; - my $DO; - open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; - @p2ps = ; - close FILE; - my $CMD = "-m ipp2p"; - foreach my $p2pentry (sort @p2ps) { - my @p2pline = split( /\;/, $p2pentry ); - if ( $fwdfwsettings{'POLICY'} eq 'MODE1' ) { - $DO = "ACCEPT"; - if ("$p2pline[2]" eq "on") { - $P2PSTRING = "$P2PSTRING --$p2pline[1]"; - } - }else { - $DO = "RETURN"; - if ("$p2pline[2]" eq "off") { - $P2PSTRING = "$P2PSTRING --$p2pline[1]"; - } - } + my $search_action; + my $target; + + if ($fwdfwsettings{"POLICY"} eq "MODE1") { + $search_action = "on"; + $target = "ACCEPT"; + } else { + $search_action = "off"; + $target = "DROP"; + } + + open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; + my @protocols = (); + foreach my $p2pentry () { + my @p2pline = split(/\;/, $p2pentry); + next unless ($p2pline[2] eq $search_action); + + push(@protocols, "--$p2pline[1]"); } + close(FILE); - if($P2PSTRING) { - run("$IPTABLES -A FORWARDFW $CMD $P2PSTRING -j $DO"); + if (@protocols) { + run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target"); } }