[PATCH 1/4] firewall: Drop support for blocking P2P protocols.

[PATCH 1/4] firewall: Drop support for blocking P2P protocols.

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1928 bytes --]

The main P2P (peer-to-peer) aera has passed for several year now, so
this kind of feature is realy out-dated.

The feature only supports a handfull of P2P protocols (mostly unencrypted)
for applications, which have been superseeded by various other
applications and protocols.

So, this fairly is not longer required and safely can be dropped.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/rules.pl | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9d280045a..fea6874a4 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -70,12 +70,9 @@ my %locationsettings = (
 	"LOCATIONBLOCK_ENABLED" => "off"
 );
 
-my @p2ps=();
-
 my $configfwdfw		= "${General::swroot}/firewall/config";
 my $configinput	    = "${General::swroot}/firewall/input";
 my $configoutgoing  = "${General::swroot}/firewall/outgoing";
-my $p2pfile			= "${General::swroot}/firewall/p2protocols";
 my $locationfile		= "${General::swroot}/firewall/locationblock";
 my $configgrp		= "${General::swroot}/fwhosts/customgroups";
 my $netsettings		= "${General::swroot}/ethernet/settings";
@@ -125,9 +122,6 @@ sub main {
 		&buildrules(\%configfwdfw);
 	}
 
-	# Load P2P block rules.
-	&p2pblock();
-
 	# Load Location block rules.
 	&locationblock();
 
@@ -620,23 +614,6 @@ sub time_convert_to_minutes {
 	return ($hrs * 60) + $min;
 }
 
-sub p2pblock {
-	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
-	my @protocols = ();
-	foreach my $p2pentry (<FILE>) {
-		my @p2pline = split(/\;/, $p2pentry);
-		next unless ($p2pline[2] eq "off");
-
-		push(@protocols, "--$p2pline[1]");
-	}
-	close(FILE);
-
-	run("$IPTABLES -F P2PBLOCK");
-	if (@protocols) {
-		run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
-	}
-}
-
 sub locationblock {
 	# Flush iptables chain.
 	run("$IPTABLES -F LOCATIONBLOCK");
-- 
2.30.2

[PATCH 2/4] configroot: Drop config file for p2protocols.

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1955 bytes --]

The support for creating P2P based rules has been removed from the
firewall. So this file is not longer needed.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/p2protocols        | 9 ---------
 config/rootfiles/common/configroot | 1 -
 lfs/configroot                     | 1 -
 3 files changed, 11 deletions(-)
 delete mode 100644 config/firewall/p2protocols

diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols
deleted file mode 100644
index d8998095c..000000000
--- a/config/firewall/p2protocols
+++ /dev/null
@@ -1,9 +0,0 @@
-Applejuice;apple;on;
-Ares;ares;on;
-Bittorrent;bit;on;
-DirectConnect;dc;on;
-Edonkey;edk;on;
-Gnutella;gnu;on;
-KaZaA;kazaa;on;
-SoulSeek;soul;on;
-WinMX;winmx;on;
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 904c718c3..fef5ffbcf 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -63,7 +63,6 @@ var/ipfire/firewall
 #var/ipfire/firewall/input
 #var/ipfire/firewall/locationblock
 #var/ipfire/firewall/outgoing
-#var/ipfire/firewall/p2protocols
 #var/ipfire/firewall/settings
 var/ipfire/fwhosts
 #var/ipfire/fwhosts/customgroups
diff --git a/lfs/configroot b/lfs/configroot
index 9f3188aab..b836767c1 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -105,7 +105,6 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/firewall/convert-outgoingfw	/usr/sbin/convert-outgoingfw
 	cp $(DIR_SRC)/config/firewall/convert-dmz	/usr/sbin/convert-dmz
 	cp $(DIR_SRC)/config/firewall/convert-portfw	/usr/sbin/convert-portfw
-	cp $(DIR_SRC)/config/firewall/p2protocols		$(CONFIG_ROOT)/firewall/p2protocols
 	cp $(DIR_SRC)/config/firewall/firewall-policy	/usr/sbin/firewall-policy
 	cp $(DIR_SRC)/config/fwhosts/icmp-types			$(CONFIG_ROOT)/fwhosts/icmp-types
 	cp $(DIR_SRC)/config/fwhosts/customservices		$(CONFIG_ROOT)/fwhosts/customservices
-- 
2.30.2

[PATCH 3/4] p2p-block.cgi: Drop CGI.

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 6371 bytes --]

The support for creating P2P based rules has been removed from the
firewall. So this CGI file is not longer needed.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/rootfiles/common/web-user-interface |   1 -
 html/cgi-bin/p2p-block.cgi                 | 154 ---------------------
 2 files changed, 155 deletions(-)
 delete mode 100644 html/cgi-bin/p2p-block.cgi

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index a908053b1..a5973f9e4 100644
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
 srv/web/ipfire/cgi-bin/netovpnsrv.cgi
 srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
-srv/web/ipfire/cgi-bin/p2p-block.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
deleted file mode 100644
index d14725504..000000000
--- a/html/cgi-bin/p2p-block.cgi
+++ /dev/null
@@ -1,154 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2013                                                          #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-# Author: Alexander Marx (Amarx(a)ipfire.org)                                   #
-###############################################################################
-
-use strict;
-no warnings 'uninitialized';
-# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-
-my $errormessage = '';
-my $notice;
-my $p2pfile = "${General::swroot}/firewall/p2protocols";
-
-my @p2ps = ();
-my %fwdfwsettings = ();
-my %color = ();
-my %mainsettings = ();
-
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
-
-&Header::showhttpheaders();
-&Header::getcgihash(\%fwdfwsettings);
-
-if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
-	open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";
-	@p2ps = <FILE>;
-	close FILE;
-	open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";
-	foreach my $p2pentry (sort @p2ps) {
-		my @p2pline = split( /\;/, $p2pentry);
-		if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
-			if ($p2pline[2] eq 'on') {
-				$p2pline[2] = 'off';
-			} else {
-				$p2pline[2] = 'on';
-			}
-		}
-		print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
-	}
-	close FILE;
-
-	&General::firewall_config_changed();
-
-	$notice = $Lang::tr{'p2p block save notice'};
-}
-
-&Header::openpage($Lang::tr{'p2p block'}, 1, '');
-&Header::openbigbox('100%', 'center', $errormessage);
-
-if ($notice) {
-    &Header::openbox('100%', 'left', $Lang::tr{'notice'});
-    print "<font class='base'>$notice</font>";
-    &Header::closebox();
-}
-
-my $gif;
-
-open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
-(a)p2ps = <FILE>;
-close FILE;
-
-&Header::openbox('100%', 'center',);
-print <<END;
-	<table width='35%' class='tbl'>
-		<tr>
-			<th align='center' colspan='2' bgcolor='$color{'color22'}' >
-				<b>$Lang::tr{'protocol'}</b>
-			</th>
-			<th align='center' bgcolor='$color{'color22'}' >
-				<b>$Lang::tr{'status'}</b>
-			</th>
-		</tr>
-END
-my $lines=0;
-my $col="";
-foreach my $p2pentry (sort @p2ps) {
-	my @p2pline = split( /\;/, $p2pentry);
-	if ($p2pline[2] eq 'on') {
-		$gif = "/images/on.gif"
-	} else {
-		$gif = "/images/off.gif"
-	}
-	if ($lines % 2) {
-                print "<tr>";
-                $col="bgcolor='$color{'color20'}'"; }
-        else {
-                print "<tr>";
-                $col="bgcolor='$color{'color22'}'"; }
-	print <<END;
-			<td align='center' colspan='2' $col>
-				$p2pline[0]:
-			</td>
-			<td align='center' $col>
-				<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-					<input type='hidden' name='P2PROT' value='$p2pline[1]'>
-					<input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
-					<input type='hidden' name='ACTION' value='togglep2p'>
-				</form>
-			</td>
-		</tr>
-END
-$lines++;
-}
-
-print <<END;
-</table><table>
-		<tr>
-			<td>
-				<img src='/images/on.gif'>
-			</td>
-			<td>
-				$Lang::tr{'outgoing firewall p2p allow'}
-			</td>
-		</tr>
-		<tr>
-			<td>
-				<img src='/images/off.gif'>
-			</td>
-			<td>
-				$Lang::tr{'outgoing firewall p2p deny'}
-			</td>
-		</tr>
-	</table>
-END
-
-&Header::closebox();
-
-&Header::closebigbox();
-&Header::closepage();
-- 
2.30.2

[PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 821 bytes --]

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/menu/50-firewall.menu | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 6ae9687dc..aa67d9007 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -21,12 +21,6 @@
                                 'title' => "$Lang::tr{'intrusion detection system'}",
 				'enabled' => 1,
                                 };
-	$subfirewall->{'50.p2p'} = {
-				'caption' => $Lang::tr{'p2p block'},
-				'uri' => '/cgi-bin/p2p-block.cgi',
-				'title' => "P2P-Block",
-				'enabled' => 1,
-				};
     $subfirewall->{'60.locationblock'} = {
 				'caption' => $Lang::tr{'locationblock'},
 				'uri' => '/cgi-bin/location-block.cgi',
-- 
2.30.2

Re: [PATCH 1/4] firewall: Drop support for blocking P2P protocols.

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 2100 bytes --]

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> The main P2P (peer-to-peer) aera has passed for several year now, so
> this kind of feature is realy out-dated.
> 
> The feature only supports a handfull of P2P protocols (mostly unencrypted)
> for applications, which have been superseeded by various other
> applications and protocols.
> 
> So, this fairly is not longer required and safely can be dropped.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 23 -----------------------
>  1 file changed, 23 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 9d280045a..fea6874a4 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -70,12 +70,9 @@ my %locationsettings = (
>  	"LOCATIONBLOCK_ENABLED" => "off"
>  );
>  
> -my @p2ps=();
> -
>  my $configfwdfw		= "${General::swroot}/firewall/config";
>  my $configinput	    = "${General::swroot}/firewall/input";
>  my $configoutgoing  = "${General::swroot}/firewall/outgoing";
> -my $p2pfile			= "${General::swroot}/firewall/p2protocols";
>  my $locationfile		= "${General::swroot}/firewall/locationblock";
>  my $configgrp		= "${General::swroot}/fwhosts/customgroups";
>  my $netsettings		= "${General::swroot}/ethernet/settings";
> @@ -125,9 +122,6 @@ sub main {
>  		&buildrules(\%configfwdfw);
>  	}
>  
> -	# Load P2P block rules.
> -	&p2pblock();
> -
>  	# Load Location block rules.
>  	&locationblock();
>  
> @@ -620,23 +614,6 @@ sub time_convert_to_minutes {
>  	return ($hrs * 60) + $min;
>  }
>  
> -sub p2pblock {
> -	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -	my @protocols = ();
> -	foreach my $p2pentry (<FILE>) {
> -		my @p2pline = split(/\;/, $p2pentry);
> -		next unless ($p2pline[2] eq "off");
> -
> -		push(@protocols, "--$p2pline[1]");
> -	}
> -	close(FILE);
> -
> -	run("$IPTABLES -F P2PBLOCK");
> -	if (@protocols) {
> -		run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
> -	}
> -}
> -
>  sub locationblock {
>  	# Flush iptables chain.
>  	run("$IPTABLES -F LOCATIONBLOCK");

Re: [PATCH 2/4] configroot: Drop config file for p2protocols.

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 2099 bytes --]

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> The support for creating P2P based rules has been removed from the
> firewall. So this file is not longer needed.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/p2protocols        | 9 ---------
>  config/rootfiles/common/configroot | 1 -
>  lfs/configroot                     | 1 -
>  3 files changed, 11 deletions(-)
>  delete mode 100644 config/firewall/p2protocols
> 
> diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols
> deleted file mode 100644
> index d8998095c..000000000
> --- a/config/firewall/p2protocols
> +++ /dev/null
> @@ -1,9 +0,0 @@
> -Applejuice;apple;on;
> -Ares;ares;on;
> -Bittorrent;bit;on;
> -DirectConnect;dc;on;
> -Edonkey;edk;on;
> -Gnutella;gnu;on;
> -KaZaA;kazaa;on;
> -SoulSeek;soul;on;
> -WinMX;winmx;on;
> diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
> index 904c718c3..fef5ffbcf 100644
> --- a/config/rootfiles/common/configroot
> +++ b/config/rootfiles/common/configroot
> @@ -63,7 +63,6 @@ var/ipfire/firewall
>  #var/ipfire/firewall/input
>  #var/ipfire/firewall/locationblock
>  #var/ipfire/firewall/outgoing
> -#var/ipfire/firewall/p2protocols
>  #var/ipfire/firewall/settings
>  var/ipfire/fwhosts
>  #var/ipfire/fwhosts/customgroups
> diff --git a/lfs/configroot b/lfs/configroot
> index 9f3188aab..b836767c1 100644
> --- a/lfs/configroot
> +++ b/lfs/configroot
> @@ -105,7 +105,6 @@ $(TARGET) :
>  	cp $(DIR_SRC)/config/firewall/convert-outgoingfw	/usr/sbin/convert-outgoingfw
>  	cp $(DIR_SRC)/config/firewall/convert-dmz	/usr/sbin/convert-dmz
>  	cp $(DIR_SRC)/config/firewall/convert-portfw	/usr/sbin/convert-portfw
> -	cp $(DIR_SRC)/config/firewall/p2protocols		$(CONFIG_ROOT)/firewall/p2protocols
>  	cp $(DIR_SRC)/config/firewall/firewall-policy	/usr/sbin/firewall-policy
>  	cp $(DIR_SRC)/config/fwhosts/icmp-types			$(CONFIG_ROOT)/fwhosts/icmp-types
>  	cp $(DIR_SRC)/config/fwhosts/customservices		$(CONFIG_ROOT)/fwhosts/customservices

Re: [PATCH 3/4] p2p-block.cgi: Drop CGI.

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 6779 bytes --]

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> The support for creating P2P based rules has been removed from the
> firewall. So this CGI file is not longer needed.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/rootfiles/common/web-user-interface |   1 -
>  html/cgi-bin/p2p-block.cgi                 | 154 ---------------------
>  2 files changed, 155 deletions(-)
>  delete mode 100644 html/cgi-bin/p2p-block.cgi
> 
> diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
> index a908053b1..a5973f9e4 100644
> --- a/config/rootfiles/common/web-user-interface
> +++ b/config/rootfiles/common/web-user-interface
> @@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
>  srv/web/ipfire/cgi-bin/netovpnsrv.cgi
>  srv/web/ipfire/cgi-bin/optionsfw.cgi
>  srv/web/ipfire/cgi-bin/ovpnmain.cgi
> -srv/web/ipfire/cgi-bin/p2p-block.cgi
>  srv/web/ipfire/cgi-bin/pakfire.cgi
>  srv/web/ipfire/cgi-bin/pppsetup.cgi
>  srv/web/ipfire/cgi-bin/proxy.cgi
> diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
> deleted file mode 100644
> index d14725504..000000000
> --- a/html/cgi-bin/p2p-block.cgi
> +++ /dev/null
> @@ -1,154 +0,0 @@
> -#!/usr/bin/perl
> -###############################################################################
> -#                                                                             #
> -# IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2013                                                          #
> -#                                                                             #
> -# This program is free software: you can redistribute it and/or modify        #
> -# it under the terms of the GNU General Public License as published by        #
> -# the Free Software Foundation, either version 3 of the License, or           #
> -# (at your option) any later version.                                         #
> -#                                                                             #
> -# This program is distributed in the hope that it will be useful,             #
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
> -# GNU General Public License for more details.                                #
> -#                                                                             #
> -# You should have received a copy of the GNU General Public License           #
> -# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
> -#                                                                             #
> -###############################################################################
> -# Author: Alexander Marx (Amarx(a)ipfire.org)                                   #
> -###############################################################################
> -
> -use strict;
> -no warnings 'uninitialized';
> -# enable only the following on debugging purpose
> -#use warnings;
> -#use CGI::Carp 'fatalsToBrowser';
> -
> -require '/var/ipfire/general-functions.pl';
> -require "${General::swroot}/lang.pl";
> -require "${General::swroot}/header.pl";
> -
> -my $errormessage = '';
> -my $notice;
> -my $p2pfile = "${General::swroot}/firewall/p2protocols";
> -
> -my @p2ps = ();
> -my %fwdfwsettings = ();
> -my %color = ();
> -my %mainsettings = ();
> -
> -&General::readhash("${General::swroot}/main/settings", \%mainsettings);
> -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
> -
> -&Header::showhttpheaders();
> -&Header::getcgihash(\%fwdfwsettings);
> -
> -if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
> -	open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -	@p2ps = <FILE>;
> -	close FILE;
> -	open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";
> -	foreach my $p2pentry (sort @p2ps) {
> -		my @p2pline = split( /\;/, $p2pentry);
> -		if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
> -			if ($p2pline[2] eq 'on') {
> -				$p2pline[2] = 'off';
> -			} else {
> -				$p2pline[2] = 'on';
> -			}
> -		}
> -		print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
> -	}
> -	close FILE;
> -
> -	&General::firewall_config_changed();
> -
> -	$notice = $Lang::tr{'p2p block save notice'};
> -}
> -
> -&Header::openpage($Lang::tr{'p2p block'}, 1, '');
> -&Header::openbigbox('100%', 'center', $errormessage);
> -
> -if ($notice) {
> -    &Header::openbox('100%', 'left', $Lang::tr{'notice'});
> -    print "<font class='base'>$notice</font>";
> -    &Header::closebox();
> -}
> -
> -my $gif;
> -
> -open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -(a)p2ps = <FILE>;
> -close FILE;
> -
> -&Header::openbox('100%', 'center',);
> -print <<END;
> -	<table width='35%' class='tbl'>
> -		<tr>
> -			<th align='center' colspan='2' bgcolor='$color{'color22'}' >
> -				<b>$Lang::tr{'protocol'}</b>
> -			</th>
> -			<th align='center' bgcolor='$color{'color22'}' >
> -				<b>$Lang::tr{'status'}</b>
> -			</th>
> -		</tr>
> -END
> -my $lines=0;
> -my $col="";
> -foreach my $p2pentry (sort @p2ps) {
> -	my @p2pline = split( /\;/, $p2pentry);
> -	if ($p2pline[2] eq 'on') {
> -		$gif = "/images/on.gif"
> -	} else {
> -		$gif = "/images/off.gif"
> -	}
> -	if ($lines % 2) {
> -                print "<tr>";
> -                $col="bgcolor='$color{'color20'}'"; }
> -        else {
> -                print "<tr>";
> -                $col="bgcolor='$color{'color22'}'"; }
> -	print <<END;
> -			<td align='center' colspan='2' $col>
> -				$p2pline[0]:
> -			</td>
> -			<td align='center' $col>
> -				<form method='post' action='$ENV{'SCRIPT_NAME'}'>
> -					<input type='hidden' name='P2PROT' value='$p2pline[1]'>
> -					<input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
> -					<input type='hidden' name='ACTION' value='togglep2p'>
> -				</form>
> -			</td>
> -		</tr>
> -END
> -$lines++;
> -}
> -
> -print <<END;
> -</table><table>
> -		<tr>
> -			<td>
> -				<img src='/images/on.gif'>
> -			</td>
> -			<td>
> -				$Lang::tr{'outgoing firewall p2p allow'}
> -			</td>
> -		</tr>
> -		<tr>
> -			<td>
> -				<img src='/images/off.gif'>
> -			</td>
> -			<td>
> -				$Lang::tr{'outgoing firewall p2p deny'}
> -			</td>
> -		</tr>
> -	</table>
> -END
> -
> -&Header::closebox();
> -
> -&Header::closebigbox();
> -&Header::closepage();

Re: [PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 909 bytes --]

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/menu/50-firewall.menu | 6 ------
>  1 file changed, 6 deletions(-)
> 
> diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
> index 6ae9687dc..aa67d9007 100644
> --- a/config/menu/50-firewall.menu
> +++ b/config/menu/50-firewall.menu
> @@ -21,12 +21,6 @@
>                                  'title' => "$Lang::tr{'intrusion detection system'}",
>  				'enabled' => 1,
>                                  };
> -	$subfirewall->{'50.p2p'} = {
> -				'caption' => $Lang::tr{'p2p block'},
> -				'uri' => '/cgi-bin/p2p-block.cgi',
> -				'title' => "P2P-Block",
> -				'enabled' => 1,
> -				};
>      $subfirewall->{'60.locationblock'} = {
>  				'caption' => $Lang::tr{'locationblock'},
>  				'uri' => '/cgi-bin/location-block.cgi',

Re: [PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1008 bytes --]

Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 19:03, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/menu/50-firewall.menu | 6 ------
> 1 file changed, 6 deletions(-)
> 
> diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
> index 6ae9687dc..aa67d9007 100644
> --- a/config/menu/50-firewall.menu
> +++ b/config/menu/50-firewall.menu
> @@ -21,12 +21,6 @@
>                                 'title' => "$Lang::tr{'intrusion detection system'}",
> 				'enabled' => 1,
>                                 };
> -	$subfirewall->{'50.p2p'} = {
> -				'caption' => $Lang::tr{'p2p block'},
> -				'uri' => '/cgi-bin/p2p-block.cgi',
> -				'title' => "P2P-Block",
> -				'enabled' => 1,
> -				};
>     $subfirewall->{'60.locationblock'} = {
> 				'caption' => $Lang::tr{'locationblock'},
> 				'uri' => '/cgi-bin/location-block.cgi',
> -- 
> 2.30.2
> 

Re: [PATCH 3/4] p2p-block.cgi: Drop CGI.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 6876 bytes --]

Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 19:03, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> The support for creating P2P based rules has been removed from the
> firewall. So this CGI file is not longer needed.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/rootfiles/common/web-user-interface |   1 -
> html/cgi-bin/p2p-block.cgi                 | 154 ---------------------
> 2 files changed, 155 deletions(-)
> delete mode 100644 html/cgi-bin/p2p-block.cgi
> 
> diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
> index a908053b1..a5973f9e4 100644
> --- a/config/rootfiles/common/web-user-interface
> +++ b/config/rootfiles/common/web-user-interface
> @@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
> srv/web/ipfire/cgi-bin/netovpnsrv.cgi
> srv/web/ipfire/cgi-bin/optionsfw.cgi
> srv/web/ipfire/cgi-bin/ovpnmain.cgi
> -srv/web/ipfire/cgi-bin/p2p-block.cgi
> srv/web/ipfire/cgi-bin/pakfire.cgi
> srv/web/ipfire/cgi-bin/pppsetup.cgi
> srv/web/ipfire/cgi-bin/proxy.cgi
> diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi
> deleted file mode 100644
> index d14725504..000000000
> --- a/html/cgi-bin/p2p-block.cgi
> +++ /dev/null
> @@ -1,154 +0,0 @@
> -#!/usr/bin/perl
> -###############################################################################
> -#                                                                             #
> -# IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2013                                                          #
> -#                                                                             #
> -# This program is free software: you can redistribute it and/or modify        #
> -# it under the terms of the GNU General Public License as published by        #
> -# the Free Software Foundation, either version 3 of the License, or           #
> -# (at your option) any later version.                                         #
> -#                                                                             #
> -# This program is distributed in the hope that it will be useful,             #
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
> -# GNU General Public License for more details.                                #
> -#                                                                             #
> -# You should have received a copy of the GNU General Public License           #
> -# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
> -#                                                                             #
> -###############################################################################
> -# Author: Alexander Marx (Amarx(a)ipfire.org)                                   #
> -###############################################################################
> -
> -use strict;
> -no warnings 'uninitialized';
> -# enable only the following on debugging purpose
> -#use warnings;
> -#use CGI::Carp 'fatalsToBrowser';
> -
> -require '/var/ipfire/general-functions.pl';
> -require "${General::swroot}/lang.pl";
> -require "${General::swroot}/header.pl";
> -
> -my $errormessage = '';
> -my $notice;
> -my $p2pfile = "${General::swroot}/firewall/p2protocols";
> -
> -my @p2ps = ();
> -my %fwdfwsettings = ();
> -my %color = ();
> -my %mainsettings = ();
> -
> -&General::readhash("${General::swroot}/main/settings", \%mainsettings);
> -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
> -
> -&Header::showhttpheaders();
> -&Header::getcgihash(\%fwdfwsettings);
> -
> -if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
> -	open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -	@p2ps = <FILE>;
> -	close FILE;
> -	open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";
> -	foreach my $p2pentry (sort @p2ps) {
> -		my @p2pline = split( /\;/, $p2pentry);
> -		if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
> -			if ($p2pline[2] eq 'on') {
> -				$p2pline[2] = 'off';
> -			} else {
> -				$p2pline[2] = 'on';
> -			}
> -		}
> -		print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
> -	}
> -	close FILE;
> -
> -	&General::firewall_config_changed();
> -
> -	$notice = $Lang::tr{'p2p block save notice'};
> -}
> -
> -&Header::openpage($Lang::tr{'p2p block'}, 1, '');
> -&Header::openbigbox('100%', 'center', $errormessage);
> -
> -if ($notice) {
> -    &Header::openbox('100%', 'left', $Lang::tr{'notice'});
> -    print "<font class='base'>$notice</font>";
> -    &Header::closebox();
> -}
> -
> -my $gif;
> -
> -open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -(a)p2ps = <FILE>;
> -close FILE;
> -
> -&Header::openbox('100%', 'center',);
> -print <<END;
> -	<table width='35%' class='tbl'>
> -		<tr>
> -			<th align='center' colspan='2' bgcolor='$color{'color22'}' >
> -				<b>$Lang::tr{'protocol'}</b>
> -			</th>
> -			<th align='center' bgcolor='$color{'color22'}' >
> -				<b>$Lang::tr{'status'}</b>
> -			</th>
> -		</tr>
> -END
> -my $lines=0;
> -my $col="";
> -foreach my $p2pentry (sort @p2ps) {
> -	my @p2pline = split( /\;/, $p2pentry);
> -	if ($p2pline[2] eq 'on') {
> -		$gif = "/images/on.gif"
> -	} else {
> -		$gif = "/images/off.gif"
> -	}
> -	if ($lines % 2) {
> -                print "<tr>";
> -                $col="bgcolor='$color{'color20'}'"; }
> -        else {
> -                print "<tr>";
> -                $col="bgcolor='$color{'color22'}'"; }
> -	print <<END;
> -			<td align='center' colspan='2' $col>
> -				$p2pline[0]:
> -			</td>
> -			<td align='center' $col>
> -				<form method='post' action='$ENV{'SCRIPT_NAME'}'>
> -					<input type='hidden' name='P2PROT' value='$p2pline[1]'>
> -					<input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
> -					<input type='hidden' name='ACTION' value='togglep2p'>
> -				</form>
> -			</td>
> -		</tr>
> -END
> -$lines++;
> -}
> -
> -print <<END;
> -</table><table>
> -		<tr>
> -			<td>
> -				<img src='/images/on.gif'>
> -			</td>
> -			<td>
> -				$Lang::tr{'outgoing firewall p2p allow'}
> -			</td>
> -		</tr>
> -		<tr>
> -			<td>
> -				<img src='/images/off.gif'>
> -			</td>
> -			<td>
> -				$Lang::tr{'outgoing firewall p2p deny'}
> -			</td>
> -		</tr>
> -	</table>
> -END
> -
> -&Header::closebox();
> -
> -&Header::closebigbox();
> -&Header::closepage();
> -- 
> 2.30.2
> 

Re: [PATCH 2/4] configroot: Drop config file for p2protocols.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2279 bytes --]

Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 21:11, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
> 
>> The support for creating P2P based rules has been removed from the
>> firewall. So this file is not longer needed.
>> 
>> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
>> ---
>> config/firewall/p2protocols        | 9 ---------
>> config/rootfiles/common/configroot | 1 -
>> lfs/configroot                     | 1 -
>> 3 files changed, 11 deletions(-)
>> delete mode 100644 config/firewall/p2protocols
>> 
>> diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols
>> deleted file mode 100644
>> index d8998095c..000000000
>> --- a/config/firewall/p2protocols
>> +++ /dev/null
>> @@ -1,9 +0,0 @@
>> -Applejuice;apple;on;
>> -Ares;ares;on;
>> -Bittorrent;bit;on;
>> -DirectConnect;dc;on;
>> -Edonkey;edk;on;
>> -Gnutella;gnu;on;
>> -KaZaA;kazaa;on;
>> -SoulSeek;soul;on;
>> -WinMX;winmx;on;
>> diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
>> index 904c718c3..fef5ffbcf 100644
>> --- a/config/rootfiles/common/configroot
>> +++ b/config/rootfiles/common/configroot
>> @@ -63,7 +63,6 @@ var/ipfire/firewall
>> #var/ipfire/firewall/input
>> #var/ipfire/firewall/locationblock
>> #var/ipfire/firewall/outgoing
>> -#var/ipfire/firewall/p2protocols
>> #var/ipfire/firewall/settings
>> var/ipfire/fwhosts
>> #var/ipfire/fwhosts/customgroups
>> diff --git a/lfs/configroot b/lfs/configroot
>> index 9f3188aab..b836767c1 100644
>> --- a/lfs/configroot
>> +++ b/lfs/configroot
>> @@ -105,7 +105,6 @@ $(TARGET) :
>> 	cp $(DIR_SRC)/config/firewall/convert-outgoingfw	/usr/sbin/convert-outgoingfw
>> 	cp $(DIR_SRC)/config/firewall/convert-dmz	/usr/sbin/convert-dmz
>> 	cp $(DIR_SRC)/config/firewall/convert-portfw	/usr/sbin/convert-portfw
>> -	cp $(DIR_SRC)/config/firewall/p2protocols		$(CONFIG_ROOT)/firewall/p2protocols
>> 	cp $(DIR_SRC)/config/firewall/firewall-policy	/usr/sbin/firewall-policy
>> 	cp $(DIR_SRC)/config/fwhosts/icmp-types			$(CONFIG_ROOT)/fwhosts/icmp-types
>> 	cp $(DIR_SRC)/config/fwhosts/customservices		$(CONFIG_ROOT)/fwhosts/customservices

Re: [PATCH 1/4] firewall: Drop support for blocking P2P protocols.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2277 bytes --]

Thank you for this.

Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 19:03, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> The main P2P (peer-to-peer) aera has passed for several year now, so
> this kind of feature is realy out-dated.
> 
> The feature only supports a handfull of P2P protocols (mostly unencrypted)
> for applications, which have been superseeded by various other
> applications and protocols.
> 
> So, this fairly is not longer required and safely can be dropped.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/firewall/rules.pl | 23 -----------------------
> 1 file changed, 23 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 9d280045a..fea6874a4 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -70,12 +70,9 @@ my %locationsettings = (
> 	"LOCATIONBLOCK_ENABLED" => "off"
> );
> 
> -my @p2ps=();
> -
> my $configfwdfw		= "${General::swroot}/firewall/config";
> my $configinput	    = "${General::swroot}/firewall/input";
> my $configoutgoing  = "${General::swroot}/firewall/outgoing";
> -my $p2pfile			= "${General::swroot}/firewall/p2protocols";
> my $locationfile		= "${General::swroot}/firewall/locationblock";
> my $configgrp		= "${General::swroot}/fwhosts/customgroups";
> my $netsettings		= "${General::swroot}/ethernet/settings";
> @@ -125,9 +122,6 @@ sub main {
> 		&buildrules(\%configfwdfw);
> 	}
> 
> -	# Load P2P block rules.
> -	&p2pblock();
> -
> 	# Load Location block rules.
> 	&locationblock();
> 
> @@ -620,23 +614,6 @@ sub time_convert_to_minutes {
> 	return ($hrs * 60) + $min;
> }
> 
> -sub p2pblock {
> -	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
> -	my @protocols = ();
> -	foreach my $p2pentry (<FILE>) {
> -		my @p2pline = split(/\;/, $p2pentry);
> -		next unless ($p2pline[2] eq "off");
> -
> -		push(@protocols, "--$p2pline[1]");
> -	}
> -	close(FILE);
> -
> -	run("$IPTABLES -F P2PBLOCK");
> -	if (@protocols) {
> -		run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
> -	}
> -}
> -
> sub locationblock {
> 	# Flush iptables chain.
> 	run("$IPTABLES -F LOCATIONBLOCK");
> -- 
> 2.30.2
>