From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/4] firewall: Drop support for blocking P2P protocols. Date: Tue, 15 Feb 2022 12:33:53 +0000 Message-ID: <9B58BA4B-4694-4250-B5C9-83EB7A91D8E3@ipfire.org> In-Reply-To: <20220214190307.4086-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6232639565618221279==" List-Id: --===============6232639565618221279== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you for this. Acked-by: Michael Tremer > On 14 Feb 2022, at 19:03, Stefan Schantl wrot= e: >=20 > The main P2P (peer-to-peer) aera has passed for several year now, so > this kind of feature is realy out-dated. >=20 > The feature only supports a handfull of P2P protocols (mostly unencrypted) > for applications, which have been superseeded by various other > applications and protocols. >=20 > So, this fairly is not longer required and safely can be dropped. >=20 > Signed-off-by: Stefan Schantl > --- > config/firewall/rules.pl | 23 ----------------------- > 1 file changed, 23 deletions(-) >=20 > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 9d280045a..fea6874a4 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -70,12 +70,9 @@ my %locationsettings =3D ( > "LOCATIONBLOCK_ENABLED" =3D> "off" > ); >=20 > -my @p2ps=3D(); > - > my $configfwdfw =3D "${General::swroot}/firewall/config"; > my $configinput =3D "${General::swroot}/firewall/input"; > my $configoutgoing =3D "${General::swroot}/firewall/outgoing"; > -my $p2pfile =3D "${General::swroot}/firewall/p2protocols"; > my $locationfile =3D "${General::swroot}/firewall/locationblock"; > my $configgrp =3D "${General::swroot}/fwhosts/customgroups"; > my $netsettings =3D "${General::swroot}/ethernet/settings"; > @@ -125,9 +122,6 @@ sub main { > &buildrules(\%configfwdfw); > } >=20 > - # Load P2P block rules. > - &p2pblock(); > - > # Load Location block rules. > &locationblock(); >=20 > @@ -620,23 +614,6 @@ sub time_convert_to_minutes { > return ($hrs * 60) + $min; > } >=20 > -sub p2pblock { > - open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; > - my @protocols =3D (); > - foreach my $p2pentry () { > - my @p2pline =3D split(/\;/, $p2pentry); > - next unless ($p2pline[2] eq "off"); > - > - push(@protocols, "--$p2pline[1]"); > - } > - close(FILE); > - > - run("$IPTABLES -F P2PBLOCK"); > - if (@protocols) { > - run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP"); > - } > -} > - > sub locationblock { > # Flush iptables chain. > run("$IPTABLES -F LOCATIONBLOCK"); > --=20 > 2.30.2 >=20 --===============6232639565618221279==--