[PATCH 1/4] firewall: Drop support for blocking P2P protocols.

List overview All Threads
Download

newer

older

[PATCH] xtables-addons: Drop...

[PATCH] iana-etc: Update to...

Stefan Schantl

14 Feb 2022 14 Feb '22

7:03 p.m.

The main P2P (peer-to-peer) aera has passed for several year now, so this kind of feature is realy out-dated.

The feature only supports a handfull of P2P protocols (mostly unencrypted) for applications, which have been superseeded by various other applications and protocols.

So, this fairly is not longer required and safely can be dropped.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/firewall/rules.pl | 23 ----------------------- 1 file changed, 23 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 9d280045a..fea6874a4 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -70,12 +70,9 @@ my %locationsettings = ( "LOCATIONBLOCK_ENABLED" => "off" );

-my @p2ps=(); - my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; my $configoutgoing = "${General::swroot}/firewall/outgoing"; -my $p2pfile = "${General::swroot}/firewall/p2protocols"; my $locationfile = "${General::swroot}/firewall/locationblock"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings"; @@ -125,9 +122,6 @@ sub main { &buildrules(%configfwdfw); }

- # Load P2P block rules. - &p2pblock(); - # Load Location block rules. &locationblock();

@@ -620,23 +614,6 @@ sub time_convert_to_minutes { return ($hrs * 60) + $min; }

-sub p2pblock { - open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; - my @protocols = (); - foreach my $p2pentry (<FILE>) { - my @p2pline = split(/;/, $p2pentry); - next unless ($p2pline[2] eq "off"); - - push(@protocols, "--$p2pline[1]"); - } - close(FILE); - - run("$IPTABLES -F P2PBLOCK"); - if (@protocols) { - run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP"); - } -} - sub locationblock { # Flush iptables chain. run("$IPTABLES -F LOCATIONBLOCK");

-- 2.30.2

Show replies by date

Stefan Schantl

14 Feb 14 Feb

7:03 p.m.

New subject: [PATCH 2/4] configroot: Drop config file for p2protocols.

The support for creating P2P based rules has been removed from the firewall. So this file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/firewall/p2protocols | 9 --------- config/rootfiles/common/configroot | 1 - lfs/configroot | 1 - 3 files changed, 11 deletions(-) delete mode 100644 config/firewall/p2protocols

diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols deleted file mode 100644 index d8998095c..000000000 --- a/config/firewall/p2protocols +++ /dev/null @@ -1,9 +0,0 @@ -Applejuice;apple;on; -Ares;ares;on; -Bittorrent;bit;on; -DirectConnect;dc;on; -Edonkey;edk;on; -Gnutella;gnu;on; -KaZaA;kazaa;on; -SoulSeek;soul;on; -WinMX;winmx;on; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 904c718c3..fef5ffbcf 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -63,7 +63,6 @@ var/ipfire/firewall #var/ipfire/firewall/input #var/ipfire/firewall/locationblock #var/ipfire/firewall/outgoing -#var/ipfire/firewall/p2protocols #var/ipfire/firewall/settings var/ipfire/fwhosts #var/ipfire/fwhosts/customgroups diff --git a/lfs/configroot b/lfs/configroot index 9f3188aab..b836767c1 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -105,7 +105,6 @@ $(TARGET) : cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw - cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices

-- 2.30.2

Peter Müller

9:11 p.m.

New subject: [PATCH 2/4] configroot: Drop config file for p2protocols.

Reviewed-by: Peter Müller peter.mueller@ipfire.org

...

The support for creating P2P based rules has been removed from the firewall. So this file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/firewall/p2protocols | 9 --------- config/rootfiles/common/configroot | 1 - lfs/configroot | 1 - 3 files changed, 11 deletions(-) delete mode 100644 config/firewall/p2protocols

diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols deleted file mode 100644 index d8998095c..000000000 --- a/config/firewall/p2protocols +++ /dev/null @@ -1,9 +0,0 @@ -Applejuice;apple;on; -Ares;ares;on; -Bittorrent;bit;on; -DirectConnect;dc;on; -Edonkey;edk;on; -Gnutella;gnu;on; -KaZaA;kazaa;on; -SoulSeek;soul;on; -WinMX;winmx;on; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 904c718c3..fef5ffbcf 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -63,7 +63,6 @@ var/ipfire/firewall #var/ipfire/firewall/input #var/ipfire/firewall/locationblock #var/ipfire/firewall/outgoing -#var/ipfire/firewall/p2protocols #var/ipfire/firewall/settings var/ipfire/fwhosts #var/ipfire/fwhosts/customgroups diff --git a/lfs/configroot b/lfs/configroot index 9f3188aab..b836767c1 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -105,7 +105,6 @@ $(TARGET) : cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw

cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices

Michael Tremer

15 Feb 15 Feb

12:33 p.m.

New subject: [PATCH 2/4] configroot: Drop config file for p2protocols.

Acked-by: Michael Tremer michael.tremer@ipfire.org

...

On 14 Feb 2022, at 21:11, Peter Müller peter.mueller@ipfire.org wrote:

Reviewed-by: Peter Müller peter.mueller@ipfire.org

...
The support for creating P2P based rules has been removed from the firewall. So this file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/firewall/p2protocols | 9 --------- config/rootfiles/common/configroot | 1 - lfs/configroot | 1 - 3 files changed, 11 deletions(-) delete mode 100644 config/firewall/p2protocols

diff --git a/config/firewall/p2protocols b/config/firewall/p2protocols deleted file mode 100644 index d8998095c..000000000 --- a/config/firewall/p2protocols +++ /dev/null @@ -1,9 +0,0 @@ -Applejuice;apple;on; -Ares;ares;on; -Bittorrent;bit;on; -DirectConnect;dc;on; -Edonkey;edk;on; -Gnutella;gnu;on; -KaZaA;kazaa;on; -SoulSeek;soul;on; -WinMX;winmx;on; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 904c718c3..fef5ffbcf 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -63,7 +63,6 @@ var/ipfire/firewall #var/ipfire/firewall/input #var/ipfire/firewall/locationblock #var/ipfire/firewall/outgoing -#var/ipfire/firewall/p2protocols #var/ipfire/firewall/settings var/ipfire/fwhosts #var/ipfire/fwhosts/customgroups diff --git a/lfs/configroot b/lfs/configroot index 9f3188aab..b836767c1 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -105,7 +105,6 @@ $(TARGET) : cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw

cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices

Stefan Schantl

14 Feb 14 Feb

7:03 p.m.

New subject: [PATCH 3/4] p2p-block.cgi: Drop CGI.

The support for creating P2P based rules has been removed from the firewall. So this CGI file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/rootfiles/common/web-user-interface | 1 - html/cgi-bin/p2p-block.cgi | 154 --------------------- 2 files changed, 155 deletions(-) delete mode 100644 html/cgi-bin/p2p-block.cgi

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index a908053b1..a5973f9e4 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/p2p-block.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi deleted file mode 100644 index d14725504..000000000 --- a/html/cgi-bin/p2p-block.cgi +++ /dev/null @@ -1,154 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2013 # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# Author: Alexander Marx (Amarx@ipfire.org) # -############################################################################### - -use strict; -no warnings 'uninitialized'; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my $errormessage = ''; -my $notice; -my $p2pfile = "${General::swroot}/firewall/p2protocols"; - -my @p2ps = (); -my %fwdfwsettings = (); -my %color = (); -my %mainsettings = (); - -&General::readhash("${General::swroot}/main/settings", %mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color); - -&Header::showhttpheaders(); -&Header::getcgihash(%fwdfwsettings); - -if ($fwdfwsettings{'ACTION'} eq 'togglep2p') { - open( FILE, "<$p2pfile") or die "Unable to read $p2pfile"; - @p2ps = <FILE>; - close FILE; - open( FILE, ">$p2pfile") or die "Unable to write $p2pfile"; - foreach my $p2pentry (sort @p2ps) { - my @p2pline = split( /;/, $p2pentry); - if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) { - if ($p2pline[2] eq 'on') { - $p2pline[2] = 'off'; - } else { - $p2pline[2] = 'on'; - } - } - print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; - } - close FILE; - - &General::firewall_config_changed(); - - $notice = $Lang::tr{'p2p block save notice'}; -} - -&Header::openpage($Lang::tr{'p2p block'}, 1, ''); -&Header::openbigbox('100%', 'center', $errormessage); - -if ($notice) { - &Header::openbox('100%', 'left', $Lang::tr{'notice'}); - print "<font class='base'>$notice</font>"; - &Header::closebox(); -} - -my $gif; - -open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; -@p2ps = <FILE>; -close FILE; - -&Header::openbox('100%', 'center',); -print <<END; - <table width='35%' class='tbl'> - <tr> - <th align='center' colspan='2' bgcolor='$color{'color22'}' > - <b>$Lang::tr{'protocol'}</b> - </th> - <th align='center' bgcolor='$color{'color22'}' > - <b>$Lang::tr{'status'}</b> - </th> - </tr> -END -my $lines=0; -my $col=""; -foreach my $p2pentry (sort @p2ps) { - my @p2pline = split( /;/, $p2pentry); - if ($p2pline[2] eq 'on') { - $gif = "/images/on.gif" - } else { - $gif = "/images/off.gif" - } - if ($lines % 2) { - print "<tr>"; - $col="bgcolor='$color{'color20'}'"; } - else { - print "<tr>"; - $col="bgcolor='$color{'color22'}'"; } - print <<END; - <td align='center' colspan='2' $col> - $p2pline[0]: - </td> - <td align='center' $col> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='P2PROT' value='$p2pline[1]'> - <input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'> - <input type='hidden' name='ACTION' value='togglep2p'> - </form> - </td> - </tr> -END -$lines++; -} - -print <<END; -</table><table> - <tr> - <td> - <img src='/images/on.gif'> - </td> - <td> - $Lang::tr{'outgoing firewall p2p allow'} - </td> - </tr> - <tr> - <td> - <img src='/images/off.gif'> - </td> - <td> - $Lang::tr{'outgoing firewall p2p deny'} - </td> - </tr> - </table> -END - -&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage();

-- 2.30.2

Peter Müller

9:12 p.m.

New subject: [PATCH 3/4] p2p-block.cgi: Drop CGI.

Reviewed-by: Peter Müller peter.mueller@ipfire.org

...

The support for creating P2P based rules has been removed from the firewall. So this CGI file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/rootfiles/common/web-user-interface | 1 - html/cgi-bin/p2p-block.cgi | 154 --------------------- 2 files changed, 155 deletions(-) delete mode 100644 html/cgi-bin/p2p-block.cgi

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index a908053b1..a5973f9e4 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/p2p-block.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi deleted file mode 100644 index d14725504..000000000 --- a/html/cgi-bin/p2p-block.cgi +++ /dev/null @@ -1,154 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2013 # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# Author: Alexander Marx (Amarx@ipfire.org) # -###############################################################################

-use strict; -no warnings 'uninitialized'; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser';

-require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl";

-my $errormessage = ''; -my $notice; -my $p2pfile = "${General::swroot}/firewall/p2protocols";

-my @p2ps = (); -my %fwdfwsettings = (); -my %color = (); -my %mainsettings = ();

-&General::readhash("${General::swroot}/main/settings", %mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color);

-&Header::showhttpheaders(); -&Header::getcgihash(%fwdfwsettings);

-if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";

@p2ps = <FILE>;

close FILE;

open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";

foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /\;/, $p2pentry);
if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
	if ($p2pline[2] eq 'on') {
		$p2pline[2] = 'off';
	} else {
		$p2pline[2] = 'on';
	}
}
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}

close FILE;

&General::firewall_config_changed();

$notice = $Lang::tr{'p2p block save notice'};
-}

-&Header::openpage($Lang::tr{'p2p block'}, 1, ''); -&Header::openbigbox('100%', 'center', $errormessage);

-if ($notice) {

&Header::openbox('100%', 'left', $Lang::tr{'notice'});

print "<font class='base'>$notice</font>";

&Header::closebox();

-}

-my $gif;

-open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; -@p2ps = <FILE>; -close FILE;

-&Header::openbox('100%', 'center',); -print <<END;
<table width='35%' class='tbl'>
<tr>
	<th align='center' colspan='2' bgcolor='$color{'color22'}' >
		<b>$Lang::tr{'protocol'}</b>
	</th>
	<th align='center' bgcolor='$color{'color22'}' >
		<b>$Lang::tr{'status'}</b>
	</th>
</tr>
-END -my $lines=0; -my $col=""; -foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /;/, $p2pentry);

if ($p2pline[2] eq 'on') {
$gif = "/images/on.gif"
} else {
$gif = "/images/off.gif"
}

if ($lines % 2) {
           print "<tr>";
           $col="bgcolor='$color{'color20'}'"; }
   else {
           print "<tr>";
           $col="bgcolor='$color{'color22'}'"; }
print <<END;
	<td align='center' colspan='2' $col>
		$p2pline[0]:
	</td>
	<td align='center' $col>
		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
			<input type='hidden' name='P2PROT' value='$p2pline[1]'>
			<input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
			<input type='hidden' name='ACTION' value='togglep2p'>
		</form>
	</td>
</tr>
-END -$lines++; -}

-print <<END; -</table><table>
<tr>
	<td>
		<img src='/images/on.gif'>
	</td>
	<td>
		$Lang::tr{'outgoing firewall p2p allow'}
	</td>
</tr>
<tr>
	<td>
		<img src='/images/off.gif'>
	</td>
	<td>
		$Lang::tr{'outgoing firewall p2p deny'}
	</td>
</tr>
</table>
-END

-&Header::closebox();

-&Header::closebigbox(); -&Header::closepage();

Michael Tremer

15 Feb 15 Feb

12:33 p.m.

New subject: [PATCH 3/4] p2p-block.cgi: Drop CGI.

Acked-by: Michael Tremer michael.tremer@ipfire.org

...

On 14 Feb 2022, at 19:03, Stefan Schantl stefan.schantl@ipfire.org wrote:

The support for creating P2P based rules has been removed from the firewall. So this CGI file is not longer needed.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/rootfiles/common/web-user-interface | 1 - html/cgi-bin/p2p-block.cgi | 154 --------------------- 2 files changed, 155 deletions(-) delete mode 100644 html/cgi-bin/p2p-block.cgi

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index a908053b1..a5973f9e4 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -62,7 +62,6 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/p2p-block.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/p2p-block.cgi b/html/cgi-bin/p2p-block.cgi deleted file mode 100644 index d14725504..000000000 --- a/html/cgi-bin/p2p-block.cgi +++ /dev/null @@ -1,154 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2013 # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# Author: Alexander Marx (Amarx@ipfire.org) # -###############################################################################

-use strict; -no warnings 'uninitialized'; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser';

-require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl";

-my $errormessage = ''; -my $notice; -my $p2pfile = "${General::swroot}/firewall/p2protocols";

-my @p2ps = (); -my %fwdfwsettings = (); -my %color = (); -my %mainsettings = ();

-&General::readhash("${General::swroot}/main/settings", %mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color);

-&Header::showhttpheaders(); -&Header::getcgihash(%fwdfwsettings);

-if ($fwdfwsettings{'ACTION'} eq 'togglep2p') {
open( FILE, "<$p2pfile") or die "Unable to read $p2pfile";

@p2ps = <FILE>;

close FILE;

open( FILE, ">$p2pfile") or die "Unable to write $p2pfile";

foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /\;/, $p2pentry);
if ($p2pline[1] eq $fwdfwsettings{'P2PROT'}) {
	if ($p2pline[2] eq 'on') {
		$p2pline[2] = 'off';
	} else {
		$p2pline[2] = 'on';
	}
}
print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n";
}

close FILE;

&General::firewall_config_changed();

$notice = $Lang::tr{'p2p block save notice'};
-}

-&Header::openpage($Lang::tr{'p2p block'}, 1, ''); -&Header::openbigbox('100%', 'center', $errormessage);

-if ($notice) {

&Header::openbox('100%', 'left', $Lang::tr{'notice'});

print "<font class='base'>$notice</font>";

&Header::closebox();

-}

-my $gif;

-open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; -@p2ps = <FILE>; -close FILE;

-&Header::openbox('100%', 'center',); -print <<END;
<table width='35%' class='tbl'>
<tr>
	<th align='center' colspan='2' bgcolor='$color{'color22'}' >
		<b>$Lang::tr{'protocol'}</b>
	</th>
	<th align='center' bgcolor='$color{'color22'}' >
		<b>$Lang::tr{'status'}</b>
	</th>
</tr>
-END -my $lines=0; -my $col=""; -foreach my $p2pentry (sort @p2ps) {
my @p2pline = split( /;/, $p2pentry);

if ($p2pline[2] eq 'on') {
$gif = "/images/on.gif"
} else {
$gif = "/images/off.gif"
}

if ($lines % 2) {
           print "<tr>";
           $col="bgcolor='$color{'color20'}'"; }
   else {
           print "<tr>";
           $col="bgcolor='$color{'color22'}'"; }
print <<END;
	<td align='center' colspan='2' $col>
		$p2pline[0]:
	</td>
	<td align='center' $col>
		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
			<input type='hidden' name='P2PROT' value='$p2pline[1]'>
			<input type='image' img src='$gif' alt='$Lang::tr{'click to disable'}' title='$Lang::tr{'fwdfw toggle'}' style='padding-top: 0px; padding-left: 0px; padding-bottom: 0px ;padding-right: 0px ;display: block;'>
			<input type='hidden' name='ACTION' value='togglep2p'>
		</form>
	</td>
</tr>
-END -$lines++; -}

-print <<END; -</table><table>
<tr>
	<td>
		<img src='/images/on.gif'>
	</td>
	<td>
		$Lang::tr{'outgoing firewall p2p allow'}
	</td>
</tr>
<tr>
	<td>
		<img src='/images/off.gif'>
	</td>
	<td>
		$Lang::tr{'outgoing firewall p2p deny'}
	</td>
</tr>
</table>
-END

-&Header::closebox();

-&Header::closebigbox();

-&Header::closepage();

2.30.2

Stefan Schantl

14 Feb 14 Feb

7:03 p.m.

New subject: [PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/menu/50-firewall.menu | 6 ------ 1 file changed, 6 deletions(-)

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index 6ae9687dc..aa67d9007 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -21,12 +21,6 @@ 'title' => "$Lang::tr{'intrusion detection system'}", 'enabled' => 1, }; - $subfirewall->{'50.p2p'} = { - 'caption' => $Lang::tr{'p2p block'}, - 'uri' => '/cgi-bin/p2p-block.cgi', - 'title' => "P2P-Block", - 'enabled' => 1, - }; $subfirewall->{'60.locationblock'} = { 'caption' => $Lang::tr{'locationblock'}, 'uri' => '/cgi-bin/location-block.cgi',

-- 2.30.2

Peter Müller

9:12 p.m.

New subject: [PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

Reviewed-by: Peter Müller peter.mueller@ipfire.org

...

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/menu/50-firewall.menu | 6 ------ 1 file changed, 6 deletions(-)

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index 6ae9687dc..aa67d9007 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -21,12 +21,6 @@ 'title' => "$Lang::tr{'intrusion detection system'}", 'enabled' => 1, };
$subfirewall->{'50.p2p'} = {
		'caption' => $Lang::tr{'p2p block'},
		'uri' => '/cgi-bin/p2p-block.cgi',
		'title' => "P2P-Block",
		'enabled' => 1,
		};
$subfirewall->{'60.locationblock'} = { 'caption' => $Lang::tr{'locationblock'}, 'uri' => '/cgi-bin/location-block.cgi',

Michael Tremer

15 Feb 15 Feb

12:32 p.m.

New subject: [PATCH 4/4] firewall.menu: Drop entry for P2P-Block.

Acked-by: Michael Tremer michael.tremer@ipfire.org

...

On 14 Feb 2022, at 19:03, Stefan Schantl stefan.schantl@ipfire.org wrote:

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/menu/50-firewall.menu | 6 ------ 1 file changed, 6 deletions(-)

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index 6ae9687dc..aa67d9007 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -21,12 +21,6 @@ 'title' => "$Lang::tr{'intrusion detection system'}", 'enabled' => 1, };
$subfirewall->{'50.p2p'} = {
		'caption' => $Lang::tr{'p2p block'},
		'uri' => '/cgi-bin/p2p-block.cgi',
		'title' => "P2P-Block",
		'enabled' => 1,
		};
$subfirewall->{'60.locationblock'} = { 'caption' => $Lang::tr{'locationblock'}, 'uri' => '/cgi-bin/location-block.cgi',
-- 2.30.2

Peter Müller

14 Feb 14 Feb

9:11 p.m.

Acked-by: Peter Müller peter.mueller@ipfire.org

...

The main P2P (peer-to-peer) aera has passed for several year now, so this kind of feature is realy out-dated.

The feature only supports a handfull of P2P protocols (mostly unencrypted) for applications, which have been superseeded by various other applications and protocols.

So, this fairly is not longer required and safely can be dropped.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/firewall/rules.pl | 23 ----------------------- 1 file changed, 23 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 9d280045a..fea6874a4 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -70,12 +70,9 @@ my %locationsettings = ( "LOCATIONBLOCK_ENABLED" => "off" );

-my @p2ps=();

my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; my $configoutgoing = "${General::swroot}/firewall/outgoing"; -my $p2pfile = "${General::swroot}/firewall/p2protocols"; my $locationfile = "${General::swroot}/firewall/locationblock"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings"; @@ -125,9 +122,6 @@ sub main { &buildrules(%configfwdfw); }

# Load P2P block rules.

&p2pblock();

# Load Location block rules. &locationblock();

@@ -620,23 +614,6 @@ sub time_convert_to_minutes { return ($hrs * 60) + $min; }

-sub p2pblock {
open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";

my @protocols = ();

foreach my $p2pentry (<FILE>) {
my @p2pline = split(/\;/, $p2pentry);
next unless ($p2pline[2] eq "off");
push(@protocols, "--$p2pline[1]");
}

close(FILE);

run("$IPTABLES -F P2PBLOCK");

if (@protocols) {
run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
}
-}

sub locationblock { # Flush iptables chain. run("$IPTABLES -F LOCATIONBLOCK");

Michael Tremer

15 Feb 15 Feb

12:33 p.m.

Thank you for this.

Acked-by: Michael Tremer michael.tremer@ipfire.org

...

On 14 Feb 2022, at 19:03, Stefan Schantl stefan.schantl@ipfire.org wrote:

The main P2P (peer-to-peer) aera has passed for several year now, so this kind of feature is realy out-dated.

The feature only supports a handfull of P2P protocols (mostly unencrypted) for applications, which have been superseeded by various other applications and protocols.

So, this fairly is not longer required and safely can be dropped.

Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org

config/firewall/rules.pl | 23 ----------------------- 1 file changed, 23 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 9d280045a..fea6874a4 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -70,12 +70,9 @@ my %locationsettings = ( "LOCATIONBLOCK_ENABLED" => "off" );

-my @p2ps=();

my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; my $configoutgoing = "${General::swroot}/firewall/outgoing"; -my $p2pfile = "${General::swroot}/firewall/p2protocols"; my $locationfile = "${General::swroot}/firewall/locationblock"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings"; @@ -125,9 +122,6 @@ sub main { &buildrules(%configfwdfw); }

# Load P2P block rules.

&p2pblock();

# Load Location block rules. &locationblock();

@@ -620,23 +614,6 @@ sub time_convert_to_minutes { return ($hrs * 60) + $min; }

-sub p2pblock {
open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";

my @protocols = ();

foreach my $p2pentry (<FILE>) {
my @p2pline = split(/\;/, $p2pentry);
next unless ($p2pline[2] eq "off");
push(@protocols, "--$p2pline[1]");
}

close(FILE);

run("$IPTABLES -F P2PBLOCK");

if (@protocols) {
run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
}
-}

sub locationblock { # Flush iptables chain. run("$IPTABLES -F LOCATIONBLOCK"); -- 2.30.2

1011

Age (days ago)

1012

Last active (days ago)

development@lists.ipfire.org

11 comments

3 participants

tags (0)

participants (3)

Michael Tremer
Peter Müller
Stefan Schantl