This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core84 has been updated discards 402c0097ec47b82437296507bc2c5118b8cf9401 (commit)
This update discarded existing revisions and left the branch pointing at a previous point in the repository history.
* -- * -- N (e43b21264f8b0c28a9b03f8f65d46e47572df719) \ O -- O -- O (402c0097ec47b82437296507bc2c5118b8cf9401)
The removed revisions are not necessarilly gone - if another reference still refers to them they will stay in the repository.
No new revisions were added by this update.
Summary of changes: config/firewall/rules.pl | 16 +++++++++++++--- src/initscripts/init.d/firewall | 5 ----- 2 files changed, 13 insertions(+), 8 deletions(-)
Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 58cc439..4d70382 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -554,19 +554,29 @@ sub time_convert_to_minutes { }
sub p2pblock { + my $search_action; + my $target; + + if ($fwdfwsettings{"POLICY"} eq "MODE1") { + $search_action = "on"; + $target = "ACCEPT"; + } else { + $search_action = "off"; + $target = "DROP"; + } + open(FILE, "<$p2pfile") or die "Unable to read $p2pfile"; my @protocols = (); foreach my $p2pentry (<FILE>) { my @p2pline = split(/;/, $p2pentry); - next unless ($p2pline[2] eq "off"; + next unless ($p2pline[2] eq $search_action);
push(@protocols, "--$p2pline[1]"); } close(FILE);
if (@protocols) { - run("$IPTABLES -F P2PBLOCK"); - run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP"); + run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target"); } }
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 9620c80..66ca432 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -84,11 +84,6 @@ iptables_init() { iptables -A INPUT -p tcp -j BADTCP iptables -A FORWARD -p tcp -j BADTCP
- # P2P Block (must before connection tracking) - iptables -N P2PBLOCK - iptables -A INPUT -p tcp -j P2PBLOCK - iptables -A FORWARD -p tcp -j P2PBLOCK - # Connection tracking chain iptables -N CONNTRACK iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
hooks/post-receive -- IPFire 2.x development tree