Merge branch 'master' into perl_5.12.2

config/outgoingfw/outgoingfw.pl

@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2007-2011  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,6 +25,7 @@ use strict;
 #use warnings;
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
 
 my %outfwsettings = ();
 my %checked = ();
@@ -218,7 +219,13 @@ foreach $configentry (sort @configs)
 
 				$CMD = "$CMD -o $netsettings{'RED_DEV'}";
 
-				if ($configline[9] eq "aktiv") {
+				if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) {
+					if ($DEBUG) {
+						print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '\n";
+					} else {
+						system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '");
+					}
+				} elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) {
 					if ($DEBUG) {
 						print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '\n";
 					} else {

config/rootfiles/core/45/filelists/files

@@ -6,3 +6,6 @@ srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/sbin/updxlrator
+var/ipfire/outgoing/bin/outgoingfw.pl
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
+usr/local/bin/vpn-watch

config/rootfiles/core/45/update.sh

@@ -28,6 +28,8 @@
 #Stop services
 echo Stopping Proxy
 /etc/init.d/squid stop 2>/dev/null
+echo Stopping vpn-watch
+killall vpn-watch
 
 #
 #Extract files
@@ -37,6 +39,10 @@ extract_files
 #Start services
 echo Starting Proxy
 /etc/init.d/squid start 2>/dev/null
+echo Rewriting Outgoing FW Rules
+/var/ipfire/outgoing/bin/outgoingfw.pl
+echo Starting vpn-watch
+/usr/local/bin/vpn-watch &
 
 #
 #Update Language cache

html/cgi-bin/index.cgi

@@ -407,7 +407,7 @@ if ($used / $mem > 90) {
 # Diskspace usage warning
 my @temp=();
 my $temp2=();
-my @df = `/bin/df -B M -x rootfs`;
+my @df = `/bin/df -B M -P -x rootfs`;
 foreach my $line (@df) {
 	next if $line =~ m/^Filesystem/;
 	if ($line =~ m/root/ ) {

html/cgi-bin/logs.cgi/firewalllog.dat

@@ -333,7 +333,7 @@ foreach $_ (@log)
         my $comment = $3; 
         my $packet = $4;
 
-        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 eq "27" ){ $iface="";}
+        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 eq "27" || $1 eq "20"){ $iface="";}
         $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
         $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
         $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;

html/cgi-bin/media.cgi

@@ -70,7 +70,7 @@ if ( $querry[0] =~ "sd?" || $querry[0] =~ "hd?" || $querry[0] =~ "xvd??"){
 	
 	&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
 	print "<table width='95%' cellspacing='5'>\n";
-	open(DF,'/bin/df -B M -x rootfs|');
+	open(DF,'/bin/df -P -B M -x rootfs|');
 	while(<DF>){
 		if ($_ =~ m/^Filesystem/ ){
 			print <<END
@@ -108,7 +108,7 @@ END
 	close DF;
 	print "<tr><td colspan='7'>&nbsp;\n<tr><td colspan='7'><h3>Inodes</h3>\n";
 
-	open(DF,'/bin/df -i -x rootfs|');
+	open(DF,'/bin/df -P -i -x rootfs|');
 	while(<DF>){
 		if ($_ =~ m/^Filesystem/ ){
 			print <<END

src/scripts/vpn-watch

@@ -1,6 +1,6 @@
 #!/usr/bin/perl 
 ##################################################
-#####     VPN-Watch.pl     Version 0.5       #####
+#####     VPN-Watch.pl     Version 0.6       #####
 ##################################################
 #                                                #
 #   VPN-Watch is part of the IPFire Firewall     #
@@ -32,7 +32,7 @@ while ( $i == 0){
   $round++;
 
    # Reset roundcounter after 10 min. To do established check.
-  if ($round > 9) { $round=0 }
+  if ($round > 9) { $round=0; }
 
   if (open(FILE, "<${General::swroot}/vpn/config")) {    @vpnsettings = <FILE>;
     close(FILE);
@@ -55,17 +55,22 @@ foreach (@vpnsettings){
   my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip);
   if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}}
   my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`;
-  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; 
+  my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`;
   
-  if ( $ipmatch eq '' ){
+  if ( $round == 0 && $ipmatch eq '' && $status ne ''){
     logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again
   }
-  if ( ($round = 0) && ($established eq '')) {
+
+  if ($debug){logger("Round=".$round." and established=".$established);}
+
+  if ( ($round == 0) && ($established eq '')) {
     logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec.");
     system("/usr/local/bin/ipsecctrl S $settings[0]");
+    $round=0;
     last; #all connections will reloaded
           #remove this if ipsecctrl can restart single con again