diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 6709ee603..53462db48 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2005-2010 IPFire Team # +# Copyright (C) 2007-2011 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,6 +25,7 @@ use strict; #use warnings; require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; my %outfwsettings = (); my %checked = (); @@ -218,7 +219,13 @@ foreach $configentry (sort @configs) $CMD = "$CMD -o $netsettings{'RED_DEV'}"; - if ($configline[9] eq "aktiv") { + if ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE1' ) { + if ($DEBUG) { + print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '\n"; + } else { + system("$CMD -m limit --limit 10/minute -j LOG --log-prefix 'LOG_OUTGOINGFW '"); + } + } elsif ( $configline[9] eq $Lang::tr{'aktiv'} && $outfwsettings{'POLICY'} eq 'MODE2' ) { if ($DEBUG) { print "$CMD -m limit --limit 10/minute -j LOG --log-prefix 'DROP_OUTGOINGFW '\n"; } else { diff --git a/config/rootfiles/core/45/filelists/files b/config/rootfiles/core/45/filelists/files index f6d15ca78..ae685d538 100644 --- a/config/rootfiles/core/45/filelists/files +++ b/config/rootfiles/core/45/filelists/files @@ -6,3 +6,6 @@ srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/sbin/updxlrator +var/ipfire/outgoing/bin/outgoingfw.pl +srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat +usr/local/bin/vpn-watch diff --git a/config/rootfiles/core/45/update.sh b/config/rootfiles/core/45/update.sh index 1197905cd..d22779172 100644 --- a/config/rootfiles/core/45/update.sh +++ b/config/rootfiles/core/45/update.sh @@ -28,6 +28,8 @@ #Stop services echo Stopping Proxy /etc/init.d/squid stop 2>/dev/null +echo Stopping vpn-watch +killall vpn-watch # #Extract files @@ -37,6 +39,10 @@ extract_files #Start services echo Starting Proxy /etc/init.d/squid start 2>/dev/null +echo Rewriting Outgoing FW Rules +/var/ipfire/outgoing/bin/outgoingfw.pl +echo Starting vpn-watch +/usr/local/bin/vpn-watch & # #Update Language cache diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 8e623c96a..0dcadb0b2 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -407,7 +407,7 @@ if ($used / $mem > 90) { # Diskspace usage warning my @temp=(); my $temp2=(); -my @df = `/bin/df -B M -x rootfs`; +my @df = `/bin/df -B M -P -x rootfs`; foreach my $line (@df) { next if $line =~ m/^Filesystem/; if ($line =~ m/root/ ) { diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 5979a7679..2c4fb14f0 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -333,7 +333,7 @@ foreach $_ (@log) my $comment = $3; my $packet = $4; - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 eq "27" ){ $iface="";} + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 eq "27" || $1 eq "20"){ $iface="";} $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1; $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1; diff --git a/html/cgi-bin/media.cgi b/html/cgi-bin/media.cgi index 6a89ca867..9456c3c22 100644 --- a/html/cgi-bin/media.cgi +++ b/html/cgi-bin/media.cgi @@ -70,7 +70,7 @@ if ( $querry[0] =~ "sd?" || $querry[0] =~ "hd?" || $querry[0] =~ "xvd??"){ &Header::openbox('100%', 'center', $Lang::tr{'disk usage'}); print "\n"; - open(DF,'/bin/df -B M -x rootfs|'); + open(DF,'/bin/df -P -B M -x rootfs|'); while(){ if ($_ =~ m/^Filesystem/ ){ print <
 \n

Inodes

\n"; - open(DF,'/bin/df -i -x rootfs|'); + open(DF,'/bin/df -P -i -x rootfs|'); while(){ if ($_ =~ m/^Filesystem/ ){ print < 9) { $round=0 } + if ($round > 9) { $round=0; } if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = ; close(FILE); @@ -55,17 +55,22 @@ foreach (@vpnsettings){ my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; - my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; + my $established= `echo "$status" | grep '$settings[2]' | grep 'erouted;'`; - if ( $ipmatch eq '' ){ + if ( $round == 0 && $ipmatch eq '' && $status ne ''){ logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); system("/usr/local/bin/ipsecctrl S $settings[0]"); + $round=0; last; #all connections will reloaded #remove this if ipsecctrl can restart single con again } - if ( ($round = 0) && ($established eq '')) { + + if ($debug){logger("Round=".$round." and established=".$established);} + + if ( ($round == 0) && ($established eq '')) { logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); system("/usr/local/bin/ipsecctrl S $settings[0]"); + $round=0; last; #all connections will reloaded #remove this if ipsecctrl can restart single con again