From 272d6755577914c18ab41d57fe10a01012e72d7d Mon Sep 17 00:00:00 2001
From: Olivier Blin <oblin@mandriva.com>
Date: Wed, 13 Aug 2008 14:01:18 +0000
Subject: load and save time control settings (using "time" iptables module)

---
 bin/drakguard | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

(limited to 'bin')

diff --git a/bin/drakguard b/bin/drakguard
index 8bb581b..1c3ed8c 100755
--- a/bin/drakguard
+++ b/bin/drakguard
@@ -17,6 +17,7 @@ use services;
 
 my $dansguardian_main_file = "/etc/dansguardian/dansguardian.conf";
 my $dansguardian_filter_file = "/etc/dansguardian/dansguardianf1.conf";
+my $time_control_file = "/etc/shorewall/time_control";
 my %dansguardian_levels = (
     160 => N_("Low"),
     100 => N_("Normal"),
@@ -249,6 +250,26 @@ sub load() {
     $level ||= { reverse %dansguardian_levels }->{High};
     $enable = services::starts_on_boot('dansguardian');
 
+    $time_control = cat_($::prefix . "/etc/shorewall/start") =~ /^INCLUDE $time_control_file$/m;
+    my @time_control_settings = grep { /\bnet2fw\b/ } cat_($::prefix . $time_control_file);
+    my ($drop_start, $drop_stop);
+    if (my ($drop_start_h, $drop_start_m) = top(@time_control_settings) =~ /\B--timestart\s(\d+):(\d+)\b/) {
+	$drop_start = $drop_start_h*60 + $drop_start_m - 1;
+    }
+    if (my ($drop_stop_h, $drop_stop_m) = first(@time_control_settings) =~ /\B--timestop\s(\d+):(\d+)\b/) {
+	$drop_stop = $drop_stop_h*60 + $drop_stop_m + 1;
+    }
+    if (defined($drop_start) && defined($drop_stop)) {
+	my $day_time = 24*60;
+	$drop_start = ($drop_start + $day_time) % $day_time;
+	$drop_stop = ($drop_stop + $day_time) % $day_time;
+
+	$time_start_h = int($drop_stop/60);
+	$time_start_m = $drop_stop%60;
+	$time_stop_h = int($drop_start/60);
+	$time_stop_m = $drop_start%60;
+    }
+
     $time_start_h //= 18;
     $time_start_m //= 0;
     $time_stop_h //= 21;
@@ -258,6 +279,31 @@ sub load() {
 sub save() {
     my $_wait = $in->wait_message(N("Please wait"), N("Please wait"));
 
+    network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file");
+    if ($enable && $time_control) {
+	my $day_time = 24*60;
+	#- start/stop dropping the minute after/before traffic is allowed
+	#- and make sure times are positive and in the 00:00 <-> 23:59 interval
+	my $drop_start = ($time_stop_h*60 + $time_stop_m + 1 + $day_time) % $day_time;
+	my $drop_stop = ($time_start_h*60 + $time_start_m - 1 + $day_time) % $day_time;
+	output_p($::prefix . $time_control_file,
+		 join('', map {
+		     my $chain = $_;
+		     map {
+			 sprintf("iptables -I $chain -j DROP -m time --timestart %02d:%02d --timestop %02d:%02d\n",
+				 int($_->[0]/60), $_->[0]%60,
+				 int($_->[1]/60), $_->[1]%60,
+			     );
+		     } ($drop_stop >= $drop_start ? [ $drop_start, $drop_stop] : ([ 0, $drop_stop ], [ $drop_start, $day_time-1 ]));
+		     #- if allowing start time is before allowing stop time,
+		     #- we have to use two intervals to cover the completary parts of the day
+		 } qw(net2fw fw2net)),
+	    );
+	#- allowing from 00:00 to 23:59 is a special case that does not need rules
+	$time_control = 0 if $drop_stop == $day_time - 1 && $drop_start == 0;
+    }
+    network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file");
+
     if ($enable) {
         $in->do_pkgs->ensure_are_installed([ qw(shorewall squid dansguardian) ])
           or quit_gui(1);
-- 
cgit v1.2.1