diff options
-rwxr-xr-x | bin/drakguard | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/bin/drakguard b/bin/drakguard index 8bb581b..1c3ed8c 100755 --- a/bin/drakguard +++ b/bin/drakguard @@ -17,6 +17,7 @@ use services; my $dansguardian_main_file = "/etc/dansguardian/dansguardian.conf"; my $dansguardian_filter_file = "/etc/dansguardian/dansguardianf1.conf"; +my $time_control_file = "/etc/shorewall/time_control"; my %dansguardian_levels = ( 160 => N_("Low"), 100 => N_("Normal"), @@ -249,6 +250,26 @@ sub load() { $level ||= { reverse %dansguardian_levels }->{High}; $enable = services::starts_on_boot('dansguardian'); + $time_control = cat_($::prefix . "/etc/shorewall/start") =~ /^INCLUDE $time_control_file$/m; + my @time_control_settings = grep { /\bnet2fw\b/ } cat_($::prefix . $time_control_file); + my ($drop_start, $drop_stop); + if (my ($drop_start_h, $drop_start_m) = top(@time_control_settings) =~ /\B--timestart\s(\d+):(\d+)\b/) { + $drop_start = $drop_start_h*60 + $drop_start_m - 1; + } + if (my ($drop_stop_h, $drop_stop_m) = first(@time_control_settings) =~ /\B--timestop\s(\d+):(\d+)\b/) { + $drop_stop = $drop_stop_h*60 + $drop_stop_m + 1; + } + if (defined($drop_start) && defined($drop_stop)) { + my $day_time = 24*60; + $drop_start = ($drop_start + $day_time) % $day_time; + $drop_stop = ($drop_stop + $day_time) % $day_time; + + $time_start_h = int($drop_stop/60); + $time_start_m = $drop_stop%60; + $time_stop_h = int($drop_start/60); + $time_stop_m = $drop_start%60; + } + $time_start_h //= 18; $time_start_m //= 0; $time_stop_h //= 21; @@ -258,6 +279,31 @@ sub load() { sub save() { my $_wait = $in->wait_message(N("Please wait"), N("Please wait")); + network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file"); + if ($enable && $time_control) { + my $day_time = 24*60; + #- start/stop dropping the minute after/before traffic is allowed + #- and make sure times are positive and in the 00:00 <-> 23:59 interval + my $drop_start = ($time_stop_h*60 + $time_stop_m + 1 + $day_time) % $day_time; + my $drop_stop = ($time_start_h*60 + $time_start_m - 1 + $day_time) % $day_time; + output_p($::prefix . $time_control_file, + join('', map { + my $chain = $_; + map { + sprintf("iptables -I $chain -j DROP -m time --timestart %02d:%02d --timestop %02d:%02d\n", + int($_->[0]/60), $_->[0]%60, + int($_->[1]/60), $_->[1]%60, + ); + } ($drop_stop >= $drop_start ? [ $drop_start, $drop_stop] : ([ 0, $drop_stop ], [ $drop_start, $day_time-1 ])); + #- if allowing start time is before allowing stop time, + #- we have to use two intervals to cover the completary parts of the day + } qw(net2fw fw2net)), + ); + #- allowing from 00:00 to 23:59 is a special case that does not need rules + $time_control = 0 if $drop_stop == $day_time - 1 && $drop_start == 0; + } + network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file"); + if ($enable) { $in->do_pkgs->ensure_are_installed([ qw(shorewall squid dansguardian) ]) or quit_gui(1); |