summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xbin/drakguard46
1 files changed, 46 insertions, 0 deletions
diff --git a/bin/drakguard b/bin/drakguard
index 8bb581b..1c3ed8c 100755
--- a/bin/drakguard
+++ b/bin/drakguard
@@ -17,6 +17,7 @@ use services;
my $dansguardian_main_file = "/etc/dansguardian/dansguardian.conf";
my $dansguardian_filter_file = "/etc/dansguardian/dansguardianf1.conf";
+my $time_control_file = "/etc/shorewall/time_control";
my %dansguardian_levels = (
160 => N_("Low"),
100 => N_("Normal"),
@@ -249,6 +250,26 @@ sub load() {
$level ||= { reverse %dansguardian_levels }->{High};
$enable = services::starts_on_boot('dansguardian');
+ $time_control = cat_($::prefix . "/etc/shorewall/start") =~ /^INCLUDE $time_control_file$/m;
+ my @time_control_settings = grep { /\bnet2fw\b/ } cat_($::prefix . $time_control_file);
+ my ($drop_start, $drop_stop);
+ if (my ($drop_start_h, $drop_start_m) = top(@time_control_settings) =~ /\B--timestart\s(\d+):(\d+)\b/) {
+ $drop_start = $drop_start_h*60 + $drop_start_m - 1;
+ }
+ if (my ($drop_stop_h, $drop_stop_m) = first(@time_control_settings) =~ /\B--timestop\s(\d+):(\d+)\b/) {
+ $drop_stop = $drop_stop_h*60 + $drop_stop_m + 1;
+ }
+ if (defined($drop_start) && defined($drop_stop)) {
+ my $day_time = 24*60;
+ $drop_start = ($drop_start + $day_time) % $day_time;
+ $drop_stop = ($drop_stop + $day_time) % $day_time;
+
+ $time_start_h = int($drop_stop/60);
+ $time_start_m = $drop_stop%60;
+ $time_stop_h = int($drop_start/60);
+ $time_stop_m = $drop_start%60;
+ }
+
$time_start_h //= 18;
$time_start_m //= 0;
$time_stop_h //= 21;
@@ -258,6 +279,31 @@ sub load() {
sub save() {
my $_wait = $in->wait_message(N("Please wait"), N("Please wait"));
+ network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file");
+ if ($enable && $time_control) {
+ my $day_time = 24*60;
+ #- start/stop dropping the minute after/before traffic is allowed
+ #- and make sure times are positive and in the 00:00 <-> 23:59 interval
+ my $drop_start = ($time_stop_h*60 + $time_stop_m + 1 + $day_time) % $day_time;
+ my $drop_stop = ($time_start_h*60 + $time_start_m - 1 + $day_time) % $day_time;
+ output_p($::prefix . $time_control_file,
+ join('', map {
+ my $chain = $_;
+ map {
+ sprintf("iptables -I $chain -j DROP -m time --timestart %02d:%02d --timestop %02d:%02d\n",
+ int($_->[0]/60), $_->[0]%60,
+ int($_->[1]/60), $_->[1]%60,
+ );
+ } ($drop_stop >= $drop_start ? [ $drop_start, $drop_stop] : ([ 0, $drop_stop ], [ $drop_start, $day_time-1 ]));
+ #- if allowing start time is before allowing stop time,
+ #- we have to use two intervals to cover the completary parts of the day
+ } qw(net2fw fw2net)),
+ );
+ #- allowing from 00:00 to 23:59 is a special case that does not need rules
+ $time_control = 0 if $drop_stop == $day_time - 1 && $drop_start == 0;
+ }
+ network::shorewall::set_in_file('start', $enable && $time_control, "INCLUDE $time_control_file");
+
if ($enable) {
$in->do_pkgs->ensure_are_installed([ qw(shorewall squid dansguardian) ])
or quit_gui(1);