deprecated/e-smith-base
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-base on Thu 26 Oct 11:24:52 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-10-26 11:24:52 +01:00
parent bbc22988a8
commit 9510d1a360
678 changed files with 22721 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
root/etc/e-smith/templates/etc/diald.filter/20office Normal file
View File

@@ -0,0 +1,174 @@
{
my $policy = $DialupConnOffice;
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# Use \"$policy\" connect policy during office ";
$OUT .= "hours on weekdays\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "restrict 8:00:00 17:59:59 1-5 * *\n";
$OUT .= "\n";
if ($policy eq 'continuous')
{
$OUT .= "up\n";
}
elsif ($policy eq 'never')
{
$OUT .= "down\n";
}
else
{
#--------------------------------------------------
# "short" policy: HTTP transfers get 3 minutes,
# everything else gets 30 seconds.
#--------------------------------------------------
my $httpHold = 180;
my $otherHold = 30;
if ($policy eq 'medium')
{
#--------------------------------------------------
# "medium" policy: HTTP transfers get 10 minutes,
# everything else gets 5 minutes.
#--------------------------------------------------
$httpHold = 600;
$otherHold = 300;
}
elsif ($policy eq 'long')
{
#--------------------------------------------------
# "long" policy: HTTP transfers get 20 minutes,
# everything else gets 10 minutes.
#--------------------------------------------------
$httpHold = 1200;
$otherHold = 600;
}
#------------------------
# Rules for TCP packets.
#------------------------
# If we force the line up (for example to trigger fetchmail)
# but no packets are sent, specify how long to hold the line
# up:
$OUT .= "first-packet-timeout $otherHold\n";
# The first rule is designed to give the link 30 seconds up time
# when we are initiating a TCP connection. The idea here is to deal
# with possibility that the network on the opposite end of the
# connection is unreachable. In this case you don't really want to
# give the link 10 minutes up time. With the rule below we only give
# the link 30 seconds initially. If the network is reachable then
# we will normally get a response that actually contains some data
# within 30 seconds. If this causes problems because you have a
# slow response time at some site you want to regularly access, you
# can either increase the timeout or remove this rule.
$OUT .= "accept tcp 30 tcp.syn\n";
# If you are running named, then it will send data across the link
# periodically to synchronize against other domain name servers.
# Since this can happen at any time, it is undesirable to keep the
# link up for it. Therefore, we ignore any tcp traffic from or to a
# domain name server.
$OUT .= "ignore tcp tcp.dest=tcp.domain\n";
$OUT .= "ignore tcp tcp.source=tcp.domain\n";
# Normally the packet that starts a connection is longer that 40
# bytes, since it normally contains TCP options to specify the MSS.
# However, some TCP implementations don't include these options.
# Therefore, we must be careful not to ignore SYN packets that are
# only 40 bytes long.
$OUT .= "accept tcp 30 ip.tot_len=40,tcp.syn\n";
# Otherwise, we want to ignore any TCP packet that is only 40 bytes
# long, since it is not carrying any data. However, we don't want to
# ignore 40 byte packets that mark the closing of a connection,
# since we use those to cut short the timeout on connections that
# have died. Therefore we must test the tcp.live flag here. If it
# is not set we might want to see this packet later on in the rules.
$OUT .= "ignore tcp ip.tot_len=40,tcp.live\n";
# Make sure http transfers hold the link up, even after they end.
# This prevents web browsers from bouncing the connection too much.
$OUT .= "accept tcp $httpHold tcp.dest=tcp.www\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.www\n";
if ($SquidParent)
{
$OUT .= "accept tcp $httpHold tcp.dest=tcp.wwwproxy\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.wwwproxy\n";
}
# Once the link is no longer live, we try to shut down the
# connection quickly. Note that if the link is already down, the
# closing of the a connection (which will generate traffic) will not
# bring it back up.
$OUT .= "keepup tcp $otherHold !tcp.live\n";
$OUT .= "ignore tcp !tcp.live\n";
# Finally, if we don't match the TCP packet somewhere above, then we
# give the link 10 minutes up time. Most TCP packets match this
# rule. Note that as soon as the TCP connection is closed, the keepup
# rule above overwrites the timeout.
$OUT .= "accept tcp 600 any\n";
#-----------------------
# Rules for UDP packets
#-----------------------
# Don't bring the link up for rwho:
$OUT .= "ignore udp udp.dest=udp.who\n";
$OUT .= "ignore udp udp.source=udp.who\n";
# Don't bring the link up for routing packets:
$OUT .= "ignore udp udp.dest=udp.route\n";
$OUT .= "ignore udp udp.source=udp.route\n";
# Don't bring the link up for NTP or timed:
$OUT .= "ignore udp udp.dest=udp.ntp\n";
$OUT .= "ignore udp udp.source=udp.ntp\n";
$OUT .= "ignore udp udp.dest=udp.timed\n";
$OUT .= "ignore udp udp.source=udp.timed\n";
# Don't bring up on domain name requests between
# two running copies of named:
$OUT .= "ignore udp udp.dest=udp.domain,udp.source=udp.domain\n";
# Bring up the network for domain requests:
$OUT .= "accept udp 30 udp.dest=udp.domain \n";
$OUT .= "accept udp 30 udp.source=udp.domain\n";
# Bring up the network for netbios requests,
# except between netbios servers:
$OUT .=
"ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.source=udp.netbios-ns\n";
# Any other UDP packets:
$OUT .= "accept udp $otherHold any\n";
# Catch any packets that we didn't catch above:
$OUT .= "accept any $otherHold any\n";
}
}