From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] (V3) Forcing DNS/NTP Date: Fri, 05 Mar 2021 20:40:17 +0100 Message-ID: <20210305194017.7114-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9106529732345613177==" List-Id: --===============9106529732345613177== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Originally triggered by: https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-fi= rewall/3512 Current discussion: https://community.ipfire.org/t/testing-dns-redirect-code-snippet/3888 Summary and functionality: These patches are controlled through "Firewall Options". They add new firewall-[DNS/NTP]_FORCED_ON_[INTERFACE]-options to '/var/ipfire/optionsfw/= settings'. They activate/deactivate appropriate REDIRECT rules through a new ctrl file ('/usr/local/bin/dnsntpctrl') and a new init file ('/etc/rc.d/init.d/dnsntp= '). Default of all new rules is OFF (set in 'lfs/configroot'). If set to ON, they REDIRECT all DNS and NTP requests (TCP/UDP) to the DNS a= nd NTP servers specified in IPFire. GUI links to DNS and NTP options were added to= make this more transparent. Flaw/ToDo: To make things work as I wanted I had to add a 'dnsntpctrl' file which call= s the actual init file, 'dnsntp'. This is actually an unnecessary detour. In fact I wanted to merge these two files in *one* C file, but this was bey= ond my capabilities, perhaps "someone" else knows how to program this. Changed visibility (GUI, 'optionsfw.cgi') and some cosmetics: The corresponding interface options - including 'Masquerade ...' - are only= visible if the respective interface actually exists. If BLUE interface doesn't exist, there are no ON/OFF switches for 'DNS/NTP = on BLUE' or logging options for BLUE available (e.g.). Added text colors for better readability and links to DNS and NTP GUI. Separated logging options per interface. No reboot required: Rules can be switched ON/OFF without rebooting IPFire. Changes immedediatly take effect after clicking 'Save'. Changes to '/etc/rc.d/init.d/firewall': To avoid collisions with possibly existing CUSTOM rules, I added a new PRER= OUTING chain: DNS_NTP_REDIRECT. This chain is flushed by the init file before before the desired settings a= re applied. Corrected a 'trafic' typo. Signed-off-by: Matthias Fischer --- config/rootfiles/common/aarch64/initscripts | 1 + config/rootfiles/common/armv5tel/initscripts | 1 + config/rootfiles/common/i586/initscripts | 1 + config/rootfiles/common/misc-progs | 1 + config/rootfiles/common/x86_64/initscripts | 1 + html/cgi-bin/optionsfw.cgi | 92 ++++++++++++++++---- langs/de/cgi-bin/de.pl | 15 +++- langs/en/cgi-bin/en.pl | 15 +++- lfs/configroot | 4 + src/initscripts/system/dnsntp | 36 ++++++++ src/initscripts/system/firewall | 9 +- src/misc-progs/Makefile | 2 +- src/misc-progs/dnsntpctrl.c | 19 ++++ 13 files changed, 168 insertions(+), 29 deletions(-) create mode 100644 src/initscripts/system/dnsntp create mode 100644 src/misc-progs/dnsntpctrl.c diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/c= ommon/aarch64/initscripts index 800005966..f38a3a294 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -20,6 +20,7 @@ etc/rc.d/init.d/conntrackd etc/rc.d/init.d/console etc/rc.d/init.d/dhcp etc/rc.d/init.d/dhcrelay +etc/rc.d/init.d/dnsntp etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/= common/armv5tel/initscripts index 800005966..f38a3a294 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -20,6 +20,7 @@ etc/rc.d/init.d/conntrackd etc/rc.d/init.d/console etc/rc.d/init.d/dhcp etc/rc.d/init.d/dhcrelay +etc/rc.d/init.d/dnsntp etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/comm= on/i586/initscripts index 18c5a897a..a3a2b47f7 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -20,6 +20,7 @@ etc/rc.d/init.d/conntrackd etc/rc.d/init.d/console etc/rc.d/init.d/dhcp etc/rc.d/init.d/dhcrelay +etc/rc.d/init.d/dnsntp etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/mis= c-progs index d6594b3f8..4bcb94812 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -5,6 +5,7 @@ usr/local/bin/captivectrl usr/local/bin/collectdctrl usr/local/bin/ddnsctrl usr/local/bin/dhcpctrl +usr/local/bin/dnsntpctrl usr/local/bin/extrahdctrl usr/local/bin/fireinfoctrl usr/local/bin/firewallctrl diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/co= mmon/x86_64/initscripts index 18c5a897a..a3a2b47f7 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -20,6 +20,7 @@ etc/rc.d/init.d/conntrackd etc/rc.d/init.d/console etc/rc.d/init.d/dhcp etc/rc.d/init.d/dhcrelay +etc/rc.d/init.d/dnsntp etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 321642e82..3fc707e8b 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -2,7 +2,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2014-2020 IPFire Team = # +# Copyright (C) 2014-2021 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -50,6 +50,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { $errormessage .=3D $Lang::tr{'new optionsfw later'}; &General::writehash($filename, \%settings); # Save good settin= gs system("/usr/local/bin/firewallctrl"); + system("/usr/local/bin/dnsntpctrl >/dev/null 2>&1"); }else{ if ($settings{'POLICY'} ne ''){ $fwdfwsettings{'POLICY'} =3D $settings{'POLICY'}; @@ -65,6 +66,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsetting= s); &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings= ); system("/usr/local/bin/firewallctrl"); + system("/usr/local/bin/dnsntpctrl >/dev/null 2>&1"); } &General::readhash($filename, \%settings); # Load good settings } @@ -140,6 +142,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORA= NGE'}} =3D 'selected=3D"sele $selected{'MASQUERADE_BLUE'}{'off'} =3D ''; $selected{'MASQUERADE_BLUE'}{'on'} =3D ''; $selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} =3D 'selected=3D"= selected"'; +$checked{'DNS_FORCE_ON_GREEN'}{'off'} =3D ''; +$checked{'DNS_FORCE_ON_GREEN'}{'on'} =3D ''; +$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} =3D "checked= =3D'checked'"; +$checked{'DNS_FORCE_ON_BLUE'}{'off'} =3D ''; +$checked{'DNS_FORCE_ON_BLUE'}{'on'} =3D ''; +$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} =3D "checked= =3D'checked'"; +$checked{'NTP_FORCE_ON_GREEN'}{'off'} =3D ''; +$checked{'NTP_FORCE_ON_GREEN'}{'on'} =3D ''; +$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} =3D "checked= =3D'checked'"; +$checked{'NTP_FORCE_ON_BLUE'}{'off'} =3D ''; +$checked{'NTP_FORCE_ON_BLUE'}{'on'} =3D ''; +$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} =3D "checked= =3D'checked'"; =20 &Header::openbox('100%', 'center',); print "
"; @@ -189,13 +203,44 @@ END END } =20 - print < + +   + $Lang::tr{'fw green'} + + $Lang::tr{'dns force on green'}<= td align=3D'left'>$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on green'}<= td align=3D'left'>$Lang::tr{'on'} / + $Lang::tr{'off'} +END + + if (&Header::blue_used()) { + print < + $Lan= g::tr{'fw blue'} +   + + $Lang::tr{'dns force on blue'}<= td align=3D'left'>$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on blue'}<= td align=3D'left'>$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop proxy'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop samba'}$Lang::tr{'on'} / + $Lang::tr{'off'} + + +END + } + + print < =20 -
+
=20 - - +
$Lang:= :tr{'fw logging'}
+ -$Lang::tr{'on'} / +END + + if (&Header::blue_used()) { + print < + +
+ +
$Lang:= :tr{'fw logging red'}
$Lang::tr{'drop newnotsyn'}$Lang::tr{'on'} / $Lang::tr{'off'}
$Lang::tr{'drop input'}$Lang::tr{'on'} / @@ -206,21 +251,30 @@ END $Lang::tr{'off'}
$Lang::tr{'drop portscan'}$Lang::tr{'on'} / $Lang::tr{'off'}
$Lang::tr{'drop wirelessinput'}
+ + + = -<= td align=3D'left'>$Lang::tr{'on'} / + -
$Lang:= :tr{'fw logging blue'}
$Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / $Lang::tr{'off'}
$Lang::tr{'drop wirelessforward'}
$Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / $Lang::tr{'off'}
-
+ +END + } + + print < + +
=20 - - - - -
$Lang:= :tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / - $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / - $Lang::tr{'off'}
-
END print "
$Lang:= :tr{'fw settings'}
$Lang::tr{'fw settings color'}$Lang::tr{'on'} / @@ -252,7 +306,7 @@ END =20
-
+
@@ -278,7 +332,7 @@ print <
"; - print"

"; + print"

"; print < diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6a8133807..d6bb234fa 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -836,6 +836,8 @@ 'dns error 0' =3D> 'Die IP Adresse vom prim=C3=A4ren DNS Se= rver ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!
Die eingegebene sekund=C3=A4ren DNS Server Adresse ist jedo= ch g=C3=BCltig.
', 'dns error 01' =3D> 'Die eingegebene IP Adresse des prim=C3=A4ren wie auch des sekund=C3=A4ren DNS-Servers sind nicht g= =C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingaben!', 'dns error 1' =3D> 'Die IP Adresse vom sekund=C3=A4ren DNS = Server ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!Die eingegebene prim=C3=A4re DNS Server Adresse ist jedoc= h g=C3=BCltig.', +'dns force on blue' =3D> 'Erzwinge lokale DNS= -Server auf BLAU', +'dns force on green' =3D> 'Erzwinge lokale DN= S-Server auf GR=C3=9CN', 'dns forward disable dnssec' =3D> 'DNSSEC deaktivieren (nicht empfohlen)', 'dns forwarding dnssec disabled notice' =3D> '(DNSSEC deaktiviert)', 'dns header' =3D> 'DNS Server Adressen zuweisen nur mit DHCP an red0', @@ -1102,9 +1104,12 @@ 'from email server' =3D> 'Von E-Mail-Server', 'from email user' =3D> 'Von E-Mail-Benutzer', 'from warn email bad' =3D> 'Von E-Mail-Adresse ist nicht g=C3=BCltig', -'fw blue' =3D> 'Firewalloptionen f=C3=BCr das Blaue Interface', +'fw blue' =3D> 'Firewalloptionen f=C3=BCr das BLAU= E Interface', 'fw default drop' =3D> 'Firewallrichtlinie', +'fw green' =3D> 'Firewalloptionen f=C3=BCr das GR= =C3=9CNE Interface', 'fw logging' =3D> 'Firewallprotokollierung', +'fw logging blue' =3D> 'Firewallprotokollierung (B= LAU)', +'fw logging red' =3D> 'Firewallprotokollierung (RO= T)', 'fw settings' =3D> 'Firewalleinstellungen', 'fw settings color' =3D> 'Farben in Regeltabelle anzeigen', 'fw settings dropdown' =3D> 'Alle Netzwerke auf Regelerstellungsseite anzeig= en', @@ -1644,9 +1649,9 @@ 'map to guest' =3D> 'Map to Guest', 'march' =3D> 'M=C3=A4rz', 'marked' =3D> 'Markiert', -'masquerade blue' =3D> 'NAT auf BLAU', -'masquerade green' =3D> 'NAT auf GR=C3=9CN', -'masquerade orange' =3D> 'NAT auf ORANGE', +'masquerade blue' =3D> 'NAT auf BLAU= ', +'masquerade green' =3D> 'NAT auf GR=C3=9CN', +'masquerade orange' =3D> 'NAT auf ORANGE', 'masquerading' =3D> 'Masquerading/NAT', 'masquerading disabled' =3D> 'NAT ausgeschaltet', 'masquerading enabled' =3D> 'NAT eingeschaltet', @@ -1814,6 +1819,8 @@ 'november' =3D> 'November', 'ntp common settings' =3D> 'Allgemeine Einstellungen', 'ntp configuration' =3D> 'Zeitserverkonfiguration', +'ntp force on blue' =3D> 'Erzwinge lokale NT= P-Server auf BLAU', +'ntp force on green' =3D> 'Erzwinge lokale N= TP-Server auf GR=C3=9CN', 'ntp must be enabled to have clients' =3D> 'Um Clients annehmen zu k=C3=B6nn= en, muss NTP vorher aktiviert sein.', 'ntp server' =3D> 'NTP-Server', 'ntp sync' =3D> 'Synchronisation', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8f7e0c2cf..474612025 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,6 +859,8 @@ 'dns error 0' =3D> 'The IP address of the primary DNS serve= r is not valid, please check your entries!
The entered secondary= DNS server address is valid.', 'dns error 01' =3D> 'The entered IP address of the primary = and secondary DNS server are not valid, please check your en= tries!', 'dns error 1' =3D> 'The IP address of the secondary DNS ser= ver is not valid, please check your entries!
The entered primary= DNS server address is valid.', +'dns force on blue' =3D> 'Force DNS to use lo= cal DNS servers on BLUE', +'dns force on green' =3D> 'Force DNS to use l= ocal DNS servers on GREEN', 'dns forward disable dnssec' =3D> 'Disable DNSSEC (dangerous)', 'dns forwarding dnssec disabled notice' =3D> '(DNSSEC disabled)', 'dns header' =3D> 'Assign DNS server addresses only for DHCP on red0', @@ -1128,9 +1130,12 @@ 'from email server' =3D> 'From Email server', 'from email user' =3D> 'From e-mail user', 'from warn email bad' =3D> 'From e-mail address is not valid', -'fw blue' =3D> 'Firewall options for BLUE interface', +'fw blue' =3D> 'Firewall options for BLUE I= nterface', 'fw default drop' =3D> 'Firewall policy', +'fw green' =3D> 'Firewall options for GREEN= Interface', 'fw logging' =3D> 'Firewall logging', +'fw logging blue' =3D> 'Firewall logging (BLUE)', +'fw logging red' =3D> 'Firewall logging (RED)', 'fw settings' =3D> 'Firewall settings', 'fw settings color' =3D> 'Show colors in ruletable', 'fw settings dropdown' =3D> 'Show all networks on rulecreation site', @@ -1672,9 +1677,9 @@ 'map to guest' =3D> 'Map to Guest', 'march' =3D> 'March', 'marked' =3D> 'Marked', -'masquerade blue' =3D> 'Masquerade BLUE', -'masquerade green' =3D> 'Masquerade GREEN', -'masquerade orange' =3D> 'Masquerade ORANGE', +'masquerade blue' =3D> 'Masquerade BLUE<= /b>', +'masquerade green' =3D> 'Masquerade GREEN', +'masquerade orange' =3D> 'Masquerade ORANGE', 'masquerading' =3D> 'Masquerading', 'masquerading disabled' =3D> 'Masquerading disabled', 'masquerading enabled' =3D> 'Masquerading enabled', @@ -1844,6 +1849,8 @@ 'november' =3D> 'November', 'ntp common settings' =3D> 'Common settings', 'ntp configuration' =3D> 'NTP Configuration', +'ntp force on blue' =3D> 'Force NTP to use l= ocal NTP servers on BLUE', +'ntp force on green' =3D> 'Force NTP to use = local NTP servers on GREEN', 'ntp must be enabled to have clients' =3D> 'NTP must be enabled to have clie= nts.', 'ntp server' =3D> 'NTP Server', 'ntp sync' =3D> 'Synchronization', diff --git a/lfs/configroot b/lfs/configroot index a3e474d70..622793b35 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -129,6 +129,10 @@ $(TARGET) : echo "SHOWDROPDOWN=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSINPUT=3Don" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSFORWARD=3Don" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DNS_FORCE_ON_GREEN=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DNS_FORCE_ON_BLUE=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings + echo "NTP_FORCE_ON_GREEN=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings + echo "NTP_FORCE_ON_BLUE=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings echo "POLICY=3DMODE2" >> $(CONFIG_ROOT)/firewall/settings echo "POLICY1=3DMODE2" >> $(CONFIG_ROOT)/firewall/settings echo "USE_ISP_NAMESERVERS=3Don" >> $(CONFIG_ROOT)/dns/settings diff --git a/src/initscripts/system/dnsntp b/src/initscripts/system/dnsntp new file mode 100644 index 000000000..2eafa9d20 --- /dev/null +++ b/src/initscripts/system/dnsntp @@ -0,0 +1,36 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/dnsntp +# +# Description : dnsntp init script for DNS/NTP rules only +# +######################################################################## + +# flush chain +iptables -t nat -F DNS_NTP_REDIRECT + +eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings) + +# Force DNS REDIRECTs on GREEN (udp, tcp, 53) +if [ "$DNS_FORCE_ON_GREEN" =3D=3D "on" ]; then + iptables -t nat -A DNS_NTP_REDIRECT -i green0 -p udp -m udp --dport 53 -j R= EDIRECT + iptables -t nat -A DNS_NTP_REDIRECT -i green0 -p tcp -m tcp --dport 53 -j R= EDIRECT +fi + +# Force DNS REDIRECTs on BLUE (udp, tcp, 53) +if [ "$DNS_FORCE_ON_BLUE" =3D=3D "on" ]; then + iptables -t nat -A DNS_NTP_REDIRECT -i blue0 -p udp -m udp --dport 53 -j RE= DIRECT + iptables -t nat -A DNS_NTP_REDIRECT -i blue0 -p tcp -m tcp --dport 53 -j RE= DIRECT +fi + +# Force NTP REDIRECTs on GREEN (udp, 123) +if [ "$NTP_FORCE_ON_GREEN" =3D=3D "on" ]; then + iptables -t nat -A DNS_NTP_REDIRECT -i green0 -p udp -m udp --dport 123 -j = REDIRECT +fi + +# Force DNS REDIRECTs on BLUE (udp, 123) +if [ "$NTP_FORCE_ON_BLUE" =3D=3D "on" ]; then + iptables -t nat -A DNS_NTP_REDIRECT -i blue0 -p udp -m udp --dport 123 -j R= EDIRECT +fi + +# End $rc_base/init.d/dnsntp diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 65f1c979b..43ae74113 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -169,6 +169,10 @@ iptables_init() { # Fix for braindead ISPs iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to= -pmtu =20 + # DNS / NTP REDIRECT + iptables -t nat -N DNS_NTP_REDIRECT + iptables -t nat -A PREROUTING -j DNS_NTP_REDIRECT + # CUSTOM chains, can be used by the users themselves iptables -N CUSTOMINPUT iptables -A INPUT -j CUSTOMINPUT @@ -281,7 +285,7 @@ iptables_init() { iptables -A INPUT -j LOCATIONBLOCK iptables -A FORWARD -j LOCATIONBLOCK =20 - # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept every= thing + # traffic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept ever= ything iptables -N IPSECINPUT iptables -N IPSECFORWARD iptables -N IPSECOUTPUT @@ -389,6 +393,9 @@ iptables_init() { # run captivectrl /usr/local/bin/captivectrl =20 + # run dnsntpctrl + /usr/local/bin/dnsntpctrl + # POLICY CHAIN iptables -N POLICYIN iptables -A INPUT -j POLICYIN diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 7c3ef7529..6f2733ef0 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -26,7 +26,7 @@ PROGS =3D iowrap SUID_PROGS =3D squidctrl sshctrl ipfirereboot \ ipsecctrl timectrl dhcpctrl suricatactrl \ rebuildhosts backupctrl collectdctrl \ - logwatch wioscan wiohelper openvpnctrl firewallctrl \ + logwatch wioscan wiohelper openvpnctrl firewallctrl dnsntpctrl \ wirelessctrl getipstat qosctrl \ redctrl syslogdctrl extrahdctrl sambactrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ diff --git a/src/misc-progs/dnsntpctrl.c b/src/misc-progs/dnsntpctrl.c new file mode 100644 index 000000000..f2a3b89e3 --- /dev/null +++ b/src/misc-progs/dnsntpctrl.c @@ -0,0 +1,19 @@ +/* This file is part of the IPFire Firewall. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + */ + +#include +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/etc/rc.d/init.d/dnsntp >/dev/null 2>&1"); + + return 0; +} --=20 2.18.0 --===============9106529732345613177==--