Hello Stefan, after the ipset patch series, I agree with this one. If I got it right, the DROP_HOSTILE functionality as introduced in https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=97154d057bdbc7fa34309e9a5ad389775eff210d will to have adjusted to using ipset as well. I will work on a patch for this. As long as both the ipset series and the latter are merged, everything is fine to me, hence: Reviewed-by: Peter Müller Also, it is good to see especially xt_geoip go due to security reasons... :-) Thanks, and best regards, Peter Müller > None of the provided modules are in use, so this package > safely can be dropped. > > Signed-off-by: Stefan Schantl > --- > config/rootfiles/common/xtables-addons | 44 --------- > lfs/xtables-addons | 118 ------------------------- > make.sh | 2 - > 3 files changed, 164 deletions(-) > delete mode 100644 config/rootfiles/common/xtables-addons > delete mode 100644 lfs/xtables-addons > > diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons > deleted file mode 100644 > index 51b0d208d..000000000 > --- a/config/rootfiles/common/xtables-addons > +++ /dev/null > @@ -1,44 +0,0 @@ > -lib/xtables/libxt_ACCOUNT.so > -lib/xtables/libxt_CHAOS.so > -lib/xtables/libxt_DELUDE.so > -lib/xtables/libxt_DHCPMAC.so > -lib/xtables/libxt_DNETMAP.so > -lib/xtables/libxt_ECHO.so > -lib/xtables/libxt_IPMARK.so > -lib/xtables/libxt_LOGMARK.so > -lib/xtables/libxt_PROTO.so > -lib/xtables/libxt_SYSRQ.so > -lib/xtables/libxt_TARPIT.so > -lib/xtables/libxt_condition.so > -lib/xtables/libxt_dhcpmac.so > -lib/xtables/libxt_fuzzy.so > -lib/xtables/libxt_geoip.so > -lib/xtables/libxt_gradm.so > -lib/xtables/libxt_iface.so > -lib/xtables/libxt_ipp2p.so > -lib/xtables/libxt_ipv4options.so > -lib/xtables/libxt_length2.so > -lib/xtables/libxt_lscan.so > -lib/xtables/libxt_pknock.so > -lib/xtables/libxt_psd.so > -lib/xtables/libxt_quota2.so > -usr/bin/xt_geoip_query > -#usr/lib/libxt_ACCOUNT_cl.la > -#usr/lib/libxt_ACCOUNT_cl.so > -usr/lib/libxt_ACCOUNT_cl.so.0 > -usr/lib/libxt_ACCOUNT_cl.so.0.0.0 > -#usr/libexec/xtables-addons > -#usr/libexec/xtables-addons/xt_geoip_build > -#usr/libexec/xtables-addons/xt_geoip_build_maxmind > -#usr/libexec/xtables-addons/xt_geoip_dl > -#usr/libexec/xtables-addons/xt_geoip_dl_maxmind > -usr/sbin/iptaccount > -usr/sbin/pknlusr > -#usr/share/man/man1/xt_geoip_build.1 > -#usr/share/man/man1/xt_geoip_build_maxmind.1 > -#usr/share/man/man1/xt_geoip_dl.1 > -#usr/share/man/man1/xt_geoip_dl_maxmind.1 > -#usr/share/man/man1/xt_geoip_query.1 > -#usr/share/man/man8/iptaccount.8 > -#usr/share/man/man8/pknlusr.8 > -#usr/share/man/man8/xtables-addons.8 > diff --git a/lfs/xtables-addons b/lfs/xtables-addons > deleted file mode 100644 > index fdea1ffcd..000000000 > --- a/lfs/xtables-addons > +++ /dev/null > @@ -1,118 +0,0 @@ > -############################################################################### > -# # > -# IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2021 IPFire Team # > -# # > -# This program is free software: you can redistribute it and/or modify # > -# it under the terms of the GNU General Public License as published by # > -# the Free Software Foundation, either version 3 of the License, or # > -# (at your option) any later version. # > -# # > -# This program is distributed in the hope that it will be useful, # > -# but WITHOUT ANY WARRANTY; without even the implied warranty of # > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # > -# GNU General Public License for more details. # > -# # > -# You should have received a copy of the GNU General Public License # > -# along with this program. If not, see . # > -# # > -############################################################################### > - > -############################################################################### > -# Definitions > -############################################################################### > - > -include Config > - > -VERSUFIX = ipfire$(KCFG) > -MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/ > - > -VER = 3.18 > - > -THISAPP = xtables-addons-$(VER) > -DL_FILE = $(THISAPP).tar.xz > -DL_FROM = $(URL_IPFIRE) > -DIR_APP = $(DIR_SRC)/$(THISAPP) > - > -ifeq "$(USPACE)" "1" > - TARGET = $(DIR_INFO)/$(THISAPP) > -else > - TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX) > -endif > - > -############################################################################### > -# Top-level Rules > -############################################################################### > - > -objects = $(DL_FILE) > - > -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) > - > -$(DL_FILE)_MD5 = 755471b1dc6808f274f914fa11552698 > - > -install : $(TARGET) > - > -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) > - > -download :$(patsubst %,$(DIR_DL)/%,$(objects)) > - > -md5 : $(subst %,%_MD5,$(objects)) > - > -dist: > - $(PAK) > - > -############################################################################### > -# Downloading, checking, md5sum > -############################################################################### > - > -$(patsubst %,$(DIR_CHK)/%,$(objects)) : > - @$(CHECK) > - > -$(patsubst %,$(DIR_DL)/%,$(objects)) : > - @$(LOAD) > - > -$(subst %,%_MD5,$(objects)) : > - @$(MD5) > - > -############################################################################### > -# Installation Details > -############################################################################### > - > -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > - @$(PREBUILD) > - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) > - > - # Only build the specified modules. > -# cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \ > -# $(DIR_APP)/mconfig > - > -# Check if we build the modules for a kernel or the userspace parts. > -ifeq "$(USPACE)" "1" > - cd $(DIR_APP) && ./configure \ > - --prefix=/usr \ > - --without-kbuild > - > - cd $(DIR_APP) && make $(MAKETUNING) > - cd $(DIR_APP) && make install > -else > - cd $(DIR_APP) && ./configure \ > - --with-kbuild=/lib/modules/$$(uname -r)$(KCFG)/build > - cd $(DIR_APP) && make $(MAKETUNING) > - > - # Install the built kernel modules. > - mkdir -p $(MODPATH) > - cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \ > - /lib/modules/$$(uname -r)$(KCFG)/build/scripts/sign-file sha512 \ > - /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.pem \ > - /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.x509 \ > - $$f; \ > - xz $$f; \ > - install -m 644 $$f.xz $(MODPATH); \ > - done > -endif > - > - # Create directory for the databases. > - mkdir -pv /usr/share/xt_geoip/ > - > - @rm -rf $(DIR_APP) > - @$(POSTBUILD) > diff --git a/make.sh b/make.sh > index 79798834a..7fee7ad40 100755 > --- a/make.sh > +++ b/make.sh > @@ -1184,10 +1184,8 @@ buildipfire() { > lfsmake2 rtl8812au KCFG="" > lfsmake2 rtl8822bu KCFG="" > lfsmake2 xradio KCFG="" > - lfsmake2 xtables-addons KCFG="" > lfsmake2 linux-initrd KCFG="" > > - lfsmake2 xtables-addons USPACE="1" > lfsmake2 libgpg-error > lfsmake2 libgcrypt > lfsmake2 libassuan