From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] RPZ: update code to include WEBGUI and additional languages
Date: Sun, 02 Mar 2025 11:51:48 +0100
Message-ID: <664b8eb1-7607-4d7c-ad0d-1f1e370dce4c@ipfire.org>
In-Reply-To: <3BF29525-C9F4-4FD2-834D-FBE791E99E8C@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5809979014392693809=="
List-Id: <development.lists.ipfire.org>

--===============5809979014392693809==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Jon,

On 01/03/2025 23:22, jon wrote:
> No thank you. =C2=A0I pass.

Okay.

You should definitely look at putting together an entry for the Roadmap as ou=
tlined by Michael. There is a template page you can use to put together an in=
itial entry which can then be used for further discussions in the dev mailing=
 list.

Best regards,

Adolf.

>=20
> Jon
>=20
>> On Mar 1, 2025, at 4:18=E2=80=AFAM, Adolf Belka <adolf.belka(a)ipfire.org>=
 wrote:
>>
>> Hi Jon,
>>
>> Would you like to have this topic added to the agenda for the next Dev Con=
f Call scheduled for 10th March?
>>
>> The time of the conf call is 8:00 to 10:00pm Central European Time.
>>
>> Best regards,
>>
>> Adolf.
>>
>>
>> On 14/02/2025 13:07, Michael Tremer wrote:
>>> Hello Jon,
>>>
>>> It very much depends on the kind of contribution. A one-line patch obviou=
sly has fewer strings attached to it than a larger patch set like this.
>>>
>>> However, we have outlined the process in the wiki already, starting from =
here:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/devel/submit-patches
>>>
>>> This contains some useful pointers about the how (how do I actually make =
my changes happen, how do I build IPFire, etc), and at the bottom it contains=
 a lot of information about the format the changes should be submitted; split=
 into smaller chunks that are ideally as independent from each other so that =
they can be individually reviewed and merged. Usually a development process t=
akes long time and we have already shipped parts of code that we will need fo=
r certain features that are not ready yet. This is a good practice to let cod=
e mature, especially when it is touching rather critical bits like the firewa=
ll and networking stacks.
>>>
>>> There are also some guidelines on how to write a good commit message and =
how to use Git tags:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/devel/git/commit-messages
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/devel/git/tags
>>>
>>> Then there is something about how to get in touch with the right person a=
nd legal stuff:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/devel/contact
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/legal/ipca
>>>
>>> Finally, we have a bit of an underused roadmap section on the wiki. It wo=
uld be nice if we could use that a little bit more because then it would be e=
asier for everyone to keep track of progress on certain features; people coul=
d see what is being worked on and see if they can help development and testin=
g and so on:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/roadmap
>>>
>>> There is a template on how to create new pages:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/roadmap/template
>>>
>>> And this is a good example of what this could look like:
>>>
>>> =C2=A0=C2=A0https://www.ipfire.org/docs/roadmap/openvpn-26
>>>
>>> All of these steps are coming *after* there has been some initial discuss=
ion about what actually has a chance to become part of the distribution. For =
that, we do not have any specific guidelines because it is not very trivial t=
o write these things. There are just too many possibilities. In the past, the=
re has also been very little need for this, but that does not mean that there=
 have not been problems before.
>>>
>>> The reason why I am raising the bar this high here is simply that we have=
 made mistakes in the past that we don=E2=80=99t want to repeat. We have lear=
ned a couple of lessons in a not very pleasant way and I under no circumstanc=
es would want to do this again. The objective is that we want to provide an e=
xcellent distribution. Although IPFire of course has its shortcomings here an=
d there, it is a very stable distribution and we have a very good track recor=
d that I want to keep. This is what our users deserve.
>>>
>>> In the past, people have =E2=80=9Cdropped=E2=80=9D their patches on this =
list (or sometimes elsewhere) and we were left with dealing with the entire i=
ntegration only to find out later what problems there were hidden in the code=
. The original author(s) had no interest in fixing any of that because it wor=
ked just fine for them, and so why spend any time on the problems of somebody=
 else? Usually I am the fallback for this and I simply don=E2=80=99t want to =
be that. I have lots of my own projects inside IPFire that are moving at snai=
l speed because fixing existing code usually takes priority over writing new =
code.
>>>
>>> Therefore we need a commitment to sort out these problems in the first pl=
ace. It has to be proven that people actually *care* about the patches that t=
hey post here. I am not sure this needs writing down as this should be the sa=
me policy with almost any open source project. If you contribute a line, ther=
e is probably less maintenance required in the future, but if you contribute =
a large code base, then you will need to look after it for the foreseeable fu=
ture. It is your feature and not mine after all.
>>>
>>> Then, what actually has a chance to make it into the distribution? Probab=
ly not a lot. IPFire has a very clear use case. There will not be any space f=
or a desktop environment and running Chrome on it, we also don=E2=80=99t it t=
o make coffee and cook me a dinner. We would currently only accept things tha=
t were actually maintainable by the current team in case a contributor moves =
on (see above), because we simply only have so much man power. We already hav=
e a large zoo of features that are very abandoned and we are potentially look=
ing at getting rid of more things simply because we cannot support them prope=
rly. Time just doesn=E2=80=99t permit. Adding something large is therefore ve=
ry difficult at the moment.
>>>
>>> I understand that in this specific case you have been trying to not invol=
ve the development team and I understand your motivation. But you cannot forg=
et about how much time and effort a review process can take. Therefore we wan=
t to plan things well; we want to even split it; and we want to have a conver=
sation in advance so that the roadmap is clear and the actual code review ide=
ally only becomes a formality.
>>>
>>> All of this above has been for a general case. Please read through this a=
nd feel free to ask any questions if something isn=E2=80=99t clear.
>>>
>>> To move forward with this feature, we should start by planning a roadmap.=
 We need to discuss what this project should cover and what it should not cov=
er. I believe we don=E2=80=99t need to talk much about implementation details=
 because you have figured out a lot of them; we need to find what feature we =
want to provide to our users. Are you up for that?
>>>
>>> Best,
>>> -Michael
>>>
>>>> On 13 Feb 2025, at 21:34, jon <jon.murphy(a)ipfire.org> wrote:
>>>>
>>>> Michael,
>>>>
>>>> I=E2=80=99ve read through your comments a few times and I ended up with =
many more questions.
>>>>
>>>>
>>>>> What I rather mean is that it has never been added as a topic on the ag=
enda and it has not been pitched by yourself.
>>>>
>>>> To me the efforts to get new code accepted seem to have changed and it s=
eemed easier in the past. =C2=A0In the past I made the Core Team aware via th=
e Dev Mailing List and wrote a simple two or three paragraphs of "What is it?=
 / What is the value? / Here is the code"
>>>>
>>>>
>>>> So in an effort to move forward: =C2=A0How exactly is something presente=
d to the Core Team?
>>>>
>>>> Is there an example of a recent effort that was presented that I can see=
 as a sample? =C2=A0(This type of info can also be added to the Wiki)
>>>>
>>>> I understand you want it this way, but I don=E2=80=99t know what exactly=
 is needed. =C2=A0=C2=A0Please be specific.
>>>>
>>>>
>>>> Jon
>>>>
>>>> PS - I am not ignoring your other comments, I am just trying to move for=
ward and keep things simple.
>>>>
>>>>
>>>>
>>>>> On Feb 8, 2025, at 1:27=E2=80=AFPM, Michael Tremer <michael.tremer(a)ip=
fire.org> wrote:
>>>>>
>>>>> Hello Jon,
>>>>>
>>>>> Thanks for your reply. And good that you are copying everyone into this=
 conversation.
>>>>>
>>>>>> On 8 Feb 2025, at 18:41, jon <jon.murphy(a)ipfire.org> wrote:
>>>>>>
>>>>>> Michael,
>>>>>>
>>>>>>> I think I have covered this all at lengths before that this project h=
as been started as a separate effort
>>>>>> Yes, this has been a separate effort (a very public separate effort). =
=C2=A0Yes, as you pointed this out early on with the "proof-of-concept" and t=
hen my request for people to help test RPZ. =C2=A0Nothing was hidden.
>>>>>>
>>>>>> This was done because you (and maybe others) did not have the time and=
 I wanted to help and because I needed assistance with RPZ. =C2=A0I tried my =
best to do this without bothering you.
>>>>> I don=E2=80=99t that it is accurate that nobody wanted to help on this.=
 The list was always open - although not every email has been replied to swif=
tly it is also your responsibility to raise a question again if it was missed=
. People here have open ears.
>>>>>
>>>>> It was also stated on this very list on in our documentation that worki=
ng on something without involving the core team is a risky undertaking. Of co=
urse IPFire is free software and so everyone is free to fork if they wish to =
do so.
>>>>>
>>>>>>> and as far as I am aware none of the other team members has been invo=
lved. This has not been discussed either on this list, on our calls.
>>>>>> You were aware many steps along the way. =C2=A0See your email on July =
28, 2024, August 15, 2024, September 30, 2024, December 23, 2024, and January=
 16. =C2=A0My attempts to get the team involved were met with "things are bus=
y" and sometimes silence. =C2=A0(Yes, I get it, people are busy.)
>>>>>>
>>>>>> You and Adolf, Leo, Erik and Bernhard have been aware since the beginn=
ing. =C2=A0You mention you were aware of the "proof-of-concept". =C2=A0If you=
 include those beginning posts, since Sep 2023.
>>>>> Yes, I am aware of a proof-of-concept that I have been running myself f=
or a long time. I am also aware of the efforts that you have been taking.
>>>>>
>>>>> Yet I don=E2=80=99t think there has ever been any joint effort, or am I=
 seeing that wrong?
>>>>>
>>>>>>> This has not been discussed . . . on our calls.
>>>>>> On the July 28th you stated:
>>>>>> "We have talked about RPZ many times on the monthly call since the URL=
 filter feature is falling more and more out of fashion. I think there is als=
o many posts about this on the forum."
>>>>>>
>>>>>> Please don=E2=80=99t insult me again by stating "you know what I mean".
>>>>>>
>>>>>> And it has been discussed but not documented in the Monthly Meeting no=
tes.
>>>>> I am not at all insulting you. I don=E2=80=99t want to take this down t=
o a personal level at all. This is a public mailing list and people who read =
this don=E2=80=99t need to listen to an argument we are having. They are here=
 for the tech inside IPFire.
>>>>>
>>>>> When I wrote that it has not been discussed that does not mean that we =
have not been touching on the topic. We have been talking about lots of thing=
s on the calls, the weather, politics, how our pets are. None of that makes i=
t to the logs. What I rather mean is that it has never been added as a topic =
on the agenda and it has not been pitched by yourself.
>>>>>
>>>>>>> Instead there has been a separate conversation on the forum with the =
occasional dip here to the list. But that was not a regular two-way conversat=
ion.
>>>>>> Regular conversation on the Dev Mailing list is many times met with si=
lence. =C2=A0I get it, people are busy.
>>>>>>
>>>>>> And regular two-way conversation doesn=E2=80=99t happen on the list. =
=C2=A0At least not with me. =C2=A0I=E2=80=99d be happy to point out the posts=
 that were met with silence.
>>>>>> Again, I get it, people are busy.
>>>>> And you think my emails are not being met with silence? This has nothin=
g to do with this specific topic. This has something to do with how occupied =
people are and how engaged they are on certain topics. Not everyone is involv=
ed in all the things and simply will ignore emails simply based on their subj=
ect line.
>>>>>
>>>>>> But the "dip here to the list" were my attempts to get a conversation =
started. =C2=A0As I said, many time met with silence.
>>>>>>
>>>>>> The only place I was not met with silence was on the Community. =C2=A0=
You have a great group of people in the Community. =C2=A0It is a shame you do=
n=E2=80=99t want to have others help. =C2=A0It would reduce your workload.
>>>>> You should stop making statements that are not true. Who doesn=E2=80=99=
t want anyone to help?
>>>>>
>>>>> Not having this conversation on a Saturday evening would reduce my work=
load. At least it would free up time for something else. Helping with the thi=
ngs that are already on the go would reduce the workload of the entire team. =
Starting one thing at a time and finishing it is a lot better to manage than =
starting a hundred things and not even finish one. I can tell you that I alre=
ady have a hundred things on the go.
>>>>>
>>>>>>> Therefore, what am I supposed to do with this email?
>>>>>> To me it is beyond obvious=E2=80=A6
>>>>>>
>>>>>> If it isn=E2=80=99t what you want, then guide me with how to do this t=
he correct way. =C2=A0And be specific. =C2=A0I am trying to help. =C2=A0I am =
trying to make things better. I am trying to do things the right way.
>>>>> To me it isn=E2=80=99t. This is yet another project that has been dumpe=
d to the list like so many before and later on everyone has left to have the =
team deal with the rest.
>>>>>
>>>>> It is a huge patch set. You explained what the vision is, but that is a=
bout it. There is no chance this will continue if this disagreement isn=E2=80=
=99t solved first. I didn=E2=80=99t even look at the code.
>>>>>
>>>>>>> I don=E2=80=99t want to merge code that I don=E2=80=99t agree with.
>>>>>> I asked multiple times if you "agreed with the concept" and again, met=
 with silence. Yes I get it, people are busy.
>>>>> Having support for RPZ? Yes, it was definitely on the roadmap. That I a=
gree with.
>>>>>
>>>>>>> So many fundamental things that I have been raising have either not b=
een discussed or outright dismissed.
>>>>>> You mentioned this a in the past, but for some reason you do not discl=
ose what I dismissed. =C2=A0Why do you continue to make this harder, wouldn=
=E2=80=99t it not be easier to tell me what I have dismissed?
>>>>>>
>>>>>> I have sent multiple emails trying to answer your concerns and comment=
s. =C2=A0On July 28, Aug 14, Aug 22, Aug 23, Sep 30, etc.
>>>>>>
>>>>>> I=E2=80=99ve gone through all of the questions you asked and I cannot =
find a "dismissed" item.
>>>>> Maybe I need to be *more clear*. I feel humoured by this.
>>>>>
>>>>> It is late on a Saturday and I want my dinner soon, but certainly I hav=
e stated that this should never be an add-on considering it is supposed to re=
place URL Filter. We should never allow people to add their own sources. I ha=
ve also stated that we cannot download any lists over HTTPS again and again a=
nd again. The implementation that we have here seems to exactly do that and t=
herefore I think that my feedback has been dismissed entirely.
>>>>>
>>>>>>> I don=E2=80=99t want to merge code that has no future inside IPFire a=
s there is no constructive conversation with the maintainers of it.
>>>>>> The maintainers of Unbound and/or RPZ?
>>>>>>
>>>>>> The maintainers of Hagezi list, the threatfox list, the urlhaus list, =
etc.?
>>>>>>
>>>>>> What else? =C2=A0The maintainers or the RPZ scripts? =C2=A0That is me.=
 =C2=A0Let=E2=80=99s talk!
>>>>> You. I don=E2=80=99t care much about the providers of the lists.
>>>>>
>>>>>> See, this is where it gets confusing. =C2=A0There are hundreds of open=
 source packages as part of IPFire. =C2=A0Pick the last five years of items a=
dded to the IPFire build. =C2=A0You're telling me you have "constructive conv=
ersation with the maintainers" of all of the added packages?
>>>>> They publish their software and they don=E2=80=99t care whether I am pu=
lling it or not. They publish it with the commitment to maintain it - sometim=
es for better and sometimes for worse.
>>>>>
>>>>> You care about me pulling your code and I don=E2=80=99t know whether yo=
u would commit to maintain this.
>>>>>
>>>>> These two are very different cases.
>>>>>
>>>>>> Pick the IP Blocklists list (i.e., 3CORESEC, ABUSECH, DSHIELD, SPAMHAU=
S, etc.) =C2=A0or the Suricata lists (i.e., Emergingthreats.net, Abuse.ch, et=
c.). =C2=A0So you=E2=80=99ve have "constructive conversation with the maintai=
ners"?
>>>>> Yes, occasionally I have phone calls with a few of these providers.
>>>>>
>>>>>>> Having been trying for a long time to make you aware of this, nothing=
 of this should come as a surprise.
>>>>>> Ha! =C2=A0Yes a surprise. =C2=A0In the beginning you seemed interested=
 as IPFire needed a replacement for URL Filter. =C2=A0You asked good question=
s about the lists picked, asked for the value to the users, etc. =C2=A0And I =
answered the best I could.
>>>>>>
>>>>>> You even asked: =E2=80=9CWhy is this realised as an add-on and not par=
t of the core system?=E2=80=9D from your Jul 28, 2024 email.
>>>>> Ah, so, why is the patch creating an add-on? Not that I am saying that =
what I say is law, but it has not been challenged either. If my input is bein=
g ignored, why should I put this to the top of my list of priorities? I am no=
t disappointed about this, just trying to be very good with my time.
>>>>>
>>>>>> And on January 16, 2025 I wrote a message looking for help. =C2=A0And =
you were kind to respond quickly. =C2=A0So in three weeks time, since the kin=
d response, something has changed. =C2=A0You went from supportive to "this".
>>>>>>
>>>>>> So yes, I am surprised.
>>>>> Well, maybe I should not have replied to that email. It was clear that =
you were on some path that was not right, but you were not interested before =
in finding the right path from the beginning.
>>>>>
>>>>>>> Please consider if that can be changed and if there is a path forward=
 with this.
>>>>>> Be more specific, what has to change? =C2=A0What exactly did I dismiss?
>>>>> Dismissal is just my assumption. I don=E2=80=99t know what you actually=
 did with my feedback. I can only see the end product that does not seem cont=
ain much of it. Repeatedly I have been pointing out that we should think befo=
re we build. I am sure a lot of hours have now gone into some code that simpl=
y does not satisfy me. And I am not not talking about the code itself, what i=
t does is what I don=E2=80=99t think is right for us.
>>>>>
>>>>> The process is very clear for me that we should first of all think whet=
her we want a certain feature now. Then there should be a clear roadmap for e=
veryone to follow; tasks can be split-up as we go and hopefully then have som=
ething that is maintainable, interesting for our users and even would do us p=
roud. This is how this should work.
>>>>>
>>>>> So, what has to change? I don=E2=80=99t think with shouting at each oth=
er, throwing patches around and making me generally unhappy is a good start.
>>>>>
>>>>> -Michael
>>>>>
>>>>>> Jon
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Feb 6, 2025, at 2:13=E2=80=AFPM, Michael Tremer <michael.tremer(a)=
ipfire.org> wrote:
>>>>>>>
>>>>>>> Hello Jon,
>>>>>>>
>>>>>>> Well, here we are again with another patch regarding this feature.
>>>>>>>
>>>>>>> I cannot quite see from your email what the question is, but if this =
is a request to have this merged into IPFire, I am once again sorry to disapp=
oint you.
>>>>>>>
>>>>>>> I think I have covered this all at lengths before that this project h=
as been started as a separate effort and as far as I am aware none of the oth=
er team members has been involved. This has not been discussed either on this=
 list, on our calls. Instead there has been a separate conversation on the fo=
rum with the occasional dip here to the list. But that was not a regular two-=
way conversation. Therefore, what am I supposed to do with this email?
>>>>>>>
>>>>>>> I don=E2=80=99t want to merge code that I don=E2=80=99t agree with. S=
o many fundamental things that I have been raising have either not been discu=
ssed or outright dismissed.
>>>>>>>
>>>>>>> I don=E2=80=99t want to merge code that has no future inside IPFire a=
s there is no constructive conversation with the maintainers of it.
>>>>>>>
>>>>>>> Having been trying for a long time to make you aware of this, nothing=
 of this should come as a surprise.
>>>>>>>
>>>>>>> Please consider if that can be changed and if there is a path forward=
 with this.
>>>>>>>
>>>>>>> All the best,
>>>>>>> -Michael
>>>>>>>
>>>>>>>> On 6 Feb 2025, at 16:35, Jon Murphy <jon.murphy(a)ipfire.org> wrote:
>>>>>>>>
>>>>>>>> What is it?
>>>>>>>> Response Policy Zone (RPZ) is a mechanism to define local policies i=
n a
>>>>>>>> standardized way and load those policies from external sources.
>>>>>>>> Bottom line: RPZ allows admins to easily block access to websites vi=
a DNS lookup.
>>>>>>>>
>>>>>>>> RPZ can block websites via categories. =C2=A0Examples include: fake =
websites, annoying
>>>>>>>> pop-up ads, newly registered domains, DoH bypass sites, bad "host" s=
ervices,
>>>>>>>> maliscious top level domains (e.g., *.zip, *.mov), piracy, gambling,=
 pornography,
>>>>>>>> and more. =C2=A0RPZ lists come from various RPZ providers and their =
available
>>>>>>>> catagories.
>>>>>>>>
>>>>>>>> This RPZ add-on enables the RPZ functionality by adding a couple lin=
es in a
>>>>>>>> configuration file. =C2=A0This add-on simply adds configuration file=
s and adds
>>>>>>>> scripts (config, metrics and sleep) to make RPZ easier for the admin=
 to use.
>>>>>>>>
>>>>>>>> The RPZ scripts include additional languages: German, Spanish, Frenc=
h, Turkish,
>>>>>>>> and Italian.
>>>>>>>>
>>>>>>>> RPZ itself was release in 2010 and has been part of the IPFire build=
 since ~2015.
>>>>>>>>
>>>>>>>> Why is it needed? =C2=A0What is its value?
>>>>>>>>
>>>>>>>> - The RPZ concept places this filtering into IPFire, our internet ac=
cess
>>>>>>>> gateway, which is (should be) solely used as DNS source of the inter=
nal network.
>>>>>>>>
>>>>>>>> - As most sites use HTTPS it makes it difficult to filter traffic wi=
th URL
>>>>>>>> Filter without also properly configuring conventional (non-transpare=
nt)
>>>>>>>> mode on the proxy. =C2=A0RPZ is a nice replacement for the URL Filte=
r.
>>>>>>>>
>>>>>>>> - No need to install and maintain an additional device like PiHole o=
r AdBlock
>>>>>>>> browser extensions on multiple user devices.
>>>>>>>>
>>>>>>>> - This is an additional layer of protection for users. Less worry so=
meone will
>>>>>>>> click on something that gets them into trouble. And, saying this wit=
h emphasis,
>>>>>>>> the ability to do it in one place!
>>>>>>>>
>>>>>>>> - Blocked sites save on unneeded traffic and can lessen the threat o=
f malware
>>>>>>>> in advertisements
>>>>>>>>
>>>>>>>> - Logging allows the admin to see the site blocked and take actions
>>>>>>>>
>>>>>>>> - RPZ will be used at the home, home-office (work from home), school=
s,
>>>>>>>> ministerial, and at the office. =C2=A0Device counts are small (2-6) =
to medium (~80)
>>>>>>>> to mediam-large (200+).
>>>>>>>>
>>>>>>>> - RPZ can block ads, popups, phishing, scammers, spyware, malware, a=
nnoying
>>>>>>>> popups, NSFW links, DOH servers, and the usual internet trash.
>>>>>>>>
>>>>>>>> ------------------------------
>>>>>>>>
>>>>>>>> Change Log for RPZ add-on
>>>>>>>>
>>>>>>>> rpz-1.0.0-18 on 2025-02-05
>>>>>>>> - Build for approval & release as IPFire add-on
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.18-18.ipfire on 2025-02-01
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added a mod key to force a unbound restart
>>>>>>>>
>>>>>>>> rpz-config and rpz-make:
>>>>>>>> - new feature: added action for unbound restart `rpz-config unbound-=
restart`
>>>>>>>>
>>>>>>>> rpz-metrics:
>>>>>>>> - simple reformatting
>>>>>>>> - rename far right column from "last update" to "last download"
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.17-17.ipfire on 2024-12-09
>>>>>>>> rpz-make
>>>>>>>> - bug fix: corrected validation regex for wildcards like: `*.domain.=
com`
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.16-16.ipfire on 2024-11-18
>>>>>>>> rpz-make
>>>>>>>> - new feature: updated validation regex
>>>>>>>> - bug fix: moved validation to beginning of process. =C2=A0Now we va=
lidate before
>>>>>>>> creating config files.
>>>>>>>>
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: use CSS color variables of the main ipfire theme
>>>>>>>> - bug fix: empty zonefile remarks were stored as =E2=80=9Cundef=E2=
=80=9D and caused a warning
>>>>>>>> - bug fix: HTML textarea removes the first empty line in a custom li=
st
>>>>>>>> - thank you Leo!
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.15-15.ipfire on 2024-11-04
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added new language file for Turkish (thank you Peppe)
>>>>>>>>
>>>>>>>> rpz-make
>>>>>>>> - bug fix: corrected empty allow/block list issue. =C2=A0An empty al=
low/block list
>>>>>>>> will now remove contents of allow/block.rpz files and remove unneeded
>>>>>>>> allow/block.conf file. =C2=A0(thank you iptom)
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.14-14.ipfire on =C2=A02024-10-29
>>>>>>>> rpz-config:
>>>>>>>> - bug fix: correct missing rpz extension. `rpz-config list` displaye=
d URL
>>>>>>>> incorrectly (thank you Bernhard)
>>>>>>>>
>>>>>>>> rpz.cgi:
>>>>>>>> - bug fix: remove extra `"` in language files (thank you Bernhard)
>>>>>>>> - new feature: slightly dim "apply" button when not enabled
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.13-13.ipfire on 2024-10-27
>>>>>>>> - skipped
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.12-12.ipfire on 2024-10-21
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added new language file for French =C2=A0(thank you g=
w-ipfire)
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.11-11.ipfire on 2024-10-18
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added new language file for Italian (thank you umbert=
o)
>>>>>>>> - new feature: added new language file for Spanish (thank you Robert=
o)
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.10-10.ipfire on 2024-10-15
>>>>>>>> rpz-make:
>>>>>>>> - bug fix: corrected validation error for a custom list entry (thank=
 you siosios)
>>>>>>>> - e.g., `*.cloudflare-dns.com`
>>>>>>>>
>>>>>>>> install.sh:
>>>>>>>> - bug fix: add chown to correct user created files
>>>>>>>>
>>>>>>>> update.sh:
>>>>>>>> - bug fix: add chown to correct user created files (thank you siosio=
s)
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.9-9.ipfire on 2024-10-08
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added new language file for German (thank you Leo)
>>>>>>>> - bug fix: add missing "rpz exitcode 110"
>>>>>>>> - bug fix: corrected missing RPZ menu item at menu > IPFire
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.8-8.ipfire on 2024-10-04
>>>>>>>> - skipped
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> rpz-beta-0.1.7-7.ipfire on 2024-10-03
>>>>>>>> All:
>>>>>>>> - new feature: includes beta version numbers for pakfire package,
>>>>>>>> instead of only `rpz-1.0.0-1.ipfire`, for each release.
>>>>>>>>
>>>>>>>> rpz.cgi:
>>>>>>>> - new feature: added new WebGUI at `rpz.cgi`
>>>>>>>> - a BIG thank you to Leo Hofmann for all of his work creating the we=
bgui!!
>>>>>>>> - bug fix: corrected missing RPZ menu item at menu > IPFire
>>>>>>>>
>>>>>>>> rpz-make:
>>>>>>>> - new feature: validate entries in allowlist and blocklist
>>>>>>>> - new feature: add "no-reload" option for WebGUI
>>>>>>>>
>>>>>>>> rpz-metrics:
>>>>>>>> - new feature: info can be sorted by name, by hit count, by line cou=
nt, by
>>>>>>>> "enabled" list or all lists
>>>>>>>>
>>>>>>>> backups:
>>>>>>>> - bug fix: include all files in `/var/ipfire/dns/rpz` directory in b=
ackup
>>>>>>>>
>>>>>>>> update.sh:
>>>>>>>> - bug fix: corrected ownership for `/var/ipfire/dns/rpz` directory d=
uring an
>>>>>>>> update
>>>>>>>>
>>>>>>>> Build:
>>>>>>>> - bug fix: `block.rpz.conf` and `block.rpz` from build. =C2=A0Files =
to be created
>>>>>>>> by `rpz-make`
>>>>>>>>
>>>>>>>> WebGUI and German language file
>>>>>>>> Contribution-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
>>>>>>>>
>>>>>>>> Spanish language file
>>>>>>>> Contribution-by: Roberto Pe=C3=B1a
>>>>>>>>
>>>>>>>> Italian language file
>>>>>>>> Contribution-by: Umberto Parma
>>>>>>>>
>>>>>>>> French language file
>>>>>>>> Contribution-by: gw-ipfire
>>>>>>>>
>>>>>>>> Turkish language file
>>>>>>>> Contribution-by: Peppe Tech
>>>>>>>>
>>>>>>>> Contribution-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
>>>>>>>> Contribution-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
>>>>>>>> Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org
>>>>>>>> ---
>>>>>>>> config/backup/includes/rpz =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A04 +
>>>>>>>> config/cfgroot/manualpages =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A01 +
>>>>>>>> config/menu/EX-rpz.menu =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=
=A0=C2=A06 +
>>>>>>>> config/rootfiles/common/configroot =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0| =C2=A0=C2=A01 +
>>>>>>>> config/rootfiles/common/web-user-interface | =C2=A0=C2=A01 +
>>>>>>>> config/rootfiles/packages/rpz =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A020 +
>>>>>>>> config/rpz/00-rpz.conf =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =
=C2=A010 +
>>>>>>>> config/rpz/rpz-config =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0| 130 +++
>>>>>>>> config/rpz/rpz-functions =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A085 =
++
>>>>>>>> config/rpz/rpz-make =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0| 203 +++++
>>>>>>>> config/rpz/rpz-metrics =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =
170 ++++
>>>>>>>> config/rpz/rpz-sleep =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A058 ++
>>>>>>>> config/rpz/rpz.de.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> config/rpz/rpz.en.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> config/rpz/rpz.es.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> config/rpz/rpz.fr.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> config/rpz/rpz.it.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> config/rpz/rpz.tr.pl =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| =C2=A030 +
>>>>>>>> html/cgi-bin/rpz.cgi =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0| 923 +++++++++++++++++++++
>>>>>>>> lfs/rpz =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =
=C2=A096 +++
>>>>>>>> make.sh =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =
=C2=A0=C2=A03 +-
>>>>>>>> src/paks/rpz/install.sh =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=
=A036 +
>>>>>>>> src/paks/rpz/uninstall.sh =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =C2=A038 +
>>>>>>>> src/paks/rpz/update.sh =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| =
=C2=A052 ++
>>>>>>>> 24 files changed, 2016 insertions(+), 1 deletion(-)
>>>>>>>> create mode 100644 config/backup/includes/rpz
>>>>>>>> create mode 100644 config/menu/EX-rpz.menu
>>>>>>>> create mode 100644 config/rootfiles/packages/rpz
>>>>>>>> create mode 100644 config/rpz/00-rpz.conf
>>>>>>>> create mode 100644 config/rpz/rpz-config
>>>>>>>> create mode 100644 config/rpz/rpz-functions
>>>>>>>> create mode 100644 config/rpz/rpz-make
>>>>>>>> create mode 100755 config/rpz/rpz-metrics
>>>>>>>> create mode 100755 config/rpz/rpz-sleep
>>>>>>>> create mode 100644 config/rpz/rpz.de.pl
>>>>>>>> create mode 100644 config/rpz/rpz.en.pl
>>>>>>>> create mode 100644 config/rpz/rpz.es.pl
>>>>>>>> create mode 100644 config/rpz/rpz.fr.pl
>>>>>>>> create mode 100644 config/rpz/rpz.it.pl
>>>>>>>> create mode 100644 config/rpz/rpz.tr.pl
>>>>>>>> create mode 100644 html/cgi-bin/rpz.cgi
>>>>>>>> create mode 100644 lfs/rpz
>>>>>>>> create mode 100644 src/paks/rpz/install.sh
>>>>>>>> create mode 100644 src/paks/rpz/uninstall.sh
>>>>>>>> create mode 100644 src/paks/rpz/update.sh
>>>>>>>>
>>>>>>>> diff --git a/config/backup/includes/rpz b/config/backup/includes/rpz
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..36513e494
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/backup/includes/rpz
>>>>>>>> @@ -0,0 +1,4 @@
>>>>>>>> +/var/ipfire/dns/rpz/*
>>>>>>>> +/etc/unbound/zonefiles/allow.rpz
>>>>>>>> +/etc/unbound/zonefiles/block.rpz
>>>>>>>> +/etc/unbound/local.d/*rpz.conf
>>>>>>>> diff --git a/config/cfgroot/manualpages b/config/cfgroot/manualpages
>>>>>>>> index 1f7e01efc..d3a48c633 100644
>>>>>>>> --- a/config/cfgroot/manualpages
>>>>>>>> +++ b/config/cfgroot/manualpages
>>>>>>>> @@ -70,6 +70,7 @@ pakfire.cgi=3Dconfiguration/ipfire/pakfire
>>>>>>>> wlanap.cgi=3Daddons/wireless
>>>>>>>> tor.cgi=3Daddons/tor
>>>>>>>> samba.cgi=3Daddons/samba
>>>>>>>> +rpz.cgi=3Daddons/rpz
>>>>>>>>
>>>>>>>> # Logs menu
>>>>>>>> logs.cgi/summary.dat=3Dconfiguration/logs/summary
>>>>>>>> diff --git a/config/menu/EX-rpz.menu b/config/menu/EX-rpz.menu
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..2f4daf410
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/menu/EX-rpz.menu
>>>>>>>> @@ -0,0 +1,6 @@
>>>>>>>> +$subipfire->{'20.rpz'} =3D {
>>>>>>>> + =C2=A0=C2=A0=C2=A0'caption' =3D> $Lang::tr{'rpz'},
>>>>>>>> + =C2=A0=C2=A0=C2=A0'uri' =3D> '/cgi-bin/rpz.cgi',
>>>>>>>> + =C2=A0=C2=A0=C2=A0'title' =3D> "RPZ",
>>>>>>>> + =C2=A0=C2=A0=C2=A0'enabled' =3D> 1,
>>>>>>>> +};
>>>>>>>> diff --git a/config/rootfiles/common/configroot b/config/rootfiles/c=
ommon/configroot
>>>>>>>> index 9839eee45..b30d6aae4 100644
>>>>>>>> --- a/config/rootfiles/common/configroot
>>>>>>>> +++ b/config/rootfiles/common/configroot
>>>>>>>> @@ -120,6 +120,7 @@ var/ipfire/menu.d/70-log.menu
>>>>>>>> #var/ipfire/menu.d/EX-apcupsd.menu
>>>>>>>> #var/ipfire/menu.d/EX-guardian.menu
>>>>>>>> #var/ipfire/menu.d/EX-mympd.menu
>>>>>>>> +#var/ipfire/menu.d/EX-rpz.menu
>>>>>>>> #var/ipfire/menu.d/EX-samba.menu
>>>>>>>> #var/ipfire/menu.d/EX-tor.menu
>>>>>>>> #var/ipfire/menu.d/EX-transmission.menu
>>>>>>>> diff --git a/config/rootfiles/common/web-user-interface b/config/roo=
tfiles/common/web-user-interface
>>>>>>>> index 816241dae..e00464076 100644
>>>>>>>> --- a/config/rootfiles/common/web-user-interface
>>>>>>>> +++ b/config/rootfiles/common/web-user-interface
>>>>>>>> @@ -69,6 +69,7 @@ srv/web/ipfire/cgi-bin/proxy.cgi
>>>>>>>> srv/web/ipfire/cgi-bin/qos.cgi
>>>>>>>> srv/web/ipfire/cgi-bin/remote.cgi
>>>>>>>> srv/web/ipfire/cgi-bin/routing.cgi
>>>>>>>> +#srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>> #srv/web/ipfire/cgi-bin/samba.cgi
>>>>>>>> srv/web/ipfire/cgi-bin/services.cgi
>>>>>>>> srv/web/ipfire/cgi-bin/shutdown.cgi
>>>>>>>> diff --git a/config/rootfiles/packages/rpz b/config/rootfiles/packag=
es/rpz
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..1c8663049
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rootfiles/packages/rpz
>>>>>>>> @@ -0,0 +1,20 @@
>>>>>>>> +etc/unbound/local.d/00-rpz.conf
>>>>>>>> +etc/unbound/zonefiles
>>>>>>>> +etc/unbound/zonefiles/allow.rpz
>>>>>>>> +usr/sbin/rpz-config
>>>>>>>> +usr/sbin/rpz-functions
>>>>>>>> +usr/sbin/rpz-make
>>>>>>>> +usr/sbin/rpz-metrics
>>>>>>>> +usr/sbin/rpz-sleep
>>>>>>>> +var/ipfire/addon-lang/rpz.de.pl
>>>>>>>> +var/ipfire/addon-lang/rpz.en.pl
>>>>>>>> +var/ipfire/addon-lang/rpz.es.pl
>>>>>>>> +var/ipfire/addon-lang/rpz.fr.pl
>>>>>>>> +var/ipfire/addon-lang/rpz.it.pl
>>>>>>>> +var/ipfire/addon-lang/rpz.tr.pl
>>>>>>>> +var/ipfire/backup/addons/includes/rpz
>>>>>>>> +var/ipfire/dns/rpz
>>>>>>>> +var/ipfire/dns/rpz/allowlist
>>>>>>>> +var/ipfire/dns/rpz/blocklist
>>>>>>>> +var/ipfire/menu.d/EX-rpz.menu
>>>>>>>> +srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>> diff --git a/config/rpz/00-rpz.conf b/config/rpz/00-rpz.conf
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..f005a4f2e
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/00-rpz.conf
>>>>>>>> @@ -0,0 +1,10 @@
>>>>>>>> +server:
>>>>>>>> + =C2=A0=C2=A0=C2=A0module-config: "respip validator iterator"
>>>>>>>> +
>>>>>>>> +rpz:
>>>>>>>> + =C2=A0=C2=A0=C2=A0name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0allow=
.rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0zonefile: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/etc/unbound/zonefiles/=
allow.rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-action-override: =C2=A0=C2=A0=C2=A0=C2=A0pas=
sthru
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0yes
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log-name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0allow
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-signal-nxdomain-ra: =C2=A0yes
>>>>>>>> diff --git a/config/rpz/rpz-config b/config/rpz/rpz-config
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..c72d50f9b
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz-config
>>>>>>>> @@ -0,0 +1,130 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024-2025 =C2=A0IPFire Team =C2=A0<info(a)ipf=
ire.org> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +version=3D"2025-01-11 - v44"
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0Functions =C2=A0=C2=A0=C2=
=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +source /usr/sbin/rpz-functions
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0Main =C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +tagName=3D"unbound"
>>>>>>>> +
>>>>>>>> +rpzAction=3D"${1}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0inp=
ut RPZ action
>>>>>>>> +rpzName=3D"${2}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0# =C2=A0input RPZ name
>>>>>>>> +rpzURL=3D"${3}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0# =C2=A0input RPZ URL
>>>>>>>> +rpzOption1=3D"${4}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0input =
RPZ option #1
>>>>>>>> +rpzOption2=3D"${5}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0input =
RPZ option #2
>>>>>>>> +
>>>>>>>> +rpzConfig=3D"/etc/unbound/local.d/${rpzName}.rpz.conf" =C2=A0=C2=A0=
=C2=A0# =C2=A0output zone conf file
>>>>>>>> +rpzFile=3D"/etc/unbound/zonefiles/${rpzName}.rpz" =C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0output for RPZ file
>>>>>>>> +
>>>>>>>> +rpzLog=3D"yes" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0# =C2=A0log default is yes
>>>>>>>> +ucReload=3D"yes" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0# =C2=A0reload default is yes
>>>>>>>> +
>>>>>>>> +while [[ $# -gt 0 ]] ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0case "$1" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--no-log ) =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0rpzLog=3D"no" =C2=A0=C2=A0;;
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--no-reload ) =C2=A0=C2=
=A0ucReload=3D"no" ; checkConf=3D"no" ;;
>>>>>>>> + =C2=A0=C2=A0=C2=A0esac
>>>>>>>> + =C2=A0=C2=A0=C2=A0shift =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Shif=
t after checking all the cases to get next option
>>>>>>>> +done
>>>>>>>> +
>>>>>>>> +case "${rpzAction}" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0add new rpz list
>>>>>>>> + =C2=A0=C2=A0=C2=A0add )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0check_name "${rpzName}" =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=
=A0is this a valid name?
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0does this config=
 already exist? =C2=A0If yes, then exit
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if [[ -f "${rpzConfig}" =
]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log "error: rpz: duplicate - ${rpzConfig} already exists. exit"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
exit 104
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0is this a valid =
URL?
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0regex=3D'^https://[-[:al=
num:]\+&@#/%?=3D~_|!:,.;]*[-[:alnum:]\+&@#/%=3D~_|]'
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ! [[ "${rpzURL}" =3D~=
 $regex ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log "error: rpz: the URL is not valid: \"${rpzURL}\". exit."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
exit 105
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0create the zone =
config file
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo "rpz:"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0${rpzName}.rpz"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0zonefile: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0${rpzFile}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0url: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0${rpzURL}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0rpz-action-override: =C2=A0=C2=A0=C2=A0nxdomain"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0rpz-log: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0${rpzLog}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0rpz-log-name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
${rpzName}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo " =C2=A0=C2=A0=C2=
=A0rpz-signal-nxdomain-ra: yes"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} > "${rpzConfig}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0set-up zonefile
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0=C2=A0crea=
te an empty rpz file if it does not exist
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if [[ ! -f "${rpzFile}" =
]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
touch "${rpzFile}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
# =C2=A0unbound requires these settings for rpz files
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
set_permissions "${rpzFile}" "${rpzConfig}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0trash config file & rpz file
>>>>>>>> + =C2=A0=C2=A0=C2=A0remove )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ! [[ -f "${rpzConfig}=
" ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log "error: rpz: cannot remove ${rpzConfig}, does not exist. exit"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
exit 106
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "info: rpz: remo=
ve config file & rpz file \"${rpzName}\""
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rm "${rpzConfig}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rm "${rpzFile}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0reload )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0check_unbound_conf "${ch=
eckConf}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0list )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0awk -F':' '/^\s*name:/{ =
gsub(/[[:blank:]]|\.rpz/, "",$2) ; NAME=3D$2 } \
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
/^\s*url:/{ gsub(/[[:blank:]]/, "") ; print NAME"=3D"$2":"$3} ' =C2=A0\
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
/etc/unbound/local.d/*rpz.conf
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0unbound-restart )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0check_unbound_conf "${ch=
eckConf}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0unbound_restart
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0* )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "error: rpz: mis=
sing or incorrect parameter"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0printf "Usage: =C2=A0=C2=
=A0$(basename "$0") <ACTION> <NAME> <URL> <OPTION> <OPTION>\n"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0printf "Version: ${versi=
on}\n"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit 108
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> +esac
>>>>>>>> +
>>>>>>>> +unbound_control_reload "${ucReload}"
>>>>>>>> +
>>>>>>>> +exit
>>>>>>>> diff --git a/config/rpz/rpz-functions b/config/rpz/rpz-functions
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..ace1d2690
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz-functions
>>>>>>>> @@ -0,0 +1,85 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +version=3D"2024-12-10 - v02"
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0Functions =C2=A0=C2=A0=C2=
=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +msg_log () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0logger --tag "${tagName}" "$*"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if tty --silent ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo "${tagName}:" "$*"
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# =C2=A0check for a valid name
>>>>>>>> +check_name () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theName=3D"${1}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0regex=3D'^[a-zA-Z0-9_]+$' =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# no dash or plus, alpha n=
umeric only
>>>>>>>> + =C2=A0=C2=A0=C2=A0regex1=3D'^(allow|block)$' =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# allow and block are reserved N=
AMEs
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ ! "${theName}" =3D~ $regex ]] || [[ "${the=
Name}" =3D~ $regex1 ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "error: rpz: the=
 NAME is not valid: \"${theName}\". exit."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit 101
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +set_permissions () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0chown nobody:nobody "$@"
>>>>>>>> + =C2=A0=C2=A0=C2=A0chmod 644 "$@"
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +check_unbound_conf () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local thecheckConf=3D"${1:-yes}" =C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0# =C2=A0=C2=A0check config default is yes
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0check the above config files
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ "${thecheckConf}" =3D=3D yes ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "info: rpz: chec=
k for errors with \"unbound-checkconf\""
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ! unbound-checkconf ;=
 then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log "error: rpz: unbound-checkconf found invalid configuration."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log \
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0"error: rpz: In Terminal run the command \"unbound-checkconf\" fo=
r more information. exit."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
exit 102
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +unbound_control_reload () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theReload=3D"${1:-yes}" =C2=A0=C2=A0=C2=A0=
=C2=A0# =C2=A0=C2=A0reload default is yes
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ "${theReload}" =3D=3D yes ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0reload due to th=
e changes
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log =C2=A0"info: rpz=
: run \"unbound-control reload\""
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if ! unbound-control rel=
oad ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
msg_log "error: rpz: unbound-control reload. exit."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
exit 109
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +unbound_restart () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0restart due to the changes
>>>>>>>> + =C2=A0=C2=A0=C2=A0msg_log =C2=A0"info: rpz: run \"unbound restart\=
""
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0/usr/local/bin/unboundctrl restart
>>>>>>>> +}
>>>>>>>> diff --git a/config/rpz/rpz-make b/config/rpz/rpz-make
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..927d55170
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz-make
>>>>>>>> @@ -0,0 +1,203 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024-2025 =C2=A0IPFire Team =C2=A0<info(a)ipf=
ire.org> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +version=3D"2025-01-11 - v14"
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0Functions =C2=A0=C2=A0=C2=
=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +source /usr/sbin/rpz-functions
>>>>>>>> +
>>>>>>>> +# =C2=A0=C2=A0create the config file for allow
>>>>>>>> +make_allow_config () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theLog=3D"${1:-yes}" =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0log=
 default ON
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theConfig=3D"/etc/unbound/local.d/00-rpz.c=
onf" =C2=A0# =C2=A0output zone conf file
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theList=3D"/var/ipfire/dns/rpz/allowlist" =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0input custom list of domains
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0msg_log "info: rpz: make config file \"00-rpz.co=
nf\""
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0echo "server:
>>>>>>>> + =C2=A0=C2=A0=C2=A0module-config: \"respip validator iterator\"" > =
"${theConfig}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0does allow list exist?
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ -s "${theList}" ]] && grep -q . "${theList=
}" ; then
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0echo "rpz:
>>>>>>>> + =C2=A0=C2=A0=C2=A0name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0allow.rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0zonefile: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/etc/unbound/zonefiles/allow.=
rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-action-override: =C2=A0=C2=A0=C2=A0passthru
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0${theLog}
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log-name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0allow
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-signal-nxdomain-ra: yes" >> "${theConfig}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0set-up zonefile - unbound requires these=
 settings for rpz files
>>>>>>>> + =C2=A0=C2=A0=C2=A0set_permissions "${theConfig}"
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# =C2=A0=C2=A0create the config file for block
>>>>>>>> +make_block_config () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theLog=3D"${1:-yes}" =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0# =C2=A0log default ON
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theConfig=3D"/etc/unbound/local.d/block.rp=
z.conf" =C2=A0=C2=A0# =C2=A0output zone conf file
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theList=3D"/var/ipfire/dns/rpz/blocklist" =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0input cus=
tom list of domains
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0msg_log "info: rpz: make config file \"block.rpz=
.conf\""
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0does block list exist?
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ -s "${theList}" ]] && grep -q . "${theList=
}" ; then
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0echo "rpz:
>>>>>>>> + =C2=A0=C2=A0=C2=A0name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0block.rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0zonefile: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/etc/unbound/zonefiles/block.=
rpz
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-action-override: =C2=A0=C2=A0=C2=A0nxdomain
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0${theLog}
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-log-name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0block
>>>>>>>> + =C2=A0=C2=A0=C2=A0rpz-signal-nxdomain-ra: yes" > "${theConfig}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0set-up zonefile =
- unbound requires these settings for rpz files
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0set_permissions "${theCo=
nfig}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0else
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0no - trash=
 the config file
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rm --verbose /etc/unboun=
d/local.d/block.rpz.conf
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# =C2=A0=C2=A0create an RPZ file for allow or block
>>>>>>>> +make_rpz_file () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theName=3D"${1}" =C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0allow or block
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theAction=3D'.' =C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0# the default is nxdomain or block
>>>>>>>> + =C2=A0=C2=A0=C2=A0local actionList
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theList=3D"/var/ipfire/dns/rpz/${theName}l=
ist" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0input custom lis=
t of domains
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theZonefile=3D"/etc/unbound/zonefiles/${th=
eName}.rpz" =C2=A0# =C2=A0output file for RPZ
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0does a list exist?
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ -s "${theList}" ]] && grep -q . "${theList=
}" ; then
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# for allow set to passt=
hru
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[[ "${theName}" =3D=3D a=
llow ]] && theAction=3D'rpz-passthru.'
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0drop any extra "=
blanks" and add "CNAME <RPZ action>." to each line
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0actionList=3D$( awk '{$1=
=3D$1};1' "${theList}" |
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
sed "/^[^;].*[[:alnum:]]/ s|$| =C2=A0CNAME =C2=A0=C2=A0${theAction}|" )
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "info: rpz: crea=
te zonefile for \"${theName}list\""
>>>>>>>> +
>>>>>>>> +echo "; Name: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0${theName} list
>>>>>>>> +; Last modified: =C2=A0=C2=A0=C2=A0$(date "+%Y-%m-%d at %H.%M.%S %Z=
")
>>>>>>>> +;
>>>>>>>> +; =C2=A0=C2=A0domains with actions list
>>>>>>>> +;
>>>>>>>> +${actionList}" > "${theZonefile}"
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0set-up zonefile =
- unbound requires these settings for rpz files
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0set_permissions "${theZo=
nefile}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0set-up allow/blo=
ck list files
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0set_permissions "${theLi=
st}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0else
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "info: rpz: the =
${theList} is empty."
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rm --verbose "${theZonef=
ile}" =C2=A0=C2=A0# trash the RPZ file
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# =C2=A0=C2=A0check if allow/block list is valid
>>>>>>>> +validate_list () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theName=3D"${1}" =C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0allow or block
>>>>>>>> + =C2=A0=C2=A0=C2=A0local theList=3D"/var/ipfire/dns/rpz/${theName}l=
ist" =C2=A0# =C2=A0input custom list of domains
>>>>>>>> +
>>>>>>>> + # =C2=A0=C2=A0remove good:
>>>>>>>> + # =C2=A0=C2=A0=C2=A0- properly formated domain names with or witho=
ut leading wildcard
>>>>>>>> + # =C2=A0=C2=A0=C2=A0- properly formated top level domain (TLD) nam=
es with wildcard
>>>>>>>> + # =C2=A0=C2=A0=C2=A0- blank lines and comment lines
>>>>>>>> + # =C2=A0=C2=A0remaining lines are considered "bad"
>>>>>>>> + =C2=A0=C2=A0=C2=A0bad_lines=3D$( sed --regexp-extended =C2=A0\
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0'/^(\*\.)?([a-zA-Z0-9]((=
[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\=
-]*[a-zA-Z0-9])$/d ;
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/^(\*\.)([a-z]{2,6=
1}|xn--[a-z0-9]{1,60})$/d ;
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/^$/d ; /^;/d' "${=
theList}" )
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0if [[ ! -z "${bad_lines}" ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "error: rpz: inv=
alid line(s) in ${theList}."
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0printf "%s\n" "bad line(=
s): ${bad_lines}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit 110
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0Main =C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +tagName=3D"unbound"
>>>>>>>> +
>>>>>>>> +rpzName=3D"${1}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0# =C2=A0input RPZ name
>>>>>>>> +
>>>>>>>> +rpzLog=3D"yes" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0# =C2=A0log default is yes
>>>>>>>> +ucReload=3D"yes" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0# =C2=A0reload default is yes
>>>>>>>> +
>>>>>>>> +while [[ $# -gt 0 ]] ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0case "$1" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--no-log ) =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0rpzLog=3D"no" =C2=A0=C2=A0;;
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--no-reload ) =C2=A0=C2=
=A0ucReload=3D"no" ; =C2=A0checkConf=3D"no" ;;
>>>>>>>> + =C2=A0=C2=A0=C2=A0esac
>>>>>>>> + =C2=A0=C2=A0=C2=A0shift =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Shif=
t after checking all the cases to get next option
>>>>>>>> +done
>>>>>>>> +
>>>>>>>> +case "${rpzName}" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0make a new allow or block rpz file
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0allow )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0validate_list 'allow' =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0is =
the allowlist valid?
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_allow_config "${rpz=
Log}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_rpz_file 'allow'
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0allowblock )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0validate_list 'allow' =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0is =
the list valid?
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_allow_config "${rpz=
Log}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_rpz_file 'allow'
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;&
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0block )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0validate_list 'block' =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0is =
the blocklist valid?
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_block_config "${rpz=
Log}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0make_rpz_file 'block'
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0reload )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0check_unbound_conf "${ch=
eckConf}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0unbound-restart )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0check_unbound_conf "${ch=
eckConf}"
>>>>>>>> + unbound_restart
>>>>>>>> + exit
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0* )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0msg_log "error: rpz: mis=
sing or incorrect parameter"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0printf "Usage: =C2=A0=C2=
=A0$(basename "$0") <NAME> <OPTION> <OPTION>\n"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0printf "Version: ${versi=
on}\n"
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0exit 108
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> +esac
>>>>>>>> +
>>>>>>>> +unbound_control_reload "${ucReload}"
>>>>>>>> +
>>>>>>>> +exit
>>>>>>>> diff --git a/config/rpz/rpz-metrics b/config/rpz/rpz-metrics
>>>>>>>> new file mode 100755
>>>>>>>> index 000000000..4d43e1629
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz-metrics
>>>>>>>> @@ -0,0 +1,170 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +version=3D"2025-01-20 - v25"
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0Main =C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +weeks=3D"2" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0default t=
o two message logs
>>>>>>>> +sortBy=3D"name" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0=C2=A0default "by name"
>>>>>>>> +rpzActive=3D"enabled" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0# =C2=A0=C2=A0default "enabled only"
>>>>>>>> +
>>>>>>>> +while [[ $# -gt 0 ]] ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0case "$1" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--by-names | --by-name |=
 name ) sortBy=3D"name" =C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--by-hits | --by-hit | h=
its | hit ) =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0sortBy=3D"hit" =C2=A0=C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--by-lines | --by-line |=
 lines | line ) =C2=A0=C2=A0=C2=A0=C2=A0sortBy=3D"line" =C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--by-effect ) sortBy=3D"=
effect" =C2=A0=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--enabled-only ) =C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rpzActive=
=3D"enabled" ;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0--active-all | --all | a=
ll ) =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0rpzActive=3D"all" =C2=A0=C2=A0=C2=A0=
=C2=A0;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[0-9] | [0-9][0-9] ) =C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0weeks=3D$1 =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0;;
>>>>>>>> + =C2=A0=C2=A0=C2=A0esac
>>>>>>>> + =C2=A0=C2=A0=C2=A0shift =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# Shif=
t after checking all the cases to get next option
>>>>>>>> +done
>>>>>>>> +
>>>>>>>> +# =C2=A0get the list of message logs for N weeks
>>>>>>>> +messageLogs=3D$( find /var/log/messages* -type f | sort --version-s=
ort |
>>>>>>>> + =C2=A0=C2=A0=C2=A0head -"${weeks}" )
>>>>>>>> +
>>>>>>>> +# =C2=A0get the list of RPZ names & counts from the message log(s)
>>>>>>>> +rpzNameCount=3D$( for logf in ${messageLogs} ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0zgrep --text --fixed-strings 'info: rpz: applied=
' "${logf}" |
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0awk '$10 ~ /\[\w*]/ { print $10 }' ;
>>>>>>>> + =C2=A0=C2=A0=C2=A0done | sort | uniq --count )
>>>>>>>> +
>>>>>>>> +# =C2=A0flip results and remove brackets `[` and `]`
>>>>>>>> +rpzNameCount=3D$( echo "${rpzNameCount}" |
>>>>>>>> + =C2=A0=C2=A0=C2=A0awk '{ print $2, $1 }' |
>>>>>>>> + =C2=A0=C2=A0=C2=A0sed --regexp-extended 's|^\[(.*)\]|\1|' )
>>>>>>>> +
>>>>>>>> +# =C2=A0grab only names
>>>>>>>> +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ print $1 }' )
>>>>>>>> +
>>>>>>>> +# =C2=A0get list of RPZ files
>>>>>>>> +rpzFileList=3D$( find /etc/unbound/zonefiles -type f -iname "*.rpz"=
 )
>>>>>>>> +
>>>>>>>> +# =C2=A0get basename of those files
>>>>>>>> +rpzBaseNames=3D$( echo "${rpzFileList}" |
>>>>>>>> + =C2=A0=C2=A0=C2=A0sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g ;=
' )
>>>>>>>> +
>>>>>>>> +# =C2=A0add to rpzNames
>>>>>>>> +rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}"
>>>>>>>> +
>>>>>>>> +# =C2=A0drop duplicate names
>>>>>>>> +rpzNames=3D$( echo "${rpzNames}" | sort --unique =C2=A0)
>>>>>>>> +
>>>>>>>> +# =C2=A0get line count for each RPZ
>>>>>>>> +lineCount=3D$( echo "${rpzFileList}" | xargs wc -l )
>>>>>>>> +
>>>>>>>> +# =C2=A0get comment line count and blank line count for each RPZ
>>>>>>>> +commentCount=3D$( echo "${rpzFileList}" | xargs grep --count -e "^$=
" -e "^;" )
>>>>>>>> +
>>>>>>>> +# =C2=A0get modified date each RPZ
>>>>>>>> +modDateList=3D$( echo "${rpzFileList}" | xargs stat -c '%.10y =C2=
=A0%n' )
>>>>>>>> +
>>>>>>>> +ucListAuthZones=3D$( unbound-control list_auth_zones )
>>>>>>>> +
>>>>>>>> +# =C2=A0get width of RPZ names
>>>>>>>> +pWidth=3D$( echo "${rpzNames}" | awk '{ print $1" =C2=A0=C2=A0" }' =
| wc -L )
>>>>>>>> +pFormat=3D"%-${pWidth}s %-8s %-8s %8s %12s %12s\n"
>>>>>>>> +
>>>>>>>> +# =C2=A0print title line
>>>>>>>> +printf "${pFormat}" "name" "hits" "active" "lines" " hits/line" "la=
st download"
>>>>>>>> +printf -- "--------------"
>>>>>>>> +
>>>>>>>> +theResults=3D""
>>>>>>>> +totalLines=3D0
>>>>>>>> +totalHits=3D0
>>>>>>>> +while read -r theName
>>>>>>>> +do
>>>>>>>> + =C2=A0=C2=A0=C2=A0printf -- "--" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0# =C2=A0=C2=A0pretend progress bar
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0is this RPZ list active?
>>>>>>>> + =C2=A0=C2=A0=C2=A0theActive=3D"disabled"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if grep --quiet "^${theName}\.rpz" <<< "${ucList=
AuthZones}"
>>>>>>>> + =C2=A0=C2=A0=C2=A0then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0theActive=3D"enabled"
>>>>>>>> + =C2=A0=C2=A0=C2=A0else
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0[[ "${rpzActive}" =3D=3D=
 enabled ]] && continue
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0get hit count
>>>>>>>> + =C2=A0=C2=A0=C2=A0theHits=3D"0"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if output=3D$( grep "^${theName}\s" <<< "${rpzNa=
meCount}" ) ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0theHits=3D$( echo "${out=
put}" | awk '{ print $2 }' )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0totalHits=3D$(( totalHit=
s + theHits ))
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0get line count
>>>>>>>> + =C2=A0=C2=A0=C2=A0theLines=3D"n/a"
>>>>>>>> + =C2=A0=C2=A0=C2=A0hitsPerLine=3D"0"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if output=3D$( grep --fixed-strings "/${theName}=
.rpz" <<< "${lineCount}" ) ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0theLines=3D$( echo "${ou=
tput}" | awk '{ print $1 }' )
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0totalLines=3D$(( totalLi=
nes + theLines ))
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0if [[ "${theLines}" -gt =
2 ]] ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
hitsPerLine=3D$(( 100 * theHits / theLines ))
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0fi
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0get modification date
>>>>>>>> + =C2=A0=C2=A0=C2=A0theModDate=3D"n/a"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if output=3D$( grep --fixed-strings "/${theName}=
.rpz" <<< "${modDateList}" ) ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0theModDate=3D$( echo "${=
output}" | awk '{ print $1 }' )
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0add to results list
>>>>>>>> + =C2=A0=C2=A0=C2=A0theResults+=3D"${theName} ${theHits} ${theActive=
} ${theLines} ${hitsPerLine} ${theModDate}"$'\n'
>>>>>>>> +
>>>>>>>> +done <<< "${rpzNames}"
>>>>>>>> +
>>>>>>>> +case "${sortBy}" in
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0sort by "active" then by "name"
>>>>>>>> + =C2=A0=C2=A0=C2=A0name) sortArg=3D(-k3,3r -k1,1) ;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0sort by "active" then by "hits" then by =
"name"
>>>>>>>> + =C2=A0=C2=A0=C2=A0hit) =C2=A0sortArg=3D(-k3,3r -k2,2nr -k1,1) ;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0sort by "active" then by "lines" then by=
 "name"
>>>>>>>> + =C2=A0=C2=A0=C2=A0line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;;
>>>>>>>> +
>>>>>>>> + =C2=A0=C2=A0=C2=A0# =C2=A0sort by "active" then by "effect" then b=
y "name"
>>>>>>>> + =C2=A0=C2=A0=C2=A0effect) sortArg=3D(-k3,3r -k5,5nr -k1,1) ;;
>>>>>>>> +esac
>>>>>>>> +
>>>>>>>> +printf -- "--------------\n"
>>>>>>>> +# =C2=A0remove blank lines, sort, print as columns
>>>>>>>> +echo "${theResults}" |
>>>>>>>> + =C2=A0=C2=A0=C2=A0awk '!/^[[:space:]]*$/' |
>>>>>>>> + =C2=A0=C2=A0=C2=A0sort "${sortArg[@]}" =C2=A0=C2=A0=C2=A0|
>>>>>>>> + =C2=A0=C2=A0=C2=A0awk --assign=3Dwidth=3D"${pWidth}" \
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0'{ printf "%-*s %-8s %-8=
s %8s %10s %% %12s\n", width, $1, $2, $3, $4, $5, $6 }'
>>>>>>>> +
>>>>>>>> +printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D" "" "=3D=3D=3D=3D=3D=
=3D=3D=3D" "" ""
>>>>>>>> +printf "${pFormat}" "Totals -->" "${totalHits}" "" "${totalLines}" =
"" ""
>>>>>>>> +
>>>>>>>> +exit
>>>>>>>> diff --git a/config/rpz/rpz-sleep b/config/rpz/rpz-sleep
>>>>>>>> new file mode 100755
>>>>>>>> index 000000000..dd3603599
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz-sleep
>>>>>>>> @@ -0,0 +1,58 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +version=3D"2024-08-16" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0# =
v05
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0Functions =C2=A0=C2=A0=C2=
=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +# =C2=A0=C2=A0send message to message log
>>>>>>>> +msg_log () {
>>>>>>>> + =C2=A0=C2=A0=C2=A0logger --tag "${tagName}" "$*"
>>>>>>>> + =C2=A0=C2=A0=C2=A0if tty --silent ; then
>>>>>>>> + =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0echo "${tagName}:" "$*"
>>>>>>>> + =C2=A0=C2=A0=C2=A0fi
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +############### =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0Main =C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0###############
>>>>>>>> +
>>>>>>>> +tagName=3D"unbound"
>>>>>>>> +
>>>>>>>> +sleepTime=3D"${1:-5m}" =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0# =C2=A0default to sleep for 5m (5 minutes)
>>>>>>>> +
>>>>>>>> +zoneList=3D$( unbound-control list_auth_zones | awk '{print $1}' )
>>>>>>>> +
>>>>>>>> +for zone in ${zoneList} ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0printf "disable ${zone}\t"
>>>>>>>> + =C2=A0=C2=A0=C2=A0unbound-control rpz_disable "${zone}"
>>>>>>>> +done
>>>>>>>> +
>>>>>>>> +msg_log "info: rpz: disabled all zones for ${sleepTime}"
>>>>>>>> +
>>>>>>>> +sleep "${sleepTime}"
>>>>>>>> +
>>>>>>>> +for zone in ${zoneList} ; do
>>>>>>>> + =C2=A0=C2=A0=C2=A0printf "enable ${zone}\t"
>>>>>>>> + =C2=A0=C2=A0=C2=A0unbound-control rpz_enable "${zone}"
>>>>>>>> +done
>>>>>>>> +
>>>>>>>> +msg_log "info: rpz: enabled all zones"
>>>>>>>> +
>>>>>>>> +exit
>>>>>>>> diff --git a/config/rpz/rpz.de.pl b/config/rpz/rpz.de.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..3770c6bb0
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.de.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0Added for Response Policy Zone (RPZ) add-on
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>> +'rpz apply' =3D> '=C3=9Cbernehmen',
>>>>>>>> +'rpz cl allow enable' =3D> 'Benutzerdefinierte Allowlist aktivieren=
:',
>>>>>>>> +'rpz cl allow info' =3D> 'Zugelassene Domains (eine pro Zeile)<br>B=
eispiel: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Benutzerdefinierte Allowlist',
>>>>>>>> +'rpz cl block enable' =3D> 'Benutzerdefinierte Blocklist aktivieren=
:',
>>>>>>>> +'rpz cl block info' =3D> 'Gesperrte Domains (eine pro Zeile)<br>Bei=
spiel: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'Benutzerdefinierte Blocklist',
>>>>>>>> +'rpz cl' =3D> 'Benutzerdefinierte Listen',
>>>>>>>> +'rpz exitcode 101' =3D> 'Der Name enth=C3=A4lt unzul=C3=A4ssige Zei=
chen',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf hat eine fehlerhafte Kon=
figuration ermittelt. F=C3=BChren Sie das Kommando unbound-checkconf auf der =
Konsole aus, um weitere Informationen zu erhalten.',
>>>>>>>> +'rpz exitcode 103' =3D> 'Die benutzerdefinierte Allow-/Blocklist is=
t leer',
>>>>>>>> +'rpz exitcode 104' =3D> 'Ein Eintrag mit identischem Namen existier=
t bereits',
>>>>>>>> +'rpz exitcode 105' =3D> 'Die URL ist ung=C3=BCltig',
>>>>>>>> +'rpz exitcode 106' =3D> 'Eintrag kann nicht entfernt werden, der Na=
me existiert nicht',
>>>>>>>> +'rpz exitcode 107' =3D> 'Der Name ist ung=C3=BCltig - nur "allow" o=
der "block" m=C3=B6glich',
>>>>>>>> +'rpz exitcode 108' =3D> 'Fehlende oder inkorrekte Parameter',
>>>>>>>> +'rpz exitcode 109' =3D> 'unbound-control reload ist fehlgeschlagen',
>>>>>>>> +'rpz exitcode 110' =3D> 'Die benutzerdefinierte Allow-/Blocklist en=
th=C3=A4lt unzul=C3=A4ssige Eintr=C3=A4ge',
>>>>>>>> +'rpz exitcode 201' =3D> 'Die Anmerkung enth=C3=A4lt unzul=C3=A4ssig=
e Zeichen',
>>>>>>>> +'rpz exitcode 202' =3D> 'Ung=C3=BCltiger Eintrag in der benutzerdef=
inierten Allowlist, Zeile ',
>>>>>>>> +'rpz exitcode 203' =3D> 'Ung=C3=BCltiger Eintrag in der benutzerdef=
inierten Blocklist, Zeile ',
>>>>>>>> +'rpz exitcode 204' =3D> 'Ausgew=C3=A4hlter Eintrag existiert nicht:=
 ',
>>>>>>>> +'rpz zf editor' =3D> 'Zonendatei-Eintrag bearbeiten',
>>>>>>>> +'rpz zf imported' =3D> '(importiert aus rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'Erlaubte Zeichen sind a-z, A-Z, 0-9 und =
Unterstriche',
>>>>>>>> +'rpz zf' =3D> 'Zonendateien',
>>>>>>>> +);
>>>>>>>> diff --git a/config/rpz/rpz.en.pl b/config/rpz/rpz.en.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..0720a8940
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.en.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0Added for Response Policy Zone (RPZ) add-on
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>> +'rpz apply' =3D> 'Apply',
>>>>>>>> +'rpz cl allow enable' =3D> 'Enable custom allowlist:',
>>>>>>>> +'rpz cl allow info' =3D> 'Allowed domains (one per line)<br>Example=
: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Custom allowlist',
>>>>>>>> +'rpz cl block enable' =3D> 'Enable custom blocklist:',
>>>>>>>> +'rpz cl block info' =3D> 'Blocked domains (one per line)<br>Example=
: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'Custom blocklist',
>>>>>>>> +'rpz cl' =3D> 'Custom lists',
>>>>>>>> +'rpz exitcode 101' =3D> 'the NAME is not valid',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf found invalid configurat=
ion. In the Terminal run the command unbound-checkconf for more information',
>>>>>>>> +'rpz exitcode 103' =3D> 'the allow/block list is empty',
>>>>>>>> +'rpz exitcode 104' =3D> 'duplicate - NAME already exists',
>>>>>>>> +'rpz exitcode 105' =3D> 'the URL is not valid',
>>>>>>>> +'rpz exitcode 106' =3D> 'cannot remove the NAME does not exist',
>>>>>>>> +'rpz exitcode 107' =3D> 'the NAME is not valid - "allow" or "block"=
 only',
>>>>>>>> +'rpz exitcode 108' =3D> 'missing or incorrect parameter',
>>>>>>>> +'rpz exitcode 109' =3D> 'unbound-control reload failed',
>>>>>>>> +'rpz exitcode 110' =3D> 'custom Allowlist/Blocklist contains invali=
d entries',
>>>>>>>> +'rpz exitcode 201' =3D> 'the REMARK is not valid',
>>>>>>>> +'rpz exitcode 202' =3D> 'invalid entry in allowlist, line ',
>>>>>>>> +'rpz exitcode 203' =3D> 'invalid entry in blocklist, line ',
>>>>>>>> +'rpz exitcode 204' =3D> 'Selected entry does not exist: ',
>>>>>>>> +'rpz zf editor' =3D> 'Edit zonefiles entry',
>>>>>>>> +'rpz zf imported' =3D> '(imported from rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'Valid characters are a-z, A-Z, 0-9 and u=
nderscore.',
>>>>>>>> +'rpz zf' =3D> 'Zonefiles',
>>>>>>>> +);
>>>>>>>> diff --git a/config/rpz/rpz.es.pl b/config/rpz/rpz.es.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..98628e4aa
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.es.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0Added for Response Policy Zone (RPZ) add-on
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Zonas de pol=C3=ADtica de respuesta (RPZ)',
>>>>>>>> +'rpz apply' =3D> 'Aplicar',
>>>>>>>> +'rpz cl allow enable' =3D> 'Habilitar la lista blanca personalizada=
:',
>>>>>>>> +'rpz cl allow info' =3D> 'Dominio permitido (uno por l=C3=ADnea)<br=
>Ejemplo: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Lista blanca personalizada',
>>>>>>>> +'rpz cl block enable' =3D> 'Habilitar la lista negra personalizada:=
',
>>>>>>>> +'rpz cl block info' =3D> 'Dominio bloqueado (uno por l=C3=ADnea)<br=
>Ejemplo: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'Lista negra personalizada',
>>>>>>>> +'rpz cl' =3D> 'Lista personalizada',
>>>>>>>> +'rpz exitcode 101' =3D> 'El NOMBRE no es v=C3=A1lido',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf ha encontrado una config=
uraci=C3=B3n no v=C3=A1lida. Desde Terminal, ejecute el comando unbound-check=
conf para mayor informaci=C3=B3n',
>>>>>>>> +'rpz exitcode 103' =3D> 'La lista de permitidos/bloqueados est=C3=
=A1 vac=C3=ADa',
>>>>>>>> +'rpz exitcode 104' =3D> 'duplicado - NOMBRE ya existe',
>>>>>>>> +'rpz exitcode 105' =3D> 'la URL no es v=C3=A1lida',
>>>>>>>> +'rpz exitcode 106' =3D> 'no es posible eliminar el NOMBRE que no ex=
iste',
>>>>>>>> +'rpz exitcode 107' =3D> 'el NOMBRE no es v=C3=A1lido - s=C3=B3lo "p=
ermitir" o "bloquear"',
>>>>>>>> +'rpz exitcode 108' =3D> 'par=C3=A1metro faltante o incorrecto',
>>>>>>>> +'rpz exitcode 109' =3D> 'Error al recargar unbound-control',
>>>>>>>> +'rpz exitcode 110' =3D> 'la Lista blanca/Lista negra personalizada =
contiene entradas no v=C3=A1lidas',
>>>>>>>> +'rpz exitcode 201' =3D> 'el COMENTARIO no es v=C3=A1lido',
>>>>>>>> +'rpz exitcode 202' =3D> 'entrada no v=C3=A1lida en la lista blanca,=
 l=C3=ADnea ',
>>>>>>>> +'rpz exitcode 203' =3D> 'entrada no v=C3=A1lida en la lista negra, =
l=C3=ADnea ',
>>>>>>>> +'rpz exitcode 204' =3D> 'La entrada seleccionada no existe: ',
>>>>>>>> +'rpz zf editor' =3D> 'Editar la entrada de archivos de zona',
>>>>>>>> +'rpz zf imported' =3D> '(importado de rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'Los caracteres v=C3=A1lidos son a-z, A-Z=
, 0-9 y gui=C3=B3n bajo',
>>>>>>>> +'rpz zf' =3D> 'Archivos de zona',
>>>>>>>> +);
>>>>>>>> diff --git a/config/rpz/rpz.fr.pl b/config/rpz/rpz.fr.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..f35f3c2d0
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.fr.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0Added for Response Policy Zone (RPZ) add-on
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>> +'rpz apply' =3D> 'Appliquer',
>>>>>>>> +'rpz cl allow enable' =3D> 'Activer la liste d\'autorisations perso=
nnalis=C3=A9e:',
>>>>>>>> +'rpz cl allow info' =3D> 'Domaines autoris=C3=A9s (un par ligne)<br=
>Example: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Liste d\'autorisations personnalis=C3=A9e',
>>>>>>>> +'rpz cl block enable' =3D> 'Activer la liste de blocage personnalis=
=C3=A9e:',
>>>>>>>> +'rpz cl block info' =3D> 'Domaines bloqu=C3=A9s (un par ligne)<br>E=
xample: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'liste de blocage personnalis=C3=A9',
>>>>>>>> +'rpz cl' =3D> 'Listes personnalis=C3=A9es',
>>>>>>>> +'rpz exitcode 101' =3D> 'le NOM n\'est pas valide',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf configuration non valide=
 trouv=C3=A9e. Dans le terminal, ex=C3=A9cutez la commande unbound-checkconf =
pour plus d\'informations',
>>>>>>>> +'rpz exitcode 103' =3D> 'la liste autoriser/bloquer est vide',
>>>>>>>> +'rpz exitcode 104' =3D> 'le NOM existe d=C3=A9j=C3=A0',
>>>>>>>> +'rpz exitcode 105' =3D> 'L\'URL n\'est pas valide',
>>>>>>>> +'rpz exitcode 106' =3D> 'impossible de supprimer le NOM n\'existe p=
as',
>>>>>>>> +'rpz exitcode 107' =3D> 'le NOM n\'est pas valide - =C2=AB autorise=
r =C2=BB ou =C2=AB bloquer =C2=BB seulement',
>>>>>>>> +'rpz exitcode 108' =3D> 'param=C3=A8tre manquant ou incorrect',
>>>>>>>> +'rpz exitcode 109' =3D> 'unbound-control rechargement =C3=A9chou=C3=
=A9',
>>>>>>>> +'rpz exitcode 110' =3D> 'la liste autoriser/bloquer contient des en=
tr=C3=A9es non valides',
>>>>>>>> +'rpz exitcode 201' =3D> 'la REMARQUE n\'est pas valable',
>>>>>>>> +'rpz exitcode 202' =3D> 'entr=C3=A9e non valide dans la liste d\'au=
torisation, ligne ',
>>>>>>>> +'rpz exitcode 203' =3D> 'entr=C3=A9e non valide dans la liste de bl=
ocs, ligne ',
>>>>>>>> +'rpz exitcode 204' =3D> 'L\'entr=C3=A9e s=C3=A9lectionn=C3=A9e n\'e=
xiste pas: ',
>>>>>>>> +'rpz zf editor' =3D> 'Modifier l\'entr=C3=A9e Fichiers Zone',
>>>>>>>> +'rpz zf imported' =3D> '(import=C3=A9 de rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'Les caract=C3=A8res valides sont a-z, A-=
Z, 0-9 et soulignement.',
>>>>>>>> +'rpz zf' =3D> 'Fichiers Zone',
>>>>>>>> +);
>>>>>>>> diff --git a/config/rpz/rpz.it.pl b/config/rpz/rpz.it.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..ee81605c9
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.it.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0Added for Response Policy Zone (RPZ) add-on
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>> +'rpz apply' =3D> 'Applica',
>>>>>>>> +'rpz cl allow enable' =3D> 'Abilita la Whitelist personalizzata:',
>>>>>>>> +'rpz cl allow info' =3D> 'Domini consentiti (uno per riga)<br>Esemp=
io: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Whitelist personalizzata',
>>>>>>>> +'rpz cl block enable' =3D> 'Abilita la Blacklist personalizzata:',
>>>>>>>> +'rpz cl block info' =3D> 'Domini bloccati (uno per riga)<br>Esempio=
: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'Blacklist personalizzata',
>>>>>>>> +'rpz cl' =3D> 'Liste personalizzate',
>>>>>>>> +'rpz exitcode 101' =3D> 'il NOME non =C3=A8 valido',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf ha trovato una configura=
zione non valida. Dal Terminale esegui il comando unbound-checkconf per maggi=
ori informazioni',
>>>>>>>> +'rpz exitcode 103' =3D> 'l\'elenco consentiti/bloccati =C3=A8 vuoto=
',
>>>>>>>> +'rpz exitcode 104' =3D> 'duplicato - NAME esiste di gi=C3=A0',
>>>>>>>> +'rpz exitcode 105' =3D> 'l\'URL non =C3=A8 valido',
>>>>>>>> +'rpz exitcode 106' =3D> 'non =C3=A8 possibile rimuovere il NOME non=
 esiste',
>>>>>>>> +'rpz exitcode 107' =3D> 'il NOME non =C3=A8 valido - solo "consenti=
" o "blocca"',
>>>>>>>> +'rpz exitcode 108' =3D> 'parametro mancante o non corretto',
>>>>>>>> +'rpz exitcode 109' =3D> 'ricaricamento del controllo non associato =
non riuscito',
>>>>>>>> +'rpz exitcode 110' =3D> 'la Whitelist/Blacklist personalizzata cont=
iene voci non valide',
>>>>>>>> +'rpz exitcode 201' =3D> 'l"OSSERVAZIONE non =C3=A8 valida',
>>>>>>>> +'rpz exitcode 202' =3D> 'voce non valida nella Whitelist, riga ',
>>>>>>>> +'rpz exitcode 203' =3D> 'voce non valida nella Blacklist, riga ',
>>>>>>>> +'rpz exitcode 204' =3D> 'La voce selezionata non esiste: ',
>>>>>>>> +'rpz zf editor' =3D> 'Modifica la voce dei file di zona',
>>>>>>>> +'rpz zf imported' =3D> '(importato da rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'I caratteri validi sono a-z, A-Z, 0-9 e =
trattino basso',
>>>>>>>> +'rpz zf' =3D> 'Zonefiles',
>>>>>>>> +);
>>>>>>>> diff --git a/config/rpz/rpz.tr.pl b/config/rpz/rpz.tr.pl
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..00226e192
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/config/rpz/rpz.tr.pl
>>>>>>>> @@ -0,0 +1,30 @@
>>>>>>>> +# =C2=A0I=EF=BF=BDin eklendi Ayriyeten Response Policy Zone (RPZ)
>>>>>>>> +%tr =3D (%tr,
>>>>>>>> +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>> +'rpz apply' =3D> 'Uygulamak',
>>>>>>>> +'rpz cl allow enable' =3D> '=EF=BF=BDzel Etkinlestir allowlist:',
>>>>>>>> +'rpz cl allow info' =3D> 'Izin verilmis domains (satir basina bir)<=
br>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>> +'rpz cl allow' =3D> 'Etkinlestir allowlist',
>>>>>>>> +'rpz cl block enable' =3D> '=EF=BF=BDzel Etkinlestir blocklist:',
>>>>>>>> +'rpz cl block info' =3D> 'Engellenmis domains (satir basina bir)<br=
>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>> +'rpz cl block' =3D> 'Engellenmis blocklist',
>>>>>>>> +'rpz cl' =3D> 'Engellenmis lists',
>>>>>>>> +'rpz exitcode 101' =3D> 'NAME ge=EF=BF=BDerli degil',
>>>>>>>> +'rpz exitcode 102' =3D> 'unbound-checkconf ge=EF=BF=BDersiz yapilan=
dirma bulundu. Terminalde daha fazla bilgi i=EF=BF=BDin Unbound-checkConf kom=
utunu =EF=BF=BDalistirin',
>>>>>>>> +'rpz exitcode 103' =3D> 'allow/block liste bos',
>>>>>>>> +'rpz exitcode 104' =3D> 'kopyalamak - NAME zaten var',
>>>>>>>> +'rpz exitcode 105' =3D> 'URL ge=EF=BF=BDerli degil',
>>>>>>>> +'rpz exitcode 106' =3D> '=EF=BF=BDikarilamiyor NAME yok',
>>>>>>>> +'rpz exitcode 107' =3D> 'NAME ge=EF=BF=BDerli degil - "allow" veya =
"block" yalniz',
>>>>>>>> +'rpz exitcode 108' =3D> 'Parametre eksik veya yanlis',
>>>>>>>> +'rpz exitcode 109' =3D> 'unbound-control basarisiz',
>>>>>>>> +'rpz exitcode 110' =3D> 'Engellenmis Allowlist/Blocklist ge=EF=BF=
=BDersiz girisler i=EF=BF=BDerir',
>>>>>>>> +'rpz exitcode 201' =3D> 'REMARK ge=EF=BF=BDerli degil',
>>>>>>>> +'rpz exitcode 202' =3D> 'Ge=EF=BF=BDersiz giris allowlist, line ',
>>>>>>>> +'rpz exitcode 203' =3D> 'Ge=EF=BF=BDersiz giris blocklist, line ',
>>>>>>>> +'rpz exitcode 204' =3D> 'Se=EF=BF=BDilen giris yok: ',
>>>>>>>> +'rpz zf editor' =3D> 'yazimlamak zonefiles giris',
>>>>>>>> +'rpz zf imported' =3D> '(ithal edildi rpz-config)',
>>>>>>>> +'rpz zf remark info' =3D> 'Ge=EF=BF=BDerli karakterler a-z, A-Z, 0-=
9ve alt=EF=BF=BDst.',
>>>>>>>> +'rpz zf' =3D> 'Zonefiles',
>>>>>>>> +);
>>>>>>>> diff --git a/html/cgi-bin/rpz.cgi b/html/cgi-bin/rpz.cgi
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..a821c92ac
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/html/cgi-bin/rpz.cgi
>>>>>>>> @@ -0,0 +1,923 @@
>>>>>>>> +#!/usr/bin/perl
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# Copyright (C) 2005-2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.or=
g> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# This program is free software: you can redistribute it and/or mod=
ify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# it under the terms of the GNU General Public License as published=
 by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# the Free Software Foundation, either version 3 of the License, or=
 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# (at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# This program is distributed in the hope that it will be useful, =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0#
>>>>>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0See th=
e =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# GNU General Public License for more details. =C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# You should have received a copy of the GNU General Public License=
 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# along with this program. =C2=A0If not, see <http://www.gnu.org/li=
censes/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +use strict;
>>>>>>>> +use Scalar::Util qw(looks_like_number);
>>>>>>>> +
>>>>>>>> +# debugging
>>>>>>>> +#use warnings;
>>>>>>>> +#use CGI::Carp 'fatalsToBrowser';
>>>>>>>> +#use Data::Dumper;
>>>>>>>> +
>>>>>>>> +require '/var/ipfire/general-functions.pl';
>>>>>>>> +require "${General::swroot}/lang.pl";
>>>>>>>> +require "${General::swroot}/header.pl";
>>>>>>>> +
>>>>>>>> +###--- Extra HTML ---###
>>>>>>>> +my $extraHead =3D <<END
>>>>>>>> +<style>
>>>>>>>> + /* alternating row background */
>>>>>>>> + .tbl tr:nth-child(2n+2) {
>>>>>>>> + background-color: var(--color-light-grey);
>>>>>>>> + }
>>>>>>>> + .tbl tr:nth-child(2n+3) {
>>>>>>>> + background-color: var(--color-grey);
>>>>>>>> + }
>>>>>>>> + /* text styles */
>>>>>>>> + .tbl th:not(:last-child) {
>>>>>>>> + text-align: left;
>>>>>>>> + }
>>>>>>>> + div.right {
>>>>>>>> + text-align: right;
>>>>>>>> + margin-top: 0.5em;
>>>>>>>> + }
>>>>>>>> + /* customlist input */
>>>>>>>> + textarea.domainlist {
>>>>>>>> + margin: 0.5em 0;
>>>>>>>> + resize: vertical;
>>>>>>>> + min-height: 10em;
>>>>>>>> + overflow: auto;
>>>>>>>> + white-space: pre;
>>>>>>>> + }
>>>>>>>> + button[type=3Dsubmit]:disabled {
>>>>>>>> + opacity: 0.6;
>>>>>>>> + }
>>>>>>>> +</style>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> +###--- End of extra HTML ---###
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +### Settings ###
>>>>>>>> +
>>>>>>>> +# Request DNS service reload after configuration change
>>>>>>>> +my $RPZ_RELOAD_FLAG =3D "${General::swroot}/dns/rpz/reload.flag";
>>>>>>>> +
>>>>>>>> +# Configuration file for all available zonefiles
>>>>>>>> +# Format: index, name (unique), enabled (on/off), URL, remark
>>>>>>>> +my $ZONEFILES_CONF =3D "${General::swroot}/dns/rpz/zonefiles.conf";
>>>>>>>> +
>>>>>>>> +# Configuration file for custom lists
>>>>>>>> +# IDs: 0=3Dallowlist, 1=3Dblocklist, 2=3Doptions (allow/block enabl=
ed)
>>>>>>>> +my $CUSTOMLISTS_CONF =3D "${General::swroot}/dns/rpz/customlists.co=
nf";
>>>>>>>> +
>>>>>>>> +# Export custom lists to rpz-config
>>>>>>>> +my $RPZ_ALLOWLIST =3D "${General::swroot}/dns/rpz/allowlist";
>>>>>>>> +my $RPZ_BLOCKLIST =3D "${General::swroot}/dns/rpz/blocklist";
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +### Preparation ###
>>>>>>>> +
>>>>>>>> +# Create missing config files
>>>>>>>> +unless(-f $ZONEFILES_CONF) { &General::system('touch', "$ZONEFILES_=
CONF"); }
>>>>>>>> +unless(-f $CUSTOMLISTS_CONF) { &General::system('touch', "$CUSTOMLI=
STS_CONF"); }
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +## Global gui data
>>>>>>>> +my $errormessage =3D "";
>>>>>>>> +
>>>>>>>> +## Global configuration data
>>>>>>>> +my %zonefiles =3D ();
>>>>>>>> +my %customlists =3D ();
>>>>>>>> +&_zonefiles_load();
>>>>>>>> +&_customlists_load();
>>>>>>>> +
>>>>>>>> +## Global CGI form data
>>>>>>>> +my %cgiparams =3D ();
>>>>>>>> +&Header::getcgihash(\%cgiparams);
>>>>>>>> +
>>>>>>>> +my $action =3D $cgiparams{'ACTION'} // 'NONE';
>>>>>>>> +my $action_key =3D $cgiparams{'KEY'} // ''; # entry being edited, e=
mpty =3D none/new
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Process form actions ---###
>>>>>>>> +
>>>>>>>> +# Zonefiles action: Check whether the requested entry exists
>>>>>>>> +if((substr($action, 0, 3) eq 'ZF_') && ($action_key)) {
>>>>>>>> + unless(defined $zonefiles{$action_key}) {
>>>>>>>> + $errormessage =3D &_rpz_error_tr(204, $action_key);
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +## Perform actions
>>>>>>>> +if($action eq 'ZF_SAVE') { ## Save new or modified zonefiles entry
>>>>>>>> + if(&_action_zf_save()) {
>>>>>>>> + $action =3D 'NONE'; # success, return to main page
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + } else {
>>>>>>>> + $action =3D 'ZF_EDIT'; # error occured, keep editing
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +} elsif($action eq 'ZF_TOGGLE') { ## Toggle on/off
>>>>>>>> + if(&_action_zf_toggle()) {
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +} elsif($action eq 'ZF_REMOVE') { ## Remove entry
>>>>>>>> + if(&_action_zf_remove()) {
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +} elsif($action eq 'CL_SAVE') { ## Save custom lists
>>>>>>>> + if(&_action_cl_save()) {
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +} elsif($action eq 'RPZ_RELOAD') { ## Reload dns configuration
>>>>>>>> + if(&_action_rpz_reload()) {
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +} elsif($action eq 'UNB_RESTART') { ## Restart unbound service
>>>>>>>> + if(&_action_unb_restart()) {
>>>>>>>> + $action =3D 'NONE';
>>>>>>>> + &_http_prg_redirect();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Start GUI ---###
>>>>>>>> +
>>>>>>>> +## Start http output
>>>>>>>> +&Header::showhttpheaders();
>>>>>>>> +
>>>>>>>> +# Start HTML
>>>>>>>> +&Header::openpage($Lang::tr{'rpz'}, 1, $extraHead);
>>>>>>>> +&Header::openbigbox('100%', 'left', '');
>>>>>>>> +
>>>>>>>> +# Show error messages
>>>>>>>> +if($errormessage) {
>>>>>>>> + &_print_message($errormessage);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Handle zonefile add/edit mode
>>>>>>>> +if($action eq "ZF_EDIT") {
>>>>>>>> + &_print_zonefile_editor();
>>>>>>>> +
>>>>>>>> + # Finalize page and exit cleanly
>>>>>>>> + &Header::closebigbox();
>>>>>>>> + &Header::closepage();
>>>>>>>> + exit(0);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Show gui elements
>>>>>>>> +&_print_zonefiles();
>>>>>>>> +&_print_customlists();
>>>>>>>> +&_print_gui_extras();
>>>>>>>> +
>>>>>>>> +&Header::closebigbox();
>>>>>>>> +&Header::closepage();
>>>>>>>> +
>>>>>>>> +###--- End of GUI ---###
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Internal configuration file functions ---###
>>>>>>>> +
>>>>>>>> +# Load all available zonefiles from rpz-config and the internal con=
figuration
>>>>>>>> +sub _zonefiles_load {
>>>>>>>> + # Clean start
>>>>>>>> + %zonefiles =3D ();
>>>>>>>> +
>>>>>>>> + # Source 1: Get the currently enabled zonefiles from rpz-config (e=
xpected format [name]=3D[URL])
>>>>>>>> + my @enabled_files =3D &General::system_output('/usr/sbin/rpz-confi=
g', 'list');
>>>>>>>> +
>>>>>>>> + foreach my $row (@enabled_files) {
>>>>>>>> + chomp($row);
>>>>>>>> +
>>>>>>>> + # Use regex instead of split() to skip non-matching lines
>>>>>>>> + next unless($row =3D~ /^(\w+)=3D(.+)$/);
>>>>>>>> + my ($name, $url) =3D ($1, $2);
>>>>>>>> +
>>>>>>>> + # Unique names are already guaranteed by rpz-config
>>>>>>>> + if(&_rpz_validate_zonefile($name, $url, '', 0) =3D=3D 0) {
>>>>>>>> + # Populate global data hash, mark all found entries as enabled
>>>>>>>> + my %entry =3D ('enabled' =3D> 'on',
>>>>>>>> + 'url' =3D> $url,
>>>>>>>> + 'remark' =3D> $Lang::tr{'rpz zf imported'});
>>>>>>>> +
>>>>>>>> + $zonefiles{$name} =3D \%entry;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Source 2: Get additional data and disabled entries from configur=
ation file
>>>>>>>> + my %configured_files =3D ();
>>>>>>>> + &General::readhasharray($ZONEFILES_CONF, \%configured_files);
>>>>>>>> +
>>>>>>>> + foreach my $row (values (%configured_files)) {
>>>>>>>> + my ($name, $enabled, $url, $remark) =3D @$row;
>>>>>>>> + $remark //=3D "";
>>>>>>>> +
>>>>>>>> + next unless($name);
>>>>>>>> +
>>>>>>>> + # Check whether this row belongs to an entry already imported from=
 rpz-config
>>>>>>>> + if(defined $zonefiles{$name}) {
>>>>>>>> + # Existing entry, only merge additional data
>>>>>>>> + $zonefiles{$name}{'remark'} =3D $remark;
>>>>>>>> + } else {
>>>>>>>> + # Skip entry if it is marked as enabled but not found by rpz-confi=
g. It was then deleted manually
>>>>>>>> + if($enabled ne 'on') {
>>>>>>>> + # Populate global data hash
>>>>>>>> + my %entry =3D ('enabled' =3D> 'off',
>>>>>>>> + 'url' =3D> $url // "",
>>>>>>>> + 'remark' =3D> $remark);
>>>>>>>> +
>>>>>>>> + $zonefiles{$name} =3D \%entry;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Save internal zonefiles configuration
>>>>>>>> +sub _zonefiles_save_conf {
>>>>>>>> + my $index =3D 0;
>>>>>>>> + my %export =3D ();
>>>>>>>> +
>>>>>>>> + # Loop trough all zonefiles and create "hasharray" type export
>>>>>>>> + foreach my $name (keys %zonefiles) {
>>>>>>>> + my @entry =3D ($name,
>>>>>>>> + $zonefiles{$name}{'enabled'},
>>>>>>>> + $zonefiles{$name}{'url'},
>>>>>>>> + $zonefiles{$name}{'remark'});
>>>>>>>> +
>>>>>>>> + $export{$index++} =3D \@entry;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + &General::writehasharray($ZONEFILES_CONF, \%export);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Load custom lists from rpz-config and the internal configuration
>>>>>>>> +sub _customlists_load {
>>>>>>>> + # Clean start
>>>>>>>> + %customlists =3D ();
>>>>>>>> +
>>>>>>>> + # Load configuration file
>>>>>>>> + my %lists_conf =3D ();
>>>>>>>> + &General::readhasharray($CUSTOMLISTS_CONF, \%lists_conf);
>>>>>>>> +
>>>>>>>> + # Get list options, enabled by default to start import
>>>>>>>> + $customlists{'allow'}{'enabled'} =3D $lists_conf{2}[0] // 'on';
>>>>>>>> + $customlists{'block'}{'enabled'} =3D $lists_conf{2}[1] // 'on';
>>>>>>>> +
>>>>>>>> + # Import enabled list from rpz-config, otherwise retrieve stored o=
r empty list from configuration file
>>>>>>>> + if($customlists{'allow'}{'enabled'} eq 'on') {
>>>>>>>> + &_customlist_import('allow', $RPZ_ALLOWLIST);
>>>>>>>> + } else {
>>>>>>>> + $customlists{'allow'}{'list'} =3D $lists_conf{0} // [];
>>>>>>>> + }
>>>>>>>> + if($customlists{'block'}{'enabled'} eq 'on') {
>>>>>>>> + &_customlist_import('block', $RPZ_BLOCKLIST);
>>>>>>>> + } else {
>>>>>>>> + $customlists{'block'}{'list'} =3D $lists_conf{1} // [];
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Save internal custom lists configuration
>>>>>>>> +sub _customlists_save_conf {
>>>>>>>> + my %export =3D ();
>>>>>>>> +
>>>>>>>> + # Match IDs with import function
>>>>>>>> + $export{0} =3D $customlists{'allow'}{'list'};
>>>>>>>> + $export{1} =3D $customlists{'block'}{'list'};
>>>>>>>> + $export{2} =3D [$customlists{'allow'}{'enabled'}, $customlists{'bl=
ock'}{'enabled'}];
>>>>>>>> +
>>>>>>>> + &General::writehasharray($CUSTOMLISTS_CONF, \%export);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Import a custom list from plain file, returns empty list if file =
is missing
>>>>>>>> +sub _customlist_import {
>>>>>>>> + my ($listname, $filename) =3D @_;
>>>>>>>> + my @list =3D ();
>>>>>>>> +
>>>>>>>> + # File exists, load and check all lines
>>>>>>>> + if(-f $filename) {
>>>>>>>> + open(my $FH, '<', $filename) or die "Can't read $filename: $!";
>>>>>>>> + while(my $line =3D <$FH>) {
>>>>>>>> + chomp($line);
>>>>>>>> + push(@list, $line);
>>>>>>>> + }
>>>>>>>> + close($FH);
>>>>>>>> +
>>>>>>>> + # Clean up imported data
>>>>>>>> + &_rpz_validate_customlist(\@list, 1);
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + $customlists{$listname}{'list'} =3D \@list;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Export a custom list to plain file or clear file if list is disab=
led
>>>>>>>> +sub _customlist_export {
>>>>>>>> + my ($listname, $filename) =3D @_;
>>>>>>>> + return unless(defined $customlists{$listname});
>>>>>>>> +
>>>>>>>> + # Write enabled domain list to file, otherwise save empty file
>>>>>>>> + open(my $FH, '>', $filename) or die "Can't write $filename: $!";
>>>>>>>> +
>>>>>>>> + if($customlists{$listname}{'enabled'} eq 'on') {
>>>>>>>> + foreach my $line (@{$customlists{$listname}{'list'}}) {
>>>>>>>> + print $FH "$line\n";
>>>>>>>> + }
>>>>>>>> + } else {
>>>>>>>> + print $FH "; Note: This list is currently disabled by $ENV{'SCRIPT=
_NAME'}\n";
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + close($FH);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Internal gui functions ---###
>>>>>>>> +
>>>>>>>> +# Show simple message box
>>>>>>>> +sub _print_message {
>>>>>>>> + my ($message, $title) =3D @_;
>>>>>>>> + $title ||=3D $Lang::tr{'error messages'};
>>>>>>>> +
>>>>>>>> + &Header::openbox('100%', 'left', $title);
>>>>>>>> + print "<span>$message</span>";
>>>>>>>> + &Header::closebox();
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Show all zone files and related gui elements
>>>>>>>> +sub _print_zonefiles {
>>>>>>>> + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf'});
>>>>>>>> +
>>>>>>>> + print <<END
>>>>>>>> +<table class=3D"tbl" width=3D"100%">
>>>>>>>> + <tr>
>>>>>>>> + <th>$Lang::tr{'name'}</th>
>>>>>>>> + <th>URL</th>
>>>>>>>> + <th>$Lang::tr{'remark'}</th>
>>>>>>>> + <th colspan=3D"3">$Lang::tr{'action'}</th>
>>>>>>>> + </tr>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> +
>>>>>>>> + # Sort zonefiles by name and loop trough all entries
>>>>>>>> + foreach my $name (sort keys %zonefiles) {
>>>>>>>> +
>>>>>>>> + # Toggle button label translation
>>>>>>>> + my $toggle_tr =3D ($zonefiles{$name}{'enabled'} eq 'on') ? $Lang::=
tr{'click to disable'} : $Lang::tr{'click to enable'};
>>>>>>>> +
>>>>>>>> + print <<END
>>>>>>>> + <tr>
>>>>>>>> + <td>$name</td>
>>>>>>>> + <td>$zonefiles{$name}{'url'}</td>
>>>>>>>> + <td>$zonefiles{$name}{'remark'}</td>
>>>>>>>> +
>>>>>>>> + <td align=3D"center" width=3D"5%">
>>>>>>>> + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>> + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_TOGGLE">
>>>>>>>> + <input type=3D"image" src=3D"/images/$zonefiles{$name}{'enabled'}.=
gif" title=3D"$toggle_tr" alt=3D"$toggle_tr">
>>>>>>>> + </form>
>>>>>>>> + </td>
>>>>>>>> + <td align=3D"center" width=3D"5%">
>>>>>>>> + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>> + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_EDIT">
>>>>>>>> + <input type=3D"image" src=3D"/images/edit.gif" title=3D"$Lang::tr{=
'edit'}" alt=3D"$Lang::tr{'edit'}">
>>>>>>>> + </form>
>>>>>>>> + </td>
>>>>>>>> + <td align=3D"center" width=3D"5%">
>>>>>>>> + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>> + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_REMOVE">
>>>>>>>> + <input type=3D"image" src=3D"/images/delete.gif" title=3D"$Lang::t=
r{'remove'}" alt=3D"$Lang::tr{'remove'}">
>>>>>>>> + </form>
>>>>>>>> + </td>
>>>>>>>> + </tr>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Disable reload button if not needed
>>>>>>>> + my $reload_state =3D &_rpz_needs_reload() ? "" : " disabled";
>>>>>>>> +
>>>>>>>> + print <<END
>>>>>>>> +</table>
>>>>>>>> +
>>>>>>>> +<div class=3D"right">
>>>>>>>> + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> + <input type=3D"hidden" name=3D"KEY" value=3D"">
>>>>>>>> + <button type=3D"submit" name=3D"ACTION" value=3D"ZF_EDIT">$Lang::t=
r{'add'}</button>
>>>>>>>> + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_RELOAD" class=
=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>> + </form>
>>>>>>>> +</div>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> +
>>>>>>>> + &Header::closebox();
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Show zonefiles entry editor
>>>>>>>> +sub _print_zonefile_editor {
>>>>>>>> +
>>>>>>>> + # Key specified: Edit existing entry
>>>>>>>> + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>> + # Load data to be edited, but don't override already present value=
s (allows user to edit after error)
>>>>>>>> + $cgiparams{'ZF_NAME'} //=3D $action_key;
>>>>>>>> + $cgiparams{'ZF_URL'} //=3D $zonefiles{$action_key}{'url'};
>>>>>>>> + $cgiparams{'ZF_REMARK'} //=3D $zonefiles{$action_key}{'remark'};
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Fallback to empty form
>>>>>>>> + $cgiparams{'ZF_NAME'} //=3D "";
>>>>>>>> + $cgiparams{'ZF_URL'} //=3D "";
>>>>>>>> + $cgiparams{'ZF_REMARK'} //=3D "";
>>>>>>>> +
>>>>>>>> + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf editor'});
>>>>>>>> +
>>>>>>>> + print <<END
>>>>>>>> +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> +<input type=3D"hidden" name=3D"KEY" value=3D"$action_key">
>>>>>>>> +<table width=3D"100%">
>>>>>>>> + <tr>
>>>>>>>> + <td width=3D"20%">$Lang::tr{'name'}:&nbsp;<img src=3D"/blob.gif" a=
lt=3D"*"></td>
>>>>>>>> + <td><input type=3D"text" name=3D"ZF_NAME" value=3D"$cgiparams{'ZF_=
NAME'}" size=3D"40" maxlength=3D"32" title=3D"$Lang::tr{'rpz zf remark info'}=
" pattern=3D"[a-zA-Z0-9_]{1,32}" required></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td width=3D"20%">URL:&nbsp;<img src=3D"/blob.gif" alt=3D"*"></td>
>>>>>>>> + <td><input type=3D"url" name=3D"ZF_URL" value=3D"$cgiparams{'ZF_UR=
L'}" size=3D"40" maxlength=3D"128" required></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td width=3D"20%">$Lang::tr{'remark'}:</td>
>>>>>>>> + <td><input type=3D"text" name=3D"ZF_REMARK" value=3D"$cgiparams{'Z=
F_REMARK'}" size=3D"40" maxlength=3D"32"></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td colspan=3D"2"><hr></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td width=3D"55%"><img src=3D"/blob.gif" alt=3D"*">&nbsp;$Lang::tr=
{'required field'}</td>
>>>>>>>> + <td align=3D"right"><button type=3D"submit" name=3D"ACTION" value=
=3D"ZF_SAVE">$Lang::tr{'save'}</button></td>
>>>>>>>> + </tr>
>>>>>>>> +</table>
>>>>>>>> +</form>
>>>>>>>> +
>>>>>>>> +<div class=3D"right">
>>>>>>>> + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> + <button type=3D"submit" name=3D"ACTION" value=3D"NONE">$Lang::tr{'=
back'}</button>
>>>>>>>> + </form>
>>>>>>>> +</div>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> +
>>>>>>>> + &Header::closebox();
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Show custom allow/block files and related gui elements
>>>>>>>> +sub _print_customlists {
>>>>>>>> +
>>>>>>>> + # Load lists from config, unless they are currently being edited
>>>>>>>> + if($action ne 'CL_SAVE') {
>>>>>>>> + $cgiparams{'ALLOW_LIST'} =3D join("\n", @{$customlists{'allow'}{'l=
ist'}});
>>>>>>>> + $cgiparams{'BLOCK_LIST'} =3D join("\n", @{$customlists{'block'}{'l=
ist'}});
>>>>>>>> +
>>>>>>>> + $cgiparams{'ALLOW_ENABLED'} =3D ($customlists{'allow'}{'enabled'} =
eq 'on') ? 'on' : undef;
>>>>>>>> + $cgiparams{'BLOCK_ENABLED'} =3D ($customlists{'block'}{'enabled'} =
eq 'on') ? 'on' : undef;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Fallback to empty form
>>>>>>>> + $cgiparams{'ALLOW_LIST'} //=3D "";
>>>>>>>> + $cgiparams{'BLOCK_LIST'} //=3D "";
>>>>>>>> +
>>>>>>>> + # HTML checkboxes, unchecked =3D no or undef value in POST data
>>>>>>>> + my %checked =3D ();
>>>>>>>> + $checked{'ALLOW_ENABLED'} =3D (defined $cgiparams{'ALLOW_ENABLED'}=
) ? " checked" : "";
>>>>>>>> + $checked{'BLOCK_ENABLED'} =3D (defined $cgiparams{'BLOCK_ENABLED'}=
) ? " checked" : "";
>>>>>>>> +
>>>>>>>> + # Disable reload button if not needed
>>>>>>>> + my $reload_state =3D &_rpz_needs_reload() ? "" : " disabled";
>>>>>>>> +
>>>>>>>> + &Header::openbox('100%', 'left', $Lang::tr{'rpz cl'});
>>>>>>>> +
>>>>>>>> + print <<END
>>>>>>>> +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>> +<table width=3D"100%">
>>>>>>>> + <tr>
>>>>>>>> + <td colspan=3D"2"><b>$Lang::tr{'rpz cl allow'}</b><br>$Lang::tr{'r=
pz cl allow info'}</td>
>>>>>>>> + <td colspan=3D"2"><b>$Lang::tr{'rpz cl block'}</b><br>$Lang::tr{'r=
pz cl block info'}</td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td colspan=3D"2"><textarea name=3D"ALLOW_LIST" class=3D"domainlis=
t" cols=3D"45">
>>>>>>>> +$cgiparams{'ALLOW_LIST'}</textarea></td>
>>>>>>>> + <td colspan=3D"2"><textarea name=3D"BLOCK_LIST" class=3D"domainlis=
t" cols=3D"45">
>>>>>>>> +$cgiparams{'BLOCK_LIST'}</textarea></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td><label for=3D"allow_enabled">$Lang::tr{'rpz cl allow enable'}<=
/label></td>
>>>>>>>> + <td width=3D"15%"><input type=3D"checkbox" name=3D"ALLOW_ENABLED" =
id=3D"allow_enabled"$checked{'ALLOW_ENABLED'}></td>
>>>>>>>> + <td><label for=3D"block_enabled">$Lang::tr{'rpz cl block enable'}<=
/label></td>
>>>>>>>> + <td width=3D"15%"><input type=3D"checkbox" name=3D"BLOCK_ENABLED" =
id=3D"block_enabled"$checked{'BLOCK_ENABLED'}></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td colspan=3D"4"><hr></td>
>>>>>>>> + </tr>
>>>>>>>> + <tr>
>>>>>>>> + <td align=3D"right" colspan=3D"4">
>>>>>>>> + <button type=3D"submit" name=3D"ACTION" value=3D"CL_SAVE">$Lang::t=
r{'save'}</button>
>>>>>>>> + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_RELOAD" class=
=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>> + </td>
>>>>>>>> +</table>
>>>>>>>> +</form>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> +
>>>>>>>> + &Header::closebox();
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Output javascript and extra gui elements
>>>>>>>> +sub _print_gui_extras {
>>>>>>>> +
>>>>>>>> + # Apply/Restart button modifier key handler
>>>>>>>> + if(&_rpz_needs_reload()) {
>>>>>>>> + print <<END
>>>>>>>> +<script>
>>>>>>>> + // Commit modifier key handler
>>>>>>>> + (function(jq, document) {
>>>>>>>> + var keyEventsOn =3D false; // Keyboard events attached
>>>>>>>> + var keyModify =3D false; // Modifier key pressed
>>>>>>>> + var mouseHover =3D false; // Mouse over commit button
>>>>>>>> + var btnModified =3D false; // Button modified to "Restart"
>>>>>>>> +
>>>>>>>> + // Document-level key events, enable only while cursor is over but=
ton
>>>>>>>> + function attachKeyEvents() {
>>>>>>>> + if(keyEventsOn) {
>>>>>>>> + return;
>>>>>>>> + }
>>>>>>>> + keyEventsOn =3D true;
>>>>>>>> +
>>>>>>>> + jq(document).on("keydown.rpz", function(event) {
>>>>>>>> + if((!keyModify) && event.shiftKey) {
>>>>>>>> + keyModify =3D true;
>>>>>>>> + handleModify();
>>>>>>>> + }
>>>>>>>> + });
>>>>>>>> + jq(document).on("keyup.rpz", function(event) {
>>>>>>>> + if(keyModify && (!event.shiftKey)) {
>>>>>>>> + keyModify =3D false;
>>>>>>>> + handleModify();
>>>>>>>> + }
>>>>>>>> + });
>>>>>>>> + }
>>>>>>>> + function removeKeyEvents() {
>>>>>>>> + keyModify =3D false;
>>>>>>>> + if(keyEventsOn) {
>>>>>>>> + jq(document).off("keydown.rpz keyup.rpz");
>>>>>>>> + keyEventsOn =3D false;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + // Attach mouse hover events to commit buttons
>>>>>>>> + function attachMouseEvents() {
>>>>>>>> + jq("button.commit").on("mouseenter", function(event) {
>>>>>>>> + if(!mouseHover) {
>>>>>>>> + mouseHover =3D true;
>>>>>>>> + attachKeyEvents();
>>>>>>>> + // Handle already pressed key
>>>>>>>> + keyModify =3D !!(event.shiftKey);
>>>>>>>> + handleModify();
>>>>>>>> + }
>>>>>>>> + });
>>>>>>>> +
>>>>>>>> + // Cursor moved away: Disable key listener to minimize events
>>>>>>>> + jq("button.commit").on("mouseleave", function() {
>>>>>>>> + if(mouseHover) {
>>>>>>>> + mouseHover =3D false;
>>>>>>>> + removeKeyEvents();
>>>>>>>> + handleModify();
>>>>>>>> + }
>>>>>>>> + });
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + // Modify commit button
>>>>>>>> + function handleModify() {
>>>>>>>> + let modify =3D mouseHover && keyModify;
>>>>>>>> + if(btnModified !=3D modify) {
>>>>>>>> + if(modify) {
>>>>>>>> + jq("button.commit").text("$Lang::tr{'restart'}").val("UNB_RESTART"=
);
>>>>>>>> + } else {
>>>>>>>> + jq("button.commit").text("$Lang::tr{'rpz apply'}").val("RPZ_RELOAD=
");
>>>>>>>> + }
>>>>>>>> + btnModified =3D modify;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + // jQuery DOM ready
>>>>>>>> + jq(function() {
>>>>>>>> + attachMouseEvents();
>>>>>>>> + });
>>>>>>>> + })(jQuery, document);
>>>>>>>> +</script>
>>>>>>>> +END
>>>>>>>> +;
>>>>>>>> + } # End of modifier key handler
>>>>>>>> +
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Internal action processing functions ---###
>>>>>>>> +
>>>>>>>> +# Toggle zonefile on/off
>>>>>>>> +sub _action_zf_toggle {
>>>>>>>> + return unless(defined $zonefiles{$action_key});
>>>>>>>> +
>>>>>>>> + my $result =3D 0;
>>>>>>>> + my $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>> +
>>>>>>>> + # Perform toggle action
>>>>>>>> + if($enabled eq 'on') {
>>>>>>>> + $enabled =3D 'off';
>>>>>>>> + $result =3D &General::system('/usr/sbin/rpz-config', 'remove', $ac=
tion_key, '--no-reload');
>>>>>>>> + } else {
>>>>>>>> + $enabled =3D 'on';
>>>>>>>> + $result =3D &General::system('/usr/sbin/rpz-config', 'add', $actio=
n_key, $zonefiles{$action_key}{'url'}, '--no-reload');
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Check for errors, request service reload on success
>>>>>>>> + return unless &_rpz_check_result($result, 1);
>>>>>>>> +
>>>>>>>> + # Save changes
>>>>>>>> + $zonefiles{$action_key}{'enabled'} =3D $enabled;
>>>>>>>> + &_zonefiles_save_conf();
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Remove zonefile
>>>>>>>> +sub _action_zf_remove {
>>>>>>>> + return unless(defined $zonefiles{$action_key});
>>>>>>>> +
>>>>>>>> + # Remove from rpz-config if currently active
>>>>>>>> + if($zonefiles{$action_key}{'enabled'} eq 'on') {
>>>>>>>> + my $result =3D &General::system('/usr/sbin/rpz-config', 'remove', =
$action_key, '--no-reload');
>>>>>>>> +
>>>>>>>> + # Check for errors, request service reload on success
>>>>>>>> + return unless &_rpz_check_result($result, 1);
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Remove from data hash and save changes
>>>>>>>> + delete $zonefiles{$action_key};
>>>>>>>> + &_zonefiles_save_conf();
>>>>>>>> +
>>>>>>>> + # Clear action_key, as the entry is now removed entirely
>>>>>>>> + $action_key =3D "";
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Create or update zonefile entry
>>>>>>>> +# Returns undef if gui needs to stay in editor mode
>>>>>>>> +sub _action_zf_save {
>>>>>>>> + my $result =3D 0;
>>>>>>>> +
>>>>>>>> + my $name =3D $cgiparams{'ZF_NAME'} // "";
>>>>>>>> + my $url =3D $cgiparams{'ZF_URL'} // "";
>>>>>>>> + my $remark =3D $cgiparams{'ZF_REMARK'} // "";
>>>>>>>> + my $enabled =3D 'on'; # Enable new entries by default
>>>>>>>> +
>>>>>>>> + # Note on variables:
>>>>>>>> + # name =3D unique key, will be used to address the entry
>>>>>>>> + # action_key =3D name of the entry being edited, empty for new ent=
ry
>>>>>>>> +
>>>>>>>> + # Only check for unique name if it changed
>>>>>>>> + # (this also checks new entries because the action_key is empty in=
 this case)
>>>>>>>> + $result =3D &_rpz_validate_zonefile($name, $url, $remark, (lc($nam=
e) ne lc($action_key)));
>>>>>>>> + return unless &_rpz_check_result($result, 0);
>>>>>>>> +
>>>>>>>> + # Edit existing entry: Determine what was changed
>>>>>>>> + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>> + # Name und URL remain unchanged, only save remark and finish
>>>>>>>> + if(($name eq $action_key) && ($url eq $zonefiles{$action_key}{'url=
'})) {
>>>>>>>> + $zonefiles{$action_key}{'remark'} =3D $remark;
>>>>>>>> + &_zonefiles_save_conf();
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Entry was changed and needs to be recreated, preserve status
>>>>>>>> + $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>> +
>>>>>>>> + # Remove from rpz-config
>>>>>>>> + return unless &_action_zf_remove();
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Add new entry to rpz-config
>>>>>>>> + if($enabled eq 'on') {
>>>>>>>> + $result =3D &General::system('/usr/sbin/rpz-config', 'add', $name,=
 $url, '--no-reload');
>>>>>>>> +
>>>>>>>> + # Check for errors, request service reload on success
>>>>>>>> + return unless &_rpz_check_result($result, 1);
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Add to global data hash and save changes
>>>>>>>> + my %entry =3D ('enabled' =3D> $enabled,
>>>>>>>> + 'url' =3D> $url,
>>>>>>>> + 'remark' =3D> $remark);
>>>>>>>> +
>>>>>>>> + $zonefiles{$name} =3D \%entry;
>>>>>>>> + &_zonefiles_save_conf();
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Save custom lists
>>>>>>>> +sub _action_cl_save {
>>>>>>>> + return unless((defined $cgiparams{'ALLOW_LIST'}) && (defined $cgip=
arams{'BLOCK_LIST'}));
>>>>>>>> +
>>>>>>>> + my $result =3D 0;
>>>>>>>> +
>>>>>>>> + my @allowlist =3D split(/\R/, $cgiparams{'ALLOW_LIST'});
>>>>>>>> + my @blocklist =3D split(/\R/, $cgiparams{'BLOCK_LIST'});
>>>>>>>> +
>>>>>>>> + # Validate lists
>>>>>>>> + $result =3D &_rpz_validate_customlist(\@allowlist);
>>>>>>>> + if($result !=3D 0) {
>>>>>>>> + $errormessage =3D &_rpz_error_tr(202, $result);
>>>>>>>> + return;
>>>>>>>> + }
>>>>>>>> + $result =3D &_rpz_validate_customlist(\@blocklist);
>>>>>>>> + if($result !=3D 0) {
>>>>>>>> + $errormessage =3D &_rpz_error_tr(203, $result);
>>>>>>>> + return;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Add to global data hash and save changes
>>>>>>>> + $customlists{'allow'}{'list'} =3D \@allowlist;
>>>>>>>> + $customlists{'block'}{'list'} =3D \@blocklist;
>>>>>>>> + $customlists{'allow'}{'enabled'} =3D (defined $cgiparams{'ALLOW_EN=
ABLED'}) ? 'on' : 'off';
>>>>>>>> + $customlists{'block'}{'enabled'} =3D (defined $cgiparams{'BLOCK_EN=
ABLED'}) ? 'on' : 'off';
>>>>>>>> +
>>>>>>>> + &_customlists_save_conf();
>>>>>>>> + &_customlist_export('allow', $RPZ_ALLOWLIST);
>>>>>>>> + &_customlist_export('block', $RPZ_BLOCKLIST);
>>>>>>>> +
>>>>>>>> + # Make new lists, request service reload on success
>>>>>>>> + $result =3D &General::system('/usr/sbin/rpz-make', 'allowblock', '=
--no-reload');
>>>>>>>> + return unless &_rpz_check_result($result, 1);
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Trigger rpz-config reload
>>>>>>>> +sub _action_rpz_reload {
>>>>>>>> + return 1 unless &_rpz_needs_reload();
>>>>>>>> +
>>>>>>>> + # Immediately clear flag to prevent multiple reloads
>>>>>>>> + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOAD_FLAG: $!=
";
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Perform reload, recreate reload flag on error to enable retry
>>>>>>>> + my $result =3D &General::system('/usr/sbin/rpz-config', 'reload');
>>>>>>>> + if(not &_rpz_check_result($result, 0)) {
>>>>>>>> + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>> + return;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Trigger unbound restart
>>>>>>>> +sub _action_unb_restart {
>>>>>>>> + return 1 unless &_rpz_needs_reload();
>>>>>>>> +
>>>>>>>> + # Immediately clear flag to prevent multiple restarts
>>>>>>>> + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOAD_FLAG: $!=
";
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Perform restart, unboundctrl always exits zero
>>>>>>>> + &General::system('/usr/local/bin/unboundctrl', 'restart');
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Internal rpz-config functions ---###
>>>>>>>> +
>>>>>>>> +# Translate rpz-config exitcodes and messages
>>>>>>>> +# 100-199: rpz-config, 200-299: webgui
>>>>>>>> +sub _rpz_error_tr {
>>>>>>>> + my ($error, $append) =3D @_;
>>>>>>>> + $append //=3D '';
>>>>>>>> +
>>>>>>>> + # Translate numeric exit codes
>>>>>>>> + if(looks_like_number($error)) {
>>>>>>>> + if(defined $Lang::tr{"rpz exitcode $error"}) {
>>>>>>>> + $error =3D $Lang::tr{"rpz exitcode $error"};
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return "RPZ $Lang::tr{'error'}: $error" . &Header::escape($append);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Check result of rpz-config system call, request reload on success
>>>>>>>> +sub _rpz_check_result {
>>>>>>>> + my ($result, $request_reload) =3D @_;
>>>>>>>> + $request_reload //=3D 0;
>>>>>>>> +
>>>>>>>> + # exitcode 0 =3D success
>>>>>>>> + if($result !=3D 0) {
>>>>>>>> + $errormessage =3D &_rpz_error_tr($result);
>>>>>>>> + return;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Set reload flag
>>>>>>>> + if($request_reload) {
>>>>>>>> + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return 1;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Test whether reload flag is set
>>>>>>>> +sub _rpz_needs_reload {
>>>>>>>> + return (-f $RPZ_RELOAD_FLAG);
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Validate a zonefile entry, returns rpz-config exitcode on failure=
. Use _rpz_check_result to verify.
>>>>>>>> +# unique =3D check for unique name
>>>>>>>> +sub _rpz_validate_zonefile {
>>>>>>>> + my ($name, $url, $remark, $unique) =3D @_;
>>>>>>>> + $unique //=3D 1;
>>>>>>>> +
>>>>>>>> + unless($name =3D~ /^[a-zA-Z0-9_]{1,32}$/) {
>>>>>>>> + return 101;
>>>>>>>> + }
>>>>>>>> + unless($url =3D~ /^[\w+\.:;\/\\&@#%?=3D\-~|!]{1,128}$/) {
>>>>>>>> + return 105;
>>>>>>>> + }
>>>>>>>> + unless($remark =3D~ /^[\w \-()\.:;*\/\\?!&=3D]{0,32}$/) {
>>>>>>>> + return 201;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Check against already existing names
>>>>>>>> + if($unique) {
>>>>>>>> + foreach my $existing (keys %zonefiles) {
>>>>>>>> + if(lc($name) eq lc($existing)) {
>>>>>>>> + return 104;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return 0;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +# Validate a custom list, returns number of rejected line on failur=
e. Check for non-zero results.
>>>>>>>> +# listref =3D array reference, cleanup =3D remove invalid entries i=
nstead of returning an error
>>>>>>>> +sub _rpz_validate_customlist {
>>>>>>>> + my ($listref, $cleanup) =3D @_;
>>>>>>>> + $cleanup //=3D 0;
>>>>>>>> +
>>>>>>>> + foreach my $index (reverse 0..$#{$listref}) {
>>>>>>>> + my $row =3D @$listref[$index];
>>>>>>>> + next unless($row); # Skip/allow empty lines
>>>>>>>> +
>>>>>>>> + # Reject/remove everything besides wildcard domains and remarks
>>>>>>>> + if((not &General::validwildcarddomainname($row)) && (not $row =3D~=
 /^;[\w \-()\.:;*\/\\?!&=3D]*$/)) {
>>>>>>>> + unless($cleanup) {
>>>>>>>> + # +1 for user friendly line number and to ensure non-zero exitcode
>>>>>>>> + return $index + 1;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + # Remove current row
>>>>>>>> + splice(@$listref, $index, 1);
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return 0;
>>>>>>>> +}
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +###--- Internal misc functions ---###
>>>>>>>> +
>>>>>>>> +# Send HTTP 303 redirect headers for post/request/get pattern
>>>>>>>> +# (Must be sent before calling &Header::showhttpheaders())
>>>>>>>> +sub _http_prg_redirect {
>>>>>>>> + my $location =3D "https://$ENV{'SERVER_NAME'}:$ENV{'SERVER_PORT'}$=
ENV{'SCRIPT_NAME'}";
>>>>>>>> + print "Status: 303 See Other\n";
>>>>>>>> + print "Location: $location\n";
>>>>>>>> +}
>>>>>>>> diff --git a/lfs/rpz b/lfs/rpz
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..7ddbc38e5
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/lfs/rpz
>>>>>>>> @@ -0,0 +1,96 @@
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.org> =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# This program is free software: you can redistribute it and/or mod=
ify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# it under the terms of the GNU General Public License as published=
 by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# the Free Software Foundation, either version 3 of the License, or=
 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# (at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# This program is distributed in the hope that it will be useful, =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of =
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0#
>>>>>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0See th=
e =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# GNU General Public License for more details. =C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# You should have received a copy of the GNU General Public License=
 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# along with this program. =C2=A0If not, see <http://www.gnu.org/li=
censes/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0Definitions
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +include Config
>>>>>>>> +
>>>>>>>> +SUMMARY =C2=A0=C2=A0=C2=A0=3D response policy zone - RPZ reputation=
 system for unbound DNS
>>>>>>>> +
>>>>>>>> +VER =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D 1.0.0
>>>>>>>> +
>>>>>>>> +THISAPP =C2=A0=C2=A0=C2=A0=3D rpz-$(VER)
>>>>>>>> +DIR_APP =C2=A0=C2=A0=C2=A0=3D $(DIR_SRC)/$(THISAPP)
>>>>>>>> +TARGET =C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_INFO)/$(THISAPP)
>>>>>>>> +
>>>>>>>> +PROG =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D rpz
>>>>>>>> +PAK_VER =C2=A0=C2=A0=C2=A0=3D 18
>>>>>>>> +
>>>>>>>> +DEPS =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D
>>>>>>>> +
>>>>>>>> +SERVICES =C2=A0=C2=A0=3D
>>>>>>>> +
>>>>>>>> +###################################################################=
############
>>>>>>>> +# Top-level Rules
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +install : $(TARGET)
>>>>>>>> +
>>>>>>>> +check :
>>>>>>>> +
>>>>>>>> +download :
>>>>>>>> +
>>>>>>>> +b2 :
>>>>>>>> +
>>>>>>>> +dist:
>>>>>>>> + @$(PAK)
>>>>>>>> +
>>>>>>>> +###################################################################=
############
>>>>>>>> +# Installation Details
>>>>>>>> +###################################################################=
############
>>>>>>>> +
>>>>>>>> +$(TARGET) :
>>>>>>>> + @$(PREBUILD)
>>>>>>>> + @rm -rf $(DIR_APP)
>>>>>>>> +
>>>>>>>> + # =C2=A0RPZ scripts
>>>>>>>> + install --verbose --mode=3D755 \
>>>>>>>> + =C2=A0$(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-sleep,rpz-make,r=
pz-functions} \
>>>>>>>> + =C2=A0--target-directory=3D/usr/sbin
>>>>>>>> +
>>>>>>>> + # =C2=A0RPZ config files
>>>>>>>> + mkdir -pv /etc/unbound/local.d
>>>>>>>> + install --verbose --mode=3D644 --owner=3Dnobody --group=3Dnobody \
>>>>>>>> + =C2=A0$(DIR_CONF)/rpz/00-rpz.conf \
>>>>>>>> + =C2=A0--target-directory=3D/etc/unbound/local.d
>>>>>>>> + chown --verbose --recursive nobody:nobody /etc/unbound/local.d
>>>>>>>> +
>>>>>>>> + # =C2=A0RPZ custom list files for allow and block
>>>>>>>> + mkdir -pv /var/ipfire/dns/rpz
>>>>>>>> + touch /var/ipfire/dns/rpz/{allowlist,blocklist}
>>>>>>>> + chown --verbose --recursive nobody:nobody /var/ipfire/dns/rpz
>>>>>>>> +
>>>>>>>> + # =C2=A0RPZ zone files
>>>>>>>> + # =C2=A0=C2=A0create empty RPZ config file to avoid a unbound conf=
ig error
>>>>>>>> + mkdir -pv /etc/unbound/zonefiles
>>>>>>>> + touch /etc/unbound/zonefiles/allow.rpz
>>>>>>>> + chown --verbose --recursive nobody:nobody /etc/unbound/zonefiles
>>>>>>>> +
>>>>>>>> + # Install addon-specific language-files
>>>>>>>> + install --verbose --mode=3D004 $(DIR_CONF)/rpz/rpz.*.pl \
>>>>>>>> + =C2=A0--target-directory=3D/var/ipfire/addon-lang
>>>>>>>> +
>>>>>>>> + # Install backup definition
>>>>>>>> + cp -vf $(DIR_CONF)/backup/includes/rpz /var/ipfire/backup/addons/i=
ncludes/rpz
>>>>>>>> +
>>>>>>>> + @rm -rf $(DIR_APP)
>>>>>>>> + @$(POSTBUILD)
>>>>>>>> diff --git a/make.sh b/make.sh
>>>>>>>> index 827ea9e77..a77535b13 100755
>>>>>>>> --- a/make.sh
>>>>>>>> +++ b/make.sh
>>>>>>>> @@ -390,7 +390,7 @@ prepareenv() {
>>>>>>>> if [ "${free_space}" -lt "${required_space}" ]; then
>>>>>>>> # Add any consumed space
>>>>>>>> while read -r consumed_space path; do
>>>>>>>> - (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>> + (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>> done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DIR}" "$=
{LOG_DIR}" 2>/dev/null)"
>>>>>>>> fi
>>>>>>>>
>>>>>>>> @@ -2087,6 +2087,7 @@ build_system() {
>>>>>>>> lfsmake2 btrfs-progs
>>>>>>>> lfsmake2 inotify-tools
>>>>>>>> lfsmake2 grub-btrfs
>>>>>>>> + lfsmake2 rpz
>>>>>>>>
>>>>>>>> lfsmake2 linux
>>>>>>>> lfsmake2 rtl8812au
>>>>>>>> diff --git a/src/paks/rpz/install.sh b/src/paks/rpz/install.sh
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..ef99bf742
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/src/paks/rpz/install.sh
>>>>>>>> @@ -0,0 +1,36 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +#
>>>>>>>> +. /opt/pakfire/lib/functions.sh
>>>>>>>> +extract_files
>>>>>>>> +restore_backup ${NAME}
>>>>>>>> +
>>>>>>>> +# fix user created files
>>>>>>>> +chown --verbose --recursive nobody:nobody \
>>>>>>>> + /var/ipfire/dns/rpz =C2=A0=C2=A0=C2=A0\
>>>>>>>> + /etc/unbound/zonefiles \
>>>>>>>> + /etc/unbound/local.d
>>>>>>>> +
>>>>>>>> +# Update Language cache
>>>>>>>> +/usr/local/bin/update-lang-cache
>>>>>>>> +
>>>>>>>> +# =C2=A0restart unbound to load config file
>>>>>>>> +/etc/init.d/unbound restart
>>>>>>>> diff --git a/src/paks/rpz/uninstall.sh b/src/paks/rpz/uninstall.sh
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..e11427df3
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/src/paks/rpz/uninstall.sh
>>>>>>>> @@ -0,0 +1,38 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +#
>>>>>>>> +. /opt/pakfire/lib/functions.sh
>>>>>>>> +
>>>>>>>> +# =C2=A0stop unbound to delete RPZ conf file
>>>>>>>> +/etc/init.d/unbound stop
>>>>>>>> +
>>>>>>>> +make_backup ${NAME}
>>>>>>>> +remove_files
>>>>>>>> +
>>>>>>>> +# =C2=A0delete rpz config files. =C2=A0Otherwise unbound will throw=
 error:
>>>>>>>> +# =C2=A0=C2=A0=C2=A0"[1723428668] unbound-control[17117:0] error: c=
onnect: Connection refused for 127.0.0.1 port 8953"
>>>>>>>> +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>> +
>>>>>>>> +# Update Language cache
>>>>>>>> +/usr/local/bin/update-lang-cache
>>>>>>>> +
>>>>>>>> +# =C2=A0start unbound to load unbound config file
>>>>>>>> +/etc/init.d/unbound start
>>>>>>>> diff --git a/src/paks/rpz/update.sh b/src/paks/rpz/update.sh
>>>>>>>> new file mode 100644
>>>>>>>> index 000000000..9bc340bc6
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/src/paks/rpz/update.sh
>>>>>>>> @@ -0,0 +1,52 @@
>>>>>>>> +#!/bin/bash
>>>>>>>> +###################################################################=
############
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0IPFire.org - A linux based firewall =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0Copyright (C) 2024 =C2=A0IPFire Team =C2=A0<info(a)ipfire.o=
rg> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is free software: you can redistribute it and/=
or modify =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0it under the terms of the GNU General Public License as pub=
lished by =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0the Free Software Foundation, either version 3 of the Licen=
se, or =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0(at your option) any later version. =C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0This program is distributed in the hope that it will be use=
ful, =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0but WITHOUT ANY WARRANTY; without even the implied warranty=
 of =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =C2=A0=
See the =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0#
>>>>>>>> +# =C2=A0GNU General Public License for more details. =C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0You should have received a copy of the GNU General Public L=
icense =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0along with this program. =C2=A0If not, see <http://www.gnu.=
org/licenses/>. =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
>>>>>>>> +# =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0#
>>>>>>>> +###################################################################=
############
>>>>>>>> +#
>>>>>>>> +. /opt/pakfire/lib/functions.sh
>>>>>>>> +
>>>>>>>> +# =C2=A0from update.sh
>>>>>>>> +extract_backup_includes
>>>>>>>> +
>>>>>>>> +# =C2=A0stop unbound to delete RPZ conf file
>>>>>>>> +/etc/init.d/unbound stop
>>>>>>>> +
>>>>>>>> +# =C2=A0from uninstall.sh
>>>>>>>> +make_backup ${NAME}
>>>>>>>> +remove_files
>>>>>>>> +
>>>>>>>> +# =C2=A0delete rpz config files. =C2=A0Otherwise unbound will throw=
 error:
>>>>>>>> +# =C2=A0=C2=A0=C2=A0"unbound-control[nn:0] error: connect: Connecti=
on refused for 127.0.0.1 port 8953"
>>>>>>>> +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>> +
>>>>>>>> +# =C2=A0from install.sh
>>>>>>>> +extract_files
>>>>>>>> +restore_backup ${NAME}
>>>>>>>> +
>>>>>>>> +# fix user created files
>>>>>>>> +chown --verbose --recursive nobody:nobody \
>>>>>>>> + /var/ipfire/dns/rpz =C2=A0=C2=A0=C2=A0\
>>>>>>>> + /etc/unbound/zonefiles \
>>>>>>>> + /etc/unbound/local.d
>>>>>>>> +
>>>>>>>> +# Update Language cache
>>>>>>>> +/usr/local/bin/update-lang-cache
>>>>>>>> +
>>>>>>>> +# =C2=A0restart unbound to load config files
>>>>>>>> +/etc/init.d/unbound start
>>>>>>>> --=20
>>>>>>>> 2.39.5
>>>>>>>>
>>>>>> Jon
>>>>>>
>>>>>>
>>>>>> --=20
>>>>>> Jon Murphy
>>>>>> jon.murphy(a)ipfire.org
>>>>
>>>> Jon
>>>>
>>>>
>>>> --=20
>>>> Jon Murphy
>>>> jon.murphy(a)ipfire.org
>>>>
>>>>
>>>>
>>>>
>>
>> --=20
>> Sent from my laptop
>>
>=20
> Jon
>=20
>=20
> --=20
> Jon Murphy
> jon.murphy(a)ipfire.org
>=20
>=20
>=20
>=20


--===============5809979014392693809==--