Hello, > On 2 Jun 2021, at 20:37, Peter Müller wrote: > > This patch removes translations, directives in LFS files, and ALG shared > object files which all became orphaned after we disabled ALGs due to NAT > Slipstreaming vulnerability in Core Update 155. > > Signed-off-by: Peter Müller > --- > config/rootfiles/common/conntrack-tools | 18 +++++++++--------- > config/rootfiles/core/158/update.sh | 1 + > langs/de/cgi-bin/de.pl | 1 - > langs/en/cgi-bin/en.pl | 1 - > langs/fr/cgi-bin/fr.pl | 1 - > langs/tr/cgi-bin/tr.pl | 1 - > lfs/configroot | 5 ----- > 7 files changed, 10 insertions(+), 18 deletions(-) > > diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/common/conntrack-tools > index 27161b1fb..b6632ec07 100644 > --- a/config/rootfiles/common/conntrack-tools > +++ b/config/rootfiles/common/conntrack-tools > @@ -1,24 +1,24 @@ > #usr/lib/conntrack-tools > #usr/lib/conntrack-tools/ct_helper_amanda.la > -usr/lib/conntrack-tools/ct_helper_amanda.so > +#usr/lib/conntrack-tools/ct_helper_amanda.so > #usr/lib/conntrack-tools/ct_helper_dhcpv6.la > #usr/lib/conntrack-tools/ct_helper_dhcpv6.so > #usr/lib/conntrack-tools/ct_helper_ftp.la > -usr/lib/conntrack-tools/ct_helper_ftp.so > +#usr/lib/conntrack-tools/ct_helper_ftp.so > #usr/lib/conntrack-tools/ct_helper_mdns.la > -usr/lib/conntrack-tools/ct_helper_mdns.so > +#usr/lib/conntrack-tools/ct_helper_mdns.so > #usr/lib/conntrack-tools/ct_helper_rpc.la > -usr/lib/conntrack-tools/ct_helper_rpc.so > +#usr/lib/conntrack-tools/ct_helper_rpc.so > #usr/lib/conntrack-tools/ct_helper_sane.la > -usr/lib/conntrack-tools/ct_helper_sane.so > +#usr/lib/conntrack-tools/ct_helper_sane.so > #usr/lib/conntrack-tools/ct_helper_slp.la > -usr/lib/conntrack-tools/ct_helper_slp.so > +#usr/lib/conntrack-tools/ct_helper_slp.so > #usr/lib/conntrack-tools/ct_helper_ssdp.la > -usr/lib/conntrack-tools/ct_helper_ssdp.so > +#usr/lib/conntrack-tools/ct_helper_ssdp.so > #usr/lib/conntrack-tools/ct_helper_tftp.la > -usr/lib/conntrack-tools/ct_helper_tftp.so > +#usr/lib/conntrack-tools/ct_helper_tftp.so > #usr/lib/conntrack-tools/ct_helper_tns.la > -usr/lib/conntrack-tools/ct_helper_tns.so > +#usr/lib/conntrack-tools/ct_helper_tns.so I believe that these have a different job than those in the kernel. However, I have merged the whole patch and we will see what is happening. There is a lot of outdated stuff in there as well (sane, Amanda, …) and I do not believe anyone will miss this. Best, -Michael > usr/sbin/conntrack > usr/sbin/conntrackd > usr/sbin/nfct > diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/158/update.sh > index 68fe116a9..2568ea836 100644 > --- a/config/rootfiles/core/158/update.sh > +++ b/config/rootfiles/core/158/update.sh > @@ -36,6 +36,7 @@ rm -vrf \ > /etc/rc.d/init.d/upnpd \ > /etc/rc.d/init.d/networking/red.down/10-miniupnpd \ > /etc/rc.d/init.d/networking/red.up/10-miniupnpd \ > + /usr/lib/conntrack-tools \ > /usr/lib/libixml.so.* \ > /usr/lib/libupnp.so.* \ > /var/ipfire/upnp > diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl > index 95af3155b..0bc579cd2 100644 > --- a/langs/de/cgi-bin/de.pl > +++ b/langs/de/cgi-bin/de.pl > @@ -437,7 +437,6 @@ > 'alt vpn' => 'VPNs', > 'and' => 'Und', > 'apcupsd' => 'APC-UPS Status', > -'application layer gateways' => 'Application-Layer-Gateways', > 'apply' => 'Jetzt anwenden', > 'april' => 'April', > 'archive not exist' => 'Konfigurationsarchiv existiert nicht', > diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl > index d86705772..1c69b3798 100644 > --- a/langs/en/cgi-bin/en.pl > +++ b/langs/en/cgi-bin/en.pl > @@ -436,7 +436,6 @@ > 'and' => 'And', > 'ansi t1.483' => 'TO BE REMOVED', > 'apcupsd' => 'APC-UPS status', > -'application layer gateways' => 'Application Layer Gateways', > 'apply' => 'Apply now', > 'april' => 'April', > 'archive not exist' => 'Configuration archive does not exist', > diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl > index 301109477..7cabaccde 100644 > --- a/langs/fr/cgi-bin/fr.pl > +++ b/langs/fr/cgi-bin/fr.pl > @@ -442,7 +442,6 @@ > 'alt vpn' => 'VPNs', > 'and' => 'Et', > 'apcupsd' => 'Statut UPS-APC', > -'application layer gateways' => 'Passerelles de couche d\'application', > 'apply' => 'Appliquer maintenant', > 'april' => 'Avril', > 'archive not exist' => 'L\'archive de configuration n\'existe pas', > diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl > index 36c4782d6..e02320a58 100644 > --- a/langs/tr/cgi-bin/tr.pl > +++ b/langs/tr/cgi-bin/tr.pl > @@ -424,7 +424,6 @@ > 'and' => 've', > 'ansi t1.483' => 'KALDIRILACAK', > 'apcupsd' => 'APC-UPS durumu', > -'application layer gateways' => 'Uygulama Katmanı Ağ Geçitleri', > 'apply' => 'Şimdi uygula', > 'april' => 'Nisan', > 'archive not exist' => 'Yapılandırma arşivi yok', > diff --git a/lfs/configroot b/lfs/configroot > index 02b2883ba..c528bd6d9 100644 > --- a/lfs/configroot > +++ b/lfs/configroot > @@ -138,11 +138,6 @@ $(TARGET) : > cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort > cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file > > - # Add conntrack helper default settings > - for proto in AMANDA FTP H323 IRC PPTP SIP TFTP; do \ > - echo "CONNTRACK_$${proto}=off" >> $(CONFIG_ROOT)/optionsfw/settings; \ > - done > - > # set converters executable > chmod 755 /usr/sbin/convert-* > > -- > 2.26.2