From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-116-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZLY9232S5z3356
	for <archive@lists.ipfire.org>; Mon, 24 Mar 2025 00:00:38 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZLY8x4d7Sz30ZL
	for <development@lists.ipfire.org>; Mon, 24 Mar 2025 00:00:33 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZLY8v343zz5gn;
	Mon, 24 Mar 2025 00:00:31 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1742774432;
	h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:  references:references;
	bh=vz3Gk+XNKFps7cOfyNbdqGm0il3yrTVN2YJoJIdpY2k=;
	b=9z2japS9vCIAr3JwJRk8r2X9Q0lnORKvCUCRsA9BHJuNJxVyqf5I5SwaLLFdpDwsN+1ZeO
	jANrdCFA86yXF0Bw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1742774432; h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:  references:references;
	bh=vz3Gk+XNKFps7cOfyNbdqGm0il3yrTVN2YJoJIdpY2k=;
	b=Peyq9j4qw2BvX6zviu2vpTAaSMLlmTnTg4a3SRcJWurg7ViDO6o7OkqoyaHuIrefNoqCCd
	e8nT70ZZgbSq9CCBxWq9nVTssvz6OKPAG2Bd3XfGjs9Y1fLSw1uzPUT5JR/3LWUkDVS4XS
	hVV/UAQd2C6U724GIiPybk+kod2RHiMKY457dOcEqZSQRx1y2J/7j3f2veQQInYsir3w1i
	wBQxqwu78llfWBYlqtnISJXukl8fFyOtScmKCQUygu4TSZt7MbIH+e+YYXXYm+4i3GlhGu
	3jCWYiUYVZh9e9S0KhnmtuVMNfAN/an99lZABHXUjnSP/IeWb1ZtYeOrIZFMew==
From: "Jon Murphy" <jon.murphy@ipfire.org>
To: "Michael Tremer" <michael.tremer@ipfire.org>
Subject: Re[2]: [PATCH] RPZ: update code to include WEBGUI and additional languages
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Date: Mon, 24 Mar 2025 00:00:27 +0000
Message-Id: <em3ba7826f-2bff-4c2c-bf92-b540b8864013@78ba6e0b.com>
In-Reply-To: <89101199-33D1-40AC-8CCE-DD97583129F2@ipfire.org>
References: <20250206163522.2363178-1-jon.murphy@ipfire.org>
 <A0568469-68D8-4C26-9154-E9961F4AAA60@ipfire.org>
 <ED243073-E39A-47BA-BBF0-728A13C439BF@ipfire.org>
 <FEF2E201-5067-429B-A829-A472354FF615@ipfire.org>
 <C28A0D7E-6C16-4F6F-9366-A8498F40631E@ipfire.org>
 <8b594873-86ca-46b9-bb4b-94fd6b0239b1@ipfire.org>
 <A1492735-FF13-4F2B-8F5B-0800FB1D669F@ipfire.org>
 <d970c80d-2c13-4f71-9b0f-356a0f3013c6@ipfire.org>
 <9A0DBDA4-75B0-40D2-AE06-78D9BA5EE7D3@ipfire.org>
 <afcb2a99-1281-43e3-bd3d-d915024683f6@ipfire.org>
 <89101199-33D1-40AC-8CCE-DD97583129F2@ipfire.org>
Reply-To: "Jon Murphy" <jon.murphy@ipfire.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------=_MB18E374EA-1FEF-47A9-B684-97CC26104E9A"

--------=_MB18E374EA-1FEF-47A9-B684-97CC26104E9A
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Michael,

FYI - I was wrong Unbound RPZ is _not_ watching the serial number, it is=20
watching the "refresh", the number after the serial number.


I understand that you don=E2=80=99t speak C, but you got the information fr=
om somewhere. Documentation maybe? Since that is out of date very often I l=
ike to consult the code.
>From testing.  Downloading rpz files using rpz unbound, and watching=20
what happens.  If the rpz file is setup for "once per day" refresh, then=20
it only downloads one time.



However that won=E2=80=99t solve our problem . . . and having no cache.
In `/etc/unbound/tuning.conf` there is `rrset-cache-size: 128m`.  Are you r=
eferring to a different cache.


Maybe we need to implement both?

Yes.  There are very few AXFR list (I think only four were found).  And=20
many more HTTPS rpz files.



Jon


------ Original Message ------
>From "Michael Tremer" <michael.tremer@ipfire.org>
To "Jon Murphy" <jon.murphy@ipfire.org>
Cc "IPFire: Development-List" <development@lists.ipfire.org>
Date 3/20/2025 11:26:43=E2=80=AFAM
Subject Re: [PATCH] RPZ: update code to include WEBGUI and additional=20
languages

>Hello Jon,
>
>Please don=E2=80=99t forget to Cc the list...
>
>>  On 19 Mar 2025, at 18:27, Jon Murphy <jon.murphy@ipfire.org> wrote:
>>
>>  Michael,
>>
>>>  Where in the code is this implemented? I cannot find anything like thi=
s:
>>
>>  Keep in mind I am not a "C" person.  Maybe in this section?:
>>
>>  https://git.ipfire.org/?p=3Dthirdparty/unbound.git;a=3Dblob;f=3Dservice=
s/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e678652396615b1b7d#l5875
>
>This where the AXFR response is being handled when doing a DNS zone transf=
er. This code is not being called when performing a HTTP download.
>
>I understand that you don=E2=80=99t speak C, but you got the information f=
rom somewhere. Documentation maybe? Since that is out of date very often I=
 like to consult the code.
>
>>  =E2=80=94
>>
>>  When I was just learning about RPZ I created a separate RPZ file for te=
sting.  When I changed the SOA line with a new serial number, the RPZ file=
 download would happen in about 5 minutes.
>>
>>  https://people.ipfire.org/~jon/sblack-adhoc.rpz
>
>It might well be that the file is not being reloaded if the download match=
es the content that unbound already has. That would of course save some res=
ources.
>
>However that won=E2=80=99t solve our problem with redundant downloads and=
 having no cache.
>
>>  That is how I found out the SOA line is watched for a serial number cha=
nge.
>>
>>  I=E2=80=99ll reconfirm my findings.
>>
>>
>>>>>  The second reason is that we have a lot of firewalls out there. Not=
 all of them will enable this feature and all of the lists, but even if it i=
s a good chunk, we will generate terabytes of traffic which put load on the =
infrastructure and will cost money. It simply is not what we want to do, r=
egardless of self-hosting those lists and pulling them from somewhere else.
>>
>>  So I understand, are you thinking of hosting RPZ AXFR (DNS zone transfe=
r) on IPFire infrastructure?
>
>No, I don=E2=80=99t think that we can generally do this. The biggest probl=
em is licensing as we cannot take anyones content and host it ourselves. We =
would re-distribute those lists and that will only work with permission of =
the publishers. I assume that would be too much work to actually get some=
 useful content out there. We might limit ourselves to only those lists that =
are under a very permissive license. Nobody wants that.
>
>>From a technical point of view, DNS over TCP might not be very nice in ter=
ms of forging the transfer and so we would need TLS as well=E2=80=A6 It sho=
uld work, but even if we would be able to encourage other people to publish =
their lists I doubt they would implement DNS over TLS for authoritative DN=
S. That standard is in very early stages as well.
>
>As far as I can see, those vendors who offer a list as a commercial produc=
t are using DNS to distribute it (e.g. Spamhaus). Those people who have mad=
e this all a hobby are throwing the lists onto GitHub and let them handle t=
he traffic.
>
>Maybe we need to implement both?
>
>-Michael
>
>>  Jon
>>
>>
>>
>>  On 3/19/25 5:35 AM, Michael Tremer wrote:
>>>  Hello Jon,
>>>
>>>  Where in the code is this implemented? I cannot find anything like thi=
s:
>>>
>>>  Unbound loads the entire file into memory and then starts parsing it.=
 The only special treatment there is is to check whether the first line is a =
valid zone entry. It does not even have to be a SOA record.
>>>
>>>    https://git.ipfire.org/?p=3Dthirdparty/unbound.git;a=3Dblob;f=3Dserv=
ices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e678652396615b1b7d#l1188
>>>
>>>  I am also concerned that Unbound will not be able to support an upstre=
am proxy for any downloads. The caching situation is also unclear for me, s=
o I believe that we will be looking at writing a custom downloader that imp=
lements all these things.
>>>
>>>  -Michael
>>>
>>>>  On 19 Mar 2025, at 02:58, Jon Murphy <jon.murphy@ipfire.org> wrote:
>>>>
>>>>  Michael,
>>>>
>>>>>  The emphasis is on the repeated downloads of the same list. That is
>>>>  =E2=80=8B> what cannot happen.
>>>>
>>>>  The Unbound RPZ code, as installed within IPFire, watches for a chang=
e
>>>>  =E2=80=8Bin the SOA line of each RPZ file.  This is an example of the =
first few
>>>>  =E2=80=8Blines for every RPZ file.
>>>>
>>>>      $TTL 300
>>>>      @ SOA localhost. root.localhost. 1742298960 43200 3600 86400 300
>>>>        NS  localhost.
>>>>      ;
>>>>      ; Title: HaGeZi's Pop-Up Ads DNS Blocklist
>>>>      ; Description: Blocks annoying and malicious pop-up ads.
>>>>
>>>>  If the SOA serial number changes (e.g. the 1742298960), then Unbound=
 RPZ
>>>>  =E2=80=8Bcode does its thing and downloads. Otherwise there is no dow=
nload.
>>>>
>>>>>  So there has to be a way to ensure that we won=E2=80=99t download a=
 list again
>>>>  =E2=80=8B> unless it has actually changed.
>>>>
>>>>  This should do what you want but I may be missing your point.
>>>>
>>>>>  DNS has a builtin functionality called AXFR. It simply does the job
>>>>  =E2=80=8B> for you. I was just wondering whether that was not being u=
sed.
>>>>
>>>>  I need to read about AXFR/IXFR and learn a little more.
>>>>
>>>>  Jon
>>>>
>>>>  On 3/17/25 5:35 AM, Michael Tremer wrote:
>>>>>  Good Morning Jon,
>>>>>
>>>>>>  On 16 Mar 2025, at 17:00, Jon Murphy <jon.murphy@ipfire.org> wrote:
>>>>>>
>>>>>>  Michael,
>>>>>>
>>>>>>  I was reading through you response again an I want to understand th=
is post:
>>>>>>
>>>>>>>  I have also stated that we cannot download any lists over HTTPS ag=
ain and again and again. The implementation that we have here seems to exac=
tly do that and therefore I think that my feedback has been dismissed entir=
ely.
>>>>>>  So if RPZ doesn't use HTTPS, what is it using?  I am missing a key=
 point here.
>>>>>  The emphasis is on the repeated downloads of the same list. That is=
 what cannot happen.
>>>>>
>>>>>  Although it might not affect a lot of people in our general user-bas=
e, there are some that have a metered connection and will pay for data by v=
olume. Some of the lists I looked at are just under 20 MiB. Therefore we ne=
ed to keep any traffic down to a minimum. The second reason is that we have =
a lot of firewalls out there. Not all of them will enable this feature and =
all of the lists, but even if it is a good chunk, we will generate terabyt=
es of traffic which put load on the infrastructure and will cost money. It=
 simply is not what we want to do, regardless of self-hosting those lists an=
d pulling them from somewhere else.
>>>>>
>>>>>  So there has to be a way to ensure that we won=E2=80=99t download a=
 list again unless it has actually changed.
>>>>>
>>>>>  DNS has a builtin functionality called AXFR. It simply does the job=
 for you. I was just wondering whether that was not being used.
>>>>>
>>>>>  HTTPS is an option because that is simply what we use elsewhere, but =
extra functionality will have to be built for it.
>>>>>
>>>>>  -Michael
>>>>>
>>>>>>  Jon
>>>>>>
>>>>>>
>>>>>>  On 2/13/25 3:34 PM, jon wrote:
>>>>>>>  Michael,
>>>>>>>
>>>>>>>  I=E2=80=99ve read through your comments a few times and I ended up =
with many more questions.
>>>>>>>
>>>>>>>
>>>>>>>>  What I rather mean is that it has never been added as a topic on=
 the agenda and it has not been pitched by yourself.
>>>>>>>  To me the efforts to get new code accepted seem to have changed an=
d it seemed easier in the past.  In the past I made the Core Team aware via =
the Dev Mailing List and wrote a simple two or three paragraphs of "What i=
s it? / What is the value? / Here is the code"
>>>>>>>
>>>>>>>
>>>>>>>  So in an effort to move forward:  How exactly is something present=
ed to the Core Team?
>>>>>>>
>>>>>>>  Is there an example of a recent effort that was presented that I c=
an see as a sample?  (This type of info can also be added to the Wiki)
>>>>>>>
>>>>>>>  I understand you want it this way, but I don=E2=80=99t know what e=
xactly is needed.   Please be specific.
>>>>>>>
>>>>>>>
>>>>>>>  Jon
>>>>>>>
>>>>>>>  PS - I am not ignoring your other comments, I am just trying to mo=
ve forward and keep things simple.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>  On Feb 8, 2025, at 1:27=E2=80=AFPM, Michael Tremer <michael.treme=
r@ipfire.org> wrote:
>>>>>>>>
>>>>>>>>  Hello Jon,
>>>>>>>>
>>>>>>>>  Thanks for your reply. And good that you are copying everyone int=
o this conversation.
>>>>>>>>
>>>>>>>>>  On 8 Feb 2025, at 18:41, jon <jon.murphy@ipfire.org> wrote:
>>>>>>>>>
>>>>>>>>>  Michael,
>>>>>>>>>
>>>>>>>>>>  I think I have covered this all at lengths before that this pro=
ject has been started as a separate effort
>>>>>>>>>  Yes, this has been a separate effort (a very public separate eff=
ort).  Yes, as you pointed this out early on with the "proof-of-concept" an=
d then my request for people to help test RPZ.  Nothing was hidden.
>>>>>>>>>
>>>>>>>>>  This was done because you (and maybe others) did not have the ti=
me and I wanted to help and because I needed assistance with RPZ.  I tried=
 my best to do this without bothering you.
>>>>>>>>  I don=E2=80=99t that it is accurate that nobody wanted to help on =
this. The list was always open - although not every email has been replied =
to swiftly it is also your responsibility to raise a question again if it=
 was missed. People here have open ears.
>>>>>>>>
>>>>>>>>  It was also stated on this very list on in our documentation that =
working on something without involving the core team is a risky undertakin=
g. Of course IPFire is free software and so everyone is free to fork if the=
y wish to do so.
>>>>>>>>
>>>>>>>>>>  and as far as I am aware none of the other team members has bee=
n involved. This has not been discussed either on this list, on our calls.
>>>>>>>>>  You were aware many steps along the way.  See your email on July =
28, 2024, August 15, 2024, September 30, 2024, December 23, 2024, and Janu=
ary 16.  My attempts to get the team involved were met with "things are bus=
y" and sometimes silence.  (Yes, I get it, people are busy.)
>>>>>>>>>
>>>>>>>>>  You and Adolf, Leo, Erik and Bernhard have been aware since the=
 beginning.  You mention you were aware of the "proof-of-concept".  If you i=
nclude those beginning posts, since Sep 2023.
>>>>>>>>  Yes, I am aware of a proof-of-concept that I have been running my=
self for a long time. I am also aware of the efforts that you have been tak=
ing.
>>>>>>>>
>>>>>>>>  Yet I don=E2=80=99t think there has ever been any joint effort, o=
r am I seeing that wrong?
>>>>>>>>
>>>>>>>>>>  This has not been discussed . . . on our calls.
>>>>>>>>>  On the July 28th you stated:
>>>>>>>>>  "We have talked about RPZ many times on the monthly call since t=
he URL filter feature is falling more and more out of fashion. I think ther=
e is also many posts about this on the forum."
>>>>>>>>>
>>>>>>>>>  Please don=E2=80=99t insult me again by stating "you know what I =
mean".
>>>>>>>>>
>>>>>>>>>  And it has been discussed but not documented in the Monthly Meet=
ing notes.
>>>>>>>>  I am not at all insulting you. I don=E2=80=99t want to take this=
 down to a personal level at all. This is a public mailing list and people w=
ho read this don=E2=80=99t need to listen to an argument we are having. The=
y are here for the tech inside IPFire.
>>>>>>>>
>>>>>>>>  When I wrote that it has not been discussed that does not mean th=
at we have not been touching on the topic. We have been talking about lots=
 of things on the calls, the weather, politics, how our pets are. None of th=
at makes it to the logs. What I rather mean is that it has never been added =
as a topic on the agenda and it has not been pitched by yourself.
>>>>>>>>
>>>>>>>>>>  Instead there has been a separate conversation on the forum wit=
h the occasional dip here to the list. But that was not a regular two-way c=
onversation.
>>>>>>>>>  Regular conversation on the Dev Mailing list is many times met w=
ith silence.  I get it, people are busy.
>>>>>>>>>
>>>>>>>>>  And regular two-way conversation doesn=E2=80=99t happen on the l=
ist.  At least not with me.  I=E2=80=99d be happy to point out the posts th=
at were met with silence.
>>>>>>>>>  Again, I get it, people are busy.
>>>>>>>>  And you think my emails are not being met with silence? This has=
 nothing to do with this specific topic. This has something to do with how o=
ccupied people are and how engaged they are on certain topics. Not everyone =
is involved in all the things and simply will ignore emails simply based o=
n their subject line.
>>>>>>>>
>>>>>>>>>  But the "dip here to the list" were my attempts to get a convers=
ation started.  As I said, many time met with silence.
>>>>>>>>>
>>>>>>>>>  The only place I was not met with silence was on the Community.  =
You have a great group of people in the Community.  It is a shame you don=
=E2=80=99t want to have others help.  It would reduce your workload.
>>>>>>>>  You should stop making statements that are not true. Who doesn=E2=
=80=99t want anyone to help?
>>>>>>>>
>>>>>>>>  Not having this conversation on a Saturday evening would reduce m=
y workload. At least it would free up time for something else. Helping with =
the things that are already on the go would reduce the workload of the ent=
ire team. Starting one thing at a time and finishing it is a lot better to=
 manage than starting a hundred things and not even finish one. I can tell y=
ou that I already have a hundred things on the go.
>>>>>>>>
>>>>>>>>>>  Therefore, what am I supposed to do with this email?
>>>>>>>>>  To me it is beyond obvious=E2=80=A6
>>>>>>>>>
>>>>>>>>>  If it isn=E2=80=99t what you want, then guide me with how to do=
 this the correct way.  And be specific.  I am trying to help.  I am trying=
 to make things better. I am trying to do things the right way.
>>>>>>>>  To me it isn=E2=80=99t. This is yet another project that has been =
dumped to the list like so many before and later on everyone has left to h=
ave the team deal with the rest.
>>>>>>>>
>>>>>>>>  It is a huge patch set. You explained what the vision is, but tha=
t is about it. There is no chance this will continue if this disagreement i=
sn=E2=80=99t solved first. I didn=E2=80=99t even look at the code.
>>>>>>>>
>>>>>>>>>>  I don=E2=80=99t want to merge code that I don=E2=80=99t agree w=
ith.
>>>>>>>>>  I asked multiple times if you "agreed with the concept" and agai=
n, met with silence. Yes I get it, people are busy.
>>>>>>>>  Having support for RPZ? Yes, it was definitely on the roadmap. Th=
at I agree with.
>>>>>>>>
>>>>>>>>>>  So many fundamental things that I have been raising have either =
not been discussed or outright dismissed.
>>>>>>>>>  You mentioned this a in the past, but for some reason you do not =
disclose what I dismissed.  Why do you continue to make this harder, would=
n=E2=80=99t it not be easier to tell me what I have dismissed?
>>>>>>>>>
>>>>>>>>>  I have sent multiple emails trying to answer your concerns and c=
omments.  On July 28, Aug 14, Aug 22, Aug 23, Sep 30, etc.
>>>>>>>>>
>>>>>>>>>  I=E2=80=99ve gone through all of the questions you asked and I c=
annot find a "dismissed" item.
>>>>>>>>  Maybe I need to be *more clear*. I feel humoured by this.
>>>>>>>>
>>>>>>>>  It is late on a Saturday and I want my dinner soon, but certainly =
I have stated that this should never be an add-on considering it is suppos=
ed to replace URL Filter. We should never allow people to add their own sou=
rces. I have also stated that we cannot download any lists over HTTPS again =
and again and again. The implementation that we have here seems to exactly =
do that and therefore I think that my feedback has been dismissed entirely=
.
>>>>>>>>
>>>>>>>>>>  I don=E2=80=99t want to merge code that has no future inside IP=
Fire as there is no constructive conversation with the maintainers of it.
>>>>>>>>>  The maintainers of Unbound and/or RPZ?
>>>>>>>>>
>>>>>>>>>  The maintainers of Hagezi list, the threatfox list, the urlhaus=
 list, etc.?
>>>>>>>>>
>>>>>>>>>  What else?  The maintainers or the RPZ scripts?  That is me.  Le=
t=E2=80=99s talk!
>>>>>>>>  You. I don=E2=80=99t care much about the providers of the lists.
>>>>>>>>
>>>>>>>>>  See, this is where it gets confusing.  There are hundreds of ope=
n source packages as part of IPFire.  Pick the last five years of items add=
ed to the IPFire build.  You're telling me you have "constructive conversat=
ion with the maintainers" of all of the added packages?
>>>>>>>>  They publish their software and they don=E2=80=99t care whether I =
am pulling it or not. They publish it with the commitment to maintain it - =
sometimes for better and sometimes for worse.
>>>>>>>>
>>>>>>>>  You care about me pulling your code and I don=E2=80=99t know whet=
her you would commit to maintain this.
>>>>>>>>
>>>>>>>>  These two are very different cases.
>>>>>>>>
>>>>>>>>>  Pick the IP Blocklists list (i.e., 3CORESEC, ABUSECH, DSHIELD, S=
PAMHAUS, etc.)  or the Suricata lists (i.e.,Emergingthreats.net <http://eme=
rgingthreats.net/>,Abuse.ch <http://abuse.ch/>, etc.).  So you=E2=80=99ve h=
ave "constructive conversation with the maintainers"?
>>>>>>>>  Yes, occasionally I have phone calls with a few of these provider=
s.
>>>>>>>>
>>>>>>>>>>  Having been trying for a long time to make you aware of this, n=
othing of this should come as a surprise.
>>>>>>>>>  Ha!  Yes a surprise.  In the beginning you seemed interested as=
 IPFire needed a replacement for URL Filter.  You asked good questions about =
the lists picked, asked for the value to the users, etc.  And I answered t=
he best I could.
>>>>>>>>>
>>>>>>>>>  You even asked: =E2=80=9CWhy is this realised as an add-on and n=
ot part of the core system?=E2=80=9D from your Jul 28, 2024 email.
>>>>>>>>  Ah, so, why is the patch creating an add-on? Not that I am saying =
that what I say is law, but it has not been challenged either. If my input =
is being ignored, why should I put this to the top of my list of prioritie=
s? I am not disappointed about this, just trying to be very good with my ti=
me.
>>>>>>>>
>>>>>>>>>  And on January 16, 2025 I wrote a message looking for help.  And =
you were kind to respond quickly.  So in three weeks time, since the kind=
 response, something has changed.  You went from supportive to "this".
>>>>>>>>>
>>>>>>>>>  So yes, I am surprised.
>>>>>>>>  Well, maybe I should not have replied to that email. It was clear =
that you were on some path that was not right, but you were not interested =
before in finding the right path from the beginning.
>>>>>>>>
>>>>>>>>>>  Please consider if that can be changed and if there is a path f=
orward with this.
>>>>>>>>>  Be more specific, what has to change?  What exactly did I dismis=
s?
>>>>>>>>  Dismissal is just my assumption. I don=E2=80=99t know what you ac=
tually did with my feedback. I can only see the end product that does not s=
eem contain much of it. Repeatedly I have been pointing out that we should=
 think before we build. I am sure a lot of hours have now gone into some cod=
e that simply does not satisfy me. And I am not not talking about the code=
 itself, what it does is what I don=E2=80=99t think is right for us.
>>>>>>>>
>>>>>>>>  The process is very clear for me that we should first of all thin=
k whether we want a certain feature now. Then there should be a clear roadm=
ap for everyone to follow; tasks can be split-up as we go and hopefully the=
n have something that is maintainable, interesting for our users and even w=
ould do us proud. This is how this should work.
>>>>>>>>
>>>>>>>>  So, what has to change? I don=E2=80=99t think with shouting at ea=
ch other, throwing patches around and making me generally unhappy is a good =
start.
>>>>>>>>
>>>>>>>>  -Michael
>>>>>>>>
>>>>>>>>>  Jon
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>  On Feb 6, 2025, at 2:13=E2=80=AFPM, Michael Tremer <michael.tre=
mer@ipfire.org> wrote:
>>>>>>>>>>
>>>>>>>>>>  Hello Jon,
>>>>>>>>>>
>>>>>>>>>>  Well, here we are again with another patch regarding this featu=
re.
>>>>>>>>>>
>>>>>>>>>>  I cannot quite see from your email what the question is, but if =
this is a request to have this merged into IPFire, I am once again sorry t=
o disappoint you.
>>>>>>>>>>
>>>>>>>>>>  I think I have covered this all at lengths before that this pro=
ject has been started as a separate effort and as far as I am aware none of =
the other team members has been involved. This has not been discussed eith=
er on this list, on our calls. Instead there has been a separate conversati=
on on the forum with the occasional dip here to the list. But that was not=
 a regular two-way conversation. Therefore, what am I supposed to do with th=
is email?
>>>>>>>>>>
>>>>>>>>>>  I don=E2=80=99t want to merge code that I don=E2=80=99t agree w=
ith. So many fundamental things that I have been raising have either not be=
en discussed or outright dismissed.
>>>>>>>>>>
>>>>>>>>>>  I don=E2=80=99t want to merge code that has no future inside IP=
Fire as there is no constructive conversation with the maintainers of it.
>>>>>>>>>>
>>>>>>>>>>  Having been trying for a long time to make you aware of this, n=
othing of this should come as a surprise.
>>>>>>>>>>
>>>>>>>>>>  Please consider if that can be changed and if there is a path f=
orward with this.
>>>>>>>>>>
>>>>>>>>>>  All the best,
>>>>>>>>>>  -Michael
>>>>>>>>>>
>>>>>>>>>>>  On 6 Feb 2025, at 16:35, Jon Murphy <jon.murphy@ipfire.org> wr=
ote:
>>>>>>>>>>>
>>>>>>>>>>>  What is it?
>>>>>>>>>>>  Response Policy Zone (RPZ) is a mechanism to define local poli=
cies in a
>>>>>>>>>>>  standardized way and load those policies from external sources=
.
>>>>>>>>>>>  Bottom line: RPZ allows admins to easily block access to websi=
tes via DNS lookup.
>>>>>>>>>>>
>>>>>>>>>>>  RPZ can block websites via categories.  Examples include: fake =
websites, annoying
>>>>>>>>>>>  pop-up ads, newly registered domains, DoH bypass sites, bad "h=
ost" services,
>>>>>>>>>>>  maliscious top level domains (e.g., *.zip, *.mov), piracy, gam=
bling, pornography,
>>>>>>>>>>>  and more.  RPZ lists come from various RPZ providers and their =
available
>>>>>>>>>>>  catagories.
>>>>>>>>>>>
>>>>>>>>>>>  This RPZ add-on enables the RPZ functionality by adding a coup=
le lines in a
>>>>>>>>>>>  configuration file.  This add-on simply adds configuration fil=
es and adds
>>>>>>>>>>>  scripts (config, metrics and sleep) to make RPZ easier for the =
admin to use.
>>>>>>>>>>>
>>>>>>>>>>>  The RPZ scripts include additional languages: German, Spanish, =
French, Turkish,
>>>>>>>>>>>  and Italian.
>>>>>>>>>>>
>>>>>>>>>>>  RPZ itself was release in 2010 and has been part of the IPFire =
build since ~2015.
>>>>>>>>>>>
>>>>>>>>>>>  Why is it needed?  What is its value?
>>>>>>>>>>>
>>>>>>>>>>>  - The RPZ concept places this filtering into IPFire, our inter=
net access
>>>>>>>>>>>  gateway, which is (should be) solely used as DNS source of the =
internal network.
>>>>>>>>>>>
>>>>>>>>>>>  - As most sites use HTTPS it makes it difficult to filter traf=
fic with URL
>>>>>>>>>>>  Filter without also properly configuring conventional (non-tra=
nsparent)
>>>>>>>>>>>  mode on the proxy.  RPZ is a nice replacement for the URL Filt=
er.
>>>>>>>>>>>
>>>>>>>>>>>  - No need to install and maintain an additional device like Pi=
Hole or AdBlock
>>>>>>>>>>>  browser extensions on multiple user devices.
>>>>>>>>>>>
>>>>>>>>>>>  - This is an additional layer of protection for users. Less wo=
rry someone will
>>>>>>>>>>>  click on something that gets them into trouble. And, saying th=
is with emphasis,
>>>>>>>>>>>  the ability to do it in one place!
>>>>>>>>>>>
>>>>>>>>>>>  - Blocked sites save on unneeded traffic and can lessen the th=
reat of malware
>>>>>>>>>>>  in advertisements
>>>>>>>>>>>
>>>>>>>>>>>  - Logging allows the admin to see the site blocked and take ac=
tions
>>>>>>>>>>>
>>>>>>>>>>>  - RPZ will be used at the home, home-office (work from home),=
 schools,
>>>>>>>>>>>  ministerial, and at the office.  Device counts are small (2-6) =
to medium (~80)
>>>>>>>>>>>  to mediam-large (200+).
>>>>>>>>>>>
>>>>>>>>>>>  - RPZ can block ads, popups, phishing, scammers, spyware, malw=
are, annoying
>>>>>>>>>>>  popups, NSFW links, DOH servers, and the usual internet trash.
>>>>>>>>>>>
>>>>>>>>>>>  ------------------------------
>>>>>>>>>>>
>>>>>>>>>>>  Change Log for RPZ add-on
>>>>>>>>>>>
>>>>>>>>>>>  rpz-1.0.0-18 on 2025-02-05
>>>>>>>>>>>  - Build for approval & release as IPFire add-on
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.18-18.ipfire on 2025-02-01
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added a mod key to force a unbound restart
>>>>>>>>>>>
>>>>>>>>>>>  rpz-config and rpz-make:
>>>>>>>>>>>  - new feature: added action for unbound restart `rpz-config un=
bound-restart`
>>>>>>>>>>>
>>>>>>>>>>>  rpz-metrics:
>>>>>>>>>>>  - simple reformatting
>>>>>>>>>>>  - rename far right column from "last update" to "last download=
"
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.17-17.ipfire on 2024-12-09
>>>>>>>>>>>  rpz-make
>>>>>>>>>>>  - bug fix: corrected validation regex for wildcards like: `*.d=
omain.com`
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.16-16.ipfire on 2024-11-18
>>>>>>>>>>>  rpz-make
>>>>>>>>>>>  - new feature: updated validation regex
>>>>>>>>>>>  - bug fix: moved validation to beginning of process.  Now we v=
alidate before
>>>>>>>>>>>  creating config files.
>>>>>>>>>>>
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: use CSS color variables of the main ipfire them=
e
>>>>>>>>>>>  - bug fix: empty zonefile remarks were stored as =E2=80=9Cunde=
f=E2=80=9D and caused a warning
>>>>>>>>>>>  - bug fix: HTML textarea removes the first empty line in a cus=
tom list
>>>>>>>>>>>  - thank you Leo!
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.15-15.ipfire on 2024-11-04
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added new language file for Turkish (thank you=
 Peppe)
>>>>>>>>>>>
>>>>>>>>>>>  rpz-make
>>>>>>>>>>>  - bug fix: corrected empty allow/block list issue.  An empty a=
llow/block list
>>>>>>>>>>>  will now remove contents of allow/block.rpz files and remove u=
nneeded
>>>>>>>>>>>  allow/block.conf file.  (thank you iptom)
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.14-14.ipfire on  2024-10-29
>>>>>>>>>>>  rpz-config:
>>>>>>>>>>>  - bug fix: correct missing rpz extension. `rpz-config list` di=
splayed URL
>>>>>>>>>>>  incorrectly (thank you Bernhard)
>>>>>>>>>>>
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - bug fix: remove extra `"` in language files (thank you Bernh=
ard)
>>>>>>>>>>>  - new feature: slightly dim "apply" button when not enabled
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.13-13.ipfire on 2024-10-27
>>>>>>>>>>>  - skipped
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.12-12.ipfire on 2024-10-21
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added new language file for French  (thank you=
 gw-ipfire)
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.11-11.ipfire on 2024-10-18
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added new language file for Italian (thank you=
 umberto)
>>>>>>>>>>>  - new feature: added new language file for Spanish (thank you=
 Roberto)
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.10-10.ipfire on 2024-10-15
>>>>>>>>>>>  rpz-make:
>>>>>>>>>>>  - bug fix: corrected validation error for a custom list entry=
 (thank you siosios)
>>>>>>>>>>>  - e.g., `*.cloudflare-dns.com`
>>>>>>>>>>>
>>>>>>>>>>>  install.sh:
>>>>>>>>>>>  - bug fix: add chown to correct user created files
>>>>>>>>>>>
>>>>>>>>>>>  update.sh:
>>>>>>>>>>>  - bug fix: add chown to correct user created files (thank you=
 siosios)
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.9-9.ipfire on 2024-10-08
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added new language file for German (thank you L=
eo)
>>>>>>>>>>>  - bug fix: add missing "rpz exitcode 110"
>>>>>>>>>>>  - bug fix: corrected missing RPZ menu item at menu > IPFire
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.8-8.ipfire on 2024-10-04
>>>>>>>>>>>  - skipped
>>>>>>>>>>>
>>>>>>>>>>>  ---
>>>>>>>>>>>
>>>>>>>>>>>  rpz-beta-0.1.7-7.ipfire on 2024-10-03
>>>>>>>>>>>  All:
>>>>>>>>>>>  - new feature: includes beta version numbers for pakfire packa=
ge,
>>>>>>>>>>>  instead of only `rpz-1.0.0-1.ipfire`, for each release.
>>>>>>>>>>>
>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>  - new feature: added new WebGUI at `rpz.cgi`
>>>>>>>>>>>  - a BIG thank you to Leo Hofmann for all of his work creating=
 the webgui!!
>>>>>>>>>>>  - bug fix: corrected missing RPZ menu item at menu > IPFire
>>>>>>>>>>>
>>>>>>>>>>>  rpz-make:
>>>>>>>>>>>  - new feature: validate entries in allowlist and blocklist
>>>>>>>>>>>  - new feature: add "no-reload" option for WebGUI
>>>>>>>>>>>
>>>>>>>>>>>  rpz-metrics:
>>>>>>>>>>>  - new feature: info can be sorted by name, by hit count, by li=
ne count, by
>>>>>>>>>>>  "enabled" list or all lists
>>>>>>>>>>>
>>>>>>>>>>>  backups:
>>>>>>>>>>>  - bug fix: include all files in `/var/ipfire/dns/rpz` director=
y in backup
>>>>>>>>>>>
>>>>>>>>>>>  update.sh:
>>>>>>>>>>>  - bug fix: corrected ownership for `/var/ipfire/dns/rpz` direc=
tory during an
>>>>>>>>>>>  update
>>>>>>>>>>>
>>>>>>>>>>>  Build:
>>>>>>>>>>>  - bug fix: `block.rpz.conf` and `block.rpz` from build.  Files =
to be created
>>>>>>>>>>>  by `rpz-make`
>>>>>>>>>>>
>>>>>>>>>>>  WebGUI and German language file
>>>>>>>>>>>  Contribution-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
>>>>>>>>>>>
>>>>>>>>>>>  Spanish language file
>>>>>>>>>>>  Contribution-by: Roberto Pe=C3=B1a
>>>>>>>>>>>
>>>>>>>>>>>  Italian language file
>>>>>>>>>>>  Contribution-by: Umberto Parma
>>>>>>>>>>>
>>>>>>>>>>>  French language file
>>>>>>>>>>>  Contribution-by: gw-ipfire
>>>>>>>>>>>
>>>>>>>>>>>  Turkish language file
>>>>>>>>>>>  Contribution-by: Peppe Tech
>>>>>>>>>>>
>>>>>>>>>>>  Contribution-by: Bernhard Bitsch <bbitsch@ipfire.org>
>>>>>>>>>>>  Contribution-by: Erik Kapfer <erik.kapfer@ipfire.org>
>>>>>>>>>>>  Signed-off-by: Jon Murphy <jon.murphy@ipfire.org
>>>>>>>>>>>  ---
>>>>>>>>>>>  config/backup/includes/rpz                 |   4 +
>>>>>>>>>>>  config/cfgroot/manualpages                 |   1 +
>>>>>>>>>>>  config/menu/EX-rpz.menu                    |   6 +
>>>>>>>>>>>  config/rootfiles/common/configroot         |   1 +
>>>>>>>>>>>  config/rootfiles/common/web-user-interface |   1 +
>>>>>>>>>>>  config/rootfiles/packages/rpz              |  20 +
>>>>>>>>>>>  config/rpz/00-rpz.conf                     |  10 +
>>>>>>>>>>>  config/rpz/rpz-config                      | 130 +++
>>>>>>>>>>>  config/rpz/rpz-functions                   |  85 ++
>>>>>>>>>>>  config/rpz/rpz-make                        | 203 +++++
>>>>>>>>>>>  config/rpz/rpz-metrics                     | 170 ++++
>>>>>>>>>>>  config/rpz/rpz-sleep                       |  58 ++
>>>>>>>>>>>  config/rpz/rpz.de.pl                       |  30 +
>>>>>>>>>>>  config/rpz/rpz.en.pl                       |  30 +
>>>>>>>>>>>  config/rpz/rpz.es.pl                       |  30 +
>>>>>>>>>>>  config/rpz/rpz.fr.pl                       |  30 +
>>>>>>>>>>>  config/rpz/rpz.it.pl                       |  30 +
>>>>>>>>>>>  config/rpz/rpz.tr.pl                       |  30 +
>>>>>>>>>>>  html/cgi-bin/rpz.cgi                       | 923 +++++++++++++=
++++++++
>>>>>>>>>>>  lfs/rpz                                    |  96 +++
>>>>>>>>>>>  make.sh                                    |   3 +-
>>>>>>>>>>>  src/paks/rpz/install.sh                    |  36 +
>>>>>>>>>>>  src/paks/rpz/uninstall.sh                  |  38 +
>>>>>>>>>>>  src/paks/rpz/update.sh                     |  52 ++
>>>>>>>>>>>  24 files changed, 2016 insertions(+), 1 deletion(-)
>>>>>>>>>>>  create mode 100644 config/backup/includes/rpz
>>>>>>>>>>>  create mode 100644 config/menu/EX-rpz.menu
>>>>>>>>>>>  create mode 100644 config/rootfiles/packages/rpz
>>>>>>>>>>>  create mode 100644 config/rpz/00-rpz.conf
>>>>>>>>>>>  create mode 100644 config/rpz/rpz-config
>>>>>>>>>>>  create mode 100644 config/rpz/rpz-functions
>>>>>>>>>>>  create mode 100644 config/rpz/rpz-make
>>>>>>>>>>>  create mode 100755 config/rpz/rpz-metrics
>>>>>>>>>>>  create mode 100755 config/rpz/rpz-sleep
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.de.pl
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.en.pl
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.es.pl
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.fr.pl
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.it.pl
>>>>>>>>>>>  create mode 100644 config/rpz/rpz.tr.pl
>>>>>>>>>>>  create mode 100644 html/cgi-bin/rpz.cgi
>>>>>>>>>>>  create mode 100644 lfs/rpz
>>>>>>>>>>>  create mode 100644 src/paks/rpz/install.sh
>>>>>>>>>>>  create mode 100644 src/paks/rpz/uninstall.sh
>>>>>>>>>>>  create mode 100644 src/paks/rpz/update.sh
>>>>>>>>>>>
>>>>>>>>>>>  diff --git a/config/backup/includes/rpz b/config/backup/includ=
es/rpz
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..36513e494
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/backup/includes/rpz
>>>>>>>>>>>  @@ -0,0 +1,4 @@
>>>>>>>>>>>  +/var/ipfire/dns/rpz/*
>>>>>>>>>>>  +/etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>  +/etc/unbound/zonefiles/block.rpz
>>>>>>>>>>>  +/etc/unbound/local.d/*rpz.conf
>>>>>>>>>>>  diff --git a/config/cfgroot/manualpages b/config/cfgroot/manua=
lpages
>>>>>>>>>>>  index 1f7e01efc..d3a48c633 100644
>>>>>>>>>>>  --- a/config/cfgroot/manualpages
>>>>>>>>>>>  +++ b/config/cfgroot/manualpages
>>>>>>>>>>>  @@ -70,6 +70,7 @@ pakfire.cgi=3Dconfiguration/ipfire/pakfire
>>>>>>>>>>>  wlanap.cgi=3Daddons/wireless
>>>>>>>>>>>  tor.cgi=3Daddons/tor
>>>>>>>>>>>  samba.cgi=3Daddons/samba
>>>>>>>>>>>  +rpz.cgi=3Daddons/rpz
>>>>>>>>>>>
>>>>>>>>>>>  # Logs menu
>>>>>>>>>>>  logs.cgi/summary.dat=3Dconfiguration/logs/summary
>>>>>>>>>>>  diff --git a/config/menu/EX-rpz.menu b/config/menu/EX-rpz.menu
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..2f4daf410
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/menu/EX-rpz.menu
>>>>>>>>>>>  @@ -0,0 +1,6 @@
>>>>>>>>>>>  +$subipfire->{'20.rpz'} =3D {
>>>>>>>>>>>  +    'caption' =3D> $Lang::tr{'rpz'},
>>>>>>>>>>>  +    'uri' =3D> '/cgi-bin/rpz.cgi',
>>>>>>>>>>>  +    'title' =3D> "RPZ",
>>>>>>>>>>>  +    'enabled' =3D> 1,
>>>>>>>>>>>  +};
>>>>>>>>>>>  diff --git a/config/rootfiles/common/configroot b/config/rootf=
iles/common/configroot
>>>>>>>>>>>  index 9839eee45..b30d6aae4 100644
>>>>>>>>>>>  --- a/config/rootfiles/common/configroot
>>>>>>>>>>>  +++ b/config/rootfiles/common/configroot
>>>>>>>>>>>  @@ -120,6 +120,7 @@ var/ipfire/menu.d/70-log.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-apcupsd.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-guardian.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-mympd.menu
>>>>>>>>>>>  +#var/ipfire/menu.d/EX-rpz.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-samba.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-tor.menu
>>>>>>>>>>>  #var/ipfire/menu.d/EX-transmission.menu
>>>>>>>>>>>  diff --git a/config/rootfiles/common/web-user-interface b/conf=
ig/rootfiles/common/web-user-interface
>>>>>>>>>>>  index 816241dae..e00464076 100644
>>>>>>>>>>>  --- a/config/rootfiles/common/web-user-interface
>>>>>>>>>>>  +++ b/config/rootfiles/common/web-user-interface
>>>>>>>>>>>  @@ -69,6 +69,7 @@ srv/web/ipfire/cgi-bin/proxy.cgi
>>>>>>>>>>>  srv/web/ipfire/cgi-bin/qos.cgi
>>>>>>>>>>>  srv/web/ipfire/cgi-bin/remote.cgi
>>>>>>>>>>>  srv/web/ipfire/cgi-bin/routing.cgi
>>>>>>>>>>>  +#srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>>>>>  #srv/web/ipfire/cgi-bin/samba.cgi
>>>>>>>>>>>  srv/web/ipfire/cgi-bin/services.cgi
>>>>>>>>>>>  srv/web/ipfire/cgi-bin/shutdown.cgi
>>>>>>>>>>>  diff --git a/config/rootfiles/packages/rpz b/config/rootfiles/=
packages/rpz
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..1c8663049
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rootfiles/packages/rpz
>>>>>>>>>>>  @@ -0,0 +1,20 @@
>>>>>>>>>>>  +etc/unbound/local.d/00-rpz.conf
>>>>>>>>>>>  +etc/unbound/zonefiles
>>>>>>>>>>>  +etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>  +usr/sbin/rpz-config
>>>>>>>>>>>  +usr/sbin/rpz-functions
>>>>>>>>>>>  +usr/sbin/rpz-make
>>>>>>>>>>>  +usr/sbin/rpz-metrics
>>>>>>>>>>>  +usr/sbin/rpz-sleep
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.de.pl
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.en.pl
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.es.pl
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.fr.pl
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.it.pl
>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.tr.pl
>>>>>>>>>>>  +var/ipfire/backup/addons/includes/rpz
>>>>>>>>>>>  +var/ipfire/dns/rpz
>>>>>>>>>>>  +var/ipfire/dns/rpz/allowlist
>>>>>>>>>>>  +var/ipfire/dns/rpz/blocklist
>>>>>>>>>>>  +var/ipfire/menu.d/EX-rpz.menu
>>>>>>>>>>>  +srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>>>>>  diff --git a/config/rpz/00-rpz.conf b/config/rpz/00-rpz.conf
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..f005a4f2e
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/00-rpz.conf
>>>>>>>>>>>  @@ -0,0 +1,10 @@
>>>>>>>>>>>  +server:
>>>>>>>>>>>  +    module-config: "respip validator iterator"
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpz:
>>>>>>>>>>>  +    name:                    allow.rpz
>>>>>>>>>>>  +    zonefile:                /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>  +    rpz-action-override:     passthru
>>>>>>>>>>>  +    rpz-log:                 yes
>>>>>>>>>>>  +    rpz-log-name:            allow
>>>>>>>>>>>  +    rpz-signal-nxdomain-ra:  yes
>>>>>>>>>>>  diff --git a/config/rpz/rpz-config b/config/rpz/rpz-config
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..c72d50f9b
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz-config
>>>>>>>>>>>  @@ -0,0 +1,130 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024-2025  IPFire Team  <info@ipfire.org>   =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +version=3D"2025-01-11 - v44"
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############     Functions     ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +source /usr/sbin/rpz-functions
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############       Main        ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpzAction=3D"${1}"                    #  input RPZ action
>>>>>>>>>>>  +rpzName=3D"${2}"                      #  input RPZ name
>>>>>>>>>>>  +rpzURL=3D"${3}"                       #  input RPZ URL
>>>>>>>>>>>  +rpzOption1=3D"${4}"                   #  input RPZ option #1
>>>>>>>>>>>  +rpzOption2=3D"${5}"                   #  input RPZ option #2
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpzConfig=3D"/etc/unbound/local.d/${rpzName}.rpz.conf"    # =
 output zone conf file
>>>>>>>>>>>  +rpzFile=3D"/etc/unbound/zonefiles/${rpzName}.rpz"         # =
 output for RPZ file
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpzLog=3D"yes"                        #  log default is yes
>>>>>>>>>>>  +ucReload=3D"yes"                      #  reload default is ye=
s
>>>>>>>>>>>  +
>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>  +    case "$1" in
>>>>>>>>>>>  +        --no-log )      rpzLog=3D"no"   ;;
>>>>>>>>>>>  +        --no-reload )   ucReload=3D"no" ; checkConf=3D"no" ;;
>>>>>>>>>>>  +    esac
>>>>>>>>>>>  +    shift       # Shift after checking all the cases to get n=
ext option
>>>>>>>>>>>  +done
>>>>>>>>>>>  +
>>>>>>>>>>>  +case "${rpzAction}" in
>>>>>>>>>>>  +    #  add new rpz list
>>>>>>>>>>>  +    add )
>>>>>>>>>>>  +        check_name "${rpzName}"             #  is this a vali=
d name?
>>>>>>>>>>>  +        #  does this config already exist?  If yes, then exit
>>>>>>>>>>>  +        if [[ -f "${rpzConfig}" ]] ; then
>>>>>>>>>>>  +            msg_log "error: rpz: duplicate - ${rpzConfig} alr=
eady exists. exit"
>>>>>>>>>>>  +            exit 104
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  is this a valid URL?
>>>>>>>>>>>  +        regex=3D'^https://[-[:alnum:]\+&@#/%?=3D~_|!:,.;]*[-[=
:alnum:]\+&@#/%=3D~_|]'
>>>>>>>>>>>  +        if ! [[ "${rpzURL}" =3D~ $regex ]] ; then
>>>>>>>>>>>  +            msg_log "error: rpz: the URL is not valid: \"${rp=
zURL}\". exit."
>>>>>>>>>>>  +            exit 105
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  create the zone config file
>>>>>>>>>>>  +        {
>>>>>>>>>>>  +        echo "rpz:"
>>>>>>>>>>>  +        echo "    name:                   ${rpzName}.rpz"
>>>>>>>>>>>  +        echo "    zonefile:               ${rpzFile}"
>>>>>>>>>>>  +        echo "    url:                    ${rpzURL}"
>>>>>>>>>>>  +        echo "    rpz-action-override:    nxdomain"
>>>>>>>>>>>  +        echo "    rpz-log:                ${rpzLog}"
>>>>>>>>>>>  +        echo "    rpz-log-name:           ${rpzName}"
>>>>>>>>>>>  +        echo "    rpz-signal-nxdomain-ra: yes"
>>>>>>>>>>>  +        } > "${rpzConfig}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  set-up zonefile
>>>>>>>>>>>  +        #    create an empty rpz file if it does not exist
>>>>>>>>>>>  +        if [[ ! -f "${rpzFile}" ]] ; then
>>>>>>>>>>>  +            touch "${rpzFile}"
>>>>>>>>>>>  +            #  unbound requires these settings for rpz files
>>>>>>>>>>>  +            set_permissions "${rpzFile}" "${rpzConfig}"
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  trash config file & rpz file
>>>>>>>>>>>  +    remove )
>>>>>>>>>>>  +        if ! [[ -f "${rpzConfig}" ]] ; then
>>>>>>>>>>>  +            msg_log "error: rpz: cannot remove ${rpzConfig},=
 does not exist. exit"
>>>>>>>>>>>  +            exit 106
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +        msg_log "info: rpz: remove config file & rpz file \"$=
{rpzName}\""
>>>>>>>>>>>  +        rm "${rpzConfig}"
>>>>>>>>>>>  +        rm "${rpzFile}"
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    reload )
>>>>>>>>>>>  +        check_unbound_conf "${checkConf}"
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    list )
>>>>>>>>>>>  +        awk -F':' '/^\s*name:/{ gsub(/[[:blank:]]|\.rpz/, "",=
$2) ; NAME=3D$2 } \
>>>>>>>>>>>  +            /^\s*url:/{ gsub(/[[:blank:]]/, "") ; print NAME"=
=3D"$2":"$3} '  \
>>>>>>>>>>>  +            /etc/unbound/local.d/*rpz.conf
>>>>>>>>>>>  +        exit
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    unbound-restart )
>>>>>>>>>>>  +        check_unbound_conf "${checkConf}"
>>>>>>>>>>>  +        unbound_restart
>>>>>>>>>>>  +        exit
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    * )
>>>>>>>>>>>  +        msg_log "error: rpz: missing or incorrect parameter"
>>>>>>>>>>>  +        printf "Usage:   $(basename "$0") <ACTION> <NAME> <UR=
L> <OPTION> <OPTION>\n"
>>>>>>>>>>>  +        printf "Version: ${version}\n"
>>>>>>>>>>>  +        exit 108
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +esac
>>>>>>>>>>>  +
>>>>>>>>>>>  +unbound_control_reload "${ucReload}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +exit
>>>>>>>>>>>  diff --git a/config/rpz/rpz-functions b/config/rpz/rpz-functio=
ns
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..ace1d2690
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz-functions
>>>>>>>>>>>  @@ -0,0 +1,85 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +version=3D"2024-12-10 - v02"
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############     Functions     ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +msg_log () {
>>>>>>>>>>>  +    logger --tag "${tagName}" "$*"
>>>>>>>>>>>  +    if tty --silent ; then
>>>>>>>>>>>  +        echo "${tagName}:" "$*"
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  check for a valid name
>>>>>>>>>>>  +check_name () {
>>>>>>>>>>>  +    local theName=3D"${1}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +    regex=3D'^[a-zA-Z0-9_]+$'             # no dash or plus,=
 alpha numeric only
>>>>>>>>>>>  +    regex1=3D'^(allow|block)$'            # allow and block a=
re reserved NAMEs
>>>>>>>>>>>  +    if [[ ! "${theName}" =3D~ $regex ]] || [[ "${theName}"=
 =3D~ $regex1 ]] ; then
>>>>>>>>>>>  +        msg_log "error: rpz: the NAME is not valid: \"${theNa=
me}\". exit."
>>>>>>>>>>>  +        exit 101
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +set_permissions () {
>>>>>>>>>>>  +    chown nobody:nobody "$@"
>>>>>>>>>>>  +    chmod 644 "$@"
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +check_unbound_conf () {
>>>>>>>>>>>  +    local thecheckConf=3D"${1:-yes}"      #   check config de=
fault is yes
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  check the above config files
>>>>>>>>>>>  +    if [[ "${thecheckConf}" =3D=3D yes ]] ; then
>>>>>>>>>>>  +        msg_log "info: rpz: check for errors with \"unbound-c=
heckconf\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +        if ! unbound-checkconf ; then
>>>>>>>>>>>  +            msg_log "error: rpz: unbound-checkconf found inva=
lid configuration."
>>>>>>>>>>>  +            msg_log \
>>>>>>>>>>>  +              "error: rpz: In Terminal run the command \"unbo=
und-checkconf\" for more information. exit."
>>>>>>>>>>>  +            exit 102
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +unbound_control_reload () {
>>>>>>>>>>>  +    local theReload=3D"${1:-yes}"     #   reload default is y=
es
>>>>>>>>>>>  +
>>>>>>>>>>>  +    if [[ "${theReload}" =3D=3D yes ]] ; then
>>>>>>>>>>>  +        #  reload due to the changes
>>>>>>>>>>>  +        msg_log  "info: rpz: run \"unbound-control reload\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +        if ! unbound-control reload ; then
>>>>>>>>>>>  +            msg_log "error: rpz: unbound-control reload. exit=
."
>>>>>>>>>>>  +            exit 109
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +unbound_restart () {
>>>>>>>>>>>  +    #  restart due to the changes
>>>>>>>>>>>  +    msg_log  "info: rpz: run \"unbound restart\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +    /usr/local/bin/unboundctrl restart
>>>>>>>>>>>  +}
>>>>>>>>>>>  diff --git a/config/rpz/rpz-make b/config/rpz/rpz-make
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..927d55170
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz-make
>>>>>>>>>>>  @@ -0,0 +1,203 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024-2025  IPFire Team  <info@ipfire.org>   =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +version=3D"2025-01-11 - v14"
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############     Functions     ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +source /usr/sbin/rpz-functions
>>>>>>>>>>>  +
>>>>>>>>>>>  +#   create the config file for allow
>>>>>>>>>>>  +make_allow_config () {
>>>>>>>>>>>  +    local theLog=3D"${1:-yes}"                            # =
 log default ON
>>>>>>>>>>>  +    local theConfig=3D"/etc/unbound/local.d/00-rpz.conf"  # =
 output zone conf file
>>>>>>>>>>>  +    local theList=3D"/var/ipfire/dns/rpz/allowlist"       # =
 input custom list of domains
>>>>>>>>>>>  +
>>>>>>>>>>>  +    msg_log "info: rpz: make config file \"00-rpz.conf\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +    echo "server:
>>>>>>>>>>>  +    module-config: \"respip validator iterator\"" > "${theCon=
fig}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  does allow list exist?
>>>>>>>>>>>  +    if [[ -s "${theList}" ]] && grep -q . "${theList}" ; then
>>>>>>>>>>>  +
>>>>>>>>>>>  +    echo "rpz:
>>>>>>>>>>>  +    name:                   allow.rpz
>>>>>>>>>>>  +    zonefile:               /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>  +    rpz-action-override:    passthru
>>>>>>>>>>>  +    rpz-log:                ${theLog}
>>>>>>>>>>>  +    rpz-log-name:           allow
>>>>>>>>>>>  +    rpz-signal-nxdomain-ra: yes" >> "${theConfig}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  set-up zonefile - unbound requires these settings for=
 rpz files
>>>>>>>>>>>  +    set_permissions "${theConfig}"
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +#   create the config file for block
>>>>>>>>>>>  +make_block_config () {
>>>>>>>>>>>  +    local theLog=3D"${1:-yes}"                                =
#  log default ON
>>>>>>>>>>>  +    local theConfig=3D"/etc/unbound/local.d/block.rpz.conf"   =
#  output zone conf file
>>>>>>>>>>>  +    local theList=3D"/var/ipfire/dns/rpz/blocklist"           =
#  input custom list of domains
>>>>>>>>>>>  +
>>>>>>>>>>>  +    msg_log "info: rpz: make config file \"block.rpz.conf\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  does block list exist?
>>>>>>>>>>>  +    if [[ -s "${theList}" ]] && grep -q . "${theList}" ; then
>>>>>>>>>>>  +
>>>>>>>>>>>  +    echo "rpz:
>>>>>>>>>>>  +    name:                   block.rpz
>>>>>>>>>>>  +    zonefile:               /etc/unbound/zonefiles/block.rpz
>>>>>>>>>>>  +    rpz-action-override:    nxdomain
>>>>>>>>>>>  +    rpz-log:                ${theLog}
>>>>>>>>>>>  +    rpz-log-name:           block
>>>>>>>>>>>  +    rpz-signal-nxdomain-ra: yes" > "${theConfig}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  set-up zonefile - unbound requires these settings=
 for rpz files
>>>>>>>>>>>  +        set_permissions "${theConfig}"
>>>>>>>>>>>  +    else
>>>>>>>>>>>  +        #   no - trash the config file
>>>>>>>>>>>  +        rm --verbose /etc/unbound/local.d/block.rpz.conf
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +#   create an RPZ file for allow or block
>>>>>>>>>>>  +make_rpz_file () {
>>>>>>>>>>>  +    local theName=3D"${1}"        #   allow or block
>>>>>>>>>>>  +    local theAction=3D'.'         # the default is nxdomain o=
r block
>>>>>>>>>>>  +    local actionList
>>>>>>>>>>>  +
>>>>>>>>>>>  +    local theList=3D"/var/ipfire/dns/rpz/${theName}list"     =
    #  input custom list of domains
>>>>>>>>>>>  +    local theZonefile=3D"/etc/unbound/zonefiles/${theName}.rp=
z"  #  output file for RPZ
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  does a list exist?
>>>>>>>>>>>  +    if [[ -s "${theList}" ]] && grep -q . "${theList}" ; then
>>>>>>>>>>>  +
>>>>>>>>>>>  +        # for allow set to passthru
>>>>>>>>>>>  +        [[ "${theName}" =3D=3D allow ]] && theAction=3D'rpz-p=
assthru.'
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  drop any extra "blanks" and add "CNAME <RPZ action=
>." to each line
>>>>>>>>>>>  +        actionList=3D$( awk '{$1=3D$1};1' "${theList}" |
>>>>>>>>>>>  +            sed "/^[^;].*[[:alnum:]]/ s|$|  CNAME   ${theActi=
on}|" )
>>>>>>>>>>>  +
>>>>>>>>>>>  +        msg_log "info: rpz: create zonefile for \"${theName}l=
ist\""
>>>>>>>>>>>  +
>>>>>>>>>>>  +echo "; Name:             ${theName} list
>>>>>>>>>>>  +; Last modified:    $(date "+%Y-%m-%d at %H.%M.%S %Z")
>>>>>>>>>>>  +;
>>>>>>>>>>>  +;   domains with actions list
>>>>>>>>>>>  +;
>>>>>>>>>>>  +${actionList}" > "${theZonefile}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +        #  set-up zonefile - unbound requires these settings=
 for rpz files
>>>>>>>>>>>  +        set_permissions "${theZonefile}"
>>>>>>>>>>>  +        #  set-up allow/block list files
>>>>>>>>>>>  +        set_permissions "${theList}"
>>>>>>>>>>>  +    else
>>>>>>>>>>>  +        msg_log "info: rpz: the ${theList} is empty."
>>>>>>>>>>>  +
>>>>>>>>>>>  +        rm --verbose "${theZonefile}"   # trash the RPZ file
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +#   check if allow/block list is valid
>>>>>>>>>>>  +validate_list () {
>>>>>>>>>>>  +    local theName=3D"${1}"        #   allow or block
>>>>>>>>>>>  +    local theList=3D"/var/ipfire/dns/rpz/${theName}list"  # =
 input custom list of domains
>>>>>>>>>>>  +
>>>>>>>>>>>  + #   remove good:
>>>>>>>>>>>  + #    - properly formated domain names with or without leadin=
g wildcard
>>>>>>>>>>>  + #    - properly formated top level domain (TLD) names with w=
ildcard
>>>>>>>>>>>  + #    - blank lines and comment lines
>>>>>>>>>>>  + #   remaining lines are considered "bad"
>>>>>>>>>>>  +    bad_lines=3D$( sed --regexp-extended  \
>>>>>>>>>>>  +        '/^(\*\.)?([a-zA-Z0-9](([a-zA-Z0-9\-]){0,61}[a-zA-Z0-=
9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])$/d ;
>>>>>>>>>>>  +         /^(\*\.)([a-z]{2,61}|xn--[a-z0-9]{1,60})$/d ;
>>>>>>>>>>>  +         /^$/d ; /^;/d' "${theList}" )
>>>>>>>>>>>  +
>>>>>>>>>>>  +    if [[ ! -z "${bad_lines}" ]] ; then
>>>>>>>>>>>  +        msg_log "error: rpz: invalid line(s) in ${theList}."
>>>>>>>>>>>  +        printf "%s\n" "bad line(s): ${bad_lines}"
>>>>>>>>>>>  +        exit 110
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############       Main        ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpzName=3D"${1}"                      #  input RPZ name
>>>>>>>>>>>  +
>>>>>>>>>>>  +rpzLog=3D"yes"                        #  log default is yes
>>>>>>>>>>>  +ucReload=3D"yes"                      #  reload default is ye=
s
>>>>>>>>>>>  +
>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>  +    case "$1" in
>>>>>>>>>>>  +        --no-log )      rpzLog=3D"no"   ;;
>>>>>>>>>>>  +        --no-reload )   ucReload=3D"no" ;  checkConf=3D"no" ;=
;
>>>>>>>>>>>  +    esac
>>>>>>>>>>>  +    shift       # Shift after checking all the cases to get n=
ext option
>>>>>>>>>>>  +done
>>>>>>>>>>>  +
>>>>>>>>>>>  +case "${rpzName}" in
>>>>>>>>>>>  +    #  make a new allow or block rpz file
>>>>>>>>>>>  +
>>>>>>>>>>>  +    allow )
>>>>>>>>>>>  +        validate_list 'allow'           #   is the allowlist=
 valid?
>>>>>>>>>>>  +        make_allow_config "${rpzLog}"
>>>>>>>>>>>  +        make_rpz_file 'allow'
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    allowblock )
>>>>>>>>>>>  +        validate_list 'allow'           #   is the list valid=
?
>>>>>>>>>>>  +        make_allow_config "${rpzLog}"
>>>>>>>>>>>  +        make_rpz_file 'allow'
>>>>>>>>>>>  +        ;&
>>>>>>>>>>>  +
>>>>>>>>>>>  +    block )
>>>>>>>>>>>  +        validate_list 'block'           #   is the blocklist=
 valid?
>>>>>>>>>>>  +        make_block_config "${rpzLog}"
>>>>>>>>>>>  +        make_rpz_file 'block'
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    reload )
>>>>>>>>>>>  +        check_unbound_conf "${checkConf}"
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    unbound-restart )
>>>>>>>>>>>  +        check_unbound_conf "${checkConf}"
>>>>>>>>>>>  + unbound_restart
>>>>>>>>>>>  + exit
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    * )
>>>>>>>>>>>  +        msg_log "error: rpz: missing or incorrect parameter"
>>>>>>>>>>>  +        printf "Usage:   $(basename "$0") <NAME> <OPTION> <OP=
TION>\n"
>>>>>>>>>>>  +        printf "Version: ${version}\n"
>>>>>>>>>>>  +        exit 108
>>>>>>>>>>>  +        ;;
>>>>>>>>>>>  +esac
>>>>>>>>>>>  +
>>>>>>>>>>>  +unbound_control_reload "${ucReload}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +exit
>>>>>>>>>>>  diff --git a/config/rpz/rpz-metrics b/config/rpz/rpz-metrics
>>>>>>>>>>>  new file mode 100755
>>>>>>>>>>>  index 000000000..4d43e1629
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz-metrics
>>>>>>>>>>>  @@ -0,0 +1,170 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +version=3D"2025-01-20 - v25"
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############       Main        ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +weeks=3D"2"                   #   default to two message logs
>>>>>>>>>>>  +sortBy=3D"name"               #   default "by name"
>>>>>>>>>>>  +rpzActive=3D"enabled"         #   default "enabled only"
>>>>>>>>>>>  +
>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>  +    case "$1" in
>>>>>>>>>>>  +        --by-names | --by-name | name ) sortBy=3D"name"   ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        --by-hits | --by-hit | hits | hit )      sortBy=3D"hi=
t"    ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        --by-lines | --by-line | lines | line )     sortBy=3D=
"line"   ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        --by-effect ) sortBy=3D"effect"   ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        --enabled-only )             rpzActive=3D"enabled" ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        --active-all | --all | all )       rpzActive=3D"all" =
    ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +        [0-9] | [0-9][0-9] )         weeks=3D$1        ;;
>>>>>>>>>>>  +    esac
>>>>>>>>>>>  +    shift       # Shift after checking all the cases to get n=
ext option
>>>>>>>>>>>  +done
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get the list of message logs for N weeks
>>>>>>>>>>>  +messageLogs=3D$( find /var/log/messages* -type f | sort --ver=
sion-sort |
>>>>>>>>>>>  +    head -"${weeks}" )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get the list of RPZ names & counts from the message log(s)
>>>>>>>>>>>  +rpzNameCount=3D$( for logf in ${messageLogs} ; do
>>>>>>>>>>>  +    zgrep --text --fixed-strings 'info: rpz: applied' "${logf=
}" |
>>>>>>>>>>>  +      awk '$10 ~ /\[\w*]/ { print $10 }' ;
>>>>>>>>>>>  +    done | sort | uniq --count )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  flip results and remove brackets `[` and `]`
>>>>>>>>>>>  +rpzNameCount=3D$( echo "${rpzNameCount}" |
>>>>>>>>>>>  +    awk '{ print $2, $1 }' |
>>>>>>>>>>>  +    sed --regexp-extended 's|^\[(.*)\]|\1|' )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  grab only names
>>>>>>>>>>>  +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ print $1 }' )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get list of RPZ files
>>>>>>>>>>>  +rpzFileList=3D$( find /etc/unbound/zonefiles -type f -iname "=
*.rpz" )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get basename of those files
>>>>>>>>>>>  +rpzBaseNames=3D$( echo "${rpzFileList}" |
>>>>>>>>>>>  +    sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g ;' )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  add to rpzNames
>>>>>>>>>>>  +rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  drop duplicate names
>>>>>>>>>>>  +rpzNames=3D$( echo "${rpzNames}" | sort --unique  )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get line count for each RPZ
>>>>>>>>>>>  +lineCount=3D$( echo "${rpzFileList}" | xargs wc -l )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get comment line count and blank line count for each RPZ
>>>>>>>>>>>  +commentCount=3D$( echo "${rpzFileList}" | xargs grep --count=
 -e "^$" -e "^;" )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get modified date each RPZ
>>>>>>>>>>>  +modDateList=3D$( echo "${rpzFileList}" | xargs stat -c '%.10y=
  %n' )
>>>>>>>>>>>  +
>>>>>>>>>>>  +ucListAuthZones=3D$( unbound-control list_auth_zones )
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  get width of RPZ names
>>>>>>>>>>>  +pWidth=3D$( echo "${rpzNames}" | awk '{ print $1"   " }' | wc =
-L )
>>>>>>>>>>>  +pFormat=3D"%-${pWidth}s %-8s %-8s %8s %12s %12s\n"
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  print title line
>>>>>>>>>>>  +printf "${pFormat}" "name" "hits" "active" "lines" " hits/lin=
e" "last download"
>>>>>>>>>>>  +printf -- "--------------"
>>>>>>>>>>>  +
>>>>>>>>>>>  +theResults=3D""
>>>>>>>>>>>  +totalLines=3D0
>>>>>>>>>>>  +totalHits=3D0
>>>>>>>>>>>  +while read -r theName
>>>>>>>>>>>  +do
>>>>>>>>>>>  +    printf -- "--"        #   pretend progress bar
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  is this RPZ list active?
>>>>>>>>>>>  +    theActive=3D"disabled"
>>>>>>>>>>>  +    if grep --quiet "^${theName}\.rpz" <<< "${ucListAuthZones=
}"
>>>>>>>>>>>  +    then
>>>>>>>>>>>  +        theActive=3D"enabled"
>>>>>>>>>>>  +    else
>>>>>>>>>>>  +        [[ "${rpzActive}" =3D=3D enabled ]] && continue
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  get hit count
>>>>>>>>>>>  +    theHits=3D"0"
>>>>>>>>>>>  +    if output=3D$( grep "^${theName}\s" <<< "${rpzNameCount}" =
) ; then
>>>>>>>>>>>  +        theHits=3D$( echo "${output}" | awk '{ print $2 }' )
>>>>>>>>>>>  +        totalHits=3D$(( totalHits + theHits ))
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  get line count
>>>>>>>>>>>  +    theLines=3D"n/a"
>>>>>>>>>>>  +    hitsPerLine=3D"0"
>>>>>>>>>>>  +    if output=3D$( grep --fixed-strings "/${theName}.rpz" <<< =
"${lineCount}" ) ; then
>>>>>>>>>>>  +        theLines=3D$( echo "${output}" | awk '{ print $1 }' )
>>>>>>>>>>>  +        totalLines=3D$(( totalLines + theLines ))
>>>>>>>>>>>  +
>>>>>>>>>>>  +        if [[ "${theLines}" -gt 2 ]] ; then
>>>>>>>>>>>  +            hitsPerLine=3D$(( 100 * theHits / theLines ))
>>>>>>>>>>>  +        fi
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  get modification date
>>>>>>>>>>>  +    theModDate=3D"n/a"
>>>>>>>>>>>  +    if output=3D$( grep --fixed-strings "/${theName}.rpz" <<< =
"${modDateList}" ) ; then
>>>>>>>>>>>  +        theModDate=3D$( echo "${output}" | awk '{ print $1 }' =
)
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  add to results list
>>>>>>>>>>>  +    theResults+=3D"${theName} ${theHits} ${theActive} ${theLi=
nes} ${hitsPerLine} ${theModDate}"$'\n'
>>>>>>>>>>>  +
>>>>>>>>>>>  +done <<< "${rpzNames}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +case "${sortBy}" in
>>>>>>>>>>>  +    #  sort by "active" then by "name"
>>>>>>>>>>>  +    name) sortArg=3D(-k3,3r -k1,1) ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  sort by "active" then by "hits" then by "name"
>>>>>>>>>>>  +    hit)  sortArg=3D(-k3,3r -k2,2nr -k1,1) ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  sort by "active" then by "lines" then by "name"
>>>>>>>>>>>  +    line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;;
>>>>>>>>>>>  +
>>>>>>>>>>>  +    #  sort by "active" then by "effect" then by "name"
>>>>>>>>>>>  +    effect) sortArg=3D(-k3,3r -k5,5nr -k1,1) ;;
>>>>>>>>>>>  +esac
>>>>>>>>>>>  +
>>>>>>>>>>>  +printf -- "--------------\n"
>>>>>>>>>>>  +#  remove blank lines, sort, print as columns
>>>>>>>>>>>  +echo "${theResults}" |
>>>>>>>>>>>  +    awk '!/^[[:space:]]*$/' |
>>>>>>>>>>>  +    sort "${sortArg[@]}"    |
>>>>>>>>>>>  +    awk --assign=3Dwidth=3D"${pWidth}" \
>>>>>>>>>>>  +        '{ printf "%-*s %-8s %-8s %8s %10s %% %12s\n", width, =
$1, $2, $3, $4, $5, $6 }'
>>>>>>>>>>>  +
>>>>>>>>>>>  +printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D" "" "=3D=3D=3D=
=3D=3D=3D=3D=3D" "" ""
>>>>>>>>>>>  +printf "${pFormat}" "Totals -->" "${totalHits}" "" "${totalLi=
nes}" "" ""
>>>>>>>>>>>  +
>>>>>>>>>>>  +exit
>>>>>>>>>>>  diff --git a/config/rpz/rpz-sleep b/config/rpz/rpz-sleep
>>>>>>>>>>>  new file mode 100755
>>>>>>>>>>>  index 000000000..dd3603599
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz-sleep
>>>>>>>>>>>  @@ -0,0 +1,58 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +version=3D"2024-08-16"        # v05
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############     Functions     ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +#   send message to message log
>>>>>>>>>>>  +msg_log () {
>>>>>>>>>>>  +    logger --tag "${tagName}" "$*"
>>>>>>>>>>>  +    if tty --silent ; then
>>>>>>>>>>>  +        echo "${tagName}:" "$*"
>>>>>>>>>>>  +    fi
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +###############       Main        ###############
>>>>>>>>>>>  +
>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>  +
>>>>>>>>>>>  +sleepTime=3D"${1:-5m}"            #  default to sleep for 5m=
 (5 minutes)
>>>>>>>>>>>  +
>>>>>>>>>>>  +zoneList=3D$( unbound-control list_auth_zones | awk '{print $=
1}' )
>>>>>>>>>>>  +
>>>>>>>>>>>  +for zone in ${zoneList} ; do
>>>>>>>>>>>  +    printf "disable ${zone}\t"
>>>>>>>>>>>  +    unbound-control rpz_disable "${zone}"
>>>>>>>>>>>  +done
>>>>>>>>>>>  +
>>>>>>>>>>>  +msg_log "info: rpz: disabled all zones for ${sleepTime}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +sleep "${sleepTime}"
>>>>>>>>>>>  +
>>>>>>>>>>>  +for zone in ${zoneList} ; do
>>>>>>>>>>>  +    printf "enable ${zone}\t"
>>>>>>>>>>>  +    unbound-control rpz_enable "${zone}"
>>>>>>>>>>>  +done
>>>>>>>>>>>  +
>>>>>>>>>>>  +msg_log "info: rpz: enabled all zones"
>>>>>>>>>>>  +
>>>>>>>>>>>  +exit
>>>>>>>>>>>  diff --git a/config/rpz/rpz.de.pl b/config/rpz/rpz.de.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..3770c6bb0
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.de.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> '=C3=9Cbernehmen',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Benutzerdefinierte Allowlist akti=
vieren:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Zugelassene Domains (eine pro Zeile=
)<br>Beispiel: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Benutzerdefinierte Allowlist',
>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Benutzerdefinierte Blocklist akti=
vieren:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Gesperrte Domains (eine pro Zeile)<=
br>Beispiel: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'Benutzerdefinierte Blocklist',
>>>>>>>>>>>  +'rpz cl' =3D> 'Benutzerdefinierte Listen',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'Der Name enth=C3=A4lt unzul=C3=A4ssi=
ge Zeichen',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf hat eine fehlerhaf=
te Konfiguration ermittelt. F=C3=BChren Sie das Kommando unbound-checkconf=
 auf der Konsole aus, um weitere Informationen zu erhalten.',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'Die benutzerdefinierte Allow-/Blockl=
ist ist leer',
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'Ein Eintrag mit identischem Namen ex=
istiert bereits',
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'Die URL ist ung=C3=BCltig',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'Eintrag kann nicht entfernt werden,=
 der Name existiert nicht',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'Der Name ist ung=C3=BCltig - nur "al=
low" oder "block" m=C3=B6glich',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'Fehlende oder inkorrekte Parameter',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control reload ist fehlgesch=
lagen',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'Die benutzerdefinierte Allow-/Blockl=
ist enth=C3=A4lt unzul=C3=A4ssige Eintr=C3=A4ge',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'Die Anmerkung enth=C3=A4lt unzul=C3=
=A4ssige Zeichen',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'Ung=C3=BCltiger Eintrag in der benut=
zerdefinierten Allowlist, Zeile ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'Ung=C3=BCltiger Eintrag in der benut=
zerdefinierten Blocklist, Zeile ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Ausgew=C3=A4hlter Eintrag existiert=
 nicht: ',
>>>>>>>>>>>  +'rpz zf editor' =3D> 'Zonendatei-Eintrag bearbeiten',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(importiert aus rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Erlaubte Zeichen sind a-z, A-Z, 0-=
9 und Unterstriche',
>>>>>>>>>>>  +'rpz zf' =3D> 'Zonendateien',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/config/rpz/rpz.en.pl b/config/rpz/rpz.en.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..0720a8940
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.en.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> 'Apply',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Enable custom allowlist:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Allowed domains (one per line)<br>E=
xample: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Custom allowlist',
>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Enable custom blocklist:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Blocked domains (one per line)<br>E=
xample: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'Custom blocklist',
>>>>>>>>>>>  +'rpz cl' =3D> 'Custom lists',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'the NAME is not valid',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf found invalid conf=
iguration. In the Terminal run the command unbound-checkconf for more infor=
mation',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'the allow/block list is empty',
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicate - NAME already exists',
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'the URL is not valid',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'cannot remove the NAME does not exis=
t',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'the NAME is not valid - "allow" or "=
block" only',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'missing or incorrect parameter',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control reload failed',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'custom Allowlist/Blocklist contains=
 invalid entries',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'the REMARK is not valid',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'invalid entry in allowlist, line ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'invalid entry in blocklist, line ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Selected entry does not exist: ',
>>>>>>>>>>>  +'rpz zf editor' =3D> 'Edit zonefiles entry',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(imported from rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Valid characters are a-z, A-Z, 0-9 =
and underscore.',
>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/config/rpz/rpz.es.pl b/config/rpz/rpz.es.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..98628e4aa
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.es.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Zonas de pol=C3=ADtica de respuesta (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> 'Aplicar',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Habilitar la lista blanca persona=
lizada:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Dominio permitido (uno por l=C3=ADn=
ea)<br>Ejemplo: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Lista blanca personalizada',
>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Habilitar la lista negra personal=
izada:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Dominio bloqueado (uno por l=C3=ADn=
ea)<br>Ejemplo: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'Lista negra personalizada',
>>>>>>>>>>>  +'rpz cl' =3D> 'Lista personalizada',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'El NOMBRE no es v=C3=A1lido',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ha encontrado una=
 configuraci=C3=B3n no v=C3=A1lida. Desde Terminal, ejecute el comando unbou=
nd-checkconf para mayor informaci=C3=B3n',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'La lista de permitidos/bloqueados es=
t=C3=A1 vac=C3=ADa',
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicado - NOMBRE ya existe',
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'la URL no es v=C3=A1lida',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'no es posible eliminar el NOMBRE que =
no existe',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'el NOMBRE no es v=C3=A1lido - s=C3=
=B3lo "permitir" o "bloquear"',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'par=C3=A1metro faltante o incorrecto=
',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'Error al recargar unbound-control',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la Lista blanca/Lista negra personal=
izada contiene entradas no v=C3=A1lidas',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'el COMENTARIO no es v=C3=A1lido',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'entrada no v=C3=A1lida en la lista b=
lanca, l=C3=ADnea ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'entrada no v=C3=A1lida en la lista n=
egra, l=C3=ADnea ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'La entrada seleccionada no existe: '=
,
>>>>>>>>>>>  +'rpz zf editor' =3D> 'Editar la entrada de archivos de zona',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(importado de rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Los caracteres v=C3=A1lidos son a-=
z, A-Z, 0-9 y gui=C3=B3n bajo',
>>>>>>>>>>>  +'rpz zf' =3D> 'Archivos de zona',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/config/rpz/rpz.fr.pl b/config/rpz/rpz.fr.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..f35f3c2d0
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.fr.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> 'Appliquer',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Activer la liste d\'autorisations =
personnalis=C3=A9e:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Domaines autoris=C3=A9s (un par lig=
ne)<br>Example: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Liste d\'autorisations personnalis=C3=A9=
e',
>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Activer la liste de blocage perso=
nnalis=C3=A9e:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Domaines bloqu=C3=A9s (un par ligne=
)<br>Example: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'liste de blocage personnalis=C3=A9',
>>>>>>>>>>>  +'rpz cl' =3D> 'Listes personnalis=C3=A9es',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'le NOM n\'est pas valide',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf configuration non=
 valide trouv=C3=A9e. Dans le terminal, ex=C3=A9cutez la commande unbound-ch=
eckconf pour plus d\'informations',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'la liste autoriser/bloquer est vide'=
,
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'le NOM existe d=C3=A9j=C3=A0',
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'L\'URL n\'est pas valide',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'impossible de supprimer le NOM n\'ex=
iste pas',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'le NOM n\'est pas valide - =C2=AB au=
toriser =C2=BB ou =C2=AB bloquer =C2=BB seulement',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'param=C3=A8tre manquant ou incorrect=
',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control rechargement =C3=A9c=
hou=C3=A9',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la liste autoriser/bloquer contient=
 des entr=C3=A9es non valides',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'la REMARQUE n\'est pas valable',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'entr=C3=A9e non valide dans la liste =
d\'autorisation, ligne ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'entr=C3=A9e non valide dans la liste =
de blocs, ligne ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'L\'entr=C3=A9e s=C3=A9lectionn=C3=A9=
e n\'existe pas: ',
>>>>>>>>>>>  +'rpz zf editor' =3D> 'Modifier l\'entr=C3=A9e Fichiers Zone',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(import=C3=A9 de rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Les caract=C3=A8res valides sont a=
-z, A-Z, 0-9 et soulignement.',
>>>>>>>>>>>  +'rpz zf' =3D> 'Fichiers Zone',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/config/rpz/rpz.it.pl b/config/rpz/rpz.it.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..ee81605c9
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.it.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> 'Applica',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Abilita la Whitelist personalizza=
ta:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Domini consentiti (uno per riga)<br=
>Esempio: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Whitelist personalizzata',
>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Abilita la Blacklist personalizza=
ta:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Domini bloccati (uno per riga)<br>E=
sempio: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'Blacklist personalizzata',
>>>>>>>>>>>  +'rpz cl' =3D> 'Liste personalizzate',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'il NOME non =C3=A8 valido',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ha trovato una con=
figurazione non valida. Dal Terminale esegui il comando unbound-checkconf p=
er maggiori informazioni',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'l\'elenco consentiti/bloccati =C3=A8 =
vuoto',
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicato - NAME esiste di gi=C3=A0'=
,
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'l\'URL non =C3=A8 valido',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'non =C3=A8 possibile rimuovere il NO=
ME non esiste',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'il NOME non =C3=A8 valido - solo "co=
nsenti" o "blocca"',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'parametro mancante o non corretto',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'ricaricamento del controllo non asso=
ciato non riuscito',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la Whitelist/Blacklist personalizzat=
a contiene voci non valide',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'l"OSSERVAZIONE non =C3=A8 valida',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'voce non valida nella Whitelist, rig=
a ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'voce non valida nella Blacklist, rig=
a ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'La voce selezionata non esiste: ',
>>>>>>>>>>>  +'rpz zf editor' =3D> 'Modifica la voce dei file di zona',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(importato da rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'I caratteri validi sono a-z, A-Z,=
 0-9 e trattino basso',
>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/config/rpz/rpz.tr.pl b/config/rpz/rpz.tr.pl
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..00226e192
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/config/rpz/rpz.tr.pl
>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>  +#  I=EF=BF=BDin eklendi Ayriyeten Response Policy Zone (RPZ)
>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>  +'rpz apply' =3D> 'Uygulamak',
>>>>>>>>>>>  +'rpz cl allow enable' =3D> '=EF=BF=BDzel Etkinlestir allowlis=
t:',
>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Izin verilmis domains (satir basina =
bir)<br>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl allow' =3D> 'Etkinlestir allowlist',
>>>>>>>>>>>  +'rpz cl block enable' =3D> '=EF=BF=BDzel Etkinlestir blocklis=
t:',
>>>>>>>>>>>  +'rpz cl block info' =3D> 'Engellenmis domains (satir basina b=
ir)<br>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>>>>>  +'rpz cl block' =3D> 'Engellenmis blocklist',
>>>>>>>>>>>  +'rpz cl' =3D> 'Engellenmis lists',
>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'NAME ge=EF=BF=BDerli degil',
>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ge=EF=BF=BDersiz y=
apilandirma bulundu. Terminalde daha fazla bilgi i=EF=BF=BDin Unbound-check=
Conf komutunu =EF=BF=BDalistirin',
>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'allow/block liste bos',
>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'kopyalamak - NAME zaten var',
>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'URL ge=EF=BF=BDerli degil',
>>>>>>>>>>>  +'rpz exitcode 106' =3D> '=EF=BF=BDikarilamiyor NAME yok',
>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'NAME ge=EF=BF=BDerli degil - "allow" =
veya "block" yalniz',
>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'Parametre eksik veya yanlis',
>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control basarisiz',
>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'Engellenmis Allowlist/Blocklist ge=
=EF=BF=BDersiz girisler i=EF=BF=BDerir',
>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'REMARK ge=EF=BF=BDerli degil',
>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'Ge=EF=BF=BDersiz giris allowlist, li=
ne ',
>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'Ge=EF=BF=BDersiz giris blocklist, li=
ne ',
>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Se=EF=BF=BDilen giris yok: ',
>>>>>>>>>>>  +'rpz zf editor' =3D> 'yazimlamak zonefiles giris',
>>>>>>>>>>>  +'rpz zf imported' =3D> '(ithal edildi rpz-config)',
>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Ge=EF=BF=BDerli karakterler a-z, A=
-Z, 0-9ve alt=EF=BF=BDst.',
>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>  +);
>>>>>>>>>>>  diff --git a/html/cgi-bin/rpz.cgi b/html/cgi-bin/rpz.cgi
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..a821c92ac
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/html/cgi-bin/rpz.cgi
>>>>>>>>>>>  @@ -0,0 +1,923 @@
>>>>>>>>>>>  +#!/usr/bin/perl
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# IPFire.org - A linux based firewall                        =
                 #
>>>>>>>>>>>  +# Copyright (C) 2005-2024  IPFire Team  <info@ipfire.org>    =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# This program is free software: you can redistribute it and/=
or modify        #
>>>>>>>>>>>  +# it under the terms of the GNU General Public License as pub=
lished by        #
>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the Licen=
se, or           #
>>>>>>>>>>>  +# (at your option) any later version.                        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# This program is distributed in the hope that it will be use=
ful,             #
>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warranty =
of              #
>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See t=
he               #
>>>>>>>>>>>  +# GNU General Public License for more details.               =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# You should have received a copy of the GNU General Public L=
icense           #
>>>>>>>>>>>  +# along with this program.  If not, see <http://www.gnu.org/l=
icenses/>.       #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +use strict;
>>>>>>>>>>>  +use Scalar::Util qw(looks_like_number);
>>>>>>>>>>>  +
>>>>>>>>>>>  +# debugging
>>>>>>>>>>>  +#use warnings;
>>>>>>>>>>>  +#use CGI::Carp 'fatalsToBrowser';
>>>>>>>>>>>  +#use Data::Dumper;
>>>>>>>>>>>  +
>>>>>>>>>>>  +require '/var/ipfire/general-functions.pl';
>>>>>>>>>>>  +require "${General::swroot}/lang.pl";
>>>>>>>>>>>  +require "${General::swroot}/header.pl";
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Extra HTML ---###
>>>>>>>>>>>  +my $extraHead =3D <<END
>>>>>>>>>>>  +<style>
>>>>>>>>>>>  + /* alternating row background */
>>>>>>>>>>>  + .tbl tr:nth-child(2n+2) {
>>>>>>>>>>>  + background-color: var(--color-light-grey);
>>>>>>>>>>>  + }
>>>>>>>>>>>  + .tbl tr:nth-child(2n+3) {
>>>>>>>>>>>  + background-color: var(--color-grey);
>>>>>>>>>>>  + }
>>>>>>>>>>>  + /* text styles */
>>>>>>>>>>>  + .tbl th:not(:last-child) {
>>>>>>>>>>>  + text-align: left;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + div.right {
>>>>>>>>>>>  + text-align: right;
>>>>>>>>>>>  + margin-top: 0.5em;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + /* customlist input */
>>>>>>>>>>>  + textarea.domainlist {
>>>>>>>>>>>  + margin: 0.5em 0;
>>>>>>>>>>>  + resize: vertical;
>>>>>>>>>>>  + min-height: 10em;
>>>>>>>>>>>  + overflow: auto;
>>>>>>>>>>>  + white-space: pre;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + button[type=3Dsubmit]:disabled {
>>>>>>>>>>>  + opacity: 0.6;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +</style>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  +###--- End of extra HTML ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +### Settings ###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Request DNS service reload after configuration change
>>>>>>>>>>>  +my $RPZ_RELOAD_FLAG =3D "${General::swroot}/dns/rpz/reload.fl=
ag";
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Configuration file for all available zonefiles
>>>>>>>>>>>  +# Format: index, name (unique), enabled (on/off), URL, remark
>>>>>>>>>>>  +my $ZONEFILES_CONF =3D "${General::swroot}/dns/rpz/zonefiles.=
conf";
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Configuration file for custom lists
>>>>>>>>>>>  +# IDs: 0=3Dallowlist, 1=3Dblocklist, 2=3Doptions (allow/block =
enabled)
>>>>>>>>>>>  +my $CUSTOMLISTS_CONF =3D "${General::swroot}/dns/rpz/customli=
sts.conf";
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Export custom lists to rpz-config
>>>>>>>>>>>  +my $RPZ_ALLOWLIST =3D "${General::swroot}/dns/rpz/allowlist";
>>>>>>>>>>>  +my $RPZ_BLOCKLIST =3D "${General::swroot}/dns/rpz/blocklist";
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +### Preparation ###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Create missing config files
>>>>>>>>>>>  +unless(-f $ZONEFILES_CONF) { &General::system('touch', "$ZONE=
FILES_CONF"); }
>>>>>>>>>>>  +unless(-f $CUSTOMLISTS_CONF) { &General::system('touch', "$CU=
STOMLISTS_CONF"); }
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +## Global gui data
>>>>>>>>>>>  +my $errormessage =3D "";
>>>>>>>>>>>  +
>>>>>>>>>>>  +## Global configuration data
>>>>>>>>>>>  +my %zonefiles =3D ();
>>>>>>>>>>>  +my %customlists =3D ();
>>>>>>>>>>>  +&_zonefiles_load();
>>>>>>>>>>>  +&_customlists_load();
>>>>>>>>>>>  +
>>>>>>>>>>>  +## Global CGI form data
>>>>>>>>>>>  +my %cgiparams =3D ();
>>>>>>>>>>>  +&Header::getcgihash(\%cgiparams);
>>>>>>>>>>>  +
>>>>>>>>>>>  +my $action =3D $cgiparams{'ACTION'} // 'NONE';
>>>>>>>>>>>  +my $action_key =3D $cgiparams{'KEY'} // ''; # entry being edi=
ted, empty =3D none/new
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Process form actions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Zonefiles action: Check whether the requested entry exists
>>>>>>>>>>>  +if((substr($action, 0, 3) eq 'ZF_') && ($action_key)) {
>>>>>>>>>>>  + unless(defined $zonefiles{$action_key}) {
>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(204, $action_key);
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + }
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +## Perform actions
>>>>>>>>>>>  +if($action eq 'ZF_SAVE') { ## Save new or modified zonefiles=
 entry
>>>>>>>>>>>  + if(&_action_zf_save()) {
>>>>>>>>>>>  + $action =3D 'NONE'; # success, return to main page
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + $action =3D 'ZF_EDIT'; # error occured, keep editing
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +} elsif($action eq 'ZF_TOGGLE') { ## Toggle on/off
>>>>>>>>>>>  + if(&_action_zf_toggle()) {
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +} elsif($action eq 'ZF_REMOVE') { ## Remove entry
>>>>>>>>>>>  + if(&_action_zf_remove()) {
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +} elsif($action eq 'CL_SAVE') { ## Save custom lists
>>>>>>>>>>>  + if(&_action_cl_save()) {
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +} elsif($action eq 'RPZ_RELOAD') { ## Reload dns configuratio=
n
>>>>>>>>>>>  + if(&_action_rpz_reload()) {
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +} elsif($action eq 'UNB_RESTART') { ## Restart unbound servic=
e
>>>>>>>>>>>  + if(&_action_unb_restart()) {
>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Start GUI ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +## Start http output
>>>>>>>>>>>  +&Header::showhttpheaders();
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Start HTML
>>>>>>>>>>>  +&Header::openpage($Lang::tr{'rpz'}, 1, $extraHead);
>>>>>>>>>>>  +&Header::openbigbox('100%', 'left', '');
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show error messages
>>>>>>>>>>>  +if($errormessage) {
>>>>>>>>>>>  + &_print_message($errormessage);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Handle zonefile add/edit mode
>>>>>>>>>>>  +if($action eq "ZF_EDIT") {
>>>>>>>>>>>  + &_print_zonefile_editor();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Finalize page and exit cleanly
>>>>>>>>>>>  + &Header::closebigbox();
>>>>>>>>>>>  + &Header::closepage();
>>>>>>>>>>>  + exit(0);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show gui elements
>>>>>>>>>>>  +&_print_zonefiles();
>>>>>>>>>>>  +&_print_customlists();
>>>>>>>>>>>  +&_print_gui_extras();
>>>>>>>>>>>  +
>>>>>>>>>>>  +&Header::closebigbox();
>>>>>>>>>>>  +&Header::closepage();
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- End of GUI ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Internal configuration file functions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Load all available zonefiles from rpz-config and the intern=
al configuration
>>>>>>>>>>>  +sub _zonefiles_load {
>>>>>>>>>>>  + # Clean start
>>>>>>>>>>>  + %zonefiles =3D ();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Source 1: Get the currently enabled zonefiles from rpz-con=
fig (expected format [name]=3D[URL])
>>>>>>>>>>>  + my @enabled_files =3D &General::system_output('/usr/sbin/rpz=
-config', 'list');
>>>>>>>>>>>  +
>>>>>>>>>>>  + foreach my $row (@enabled_files) {
>>>>>>>>>>>  + chomp($row);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Use regex instead of split() to skip non-matching lines
>>>>>>>>>>>  + next unless($row =3D~ /^(\w+)=3D(.+)$/);
>>>>>>>>>>>  + my ($name, $url) =3D ($1, $2);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Unique names are already guaranteed by rpz-config
>>>>>>>>>>>  + if(&_rpz_validate_zonefile($name, $url, '', 0) =3D=3D 0) {
>>>>>>>>>>>  + # Populate global data hash, mark all found entries as enabl=
ed
>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> 'on',
>>>>>>>>>>>  + 'url' =3D> $url,
>>>>>>>>>>>  + 'remark' =3D> $Lang::tr{'rpz zf imported'});
>>>>>>>>>>>  +
>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Source 2: Get additional data and disabled entries from co=
nfiguration file
>>>>>>>>>>>  + my %configured_files =3D ();
>>>>>>>>>>>  + &General::readhasharray($ZONEFILES_CONF, \%configured_files)=
;
>>>>>>>>>>>  +
>>>>>>>>>>>  + foreach my $row (values (%configured_files)) {
>>>>>>>>>>>  + my ($name, $enabled, $url, $remark) =3D @$row;
>>>>>>>>>>>  + $remark //=3D "";
>>>>>>>>>>>  +
>>>>>>>>>>>  + next unless($name);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Check whether this row belongs to an entry already importe=
d from rpz-config
>>>>>>>>>>>  + if(defined $zonefiles{$name}) {
>>>>>>>>>>>  + # Existing entry, only merge additional data
>>>>>>>>>>>  + $zonefiles{$name}{'remark'} =3D $remark;
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + # Skip entry if it is marked as enabled but not found by rpz=
-config. It was then deleted manually
>>>>>>>>>>>  + if($enabled ne 'on') {
>>>>>>>>>>>  + # Populate global data hash
>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> 'off',
>>>>>>>>>>>  + 'url' =3D> $url // "",
>>>>>>>>>>>  + 'remark' =3D> $remark);
>>>>>>>>>>>  +
>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Save internal zonefiles configuration
>>>>>>>>>>>  +sub _zonefiles_save_conf {
>>>>>>>>>>>  + my $index =3D 0;
>>>>>>>>>>>  + my %export =3D ();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Loop trough all zonefiles and create "hasharray" type expo=
rt
>>>>>>>>>>>  + foreach my $name (keys %zonefiles) {
>>>>>>>>>>>  + my @entry =3D ($name,
>>>>>>>>>>>  + $zonefiles{$name}{'enabled'},
>>>>>>>>>>>  + $zonefiles{$name}{'url'},
>>>>>>>>>>>  + $zonefiles{$name}{'remark'});
>>>>>>>>>>>  +
>>>>>>>>>>>  + $export{$index++} =3D \@entry;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + &General::writehasharray($ZONEFILES_CONF, \%export);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Load custom lists from rpz-config and the internal configur=
ation
>>>>>>>>>>>  +sub _customlists_load {
>>>>>>>>>>>  + # Clean start
>>>>>>>>>>>  + %customlists =3D ();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Load configuration file
>>>>>>>>>>>  + my %lists_conf =3D ();
>>>>>>>>>>>  + &General::readhasharray($CUSTOMLISTS_CONF, \%lists_conf);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Get list options, enabled by default to start import
>>>>>>>>>>>  + $customlists{'allow'}{'enabled'} =3D $lists_conf{2}[0] // 'o=
n';
>>>>>>>>>>>  + $customlists{'block'}{'enabled'} =3D $lists_conf{2}[1] // 'o=
n';
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Import enabled list from rpz-config, otherwise retrieve st=
ored or empty list from configuration file
>>>>>>>>>>>  + if($customlists{'allow'}{'enabled'} eq 'on') {
>>>>>>>>>>>  + &_customlist_import('allow', $RPZ_ALLOWLIST);
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + $customlists{'allow'}{'list'} =3D $lists_conf{0} // [];
>>>>>>>>>>>  + }
>>>>>>>>>>>  + if($customlists{'block'}{'enabled'} eq 'on') {
>>>>>>>>>>>  + &_customlist_import('block', $RPZ_BLOCKLIST);
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + $customlists{'block'}{'list'} =3D $lists_conf{1} // [];
>>>>>>>>>>>  + }
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Save internal custom lists configuration
>>>>>>>>>>>  +sub _customlists_save_conf {
>>>>>>>>>>>  + my %export =3D ();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Match IDs with import function
>>>>>>>>>>>  + $export{0} =3D $customlists{'allow'}{'list'};
>>>>>>>>>>>  + $export{1} =3D $customlists{'block'}{'list'};
>>>>>>>>>>>  + $export{2} =3D [$customlists{'allow'}{'enabled'}, $customlis=
ts{'block'}{'enabled'}];
>>>>>>>>>>>  +
>>>>>>>>>>>  + &General::writehasharray($CUSTOMLISTS_CONF, \%export);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Import a custom list from plain file, returns empty list if =
file is missing
>>>>>>>>>>>  +sub _customlist_import {
>>>>>>>>>>>  + my ($listname, $filename) =3D @_;
>>>>>>>>>>>  + my @list =3D ();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # File exists, load and check all lines
>>>>>>>>>>>  + if(-f $filename) {
>>>>>>>>>>>  + open(my $FH, '<', $filename) or die "Can't read $filename: $=
!";
>>>>>>>>>>>  + while(my $line =3D <$FH>) {
>>>>>>>>>>>  + chomp($line);
>>>>>>>>>>>  + push(@list, $line);
>>>>>>>>>>>  + }
>>>>>>>>>>>  + close($FH);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Clean up imported data
>>>>>>>>>>>  + &_rpz_validate_customlist(\@list, 1);
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + $customlists{$listname}{'list'} =3D \@list;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Export a custom list to plain file or clear file if list is =
disabled
>>>>>>>>>>>  +sub _customlist_export {
>>>>>>>>>>>  + my ($listname, $filename) =3D @_;
>>>>>>>>>>>  + return unless(defined $customlists{$listname});
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Write enabled domain list to file, otherwise save empty fi=
le
>>>>>>>>>>>  + open(my $FH, '>', $filename) or die "Can't write $filename:=
 $!";
>>>>>>>>>>>  +
>>>>>>>>>>>  + if($customlists{$listname}{'enabled'} eq 'on') {
>>>>>>>>>>>  + foreach my $line (@{$customlists{$listname}{'list'}}) {
>>>>>>>>>>>  + print $FH "$line\n";
>>>>>>>>>>>  + }
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + print $FH "; Note: This list is currently disabled by $ENV{'=
SCRIPT_NAME'}\n";
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + close($FH);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Internal gui functions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show simple message box
>>>>>>>>>>>  +sub _print_message {
>>>>>>>>>>>  + my ($message, $title) =3D @_;
>>>>>>>>>>>  + $title ||=3D $Lang::tr{'error messages'};
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::openbox('100%', 'left', $title);
>>>>>>>>>>>  + print "<span>$message</span>";
>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show all zone files and related gui elements
>>>>>>>>>>>  +sub _print_zonefiles {
>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf'});
>>>>>>>>>>>  +
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  +<table class=3D"tbl" width=3D"100%">
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <th>$Lang::tr{'name'}</th>
>>>>>>>>>>>  + <th>URL</th>
>>>>>>>>>>>  + <th>$Lang::tr{'remark'}</th>
>>>>>>>>>>>  + <th colspan=3D"3">$Lang::tr{'action'}</th>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Sort zonefiles by name and loop trough all entries
>>>>>>>>>>>  + foreach my $name (sort keys %zonefiles) {
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Toggle button label translation
>>>>>>>>>>>  + my $toggle_tr =3D ($zonefiles{$name}{'enabled'} eq 'on') ? $=
Lang::tr{'click to disable'} : $Lang::tr{'click to enable'};
>>>>>>>>>>>  +
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td>$name</td>
>>>>>>>>>>>  + <td>$zonefiles{$name}{'url'}</td>
>>>>>>>>>>>  + <td>$zonefiles{$name}{'remark'}</td>
>>>>>>>>>>>  +
>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_TOGGLE">
>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/$zonefiles{$name}{'enab=
led'}.gif" title=3D"$toggle_tr" alt=3D"$toggle_tr">
>>>>>>>>>>>  + </form>
>>>>>>>>>>>  + </td>
>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_EDIT">
>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/edit.gif" title=3D"$Lan=
g::tr{'edit'}" alt=3D"$Lang::tr{'edit'}">
>>>>>>>>>>>  + </form>
>>>>>>>>>>>  + </td>
>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_REMOVE">
>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/delete.gif" title=3D"$L=
ang::tr{'remove'}" alt=3D"$Lang::tr{'remove'}">
>>>>>>>>>>>  + </form>
>>>>>>>>>>>  + </td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Disable reload button if not needed
>>>>>>>>>>>  + my $reload_state =3D &_rpz_needs_reload() ? "" : " disabled"=
;
>>>>>>>>>>>  +
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  +</table>
>>>>>>>>>>>  +
>>>>>>>>>>>  +<div class=3D"right">
>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"">
>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"ZF_EDIT">$L=
ang::tr{'add'}</button>
>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_RELOAD" =
class=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>>>>>  + </form>
>>>>>>>>>>>  +</div>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show zonefiles entry editor
>>>>>>>>>>>  +sub _print_zonefile_editor {
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Key specified: Edit existing entry
>>>>>>>>>>>  + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>>>>>  + # Load data to be edited, but don't override already present =
values (allows user to edit after error)
>>>>>>>>>>>  + $cgiparams{'ZF_NAME'} //=3D $action_key;
>>>>>>>>>>>  + $cgiparams{'ZF_URL'} //=3D $zonefiles{$action_key}{'url'};
>>>>>>>>>>>  + $cgiparams{'ZF_REMARK'} //=3D $zonefiles{$action_key}{'remar=
k'};
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Fallback to empty form
>>>>>>>>>>>  + $cgiparams{'ZF_NAME'} //=3D "";
>>>>>>>>>>>  + $cgiparams{'ZF_URL'} //=3D "";
>>>>>>>>>>>  + $cgiparams{'ZF_REMARK'} //=3D "";
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf editor'})=
;
>>>>>>>>>>>  +
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  +<input type=3D"hidden" name=3D"KEY" value=3D"$action_key">
>>>>>>>>>>>  +<table width=3D"100%">
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td width=3D"20%">$Lang::tr{'name'}:&nbsp;<img src=3D"/blob.=
gif" alt=3D"*"></td>
>>>>>>>>>>>  + <td><input type=3D"text" name=3D"ZF_NAME" value=3D"$cgiparam=
s{'ZF_NAME'}" size=3D"40" maxlength=3D"32" title=3D"$Lang::tr{'rpz zf remar=
k info'}" pattern=3D"[a-zA-Z0-9_]{1,32}" required></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td width=3D"20%">URL:&nbsp;<img src=3D"/blob.gif" alt=3D"*"=
></td>
>>>>>>>>>>>  + <td><input type=3D"url" name=3D"ZF_URL" value=3D"$cgiparams{=
'ZF_URL'}" size=3D"40" maxlength=3D"128" required></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td width=3D"20%">$Lang::tr{'remark'}:</td>
>>>>>>>>>>>  + <td><input type=3D"text" name=3D"ZF_REMARK" value=3D"$cgipar=
ams{'ZF_REMARK'}" size=3D"40" maxlength=3D"32"></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td colspan=3D"2"><hr></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td width=3D"55%"><img src=3D"/blob.gif" alt=3D"*">&nbsp;$La=
ng::tr{'required field'}</td>
>>>>>>>>>>>  + <td align=3D"right"><button type=3D"submit" name=3D"ACTION"=
 value=3D"ZF_SAVE">$Lang::tr{'save'}</button></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  +</table>
>>>>>>>>>>>  +</form>
>>>>>>>>>>>  +
>>>>>>>>>>>  +<div class=3D"right">
>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"NONE">$Lang=
::tr{'back'}</button>
>>>>>>>>>>>  + </form>
>>>>>>>>>>>  +</div>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Show custom allow/block files and related gui elements
>>>>>>>>>>>  +sub _print_customlists {
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Load lists from config, unless they are currently being ed=
ited
>>>>>>>>>>>  + if($action ne 'CL_SAVE') {
>>>>>>>>>>>  + $cgiparams{'ALLOW_LIST'} =3D join("\n", @{$customlists{'allo=
w'}{'list'}});
>>>>>>>>>>>  + $cgiparams{'BLOCK_LIST'} =3D join("\n", @{$customlists{'bloc=
k'}{'list'}});
>>>>>>>>>>>  +
>>>>>>>>>>>  + $cgiparams{'ALLOW_ENABLED'} =3D ($customlists{'allow'}{'enab=
led'} eq 'on') ? 'on' : undef;
>>>>>>>>>>>  + $cgiparams{'BLOCK_ENABLED'} =3D ($customlists{'block'}{'enab=
led'} eq 'on') ? 'on' : undef;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Fallback to empty form
>>>>>>>>>>>  + $cgiparams{'ALLOW_LIST'} //=3D "";
>>>>>>>>>>>  + $cgiparams{'BLOCK_LIST'} //=3D "";
>>>>>>>>>>>  +
>>>>>>>>>>>  + # HTML checkboxes, unchecked =3D no or undef value in POST d=
ata
>>>>>>>>>>>  + my %checked =3D ();
>>>>>>>>>>>  + $checked{'ALLOW_ENABLED'} =3D (defined $cgiparams{'ALLOW_ENA=
BLED'}) ? " checked" : "";
>>>>>>>>>>>  + $checked{'BLOCK_ENABLED'} =3D (defined $cgiparams{'BLOCK_ENA=
BLED'}) ? " checked" : "";
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Disable reload button if not needed
>>>>>>>>>>>  + my $reload_state =3D &_rpz_needs_reload() ? "" : " disabled"=
;
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz cl'});
>>>>>>>>>>>  +
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>  +<table width=3D"100%">
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td colspan=3D"2"><b>$Lang::tr{'rpz cl allow'}</b><br>$Lang:=
:tr{'rpz cl allow info'}</td>
>>>>>>>>>>>  + <td colspan=3D"2"><b>$Lang::tr{'rpz cl block'}</b><br>$Lang:=
:tr{'rpz cl block info'}</td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td colspan=3D"2"><textarea name=3D"ALLOW_LIST" class=3D"dom=
ainlist" cols=3D"45">
>>>>>>>>>>>  +$cgiparams{'ALLOW_LIST'}</textarea></td>
>>>>>>>>>>>  + <td colspan=3D"2"><textarea name=3D"BLOCK_LIST" class=3D"dom=
ainlist" cols=3D"45">
>>>>>>>>>>>  +$cgiparams{'BLOCK_LIST'}</textarea></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td><label for=3D"allow_enabled">$Lang::tr{'rpz cl allow ena=
ble'}</label></td>
>>>>>>>>>>>  + <td width=3D"15%"><input type=3D"checkbox" name=3D"ALLOW_ENA=
BLED" id=3D"allow_enabled"$checked{'ALLOW_ENABLED'}></td>
>>>>>>>>>>>  + <td><label for=3D"block_enabled">$Lang::tr{'rpz cl block ena=
ble'}</label></td>
>>>>>>>>>>>  + <td width=3D"15%"><input type=3D"checkbox" name=3D"BLOCK_ENA=
BLED" id=3D"block_enabled"$checked{'BLOCK_ENABLED'}></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td colspan=3D"4"><hr></td>
>>>>>>>>>>>  + </tr>
>>>>>>>>>>>  + <tr>
>>>>>>>>>>>  + <td align=3D"right" colspan=3D"4">
>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"CL_SAVE">$L=
ang::tr{'save'}</button>
>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_RELOAD" =
class=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>>>>>  + </td>
>>>>>>>>>>>  +</table>
>>>>>>>>>>>  +</form>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  +
>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Output javascript and extra gui elements
>>>>>>>>>>>  +sub _print_gui_extras {
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Apply/Restart button modifier key handler
>>>>>>>>>>>  + if(&_rpz_needs_reload()) {
>>>>>>>>>>>  + print <<END
>>>>>>>>>>>  +<script>
>>>>>>>>>>>  + // Commit modifier key handler
>>>>>>>>>>>  + (function(jq, document) {
>>>>>>>>>>>  + var keyEventsOn =3D false; // Keyboard events attached
>>>>>>>>>>>  + var keyModify =3D false; // Modifier key pressed
>>>>>>>>>>>  + var mouseHover =3D false; // Mouse over commit button
>>>>>>>>>>>  + var btnModified =3D false; // Button modified to "Restart"
>>>>>>>>>>>  +
>>>>>>>>>>>  + // Document-level key events, enable only while cursor is ov=
er button
>>>>>>>>>>>  + function attachKeyEvents() {
>>>>>>>>>>>  + if(keyEventsOn) {
>>>>>>>>>>>  + return;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + keyEventsOn =3D true;
>>>>>>>>>>>  +
>>>>>>>>>>>  + jq(document).on("keydown.rpz", function(event) {
>>>>>>>>>>>  + if((!keyModify) && event.shiftKey) {
>>>>>>>>>>>  + keyModify =3D true;
>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>  + }
>>>>>>>>>>>  + });
>>>>>>>>>>>  + jq(document).on("keyup.rpz", function(event) {
>>>>>>>>>>>  + if(keyModify && (!event.shiftKey)) {
>>>>>>>>>>>  + keyModify =3D false;
>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>  + }
>>>>>>>>>>>  + });
>>>>>>>>>>>  + }
>>>>>>>>>>>  + function removeKeyEvents() {
>>>>>>>>>>>  + keyModify =3D false;
>>>>>>>>>>>  + if(keyEventsOn) {
>>>>>>>>>>>  + jq(document).off("keydown.rpz keyup.rpz");
>>>>>>>>>>>  + keyEventsOn =3D false;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + // Attach mouse hover events to commit buttons
>>>>>>>>>>>  + function attachMouseEvents() {
>>>>>>>>>>>  + jq("button.commit").on("mouseenter", function(event) {
>>>>>>>>>>>  + if(!mouseHover) {
>>>>>>>>>>>  + mouseHover =3D true;
>>>>>>>>>>>  + attachKeyEvents();
>>>>>>>>>>>  + // Handle already pressed key
>>>>>>>>>>>  + keyModify =3D !!(event.shiftKey);
>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>  + }
>>>>>>>>>>>  + });
>>>>>>>>>>>  +
>>>>>>>>>>>  + // Cursor moved away: Disable key listener to minimize event=
s
>>>>>>>>>>>  + jq("button.commit").on("mouseleave", function() {
>>>>>>>>>>>  + if(mouseHover) {
>>>>>>>>>>>  + mouseHover =3D false;
>>>>>>>>>>>  + removeKeyEvents();
>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>  + }
>>>>>>>>>>>  + });
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + // Modify commit button
>>>>>>>>>>>  + function handleModify() {
>>>>>>>>>>>  + let modify =3D mouseHover && keyModify;
>>>>>>>>>>>  + if(btnModified !=3D modify) {
>>>>>>>>>>>  + if(modify) {
>>>>>>>>>>>  + jq("button.commit").text("$Lang::tr{'restart'}").val("UNB_RE=
START");
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + jq("button.commit").text("$Lang::tr{'rpz apply'}").val("RPZ_=
RELOAD");
>>>>>>>>>>>  + }
>>>>>>>>>>>  + btnModified =3D modify;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + // jQuery DOM ready
>>>>>>>>>>>  + jq(function() {
>>>>>>>>>>>  + attachMouseEvents();
>>>>>>>>>>>  + });
>>>>>>>>>>>  + })(jQuery, document);
>>>>>>>>>>>  +</script>
>>>>>>>>>>>  +END
>>>>>>>>>>>  +;
>>>>>>>>>>>  + } # End of modifier key handler
>>>>>>>>>>>  +
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Internal action processing functions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Toggle zonefile on/off
>>>>>>>>>>>  +sub _action_zf_toggle {
>>>>>>>>>>>  + return unless(defined $zonefiles{$action_key});
>>>>>>>>>>>  +
>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>  + my $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Perform toggle action
>>>>>>>>>>>  + if($enabled eq 'on') {
>>>>>>>>>>>  + $enabled =3D 'off';
>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 'remove=
', $action_key, '--no-reload');
>>>>>>>>>>>  + } else {
>>>>>>>>>>>  + $enabled =3D 'on';
>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 'add',=
 $action_key, $zonefiles{$action_key}{'url'}, '--no-reload');
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Save changes
>>>>>>>>>>>  + $zonefiles{$action_key}{'enabled'} =3D $enabled;
>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Remove zonefile
>>>>>>>>>>>  +sub _action_zf_remove {
>>>>>>>>>>>  + return unless(defined $zonefiles{$action_key});
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Remove from rpz-config if currently active
>>>>>>>>>>>  + if($zonefiles{$action_key}{'enabled'} eq 'on') {
>>>>>>>>>>>  + my $result =3D &General::system('/usr/sbin/rpz-config', 'rem=
ove', $action_key, '--no-reload');
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Remove from data hash and save changes
>>>>>>>>>>>  + delete $zonefiles{$action_key};
>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Clear action_key, as the entry is now removed entirely
>>>>>>>>>>>  + $action_key =3D "";
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Create or update zonefile entry
>>>>>>>>>>>  +# Returns undef if gui needs to stay in editor mode
>>>>>>>>>>>  +sub _action_zf_save {
>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>  +
>>>>>>>>>>>  + my $name =3D $cgiparams{'ZF_NAME'} // "";
>>>>>>>>>>>  + my $url =3D $cgiparams{'ZF_URL'} // "";
>>>>>>>>>>>  + my $remark =3D $cgiparams{'ZF_REMARK'} // "";
>>>>>>>>>>>  + my $enabled =3D 'on'; # Enable new entries by default
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Note on variables:
>>>>>>>>>>>  + # name =3D unique key, will be used to address the entry
>>>>>>>>>>>  + # action_key =3D name of the entry being edited, empty for n=
ew entry
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Only check for unique name if it changed
>>>>>>>>>>>  + # (this also checks new entries because the action_key is em=
pty in this case)
>>>>>>>>>>>  + $result =3D &_rpz_validate_zonefile($name, $url, $remark, (l=
c($name) ne lc($action_key)));
>>>>>>>>>>>  + return unless &_rpz_check_result($result, 0);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Edit existing entry: Determine what was changed
>>>>>>>>>>>  + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>>>>>  + # Name und URL remain unchanged, only save remark and finish
>>>>>>>>>>>  + if(($name eq $action_key) && ($url eq $zonefiles{$action_key=
}{'url'})) {
>>>>>>>>>>>  + $zonefiles{$action_key}{'remark'} =3D $remark;
>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Entry was changed and needs to be recreated, preserve stat=
us
>>>>>>>>>>>  + $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Remove from rpz-config
>>>>>>>>>>>  + return unless &_action_zf_remove();
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Add new entry to rpz-config
>>>>>>>>>>>  + if($enabled eq 'on') {
>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 'add',=
 $name, $url, '--no-reload');
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Add to global data hash and save changes
>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> $enabled,
>>>>>>>>>>>  + 'url' =3D> $url,
>>>>>>>>>>>  + 'remark' =3D> $remark);
>>>>>>>>>>>  +
>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Save custom lists
>>>>>>>>>>>  +sub _action_cl_save {
>>>>>>>>>>>  + return unless((defined $cgiparams{'ALLOW_LIST'}) && (defined =
$cgiparams{'BLOCK_LIST'}));
>>>>>>>>>>>  +
>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>  +
>>>>>>>>>>>  + my @allowlist =3D split(/\R/, $cgiparams{'ALLOW_LIST'});
>>>>>>>>>>>  + my @blocklist =3D split(/\R/, $cgiparams{'BLOCK_LIST'});
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Validate lists
>>>>>>>>>>>  + $result =3D &_rpz_validate_customlist(\@allowlist);
>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(202, $result);
>>>>>>>>>>>  + return;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + $result =3D &_rpz_validate_customlist(\@blocklist);
>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(203, $result);
>>>>>>>>>>>  + return;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Add to global data hash and save changes
>>>>>>>>>>>  + $customlists{'allow'}{'list'} =3D \@allowlist;
>>>>>>>>>>>  + $customlists{'block'}{'list'} =3D \@blocklist;
>>>>>>>>>>>  + $customlists{'allow'}{'enabled'} =3D (defined $cgiparams{'AL=
LOW_ENABLED'}) ? 'on' : 'off';
>>>>>>>>>>>  + $customlists{'block'}{'enabled'} =3D (defined $cgiparams{'BL=
OCK_ENABLED'}) ? 'on' : 'off';
>>>>>>>>>>>  +
>>>>>>>>>>>  + &_customlists_save_conf();
>>>>>>>>>>>  + &_customlist_export('allow', $RPZ_ALLOWLIST);
>>>>>>>>>>>  + &_customlist_export('block', $RPZ_BLOCKLIST);
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Make new lists, request service reload on success
>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-make', 'allowblo=
ck', '--no-reload');
>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Trigger rpz-config reload
>>>>>>>>>>>  +sub _action_rpz_reload {
>>>>>>>>>>>  + return 1 unless &_rpz_needs_reload();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Immediately clear flag to prevent multiple reloads
>>>>>>>>>>>  + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>>>>>  + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOAD_FL=
AG: $!";
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Perform reload, recreate reload flag on error to enable re=
try
>>>>>>>>>>>  + my $result =3D &General::system('/usr/sbin/rpz-config', 'rel=
oad');
>>>>>>>>>>>  + if(not &_rpz_check_result($result, 0)) {
>>>>>>>>>>>  + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>>>>>  + return;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Trigger unbound restart
>>>>>>>>>>>  +sub _action_unb_restart {
>>>>>>>>>>>  + return 1 unless &_rpz_needs_reload();
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Immediately clear flag to prevent multiple restarts
>>>>>>>>>>>  + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>>>>>  + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOAD_FL=
AG: $!";
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Perform restart, unboundctrl always exits zero
>>>>>>>>>>>  + &General::system('/usr/local/bin/unboundctrl', 'restart');
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Internal rpz-config functions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Translate rpz-config exitcodes and messages
>>>>>>>>>>>  +# 100-199: rpz-config, 200-299: webgui
>>>>>>>>>>>  +sub _rpz_error_tr {
>>>>>>>>>>>  + my ($error, $append) =3D @_;
>>>>>>>>>>>  + $append //=3D '';
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Translate numeric exit codes
>>>>>>>>>>>  + if(looks_like_number($error)) {
>>>>>>>>>>>  + if(defined $Lang::tr{"rpz exitcode $error"}) {
>>>>>>>>>>>  + $error =3D $Lang::tr{"rpz exitcode $error"};
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + return "RPZ $Lang::tr{'error'}: $error" . &Header::escape($a=
ppend);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Check result of rpz-config system call, request reload on s=
uccess
>>>>>>>>>>>  +sub _rpz_check_result {
>>>>>>>>>>>  + my ($result, $request_reload) =3D @_;
>>>>>>>>>>>  + $request_reload //=3D 0;
>>>>>>>>>>>  +
>>>>>>>>>>>  + # exitcode 0 =3D success
>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr($result);
>>>>>>>>>>>  + return;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Set reload flag
>>>>>>>>>>>  + if($request_reload) {
>>>>>>>>>>>  + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 1;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Test whether reload flag is set
>>>>>>>>>>>  +sub _rpz_needs_reload {
>>>>>>>>>>>  + return (-f $RPZ_RELOAD_FLAG);
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Validate a zonefile entry, returns rpz-config exitcode on f=
ailure. Use _rpz_check_result to verify.
>>>>>>>>>>>  +# unique =3D check for unique name
>>>>>>>>>>>  +sub _rpz_validate_zonefile {
>>>>>>>>>>>  + my ($name, $url, $remark, $unique) =3D @_;
>>>>>>>>>>>  + $unique //=3D 1;
>>>>>>>>>>>  +
>>>>>>>>>>>  + unless($name =3D~ /^[a-zA-Z0-9_]{1,32}$/) {
>>>>>>>>>>>  + return 101;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + unless($url =3D~ /^[\w+\.:;\/\\&@#%?=3D\-~|!]{1,128}$/) {
>>>>>>>>>>>  + return 105;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + unless($remark =3D~ /^[\w \-()\.:;*\/\\?!&=3D]{0,32}$/) {
>>>>>>>>>>>  + return 201;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Check against already existing names
>>>>>>>>>>>  + if($unique) {
>>>>>>>>>>>  + foreach my $existing (keys %zonefiles) {
>>>>>>>>>>>  + if(lc($name) eq lc($existing)) {
>>>>>>>>>>>  + return 104;
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 0;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Validate a custom list, returns number of rejected line on=
 failure. Check for non-zero results.
>>>>>>>>>>>  +# listref =3D array reference, cleanup =3D remove invalid ent=
ries instead of returning an error
>>>>>>>>>>>  +sub _rpz_validate_customlist {
>>>>>>>>>>>  + my ($listref, $cleanup) =3D @_;
>>>>>>>>>>>  + $cleanup //=3D 0;
>>>>>>>>>>>  +
>>>>>>>>>>>  + foreach my $index (reverse 0..$#{$listref}) {
>>>>>>>>>>>  + my $row =3D @$listref[$index];
>>>>>>>>>>>  + next unless($row); # Skip/allow empty lines
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Reject/remove everything besides wildcard domains and rema=
rks
>>>>>>>>>>>  + if((not &General::validwildcarddomainname($row)) && (not $ro=
w =3D~ /^;[\w \-()\.:;*\/\\?!&=3D]*$/)) {
>>>>>>>>>>>  + unless($cleanup) {
>>>>>>>>>>>  + # +1 for user friendly line number and to ensure non-zero ex=
itcode
>>>>>>>>>>>  + return $index + 1;
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Remove current row
>>>>>>>>>>>  + splice(@$listref, $index, 1);
>>>>>>>>>>>  + }
>>>>>>>>>>>  + }
>>>>>>>>>>>  +
>>>>>>>>>>>  + return 0;
>>>>>>>>>>>  +}
>>>>>>>>>>>  +
>>>>>>>>>>>  +
>>>>>>>>>>>  +###--- Internal misc functions ---###
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Send HTTP 303 redirect headers for post/request/get pattern
>>>>>>>>>>>  +# (Must be sent before calling &Header::showhttpheaders())
>>>>>>>>>>>  +sub _http_prg_redirect {
>>>>>>>>>>>  + my $location =3D "https://$ENV{'SERVER_NAME'}:$ENV{'SERVER_P=
ORT'}$ENV{'SCRIPT_NAME'}";
>>>>>>>>>>>  + print "Status: 303 See Other\n";
>>>>>>>>>>>  + print "Location: $location\n";
>>>>>>>>>>>  +}
>>>>>>>>>>>  diff --git a/lfs/rpz b/lfs/rpz
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..7ddbc38e5
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/lfs/rpz
>>>>>>>>>>>  @@ -0,0 +1,96 @@
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# IPFire.org - A linux based firewall                        =
                 #
>>>>>>>>>>>  +# Copyright (C) 2024  IPFire Team  <info@ipfire.org>         =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# This program is free software: you can redistribute it and/=
or modify        #
>>>>>>>>>>>  +# it under the terms of the GNU General Public License as pub=
lished by        #
>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the Licen=
se, or           #
>>>>>>>>>>>  +# (at your option) any later version.                        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# This program is distributed in the hope that it will be use=
ful,             #
>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warranty =
of              #
>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See t=
he               #
>>>>>>>>>>>  +# GNU General Public License for more details.               =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +# You should have received a copy of the GNU General Public L=
icense           #
>>>>>>>>>>>  +# along with this program.  If not, see <http://www.gnu.org/l=
icenses/>.       #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#  Definitions
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +include Config
>>>>>>>>>>>  +
>>>>>>>>>>>  +SUMMARY    =3D response policy zone - RPZ reputation system f=
or unbound DNS
>>>>>>>>>>>  +
>>>>>>>>>>>  +VER        =3D 1.0.0
>>>>>>>>>>>  +
>>>>>>>>>>>  +THISAPP    =3D rpz-$(VER)
>>>>>>>>>>>  +DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
>>>>>>>>>>>  +TARGET     =3D $(DIR_INFO)/$(THISAPP)
>>>>>>>>>>>  +
>>>>>>>>>>>  +PROG       =3D rpz
>>>>>>>>>>>  +PAK_VER    =3D 18
>>>>>>>>>>>  +
>>>>>>>>>>>  +DEPS       =3D
>>>>>>>>>>>  +
>>>>>>>>>>>  +SERVICES   =3D
>>>>>>>>>>>  +
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +# Top-level Rules
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +install : $(TARGET)
>>>>>>>>>>>  +
>>>>>>>>>>>  +check :
>>>>>>>>>>>  +
>>>>>>>>>>>  +download :
>>>>>>>>>>>  +
>>>>>>>>>>>  +b2 :
>>>>>>>>>>>  +
>>>>>>>>>>>  +dist:
>>>>>>>>>>>  + @$(PAK)
>>>>>>>>>>>  +
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +# Installation Details
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +
>>>>>>>>>>>  +$(TARGET) :
>>>>>>>>>>>  + @$(PREBUILD)
>>>>>>>>>>>  + @rm -rf $(DIR_APP)
>>>>>>>>>>>  +
>>>>>>>>>>>  + #  RPZ scripts
>>>>>>>>>>>  + install --verbose --mode=3D755 \
>>>>>>>>>>>  +  $(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-sleep,rpz-make,=
rpz-functions} \
>>>>>>>>>>>  +  --target-directory=3D/usr/sbin
>>>>>>>>>>>  +
>>>>>>>>>>>  + #  RPZ config files
>>>>>>>>>>>  + mkdir -pv /etc/unbound/local.d
>>>>>>>>>>>  + install --verbose --mode=3D644 --owner=3Dnobody --group=3Dno=
body \
>>>>>>>>>>>  +  $(DIR_CONF)/rpz/00-rpz.conf \
>>>>>>>>>>>  +  --target-directory=3D/etc/unbound/local.d
>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /etc/unbound/local=
.d
>>>>>>>>>>>  +
>>>>>>>>>>>  + #  RPZ custom list files for allow and block
>>>>>>>>>>>  + mkdir -pv /var/ipfire/dns/rpz
>>>>>>>>>>>  + touch /var/ipfire/dns/rpz/{allowlist,blocklist}
>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /var/ipfire/dns/rp=
z
>>>>>>>>>>>  +
>>>>>>>>>>>  + #  RPZ zone files
>>>>>>>>>>>  + #   create empty RPZ config file to avoid a unbound config e=
rror
>>>>>>>>>>>  + mkdir -pv /etc/unbound/zonefiles
>>>>>>>>>>>  + touch /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /etc/unbound/zonef=
iles
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Install addon-specific language-files
>>>>>>>>>>>  + install --verbose --mode=3D004 $(DIR_CONF)/rpz/rpz.*.pl \
>>>>>>>>>>>  +  --target-directory=3D/var/ipfire/addon-lang
>>>>>>>>>>>  +
>>>>>>>>>>>  + # Install backup definition
>>>>>>>>>>>  + cp -vf $(DIR_CONF)/backup/includes/rpz /var/ipfire/backup/ad=
dons/includes/rpz
>>>>>>>>>>>  +
>>>>>>>>>>>  + @rm -rf $(DIR_APP)
>>>>>>>>>>>  + @$(POSTBUILD)
>>>>>>>>>>>  diff --git a/make.sh b/make.sh
>>>>>>>>>>>  index 827ea9e77..a77535b13 100755
>>>>>>>>>>>  --- a/make.sh
>>>>>>>>>>>  +++ b/make.sh
>>>>>>>>>>>  @@ -390,7 +390,7 @@ prepareenv() {
>>>>>>>>>>>  if [ "${free_space}" -lt "${required_space}" ]; then
>>>>>>>>>>>  # Add any consumed space
>>>>>>>>>>>  while read -r consumed_space path; do
>>>>>>>>>>>  - (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>>>>>  + (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>>>>>  done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGES_DI=
R}" "${LOG_DIR}" 2>/dev/null)"
>>>>>>>>>>>  fi
>>>>>>>>>>>
>>>>>>>>>>>  @@ -2087,6 +2087,7 @@ build_system() {
>>>>>>>>>>>  lfsmake2 btrfs-progs
>>>>>>>>>>>  lfsmake2 inotify-tools
>>>>>>>>>>>  lfsmake2 grub-btrfs
>>>>>>>>>>>  + lfsmake2 rpz
>>>>>>>>>>>
>>>>>>>>>>>  lfsmake2 linux
>>>>>>>>>>>  lfsmake2 rtl8812au
>>>>>>>>>>>  diff --git a/src/paks/rpz/install.sh b/src/paks/rpz/install.sh
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..ef99bf742
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/src/paks/rpz/install.sh
>>>>>>>>>>>  @@ -0,0 +1,36 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#
>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>  +extract_files
>>>>>>>>>>>  +restore_backup ${NAME}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# fix user created files
>>>>>>>>>>>  +chown --verbose --recursive nobody:nobody \
>>>>>>>>>>>  + /var/ipfire/dns/rpz    \
>>>>>>>>>>>  + /etc/unbound/zonefiles \
>>>>>>>>>>>  + /etc/unbound/local.d
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  restart unbound to load config file
>>>>>>>>>>>  +/etc/init.d/unbound restart
>>>>>>>>>>>  diff --git a/src/paks/rpz/uninstall.sh b/src/paks/rpz/uninstal=
l.sh
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..e11427df3
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/src/paks/rpz/uninstall.sh
>>>>>>>>>>>  @@ -0,0 +1,38 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#
>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  stop unbound to delete RPZ conf file
>>>>>>>>>>>  +/etc/init.d/unbound stop
>>>>>>>>>>>  +
>>>>>>>>>>>  +make_backup ${NAME}
>>>>>>>>>>>  +remove_files
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  delete rpz config files.  Otherwise unbound will throw err=
or:
>>>>>>>>>>>  +#    "[1723428668] unbound-control[17117:0] error: connect: C=
onnection refused for 127.0.0.1 port 8953"
>>>>>>>>>>>  +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  start unbound to load unbound config file
>>>>>>>>>>>  +/etc/init.d/unbound start
>>>>>>>>>>>  diff --git a/src/paks/rpz/update.sh b/src/paks/rpz/update.sh
>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>  index 000000000..9bc340bc6
>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>  +++ b/src/paks/rpz/update.sh
>>>>>>>>>>>  @@ -0,0 +1,52 @@
>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  IPFire.org - A linux based firewall                       =
                 #
>>>>>>>>>>>  +#  Copyright (C) 2024  IPFire Team  <info@ipfire.org>        =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is free software: you can redistribute it and=
/or modify       #
>>>>>>>>>>>  +#  it under the terms of the GNU General Public License as pu=
blished by       #
>>>>>>>>>>>  +#  the Free Software Foundation, either version 3 of the Lice=
nse, or          #
>>>>>>>>>>>  +#  (at your option) any later version.                       =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  This program is distributed in the hope that it will be us=
eful,            #
>>>>>>>>>>>  +#  but WITHOUT ANY WARRANTY; without even the implied warrant=
y of             #
>>>>>>>>>>>  +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See=
 the              #
>>>>>>>>>>>  +#  GNU General Public License for more details.              =
                 #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#  You should have received a copy of the GNU General Public=
 License          #
>>>>>>>>>>>  +#  along with this program.  If not, see <http://www.gnu.org/=
licenses/>.      #
>>>>>>>>>>>  +#                                                            =
                 #
>>>>>>>>>>>  +#############################################################=
##################
>>>>>>>>>>>  +#
>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  from update.sh
>>>>>>>>>>>  +extract_backup_includes
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  stop unbound to delete RPZ conf file
>>>>>>>>>>>  +/etc/init.d/unbound stop
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  from uninstall.sh
>>>>>>>>>>>  +make_backup ${NAME}
>>>>>>>>>>>  +remove_files
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  delete rpz config files.  Otherwise unbound will throw err=
or:
>>>>>>>>>>>  +#    "unbound-control[nn:0] error: connect: Connection refuse=
d for 127.0.0.1 port 8953"
>>>>>>>>>>>  +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  from install.sh
>>>>>>>>>>>  +extract_files
>>>>>>>>>>>  +restore_backup ${NAME}
>>>>>>>>>>>  +
>>>>>>>>>>>  +# fix user created files
>>>>>>>>>>>  +chown --verbose --recursive nobody:nobody \
>>>>>>>>>>>  + /var/ipfire/dns/rpz    \
>>>>>>>>>>>  + /etc/unbound/zonefiles \
>>>>>>>>>>>  + /etc/unbound/local.d
>>>>>>>>>>>  +
>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>  +
>>>>>>>>>>>  +#  restart unbound to load config files
>>>>>>>>>>>  +/etc/init.d/unbound start
>>>>>>>>>>>  --
>>>>>>>>>>>  2.39.5
>>>>>>>>>>>
>>>>>>>>>  Jon
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  --
>>>>>>>>>  Jon Murphy
>>>>>>>>>  jon.murphy@ipfire.org
>>>>>>>  Jon
>>>>>>>
>>>>>>>
>>>>>>>  --
>>>>>>>  Jon Murphy
>>>>>>>  jon.murphy@ipfire.org
>>>>>
>>>>
>>>
>>
>
>
--------=_MB18E374EA-1FEF-47A9-B684-97CC26104E9A
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><style id=3D"">
#x48c0351b473d40fea84d0dea3540fb4d {
	font-size: 10.5pt;
}

@media print  {
}

#x48c0351b473d40fea84d0dea3540fb4d {
	font-family: Menlo;
	font-size: 10.5pt;
}
#x22fdf531c24d47ddb0e4a8c8cbd431d9 {
	font-size: 10.5pt;
}

@media print  {
}

#x22fdf531c24d47ddb0e4a8c8cbd431d9 {
	font-family: Menlo;
	font-size: 10.5pt;
}</style>

<style id=3D"css_styles" type=3D"text/css"><!--blockquote.cite { margin-lef=
t: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-le=
ft: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px;=
 padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding=
-top: 0px; }
a img { border: 0px; }
table { border-collapse: collapse; }
li[style=3D'text-align: center;'], li[style=3D'text-align: center; '], li[s=
tyle=3D'text-align: right;'], li[style=3D'text-align: right; '] {  list-sty=
le-position: inside;}
body { font-family: Menlo; font-size: 9pt; }
.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb soli=
d; padding-left: 0.3em; }
a.em-mention[href] { text-decoration: none; color: inherit; border-radius:=
 3px; padding-left: 2px; padding-right: 2px; background-color: #e2e2e2; }
--></style></head><body class=3D"plain" style=3D"overflow-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;"><div>Michael,</d=
iv><div><br /></div><div>FYI - I was wrong Unbound RPZ is _not_ watching th=
e serial number, it is watching the "refresh", the number after the serial=
 number.</div><div><br /></div><div><br /></div><div><div class=3D"quote"><d=
iv id=3D"x0c3fccd3a2924cafad39b54da7153cf5"><div class=3D"plain_line" style=
=3D"margin: 3px 0px 12px 5px;">I understand that you don=E2=80=99t speak C, =
but you got the information from somewhere. Documentation maybe? Since tha=
t is out of date very often I like to consult the code.</div></div></div></=
div><div>From testing. =C2=A0Downloading rpz files using rpz unbound, and w=
atching what happens.=C2=A0 If the rpz file is setup for "once per day" ref=
resh, then it only downloads one time.</div><div><br /></div><div><br /></d=
iv><div><br /></div><div><div class=3D"quote"><div id=3D"x924b672d2bc54f1d9=
34810bca4deb5a2"><div class=3D"plain_line" style=3D"margin: 3px 0px 12px 5p=
x;">However that won=E2=80=99t solve our problem . . . and having no cache.=
</div>
<div class=3D"plain_line" style=3D"margin: 3px 0px 12px 5px;"></div></div><=
/div></div><div><div id=3D"x22fdf531c24d47ddb0e4a8c8cbd431d9"><div class=3D=
"plain_line" style=3D"font-family: monospace; margin: 0px;">In `/etc/unboun=
d/tuning.conf` there is `rrset-cache-size: 128m`.  Are you referring to a d=
ifferent cache.</div><div class=3D"plain_line" style=3D"font-family: monosp=
ace; margin: 0px;"><br /></div><div class=3D"plain_line" style=3D"font-fami=
ly: monospace; margin: 0px;"><br /></div><div class=3D"plain_line" style=3D=
"font-family: monospace; margin: 0px;"><div class=3D"quote"><div id=3D"x48c=
0351b473d40fea84d0dea3540fb4d"><div class=3D"plain_line" style=3D"font-fami=
ly: monospace; margin: 0px;">Maybe we need to implement both?</div><span st=
yle=3D"font-family: monospace; margin: 0px;">
</span><div class=3D"plain_line" style=3D"font-family: monospace; margin: 0=
px;"></div></div></div></div></div></div>
<div>
<div><br /></div><div><span>Yes. =C2=A0There are very few AXFR list (I thin=
k only four were found). =C2=A0And many more HTTPS rpz files.</span></div><=
div><br /></div><div><br /></div><div><br /></div><div>Jon</div><div><br />=
</div><div><br /></div><div>------ Original Message ------</div>
<div>From "Michael Tremer" &lt;michael.tremer@ipfire.org&gt;</div>
<div>To "Jon Murphy" &lt;jon.murphy@ipfire.org&gt;</div>
<div>Cc "IPFire: Development-List" &lt;development@lists.ipfire.org&gt;</di=
v>
<div>Date 3/20/2025 11:26:43=E2=80=AFAM</div>
<div>Subject Re: [PATCH] RPZ: update code to include WEBGUI and additional=
 languages</div></div><div><br /></div>
<div id=3D"x6293182de17e46a"><blockquote type=3D"cite" class=3D"cite2">

<div class=3D"plain_line">Hello Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">Please don=E2=80=99t forget to Cc the list...</di=
v>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 19 Mar 2025, at 18:27, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Where in the code is this implemented? I cannot=
 find anything like this:</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Keep in mind I am not a "C" person.  Maybe in th=
is section?:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> https://git.ipfire.org/?p=3Dthirdparty/unbound.g=
it;a=3Dblob;f=3Dservices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e67865239661=
5b1b7d#l5875</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">This where the AXFR response is being handled whe=
n doing a DNS zone transfer. This code is not being called when performing=
 a HTTP download.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">I understand that you don=E2=80=99t speak C, but=
 you got the information from somewhere. Documentation maybe? Since that is=
 out of date very often I like to consult the code.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> =E2=80=94</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> When I was just learning about RPZ I created a s=
eparate RPZ file for testing.  When I changed the SOA line with a new seria=
l number, the RPZ file download would happen in about 5 minutes.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> https://people.ipfire.org/~jon/sblack-adhoc.rpz<=
/div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">It might well be that the file is not being reloa=
ded if the download matches the content that unbound already has. That woul=
d of course save some resources.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">However that won=E2=80=99t solve our problem with =
redundant downloads and having no cache.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> That is how I found out the SOA line is watched=
 for a serial number change.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I=E2=80=99ll reconfirm my findings.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> The second reason is that we have a lot of firew=
alls out there. Not all of them will enable this feature and all of the lis=
ts, but even if it is a good chunk, we will generate terabytes of traffic w=
hich put load on the infrastructure and will cost money. It simply is not w=
hat we want to do, regardless of self-hosting those lists and pulling them=
 from somewhere else.</div>
</blockquote>
</blockquote>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So I understand, are you thinking of hosting RPZ =
AXFR (DNS zone transfer) on IPFire infrastructure?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">No, I don=E2=80=99t think that we can generally d=
o this. The biggest problem is licensing as we cannot take anyones content=
 and host it ourselves. We would re-distribute those lists and that will onl=
y work with permission of the publishers. I assume that would be too much w=
ork to actually get some useful content out there. We might limit ourselves =
to only those lists that are under a very permissive license. Nobody wants =
that.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">From a technical point of view, DNS over TCP migh=
t not be very nice in terms of forging the transfer and so we would need TL=
S as well=E2=80=A6 It should work, but even if we would be able to encourag=
e other people to publish their lists I doubt they would implement DNS over =
TLS for authoritative DNS. That standard is in very early stages as well.<=
/div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">As far as I can see, those vendors who offer a li=
st as a commercial product are using DNS to distribute it (e.g. Spamhaus).=
 Those people who have made this all a hobby are throwing the lists onto Git=
Hub and let them handle the traffic.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">Maybe we need to implement both?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">-Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 3/19/25 5:35 AM, Michael Tremer wrote:</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Hello Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Where in the code is this implemented? I cannot=
 find anything like this:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Unbound loads the entire file into memory and th=
en starts parsing it. The only special treatment there is is to check wheth=
er the first line is a valid zone entry. It does not even have to be a SOA=
 record.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">   https://git.ipfire.org/?p=3Dthirdparty/unbound=
.git;a=3Dblob;f=3Dservices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e678652396=
615b1b7d#l1188</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I am also concerned that Unbound will not be abl=
e to support an upstream proxy for any downloads. The caching situation is=
 also unclear for me, so I believe that we will be looking at writing a cust=
om downloader that implements all these things.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 19 Mar 2025, at 02:58, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> The emphasis is on the repeated downloads of the =
same list. That is</div>
</blockquote>
<div class=3D"plain_line"> =E2=80=8B&gt; what cannot happen.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The Unbound RPZ code, as installed within IPFire=
, watches for a change</div>
<div class=3D"plain_line"> =E2=80=8Bin the SOA line of each RPZ file.  This =
is an example of the first few</div>
<div class=3D"plain_line"> =E2=80=8Blines for every RPZ file.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">     $TTL 300</div>
<div class=3D"plain_line">     @ SOA localhost. root.localhost. 1742298960=
 43200 3600 86400 300</div>
<div class=3D"plain_line">       NS  localhost.</div>
<div class=3D"plain_line">     ;</div>
<div class=3D"plain_line">     ; Title: HaGeZi's Pop-Up Ads DNS Blocklist</=
div>
<div class=3D"plain_line">     ; Description: Blocks annoying and malicious =
pop-up ads.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> If the SOA serial number changes (e.g. the 17422=
98960), then Unbound RPZ</div>
<div class=3D"plain_line"> =E2=80=8Bcode does its thing and downloads. Othe=
rwise there is no download.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> So there has to be a way to ensure that we won=
=E2=80=99t download a list again</div>
</blockquote>
<div class=3D"plain_line"> =E2=80=8B&gt; unless it has actually changed.</d=
iv>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> This should do what you want but I may be missin=
g your point.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> DNS has a builtin functionality called AXFR. It=
 simply does the job</div>
</blockquote>
<div class=3D"plain_line"> =E2=80=8B&gt; for you. I was just wondering whet=
her that was not being used.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I need to read about AXFR/IXFR and learn a littl=
e more.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 3/17/25 5:35 AM, Michael Tremer wrote:</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Good Morning Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 16 Mar 2025, at 17:00, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I was reading through you response again an I wa=
nt to understand this post:</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> I have also stated that we cannot download any l=
ists over HTTPS again and again and again. The implementation that we have=
 here seems to exactly do that and therefore I think that my feedback has be=
en dismissed entirely.</div>
</blockquote>
<div class=3D"plain_line"> So if RPZ doesn't use HTTPS, what is it using? =
 I am missing a key point here.</div>
</blockquote>
<div class=3D"plain_line"> The emphasis is on the repeated downloads of the =
same list. That is what cannot happen.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Although it might not affect a lot of people in=
 our general user-base, there are some that have a metered connection and wi=
ll pay for data by volume. Some of the lists I looked at are just under 20=
 MiB. Therefore we need to keep any traffic down to a minimum. The second re=
ason is that we have a lot of firewalls out there. Not all of them will ena=
ble this feature and all of the lists, but even if it is a good chunk, we w=
ill generate terabytes of traffic which put load on the infrastructure and=
 will cost money. It simply is not what we want to do, regardless of self-ho=
sting those lists and pulling them from somewhere else.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So there has to be a way to ensure that we won=
=E2=80=99t download a list again unless it has actually changed.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> DNS has a builtin functionality called AXFR. It=
 simply does the job for you. I was just wondering whether that was not bein=
g used.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> HTTPS is an option because that is simply what w=
e use elsewhere, but extra functionality will have to be built for it.</div=
>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 2/13/25 3:34 PM, jon wrote:</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I=E2=80=99ve read through your comments a few ti=
mes and I ended up with many more questions.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> What I rather mean is that it has never been add=
ed as a topic on the agenda and it has not been pitched by yourself.</div>
</blockquote>
<div class=3D"plain_line"> To me the efforts to get new code accepted seem=
 to have changed and it seemed easier in the past.  In the past I made the C=
ore Team aware via the Dev Mailing List and wrote a simple two or three par=
agraphs of "What is it? / What is the value? / Here is the code"</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So in an effort to move forward:  How exactly is =
something presented to the Core Team?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Is there an example of a recent effort that was=
 presented that I can see as a sample?  (This type of info can also be added =
to the Wiki)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I understand you want it this way, but I don=E2=
=80=99t know what exactly is needed.   Please be specific.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> PS - I am not ignoring your other comments, I am =
just trying to move forward and keep things simple.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On Feb 8, 2025, at 1:27=E2=80=AFPM, Michael Trem=
er &lt;michael.tremer@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Hello Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Thanks for your reply. And good that you are cop=
ying everyone into this conversation.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 8 Feb 2025, at 18:41, jon &lt;jon.murphy@ipfi=
re.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> I think I have covered this all at lengths befor=
e that this project has been started as a separate effort</div>
</blockquote>
<div class=3D"plain_line"> Yes, this has been a separate effort (a very pub=
lic separate effort).  Yes, as you pointed this out early on with the "proo=
f-of-concept" and then my request for people to help test RPZ.  Nothing was =
hidden.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> This was done because you (and maybe others) did =
not have the time and I wanted to help and because I needed assistance wit=
h RPZ.  I tried my best to do this without bothering you.</div>
</blockquote>
<div class=3D"plain_line"> I don=E2=80=99t that it is accurate that nobody=
 wanted to help on this. The list was always open - although not every email =
has been replied to swiftly it is also your responsibility to raise a ques=
tion again if it was missed. People here have open ears.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> It was also stated on this very list on in our d=
ocumentation that working on something without involving the core team is a =
risky undertaking. Of course IPFire is free software and so everyone is fr=
ee to fork if they wish to do so.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> and as far as I am aware none of the other team=
 members has been involved. This has not been discussed either on this list, =
on our calls.</div>
</blockquote>
<div class=3D"plain_line"> You were aware many steps along the way.  See yo=
ur email on July 28, 2024, August 15, 2024, September 30, 2024, December 23=
, 2024, and January 16.  My attempts to get the team involved were met with =
"things are busy" and sometimes silence.  (Yes, I get it, people are busy.=
)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You and Adolf, Leo, Erik and Bernhard have been=
 aware since the beginning.  You mention you were aware of the "proof-of-con=
cept".  If you include those beginning posts, since Sep 2023.</div>
</blockquote>
<div class=3D"plain_line"> Yes, I am aware of a proof-of-concept that I hav=
e been running myself for a long time. I am also aware of the efforts that=
 you have been taking.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Yet I don=E2=80=99t think there has ever been an=
y joint effort, or am I seeing that wrong?</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> This has not been discussed . . . on our calls.<=
/div>
</blockquote>
<div class=3D"plain_line"> On the July 28th you stated:</div>
<div class=3D"plain_line"> "We have talked about RPZ many times on the mont=
hly call since the URL filter feature is falling more and more out of fashi=
on. I think there is also many posts about this on the forum."</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Please don=E2=80=99t insult me again by stating=
 "you know what I mean".</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> And it has been discussed but not documented in=
 the Monthly Meeting notes.</div>
</blockquote>
<div class=3D"plain_line"> I am not at all insulting you. I don=E2=80=99t w=
ant to take this down to a personal level at all. This is a public mailing=
 list and people who read this don=E2=80=99t need to listen to an argument w=
e are having. They are here for the tech inside IPFire.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> When I wrote that it has not been discussed that =
does not mean that we have not been touching on the topic. We have been ta=
lking about lots of things on the calls, the weather, politics, how our pet=
s are. None of that makes it to the logs. What I rather mean is that it has =
never been added as a topic on the agenda and it has not been pitched by y=
ourself.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Instead there has been a separate conversation o=
n the forum with the occasional dip here to the list. But that was not a re=
gular two-way conversation.</div>
</blockquote>
<div class=3D"plain_line"> Regular conversation on the Dev Mailing list is=
 many times met with silence.  I get it, people are busy.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> And regular two-way conversation doesn=E2=80=99t =
happen on the list.  At least not with me.  I=E2=80=99d be happy to point=
 out the posts that were met with silence.</div>
<div class=3D"plain_line"> Again, I get it, people are busy.</div>
</blockquote>
<div class=3D"plain_line"> And you think my emails are not being met with s=
ilence? This has nothing to do with this specific topic. This has something =
to do with how occupied people are and how engaged they are on certain top=
ics. Not everyone is involved in all the things and simply will ignore emai=
ls simply based on their subject line.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> But the "dip here to the list" were my attempts=
 to get a conversation started.  As I said, many time met with silence.</div=
>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The only place I was not met with silence was on =
the Community.  You have a great group of people in the Community.  It is=
 a shame you don=E2=80=99t want to have others help.  It would reduce your w=
orkload.</div>
</blockquote>
<div class=3D"plain_line"> You should stop making statements that are not t=
rue. Who doesn=E2=80=99t want anyone to help?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Not having this conversation on a Saturday eveni=
ng would reduce my workload. At least it would free up time for something e=
lse. Helping with the things that are already on the go would reduce the wo=
rkload of the entire team. Starting one thing at a time and finishing it is =
a lot better to manage than starting a hundred things and not even finish=
 one. I can tell you that I already have a hundred things on the go.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Therefore, what am I supposed to do with this em=
ail?</div>
</blockquote>
<div class=3D"plain_line"> To me it is beyond obvious=E2=80=A6</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> If it isn=E2=80=99t what you want, then guide me =
with how to do this the correct way.  And be specific.  I am trying to hel=
p.  I am trying to make things better. I am trying to do things the right w=
ay.</div>
</blockquote>
<div class=3D"plain_line"> To me it isn=E2=80=99t. This is yet another proj=
ect that has been dumped to the list like so many before and later on every=
one has left to have the team deal with the rest.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> It is a huge patch set. You explained what the v=
ision is, but that is about it. There is no chance this will continue if th=
is disagreement isn=E2=80=99t solved first. I didn=E2=80=99t even look at t=
he code.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that I don=E2=
=80=99t agree with.</div>
</blockquote>
<div class=3D"plain_line"> I asked multiple times if you "agreed with the c=
oncept" and again, met with silence. Yes I get it, people are busy.</div>
</blockquote>
<div class=3D"plain_line"> Having support for RPZ? Yes, it was definitely o=
n the roadmap. That I agree with.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> So many fundamental things that I have been rais=
ing have either not been discussed or outright dismissed.</div>
</blockquote>
<div class=3D"plain_line"> You mentioned this a in the past, but for some r=
eason you do not disclose what I dismissed.  Why do you continue to make th=
is harder, wouldn=E2=80=99t it not be easier to tell me what I have dismiss=
ed?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I have sent multiple emails trying to answer you=
r concerns and comments.  On July 28, Aug 14, Aug 22, Aug 23, Sep 30, etc.<=
/div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I=E2=80=99ve gone through all of the questions y=
ou asked and I cannot find a "dismissed" item.</div>
</blockquote>
<div class=3D"plain_line"> Maybe I need to be *more clear*. I feel humoured =
by this.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> It is late on a Saturday and I want my dinner so=
on, but certainly I have stated that this should never be an add-on conside=
ring it is supposed to replace URL Filter. We should never allow people to=
 add their own sources. I have also stated that we cannot download any lists =
over HTTPS again and again and again. The implementation that we have here =
seems to exactly do that and therefore I think that my feedback has been d=
ismissed entirely.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that has no f=
uture inside IPFire as there is no constructive conversation with the maint=
ainers of it.</div>
</blockquote>
<div class=3D"plain_line"> The maintainers of Unbound and/or RPZ?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The maintainers of Hagezi list, the threatfox li=
st, the urlhaus list, etc.?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> What else?  The maintainers or the RPZ scripts?  =
That is me.  Let=E2=80=99s talk!</div>
</blockquote>
<div class=3D"plain_line"> You. I don=E2=80=99t care much about the provide=
rs of the lists.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> See, this is where it gets confusing.  There are =
hundreds of open source packages as part of IPFire.  Pick the last five ye=
ars of items added to the IPFire build.  You're telling me you have "constr=
uctive conversation with the maintainers" of all of the added packages?</di=
v>
</blockquote>
<div class=3D"plain_line"> They publish their software and they don=E2=80=
=99t care whether I am pulling it or not. They publish it with the commitme=
nt to maintain it - sometimes for better and sometimes for worse.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You care about me pulling your code and I don=E2=
=80=99t know whether you would commit to maintain this.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> These two are very different cases.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Pick the IP Blocklists list (i.e., 3CORESEC, ABU=
SECH, DSHIELD, SPAMHAUS, etc.)  or the Suricata lists (i.e.,Emergingthreats=
.net &lt;http://emergingthreats.net/&gt;,Abuse.ch &lt;http://abuse.ch/&gt;, =
etc.).  So you=E2=80=99ve have "constructive conversation with the maintai=
ners"?</div>
</blockquote>
<div class=3D"plain_line"> Yes, occasionally I have phone calls with a few=
 of these providers.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Having been trying for a long time to make you a=
ware of this, nothing of this should come as a surprise.</div>
</blockquote>
<div class=3D"plain_line"> Ha!  Yes a surprise.  In the beginning you seeme=
d interested as IPFire needed a replacement for URL Filter.  You asked good =
questions about the lists picked, asked for the value to the users, etc. =
 And I answered the best I could.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You even asked: =E2=80=9CWhy is this realised as =
an add-on and not part of the core system?=E2=80=9D from your Jul 28, 2024 =
email.</div>
</blockquote>
<div class=3D"plain_line"> Ah, so, why is the patch creating an add-on? Not =
that I am saying that what I say is law, but it has not been challenged ei=
ther. If my input is being ignored, why should I put this to the top of my=
 list of priorities? I am not disappointed about this, just trying to be ver=
y good with my time.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> And on January 16, 2025 I wrote a message lookin=
g for help.  And you were kind to respond quickly.  So in three weeks time, =
since the kind response, something has changed.  You went from supportive=
 to "this".</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So yes, I am surprised.</div>
</blockquote>
<div class=3D"plain_line"> Well, maybe I should not have replied to that em=
ail. It was clear that you were on some path that was not right, but you we=
re not interested before in finding the right path from the beginning.</div=
>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Please consider if that can be changed and if th=
ere is a path forward with this.</div>
</blockquote>
<div class=3D"plain_line"> Be more specific, what has to change?  What exac=
tly did I dismiss?</div>
</blockquote>
<div class=3D"plain_line"> Dismissal is just my assumption. I don=E2=80=99t =
know what you actually did with my feedback. I can only see the end produc=
t that does not seem contain much of it. Repeatedly I have been pointing ou=
t that we should think before we build. I am sure a lot of hours have now g=
one into some code that simply does not satisfy me. And I am not not talkin=
g about the code itself, what it does is what I don=E2=80=99t think is righ=
t for us.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The process is very clear for me that we should=
 first of all think whether we want a certain feature now. Then there should =
be a clear roadmap for everyone to follow; tasks can be split-up as we go=
 and hopefully then have something that is maintainable, interesting for our =
users and even would do us proud. This is how this should work.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So, what has to change? I don=E2=80=99t think wi=
th shouting at each other, throwing patches around and making me generally=
 unhappy is a good start.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On Feb 6, 2025, at 2:13=E2=80=AFPM, Michael Trem=
er &lt;michael.tremer@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Hello Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Well, here we are again with another patch regar=
ding this feature.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I cannot quite see from your email what the ques=
tion is, but if this is a request to have this merged into IPFire, I am onc=
e again sorry to disappoint you.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I think I have covered this all at lengths befor=
e that this project has been started as a separate effort and as far as I a=
m aware none of the other team members has been involved. This has not been =
discussed either on this list, on our calls. Instead there has been a sepa=
rate conversation on the forum with the occasional dip here to the list. Bu=
t that was not a regular two-way conversation. Therefore, what am I suppose=
d to do with this email?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that I don=E2=
=80=99t agree with. So many fundamental things that I have been raising hav=
e either not been discussed or outright dismissed.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that has no f=
uture inside IPFire as there is no constructive conversation with the maint=
ainers of it.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Having been trying for a long time to make you a=
ware of this, nothing of this should come as a surprise.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Please consider if that can be changed and if th=
ere is a path forward with this.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> All the best,</div>
<div class=3D"plain_line"> -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 6 Feb 2025, at 16:35, Jon Murphy &lt;jon.murp=
hy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> What is it?</div>
<div class=3D"plain_line"> Response Policy Zone (RPZ) is a mechanism to def=
ine local policies in a</div>
<div class=3D"plain_line"> standardized way and load those policies from ex=
ternal sources.</div>
<div class=3D"plain_line"> Bottom line: RPZ allows admins to easily block a=
ccess to websites via DNS lookup.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> RPZ can block websites via categories.  Examples =
include: fake websites, annoying</div>
<div class=3D"plain_line"> pop-up ads, newly registered domains, DoH bypass =
sites, bad "host" services,</div>
<div class=3D"plain_line"> maliscious top level domains (e.g., *.zip, *.mov=
), piracy, gambling, pornography,</div>
<div class=3D"plain_line"> and more.  RPZ lists come from various RPZ provi=
ders and their available</div>
<div class=3D"plain_line"> catagories.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> This RPZ add-on enables the RPZ functionality by =
adding a couple lines in a</div>
<div class=3D"plain_line"> configuration file.  This add-on simply adds con=
figuration files and adds</div>
<div class=3D"plain_line"> scripts (config, metrics and sleep) to make RPZ=
 easier for the admin to use.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The RPZ scripts include additional languages: Ge=
rman, Spanish, French, Turkish,</div>
<div class=3D"plain_line"> and Italian.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> RPZ itself was release in 2010 and has been part =
of the IPFire build since ~2015.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Why is it needed?  What is its value?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - The RPZ concept places this filtering into IPF=
ire, our internet access</div>
<div class=3D"plain_line"> gateway, which is (should be) solely used as DNS =
source of the internal network.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - As most sites use HTTPS it makes it difficult=
 to filter traffic with URL</div>
<div class=3D"plain_line"> Filter without also properly configuring convent=
ional (non-transparent)</div>
<div class=3D"plain_line"> mode on the proxy.  RPZ is a nice replacement fo=
r the URL Filter.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - No need to install and maintain an additional=
 device like PiHole or AdBlock</div>
<div class=3D"plain_line"> browser extensions on multiple user devices.</di=
v>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - This is an additional layer of protection for=
 users. Less worry someone will</div>
<div class=3D"plain_line"> click on something that gets them into trouble.=
 And, saying this with emphasis,</div>
<div class=3D"plain_line"> the ability to do it in one place!</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - Blocked sites save on unneeded traffic and can =
lessen the threat of malware</div>
<div class=3D"plain_line"> in advertisements</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - Logging allows the admin to see the site block=
ed and take actions</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - RPZ will be used at the home, home-office (wor=
k from home), schools,</div>
<div class=3D"plain_line"> ministerial, and at the office.  Device counts a=
re small (2-6) to medium (~80)</div>
<div class=3D"plain_line"> to mediam-large (200+).</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> - RPZ can block ads, popups, phishing, scammers, =
spyware, malware, annoying</div>
<div class=3D"plain_line"> popups, NSFW links, DOH servers, and the usual i=
nternet trash.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ------------------------------</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Change Log for RPZ add-on</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-1.0.0-18 on 2025-02-05</div>
<div class=3D"plain_line"> - Build for approval &amp; release as IPFire add=
-on</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.18-18.ipfire on 2025-02-01</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added a mod key to force a unboun=
d restart</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-config and rpz-make:</div>
<div class=3D"plain_line"> - new feature: added action for unbound restart=
 `rpz-config unbound-restart`</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-metrics:</div>
<div class=3D"plain_line"> - simple reformatting</div>
<div class=3D"plain_line"> - rename far right column from "last update" to=
 "last download"</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.17-17.ipfire on 2024-12-09</div>
<div class=3D"plain_line"> rpz-make</div>
<div class=3D"plain_line"> - bug fix: corrected validation regex for wildca=
rds like: `*.domain.com`</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.16-16.ipfire on 2024-11-18</div>
<div class=3D"plain_line"> rpz-make</div>
<div class=3D"plain_line"> - new feature: updated validation regex</div>
<div class=3D"plain_line"> - bug fix: moved validation to beginning of proc=
ess.  Now we validate before</div>
<div class=3D"plain_line"> creating config files.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: use CSS color variables of the ma=
in ipfire theme</div>
<div class=3D"plain_line"> - bug fix: empty zonefile remarks were stored as =
=E2=80=9Cundef=E2=80=9D and caused a warning</div>
<div class=3D"plain_line"> - bug fix: HTML textarea removes the first empty =
line in a custom list</div>
<div class=3D"plain_line"> - thank you Leo!</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.15-15.ipfire on 2024-11-04</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Turki=
sh (thank you Peppe)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-make</div>
<div class=3D"plain_line"> - bug fix: corrected empty allow/block list issu=
e.  An empty allow/block list</div>
<div class=3D"plain_line"> will now remove contents of allow/block.rpz file=
s and remove unneeded</div>
<div class=3D"plain_line"> allow/block.conf file.  (thank you iptom)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.14-14.ipfire on  2024-10-29</div>
<div class=3D"plain_line"> rpz-config:</div>
<div class=3D"plain_line"> - bug fix: correct missing rpz extension. `rpz-c=
onfig list` displayed URL</div>
<div class=3D"plain_line"> incorrectly (thank you Bernhard)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - bug fix: remove extra `"` in language files (t=
hank you Bernhard)</div>
<div class=3D"plain_line"> - new feature: slightly dim "apply" button when=
 not enabled</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.13-13.ipfire on 2024-10-27</div>
<div class=3D"plain_line"> - skipped</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.12-12.ipfire on 2024-10-21</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Frenc=
h  (thank you gw-ipfire)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.11-11.ipfire on 2024-10-18</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Itali=
an (thank you umberto)</div>
<div class=3D"plain_line"> - new feature: added new language file for Spani=
sh (thank you Roberto)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.10-10.ipfire on 2024-10-15</div>
<div class=3D"plain_line"> rpz-make:</div>
<div class=3D"plain_line"> - bug fix: corrected validation error for a cust=
om list entry (thank you siosios)</div>
<div class=3D"plain_line"> - e.g., `*.cloudflare-dns.com`</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> install.sh:</div>
<div class=3D"plain_line"> - bug fix: add chown to correct user created fil=
es</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> update.sh:</div>
<div class=3D"plain_line"> - bug fix: add chown to correct user created fil=
es (thank you siosios)</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.9-9.ipfire on 2024-10-08</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Germa=
n (thank you Leo)</div>
<div class=3D"plain_line"> - bug fix: add missing "rpz exitcode 110"</div>
<div class=3D"plain_line"> - bug fix: corrected missing RPZ menu item at me=
nu &gt; IPFire</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.8-8.ipfire on 2024-10-04</div>
<div class=3D"plain_line"> - skipped</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-beta-0.1.7-7.ipfire on 2024-10-03</div>
<div class=3D"plain_line"> All:</div>
<div class=3D"plain_line"> - new feature: includes beta version numbers for =
pakfire package,</div>
<div class=3D"plain_line"> instead of only `rpz-1.0.0-1.ipfire`, for each r=
elease.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new WebGUI at `rpz.cgi`</di=
v>
<div class=3D"plain_line"> - a BIG thank you to Leo Hofmann for all of his=
 work creating the webgui!!</div>
<div class=3D"plain_line"> - bug fix: corrected missing RPZ menu item at me=
nu &gt; IPFire</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-make:</div>
<div class=3D"plain_line"> - new feature: validate entries in allowlist and =
blocklist</div>
<div class=3D"plain_line"> - new feature: add "no-reload" option for WebGUI=
</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> rpz-metrics:</div>
<div class=3D"plain_line"> - new feature: info can be sorted by name, by hi=
t count, by line count, by</div>
<div class=3D"plain_line"> "enabled" list or all lists</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> backups:</div>
<div class=3D"plain_line"> - bug fix: include all files in `/var/ipfire/dns=
/rpz` directory in backup</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> update.sh:</div>
<div class=3D"plain_line"> - bug fix: corrected ownership for `/var/ipfire/=
dns/rpz` directory during an</div>
<div class=3D"plain_line"> update</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Build:</div>
<div class=3D"plain_line"> - bug fix: `block.rpz.conf` and `block.rpz` from =
build.  Files to be created</div>
<div class=3D"plain_line"> by `rpz-make`</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> WebGUI and German language file</div>
<div class=3D"plain_line"> Contribution-by: Leo-Andres Hofmann &lt;hofmann@=
leo-andres.de&gt;</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Spanish language file</div>
<div class=3D"plain_line"> Contribution-by: Roberto Pe=C3=B1a</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Italian language file</div>
<div class=3D"plain_line"> Contribution-by: Umberto Parma</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> French language file</div>
<div class=3D"plain_line"> Contribution-by: gw-ipfire</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Turkish language file</div>
<div class=3D"plain_line"> Contribution-by: Peppe Tech</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Contribution-by: Bernhard Bitsch &lt;bbitsch@ipf=
ire.org&gt;</div>
<div class=3D"plain_line"> Contribution-by: Erik Kapfer &lt;erik.kapfer@ipf=
ire.org&gt;</div>
<div class=3D"plain_line"> Signed-off-by: Jon Murphy &lt;jon.murphy@ipfire.=
org</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line"> config/backup/includes/rpz                 |   4 =
+</div>
<div class=3D"plain_line"> config/cfgroot/manualpages                 |   1 =
+</div>
<div class=3D"plain_line"> config/menu/EX-rpz.menu                    |   6 =
+</div>
<div class=3D"plain_line"> config/rootfiles/common/configroot         |   1 =
+</div>
<div class=3D"plain_line"> config/rootfiles/common/web-user-interface |   1 =
+</div>
<div class=3D"plain_line"> config/rootfiles/packages/rpz              |  20 =
+</div>
<div class=3D"plain_line"> config/rpz/00-rpz.conf                     |  10 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz-config                      | 130 =
+++</div>
<div class=3D"plain_line"> config/rpz/rpz-functions                   |  85 =
++</div>
<div class=3D"plain_line"> config/rpz/rpz-make                        | 203 =
+++++</div>
<div class=3D"plain_line"> config/rpz/rpz-metrics                     | 170 =
++++</div>
<div class=3D"plain_line"> config/rpz/rpz-sleep                       |  58 =
++</div>
<div class=3D"plain_line"> config/rpz/rpz.de.pl                       |  30 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz.en.pl                       |  30 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz.es.pl                       |  30 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz.fr.pl                       |  30 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz.it.pl                       |  30 =
+</div>
<div class=3D"plain_line"> config/rpz/rpz.tr.pl                       |  30 =
+</div>
<div class=3D"plain_line"> html/cgi-bin/rpz.cgi                       | 923 =
+++++++++++++++++++++</div>
<div class=3D"plain_line"> lfs/rpz                                    |  96 =
+++</div>
<div class=3D"plain_line"> make.sh                                    |   3 =
+-</div>
<div class=3D"plain_line"> src/paks/rpz/install.sh                    |  36 =
+</div>
<div class=3D"plain_line"> src/paks/rpz/uninstall.sh                  |  38 =
+</div>
<div class=3D"plain_line"> src/paks/rpz/update.sh                     |  52 =
++</div>
<div class=3D"plain_line"> 24 files changed, 2016 insertions(+), 1 deletion=
(-)</div>
<div class=3D"plain_line"> create mode 100644 config/backup/includes/rpz</d=
iv>
<div class=3D"plain_line"> create mode 100644 config/menu/EX-rpz.menu</div>
<div class=3D"plain_line"> create mode 100644 config/rootfiles/packages/rpz=
</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/00-rpz.conf</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-config</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-functions</div=
>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-make</div>
<div class=3D"plain_line"> create mode 100755 config/rpz/rpz-metrics</div>
<div class=3D"plain_line"> create mode 100755 config/rpz/rpz-sleep</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.de.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.en.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.es.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.fr.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.it.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.tr.pl</div>
<div class=3D"plain_line"> create mode 100644 html/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> create mode 100644 lfs/rpz</div>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/install.sh</div>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/uninstall.sh</di=
v>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/update.sh</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> diff --git a/config/backup/includes/rpz b/config=
/backup/includes/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..36513e494</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/backup/includes/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,4 @@</div>
<div class=3D"plain_line"> +/var/ipfire/dns/rpz/*</div>
<div class=3D"plain_line"> +/etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> +/etc/unbound/zonefiles/block.rpz</div>
<div class=3D"plain_line"> +/etc/unbound/local.d/*rpz.conf</div>
<div class=3D"plain_line"> diff --git a/config/cfgroot/manualpages b/config=
/cfgroot/manualpages</div>
<div class=3D"plain_line"> index 1f7e01efc..d3a48c633 100644</div>
<div class=3D"plain_line"> --- a/config/cfgroot/manualpages</div>
<div class=3D"plain_line"> +++ b/config/cfgroot/manualpages</div>
<div class=3D"plain_line"> @@ -70,6 +70,7 @@ pakfire.cgi=3Dconfiguration/ip=
fire/pakfire</div>
<div class=3D"plain_line"> wlanap.cgi=3Daddons/wireless</div>
<div class=3D"plain_line"> tor.cgi=3Daddons/tor</div>
<div class=3D"plain_line"> samba.cgi=3Daddons/samba</div>
<div class=3D"plain_line"> +rpz.cgi=3Daddons/rpz</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> # Logs menu</div>
<div class=3D"plain_line"> logs.cgi/summary.dat=3Dconfiguration/logs/summar=
y</div>
<div class=3D"plain_line"> diff --git a/config/menu/EX-rpz.menu b/config/me=
nu/EX-rpz.menu</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..2f4daf410</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/menu/EX-rpz.menu</div>
<div class=3D"plain_line"> @@ -0,0 +1,6 @@</div>
<div class=3D"plain_line"> +$subipfire-&gt;{'20.rpz'} =3D {</div>
<div class=3D"plain_line"> +    'caption' =3D&gt; $Lang::tr{'rpz'},</div>
<div class=3D"plain_line"> +    'uri' =3D&gt; '/cgi-bin/rpz.cgi',</div>
<div class=3D"plain_line"> +    'title' =3D&gt; "RPZ",</div>
<div class=3D"plain_line"> +    'enabled' =3D&gt; 1,</div>
<div class=3D"plain_line"> +};</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/common/configroot=
 b/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> index 9839eee45..b30d6aae4 100644</div>
<div class=3D"plain_line"> --- a/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> @@ -120,6 +120,7 @@ var/ipfire/menu.d/70-log.men=
u</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-apcupsd.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-guardian.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-mympd.menu</div>
<div class=3D"plain_line"> +#var/ipfire/menu.d/EX-rpz.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-samba.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-tor.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-transmission.menu</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/common/web-user-in=
terface b/config/rootfiles/common/web-user-interface</div>
<div class=3D"plain_line"> index 816241dae..e00464076 100644</div>
<div class=3D"plain_line"> --- a/config/rootfiles/common/web-user-interface=
</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/common/web-user-interface=
</div>
<div class=3D"plain_line"> @@ -69,6 +69,7 @@ srv/web/ipfire/cgi-bin/proxy.c=
gi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/qos.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/remote.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/routing.cgi</div>
<div class=3D"plain_line"> +#srv/web/ipfire/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> #srv/web/ipfire/cgi-bin/samba.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/services.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/shutdown.cgi</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/packages/rpz b/con=
fig/rootfiles/packages/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..1c8663049</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/packages/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,20 @@</div>
<div class=3D"plain_line"> +etc/unbound/local.d/00-rpz.conf</div>
<div class=3D"plain_line"> +etc/unbound/zonefiles</div>
<div class=3D"plain_line"> +etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> +usr/sbin/rpz-config</div>
<div class=3D"plain_line"> +usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +usr/sbin/rpz-make</div>
<div class=3D"plain_line"> +usr/sbin/rpz-metrics</div>
<div class=3D"plain_line"> +usr/sbin/rpz-sleep</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.de.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.en.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.es.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.fr.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.it.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.tr.pl</div>
<div class=3D"plain_line"> +var/ipfire/backup/addons/includes/rpz</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz/allowlist</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz/blocklist</div>
<div class=3D"plain_line"> +var/ipfire/menu.d/EX-rpz.menu</div>
<div class=3D"plain_line"> +srv/web/ipfire/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> diff --git a/config/rpz/00-rpz.conf b/config/rpz=
/00-rpz.conf</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..f005a4f2e</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/00-rpz.conf</div>
<div class=3D"plain_line"> @@ -0,0 +1,10 @@</div>
<div class=3D"plain_line"> +server:</div>
<div class=3D"plain_line"> +    module-config: "respip validator iterator"<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpz:</div>
<div class=3D"plain_line"> +    name:                    allow.rpz</div>
<div class=3D"plain_line"> +    zonefile:                /etc/unbound/zonef=
iles/allow.rpz</div>
<div class=3D"plain_line"> +    rpz-action-override:     passthru</div>
<div class=3D"plain_line"> +    rpz-log:                 yes</div>
<div class=3D"plain_line"> +    rpz-log-name:            allow</div>
<div class=3D"plain_line"> +    rpz-signal-nxdomain-ra:  yes</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-config b/config/rpz/=
rpz-config</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..c72d50f9b</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-config</div>
<div class=3D"plain_line"> @@ -0,0 +1,130 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024-2025  IPFire Team  &lt;in=
fo@ipfire.org&gt;                    #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-11 - v44"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############     Functions     #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +source /usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############       Main        #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzAction=3D"${1}"                    #  input=
 RPZ action</div>
<div class=3D"plain_line"> +rpzName=3D"${2}"                      #  input=
 RPZ name</div>
<div class=3D"plain_line"> +rpzURL=3D"${3}"                       #  input=
 RPZ URL</div>
<div class=3D"plain_line"> +rpzOption1=3D"${4}"                   #  input=
 RPZ option #1</div>
<div class=3D"plain_line"> +rpzOption2=3D"${5}"                   #  input=
 RPZ option #2</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzConfig=3D"/etc/unbound/local.d/${rpzName}.rp=
z.conf"    #  output zone conf file</div>
<div class=3D"plain_line"> +rpzFile=3D"/etc/unbound/zonefiles/${rpzName}.rp=
z"         #  output for RPZ file</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzLog=3D"yes"                        #  log de=
fault is yes</div>
<div class=3D"plain_line"> +ucReload=3D"yes"                      #  reload =
default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> +    case "$1" in</div>
<div class=3D"plain_line"> +        --no-log )      rpzLog=3D"no"   ;;</div=
>
<div class=3D"plain_line"> +        --no-reload )   ucReload=3D"no" ; check=
Conf=3D"no" ;;</div>
<div class=3D"plain_line"> +    esac</div>
<div class=3D"plain_line"> +    shift       # Shift after checking all the=
 cases to get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${rpzAction}" in</div>
<div class=3D"plain_line"> +    #  add new rpz list</div>
<div class=3D"plain_line"> +    add )</div>
<div class=3D"plain_line"> +        check_name "${rpzName}"             # =
 is this a valid name?</div>
<div class=3D"plain_line"> +        #  does this config already exist?  If=
 yes, then exit</div>
<div class=3D"plain_line"> +        if [[ -f "${rpzConfig}" ]] ; then</div>
<div class=3D"plain_line"> +            msg_log "error: rpz: duplicate - ${=
rpzConfig} already exists. exit"</div>
<div class=3D"plain_line"> +            exit 104</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  is this a valid URL?</div>
<div class=3D"plain_line"> +        regex=3D'^https://[-[:alnum:]\+&amp;@#/=
%?=3D~_|!:,.;]*[-[:alnum:]\+&amp;@#/%=3D~_|]'</div>
<div class=3D"plain_line"> +        if ! [[ "${rpzURL}" =3D~ $regex ]] ; th=
en</div>
<div class=3D"plain_line"> +            msg_log "error: rpz: the URL is not =
valid: \"${rpzURL}\". exit."</div>
<div class=3D"plain_line"> +            exit 105</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  create the zone config file</div>
<div class=3D"plain_line"> +        {</div>
<div class=3D"plain_line"> +        echo "rpz:"</div>
<div class=3D"plain_line"> +        echo "    name:                   ${rpz=
Name}.rpz"</div>
<div class=3D"plain_line"> +        echo "    zonefile:               ${rpz=
File}"</div>
<div class=3D"plain_line"> +        echo "    url:                    ${rpz=
URL}"</div>
<div class=3D"plain_line"> +        echo "    rpz-action-override:    nxdom=
ain"</div>
<div class=3D"plain_line"> +        echo "    rpz-log:                ${rpz=
Log}"</div>
<div class=3D"plain_line"> +        echo "    rpz-log-name:           ${rpz=
Name}"</div>
<div class=3D"plain_line"> +        echo "    rpz-signal-nxdomain-ra: yes"<=
/div>
<div class=3D"plain_line"> +        } &gt; "${rpzConfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  set-up zonefile</div>
<div class=3D"plain_line"> +        #    create an empty rpz file if it doe=
s not exist</div>
<div class=3D"plain_line"> +        if [[ ! -f "${rpzFile}" ]] ; then</div>
<div class=3D"plain_line"> +            touch "${rpzFile}"</div>
<div class=3D"plain_line"> +            #  unbound requires these settings=
 for rpz files</div>
<div class=3D"plain_line"> +            set_permissions "${rpzFile}" "${rpz=
Config}"</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  trash config file &amp; rpz file</div>
<div class=3D"plain_line"> +    remove )</div>
<div class=3D"plain_line"> +        if ! [[ -f "${rpzConfig}" ]] ; then</di=
v>
<div class=3D"plain_line"> +            msg_log "error: rpz: cannot remove=
 ${rpzConfig}, does not exist. exit"</div>
<div class=3D"plain_line"> +            exit 106</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        msg_log "info: rpz: remove config file=
 &amp; rpz file \"${rpzName}\""</div>
<div class=3D"plain_line"> +        rm "${rpzConfig}"</div>
<div class=3D"plain_line"> +        rm "${rpzFile}"</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    reload )</div>
<div class=3D"plain_line"> +        check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    list )</div>
<div class=3D"plain_line"> +        awk -F':' '/^\s*name:/{ gsub(/[[:blank:=
]]|\.rpz/, "",$2) ; NAME=3D$2 } \</div>
<div class=3D"plain_line"> +            /^\s*url:/{ gsub(/[[:blank:]]/, "") =
; print NAME"=3D"$2":"$3} '  \</div>
<div class=3D"plain_line"> +            /etc/unbound/local.d/*rpz.conf</div=
>
<div class=3D"plain_line"> +        exit</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    unbound-restart )</div>
<div class=3D"plain_line"> +        check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> +        unbound_restart</div>
<div class=3D"plain_line"> +        exit</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    * )</div>
<div class=3D"plain_line"> +        msg_log "error: rpz: missing or incorre=
ct parameter"</div>
<div class=3D"plain_line"> +        printf "Usage:   $(basename "$0") &lt;A=
CTION&gt; &lt;NAME&gt; &lt;URL&gt; &lt;OPTION&gt; &lt;OPTION&gt;\n"</div>
<div class=3D"plain_line"> +        printf "Version: ${version}\n"</div>
<div class=3D"plain_line"> +        exit 108</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload "${ucReload}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-functions b/config/r=
pz/rpz-functions</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ace1d2690</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-functions</div>
<div class=3D"plain_line"> @@ -0,0 +1,85 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2024-12-10 - v02"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############     Functions     #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log () {</div>
<div class=3D"plain_line"> +    logger --tag "${tagName}" "$*"</div>
<div class=3D"plain_line"> +    if tty --silent ; then</div>
<div class=3D"plain_line"> +        echo "${tagName}:" "$*"</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  check for a valid name</div>
<div class=3D"plain_line"> +check_name () {</div>
<div class=3D"plain_line"> +    local theName=3D"${1}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    regex=3D'^[a-zA-Z0-9_]+$'             # no=
 dash or plus, alpha numeric only</div>
<div class=3D"plain_line"> +    regex1=3D'^(allow|block)$'            # all=
ow and block are reserved NAMEs</div>
<div class=3D"plain_line"> +    if [[ ! "${theName}" =3D~ $regex ]] || [[ "=
${theName}" =3D~ $regex1 ]] ; then</div>
<div class=3D"plain_line"> +        msg_log "error: rpz: the NAME is not va=
lid: \"${theName}\". exit."</div>
<div class=3D"plain_line"> +        exit 101</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +set_permissions () {</div>
<div class=3D"plain_line"> +    chown nobody:nobody "$@"</div>
<div class=3D"plain_line"> +    chmod 644 "$@"</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +check_unbound_conf () {</div>
<div class=3D"plain_line"> +    local thecheckConf=3D"${1:-yes}"      #   c=
heck config default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  check the above config files</div>
<div class=3D"plain_line"> +    if [[ "${thecheckConf}" =3D=3D yes ]] ; the=
n</div>
<div class=3D"plain_line"> +        msg_log "info: rpz: check for errors wi=
th \"unbound-checkconf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        if ! unbound-checkconf ; then</div>
<div class=3D"plain_line"> +            msg_log "error: rpz: unbound-checkc=
onf found invalid configuration."</div>
<div class=3D"plain_line"> +            msg_log \</div>
<div class=3D"plain_line"> +              "error: rpz: In Terminal run the=
 command \"unbound-checkconf\" for more information. exit."</div>
<div class=3D"plain_line"> +            exit 102</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload () {</div>
<div class=3D"plain_line"> +    local theReload=3D"${1:-yes}"     #   reloa=
d default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    if [[ "${theReload}" =3D=3D yes ]] ; then</=
div>
<div class=3D"plain_line"> +        #  reload due to the changes</div>
<div class=3D"plain_line"> +        msg_log  "info: rpz: run \"unbound-cont=
rol reload\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        if ! unbound-control reload ; then</div=
>
<div class=3D"plain_line"> +            msg_log "error: rpz: unbound-contro=
l reload. exit."</div>
<div class=3D"plain_line"> +            exit 109</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_restart () {</div>
<div class=3D"plain_line"> +    #  restart due to the changes</div>
<div class=3D"plain_line"> +    msg_log  "info: rpz: run \"unbound restart\=
""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    /usr/local/bin/unboundctrl restart</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-make b/config/rpz/rp=
z-make</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..927d55170</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-make</div>
<div class=3D"plain_line"> @@ -0,0 +1,203 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024-2025  IPFire Team  &lt;in=
fo@ipfire.org&gt;                    #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-11 - v14"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############     Functions     #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +source /usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#   create the config file for allow</div>
<div class=3D"plain_line"> +make_allow_config () {</div>
<div class=3D"plain_line"> +    local theLog=3D"${1:-yes}"                 =
           #  log default ON</div>
<div class=3D"plain_line"> +    local theConfig=3D"/etc/unbound/local.d/00-=
rpz.conf"  #  output zone conf file</div>
<div class=3D"plain_line"> +    local theList=3D"/var/ipfire/dns/rpz/allowl=
ist"       #  input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    msg_log "info: rpz: make config file \"00-r=
pz.conf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    echo "server:</div>
<div class=3D"plain_line"> +    module-config: \"respip validator iterator\=
"" &gt; "${theConfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  does allow list exist?</div>
<div class=3D"plain_line"> +    if [[ -s "${theList}" ]] &amp;&amp; grep -q =
. "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    echo "rpz:</div>
<div class=3D"plain_line"> +    name:                   allow.rpz</div>
<div class=3D"plain_line"> +    zonefile:               /etc/unbound/zonefi=
les/allow.rpz</div>
<div class=3D"plain_line"> +    rpz-action-override:    passthru</div>
<div class=3D"plain_line"> +    rpz-log:                ${theLog}</div>
<div class=3D"plain_line"> +    rpz-log-name:           allow</div>
<div class=3D"plain_line"> +    rpz-signal-nxdomain-ra: yes" &gt;&gt; "${th=
eConfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  set-up zonefile - unbound requires these =
settings for rpz files</div>
<div class=3D"plain_line"> +    set_permissions "${theConfig}"</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#   create the config file for block</div>
<div class=3D"plain_line"> +make_block_config () {</div>
<div class=3D"plain_line"> +    local theLog=3D"${1:-yes}"                 =
               #  log default ON</div>
<div class=3D"plain_line"> +    local theConfig=3D"/etc/unbound/local.d/blo=
ck.rpz.conf"   #  output zone conf file</div>
<div class=3D"plain_line"> +    local theList=3D"/var/ipfire/dns/rpz/blockl=
ist"           #  input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    msg_log "info: rpz: make config file \"bloc=
k.rpz.conf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  does block list exist?</div>
<div class=3D"plain_line"> +    if [[ -s "${theList}" ]] &amp;&amp; grep -q =
. "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    echo "rpz:</div>
<div class=3D"plain_line"> +    name:                   block.rpz</div>
<div class=3D"plain_line"> +    zonefile:               /etc/unbound/zonefi=
les/block.rpz</div>
<div class=3D"plain_line"> +    rpz-action-override:    nxdomain</div>
<div class=3D"plain_line"> +    rpz-log:                ${theLog}</div>
<div class=3D"plain_line"> +    rpz-log-name:           block</div>
<div class=3D"plain_line"> +    rpz-signal-nxdomain-ra: yes" &gt; "${theCon=
fig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  set-up zonefile - unbound requires t=
hese settings for rpz files</div>
<div class=3D"plain_line"> +        set_permissions "${theConfig}"</div>
<div class=3D"plain_line"> +    else</div>
<div class=3D"plain_line"> +        #   no - trash the config file</div>
<div class=3D"plain_line"> +        rm --verbose /etc/unbound/local.d/block=
.rpz.conf</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#   create an RPZ file for allow or block</div>
<div class=3D"plain_line"> +make_rpz_file () {</div>
<div class=3D"plain_line"> +    local theName=3D"${1}"        #   allow or=
 block</div>
<div class=3D"plain_line"> +    local theAction=3D'.'         # the default =
is nxdomain or block</div>
<div class=3D"plain_line"> +    local actionList</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    local theList=3D"/var/ipfire/dns/rpz/${theN=
ame}list"         #  input custom list of domains</div>
<div class=3D"plain_line"> +    local theZonefile=3D"/etc/unbound/zonefiles=
/${theName}.rpz"  #  output file for RPZ</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  does a list exist?</div>
<div class=3D"plain_line"> +    if [[ -s "${theList}" ]] &amp;&amp; grep -q =
. "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        # for allow set to passthru</div>
<div class=3D"plain_line"> +        [[ "${theName}" =3D=3D allow ]] &amp;&a=
mp; theAction=3D'rpz-passthru.'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  drop any extra "blanks" and add "CNA=
ME &lt;RPZ action&gt;." to each line</div>
<div class=3D"plain_line"> +        actionList=3D$( awk '{$1=3D$1};1' "${th=
eList}" |</div>
<div class=3D"plain_line"> +            sed "/^[^;].*[[:alnum:]]/ s|$|  CNA=
ME   ${theAction}|" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        msg_log "info: rpz: create zonefile for =
\"${theName}list\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +echo "; Name:             ${theName} list</div>
<div class=3D"plain_line"> +; Last modified:    $(date "+%Y-%m-%d at %H.%M.=
%S %Z")</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +;   domains with actions list</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +${actionList}" &gt; "${theZonefile}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        #  set-up zonefile - unbound requires t=
hese settings for rpz files</div>
<div class=3D"plain_line"> +        set_permissions "${theZonefile}"</div>
<div class=3D"plain_line"> +        #  set-up allow/block list files</div>
<div class=3D"plain_line"> +        set_permissions "${theList}"</div>
<div class=3D"plain_line"> +    else</div>
<div class=3D"plain_line"> +        msg_log "info: rpz: the ${theList} is e=
mpty."</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        rm --verbose "${theZonefile}"   # trash =
the RPZ file</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#   check if allow/block list is valid</div>
<div class=3D"plain_line"> +validate_list () {</div>
<div class=3D"plain_line"> +    local theName=3D"${1}"        #   allow or=
 block</div>
<div class=3D"plain_line"> +    local theList=3D"/var/ipfire/dns/rpz/${theN=
ame}list"  #  input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + #   remove good:</div>
<div class=3D"plain_line"> + #    - properly formated domain names with or=
 without leading wildcard</div>
<div class=3D"plain_line"> + #    - properly formated top level domain (TLD=
) names with wildcard</div>
<div class=3D"plain_line"> + #    - blank lines and comment lines</div>
<div class=3D"plain_line"> + #   remaining lines are considered "bad"</div>
<div class=3D"plain_line"> +    bad_lines=3D$( sed --regexp-extended  \</di=
v>
<div class=3D"plain_line"> +        '/^(\*\.)?([a-zA-Z0-9](([a-zA-Z0-9\-]){=
0,61}[a-zA-Z0-9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9=
])$/d ;</div>
<div class=3D"plain_line"> +         /^(\*\.)([a-z]{2,61}|xn--[a-z0-9]{1,60=
})$/d ;</div>
<div class=3D"plain_line"> +         /^$/d ; /^;/d' "${theList}" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    if [[ ! -z "${bad_lines}" ]] ; then</div>
<div class=3D"plain_line"> +        msg_log "error: rpz: invalid line(s) in =
${theList}."</div>
<div class=3D"plain_line"> +        printf "%s\n" "bad line(s): ${bad_lines=
}"</div>
<div class=3D"plain_line"> +        exit 110</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############       Main        #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzName=3D"${1}"                      #  input=
 RPZ name</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzLog=3D"yes"                        #  log de=
fault is yes</div>
<div class=3D"plain_line"> +ucReload=3D"yes"                      #  reload =
default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> +    case "$1" in</div>
<div class=3D"plain_line"> +        --no-log )      rpzLog=3D"no"   ;;</div=
>
<div class=3D"plain_line"> +        --no-reload )   ucReload=3D"no" ;  chec=
kConf=3D"no" ;;</div>
<div class=3D"plain_line"> +    esac</div>
<div class=3D"plain_line"> +    shift       # Shift after checking all the=
 cases to get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${rpzName}" in</div>
<div class=3D"plain_line"> +    #  make a new allow or block rpz file</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    allow )</div>
<div class=3D"plain_line"> +        validate_list 'allow'           #   is=
 the allowlist valid?</div>
<div class=3D"plain_line"> +        make_allow_config "${rpzLog}"</div>
<div class=3D"plain_line"> +        make_rpz_file 'allow'</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    allowblock )</div>
<div class=3D"plain_line"> +        validate_list 'allow'           #   is=
 the list valid?</div>
<div class=3D"plain_line"> +        make_allow_config "${rpzLog}"</div>
<div class=3D"plain_line"> +        make_rpz_file 'allow'</div>
<div class=3D"plain_line"> +        ;&amp;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    block )</div>
<div class=3D"plain_line"> +        validate_list 'block'           #   is=
 the blocklist valid?</div>
<div class=3D"plain_line"> +        make_block_config "${rpzLog}"</div>
<div class=3D"plain_line"> +        make_rpz_file 'block'</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    reload )</div>
<div class=3D"plain_line"> +        check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    unbound-restart )</div>
<div class=3D"plain_line"> +        check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> + unbound_restart</div>
<div class=3D"plain_line"> + exit</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    * )</div>
<div class=3D"plain_line"> +        msg_log "error: rpz: missing or incorre=
ct parameter"</div>
<div class=3D"plain_line"> +        printf "Usage:   $(basename "$0") &lt;N=
AME&gt; &lt;OPTION&gt; &lt;OPTION&gt;\n"</div>
<div class=3D"plain_line"> +        printf "Version: ${version}\n"</div>
<div class=3D"plain_line"> +        exit 108</div>
<div class=3D"plain_line"> +        ;;</div>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload "${ucReload}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-metrics b/config/rpz=
/rpz-metrics</div>
<div class=3D"plain_line"> new file mode 100755</div>
<div class=3D"plain_line"> index 000000000..4d43e1629</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-metrics</div>
<div class=3D"plain_line"> @@ -0,0 +1,170 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-20 - v25"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############       Main        #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +weeks=3D"2"                   #   default to tw=
o message logs</div>
<div class=3D"plain_line"> +sortBy=3D"name"               #   default "by n=
ame"</div>
<div class=3D"plain_line"> +rpzActive=3D"enabled"         #   default "enab=
led only"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> +    case "$1" in</div>
<div class=3D"plain_line"> +        --by-names | --by-name | name ) sortBy=
=3D"name"   ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        --by-hits | --by-hit | hits | hit )    =
  sortBy=3D"hit"    ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        --by-lines | --by-line | lines | line )=
     sortBy=3D"line"   ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        --by-effect ) sortBy=3D"effect"   ;;</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        --enabled-only )             rpzActive=
=3D"enabled" ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        --active-all | --all | all )       rpzA=
ctive=3D"all"     ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        [0-9] | [0-9][0-9] )         weeks=3D$1=
        ;;</div>
<div class=3D"plain_line"> +    esac</div>
<div class=3D"plain_line"> +    shift       # Shift after checking all the=
 cases to get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get the list of message logs for N weeks</di=
v>
<div class=3D"plain_line"> +messageLogs=3D$( find /var/log/messages* -type=
 f | sort --version-sort |</div>
<div class=3D"plain_line"> +    head -"${weeks}" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get the list of RPZ names &amp; counts from=
 the message log(s)</div>
<div class=3D"plain_line"> +rpzNameCount=3D$( for logf in ${messageLogs} ;=
 do</div>
<div class=3D"plain_line"> +    zgrep --text --fixed-strings 'info: rpz: ap=
plied' "${logf}" |</div>
<div class=3D"plain_line"> +      awk '$10 ~ /\[\w*]/ { print $10 }' ;</div=
>
<div class=3D"plain_line"> +    done | sort | uniq --count )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  flip results and remove brackets `[` and `]`=
</div>
<div class=3D"plain_line"> +rpzNameCount=3D$( echo "${rpzNameCount}" |</div=
>
<div class=3D"plain_line"> +    awk '{ print $2, $1 }' |</div>
<div class=3D"plain_line"> +    sed --regexp-extended 's|^\[(.*)\]|\1|' )</=
div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  grab only names</div>
<div class=3D"plain_line"> +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ p=
rint $1 }' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get list of RPZ files</div>
<div class=3D"plain_line"> +rpzFileList=3D$( find /etc/unbound/zonefiles -t=
ype f -iname "*.rpz" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get basename of those files</div>
<div class=3D"plain_line"> +rpzBaseNames=3D$( echo "${rpzFileList}" |</div>
<div class=3D"plain_line"> +    sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz=
||g ;' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  add to rpzNames</div>
<div class=3D"plain_line"> +rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}"<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  drop duplicate names</div>
<div class=3D"plain_line"> +rpzNames=3D$( echo "${rpzNames}" | sort --uniqu=
e  )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get line count for each RPZ</div>
<div class=3D"plain_line"> +lineCount=3D$( echo "${rpzFileList}" | xargs wc =
-l )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get comment line count and blank line count=
 for each RPZ</div>
<div class=3D"plain_line"> +commentCount=3D$( echo "${rpzFileList}" | xargs =
grep --count -e "^$" -e "^;" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get modified date each RPZ</div>
<div class=3D"plain_line"> +modDateList=3D$( echo "${rpzFileList}" | xargs=
 stat -c '%.10y  %n' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +ucListAuthZones=3D$( unbound-control list_auth_=
zones )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  get width of RPZ names</div>
<div class=3D"plain_line"> +pWidth=3D$( echo "${rpzNames}" | awk '{ print $=
1"   " }' | wc -L )</div>
<div class=3D"plain_line"> +pFormat=3D"%-${pWidth}s %-8s %-8s %8s %12s %12s=
\n"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  print title line</div>
<div class=3D"plain_line"> +printf "${pFormat}" "name" "hits" "active" "lin=
es" " hits/line" "last download"</div>
<div class=3D"plain_line"> +printf -- "--------------"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +theResults=3D""</div>
<div class=3D"plain_line"> +totalLines=3D0</div>
<div class=3D"plain_line"> +totalHits=3D0</div>
<div class=3D"plain_line"> +while read -r theName</div>
<div class=3D"plain_line"> +do</div>
<div class=3D"plain_line"> +    printf -- "--"        #   pretend progress=
 bar</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  is this RPZ list active?</div>
<div class=3D"plain_line"> +    theActive=3D"disabled"</div>
<div class=3D"plain_line"> +    if grep --quiet "^${theName}\.rpz" &lt;&lt;=
&lt; "${ucListAuthZones}"</div>
<div class=3D"plain_line"> +    then</div>
<div class=3D"plain_line"> +        theActive=3D"enabled"</div>
<div class=3D"plain_line"> +    else</div>
<div class=3D"plain_line"> +        [[ "${rpzActive}" =3D=3D enabled ]] &am=
p;&amp; continue</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  get hit count</div>
<div class=3D"plain_line"> +    theHits=3D"0"</div>
<div class=3D"plain_line"> +    if output=3D$( grep "^${theName}\s" &lt;&lt=
;&lt; "${rpzNameCount}" ) ; then</div>
<div class=3D"plain_line"> +        theHits=3D$( echo "${output}" | awk '{=
 print $2 }' )</div>
<div class=3D"plain_line"> +        totalHits=3D$(( totalHits + theHits ))<=
/div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  get line count</div>
<div class=3D"plain_line"> +    theLines=3D"n/a"</div>
<div class=3D"plain_line"> +    hitsPerLine=3D"0"</div>
<div class=3D"plain_line"> +    if output=3D$( grep --fixed-strings "/${the=
Name}.rpz" &lt;&lt;&lt; "${lineCount}" ) ; then</div>
<div class=3D"plain_line"> +        theLines=3D$( echo "${output}" | awk '{ =
print $1 }' )</div>
<div class=3D"plain_line"> +        totalLines=3D$(( totalLines + theLines=
 ))</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +        if [[ "${theLines}" -gt 2 ]] ; then</di=
v>
<div class=3D"plain_line"> +            hitsPerLine=3D$(( 100 * theHits / t=
heLines ))</div>
<div class=3D"plain_line"> +        fi</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  get modification date</div>
<div class=3D"plain_line"> +    theModDate=3D"n/a"</div>
<div class=3D"plain_line"> +    if output=3D$( grep --fixed-strings "/${the=
Name}.rpz" &lt;&lt;&lt; "${modDateList}" ) ; then</div>
<div class=3D"plain_line"> +        theModDate=3D$( echo "${output}" | awk=
 '{ print $1 }' )</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  add to results list</div>
<div class=3D"plain_line"> +    theResults+=3D"${theName} ${theHits} ${theA=
ctive} ${theLines} ${hitsPerLine} ${theModDate}"$'\n'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +done &lt;&lt;&lt; "${rpzNames}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${sortBy}" in</div>
<div class=3D"plain_line"> +    #  sort by "active" then by "name"</div>
<div class=3D"plain_line"> +    name) sortArg=3D(-k3,3r -k1,1) ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  sort by "active" then by "hits" then by=
 "name"</div>
<div class=3D"plain_line"> +    hit)  sortArg=3D(-k3,3r -k2,2nr -k1,1) ;;</=
div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  sort by "active" then by "lines" then by =
"name"</div>
<div class=3D"plain_line"> +    line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;;</=
div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +    #  sort by "active" then by "effect" then b=
y "name"</div>
<div class=3D"plain_line"> +    effect) sortArg=3D(-k3,3r -k5,5nr -k1,1) ;;=
</div>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +printf -- "--------------\n"</div>
<div class=3D"plain_line"> +#  remove blank lines, sort, print as columns</=
div>
<div class=3D"plain_line"> +echo "${theResults}" |</div>
<div class=3D"plain_line"> +    awk '!/^[[:space:]]*$/' |</div>
<div class=3D"plain_line"> +    sort "${sortArg[@]}"    |</div>
<div class=3D"plain_line"> +    awk --assign=3Dwidth=3D"${pWidth}" \</div>
<div class=3D"plain_line"> +        '{ printf "%-*s %-8s %-8s %8s %10s %% %=
12s\n", width, $1, $2, $3, $4, $5, $6 }'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D"=
 "" "=3D=3D=3D=3D=3D=3D=3D=3D" "" ""</div>
<div class=3D"plain_line"> +printf "${pFormat}" "Totals --&gt;" "${totalHit=
s}" "" "${totalLines}" "" ""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-sleep b/config/rpz/r=
pz-sleep</div>
<div class=3D"plain_line"> new file mode 100755</div>
<div class=3D"plain_line"> index 000000000..dd3603599</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-sleep</div>
<div class=3D"plain_line"> @@ -0,0 +1,58 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2024-08-16"        # v05</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############     Functions     #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#   send message to message log</div>
<div class=3D"plain_line"> +msg_log () {</div>
<div class=3D"plain_line"> +    logger --tag "${tagName}" "$*"</div>
<div class=3D"plain_line"> +    if tty --silent ; then</div>
<div class=3D"plain_line"> +        echo "${tagName}:" "$*"</div>
<div class=3D"plain_line"> +    fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############       Main        #############=
##</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +sleepTime=3D"${1:-5m}"            #  default to =
sleep for 5m (5 minutes)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +zoneList=3D$( unbound-control list_auth_zones | =
awk '{print $1}' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +for zone in ${zoneList} ; do</div>
<div class=3D"plain_line"> +    printf "disable ${zone}\t"</div>
<div class=3D"plain_line"> +    unbound-control rpz_disable "${zone}"</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log "info: rpz: disabled all zones for ${sl=
eepTime}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +sleep "${sleepTime}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +for zone in ${zoneList} ; do</div>
<div class=3D"plain_line"> +    printf "enable ${zone}\t"</div>
<div class=3D"plain_line"> +    unbound-control rpz_enable "${zone}"</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log "info: rpz: enabled all zones"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.de.pl b/config/rpz/r=
pz.de.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..3770c6bb0</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.de.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  Added for Response Policy Zone (RPZ) add-on<=
/div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; '=C3=9Cbernehmen',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Benutzerdefinier=
te Allowlist aktivieren:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Zugelassene Domain=
s (eine pro Zeile)&lt;br&gt;Beispiel: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Benutzerdefinierte Allo=
wlist',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Benutzerdefinier=
te Blocklist aktivieren:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Gesperrte Domains=
 (eine pro Zeile)&lt;br&gt;Beispiel: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Benutzerdefinierte Bloc=
klist',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Benutzerdefinierte Listen',</=
div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'Der Name enth=C3=A4=
lt unzul=C3=A4ssige Zeichen',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
at eine fehlerhafte Konfiguration ermittelt. F=C3=BChren Sie das Kommando u=
nbound-checkconf auf der Konsole aus, um weitere Informationen zu erhalten.=
',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'Die benutzerdefinie=
rte Allow-/Blocklist ist leer',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'Ein Eintrag mit ide=
ntischem Namen existiert bereits',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'Die URL ist ung=C3=
=BCltig',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'Eintrag kann nicht=
 entfernt werden, der Name existiert nicht',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'Der Name ist ung=C3=
=BCltig - nur "allow" oder "block" m=C3=B6glich',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'Fehlende oder inkor=
rekte Parameter',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rel=
oad ist fehlgeschlagen',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'Die benutzerdefinie=
rte Allow-/Blocklist enth=C3=A4lt unzul=C3=A4ssige Eintr=C3=A4ge',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'Die Anmerkung enth=
=C3=A4lt unzul=C3=A4ssige Zeichen',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'Ung=C3=BCltiger Ein=
trag in der benutzerdefinierten Allowlist, Zeile ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'Ung=C3=BCltiger Ein=
trag in der benutzerdefinierten Blocklist, Zeile ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Ausgew=C3=A4hlter E=
intrag existiert nicht: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Zonendatei-Eintrag bea=
rbeiten',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importiert aus rpz-=
config)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Erlaubte Zeichen=
 sind a-z, A-Z, 0-9 und Unterstriche',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonendateien',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.en.pl b/config/rpz/r=
pz.en.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..0720a8940</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.en.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  Added for Response Policy Zone (RPZ) add-on<=
/div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Apply',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Enable custom al=
lowlist:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Allowed domains (o=
ne per line)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Custom allowlist',</div=
>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Enable custom bl=
ocklist:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Blocked domains (o=
ne per line)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Custom blocklist',</div=
>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Custom lists',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'the NAME is not val=
id',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf f=
ound invalid configuration. In the Terminal run the command unbound-checkco=
nf for more information',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'the allow/block lis=
t is empty',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicate - NAME al=
ready exists',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'the URL is not vali=
d',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'cannot remove the N=
AME does not exist',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'the NAME is not val=
id - "allow" or "block" only',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'missing or incorrec=
t parameter',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rel=
oad failed',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'custom Allowlist/Bl=
ocklist contains invalid entries',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'the REMARK is not v=
alid',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'invalid entry in al=
lowlist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'invalid entry in bl=
ocklist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Selected entry does =
not exist: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Edit zonefiles entry',=
</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(imported from rpz-c=
onfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Valid characters=
 are a-z, A-Z, 0-9 and underscore.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.es.pl b/config/rpz/r=
pz.es.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..98628e4aa</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.es.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  Added for Response Policy Zone (RPZ) add-on<=
/div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Zonas de pol=C3=ADtica de respue=
sta (RPZ)',</div>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Aplicar',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Habilitar la lis=
ta blanca personalizada:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Dominio permitido=
 (uno por l=C3=ADnea)&lt;br&gt;Ejemplo: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Lista blanca personaliz=
ada',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Habilitar la lis=
ta negra personalizada:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Dominio bloqueado=
 (uno por l=C3=ADnea)&lt;br&gt;Ejemplo: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Lista negra personaliza=
da',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Lista personalizada',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'El NOMBRE no es v=
=C3=A1lido',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
a encontrado una configuraci=C3=B3n no v=C3=A1lida. Desde Terminal, ejecute =
el comando unbound-checkconf para mayor informaci=C3=B3n',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'La lista de permiti=
dos/bloqueados est=C3=A1 vac=C3=ADa',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicado - NOMBRE=
 ya existe',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'la URL no es v=C3=
=A1lida',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'no es posible elimi=
nar el NOMBRE que no existe',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'el NOMBRE no es v=
=C3=A1lido - s=C3=B3lo "permitir" o "bloquear"',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'par=C3=A1metro falt=
ante o incorrecto',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'Error al recargar u=
nbound-control',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la Lista blanca/Lis=
ta negra personalizada contiene entradas no v=C3=A1lidas',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'el COMENTARIO no es =
v=C3=A1lido',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'entrada no v=C3=A1l=
ida en la lista blanca, l=C3=ADnea ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'entrada no v=C3=A1l=
ida en la lista negra, l=C3=ADnea ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'La entrada seleccio=
nada no existe: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Editar la entrada de a=
rchivos de zona',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importado de rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Los caracteres v=
=C3=A1lidos son a-z, A-Z, 0-9 y gui=C3=B3n bajo',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Archivos de zona',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.fr.pl b/config/rpz/r=
pz.fr.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..f35f3c2d0</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.fr.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  Added for Response Policy Zone (RPZ) add-on<=
/div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Appliquer',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Activer la liste =
d\'autorisations personnalis=C3=A9e:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Domaines autoris=
=C3=A9s (un par ligne)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Liste d\'autorisations=
 personnalis=C3=A9e',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Activer la liste =
de blocage personnalis=C3=A9e:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Domaines bloqu=C3=
=A9s (un par ligne)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'liste de blocage person=
nalis=C3=A9',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Listes personnalis=C3=A9es',<=
/div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'le NOM n\'est pas v=
alide',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf c=
onfiguration non valide trouv=C3=A9e. Dans le terminal, ex=C3=A9cutez la co=
mmande unbound-checkconf pour plus d\'informations',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'la liste autoriser/=
bloquer est vide',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'le NOM existe d=C3=
=A9j=C3=A0',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'L\'URL n\'est pas v=
alide',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'impossible de suppr=
imer le NOM n\'existe pas',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'le NOM n\'est pas v=
alide - =C2=AB autoriser =C2=BB ou =C2=AB bloquer =C2=BB seulement',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'param=C3=A8tre manq=
uant ou incorrect',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rec=
hargement =C3=A9chou=C3=A9',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la liste autoriser/=
bloquer contient des entr=C3=A9es non valides',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'la REMARQUE n\'est=
 pas valable',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'entr=C3=A9e non val=
ide dans la liste d\'autorisation, ligne ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'entr=C3=A9e non val=
ide dans la liste de blocs, ligne ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'L\'entr=C3=A9e s=C3=
=A9lectionn=C3=A9e n\'existe pas: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Modifier l\'entr=C3=A9=
e Fichiers Zone',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(import=C3=A9 de rpz=
-config)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Les caract=C3=A8r=
es valides sont a-z, A-Z, 0-9 et soulignement.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Fichiers Zone',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.it.pl b/config/rpz/r=
pz.it.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ee81605c9</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.it.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  Added for Response Policy Zone (RPZ) add-on<=
/div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Applica',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Abilita la White=
list personalizzata:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Domini consentiti=
 (uno per riga)&lt;br&gt;Esempio: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Whitelist personalizzat=
a',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Abilita la Black=
list personalizzata:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Domini bloccati (u=
no per riga)&lt;br&gt;Esempio: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Blacklist personalizzat=
a',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Liste personalizzate',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'il NOME non =C3=A8=
 valido',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
a trovato una configurazione non valida. Dal Terminale esegui il comando un=
bound-checkconf per maggiori informazioni',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'l\'elenco consentit=
i/bloccati =C3=A8 vuoto',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicato - NAME es=
iste di gi=C3=A0',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'l\'URL non =C3=A8 v=
alido',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'non =C3=A8 possibil=
e rimuovere il NOME non esiste',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'il NOME non =C3=A8=
 valido - solo "consenti" o "blocca"',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'parametro mancante=
 o non corretto',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'ricaricamento del c=
ontrollo non associato non riuscito',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la Whitelist/Blackl=
ist personalizzata contiene voci non valide',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'l"OSSERVAZIONE non =
=C3=A8 valida',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'voce non valida nel=
la Whitelist, riga ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'voce non valida nel=
la Blacklist, riga ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'La voce selezionata =
non esiste: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Modifica la voce dei f=
ile di zona',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importato da rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'I caratteri valid=
i sono a-z, A-Z, 0-9 e trattino basso',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.tr.pl b/config/rpz/r=
pz.tr.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..00226e192</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.tr.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +#  I=EF=BF=BDin eklendi Ayriyeten Response Poli=
cy Zone (RPZ)</div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Uygulamak',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; '=EF=BF=BDzel Etk=
inlestir allowlist:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Izin verilmis doma=
ins (satir basina bir)&lt;br&gt;=EF=BF=BDrnegin: domain.com, *.domain.com',=
</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Etkinlestir allowlist',=
</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; '=EF=BF=BDzel Etk=
inlestir blocklist:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Engellenmis domain=
s (satir basina bir)&lt;br&gt;=EF=BF=BDrnegin: domain.com, *.domain.com',</=
div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Engellenmis blocklist',=
</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Engellenmis lists',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'NAME ge=EF=BF=BDerl=
i degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf g=
e=EF=BF=BDersiz yapilandirma bulundu. Terminalde daha fazla bilgi i=EF=BF=
=BDin Unbound-checkConf komutunu =EF=BF=BDalistirin',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'allow/block liste b=
os',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'kopyalamak - NAME z=
aten var',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'URL ge=EF=BF=BDerli =
degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; '=EF=BF=BDikarilamiy=
or NAME yok',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'NAME ge=EF=BF=BDerl=
i degil - "allow" veya "block" yalniz',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'Parametre eksik vey=
a yanlis',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control bas=
arisiz',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'Engellenmis Allowli=
st/Blocklist ge=EF=BF=BDersiz girisler i=EF=BF=BDerir',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'REMARK ge=EF=BF=BDe=
rli degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'Ge=EF=BF=BDersiz gi=
ris allowlist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'Ge=EF=BF=BDersiz gi=
ris blocklist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Se=EF=BF=BDilen gir=
is yok: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'yazimlamak zonefiles g=
iris',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(ithal edildi rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Ge=EF=BF=BDerli k=
arakterler a-z, A-Z, 0-9ve alt=EF=BF=BDst.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/html/cgi-bin/rpz.cgi b/html/cgi-bin=
/rpz.cgi</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..a821c92ac</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/html/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> @@ -0,0 +1,923 @@</div>
<div class=3D"plain_line"> +#!/usr/bin/perl</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall          =
                               #</div>
<div class=3D"plain_line"> +# Copyright (C) 2005-2024  IPFire Team  &lt;inf=
o@ipfire.org&gt;                     #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify        #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by        #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or           #</div>
<div class=3D"plain_line"> +# (at your option) any later version.          =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful,             #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of              #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE.  See the               #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details. =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License           #</div>
<div class=3D"plain_line"> +# along with this program.  If not, see &lt;htt=
p://www.gnu.org/licenses/&gt;.       #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +use strict;</div>
<div class=3D"plain_line"> +use Scalar::Util qw(looks_like_number);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# debugging</div>
<div class=3D"plain_line"> +#use warnings;</div>
<div class=3D"plain_line"> +#use CGI::Carp 'fatalsToBrowser';</div>
<div class=3D"plain_line"> +#use Data::Dumper;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +require '/var/ipfire/general-functions.pl';</di=
v>
<div class=3D"plain_line"> +require "${General::swroot}/lang.pl";</div>
<div class=3D"plain_line"> +require "${General::swroot}/header.pl";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Extra HTML ---###</div>
<div class=3D"plain_line"> +my $extraHead =3D &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;style&gt;</div>
<div class=3D"plain_line"> + /* alternating row background */</div>
<div class=3D"plain_line"> + .tbl tr:nth-child(2n+2) {</div>
<div class=3D"plain_line"> + background-color: var(--color-light-grey);</di=
v>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + .tbl tr:nth-child(2n+3) {</div>
<div class=3D"plain_line"> + background-color: var(--color-grey);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + /* text styles */</div>
<div class=3D"plain_line"> + .tbl th:not(:last-child) {</div>
<div class=3D"plain_line"> + text-align: left;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + div.right {</div>
<div class=3D"plain_line"> + text-align: right;</div>
<div class=3D"plain_line"> + margin-top: 0.5em;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + /* customlist input */</div>
<div class=3D"plain_line"> + textarea.domainlist {</div>
<div class=3D"plain_line"> + margin: 0.5em 0;</div>
<div class=3D"plain_line"> + resize: vertical;</div>
<div class=3D"plain_line"> + min-height: 10em;</div>
<div class=3D"plain_line"> + overflow: auto;</div>
<div class=3D"plain_line"> + white-space: pre;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + button[type=3Dsubmit]:disabled {</div>
<div class=3D"plain_line"> + opacity: 0.6;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +&lt;/style&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +###--- End of extra HTML ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +### Settings ###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Request DNS service reload after configuratio=
n change</div>
<div class=3D"plain_line"> +my $RPZ_RELOAD_FLAG =3D "${General::swroot}/dns=
/rpz/reload.flag";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Configuration file for all available zonefile=
s</div>
<div class=3D"plain_line"> +# Format: index, name (unique), enabled (on/off=
), URL, remark</div>
<div class=3D"plain_line"> +my $ZONEFILES_CONF =3D "${General::swroot}/dns/=
rpz/zonefiles.conf";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Configuration file for custom lists</div>
<div class=3D"plain_line"> +# IDs: 0=3Dallowlist, 1=3Dblocklist, 2=3Doption=
s (allow/block enabled)</div>
<div class=3D"plain_line"> +my $CUSTOMLISTS_CONF =3D "${General::swroot}/dn=
s/rpz/customlists.conf";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Export custom lists to rpz-config</div>
<div class=3D"plain_line"> +my $RPZ_ALLOWLIST =3D "${General::swroot}/dns/r=
pz/allowlist";</div>
<div class=3D"plain_line"> +my $RPZ_BLOCKLIST =3D "${General::swroot}/dns/r=
pz/blocklist";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +### Preparation ###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Create missing config files</div>
<div class=3D"plain_line"> +unless(-f $ZONEFILES_CONF) { &amp;General::syst=
em('touch', "$ZONEFILES_CONF"); }</div>
<div class=3D"plain_line"> +unless(-f $CUSTOMLISTS_CONF) { &amp;General::sy=
stem('touch', "$CUSTOMLISTS_CONF"); }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global gui data</div>
<div class=3D"plain_line"> +my $errormessage =3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global configuration data</div>
<div class=3D"plain_line"> +my %zonefiles =3D ();</div>
<div class=3D"plain_line"> +my %customlists =3D ();</div>
<div class=3D"plain_line"> +&amp;_zonefiles_load();</div>
<div class=3D"plain_line"> +&amp;_customlists_load();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global CGI form data</div>
<div class=3D"plain_line"> +my %cgiparams =3D ();</div>
<div class=3D"plain_line"> +&amp;Header::getcgihash(\%cgiparams);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +my $action =3D $cgiparams{'ACTION'} // 'NONE';<=
/div>
<div class=3D"plain_line"> +my $action_key =3D $cgiparams{'KEY'} // ''; # e=
ntry being edited, empty =3D none/new</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Process form actions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Zonefiles action: Check whether the requested =
entry exists</div>
<div class=3D"plain_line"> +if((substr($action, 0, 3) eq 'ZF_') &amp;&amp;=
 ($action_key)) {</div>
<div class=3D"plain_line"> + unless(defined $zonefiles{$action_key}) {</div=
>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(204, $act=
ion_key);</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Perform actions</div>
<div class=3D"plain_line"> +if($action eq 'ZF_SAVE') { ## Save new or modif=
ied zonefiles entry</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_save()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE'; # success, return to main=
 page</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $action =3D 'ZF_EDIT'; # error occured, keep e=
diting</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'ZF_TOGGLE') { ## Toggle on/=
off</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_toggle()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'ZF_REMOVE') { ## Remove ent=
ry</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_remove()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'CL_SAVE') { ## Save custom=
 lists</div>
<div class=3D"plain_line"> + if(&amp;_action_cl_save()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'RPZ_RELOAD') { ## Reload dn=
s configuration</div>
<div class=3D"plain_line"> + if(&amp;_action_rpz_reload()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'UNB_RESTART') { ## Restart=
 unbound service</div>
<div class=3D"plain_line"> + if(&amp;_action_unb_restart()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Start GUI ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Start http output</div>
<div class=3D"plain_line"> +&amp;Header::showhttpheaders();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Start HTML</div>
<div class=3D"plain_line"> +&amp;Header::openpage($Lang::tr{'rpz'}, 1, $ext=
raHead);</div>
<div class=3D"plain_line"> +&amp;Header::openbigbox('100%', 'left', '');</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show error messages</div>
<div class=3D"plain_line"> +if($errormessage) {</div>
<div class=3D"plain_line"> + &amp;_print_message($errormessage);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Handle zonefile add/edit mode</div>
<div class=3D"plain_line"> +if($action eq "ZF_EDIT") {</div>
<div class=3D"plain_line"> + &amp;_print_zonefile_editor();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Finalize page and exit cleanly</div>
<div class=3D"plain_line"> + &amp;Header::closebigbox();</div>
<div class=3D"plain_line"> + &amp;Header::closepage();</div>
<div class=3D"plain_line"> + exit(0);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show gui elements</div>
<div class=3D"plain_line"> +&amp;_print_zonefiles();</div>
<div class=3D"plain_line"> +&amp;_print_customlists();</div>
<div class=3D"plain_line"> +&amp;_print_gui_extras();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&amp;Header::closebigbox();</div>
<div class=3D"plain_line"> +&amp;Header::closepage();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- End of GUI ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal configuration file functions --=
-###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Load all available zonefiles from rpz-config=
 and the internal configuration</div>
<div class=3D"plain_line"> +sub _zonefiles_load {</div>
<div class=3D"plain_line"> + # Clean start</div>
<div class=3D"plain_line"> + %zonefiles =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Source 1: Get the currently enabled zonefile=
s from rpz-config (expected format [name]=3D[URL])</div>
<div class=3D"plain_line"> + my @enabled_files =3D &amp;General::system_out=
put('/usr/sbin/rpz-config', 'list');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $row (@enabled_files) {</div>
<div class=3D"plain_line"> + chomp($row);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Use regex instead of split() to skip non-mat=
ching lines</div>
<div class=3D"plain_line"> + next unless($row =3D~ /^(\w+)=3D(.+)$/);</div>
<div class=3D"plain_line"> + my ($name, $url) =3D ($1, $2);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Unique names are already guaranteed by rpz-c=
onfig</div>
<div class=3D"plain_line"> + if(&amp;_rpz_validate_zonefile($name, $url, ''=
, 0) =3D=3D 0) {</div>
<div class=3D"plain_line"> + # Populate global data hash, mark all found en=
tries as enabled</div>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; 'on',</div>
<div class=3D"plain_line"> + 'url' =3D&gt; $url,</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $Lang::tr{'rpz zf imported'})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Source 2: Get additional data and disabled e=
ntries from configuration file</div>
<div class=3D"plain_line"> + my %configured_files =3D ();</div>
<div class=3D"plain_line"> + &amp;General::readhasharray($ZONEFILES_CONF, \=
%configured_files);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $row (values (%configured_files)) {=
</div>
<div class=3D"plain_line"> + my ($name, $enabled, $url, $remark) =3D @$row;=
</div>
<div class=3D"plain_line"> + $remark //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + next unless($name);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check whether this row belongs to an entry a=
lready imported from rpz-config</div>
<div class=3D"plain_line"> + if(defined $zonefiles{$name}) {</div>
<div class=3D"plain_line"> + # Existing entry, only merge additional data</=
div>
<div class=3D"plain_line"> + $zonefiles{$name}{'remark'} =3D $remark;</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + # Skip entry if it is marked as enabled but no=
t found by rpz-config. It was then deleted manually</div>
<div class=3D"plain_line"> + if($enabled ne 'on') {</div>
<div class=3D"plain_line"> + # Populate global data hash</div>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; 'off',</div>
<div class=3D"plain_line"> + 'url' =3D&gt; $url // "",</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $remark);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save internal zonefiles configuration</div>
<div class=3D"plain_line"> +sub _zonefiles_save_conf {</div>
<div class=3D"plain_line"> + my $index =3D 0;</div>
<div class=3D"plain_line"> + my %export =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Loop trough all zonefiles and create "hashar=
ray" type export</div>
<div class=3D"plain_line"> + foreach my $name (keys %zonefiles) {</div>
<div class=3D"plain_line"> + my @entry =3D ($name,</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'enabled'},</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'url'},</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'remark'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $export{$index++} =3D \@entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;General::writehasharray($ZONEFILES_CONF,=
 \%export);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Load custom lists from rpz-config and the int=
ernal configuration</div>
<div class=3D"plain_line"> +sub _customlists_load {</div>
<div class=3D"plain_line"> + # Clean start</div>
<div class=3D"plain_line"> + %customlists =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Load configuration file</div>
<div class=3D"plain_line"> + my %lists_conf =3D ();</div>
<div class=3D"plain_line"> + &amp;General::readhasharray($CUSTOMLISTS_CONF, =
\%lists_conf);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Get list options, enabled by default to star=
t import</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'enabled'} =3D $lists_co=
nf{2}[0] // 'on';</div>
<div class=3D"plain_line"> + $customlists{'block'}{'enabled'} =3D $lists_co=
nf{2}[1] // 'on';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Import enabled list from rpz-config, otherwi=
se retrieve stored or empty list from configuration file</div>
<div class=3D"plain_line"> + if($customlists{'allow'}{'enabled'} eq 'on') {=
</div>
<div class=3D"plain_line"> + &amp;_customlist_import('allow', $RPZ_ALLOWLIS=
T);</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'list'} =3D $lists_conf{=
0} // [];</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + if($customlists{'block'}{'enabled'} eq 'on') {=
</div>
<div class=3D"plain_line"> + &amp;_customlist_import('block', $RPZ_BLOCKLIS=
T);</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $customlists{'block'}{'list'} =3D $lists_conf{=
1} // [];</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save internal custom lists configuration</div=
>
<div class=3D"plain_line"> +sub _customlists_save_conf {</div>
<div class=3D"plain_line"> + my %export =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Match IDs with import function</div>
<div class=3D"plain_line"> + $export{0} =3D $customlists{'allow'}{'list'};<=
/div>
<div class=3D"plain_line"> + $export{1} =3D $customlists{'block'}{'list'};<=
/div>
<div class=3D"plain_line"> + $export{2} =3D [$customlists{'allow'}{'enabled=
'}, $customlists{'block'}{'enabled'}];</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;General::writehasharray($CUSTOMLISTS_CONF=
, \%export);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Import a custom list from plain file, returns =
empty list if file is missing</div>
<div class=3D"plain_line"> +sub _customlist_import {</div>
<div class=3D"plain_line"> + my ($listname, $filename) =3D @_;</div>
<div class=3D"plain_line"> + my @list =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # File exists, load and check all lines</div>
<div class=3D"plain_line"> + if(-f $filename) {</div>
<div class=3D"plain_line"> + open(my $FH, '&lt;', $filename) or die "Can't=
 read $filename: $!";</div>
<div class=3D"plain_line"> + while(my $line =3D &lt;$FH&gt;) {</div>
<div class=3D"plain_line"> + chomp($line);</div>
<div class=3D"plain_line"> + push(@list, $line);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + close($FH);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Clean up imported data</div>
<div class=3D"plain_line"> + &amp;_rpz_validate_customlist(\@list, 1);</div=
>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $customlists{$listname}{'list'} =3D \@list;</d=
iv>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Export a custom list to plain file or clear f=
ile if list is disabled</div>
<div class=3D"plain_line"> +sub _customlist_export {</div>
<div class=3D"plain_line"> + my ($listname, $filename) =3D @_;</div>
<div class=3D"plain_line"> + return unless(defined $customlists{$listname})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Write enabled domain list to file, otherwise =
save empty file</div>
<div class=3D"plain_line"> + open(my $FH, '&gt;', $filename) or die "Can't=
 write $filename: $!";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if($customlists{$listname}{'enabled'} eq 'on') =
{</div>
<div class=3D"plain_line"> + foreach my $line (@{$customlists{$listname}{'l=
ist'}}) {</div>
<div class=3D"plain_line"> + print $FH "$line\n";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + print $FH "; Note: This list is currently disa=
bled by $ENV{'SCRIPT_NAME'}\n";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + close($FH);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal gui functions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show simple message box</div>
<div class=3D"plain_line"> +sub _print_message {</div>
<div class=3D"plain_line"> + my ($message, $title) =3D @_;</div>
<div class=3D"plain_line"> + $title ||=3D $Lang::tr{'error messages'};</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $title);<=
/div>
<div class=3D"plain_line"> + print "&lt;span&gt;$message&lt;/span&gt;";</di=
v>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show all zone files and related gui elements<=
/div>
<div class=3D"plain_line"> +sub _print_zonefiles {</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz zf'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;table class=3D"tbl" width=3D"100%"&gt;</div=
>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;$Lang::tr{'name'}&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;URL&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;$Lang::tr{'remark'}&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th colspan=3D"3"&gt;$Lang::tr{'action'}&lt=
;/th&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Sort zonefiles by name and loop trough all e=
ntries</div>
<div class=3D"plain_line"> + foreach my $name (sort keys %zonefiles) {</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Toggle button label translation</div>
<div class=3D"plain_line"> + my $toggle_tr =3D ($zonefiles{$name}{'enabled'=
} eq 'on') ? $Lang::tr{'click to disable'} : $Lang::tr{'click to enable'};<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;$name&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;$zonefiles{$name}{'url'}&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;td&gt;$zonefiles{$name}{'remark'}&lt;/td&g=
t;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_TOGGLE"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/$zonef=
iles{$name}{'enabled'}.gif" title=3D"$toggle_tr" alt=3D"$toggle_tr"&gt;</di=
v>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_EDIT"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/edit.g=
if" title=3D"$Lang::tr{'edit'}" alt=3D"$Lang::tr{'edit'}"&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_REMOVE"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/delete=
.gif" title=3D"$Lang::tr{'remove'}" alt=3D"$Lang::tr{'remove'}"&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Disable reload button if not needed</div>
<div class=3D"plain_line"> + my $reload_state =3D &amp;_rpz_needs_reload()=
 ? "" : " disabled";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&lt;div class=3D"right"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D""&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"ZF_EDIT"&gt;$Lang::tr{'add'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"RPZ_RELOAD" class=3D"commit"$reload_state&gt;$Lang::tr{'rpz apply'}&l=
t;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> +&lt;/div&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show zonefiles entry editor</div>
<div class=3D"plain_line"> +sub _print_zonefile_editor {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Key specified: Edit existing entry</div>
<div class=3D"plain_line"> + if(($action_key) &amp;&amp; (defined $zonefile=
s{$action_key})) {</div>
<div class=3D"plain_line"> + # Load data to be edited, but don't override a=
lready present values (allows user to edit after error)</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_NAME'} //=3D $action_key;</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_URL'} //=3D $zonefiles{$action_=
key}{'url'};</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_REMARK'} //=3D $zonefiles{$acti=
on_key}{'remark'};</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Fallback to empty form</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_NAME'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_URL'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_REMARK'} //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz zf editor'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;form method=3D"post" action=3D"$ENV{'SCRIPT=
_NAME'}"&gt;</div>
<div class=3D"plain_line"> +&lt;input type=3D"hidden" name=3D"KEY" value=3D=
"$action_key"&gt;</div>
<div class=3D"plain_line"> +&lt;table width=3D"100%"&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;$Lang::tr{'name'}:&amp=
;nbsp;&lt;img src=3D"/blob.gif" alt=3D"*"&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"text" name=3D"ZF_N=
AME" value=3D"$cgiparams{'ZF_NAME'}" size=3D"40" maxlength=3D"32" title=3D"=
$Lang::tr{'rpz zf remark info'}" pattern=3D"[a-zA-Z0-9_]{1,32}" required&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;URL:&amp;nbsp;&lt;img=
 src=3D"/blob.gif" alt=3D"*"&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"url" name=3D"ZF_UR=
L" value=3D"$cgiparams{'ZF_URL'}" size=3D"40" maxlength=3D"128" required&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;$Lang::tr{'remark'}:&l=
t;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"text" name=3D"ZF_R=
EMARK" value=3D"$cgiparams{'ZF_REMARK'}" size=3D"40" maxlength=3D"32"&gt;&l=
t;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;hr&gt;&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"55%"&gt;&lt;img src=3D"/blob.g=
if" alt=3D"*"&gt;&amp;nbsp;$Lang::tr{'required field'}&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"right"&gt;&lt;button type=3D"s=
ubmit" name=3D"ACTION" value=3D"ZF_SAVE"&gt;$Lang::tr{'save'}&lt;/button&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +&lt;/form&gt;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&lt;div class=3D"right"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"NONE"&gt;$Lang::tr{'back'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> +&lt;/div&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show custom allow/block files and related gui =
elements</div>
<div class=3D"plain_line"> +sub _print_customlists {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Load lists from config, unless they are curr=
ently being edited</div>
<div class=3D"plain_line"> + if($action ne 'CL_SAVE') {</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_LIST'} =3D join("\n", @{$cus=
tomlists{'allow'}{'list'}});</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_LIST'} =3D join("\n", @{$cus=
tomlists{'block'}{'list'}});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_ENABLED'} =3D ($customlists{=
'allow'}{'enabled'} eq 'on') ? 'on' : undef;</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_ENABLED'} =3D ($customlists{=
'block'}{'enabled'} eq 'on') ? 'on' : undef;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Fallback to empty form</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_LIST'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_LIST'} //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # HTML checkboxes, unchecked =3D no or undef v=
alue in POST data</div>
<div class=3D"plain_line"> + my %checked =3D ();</div>
<div class=3D"plain_line"> + $checked{'ALLOW_ENABLED'} =3D (defined $cgipar=
ams{'ALLOW_ENABLED'}) ? " checked" : "";</div>
<div class=3D"plain_line"> + $checked{'BLOCK_ENABLED'} =3D (defined $cgipar=
ams{'BLOCK_ENABLED'}) ? " checked" : "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Disable reload button if not needed</div>
<div class=3D"plain_line"> + my $reload_state =3D &amp;_rpz_needs_reload()=
 ? "" : " disabled";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz cl'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;form method=3D"post" action=3D"$ENV{'SCRIPT=
_NAME'}"&gt;</div>
<div class=3D"plain_line"> +&lt;table width=3D"100%"&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;b&gt;$Lang::tr{'rp=
z cl allow'}&lt;/b&gt;&lt;br&gt;$Lang::tr{'rpz cl allow info'}&lt;/td&gt;</=
div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;b&gt;$Lang::tr{'rp=
z cl block'}&lt;/b&gt;&lt;br&gt;$Lang::tr{'rpz cl block info'}&lt;/td&gt;</=
div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;textarea name=3D"A=
LLOW_LIST" class=3D"domainlist" cols=3D"45"&gt;</div>
<div class=3D"plain_line"> +$cgiparams{'ALLOW_LIST'}&lt;/textarea&gt;&lt;/t=
d&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;textarea name=3D"B=
LOCK_LIST" class=3D"domainlist" cols=3D"45"&gt;</div>
<div class=3D"plain_line"> +$cgiparams{'BLOCK_LIST'}&lt;/textarea&gt;&lt;/t=
d&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;label for=3D"allow_enabled"&gt;$=
Lang::tr{'rpz cl allow enable'}&lt;/label&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"15%"&gt;&lt;input type=3D"chec=
kbox" name=3D"ALLOW_ENABLED" id=3D"allow_enabled"$checked{'ALLOW_ENABLED'}&=
gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;label for=3D"block_enabled"&gt;$=
Lang::tr{'rpz cl block enable'}&lt;/label&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"15%"&gt;&lt;input type=3D"chec=
kbox" name=3D"BLOCK_ENABLED" id=3D"block_enabled"$checked{'BLOCK_ENABLED'}&=
gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"4"&gt;&lt;hr&gt;&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"right" colspan=3D"4"&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"CL_SAVE"&gt;$Lang::tr{'save'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"RPZ_RELOAD" class=3D"commit"$reload_state&gt;$Lang::tr{'rpz apply'}&l=
t;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +&lt;/form&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Output javascript and extra gui elements</div=
>
<div class=3D"plain_line"> +sub _print_gui_extras {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Apply/Restart button modifier key handler</d=
iv>
<div class=3D"plain_line"> + if(&amp;_rpz_needs_reload()) {</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;script&gt;</div>
<div class=3D"plain_line"> + // Commit modifier key handler</div>
<div class=3D"plain_line"> + (function(jq, document) {</div>
<div class=3D"plain_line"> + var keyEventsOn =3D false; // Keyboard events=
 attached</div>
<div class=3D"plain_line"> + var keyModify =3D false; // Modifier key press=
ed</div>
<div class=3D"plain_line"> + var mouseHover =3D false; // Mouse over commit =
button</div>
<div class=3D"plain_line"> + var btnModified =3D false; // Button modified=
 to "Restart"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Document-level key events, enable only whil=
e cursor is over button</div>
<div class=3D"plain_line"> + function attachKeyEvents() {</div>
<div class=3D"plain_line"> + if(keyEventsOn) {</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + keyEventsOn =3D true;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + jq(document).on("keydown.rpz", function(event) =
{</div>
<div class=3D"plain_line"> + if((!keyModify) &amp;&amp; event.shiftKey) {</=
div>
<div class=3D"plain_line"> + keyModify =3D true;</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + jq(document).on("keyup.rpz", function(event) {=
</div>
<div class=3D"plain_line"> + if(keyModify &amp;&amp; (!event.shiftKey)) {</=
div>
<div class=3D"plain_line"> + keyModify =3D false;</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + function removeKeyEvents() {</div>
<div class=3D"plain_line"> + keyModify =3D false;</div>
<div class=3D"plain_line"> + if(keyEventsOn) {</div>
<div class=3D"plain_line"> + jq(document).off("keydown.rpz keyup.rpz");</di=
v>
<div class=3D"plain_line"> + keyEventsOn =3D false;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Attach mouse hover events to commit buttons=
</div>
<div class=3D"plain_line"> + function attachMouseEvents() {</div>
<div class=3D"plain_line"> + jq("button.commit").on("mouseenter", function(=
event) {</div>
<div class=3D"plain_line"> + if(!mouseHover) {</div>
<div class=3D"plain_line"> + mouseHover =3D true;</div>
<div class=3D"plain_line"> + attachKeyEvents();</div>
<div class=3D"plain_line"> + // Handle already pressed key</div>
<div class=3D"plain_line"> + keyModify =3D !!(event.shiftKey);</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Cursor moved away: Disable key listener to=
 minimize events</div>
<div class=3D"plain_line"> + jq("button.commit").on("mouseleave", function(=
) {</div>
<div class=3D"plain_line"> + if(mouseHover) {</div>
<div class=3D"plain_line"> + mouseHover =3D false;</div>
<div class=3D"plain_line"> + removeKeyEvents();</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Modify commit button</div>
<div class=3D"plain_line"> + function handleModify() {</div>
<div class=3D"plain_line"> + let modify =3D mouseHover &amp;&amp; keyModify=
;</div>
<div class=3D"plain_line"> + if(btnModified !=3D modify) {</div>
<div class=3D"plain_line"> + if(modify) {</div>
<div class=3D"plain_line"> + jq("button.commit").text("$Lang::tr{'restart'}=
").val("UNB_RESTART");</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + jq("button.commit").text("$Lang::tr{'rpz apply=
'}").val("RPZ_RELOAD");</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + btnModified =3D modify;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // jQuery DOM ready</div>
<div class=3D"plain_line"> + jq(function() {</div>
<div class=3D"plain_line"> + attachMouseEvents();</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + })(jQuery, document);</div>
<div class=3D"plain_line"> +&lt;/script&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> + } # End of modifier key handler</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal action processing functions ---=
###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Toggle zonefile on/off</div>
<div class=3D"plain_line"> +sub _action_zf_toggle {</div>
<div class=3D"plain_line"> + return unless(defined $zonefiles{$action_key})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> + my $enabled =3D $zonefiles{$action_key}{'enabl=
ed'};</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform toggle action</div>
<div class=3D"plain_line"> + if($enabled eq 'on') {</div>
<div class=3D"plain_line"> + $enabled =3D 'off';</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'remove', $action_key, '--no-reload');</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $enabled =3D 'on';</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'add', $action_key, $zonefiles{$action_key}{'url'}, '--no-reload=
');</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Save changes</div>
<div class=3D"plain_line"> + $zonefiles{$action_key}{'enabled'} =3D $enable=
d;</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Remove zonefile</div>
<div class=3D"plain_line"> +sub _action_zf_remove {</div>
<div class=3D"plain_line"> + return unless(defined $zonefiles{$action_key})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from rpz-config if currently active</=
div>
<div class=3D"plain_line"> + if($zonefiles{$action_key}{'enabled'} eq 'on') =
{</div>
<div class=3D"plain_line"> + my $result =3D &amp;General::system('/usr/sbin=
/rpz-config', 'remove', $action_key, '--no-reload');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from data hash and save changes</div>
<div class=3D"plain_line"> + delete $zonefiles{$action_key};</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Clear action_key, as the entry is now remove=
d entirely</div>
<div class=3D"plain_line"> + $action_key =3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Create or update zonefile entry</div>
<div class=3D"plain_line"> +# Returns undef if gui needs to stay in editor=
 mode</div>
<div class=3D"plain_line"> +sub _action_zf_save {</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $name =3D $cgiparams{'ZF_NAME'} // "";</div=
>
<div class=3D"plain_line"> + my $url =3D $cgiparams{'ZF_URL'} // "";</div>
<div class=3D"plain_line"> + my $remark =3D $cgiparams{'ZF_REMARK'} // "";<=
/div>
<div class=3D"plain_line"> + my $enabled =3D 'on'; # Enable new entries by=
 default</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Note on variables:</div>
<div class=3D"plain_line"> + # name =3D unique key, will be used to address =
the entry</div>
<div class=3D"plain_line"> + # action_key =3D name of the entry being edite=
d, empty for new entry</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Only check for unique name if it changed</di=
v>
<div class=3D"plain_line"> + # (this also checks new entries because the ac=
tion_key is empty in this case)</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_zonefile($name, =
$url, $remark, (lc($name) ne lc($action_key)));</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 0);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Edit existing entry: Determine what was chan=
ged</div>
<div class=3D"plain_line"> + if(($action_key) &amp;&amp; (defined $zonefile=
s{$action_key})) {</div>
<div class=3D"plain_line"> + # Name und URL remain unchanged, only save rem=
ark and finish</div>
<div class=3D"plain_line"> + if(($name eq $action_key) &amp;&amp; ($url eq=
 $zonefiles{$action_key}{'url'})) {</div>
<div class=3D"plain_line"> + $zonefiles{$action_key}{'remark'} =3D $remark;=
</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Entry was changed and needs to be recreated, =
preserve status</div>
<div class=3D"plain_line"> + $enabled =3D $zonefiles{$action_key}{'enabled'=
};</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from rpz-config</div>
<div class=3D"plain_line"> + return unless &amp;_action_zf_remove();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add new entry to rpz-config</div>
<div class=3D"plain_line"> + if($enabled eq 'on') {</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'add', $name, $url, '--no-reload');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add to global data hash and save changes</di=
v>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; $enabled,</di=
v>
<div class=3D"plain_line"> + 'url' =3D&gt; $url,</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $remark);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save custom lists</div>
<div class=3D"plain_line"> +sub _action_cl_save {</div>
<div class=3D"plain_line"> + return unless((defined $cgiparams{'ALLOW_LIST'=
}) &amp;&amp; (defined $cgiparams{'BLOCK_LIST'}));</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my @allowlist =3D split(/\R/, $cgiparams{'ALLO=
W_LIST'});</div>
<div class=3D"plain_line"> + my @blocklist =3D split(/\R/, $cgiparams{'BLOC=
K_LIST'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Validate lists</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_customlist(\@al=
lowlist);</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(202, $res=
ult);</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_customlist(\@bl=
ocklist);</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(203, $res=
ult);</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add to global data hash and save changes</di=
v>
<div class=3D"plain_line"> + $customlists{'allow'}{'list'} =3D \@allowlist;=
</div>
<div class=3D"plain_line"> + $customlists{'block'}{'list'} =3D \@blocklist;=
</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'enabled'} =3D (defined=
 $cgiparams{'ALLOW_ENABLED'}) ? 'on' : 'off';</div>
<div class=3D"plain_line"> + $customlists{'block'}{'enabled'} =3D (defined=
 $cgiparams{'BLOCK_ENABLED'}) ? 'on' : 'off';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;_customlists_save_conf();</div>
<div class=3D"plain_line"> + &amp;_customlist_export('allow', $RPZ_ALLOWLIS=
T);</div>
<div class=3D"plain_line"> + &amp;_customlist_export('block', $RPZ_BLOCKLIS=
T);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Make new lists, request service reload on su=
ccess</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-make', 'allowblock', '--no-reload');</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Trigger rpz-config reload</div>
<div class=3D"plain_line"> +sub _action_rpz_reload {</div>
<div class=3D"plain_line"> + return 1 unless &amp;_rpz_needs_reload();</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Immediately clear flag to prevent multiple r=
eloads</div>
<div class=3D"plain_line"> + if(-f $RPZ_RELOAD_FLAG) {</div>
<div class=3D"plain_line"> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove=
 $RPZ_RELOAD_FLAG: $!";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform reload, recreate reload flag on erro=
r to enable retry</div>
<div class=3D"plain_line"> + my $result =3D &amp;General::system('/usr/sbin=
/rpz-config', 'reload');</div>
<div class=3D"plain_line"> + if(not &amp;_rpz_check_result($result, 0)) {</=
div>
<div class=3D"plain_line"> + &amp;General::system('touch', "$RPZ_RELOAD_FLA=
G");</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Trigger unbound restart</div>
<div class=3D"plain_line"> +sub _action_unb_restart {</div>
<div class=3D"plain_line"> + return 1 unless &amp;_rpz_needs_reload();</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Immediately clear flag to prevent multiple r=
estarts</div>
<div class=3D"plain_line"> + if(-f $RPZ_RELOAD_FLAG) {</div>
<div class=3D"plain_line"> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove=
 $RPZ_RELOAD_FLAG: $!";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform restart, unboundctrl always exits ze=
ro</div>
<div class=3D"plain_line"> + &amp;General::system('/usr/local/bin/unboundct=
rl', 'restart');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal rpz-config functions ---###</di=
v>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Translate rpz-config exitcodes and messages</=
div>
<div class=3D"plain_line"> +# 100-199: rpz-config, 200-299: webgui</div>
<div class=3D"plain_line"> +sub _rpz_error_tr {</div>
<div class=3D"plain_line"> + my ($error, $append) =3D @_;</div>
<div class=3D"plain_line"> + $append //=3D '';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Translate numeric exit codes</div>
<div class=3D"plain_line"> + if(looks_like_number($error)) {</div>
<div class=3D"plain_line"> + if(defined $Lang::tr{"rpz exitcode $error"}) {=
</div>
<div class=3D"plain_line"> + $error =3D $Lang::tr{"rpz exitcode $error"};</=
div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return "RPZ $Lang::tr{'error'}: $error" . &amp=
;Header::escape($append);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Check result of rpz-config system call, reque=
st reload on success</div>
<div class=3D"plain_line"> +sub _rpz_check_result {</div>
<div class=3D"plain_line"> + my ($result, $request_reload) =3D @_;</div>
<div class=3D"plain_line"> + $request_reload //=3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # exitcode 0 =3D success</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr($result);=
</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Set reload flag</div>
<div class=3D"plain_line"> + if($request_reload) {</div>
<div class=3D"plain_line"> + &amp;General::system('touch', "$RPZ_RELOAD_FLA=
G");</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Test whether reload flag is set</div>
<div class=3D"plain_line"> +sub _rpz_needs_reload {</div>
<div class=3D"plain_line"> + return (-f $RPZ_RELOAD_FLAG);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Validate a zonefile entry, returns rpz-config =
exitcode on failure. Use _rpz_check_result to verify.</div>
<div class=3D"plain_line"> +# unique =3D check for unique name</div>
<div class=3D"plain_line"> +sub _rpz_validate_zonefile {</div>
<div class=3D"plain_line"> + my ($name, $url, $remark, $unique) =3D @_;</di=
v>
<div class=3D"plain_line"> + $unique //=3D 1;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + unless($name =3D~ /^[a-zA-Z0-9_]{1,32}$/) {</d=
iv>
<div class=3D"plain_line"> + return 101;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + unless($url =3D~ /^[\w+\.:;\/\\&amp;@#%?=3D\-~=
|!]{1,128}$/) {</div>
<div class=3D"plain_line"> + return 105;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + unless($remark =3D~ /^[\w \-()\.:;*\/\\?!&amp;=
=3D]{0,32}$/) {</div>
<div class=3D"plain_line"> + return 201;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check against already existing names</div>
<div class=3D"plain_line"> + if($unique) {</div>
<div class=3D"plain_line"> + foreach my $existing (keys %zonefiles) {</div>
<div class=3D"plain_line"> + if(lc($name) eq lc($existing)) {</div>
<div class=3D"plain_line"> + return 104;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 0;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Validate a custom list, returns number of rej=
ected line on failure. Check for non-zero results.</div>
<div class=3D"plain_line"> +# listref =3D array reference, cleanup =3D remo=
ve invalid entries instead of returning an error</div>
<div class=3D"plain_line"> +sub _rpz_validate_customlist {</div>
<div class=3D"plain_line"> + my ($listref, $cleanup) =3D @_;</div>
<div class=3D"plain_line"> + $cleanup //=3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $index (reverse 0..$#{$listref}) {<=
/div>
<div class=3D"plain_line"> + my $row =3D @$listref[$index];</div>
<div class=3D"plain_line"> + next unless($row); # Skip/allow empty lines</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Reject/remove everything besides wildcard do=
mains and remarks</div>
<div class=3D"plain_line"> + if((not &amp;General::validwildcarddomainname(=
$row)) &amp;&amp; (not $row =3D~ /^;[\w \-()\.:;*\/\\?!&amp;=3D]*$/)) {</di=
v>
<div class=3D"plain_line"> + unless($cleanup) {</div>
<div class=3D"plain_line"> + # +1 for user friendly line number and to ensu=
re non-zero exitcode</div>
<div class=3D"plain_line"> + return $index + 1;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove current row</div>
<div class=3D"plain_line"> + splice(@$listref, $index, 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 0;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal misc functions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Send HTTP 303 redirect headers for post/reque=
st/get pattern</div>
<div class=3D"plain_line"> +# (Must be sent before calling &amp;Header::sho=
whttpheaders())</div>
<div class=3D"plain_line"> +sub _http_prg_redirect {</div>
<div class=3D"plain_line"> + my $location =3D "https://$ENV{'SERVER_NAME'}:=
$ENV{'SERVER_PORT'}$ENV{'SCRIPT_NAME'}";</div>
<div class=3D"plain_line"> + print "Status: 303 See Other\n";</div>
<div class=3D"plain_line"> + print "Location: $location\n";</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> diff --git a/lfs/rpz b/lfs/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..7ddbc38e5</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/lfs/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,96 @@</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall          =
                               #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024  IPFire Team  &lt;info@ipf=
ire.org&gt;                          #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify        #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by        #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or           #</div>
<div class=3D"plain_line"> +# (at your option) any later version.          =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful,             #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of              #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE.  See the               #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details. =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License           #</div>
<div class=3D"plain_line"> +# along with this program.  If not, see &lt;htt=
p://www.gnu.org/licenses/&gt;.       #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#  Definitions</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +include Config</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +SUMMARY    =3D response policy zone - RPZ reput=
ation system for unbound DNS</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +VER        =3D 1.0.0</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +THISAPP    =3D rpz-$(VER)</div>
<div class=3D"plain_line"> +DIR_APP    =3D $(DIR_SRC)/$(THISAPP)</div>
<div class=3D"plain_line"> +TARGET     =3D $(DIR_INFO)/$(THISAPP)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +PROG       =3D rpz</div>
<div class=3D"plain_line"> +PAK_VER    =3D 18</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +DEPS       =3D</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +SERVICES   =3D</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# Top-level Rules</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +install : $(TARGET)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +check :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +download :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +b2 :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +dist:</div>
<div class=3D"plain_line"> + @$(PAK)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# Installation Details</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +$(TARGET) :</div>
<div class=3D"plain_line"> + @$(PREBUILD)</div>
<div class=3D"plain_line"> + @rm -rf $(DIR_APP)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + #  RPZ scripts</div>
<div class=3D"plain_line"> + install --verbose --mode=3D755 \</div>
<div class=3D"plain_line"> +  $(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-s=
leep,rpz-make,rpz-functions} \</div>
<div class=3D"plain_line"> +  --target-directory=3D/usr/sbin</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + #  RPZ config files</div>
<div class=3D"plain_line"> + mkdir -pv /etc/unbound/local.d</div>
<div class=3D"plain_line"> + install --verbose --mode=3D644 --owner=3Dnobod=
y --group=3Dnobody \</div>
<div class=3D"plain_line"> +  $(DIR_CONF)/rpz/00-rpz.conf \</div>
<div class=3D"plain_line"> +  --target-directory=3D/etc/unbound/local.d</di=
v>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /etc=
/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + #  RPZ custom list files for allow and block</=
div>
<div class=3D"plain_line"> + mkdir -pv /var/ipfire/dns/rpz</div>
<div class=3D"plain_line"> + touch /var/ipfire/dns/rpz/{allowlist,blocklist=
}</div>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /var=
/ipfire/dns/rpz</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + #  RPZ zone files</div>
<div class=3D"plain_line"> + #   create empty RPZ config file to avoid a un=
bound config error</div>
<div class=3D"plain_line"> + mkdir -pv /etc/unbound/zonefiles</div>
<div class=3D"plain_line"> + touch /etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /etc=
/unbound/zonefiles</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Install addon-specific language-files</div>
<div class=3D"plain_line"> + install --verbose --mode=3D004 $(DIR_CONF)/rpz=
/rpz.*.pl \</div>
<div class=3D"plain_line"> +  --target-directory=3D/var/ipfire/addon-lang</=
div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Install backup definition</div>
<div class=3D"plain_line"> + cp -vf $(DIR_CONF)/backup/includes/rpz /var/ip=
fire/backup/addons/includes/rpz</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + @rm -rf $(DIR_APP)</div>
<div class=3D"plain_line"> + @$(POSTBUILD)</div>
<div class=3D"plain_line"> diff --git a/make.sh b/make.sh</div>
<div class=3D"plain_line"> index 827ea9e77..a77535b13 100755</div>
<div class=3D"plain_line"> --- a/make.sh</div>
<div class=3D"plain_line"> +++ b/make.sh</div>
<div class=3D"plain_line"> @@ -390,7 +390,7 @@ prepareenv() {</div>
<div class=3D"plain_line"> if [ "${free_space}" -lt "${required_space}" ];=
 then</div>
<div class=3D"plain_line"> # Add any consumed space</div>
<div class=3D"plain_line"> while read -r consumed_space path; do</div>
<div class=3D"plain_line"> - (( free_space +=3D consumed_space / 1024 / 102=
4 ))</div>
<div class=3D"plain_line"> + (( free_space +=3D consumed_space / 1024 / 102=
4 ))</div>
<div class=3D"plain_line"> done &lt;&lt;&lt; "$(du --summarize --bytes "${B=
UILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}" 2&gt;/dev/null)"</div>
<div class=3D"plain_line"> fi</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> @@ -2087,6 +2087,7 @@ build_system() {</div>
<div class=3D"plain_line"> lfsmake2 btrfs-progs</div>
<div class=3D"plain_line"> lfsmake2 inotify-tools</div>
<div class=3D"plain_line"> lfsmake2 grub-btrfs</div>
<div class=3D"plain_line"> + lfsmake2 rpz</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> lfsmake2 linux</div>
<div class=3D"plain_line"> lfsmake2 rtl8812au</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/install.sh b/src/paks/=
rpz/install.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ef99bf742</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/install.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,36 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +extract_files</div>
<div class=3D"plain_line"> +restore_backup ${NAME}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# fix user created files</div>
<div class=3D"plain_line"> +chown --verbose --recursive nobody:nobody \</di=
v>
<div class=3D"plain_line"> + /var/ipfire/dns/rpz    \</div>
<div class=3D"plain_line"> + /etc/unbound/zonefiles \</div>
<div class=3D"plain_line"> + /etc/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  restart unbound to load config file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound restart</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/uninstall.sh b/src/pak=
s/rpz/uninstall.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..e11427df3</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/uninstall.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,38 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  stop unbound to delete RPZ conf file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound stop</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +make_backup ${NAME}</div>
<div class=3D"plain_line"> +remove_files</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  delete rpz config files.  Otherwise unbound=
 will throw error:</div>
<div class=3D"plain_line"> +#    "[1723428668] unbound-control[17117:0] err=
or: connect: Connection refused for 127.0.0.1 port 8953"</div>
<div class=3D"plain_line"> +/bin/rm --verbose --force /etc/unbound/local.d/=
*.rpz.conf</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  start unbound to load unbound config file</d=
iv>
<div class=3D"plain_line"> +/etc/init.d/unbound start</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/update.sh b/src/paks/r=
pz/update.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..9bc340bc6</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/update.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,52 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  IPFire.org - A linux based firewall         =
                               #</div>
<div class=3D"plain_line"> +#  Copyright (C) 2024  IPFire Team  &lt;info@ip=
fire.org&gt;                         #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is free software: you can redis=
tribute it and/or modify       #</div>
<div class=3D"plain_line"> +#  it under the terms of the GNU General Public =
License as published by       #</div>
<div class=3D"plain_line"> +#  the Free Software Foundation, either version =
3 of the License, or          #</div>
<div class=3D"plain_line"> +#  (at your option) any later version.         =
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  This program is distributed in the hope that =
it will be useful,            #</div>
<div class=3D"plain_line"> +#  but WITHOUT ANY WARRANTY; without even the i=
mplied warranty of             #</div>
<div class=3D"plain_line"> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR=
 PURPOSE.  See the              #</div>
<div class=3D"plain_line"> +#  GNU General Public License for more details.=
                               #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +#  You should have received a copy of the GNU G=
eneral Public License          #</div>
<div class=3D"plain_line"> +#  along with this program.  If not, see &lt;ht=
tp://www.gnu.org/licenses/&gt;.      #</div>
<div class=3D"plain_line"> +#                                              =
                               #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  from update.sh</div>
<div class=3D"plain_line"> +extract_backup_includes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  stop unbound to delete RPZ conf file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound stop</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  from uninstall.sh</div>
<div class=3D"plain_line"> +make_backup ${NAME}</div>
<div class=3D"plain_line"> +remove_files</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  delete rpz config files.  Otherwise unbound=
 will throw error:</div>
<div class=3D"plain_line"> +#    "unbound-control[nn:0] error: connect: Con=
nection refused for 127.0.0.1 port 8953"</div>
<div class=3D"plain_line"> +/bin/rm --verbose --force /etc/unbound/local.d/=
*.rpz.conf</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  from install.sh</div>
<div class=3D"plain_line"> +extract_files</div>
<div class=3D"plain_line"> +restore_backup ${NAME}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# fix user created files</div>
<div class=3D"plain_line"> +chown --verbose --recursive nobody:nobody \</di=
v>
<div class=3D"plain_line"> + /var/ipfire/dns/rpz    \</div>
<div class=3D"plain_line"> + /etc/unbound/zonefiles \</div>
<div class=3D"plain_line"> + /etc/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +#  restart unbound to load config files</div>
<div class=3D"plain_line"> +/etc/init.d/unbound start</div>
<div class=3D"plain_line"> --</div>
<div class=3D"plain_line"> 2.39.5</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
</blockquote>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> --</div>
<div class=3D"plain_line"> Jon Murphy</div>
<div class=3D"plain_line"> jon.murphy@ipfire.org</div>
</blockquote>
</blockquote>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> --</div>
<div class=3D"plain_line"> Jon Murphy</div>
<div class=3D"plain_line"> jon.murphy@ipfire.org</div>
</blockquote>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote></div>
</body></html>
--------=_MB18E374EA-1FEF-47A9-B684-97CC26104E9A--