From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-127-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZLwXZ0MPLz335B
	for <archive@lists.ipfire.org>; Mon, 24 Mar 2025 14:33:50 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZLwXT23WGz2yf1
	for <development@lists.ipfire.org>; Mon, 24 Mar 2025 14:33:45 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZLwXR3QPbz7b;
	Mon, 24 Mar 2025 14:33:43 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1742826824;
	h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:  references:references;
	bh=QUvItcCSE/jUEk9SKsTRyjmUSduDu1c98MIx7/uhlF8=;
	b=PTFtXqKPbvZkIxHdwYgOknNnCvdUhV9lPbT+feVBcWxKykWiJ2k928P93nQZ3jSrz8KPYh
	Xgnl2496rWrRXtDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1742826824; h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:  references:references;
	bh=QUvItcCSE/jUEk9SKsTRyjmUSduDu1c98MIx7/uhlF8=;
	b=eTiCfMsvRYGUN/bXkR8cYp+wAwm9p+C1G3o9nbS0EhvEs+CzUJ8xP2gzgUXLIFMS/rSneb
	kVND0S/Qi6MUEUq6nNSXu+UhCa8HfIPPXtbdFqhHNGfmWDggouvnhYpR0SHDg2orLvDDwV
	0Ii5tzunprWhAijug3SKO1adTqSERdMRPXMthBftMtcU/8JX1EgRbPVS3xyrRdn5eOMj5z
	n+lE6WqwlNdnJ56VVwUZjjVPYN5Cg+PrjCel6BSrdrVh/gIrFg7SdvSNuzg0VG6h5xijuT
	GWYsBOlz+o76pG3hNqGapvQtTtMxEkennINAtc3ZnhF2P9J8LsfkQAB9zrytZA==
From: "Jon Murphy" <jon.murphy@ipfire.org>
To: "Michael Tremer" <michael.tremer@ipfire.org>, "Bernhard Bitsch"
 <bbitsch@ipfire.org>
Subject: Re[2]: [PATCH] RPZ: update code to include WEBGUI and additional languages
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Date: Mon, 24 Mar 2025 14:33:41 +0000
Message-Id: <em524a73af-b1c4-46a3-b1bf-bdfbec02d48a@78ba6e0b.com>
In-Reply-To: <64617942-44E2-4E7B-A8AB-D5C22F94F68B@ipfire.org>
References: <20250206163522.2363178-1-jon.murphy@ipfire.org>
 <A0568469-68D8-4C26-9154-E9961F4AAA60@ipfire.org>
 <ED243073-E39A-47BA-BBF0-728A13C439BF@ipfire.org>
 <FEF2E201-5067-429B-A829-A472354FF615@ipfire.org>
 <C28A0D7E-6C16-4F6F-9366-A8498F40631E@ipfire.org>
 <8b594873-86ca-46b9-bb4b-94fd6b0239b1@ipfire.org>
 <A1492735-FF13-4F2B-8F5B-0800FB1D669F@ipfire.org>
 <d970c80d-2c13-4f71-9b0f-356a0f3013c6@ipfire.org>
 <9A0DBDA4-75B0-40D2-AE06-78D9BA5EE7D3@ipfire.org>
 <afcb2a99-1281-43e3-bd3d-d915024683f6@ipfire.org>
 <89101199-33D1-40AC-8CCE-DD97583129F2@ipfire.org>
 <em3ba7826f-2bff-4c2c-bf92-b540b8864013@78ba6e0b.com>
 <8703C3D8-C30C-4A56-9F30-7B90BB1E3027@ipfire.org>
 <502fa002-d6da-45d6-9b3e-d4130e59f50a@ipfire.org>
 <64617942-44E2-4E7B-A8AB-D5C22F94F68B@ipfire.org>
Reply-To: "Jon Murphy" <jon.murphy@ipfire.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------=_MB0D870594-C58D-410D-903E-4878F7455AE4"

--------=_MB0D870594-C58D-410D-903E-4878F7455AE4
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable



And where are these stored?

In `/etc/unbound/zonefiles`:


[root@ipfire ~] # ls -al /etc/unbound/zonefiles
total 20664
drwxr-xr-x 2 nobody nobody     4096 Mar 24 04:40 .
drwxr-xr-x 4 root   root       4096 Mar 19 16:24 ..
-rw-r--r-- 1 nobody nobody  3999087 Mar 23 15:11 adhocSB.rpz
-rw-r--r-- 1 nobody nobody     1411 Mar 23 14:23 allow.rpz
-rw-r--r-- 1 nobody nobody    25355 Mar 24 04:40 AmazonTrkrHZ.rpz
-rw-r--r-- 1 nobody nobody     7241 Mar 24 04:40 AppleTrkrHZ.rpz
-rw-r--r-- 1 nobody nobody      178 Mar 23 14:23 block.rpz
-rw-r--r-- 1 nobody nobody    78496 Mar 24 04:40 DOHblockHZ.rpz
-rw-r--r-- 1 nobody nobody 16983551 Mar 24 04:40 MxProPlusHZ.rpz
-rw-r--r-- 1 nobody nobody     2893 Mar 24 04:40 tldHZ.rpz
-rw-r--r-- 1 nobody nobody    29419 Mar 24 04:40 WinTrkrHZ.rpz
[root@ipfire ~] #



------ Original Message ------
>From "Michael Tremer" <michael.tremer@ipfire.org>
To "Bernhard Bitsch" <bbitsch@ipfire.org>
Cc development@lists.ipfire.org
Date 3/24/2025 9:25:40=E2=80=AFAM
Subject Re: [PATCH] RPZ: update code to include WEBGUI and additional=20
languages

>Hello,
>
>>  On 24 Mar 2025, at 13:33, Bernhard Bitsch <bbitsch@ipfire.org> wrote:
>>
>>
>>
>>  Am 24.03.2025 um 11:17 schrieb Michael Tremer:
>>>  Hello Jon,
>>>>  On 24 Mar 2025, at 00:00, Jon Murphy <jon.murphy@ipfire.org> wrote:
>>>>
>>>>  Michael,
>>>>
>>>>  FYI - I was wrong Unbound RPZ is _not_ watching the serial number, it =
is watching the "refresh", the number after the serial number.
>>>  Refresh just tells the client how often to check for an update.
>>>  If that is actually being set by the list publisher, then we have anot=
her problem here, because they could put some insanely low value there and=
 we would then DDoS their infrastructure. I think we should keep it like we=
 have it in other places that we control how often we want to check or pull=
 for updates.
>>>
>>
>>  You are right. But an extra update process wastes additional processor=
 time. The update mechanism of unbound does the check for update ( however i=
t is realized ) nevertheless.
>
>Yes, doing more things needs resources. But we are not seriously consideri=
ng whether an IPFire system has enough resources to perform the download of =
a text file, or are we?
>
>>>>  I understand that you don=E2=80=99t speak C, but you got the informat=
ion from somewhere. Documentation maybe? Since that is out of date very oft=
en I like to consult the code.
>>>>  From testing.  Downloading rpz files using rpz unbound, and watching=
 what happens.  If the rpz file is setup for "once per day" refresh, then it =
only downloads one time.
>>>>
>>>>
>>>>
>>>>  However that won=E2=80=99t solve our problem . . . and having no cach=
e.
>>>>  In `/etc/unbound/tuning.conf` there is `rrset-cache-size: 128m`. Are=
 you referring to a different cache.
>>>  Naturally unbound is loading the zone into its memory which we general=
ly call cache.
>>>  When I say cache I am thinking about persistent data storage across mu=
ltiple restarts of Unbound. If I am downloading 100 MiB of RPZ lists (which =
is presumably still on the lower end) and I reboot my firewall, I do not w=
ant to download the same data again. We can only ever download a list *once=
* unless we are 100% certain that it has changed. Then we can download it o=
nce again.
>>
>>  The RPZ lists are stored in files in persistent storage. Unbound create=
s the internal cache from these.
>
>And where are these stored?
>
>>>>  Maybe we need to implement both?
>>>>
>>>>  Yes.  There are very few AXFR list (I think only four were found).  A=
nd many more HTTPS rpz files.
>>>>
>>>>
>>>>
>>>>  Jon
>>>>
>>>>
>>>>  ------ Original Message ------
>>>>  From "Michael Tremer" <michael.tremer@ipfire.org>
>>>>  To "Jon Murphy" <jon.murphy@ipfire.org>
>>>>  Cc "IPFire: Development-List" <development@lists.ipfire.org>
>>>>  Date 3/20/2025 11:26:43=E2=80=AFAM
>>>>  Subject Re: [PATCH] RPZ: update code to include WEBGUI and additional =
languages
>>>>
>>>>>  Hello Jon,
>>>>>   Please don=E2=80=99t forget to Cc the list...
>>>>>
>>>>>>
>>>>>>  On 19 Mar 2025, at 18:27, Jon Murphy <jon.murphy@ipfire.org> wrote:
>>>>>>   Michael,
>>>>>>
>>>>>>>
>>>>>>>  Where in the code is this implemented? I cannot find anything like =
this:
>>>>>>
>>>>>>   Keep in mind I am not a "C" person. Maybe in this section?:
>>>>>>   https://git.ipfire.org/?p=3Dthirdparty/unbound.git;a=3Dblob;f=3Dse=
rvices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e678652396615b1b7d#l5875
>>>>>
>>>>>   This where the AXFR response is being handled when doing a DNS zone =
transfer. This code is not being called when performing a HTTP download.
>>>>>   I understand that you don=E2=80=99t speak C, but you got the inform=
ation from somewhere. Documentation maybe? Since that is out of date very o=
ften I like to consult the code.
>>>>>
>>>>>>
>>>>>>  =E2=80=94
>>>>>>   When I was just learning about RPZ I created a separate RPZ file f=
or testing. When I changed the SOA line with a new serial number, the RPZ f=
ile download would happen in about 5 minutes.
>>>>>>   https://people.ipfire.org/~jon/sblack-adhoc.rpz
>>>>>
>>>>>   It might well be that the file is not being reloaded if the downloa=
d matches the content that unbound already has. That would of course save s=
ome resources.
>>>>>   However that won=E2=80=99t solve our problem with redundant downloa=
ds and having no cache.
>>>>>
>>>>>>
>>>>>>  That is how I found out the SOA line is watched for a serial number =
change.
>>>>>>   I=E2=80=99ll reconfirm my findings.
>>>>>>
>>>>>>>
>>>>>>>>>  The second reason is that we have a lot of firewalls out there.=
 Not all of them will enable this feature and all of the lists, but even if=
 it is a good chunk, we will generate terabytes of traffic which put load on =
the infrastructure and will cost money. It simply is not what we want to d=
o, regardless of self-hosting those lists and pulling them from somewhere e=
lse.
>>>>>>
>>>>>>   So I understand, are you thinking of hosting RPZ AXFR (DNS zone tr=
ansfer) on IPFire infrastructure?
>>>>>
>>>>>   No, I don=E2=80=99t think that we can generally do this. The bigges=
t problem is licensing as we cannot take anyones content and host it oursel=
ves. We would re-distribute those lists and that will only work with permis=
sion of the publishers. I assume that would be too much work to actually ge=
t some useful content out there. We might limit ourselves to only those lis=
ts that are under a very permissive license. Nobody wants that.
>>>>>   From a technical point of view, DNS over TCP might not be very nice =
in terms of forging the transfer and so we would need TLS as well=E2=80=A6 =
It should work, but even if we would be able to encourage other people to=
 publish their lists I doubt they would implement DNS over TLS for authorita=
tive DNS. That standard is in very early stages as well.
>>>>>   As far as I can see, those vendors who offer a list as a commercial =
product are using DNS to distribute it (e.g. Spamhaus). Those people who h=
ave made this all a hobby are throwing the lists onto GitHub and let them h=
andle the traffic.
>>>>>   Maybe we need to implement both?
>>>>>   -Michael
>>>>>
>>>>>>
>>>>>>  Jon
>>>>>>     On 3/19/25 5:35 AM, Michael Tremer wrote:
>>>>>>>
>>>>>>>
>>>>>>>  Hello Jon,
>>>>>>>   Where in the code is this implemented? I cannot find anything lik=
e this:
>>>>>>>   Unbound loads the entire file into memory and then starts parsing =
it. The only special treatment there is is to check whether the first line =
is a valid zone entry. It does not even have to be a SOA record.
>>>>>>>   https://git.ipfire.org/?p=3Dthirdparty/unbound.git;a=3Dblob;f=3Ds=
ervices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e678652396615b1b7d#l1188
>>>>>>>   I am also concerned that Unbound will not be able to support an u=
pstream proxy for any downloads. The caching situation is also unclear for=
 me, so I believe that we will be looking at writing a custom downloader tha=
t implements all these things.
>>>>>>>   -Michael
>>>>>>>
>>>>>>>>
>>>>>>>>  On 19 Mar 2025, at 02:58, Jon Murphy <jon.murphy@ipfire.org> wrot=
e:
>>>>>>>>   Michael,
>>>>>>>>
>>>>>>>>>
>>>>>>>>>  The emphasis is on the repeated downloads of the same list. That =
is
>>>>>>>>
>>>>>>>>  =E2=80=8B> what cannot happen.
>>>>>>>>   The Unbound RPZ code, as installed within IPFire, watches for a=
 change
>>>>>>>>  =E2=80=8Bin the SOA line of each RPZ file. This is an example of=
 the first few
>>>>>>>>  =E2=80=8Blines for every RPZ file.
>>>>>>>>   $TTL 300
>>>>>>>>  @ SOA localhost. root.localhost. 1742298960 43200 3600 86400 300
>>>>>>>>  NS localhost.
>>>>>>>>  ;
>>>>>>>>  ; Title: HaGeZi's Pop-Up Ads DNS Blocklist
>>>>>>>>  ; Description: Blocks annoying and malicious pop-up ads.
>>>>>>>>   If the SOA serial number changes (e.g. the 1742298960), then Unb=
ound RPZ
>>>>>>>>  =E2=80=8Bcode does its thing and downloads. Otherwise there is no =
download.
>>>>>>>>
>>>>>>>>>
>>>>>>>>>  So there has to be a way to ensure that we won=E2=80=99t downloa=
d a list again
>>>>>>>>
>>>>>>>>  =E2=80=8B> unless it has actually changed.
>>>>>>>>   This should do what you want but I may be missing your point.
>>>>>>>>
>>>>>>>>>
>>>>>>>>>  DNS has a builtin functionality called AXFR. It simply does the=
 job
>>>>>>>>
>>>>>>>>  =E2=80=8B> for you. I was just wondering whether that was not bei=
ng used.
>>>>>>>>   I need to read about AXFR/IXFR and learn a little more.
>>>>>>>>   Jon
>>>>>>>>   On 3/17/25 5:35 AM, Michael Tremer wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  Good Morning Jon,
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  On 16 Mar 2025, at 17:00, Jon Murphy <jon.murphy@ipfire.org> wr=
ote:
>>>>>>>>>>   Michael,
>>>>>>>>>>   I was reading through you response again an I want to understa=
nd this post:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  I have also stated that we cannot download any lists over HTTP=
S again and again and again. The implementation that we have here seems to=
 exactly do that and therefore I think that my feedback has been dismissed e=
ntirely.
>>>>>>>>>>
>>>>>>>>>>  So if RPZ doesn't use HTTPS, what is it using? I am missing a k=
ey point here.
>>>>>>>>>
>>>>>>>>>  The emphasis is on the repeated downloads of the same list. That =
is what cannot happen.
>>>>>>>>>   Although it might not affect a lot of people in our general use=
r-base, there are some that have a metered connection and will pay for data =
by volume. Some of the lists I looked at are just under 20 MiB. Therefore=
 we need to keep any traffic down to a minimum. The second reason is that we =
have a lot of firewalls out there. Not all of them will enable this featur=
e and all of the lists, but even if it is a good chunk, we will generate te=
rabytes of traffic which put load on the infrastructure and will cost money=
. It simply is not what we want to do, regardless of self-hosting those lis=
ts and pulling them from somewhere else.
>>>>>>>>>   So there has to be a way to ensure that we won=E2=80=99t downlo=
ad a list again unless it has actually changed.
>>>>>>>>>   DNS has a builtin functionality called AXFR. It simply does the =
job for you. I was just wondering whether that was not being used.
>>>>>>>>>   HTTPS is an option because that is simply what we use elsewhere=
, but extra functionality will have to be built for it.
>>>>>>>>>   -Michael
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  Jon
>>>>>>>>>>    On 2/13/25 3:34 PM, jon wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  Michael,
>>>>>>>>>>>   I=E2=80=99ve read through your comments a few times and I end=
ed up with many more questions.
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>  What I rather mean is that it has never been added as a topic =
on the agenda and it has not been pitched by yourself.
>>>>>>>>>>>
>>>>>>>>>>>  To me the efforts to get new code accepted seem to have change=
d and it seemed easier in the past. In the past I made the Core Team aware=
 via the Dev Mailing List and wrote a simple two or three paragraphs of "Wha=
t is it? / What is the value? / Here is the code"
>>>>>>>>>>>    So in an effort to move forward: How exactly is something pr=
esented to the Core Team?
>>>>>>>>>>>   Is there an example of a recent effort that was presented tha=
t I can see as a sample? (This type of info can also be added to the Wiki)
>>>>>>>>>>>   I understand you want it this way, but I don=E2=80=99t know w=
hat exactly is needed. Please be specific.
>>>>>>>>>>>    Jon
>>>>>>>>>>>   PS - I am not ignoring your other comments, I am just trying=
 to move forward and keep things simple.
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>  On Feb 8, 2025, at 1:27=E2=80=AFPM, Michael Tremer <michael.t=
remer@ipfire.org> wrote:
>>>>>>>>>>>>   Hello Jon,
>>>>>>>>>>>>   Thanks for your reply. And good that you are copying everyon=
e into this conversation.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  On 8 Feb 2025, at 18:41, jon <jon.murphy@ipfire.org> wrote:
>>>>>>>>>>>>>   Michael,
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>  I think I have covered this all at lengths before that this =
project has been started as a separate effort
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Yes, this has been a separate effort (a very public separate =
effort). Yes, as you pointed this out early on with the "proof-of-concept" =
and then my request for people to help test RPZ. Nothing was hidden.
>>>>>>>>>>>>>   This was done because you (and maybe others) did not have t=
he time and I wanted to help and because I needed assistance with RPZ. I tr=
ied my best to do this without bothering you.
>>>>>>>>>>>>
>>>>>>>>>>>>  I don=E2=80=99t that it is accurate that nobody wanted to hel=
p on this. The list was always open - although not every email has been rep=
lied to swiftly it is also your responsibility to raise a question again if =
it was missed. People here have open ears.
>>>>>>>>>>>>   It was also stated on this very list on in our documentation =
that working on something without involving the core team is a risky under=
taking. Of course IPFire is free software and so everyone is free to fork i=
f they wish to do so.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  and as far as I am aware none of the other team members has =
been involved. This has not been discussed either on this list, on our cal=
ls.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  You were aware many steps along the way. See your email on J=
uly 28, 2024, August 15, 2024, September 30, 2024, December 23, 2024, and J=
anuary 16. My attempts to get the team involved were met with "things are b=
usy" and sometimes silence. (Yes, I get it, people are busy.)
>>>>>>>>>>>>>   You and Adolf, Leo, Erik and Bernhard have been aware since =
the beginning. You mention you were aware of the "proof-of-concept". If yo=
u include those beginning posts, since Sep 2023.
>>>>>>>>>>>>
>>>>>>>>>>>>  Yes, I am aware of a proof-of-concept that I have been runnin=
g myself for a long time. I am also aware of the efforts that you have been =
taking.
>>>>>>>>>>>>   Yet I don=E2=80=99t think there has ever been any joint effo=
rt, or am I seeing that wrong?
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  This has not been discussed . . . on our calls.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  On the July 28th you stated:
>>>>>>>>>>>>>  "We have talked about RPZ many times on the monthly call sin=
ce the URL filter feature is falling more and more out of fashion. I think=
 there is also many posts about this on the forum."
>>>>>>>>>>>>>   Please don=E2=80=99t insult me again by stating "you know w=
hat I mean".
>>>>>>>>>>>>>   And it has been discussed but not documented in the Monthly =
Meeting notes.
>>>>>>>>>>>>
>>>>>>>>>>>>  I am not at all insulting you. I don=E2=80=99t want to take t=
his down to a personal level at all. This is a public mailing list and peop=
le who read this don=E2=80=99t need to listen to an argument we are having. =
They are here for the tech inside IPFire.
>>>>>>>>>>>>   When I wrote that it has not been discussed that does not me=
an that we have not been touching on the topic. We have been talking about=
 lots of things on the calls, the weather, politics, how our pets are. None=
 of that makes it to the logs. What I rather mean is that it has never been=
 added as a topic on the agenda and it has not been pitched by yourself.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  Instead there has been a separate conversation on the forum =
with the occasional dip here to the list. But that was not a regular two-w=
ay conversation.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Regular conversation on the Dev Mailing list is many times m=
et with silence. I get it, people are busy.
>>>>>>>>>>>>>   And regular two-way conversation doesn=E2=80=99t happen on=
 the list. At least not with me. I=E2=80=99d be happy to point out the posts =
that were met with silence.
>>>>>>>>>>>>>  Again, I get it, people are busy.
>>>>>>>>>>>>
>>>>>>>>>>>>  And you think my emails are not being met with silence? This=
 has nothing to do with this specific topic. This has something to do with h=
ow occupied people are and how engaged they are on certain topics. Not ever=
yone is involved in all the things and simply will ignore emails simply bas=
ed on their subject line.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  But the "dip here to the list" were my attempts to get a con=
versation started. As I said, many time met with silence.
>>>>>>>>>>>>>   The only place I was not met with silence was on the Commun=
ity. You have a great group of people in the Community. It is a shame you d=
on=E2=80=99t want to have others help. It would reduce your workload.
>>>>>>>>>>>>
>>>>>>>>>>>>  You should stop making statements that are not true. Who does=
n=E2=80=99t want anyone to help?
>>>>>>>>>>>>   Not having this conversation on a Saturday evening would red=
uce my workload. At least it would free up time for something else. Helping =
with the things that are already on the go would reduce the workload of th=
e entire team. Starting one thing at a time and finishing it is a lot bette=
r to manage than starting a hundred things and not even finish one. I can t=
ell you that I already have a hundred things on the go.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  Therefore, what am I supposed to do with this email?
>>>>>>>>>>>>>
>>>>>>>>>>>>>  To me it is beyond obvious=E2=80=A6
>>>>>>>>>>>>>   If it isn=E2=80=99t what you want, then guide me with how t=
o do this the correct way. And be specific. I am trying to help. I am tryin=
g to make things better. I am trying to do things the right way.
>>>>>>>>>>>>
>>>>>>>>>>>>  To me it isn=E2=80=99t. This is yet another project that has=
 been dumped to the list like so many before and later on everyone has left=
 to have the team deal with the rest.
>>>>>>>>>>>>   It is a huge patch set. You explained what the vision is, bu=
t that is about it. There is no chance this will continue if this disagreem=
ent isn=E2=80=99t solved first. I didn=E2=80=99t even look at the code.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  I don=E2=80=99t want to merge code that I don=E2=80=99t agr=
ee with.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  I asked multiple times if you "agreed with the concept" and=
 again, met with silence. Yes I get it, people are busy.
>>>>>>>>>>>>
>>>>>>>>>>>>  Having support for RPZ? Yes, it was definitely on the roadmap=
. That I agree with.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  So many fundamental things that I have been raising have ei=
ther not been discussed or outright dismissed.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  You mentioned this a in the past, but for some reason you do =
not disclose what I dismissed. Why do you continue to make this harder, wo=
uldn=E2=80=99t it not be easier to tell me what I have dismissed?
>>>>>>>>>>>>>   I have sent multiple emails trying to answer your concerns=
 and comments. On July 28, Aug 14, Aug 22, Aug 23, Sep 30, etc.
>>>>>>>>>>>>>   I=E2=80=99ve gone through all of the questions you asked an=
d I cannot find a "dismissed" item.
>>>>>>>>>>>>
>>>>>>>>>>>>  Maybe I need to be *more clear*. I feel humoured by this.
>>>>>>>>>>>>   It is late on a Saturday and I want my dinner soon, but cert=
ainly I have stated that this should never be an add-on considering it is s=
upposed to replace URL Filter. We should never allow people to add their ow=
n sources. I have also stated that we cannot download any lists over HTTPS=
 again and again and again. The implementation that we have here seems to ex=
actly do that and therefore I think that my feedback has been dismissed ent=
irely.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  I don=E2=80=99t want to merge code that has no future insid=
e IPFire as there is no constructive conversation with the maintainers of i=
t.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  The maintainers of Unbound and/or RPZ?
>>>>>>>>>>>>>   The maintainers of Hagezi list, the threatfox list, the url=
haus list, etc.?
>>>>>>>>>>>>>   What else? The maintainers or the RPZ scripts? That is me.=
 Let=E2=80=99s talk!
>>>>>>>>>>>>
>>>>>>>>>>>>  You. I don=E2=80=99t care much about the providers of the lis=
ts.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  See, this is where it gets confusing. There are hundreds of=
 open source packages as part of IPFire. Pick the last five years of items a=
dded to the IPFire build. You're telling me you have "constructive conversa=
tion with the maintainers" of all of the added packages?
>>>>>>>>>>>>
>>>>>>>>>>>>  They publish their software and they don=E2=80=99t care wheth=
er I am pulling it or not. They publish it with the commitment to maintain=
 it - sometimes for better and sometimes for worse.
>>>>>>>>>>>>   You care about me pulling your code and I don=E2=80=99t know =
whether you would commit to maintain this.
>>>>>>>>>>>>   These two are very different cases.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Pick the IP Blocklists list (i.e., 3CORESEC, ABUSECH, DSHIEL=
D, SPAMHAUS, etc.) or the Suricata lists (i.e.,Emergingthreats.net <http://=
emergingthreats.net/>,Abuse.ch <http://abuse.ch/>, etc.). So you=E2=80=99ve =
have "constructive conversation with the maintainers"?
>>>>>>>>>>>>
>>>>>>>>>>>>  Yes, occasionally I have phone calls with a few of these prov=
iders.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  Having been trying for a long time to make you aware of thi=
s, nothing of this should come as a surprise.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Ha! Yes a surprise. In the beginning you seemed interested a=
s IPFire needed a replacement for URL Filter. You asked good questions abou=
t the lists picked, asked for the value to the users, etc. And I answered t=
he best I could.
>>>>>>>>>>>>>   You even asked: =E2=80=9CWhy is this realised as an add-on=
 and not part of the core system?=E2=80=9D from your Jul 28, 2024 email.
>>>>>>>>>>>>
>>>>>>>>>>>>  Ah, so, why is the patch creating an add-on? Not that I am sa=
ying that what I say is law, but it has not been challenged either. If my i=
nput is being ignored, why should I put this to the top of my list of prior=
ities? I am not disappointed about this, just trying to be very good with m=
y time.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  And on January 16, 2025 I wrote a message looking for help.=
 And you were kind to respond quickly. So in three weeks time, since the kin=
d response, something has changed. You went from supportive to "this".
>>>>>>>>>>>>>   So yes, I am surprised.
>>>>>>>>>>>>
>>>>>>>>>>>>  Well, maybe I should not have replied to that email. It was c=
lear that you were on some path that was not right, but you were not intere=
sted before in finding the right path from the beginning.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>  Please consider if that can be changed and if there is a pa=
th forward with this.
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Be more specific, what has to change? What exactly did I dis=
miss?
>>>>>>>>>>>>
>>>>>>>>>>>>  Dismissal is just my assumption. I don=E2=80=99t know what yo=
u actually did with my feedback. I can only see the end product that does n=
ot seem contain much of it. Repeatedly I have been pointing out that we sho=
uld think before we build. I am sure a lot of hours have now gone into some =
code that simply does not satisfy me. And I am not not talking about the c=
ode itself, what it does is what I don=E2=80=99t think is right for us.
>>>>>>>>>>>>   The process is very clear for me that we should first of all =
think whether we want a certain feature now. Then there should be a clear=
 roadmap for everyone to follow; tasks can be split-up as we go and hopefull=
y then have something that is maintainable, interesting for our users and e=
ven would do us proud. This is how this should work.
>>>>>>>>>>>>   So, what has to change? I don=E2=80=99t think with shouting=
 at each other, throwing patches around and making me generally unhappy is a =
good start.
>>>>>>>>>>>>   -Michael
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>  Jon
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>  On Feb 6, 2025, at 2:13=E2=80=AFPM, Michael Tremer <michael=
.tremer@ipfire.org> wrote:
>>>>>>>>>>>>>>   Hello Jon,
>>>>>>>>>>>>>>   Well, here we are again with another patch regarding this=
 feature.
>>>>>>>>>>>>>>   I cannot quite see from your email what the question is, b=
ut if this is a request to have this merged into IPFire, I am once again so=
rry to disappoint you.
>>>>>>>>>>>>>>   I think I have covered this all at lengths before that thi=
s project has been started as a separate effort and as far as I am aware no=
ne of the other team members has been involved. This has not been discussed =
either on this list, on our calls. Instead there has been a separate conve=
rsation on the forum with the occasional dip here to the list. But that was =
not a regular two-way conversation. Therefore, what am I supposed to do wi=
th this email?
>>>>>>>>>>>>>>   I don=E2=80=99t want to merge code that I don=E2=80=99t ag=
ree with. So many fundamental things that I have been raising have either n=
ot been discussed or outright dismissed.
>>>>>>>>>>>>>>   I don=E2=80=99t want to merge code that has no future insi=
de IPFire as there is no constructive conversation with the maintainers of=
 it.
>>>>>>>>>>>>>>   Having been trying for a long time to make you aware of th=
is, nothing of this should come as a surprise.
>>>>>>>>>>>>>>   Please consider if that can be changed and if there is a p=
ath forward with this.
>>>>>>>>>>>>>>   All the best,
>>>>>>>>>>>>>>  -Michael
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>  On 6 Feb 2025, at 16:35, Jon Murphy <jon.murphy@ipfire.org=
> wrote:
>>>>>>>>>>>>>>>   What is it?
>>>>>>>>>>>>>>>  Response Policy Zone (RPZ) is a mechanism to define local=
 policies in a
>>>>>>>>>>>>>>>  standardized way and load those policies from external sou=
rces.
>>>>>>>>>>>>>>>  Bottom line: RPZ allows admins to easily block access to w=
ebsites via DNS lookup.
>>>>>>>>>>>>>>>   RPZ can block websites via categories. Examples include:=
 fake websites, annoying
>>>>>>>>>>>>>>>  pop-up ads, newly registered domains, DoH bypass sites, ba=
d "host" services,
>>>>>>>>>>>>>>>  maliscious top level domains (e.g., *.zip, *.mov), piracy, =
gambling, pornography,
>>>>>>>>>>>>>>>  and more. RPZ lists come from various RPZ providers and th=
eir available
>>>>>>>>>>>>>>>  catagories.
>>>>>>>>>>>>>>>   This RPZ add-on enables the RPZ functionality by adding a =
couple lines in a
>>>>>>>>>>>>>>>  configuration file. This add-on simply adds configuration=
 files and adds
>>>>>>>>>>>>>>>  scripts (config, metrics and sleep) to make RPZ easier for =
the admin to use.
>>>>>>>>>>>>>>>   The RPZ scripts include additional languages: German, Spa=
nish, French, Turkish,
>>>>>>>>>>>>>>>  and Italian.
>>>>>>>>>>>>>>>   RPZ itself was release in 2010 and has been part of the I=
PFire build since ~2015.
>>>>>>>>>>>>>>>   Why is it needed? What is its value?
>>>>>>>>>>>>>>>   - The RPZ concept places this filtering into IPFire, our=
 internet access
>>>>>>>>>>>>>>>  gateway, which is (should be) solely used as DNS source of =
the internal network.
>>>>>>>>>>>>>>>   - As most sites use HTTPS it makes it difficult to filter =
traffic with URL
>>>>>>>>>>>>>>>  Filter without also properly configuring conventional (non=
-transparent)
>>>>>>>>>>>>>>>  mode on the proxy. RPZ is a nice replacement for the URL F=
ilter.
>>>>>>>>>>>>>>>   - No need to install and maintain an additional device li=
ke PiHole or AdBlock
>>>>>>>>>>>>>>>  browser extensions on multiple user devices.
>>>>>>>>>>>>>>>   - This is an additional layer of protection for users. Le=
ss worry someone will
>>>>>>>>>>>>>>>  click on something that gets them into trouble. And, sayin=
g this with emphasis,
>>>>>>>>>>>>>>>  the ability to do it in one place!
>>>>>>>>>>>>>>>   - Blocked sites save on unneeded traffic and can lessen t=
he threat of malware
>>>>>>>>>>>>>>>  in advertisements
>>>>>>>>>>>>>>>   - Logging allows the admin to see the site blocked and ta=
ke actions
>>>>>>>>>>>>>>>   - RPZ will be used at the home, home-office (work from ho=
me), schools,
>>>>>>>>>>>>>>>  ministerial, and at the office. Device counts are small (2=
-6) to medium (~80)
>>>>>>>>>>>>>>>  to mediam-large (200+).
>>>>>>>>>>>>>>>   - RPZ can block ads, popups, phishing, scammers, spyware, =
malware, annoying
>>>>>>>>>>>>>>>  popups, NSFW links, DOH servers, and the usual internet tr=
ash.
>>>>>>>>>>>>>>>   ------------------------------
>>>>>>>>>>>>>>>   Change Log for RPZ add-on
>>>>>>>>>>>>>>>   rpz-1.0.0-18 on 2025-02-05
>>>>>>>>>>>>>>>  - Build for approval & release as IPFire add-on
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.18-18.ipfire on 2025-02-01
>>>>>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added a mod key to force a unbound restart
>>>>>>>>>>>>>>>   rpz-config and rpz-make:
>>>>>>>>>>>>>>>  - new feature: added action for unbound restart `rpz-confi=
g unbound-restart`
>>>>>>>>>>>>>>>   rpz-metrics:
>>>>>>>>>>>>>>>  - simple reformatting
>>>>>>>>>>>>>>>  - rename far right column from "last update" to "last down=
load"
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.17-17.ipfire on 2024-12-09
>>>>>>>>>>>>>>>  rpz-make
>>>>>>>>>>>>>>>  - bug fix: corrected validation regex for wildcards like:=
 `*.domain.com`
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.16-16.ipfire on 2024-11-18
>>>>>>>>>>>>>>>  rpz-make
>>>>>>>>>>>>>>>  - new feature: updated validation regex
>>>>>>>>>>>>>>>  - bug fix: moved validation to beginning of process. Now w=
e validate before
>>>>>>>>>>>>>>>  creating config files.
>>>>>>>>>>>>>>>   rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: use CSS color variables of the main ipfire=
 theme
>>>>>>>>>>>>>>>  - bug fix: empty zonefile remarks were stored as =E2=80=9C=
undef=E2=80=9D and caused a warning
>>>>>>>>>>>>>>>  - bug fix: HTML textarea removes the first empty line in a =
custom list
>>>>>>>>>>>>>>>  - thank you Leo!
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.15-15.ipfire on 2024-11-04
>>>>>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added new language file for Turkish (thank=
 you Peppe)
>>>>>>>>>>>>>>>   rpz-make
>>>>>>>>>>>>>>>  - bug fix: corrected empty allow/block list issue. An empt=
y allow/block list
>>>>>>>>>>>>>>>  will now remove contents of allow/block.rpz files and remo=
ve unneeded
>>>>>>>>>>>>>>>  allow/block.conf file. (thank you iptom)
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.14-14.ipfire on 2024-10-29
>>>>>>>>>>>>>>>  rpz-config:
>>>>>>>>>>>>>>>  - bug fix: correct missing rpz extension. `rpz-config list=
` displayed URL
>>>>>>>>>>>>>>>  incorrectly (thank you Bernhard)
>>>>>>>>>>>>>>>   rpz.cgi:
>>>>>>>>>>>>>>>  - bug fix: remove extra `"` in language files (thank you B=
ernhard)
>>>>>>>>>>>>>>>  - new feature: slightly dim "apply" button when not enable=
d
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.13-13.ipfire on 2024-10-27
>>>>>>>>>>>>>>>  - skipped
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.12-12.ipfire on 2024-10-21
>>>>>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added new language file for French (thank y=
ou gw-ipfire)
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.11-11.ipfire on 2024-10-18
>>>>>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added new language file for Italian (thank=
 you umberto)
>>>>>>>>>>>>>>>  - new feature: added new language file for Spanish (thank=
 you Roberto)
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.10-10.ipfire on 2024-10-15
>>>>>>>>>>>>>>>  rpz-make:
>>>>>>>>>>>>>>>  - bug fix: corrected validation error for a custom list en=
try (thank you siosios)
>>>>>>>>>>>>>>>  - e.g., `*.cloudflare-dns.com`
>>>>>>>>>>>>>>>   install.sh:
>>>>>>>>>>>>>>>  - bug fix: add chown to correct user created files
>>>>>>>>>>>>>>>   update.sh:
>>>>>>>>>>>>>>>  - bug fix: add chown to correct user created files (thank=
 you siosios)
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.9-9.ipfire on 2024-10-08
>>>>>>>>>>>>>>>  rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added new language file for German (thank y=
ou Leo)
>>>>>>>>>>>>>>>  - bug fix: add missing "rpz exitcode 110"
>>>>>>>>>>>>>>>  - bug fix: corrected missing RPZ menu item at menu > IPFir=
e
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.8-8.ipfire on 2024-10-04
>>>>>>>>>>>>>>>  - skipped
>>>>>>>>>>>>>>>   ---
>>>>>>>>>>>>>>>   rpz-beta-0.1.7-7.ipfire on 2024-10-03
>>>>>>>>>>>>>>>  All:
>>>>>>>>>>>>>>>  - new feature: includes beta version numbers for pakfire p=
ackage,
>>>>>>>>>>>>>>>  instead of only `rpz-1.0.0-1.ipfire`, for each release.
>>>>>>>>>>>>>>>   rpz.cgi:
>>>>>>>>>>>>>>>  - new feature: added new WebGUI at `rpz.cgi`
>>>>>>>>>>>>>>>  - a BIG thank you to Leo Hofmann for all of his work creat=
ing the webgui!!
>>>>>>>>>>>>>>>  - bug fix: corrected missing RPZ menu item at menu > IPFir=
e
>>>>>>>>>>>>>>>   rpz-make:
>>>>>>>>>>>>>>>  - new feature: validate entries in allowlist and blocklist
>>>>>>>>>>>>>>>  - new feature: add "no-reload" option for WebGUI
>>>>>>>>>>>>>>>   rpz-metrics:
>>>>>>>>>>>>>>>  - new feature: info can be sorted by name, by hit count, b=
y line count, by
>>>>>>>>>>>>>>>  "enabled" list or all lists
>>>>>>>>>>>>>>>   backups:
>>>>>>>>>>>>>>>  - bug fix: include all files in `/var/ipfire/dns/rpz` dire=
ctory in backup
>>>>>>>>>>>>>>>   update.sh:
>>>>>>>>>>>>>>>  - bug fix: corrected ownership for `/var/ipfire/dns/rpz` d=
irectory during an
>>>>>>>>>>>>>>>  update
>>>>>>>>>>>>>>>   Build:
>>>>>>>>>>>>>>>  - bug fix: `block.rpz.conf` and `block.rpz` from build. Fi=
les to be created
>>>>>>>>>>>>>>>  by `rpz-make`
>>>>>>>>>>>>>>>   WebGUI and German language file
>>>>>>>>>>>>>>>  Contribution-by: Leo-Andres Hofmann <hofmann@leo-andres.de=
>
>>>>>>>>>>>>>>>   Spanish language file
>>>>>>>>>>>>>>>  Contribution-by: Roberto Pe=C3=B1a
>>>>>>>>>>>>>>>   Italian language file
>>>>>>>>>>>>>>>  Contribution-by: Umberto Parma
>>>>>>>>>>>>>>>   French language file
>>>>>>>>>>>>>>>  Contribution-by: gw-ipfire
>>>>>>>>>>>>>>>   Turkish language file
>>>>>>>>>>>>>>>  Contribution-by: Peppe Tech
>>>>>>>>>>>>>>>   Contribution-by: Bernhard Bitsch <bbitsch@ipfire.org>
>>>>>>>>>>>>>>>  Contribution-by: Erik Kapfer <erik.kapfer@ipfire.org>
>>>>>>>>>>>>>>>  Signed-off-by: Jon Murphy <jon.murphy@ipfire.org
>>>>>>>>>>>>>>>  ---
>>>>>>>>>>>>>>>  config/backup/includes/rpz | 4 +
>>>>>>>>>>>>>>>  config/cfgroot/manualpages | 1 +
>>>>>>>>>>>>>>>  config/menu/EX-rpz.menu | 6 +
>>>>>>>>>>>>>>>  config/rootfiles/common/configroot | 1 +
>>>>>>>>>>>>>>>  config/rootfiles/common/web-user-interface | 1 +
>>>>>>>>>>>>>>>  config/rootfiles/packages/rpz | 20 +
>>>>>>>>>>>>>>>  config/rpz/00-rpz.conf | 10 +
>>>>>>>>>>>>>>>  config/rpz/rpz-config | 130 +++
>>>>>>>>>>>>>>>  config/rpz/rpz-functions | 85 ++
>>>>>>>>>>>>>>>  config/rpz/rpz-make | 203 +++++
>>>>>>>>>>>>>>>  config/rpz/rpz-metrics | 170 ++++
>>>>>>>>>>>>>>>  config/rpz/rpz-sleep | 58 ++
>>>>>>>>>>>>>>>  config/rpz/rpz.de.pl | 30 +
>>>>>>>>>>>>>>>  config/rpz/rpz.en.pl | 30 +
>>>>>>>>>>>>>>>  config/rpz/rpz.es.pl | 30 +
>>>>>>>>>>>>>>>  config/rpz/rpz.fr.pl | 30 +
>>>>>>>>>>>>>>>  config/rpz/rpz.it.pl | 30 +
>>>>>>>>>>>>>>>  config/rpz/rpz.tr.pl | 30 +
>>>>>>>>>>>>>>>  html/cgi-bin/rpz.cgi | 923 +++++++++++++++++++++
>>>>>>>>>>>>>>>  lfs/rpz | 96 +++
>>>>>>>>>>>>>>>  make.sh | 3 +-
>>>>>>>>>>>>>>>  src/paks/rpz/install.sh | 36 +
>>>>>>>>>>>>>>>  src/paks/rpz/uninstall.sh | 38 +
>>>>>>>>>>>>>>>  src/paks/rpz/update.sh | 52 ++
>>>>>>>>>>>>>>>  24 files changed, 2016 insertions(+), 1 deletion(-)
>>>>>>>>>>>>>>>  create mode 100644 config/backup/includes/rpz
>>>>>>>>>>>>>>>  create mode 100644 config/menu/EX-rpz.menu
>>>>>>>>>>>>>>>  create mode 100644 config/rootfiles/packages/rpz
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/00-rpz.conf
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz-config
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz-functions
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz-make
>>>>>>>>>>>>>>>  create mode 100755 config/rpz/rpz-metrics
>>>>>>>>>>>>>>>  create mode 100755 config/rpz/rpz-sleep
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.de.pl
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.en.pl
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.es.pl
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.fr.pl
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.it.pl
>>>>>>>>>>>>>>>  create mode 100644 config/rpz/rpz.tr.pl
>>>>>>>>>>>>>>>  create mode 100644 html/cgi-bin/rpz.cgi
>>>>>>>>>>>>>>>  create mode 100644 lfs/rpz
>>>>>>>>>>>>>>>  create mode 100644 src/paks/rpz/install.sh
>>>>>>>>>>>>>>>  create mode 100644 src/paks/rpz/uninstall.sh
>>>>>>>>>>>>>>>  create mode 100644 src/paks/rpz/update.sh
>>>>>>>>>>>>>>>   diff --git a/config/backup/includes/rpz b/config/backup/i=
ncludes/rpz
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..36513e494
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/backup/includes/rpz
>>>>>>>>>>>>>>>  @@ -0,0 +1,4 @@
>>>>>>>>>>>>>>>  +/var/ipfire/dns/rpz/*
>>>>>>>>>>>>>>>  +/etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>>>>>  +/etc/unbound/zonefiles/block.rpz
>>>>>>>>>>>>>>>  +/etc/unbound/local.d/*rpz.conf
>>>>>>>>>>>>>>>  diff --git a/config/cfgroot/manualpages b/config/cfgroot/m=
anualpages
>>>>>>>>>>>>>>>  index 1f7e01efc..d3a48c633 100644
>>>>>>>>>>>>>>>  --- a/config/cfgroot/manualpages
>>>>>>>>>>>>>>>  +++ b/config/cfgroot/manualpages
>>>>>>>>>>>>>>>  @@ -70,6 +70,7 @@ pakfire.cgi=3Dconfiguration/ipfire/pakfi=
re
>>>>>>>>>>>>>>>  wlanap.cgi=3Daddons/wireless
>>>>>>>>>>>>>>>  tor.cgi=3Daddons/tor
>>>>>>>>>>>>>>>  samba.cgi=3Daddons/samba
>>>>>>>>>>>>>>>  +rpz.cgi=3Daddons/rpz
>>>>>>>>>>>>>>>   # Logs menu
>>>>>>>>>>>>>>>  logs.cgi/summary.dat=3Dconfiguration/logs/summary
>>>>>>>>>>>>>>>  diff --git a/config/menu/EX-rpz.menu b/config/menu/EX-rpz.=
menu
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..2f4daf410
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/menu/EX-rpz.menu
>>>>>>>>>>>>>>>  @@ -0,0 +1,6 @@
>>>>>>>>>>>>>>>  +$subipfire->{'20.rpz'} =3D {
>>>>>>>>>>>>>>>  + 'caption' =3D> $Lang::tr{'rpz'},
>>>>>>>>>>>>>>>  + 'uri' =3D> '/cgi-bin/rpz.cgi',
>>>>>>>>>>>>>>>  + 'title' =3D> "RPZ",
>>>>>>>>>>>>>>>  + 'enabled' =3D> 1,
>>>>>>>>>>>>>>>  +};
>>>>>>>>>>>>>>>  diff --git a/config/rootfiles/common/configroot b/config/r=
ootfiles/common/configroot
>>>>>>>>>>>>>>>  index 9839eee45..b30d6aae4 100644
>>>>>>>>>>>>>>>  --- a/config/rootfiles/common/configroot
>>>>>>>>>>>>>>>  +++ b/config/rootfiles/common/configroot
>>>>>>>>>>>>>>>  @@ -120,6 +120,7 @@ var/ipfire/menu.d/70-log.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-apcupsd.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-guardian.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-mympd.menu
>>>>>>>>>>>>>>>  +#var/ipfire/menu.d/EX-rpz.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-samba.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-tor.menu
>>>>>>>>>>>>>>>  #var/ipfire/menu.d/EX-transmission.menu
>>>>>>>>>>>>>>>  diff --git a/config/rootfiles/common/web-user-interface b/=
config/rootfiles/common/web-user-interface
>>>>>>>>>>>>>>>  index 816241dae..e00464076 100644
>>>>>>>>>>>>>>>  --- a/config/rootfiles/common/web-user-interface
>>>>>>>>>>>>>>>  +++ b/config/rootfiles/common/web-user-interface
>>>>>>>>>>>>>>>  @@ -69,6 +69,7 @@ srv/web/ipfire/cgi-bin/proxy.cgi
>>>>>>>>>>>>>>>  srv/web/ipfire/cgi-bin/qos.cgi
>>>>>>>>>>>>>>>  srv/web/ipfire/cgi-bin/remote.cgi
>>>>>>>>>>>>>>>  srv/web/ipfire/cgi-bin/routing.cgi
>>>>>>>>>>>>>>>  +#srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>>>>>>>>>  #srv/web/ipfire/cgi-bin/samba.cgi
>>>>>>>>>>>>>>>  srv/web/ipfire/cgi-bin/services.cgi
>>>>>>>>>>>>>>>  srv/web/ipfire/cgi-bin/shutdown.cgi
>>>>>>>>>>>>>>>  diff --git a/config/rootfiles/packages/rpz b/config/rootfi=
les/packages/rpz
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..1c8663049
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rootfiles/packages/rpz
>>>>>>>>>>>>>>>  @@ -0,0 +1,20 @@
>>>>>>>>>>>>>>>  +etc/unbound/local.d/00-rpz.conf
>>>>>>>>>>>>>>>  +etc/unbound/zonefiles
>>>>>>>>>>>>>>>  +etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>>>>>  +usr/sbin/rpz-config
>>>>>>>>>>>>>>>  +usr/sbin/rpz-functions
>>>>>>>>>>>>>>>  +usr/sbin/rpz-make
>>>>>>>>>>>>>>>  +usr/sbin/rpz-metrics
>>>>>>>>>>>>>>>  +usr/sbin/rpz-sleep
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.de.pl
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.en.pl
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.es.pl
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.fr.pl
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.it.pl
>>>>>>>>>>>>>>>  +var/ipfire/addon-lang/rpz.tr.pl
>>>>>>>>>>>>>>>  +var/ipfire/backup/addons/includes/rpz
>>>>>>>>>>>>>>>  +var/ipfire/dns/rpz
>>>>>>>>>>>>>>>  +var/ipfire/dns/rpz/allowlist
>>>>>>>>>>>>>>>  +var/ipfire/dns/rpz/blocklist
>>>>>>>>>>>>>>>  +var/ipfire/menu.d/EX-rpz.menu
>>>>>>>>>>>>>>>  +srv/web/ipfire/cgi-bin/rpz.cgi
>>>>>>>>>>>>>>>  diff --git a/config/rpz/00-rpz.conf b/config/rpz/00-rpz.co=
nf
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..f005a4f2e
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/00-rpz.conf
>>>>>>>>>>>>>>>  @@ -0,0 +1,10 @@
>>>>>>>>>>>>>>>  +server:
>>>>>>>>>>>>>>>  + module-config: "respip validator iterator"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpz:
>>>>>>>>>>>>>>>  + name: allow.rpz
>>>>>>>>>>>>>>>  + zonefile: /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>>>>>  + rpz-action-override: passthru
>>>>>>>>>>>>>>>  + rpz-log: yes
>>>>>>>>>>>>>>>  + rpz-log-name: allow
>>>>>>>>>>>>>>>  + rpz-signal-nxdomain-ra: yes
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz-config b/config/rpz/rpz-config
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..c72d50f9b
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz-config
>>>>>>>>>>>>>>>  @@ -0,0 +1,130 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024-2025 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +version=3D"2025-01-11 - v44"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Functions ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +source /usr/sbin/rpz-functions
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Main ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpzAction=3D"${1}" # input RPZ action
>>>>>>>>>>>>>>>  +rpzName=3D"${2}" # input RPZ name
>>>>>>>>>>>>>>>  +rpzURL=3D"${3}" # input RPZ URL
>>>>>>>>>>>>>>>  +rpzOption1=3D"${4}" # input RPZ option #1
>>>>>>>>>>>>>>>  +rpzOption2=3D"${5}" # input RPZ option #2
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpzConfig=3D"/etc/unbound/local.d/${rpzName}.rpz.conf" #=
 output zone conf file
>>>>>>>>>>>>>>>  +rpzFile=3D"/etc/unbound/zonefiles/${rpzName}.rpz" # outpu=
t for RPZ file
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpzLog=3D"yes" # log default is yes
>>>>>>>>>>>>>>>  +ucReload=3D"yes" # reload default is yes
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>>>>>  + case "$1" in
>>>>>>>>>>>>>>>  + --no-log ) rpzLog=3D"no" ;;
>>>>>>>>>>>>>>>  + --no-reload ) ucReload=3D"no" ; checkConf=3D"no" ;;
>>>>>>>>>>>>>>>  + esac
>>>>>>>>>>>>>>>  + shift # Shift after checking all the cases to get next o=
ption
>>>>>>>>>>>>>>>  +done
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +case "${rpzAction}" in
>>>>>>>>>>>>>>>  + # add new rpz list
>>>>>>>>>>>>>>>  + add )
>>>>>>>>>>>>>>>  + check_name "${rpzName}" # is this a valid name?
>>>>>>>>>>>>>>>  + # does this config already exist? If yes, then exit
>>>>>>>>>>>>>>>  + if [[ -f "${rpzConfig}" ]] ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: duplicate - ${rpzConfig} already ex=
ists. exit"
>>>>>>>>>>>>>>>  + exit 104
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # is this a valid URL?
>>>>>>>>>>>>>>>  + regex=3D'^https://[-[:alnum:]\+&@#/%?=3D~_|!:,.;]*[-[:al=
num:]\+&@#/%=3D~_|]'
>>>>>>>>>>>>>>>  + if ! [[ "${rpzURL}" =3D~ $regex ]] ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: the URL is not valid: \"${rpzURL}\"=
. exit."
>>>>>>>>>>>>>>>  + exit 105
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # create the zone config file
>>>>>>>>>>>>>>>  + {
>>>>>>>>>>>>>>>  + echo "rpz:"
>>>>>>>>>>>>>>>  + echo " name: ${rpzName}.rpz"
>>>>>>>>>>>>>>>  + echo " zonefile: ${rpzFile}"
>>>>>>>>>>>>>>>  + echo " url: ${rpzURL}"
>>>>>>>>>>>>>>>  + echo " rpz-action-override: nxdomain"
>>>>>>>>>>>>>>>  + echo " rpz-log: ${rpzLog}"
>>>>>>>>>>>>>>>  + echo " rpz-log-name: ${rpzName}"
>>>>>>>>>>>>>>>  + echo " rpz-signal-nxdomain-ra: yes"
>>>>>>>>>>>>>>>  + } > "${rpzConfig}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # set-up zonefile
>>>>>>>>>>>>>>>  + # create an empty rpz file if it does not exist
>>>>>>>>>>>>>>>  + if [[ ! -f "${rpzFile}" ]] ; then
>>>>>>>>>>>>>>>  + touch "${rpzFile}"
>>>>>>>>>>>>>>>  + # unbound requires these settings for rpz files
>>>>>>>>>>>>>>>  + set_permissions "${rpzFile}" "${rpzConfig}"
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # trash config file & rpz file
>>>>>>>>>>>>>>>  + remove )
>>>>>>>>>>>>>>>  + if ! [[ -f "${rpzConfig}" ]] ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: cannot remove ${rpzConfig}, does no=
t exist. exit"
>>>>>>>>>>>>>>>  + exit 106
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + msg_log "info: rpz: remove config file & rpz file \"${rp=
zName}\""
>>>>>>>>>>>>>>>  + rm "${rpzConfig}"
>>>>>>>>>>>>>>>  + rm "${rpzFile}"
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + reload )
>>>>>>>>>>>>>>>  + check_unbound_conf "${checkConf}"
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + list )
>>>>>>>>>>>>>>>  + awk -F':' '/^\s*name:/{ gsub(/[[:blank:]]|\.rpz/, "",$2) =
; NAME=3D$2 } \
>>>>>>>>>>>>>>>  + /^\s*url:/{ gsub(/[[:blank:]]/, "") ; print NAME"=3D"$2"=
:"$3} ' \
>>>>>>>>>>>>>>>  + /etc/unbound/local.d/*rpz.conf
>>>>>>>>>>>>>>>  + exit
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + unbound-restart )
>>>>>>>>>>>>>>>  + check_unbound_conf "${checkConf}"
>>>>>>>>>>>>>>>  + unbound_restart
>>>>>>>>>>>>>>>  + exit
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + * )
>>>>>>>>>>>>>>>  + msg_log "error: rpz: missing or incorrect parameter"
>>>>>>>>>>>>>>>  + printf "Usage: $(basename "$0") <ACTION> <NAME> <URL> <O=
PTION> <OPTION>\n"
>>>>>>>>>>>>>>>  + printf "Version: ${version}\n"
>>>>>>>>>>>>>>>  + exit 108
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +esac
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +unbound_control_reload "${ucReload}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +exit
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz-functions b/config/rpz/rpz-fun=
ctions
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..ace1d2690
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz-functions
>>>>>>>>>>>>>>>  @@ -0,0 +1,85 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +version=3D"2024-12-10 - v02"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Functions ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +msg_log () {
>>>>>>>>>>>>>>>  + logger --tag "${tagName}" "$*"
>>>>>>>>>>>>>>>  + if tty --silent ; then
>>>>>>>>>>>>>>>  + echo "${tagName}:" "$*"
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# check for a valid name
>>>>>>>>>>>>>>>  +check_name () {
>>>>>>>>>>>>>>>  + local theName=3D"${1}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + regex=3D'^[a-zA-Z0-9_]+$' # no dash or plus, alpha numer=
ic only
>>>>>>>>>>>>>>>  + regex1=3D'^(allow|block)$' # allow and block are reserve=
d NAMEs
>>>>>>>>>>>>>>>  + if [[ ! "${theName}" =3D~ $regex ]] || [[ "${theName}" =
=3D~ $regex1 ]] ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: the NAME is not valid: \"${theName}=
\". exit."
>>>>>>>>>>>>>>>  + exit 101
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +set_permissions () {
>>>>>>>>>>>>>>>  + chown nobody:nobody "$@"
>>>>>>>>>>>>>>>  + chmod 644 "$@"
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +check_unbound_conf () {
>>>>>>>>>>>>>>>  + local thecheckConf=3D"${1:-yes}" # check config default=
 is yes
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # check the above config files
>>>>>>>>>>>>>>>  + if [[ "${thecheckConf}" =3D=3D yes ]] ; then
>>>>>>>>>>>>>>>  + msg_log "info: rpz: check for errors with \"unbound-chec=
kconf\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if ! unbound-checkconf ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: unbound-checkconf found invalid con=
figuration."
>>>>>>>>>>>>>>>  + msg_log \
>>>>>>>>>>>>>>>  + "error: rpz: In Terminal run the command \"unbound-check=
conf\" for more information. exit."
>>>>>>>>>>>>>>>  + exit 102
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +unbound_control_reload () {
>>>>>>>>>>>>>>>  + local theReload=3D"${1:-yes}" # reload default is yes
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if [[ "${theReload}" =3D=3D yes ]] ; then
>>>>>>>>>>>>>>>  + # reload due to the changes
>>>>>>>>>>>>>>>  + msg_log "info: rpz: run \"unbound-control reload\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if ! unbound-control reload ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: unbound-control reload. exit."
>>>>>>>>>>>>>>>  + exit 109
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +unbound_restart () {
>>>>>>>>>>>>>>>  + # restart due to the changes
>>>>>>>>>>>>>>>  + msg_log "info: rpz: run \"unbound restart\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + /usr/local/bin/unboundctrl restart
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz-make b/config/rpz/rpz-make
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..927d55170
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz-make
>>>>>>>>>>>>>>>  @@ -0,0 +1,203 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024-2025 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +version=3D"2025-01-11 - v14"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Functions ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +source /usr/sbin/rpz-functions
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# create the config file for allow
>>>>>>>>>>>>>>>  +make_allow_config () {
>>>>>>>>>>>>>>>  + local theLog=3D"${1:-yes}" # log default ON
>>>>>>>>>>>>>>>  + local theConfig=3D"/etc/unbound/local.d/00-rpz.conf" # o=
utput zone conf file
>>>>>>>>>>>>>>>  + local theList=3D"/var/ipfire/dns/rpz/allowlist" # input=
 custom list of domains
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + msg_log "info: rpz: make config file \"00-rpz.conf\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + echo "server:
>>>>>>>>>>>>>>>  + module-config: \"respip validator iterator\"" > "${theCo=
nfig}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # does allow list exist?
>>>>>>>>>>>>>>>  + if [[ -s "${theList}" ]] && grep -q . "${theList}" ; the=
n
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + echo "rpz:
>>>>>>>>>>>>>>>  + name: allow.rpz
>>>>>>>>>>>>>>>  + zonefile: /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>>>>>  + rpz-action-override: passthru
>>>>>>>>>>>>>>>  + rpz-log: ${theLog}
>>>>>>>>>>>>>>>  + rpz-log-name: allow
>>>>>>>>>>>>>>>  + rpz-signal-nxdomain-ra: yes" >> "${theConfig}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # set-up zonefile - unbound requires these settings for=
 rpz files
>>>>>>>>>>>>>>>  + set_permissions "${theConfig}"
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# create the config file for block
>>>>>>>>>>>>>>>  +make_block_config () {
>>>>>>>>>>>>>>>  + local theLog=3D"${1:-yes}" # log default ON
>>>>>>>>>>>>>>>  + local theConfig=3D"/etc/unbound/local.d/block.rpz.conf"=
 # output zone conf file
>>>>>>>>>>>>>>>  + local theList=3D"/var/ipfire/dns/rpz/blocklist" # input=
 custom list of domains
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + msg_log "info: rpz: make config file \"block.rpz.conf\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # does block list exist?
>>>>>>>>>>>>>>>  + if [[ -s "${theList}" ]] && grep -q . "${theList}" ; the=
n
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + echo "rpz:
>>>>>>>>>>>>>>>  + name: block.rpz
>>>>>>>>>>>>>>>  + zonefile: /etc/unbound/zonefiles/block.rpz
>>>>>>>>>>>>>>>  + rpz-action-override: nxdomain
>>>>>>>>>>>>>>>  + rpz-log: ${theLog}
>>>>>>>>>>>>>>>  + rpz-log-name: block
>>>>>>>>>>>>>>>  + rpz-signal-nxdomain-ra: yes" > "${theConfig}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # set-up zonefile - unbound requires these settings for=
 rpz files
>>>>>>>>>>>>>>>  + set_permissions "${theConfig}"
>>>>>>>>>>>>>>>  + else
>>>>>>>>>>>>>>>  + # no - trash the config file
>>>>>>>>>>>>>>>  + rm --verbose /etc/unbound/local.d/block.rpz.conf
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# create an RPZ file for allow or block
>>>>>>>>>>>>>>>  +make_rpz_file () {
>>>>>>>>>>>>>>>  + local theName=3D"${1}" # allow or block
>>>>>>>>>>>>>>>  + local theAction=3D'.' # the default is nxdomain or block
>>>>>>>>>>>>>>>  + local actionList
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + local theList=3D"/var/ipfire/dns/rpz/${theName}list" # i=
nput custom list of domains
>>>>>>>>>>>>>>>  + local theZonefile=3D"/etc/unbound/zonefiles/${theName}.r=
pz" # output file for RPZ
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # does a list exist?
>>>>>>>>>>>>>>>  + if [[ -s "${theList}" ]] && grep -q . "${theList}" ; the=
n
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # for allow set to passthru
>>>>>>>>>>>>>>>  + [[ "${theName}" =3D=3D allow ]] && theAction=3D'rpz-pass=
thru.'
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # drop any extra "blanks" and add "CNAME <RPZ action>."=
 to each line
>>>>>>>>>>>>>>>  + actionList=3D$( awk '{$1=3D$1};1' "${theList}" |
>>>>>>>>>>>>>>>  + sed "/^[^;].*[[:alnum:]]/ s|$| CNAME ${theAction}|" )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + msg_log "info: rpz: create zonefile for \"${theName}list=
\""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +echo "; Name: ${theName} list
>>>>>>>>>>>>>>>  +; Last modified: $(date "+%Y-%m-%d at %H.%M.%S %Z")
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +; domains with actions list
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +${actionList}" > "${theZonefile}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # set-up zonefile - unbound requires these settings for=
 rpz files
>>>>>>>>>>>>>>>  + set_permissions "${theZonefile}"
>>>>>>>>>>>>>>>  + # set-up allow/block list files
>>>>>>>>>>>>>>>  + set_permissions "${theList}"
>>>>>>>>>>>>>>>  + else
>>>>>>>>>>>>>>>  + msg_log "info: rpz: the ${theList} is empty."
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + rm --verbose "${theZonefile}" # trash the RPZ file
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# check if allow/block list is valid
>>>>>>>>>>>>>>>  +validate_list () {
>>>>>>>>>>>>>>>  + local theName=3D"${1}" # allow or block
>>>>>>>>>>>>>>>  + local theList=3D"/var/ipfire/dns/rpz/${theName}list" # i=
nput custom list of domains
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # remove good:
>>>>>>>>>>>>>>>  + # - properly formated domain names with or without leadi=
ng wildcard
>>>>>>>>>>>>>>>  + # - properly formated top level domain (TLD) names with=
 wildcard
>>>>>>>>>>>>>>>  + # - blank lines and comment lines
>>>>>>>>>>>>>>>  + # remaining lines are considered "bad"
>>>>>>>>>>>>>>>  + bad_lines=3D$( sed --regexp-extended \
>>>>>>>>>>>>>>>  + '/^(\*\.)?([a-zA-Z0-9](([a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])=
?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])$/d ;
>>>>>>>>>>>>>>>  + /^(\*\.)([a-z]{2,61}|xn--[a-z0-9]{1,60})$/d ;
>>>>>>>>>>>>>>>  + /^$/d ; /^;/d' "${theList}" )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if [[ ! -z "${bad_lines}" ]] ; then
>>>>>>>>>>>>>>>  + msg_log "error: rpz: invalid line(s) in ${theList}."
>>>>>>>>>>>>>>>  + printf "%s\n" "bad line(s): ${bad_lines}"
>>>>>>>>>>>>>>>  + exit 110
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Main ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpzName=3D"${1}" # input RPZ name
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +rpzLog=3D"yes" # log default is yes
>>>>>>>>>>>>>>>  +ucReload=3D"yes" # reload default is yes
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>>>>>  + case "$1" in
>>>>>>>>>>>>>>>  + --no-log ) rpzLog=3D"no" ;;
>>>>>>>>>>>>>>>  + --no-reload ) ucReload=3D"no" ; checkConf=3D"no" ;;
>>>>>>>>>>>>>>>  + esac
>>>>>>>>>>>>>>>  + shift # Shift after checking all the cases to get next o=
ption
>>>>>>>>>>>>>>>  +done
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +case "${rpzName}" in
>>>>>>>>>>>>>>>  + # make a new allow or block rpz file
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + allow )
>>>>>>>>>>>>>>>  + validate_list 'allow' # is the allowlist valid?
>>>>>>>>>>>>>>>  + make_allow_config "${rpzLog}"
>>>>>>>>>>>>>>>  + make_rpz_file 'allow'
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + allowblock )
>>>>>>>>>>>>>>>  + validate_list 'allow' # is the list valid?
>>>>>>>>>>>>>>>  + make_allow_config "${rpzLog}"
>>>>>>>>>>>>>>>  + make_rpz_file 'allow'
>>>>>>>>>>>>>>>  + ;&
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + block )
>>>>>>>>>>>>>>>  + validate_list 'block' # is the blocklist valid?
>>>>>>>>>>>>>>>  + make_block_config "${rpzLog}"
>>>>>>>>>>>>>>>  + make_rpz_file 'block'
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + reload )
>>>>>>>>>>>>>>>  + check_unbound_conf "${checkConf}"
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + unbound-restart )
>>>>>>>>>>>>>>>  + check_unbound_conf "${checkConf}"
>>>>>>>>>>>>>>>  + unbound_restart
>>>>>>>>>>>>>>>  + exit
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + * )
>>>>>>>>>>>>>>>  + msg_log "error: rpz: missing or incorrect parameter"
>>>>>>>>>>>>>>>  + printf "Usage: $(basename "$0") <NAME> <OPTION> <OPTION>=
\n"
>>>>>>>>>>>>>>>  + printf "Version: ${version}\n"
>>>>>>>>>>>>>>>  + exit 108
>>>>>>>>>>>>>>>  + ;;
>>>>>>>>>>>>>>>  +esac
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +unbound_control_reload "${ucReload}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +exit
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz-metrics b/config/rpz/rpz-metri=
cs
>>>>>>>>>>>>>>>  new file mode 100755
>>>>>>>>>>>>>>>  index 000000000..4d43e1629
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz-metrics
>>>>>>>>>>>>>>>  @@ -0,0 +1,170 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +version=3D"2025-01-20 - v25"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Main ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +weeks=3D"2" # default to two message logs
>>>>>>>>>>>>>>>  +sortBy=3D"name" # default "by name"
>>>>>>>>>>>>>>>  +rpzActive=3D"enabled" # default "enabled only"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +while [[ $# -gt 0 ]] ; do
>>>>>>>>>>>>>>>  + case "$1" in
>>>>>>>>>>>>>>>  + --by-names | --by-name | name ) sortBy=3D"name" ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + --by-hits | --by-hit | hits | hit ) sortBy=3D"hit" ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + --by-lines | --by-line | lines | line ) sortBy=3D"line"=
 ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + --by-effect ) sortBy=3D"effect" ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + --enabled-only ) rpzActive=3D"enabled" ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + --active-all | --all | all ) rpzActive=3D"all" ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + [0-9] | [0-9][0-9] ) weeks=3D$1 ;;
>>>>>>>>>>>>>>>  + esac
>>>>>>>>>>>>>>>  + shift # Shift after checking all the cases to get next o=
ption
>>>>>>>>>>>>>>>  +done
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get the list of message logs for N weeks
>>>>>>>>>>>>>>>  +messageLogs=3D$( find /var/log/messages* -type f | sort -=
-version-sort |
>>>>>>>>>>>>>>>  + head -"${weeks}" )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get the list of RPZ names & counts from the message log=
(s)
>>>>>>>>>>>>>>>  +rpzNameCount=3D$( for logf in ${messageLogs} ; do
>>>>>>>>>>>>>>>  + zgrep --text --fixed-strings 'info: rpz: applied' "${log=
f}" |
>>>>>>>>>>>>>>>  + awk '$10 ~ /\[\w*]/ { print $10 }' ;
>>>>>>>>>>>>>>>  + done | sort | uniq --count )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# flip results and remove brackets `[` and `]`
>>>>>>>>>>>>>>>  +rpzNameCount=3D$( echo "${rpzNameCount}" |
>>>>>>>>>>>>>>>  + awk '{ print $2, $1 }' |
>>>>>>>>>>>>>>>  + sed --regexp-extended 's|^\[(.*)\]|\1|' )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# grab only names
>>>>>>>>>>>>>>>  +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ print $1 }' =
)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get list of RPZ files
>>>>>>>>>>>>>>>  +rpzFileList=3D$( find /etc/unbound/zonefiles -type f -ina=
me "*.rpz" )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get basename of those files
>>>>>>>>>>>>>>>  +rpzBaseNames=3D$( echo "${rpzFileList}" |
>>>>>>>>>>>>>>>  + sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g ;' )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# add to rpzNames
>>>>>>>>>>>>>>>  +rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# drop duplicate names
>>>>>>>>>>>>>>>  +rpzNames=3D$( echo "${rpzNames}" | sort --unique )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get line count for each RPZ
>>>>>>>>>>>>>>>  +lineCount=3D$( echo "${rpzFileList}" | xargs wc -l )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get comment line count and blank line count for each RP=
Z
>>>>>>>>>>>>>>>  +commentCount=3D$( echo "${rpzFileList}" | xargs grep --co=
unt -e "^$" -e "^;" )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get modified date each RPZ
>>>>>>>>>>>>>>>  +modDateList=3D$( echo "${rpzFileList}" | xargs stat -c '%=
.10y %n' )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +ucListAuthZones=3D$( unbound-control list_auth_zones )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# get width of RPZ names
>>>>>>>>>>>>>>>  +pWidth=3D$( echo "${rpzNames}" | awk '{ print $1" " }' |=
 wc -L )
>>>>>>>>>>>>>>>  +pFormat=3D"%-${pWidth}s %-8s %-8s %8s %12s %12s\n"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# print title line
>>>>>>>>>>>>>>>  +printf "${pFormat}" "name" "hits" "active" "lines" " hits=
/line" "last download"
>>>>>>>>>>>>>>>  +printf -- "--------------"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +theResults=3D""
>>>>>>>>>>>>>>>  +totalLines=3D0
>>>>>>>>>>>>>>>  +totalHits=3D0
>>>>>>>>>>>>>>>  +while read -r theName
>>>>>>>>>>>>>>>  +do
>>>>>>>>>>>>>>>  + printf -- "--" # pretend progress bar
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # is this RPZ list active?
>>>>>>>>>>>>>>>  + theActive=3D"disabled"
>>>>>>>>>>>>>>>  + if grep --quiet "^${theName}\.rpz" <<< "${ucListAuthZone=
s}"
>>>>>>>>>>>>>>>  + then
>>>>>>>>>>>>>>>  + theActive=3D"enabled"
>>>>>>>>>>>>>>>  + else
>>>>>>>>>>>>>>>  + [[ "${rpzActive}" =3D=3D enabled ]] && continue
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # get hit count
>>>>>>>>>>>>>>>  + theHits=3D"0"
>>>>>>>>>>>>>>>  + if output=3D$( grep "^${theName}\s" <<< "${rpzNameCount}=
" ) ; then
>>>>>>>>>>>>>>>  + theHits=3D$( echo "${output}" | awk '{ print $2 }' )
>>>>>>>>>>>>>>>  + totalHits=3D$(( totalHits + theHits ))
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # get line count
>>>>>>>>>>>>>>>  + theLines=3D"n/a"
>>>>>>>>>>>>>>>  + hitsPerLine=3D"0"
>>>>>>>>>>>>>>>  + if output=3D$( grep --fixed-strings "/${theName}.rpz" <<=
< "${lineCount}" ) ; then
>>>>>>>>>>>>>>>  + theLines=3D$( echo "${output}" | awk '{ print $1 }' )
>>>>>>>>>>>>>>>  + totalLines=3D$(( totalLines + theLines ))
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if [[ "${theLines}" -gt 2 ]] ; then
>>>>>>>>>>>>>>>  + hitsPerLine=3D$(( 100 * theHits / theLines ))
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # get modification date
>>>>>>>>>>>>>>>  + theModDate=3D"n/a"
>>>>>>>>>>>>>>>  + if output=3D$( grep --fixed-strings "/${theName}.rpz" <<=
< "${modDateList}" ) ; then
>>>>>>>>>>>>>>>  + theModDate=3D$( echo "${output}" | awk '{ print $1 }' )
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # add to results list
>>>>>>>>>>>>>>>  + theResults+=3D"${theName} ${theHits} ${theActive} ${theL=
ines} ${hitsPerLine} ${theModDate}"$'\n'
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +done <<< "${rpzNames}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +case "${sortBy}" in
>>>>>>>>>>>>>>>  + # sort by "active" then by "name"
>>>>>>>>>>>>>>>  + name) sortArg=3D(-k3,3r -k1,1) ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # sort by "active" then by "hits" then by "name"
>>>>>>>>>>>>>>>  + hit) sortArg=3D(-k3,3r -k2,2nr -k1,1) ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # sort by "active" then by "lines" then by "name"
>>>>>>>>>>>>>>>  + line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # sort by "active" then by "effect" then by "name"
>>>>>>>>>>>>>>>  + effect) sortArg=3D(-k3,3r -k5,5nr -k1,1) ;;
>>>>>>>>>>>>>>>  +esac
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +printf -- "--------------\n"
>>>>>>>>>>>>>>>  +# remove blank lines, sort, print as columns
>>>>>>>>>>>>>>>  +echo "${theResults}" |
>>>>>>>>>>>>>>>  + awk '!/^[[:space:]]*$/' |
>>>>>>>>>>>>>>>  + sort "${sortArg[@]}" |
>>>>>>>>>>>>>>>  + awk --assign=3Dwidth=3D"${pWidth}" \
>>>>>>>>>>>>>>>  + '{ printf "%-*s %-8s %-8s %8s %10s %% %12s\n", width, $1=
, $2, $3, $4, $5, $6 }'
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D" "" "=3D=3D=
=3D=3D=3D=3D=3D=3D" "" ""
>>>>>>>>>>>>>>>  +printf "${pFormat}" "Totals -->" "${totalHits}" "" "${tot=
alLines}" "" ""
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +exit
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz-sleep b/config/rpz/rpz-sleep
>>>>>>>>>>>>>>>  new file mode 100755
>>>>>>>>>>>>>>>  index 000000000..dd3603599
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz-sleep
>>>>>>>>>>>>>>>  @@ -0,0 +1,58 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +version=3D"2024-08-16" # v05
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Functions ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# send message to message log
>>>>>>>>>>>>>>>  +msg_log () {
>>>>>>>>>>>>>>>  + logger --tag "${tagName}" "$*"
>>>>>>>>>>>>>>>  + if tty --silent ; then
>>>>>>>>>>>>>>>  + echo "${tagName}:" "$*"
>>>>>>>>>>>>>>>  + fi
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +############### Main ###############
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +tagName=3D"unbound"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +sleepTime=3D"${1:-5m}" # default to sleep for 5m (5 minut=
es)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +zoneList=3D$( unbound-control list_auth_zones | awk '{pri=
nt $1}' )
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +for zone in ${zoneList} ; do
>>>>>>>>>>>>>>>  + printf "disable ${zone}\t"
>>>>>>>>>>>>>>>  + unbound-control rpz_disable "${zone}"
>>>>>>>>>>>>>>>  +done
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +msg_log "info: rpz: disabled all zones for ${sleepTime}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +sleep "${sleepTime}"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +for zone in ${zoneList} ; do
>>>>>>>>>>>>>>>  + printf "enable ${zone}\t"
>>>>>>>>>>>>>>>  + unbound-control rpz_enable "${zone}"
>>>>>>>>>>>>>>>  +done
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +msg_log "info: rpz: enabled all zones"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +exit
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.de.pl b/config/rpz/rpz.de.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..3770c6bb0
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.de.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> '=C3=9Cbernehmen',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Benutzerdefinierte Allowlist=
 aktivieren:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Zugelassene Domains (eine pro Z=
eile)<br>Beispiel: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Benutzerdefinierte Allowlist',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Benutzerdefinierte Blocklist=
 aktivieren:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Gesperrte Domains (eine pro Zei=
le)<br>Beispiel: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'Benutzerdefinierte Blocklist',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Benutzerdefinierte Listen',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'Der Name enth=C3=A4lt unzul=C3=
=A4ssige Zeichen',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf hat eine fehle=
rhafte Konfiguration ermittelt. F=C3=BChren Sie das Kommando unbound-checkc=
onf auf der Konsole aus, um weitere Informationen zu erhalten.',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'Die benutzerdefinierte Allow-/Bl=
ocklist ist leer',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'Ein Eintrag mit identischem Name=
n existiert bereits',
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'Die URL ist ung=C3=BCltig',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'Eintrag kann nicht entfernt werd=
en, der Name existiert nicht',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'Der Name ist ung=C3=BCltig - nur =
"allow" oder "block" m=C3=B6glich',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'Fehlende oder inkorrekte Paramet=
er',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control reload ist fehlg=
eschlagen',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'Die benutzerdefinierte Allow-/Bl=
ocklist enth=C3=A4lt unzul=C3=A4ssige Eintr=C3=A4ge',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'Die Anmerkung enth=C3=A4lt unzul=
=C3=A4ssige Zeichen',
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'Ung=C3=BCltiger Eintrag in der b=
enutzerdefinierten Allowlist, Zeile ',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'Ung=C3=BCltiger Eintrag in der b=
enutzerdefinierten Blocklist, Zeile ',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Ausgew=C3=A4hlter Eintrag existi=
ert nicht: ',
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'Zonendatei-Eintrag bearbeiten',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(importiert aus rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Erlaubte Zeichen sind a-z, A-Z=
, 0-9 und Unterstriche',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Zonendateien',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.en.pl b/config/rpz/rpz.en.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..0720a8940
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.en.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> 'Apply',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Enable custom allowlist:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Allowed domains (one per line)<=
br>Example: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Custom allowlist',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Enable custom blocklist:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Blocked domains (one per line)<=
br>Example: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'Custom blocklist',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Custom lists',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'the NAME is not valid',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf found invalid=
 configuration. In the Terminal run the command unbound-checkconf for more i=
nformation',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'the allow/block list is empty',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicate - NAME already exists'=
,
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'the URL is not valid',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'cannot remove the NAME does not=
 exist',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'the NAME is not valid - "allow"=
 or "block" only',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'missing or incorrect parameter',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control reload failed',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'custom Allowlist/Blocklist conta=
ins invalid entries',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'the REMARK is not valid',
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'invalid entry in allowlist, line =
',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'invalid entry in blocklist, line =
',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Selected entry does not exist: '=
,
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'Edit zonefiles entry',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(imported from rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Valid characters are a-z, A-Z, =
0-9 and underscore.',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.es.pl b/config/rpz/rpz.es.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..98628e4aa
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.es.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Zonas de pol=C3=ADtica de respuesta (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> 'Aplicar',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Habilitar la lista blanca per=
sonalizada:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Dominio permitido (uno por l=C3=
=ADnea)<br>Ejemplo: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Lista blanca personalizada',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Habilitar la lista negra pers=
onalizada:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Dominio bloqueado (uno por l=C3=
=ADnea)<br>Ejemplo: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'Lista negra personalizada',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Lista personalizada',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'El NOMBRE no es v=C3=A1lido',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ha encontrado=
 una configuraci=C3=B3n no v=C3=A1lida. Desde Terminal, ejecute el comando u=
nbound-checkconf para mayor informaci=C3=B3n',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'La lista de permitidos/bloqueado=
s est=C3=A1 vac=C3=ADa',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicado - NOMBRE ya existe',
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'la URL no es v=C3=A1lida',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'no es posible eliminar el NOMBRE =
que no existe',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'el NOMBRE no es v=C3=A1lido - s=
=C3=B3lo "permitir" o "bloquear"',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'par=C3=A1metro faltante o incorr=
ecto',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'Error al recargar unbound-contro=
l',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la Lista blanca/Lista negra pers=
onalizada contiene entradas no v=C3=A1lidas',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'el COMENTARIO no es v=C3=A1lido'=
,
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'entrada no v=C3=A1lida en la lis=
ta blanca, l=C3=ADnea ',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'entrada no v=C3=A1lida en la lis=
ta negra, l=C3=ADnea ',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'La entrada seleccionada no exist=
e: ',
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'Editar la entrada de archivos de zo=
na',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(importado de rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Los caracteres v=C3=A1lidos so=
n a-z, A-Z, 0-9 y gui=C3=B3n bajo',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Archivos de zona',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.fr.pl b/config/rpz/rpz.fr.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..f35f3c2d0
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.fr.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> 'Appliquer',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Activer la liste d\'autorisat=
ions personnalis=C3=A9e:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Domaines autoris=C3=A9s (un par =
ligne)<br>Example: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Liste d\'autorisations personnalis=
=C3=A9e',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Activer la liste de blocage p=
ersonnalis=C3=A9e:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Domaines bloqu=C3=A9s (un par l=
igne)<br>Example: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'liste de blocage personnalis=C3=A9',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Listes personnalis=C3=A9es',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'le NOM n\'est pas valide',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf configuration=
 non valide trouv=C3=A9e. Dans le terminal, ex=C3=A9cutez la commande unboun=
d-checkconf pour plus d\'informations',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'la liste autoriser/bloquer est v=
ide',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'le NOM existe d=C3=A9j=C3=A0',
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'L\'URL n\'est pas valide',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'impossible de supprimer le NOM n=
\'existe pas',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'le NOM n\'est pas valide - =C2=
=AB autoriser =C2=BB ou =C2=AB bloquer =C2=BB seulement',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'param=C3=A8tre manquant ou incor=
rect',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control rechargement =C3=
=A9chou=C3=A9',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la liste autoriser/bloquer conti=
ent des entr=C3=A9es non valides',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'la REMARQUE n\'est pas valable',
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'entr=C3=A9e non valide dans la l=
iste d\'autorisation, ligne ',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'entr=C3=A9e non valide dans la l=
iste de blocs, ligne ',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'L\'entr=C3=A9e s=C3=A9lectionn=
=C3=A9e n\'existe pas: ',
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'Modifier l\'entr=C3=A9e Fichiers Zo=
ne',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(import=C3=A9 de rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Les caract=C3=A8res valides so=
nt a-z, A-Z, 0-9 et soulignement.',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Fichiers Zone',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.it.pl b/config/rpz/rpz.it.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..ee81605c9
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.it.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# Added for Response Policy Zone (RPZ) add-on
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> 'Applica',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> 'Abilita la Whitelist personal=
izzata:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Domini consentiti (uno per riga=
)<br>Esempio: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Whitelist personalizzata',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> 'Abilita la Blacklist personal=
izzata:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Domini bloccati (uno per riga)<=
br>Esempio: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'Blacklist personalizzata',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Liste personalizzate',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'il NOME non =C3=A8 valido',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ha trovato una =
configurazione non valida. Dal Terminale esegui il comando unbound-checkco=
nf per maggiori informazioni',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'l\'elenco consentiti/bloccati=
 =C3=A8 vuoto',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'duplicato - NAME esiste di gi=C3=
=A0',
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'l\'URL non =C3=A8 valido',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> 'non =C3=A8 possibile rimuovere i=
l NOME non esiste',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'il NOME non =C3=A8 valido - solo =
"consenti" o "blocca"',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'parametro mancante o non corrett=
o',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'ricaricamento del controllo non=
 associato non riuscito',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'la Whitelist/Blacklist personali=
zzata contiene voci non valide',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'l"OSSERVAZIONE non =C3=A8 valida=
',
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'voce non valida nella Whitelist, =
riga ',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'voce non valida nella Blacklist, =
riga ',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'La voce selezionata non esiste:=
 ',
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'Modifica la voce dei file di zona',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(importato da rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'I caratteri validi sono a-z, A=
-Z, 0-9 e trattino basso',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/config/rpz/rpz.tr.pl b/config/rpz/rpz.tr.pl
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..00226e192
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/config/rpz/rpz.tr.pl
>>>>>>>>>>>>>>>  @@ -0,0 +1,30 @@
>>>>>>>>>>>>>>>  +# I=EF=BF=BDin eklendi Ayriyeten Response Policy Zone (RP=
Z)
>>>>>>>>>>>>>>>  +%tr =3D (%tr,
>>>>>>>>>>>>>>>  +'rpz' =3D> 'Response Policy Zones (RPZ)',
>>>>>>>>>>>>>>>  +'rpz apply' =3D> 'Uygulamak',
>>>>>>>>>>>>>>>  +'rpz cl allow enable' =3D> '=EF=BF=BDzel Etkinlestir allo=
wlist:',
>>>>>>>>>>>>>>>  +'rpz cl allow info' =3D> 'Izin verilmis domains (satir ba=
sina bir)<br>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl allow' =3D> 'Etkinlestir allowlist',
>>>>>>>>>>>>>>>  +'rpz cl block enable' =3D> '=EF=BF=BDzel Etkinlestir bloc=
klist:',
>>>>>>>>>>>>>>>  +'rpz cl block info' =3D> 'Engellenmis domains (satir basi=
na bir)<br>=EF=BF=BDrnegin: domain.com, *.domain.com',
>>>>>>>>>>>>>>>  +'rpz cl block' =3D> 'Engellenmis blocklist',
>>>>>>>>>>>>>>>  +'rpz cl' =3D> 'Engellenmis lists',
>>>>>>>>>>>>>>>  +'rpz exitcode 101' =3D> 'NAME ge=EF=BF=BDerli degil',
>>>>>>>>>>>>>>>  +'rpz exitcode 102' =3D> 'unbound-checkconf ge=EF=BF=BDers=
iz yapilandirma bulundu. Terminalde daha fazla bilgi i=EF=BF=BDin Unbound-c=
heckConf komutunu =EF=BF=BDalistirin',
>>>>>>>>>>>>>>>  +'rpz exitcode 103' =3D> 'allow/block liste bos',
>>>>>>>>>>>>>>>  +'rpz exitcode 104' =3D> 'kopyalamak - NAME zaten var',
>>>>>>>>>>>>>>>  +'rpz exitcode 105' =3D> 'URL ge=EF=BF=BDerli degil',
>>>>>>>>>>>>>>>  +'rpz exitcode 106' =3D> '=EF=BF=BDikarilamiyor NAME yok',
>>>>>>>>>>>>>>>  +'rpz exitcode 107' =3D> 'NAME ge=EF=BF=BDerli degil - "al=
low" veya "block" yalniz',
>>>>>>>>>>>>>>>  +'rpz exitcode 108' =3D> 'Parametre eksik veya yanlis',
>>>>>>>>>>>>>>>  +'rpz exitcode 109' =3D> 'unbound-control basarisiz',
>>>>>>>>>>>>>>>  +'rpz exitcode 110' =3D> 'Engellenmis Allowlist/Blocklist=
 ge=EF=BF=BDersiz girisler i=EF=BF=BDerir',
>>>>>>>>>>>>>>>  +'rpz exitcode 201' =3D> 'REMARK ge=EF=BF=BDerli degil',
>>>>>>>>>>>>>>>  +'rpz exitcode 202' =3D> 'Ge=EF=BF=BDersiz giris allowlist=
, line ',
>>>>>>>>>>>>>>>  +'rpz exitcode 203' =3D> 'Ge=EF=BF=BDersiz giris blocklist=
, line ',
>>>>>>>>>>>>>>>  +'rpz exitcode 204' =3D> 'Se=EF=BF=BDilen giris yok: ',
>>>>>>>>>>>>>>>  +'rpz zf editor' =3D> 'yazimlamak zonefiles giris',
>>>>>>>>>>>>>>>  +'rpz zf imported' =3D> '(ithal edildi rpz-config)',
>>>>>>>>>>>>>>>  +'rpz zf remark info' =3D> 'Ge=EF=BF=BDerli karakterler a-=
z, A-Z, 0-9ve alt=EF=BF=BDst.',
>>>>>>>>>>>>>>>  +'rpz zf' =3D> 'Zonefiles',
>>>>>>>>>>>>>>>  +);
>>>>>>>>>>>>>>>  diff --git a/html/cgi-bin/rpz.cgi b/html/cgi-bin/rpz.cgi
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..a821c92ac
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/html/cgi-bin/rpz.cgi
>>>>>>>>>>>>>>>  @@ -0,0 +1,923 @@
>>>>>>>>>>>>>>>  +#!/usr/bin/perl
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2005-2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +use strict;
>>>>>>>>>>>>>>>  +use Scalar::Util qw(looks_like_number);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# debugging
>>>>>>>>>>>>>>>  +#use warnings;
>>>>>>>>>>>>>>>  +#use CGI::Carp 'fatalsToBrowser';
>>>>>>>>>>>>>>>  +#use Data::Dumper;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +require '/var/ipfire/general-functions.pl';
>>>>>>>>>>>>>>>  +require "${General::swroot}/lang.pl";
>>>>>>>>>>>>>>>  +require "${General::swroot}/header.pl";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Extra HTML ---###
>>>>>>>>>>>>>>>  +my $extraHead =3D <<END
>>>>>>>>>>>>>>>  +<style>
>>>>>>>>>>>>>>>  + /* alternating row background */
>>>>>>>>>>>>>>>  + .tbl tr:nth-child(2n+2) {
>>>>>>>>>>>>>>>  + background-color: var(--color-light-grey);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + .tbl tr:nth-child(2n+3) {
>>>>>>>>>>>>>>>  + background-color: var(--color-grey);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + /* text styles */
>>>>>>>>>>>>>>>  + .tbl th:not(:last-child) {
>>>>>>>>>>>>>>>  + text-align: left;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + div.right {
>>>>>>>>>>>>>>>  + text-align: right;
>>>>>>>>>>>>>>>  + margin-top: 0.5em;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + /* customlist input */
>>>>>>>>>>>>>>>  + textarea.domainlist {
>>>>>>>>>>>>>>>  + margin: 0.5em 0;
>>>>>>>>>>>>>>>  + resize: vertical;
>>>>>>>>>>>>>>>  + min-height: 10em;
>>>>>>>>>>>>>>>  + overflow: auto;
>>>>>>>>>>>>>>>  + white-space: pre;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + button[type=3Dsubmit]:disabled {
>>>>>>>>>>>>>>>  + opacity: 0.6;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +</style>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +###--- End of extra HTML ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +### Settings ###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Request DNS service reload after configuration change
>>>>>>>>>>>>>>>  +my $RPZ_RELOAD_FLAG =3D "${General::swroot}/dns/rpz/reloa=
d.flag";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Configuration file for all available zonefiles
>>>>>>>>>>>>>>>  +# Format: index, name (unique), enabled (on/off), URL, re=
mark
>>>>>>>>>>>>>>>  +my $ZONEFILES_CONF =3D "${General::swroot}/dns/rpz/zonefi=
les.conf";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Configuration file for custom lists
>>>>>>>>>>>>>>>  +# IDs: 0=3Dallowlist, 1=3Dblocklist, 2=3Doptions (allow/b=
lock enabled)
>>>>>>>>>>>>>>>  +my $CUSTOMLISTS_CONF =3D "${General::swroot}/dns/rpz/cust=
omlists.conf";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Export custom lists to rpz-config
>>>>>>>>>>>>>>>  +my $RPZ_ALLOWLIST =3D "${General::swroot}/dns/rpz/allowli=
st";
>>>>>>>>>>>>>>>  +my $RPZ_BLOCKLIST =3D "${General::swroot}/dns/rpz/blockli=
st";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +### Preparation ###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Create missing config files
>>>>>>>>>>>>>>>  +unless(-f $ZONEFILES_CONF) { &General::system('touch', "$=
ZONEFILES_CONF"); }
>>>>>>>>>>>>>>>  +unless(-f $CUSTOMLISTS_CONF) { &General::system('touch',=
 "$CUSTOMLISTS_CONF"); }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +## Global gui data
>>>>>>>>>>>>>>>  +my $errormessage =3D "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +## Global configuration data
>>>>>>>>>>>>>>>  +my %zonefiles =3D ();
>>>>>>>>>>>>>>>  +my %customlists =3D ();
>>>>>>>>>>>>>>>  +&_zonefiles_load();
>>>>>>>>>>>>>>>  +&_customlists_load();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +## Global CGI form data
>>>>>>>>>>>>>>>  +my %cgiparams =3D ();
>>>>>>>>>>>>>>>  +&Header::getcgihash(\%cgiparams);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +my $action =3D $cgiparams{'ACTION'} // 'NONE';
>>>>>>>>>>>>>>>  +my $action_key =3D $cgiparams{'KEY'} // ''; # entry being =
edited, empty =3D none/new
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Process form actions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Zonefiles action: Check whether the requested entry exi=
sts
>>>>>>>>>>>>>>>  +if((substr($action, 0, 3) eq 'ZF_') && ($action_key)) {
>>>>>>>>>>>>>>>  + unless(defined $zonefiles{$action_key}) {
>>>>>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(204, $action_key);
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +## Perform actions
>>>>>>>>>>>>>>>  +if($action eq 'ZF_SAVE') { ## Save new or modified zonefi=
les entry
>>>>>>>>>>>>>>>  + if(&_action_zf_save()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE'; # success, return to main page
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + $action =3D 'ZF_EDIT'; # error occured, keep editing
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +} elsif($action eq 'ZF_TOGGLE') { ## Toggle on/off
>>>>>>>>>>>>>>>  + if(&_action_zf_toggle()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +} elsif($action eq 'ZF_REMOVE') { ## Remove entry
>>>>>>>>>>>>>>>  + if(&_action_zf_remove()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +} elsif($action eq 'CL_SAVE') { ## Save custom lists
>>>>>>>>>>>>>>>  + if(&_action_cl_save()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +} elsif($action eq 'RPZ_RELOAD') { ## Reload dns configur=
ation
>>>>>>>>>>>>>>>  + if(&_action_rpz_reload()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +} elsif($action eq 'UNB_RESTART') { ## Restart unbound se=
rvice
>>>>>>>>>>>>>>>  + if(&_action_unb_restart()) {
>>>>>>>>>>>>>>>  + $action =3D 'NONE';
>>>>>>>>>>>>>>>  + &_http_prg_redirect();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Start GUI ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +## Start http output
>>>>>>>>>>>>>>>  +&Header::showhttpheaders();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Start HTML
>>>>>>>>>>>>>>>  +&Header::openpage($Lang::tr{'rpz'}, 1, $extraHead);
>>>>>>>>>>>>>>>  +&Header::openbigbox('100%', 'left', '');
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show error messages
>>>>>>>>>>>>>>>  +if($errormessage) {
>>>>>>>>>>>>>>>  + &_print_message($errormessage);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Handle zonefile add/edit mode
>>>>>>>>>>>>>>>  +if($action eq "ZF_EDIT") {
>>>>>>>>>>>>>>>  + &_print_zonefile_editor();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Finalize page and exit cleanly
>>>>>>>>>>>>>>>  + &Header::closebigbox();
>>>>>>>>>>>>>>>  + &Header::closepage();
>>>>>>>>>>>>>>>  + exit(0);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show gui elements
>>>>>>>>>>>>>>>  +&_print_zonefiles();
>>>>>>>>>>>>>>>  +&_print_customlists();
>>>>>>>>>>>>>>>  +&_print_gui_extras();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +&Header::closebigbox();
>>>>>>>>>>>>>>>  +&Header::closepage();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- End of GUI ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Internal configuration file functions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Load all available zonefiles from rpz-config and the in=
ternal configuration
>>>>>>>>>>>>>>>  +sub _zonefiles_load {
>>>>>>>>>>>>>>>  + # Clean start
>>>>>>>>>>>>>>>  + %zonefiles =3D ();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Source 1: Get the currently enabled zonefiles from rpz=
-config (expected format [name]=3D[URL])
>>>>>>>>>>>>>>>  + my @enabled_files =3D &General::system_output('/usr/sbin=
/rpz-config', 'list');
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + foreach my $row (@enabled_files) {
>>>>>>>>>>>>>>>  + chomp($row);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Use regex instead of split() to skip non-matching line=
s
>>>>>>>>>>>>>>>  + next unless($row =3D~ /^(\w+)=3D(.+)$/);
>>>>>>>>>>>>>>>  + my ($name, $url) =3D ($1, $2);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Unique names are already guaranteed by rpz-config
>>>>>>>>>>>>>>>  + if(&_rpz_validate_zonefile($name, $url, '', 0) =3D=3D 0) =
{
>>>>>>>>>>>>>>>  + # Populate global data hash, mark all found entries as e=
nabled
>>>>>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> 'on',
>>>>>>>>>>>>>>>  + 'url' =3D> $url,
>>>>>>>>>>>>>>>  + 'remark' =3D> $Lang::tr{'rpz zf imported'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Source 2: Get additional data and disabled entries fro=
m configuration file
>>>>>>>>>>>>>>>  + my %configured_files =3D ();
>>>>>>>>>>>>>>>  + &General::readhasharray($ZONEFILES_CONF, \%configured_fi=
les);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + foreach my $row (values (%configured_files)) {
>>>>>>>>>>>>>>>  + my ($name, $enabled, $url, $remark) =3D @$row;
>>>>>>>>>>>>>>>  + $remark //=3D "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + next unless($name);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Check whether this row belongs to an entry already imp=
orted from rpz-config
>>>>>>>>>>>>>>>  + if(defined $zonefiles{$name}) {
>>>>>>>>>>>>>>>  + # Existing entry, only merge additional data
>>>>>>>>>>>>>>>  + $zonefiles{$name}{'remark'} =3D $remark;
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + # Skip entry if it is marked as enabled but not found by =
rpz-config. It was then deleted manually
>>>>>>>>>>>>>>>  + if($enabled ne 'on') {
>>>>>>>>>>>>>>>  + # Populate global data hash
>>>>>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> 'off',
>>>>>>>>>>>>>>>  + 'url' =3D> $url // "",
>>>>>>>>>>>>>>>  + 'remark' =3D> $remark);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Save internal zonefiles configuration
>>>>>>>>>>>>>>>  +sub _zonefiles_save_conf {
>>>>>>>>>>>>>>>  + my $index =3D 0;
>>>>>>>>>>>>>>>  + my %export =3D ();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Loop trough all zonefiles and create "hasharray" type=
 export
>>>>>>>>>>>>>>>  + foreach my $name (keys %zonefiles) {
>>>>>>>>>>>>>>>  + my @entry =3D ($name,
>>>>>>>>>>>>>>>  + $zonefiles{$name}{'enabled'},
>>>>>>>>>>>>>>>  + $zonefiles{$name}{'url'},
>>>>>>>>>>>>>>>  + $zonefiles{$name}{'remark'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $export{$index++} =3D \@entry;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &General::writehasharray($ZONEFILES_CONF, \%export);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Load custom lists from rpz-config and the internal conf=
iguration
>>>>>>>>>>>>>>>  +sub _customlists_load {
>>>>>>>>>>>>>>>  + # Clean start
>>>>>>>>>>>>>>>  + %customlists =3D ();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Load configuration file
>>>>>>>>>>>>>>>  + my %lists_conf =3D ();
>>>>>>>>>>>>>>>  + &General::readhasharray($CUSTOMLISTS_CONF, \%lists_conf)=
;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Get list options, enabled by default to start import
>>>>>>>>>>>>>>>  + $customlists{'allow'}{'enabled'} =3D $lists_conf{2}[0] /=
/ 'on';
>>>>>>>>>>>>>>>  + $customlists{'block'}{'enabled'} =3D $lists_conf{2}[1] /=
/ 'on';
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Import enabled list from rpz-config, otherwise retriev=
e stored or empty list from configuration file
>>>>>>>>>>>>>>>  + if($customlists{'allow'}{'enabled'} eq 'on') {
>>>>>>>>>>>>>>>  + &_customlist_import('allow', $RPZ_ALLOWLIST);
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + $customlists{'allow'}{'list'} =3D $lists_conf{0} // [];
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + if($customlists{'block'}{'enabled'} eq 'on') {
>>>>>>>>>>>>>>>  + &_customlist_import('block', $RPZ_BLOCKLIST);
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + $customlists{'block'}{'list'} =3D $lists_conf{1} // [];
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Save internal custom lists configuration
>>>>>>>>>>>>>>>  +sub _customlists_save_conf {
>>>>>>>>>>>>>>>  + my %export =3D ();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Match IDs with import function
>>>>>>>>>>>>>>>  + $export{0} =3D $customlists{'allow'}{'list'};
>>>>>>>>>>>>>>>  + $export{1} =3D $customlists{'block'}{'list'};
>>>>>>>>>>>>>>>  + $export{2} =3D [$customlists{'allow'}{'enabled'}, $custo=
mlists{'block'}{'enabled'}];
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &General::writehasharray($CUSTOMLISTS_CONF, \%export);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Import a custom list from plain file, returns empty lis=
t if file is missing
>>>>>>>>>>>>>>>  +sub _customlist_import {
>>>>>>>>>>>>>>>  + my ($listname, $filename) =3D @_;
>>>>>>>>>>>>>>>  + my @list =3D ();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # File exists, load and check all lines
>>>>>>>>>>>>>>>  + if(-f $filename) {
>>>>>>>>>>>>>>>  + open(my $FH, '<', $filename) or die "Can't read $filenam=
e: $!";
>>>>>>>>>>>>>>>  + while(my $line =3D <$FH>) {
>>>>>>>>>>>>>>>  + chomp($line);
>>>>>>>>>>>>>>>  + push(@list, $line);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + close($FH);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Clean up imported data
>>>>>>>>>>>>>>>  + &_rpz_validate_customlist(\@list, 1);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $customlists{$listname}{'list'} =3D \@list;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Export a custom list to plain file or clear file if lis=
t is disabled
>>>>>>>>>>>>>>>  +sub _customlist_export {
>>>>>>>>>>>>>>>  + my ($listname, $filename) =3D @_;
>>>>>>>>>>>>>>>  + return unless(defined $customlists{$listname});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Write enabled domain list to file, otherwise save empt=
y file
>>>>>>>>>>>>>>>  + open(my $FH, '>', $filename) or die "Can't write $filena=
me: $!";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + if($customlists{$listname}{'enabled'} eq 'on') {
>>>>>>>>>>>>>>>  + foreach my $line (@{$customlists{$listname}{'list'}}) {
>>>>>>>>>>>>>>>  + print $FH "$line\n";
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + print $FH "; Note: This list is currently disabled by $E=
NV{'SCRIPT_NAME'}\n";
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + close($FH);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Internal gui functions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show simple message box
>>>>>>>>>>>>>>>  +sub _print_message {
>>>>>>>>>>>>>>>  + my ($message, $title) =3D @_;
>>>>>>>>>>>>>>>  + $title ||=3D $Lang::tr{'error messages'};
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::openbox('100%', 'left', $title);
>>>>>>>>>>>>>>>  + print "<span>$message</span>";
>>>>>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show all zone files and related gui elements
>>>>>>>>>>>>>>>  +sub _print_zonefiles {
>>>>>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  +<table class=3D"tbl" width=3D"100%">
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <th>$Lang::tr{'name'}</th>
>>>>>>>>>>>>>>>  + <th>URL</th>
>>>>>>>>>>>>>>>  + <th>$Lang::tr{'remark'}</th>
>>>>>>>>>>>>>>>  + <th colspan=3D"3">$Lang::tr{'action'}</th>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Sort zonefiles by name and loop trough all entries
>>>>>>>>>>>>>>>  + foreach my $name (sort keys %zonefiles) {
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Toggle button label translation
>>>>>>>>>>>>>>>  + my $toggle_tr =3D ($zonefiles{$name}{'enabled'} eq 'on') =
? $Lang::tr{'click to disable'} : $Lang::tr{'click to enable'};
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td>$name</td>
>>>>>>>>>>>>>>>  + <td>$zonefiles{$name}{'url'}</td>
>>>>>>>>>>>>>>>  + <td>$zonefiles{$name}{'remark'}</td>
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_TOGGL=
E">
>>>>>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/$zonefiles{$name}{'=
enabled'}.gif" title=3D"$toggle_tr" alt=3D"$toggle_tr">
>>>>>>>>>>>>>>>  + </form>
>>>>>>>>>>>>>>>  + </td>
>>>>>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_EDIT"=
>
>>>>>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/edit.gif" title=3D"=
$Lang::tr{'edit'}" alt=3D"$Lang::tr{'edit'}">
>>>>>>>>>>>>>>>  + </form>
>>>>>>>>>>>>>>>  + </td>
>>>>>>>>>>>>>>>  + <td align=3D"center" width=3D"5%">
>>>>>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"$name">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"ACTION" value=3D"ZF_REMOV=
E">
>>>>>>>>>>>>>>>  + <input type=3D"image" src=3D"/images/delete.gif" title=
=3D"$Lang::tr{'remove'}" alt=3D"$Lang::tr{'remove'}">
>>>>>>>>>>>>>>>  + </form>
>>>>>>>>>>>>>>>  + </td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Disable reload button if not needed
>>>>>>>>>>>>>>>  + my $reload_state =3D &_rpz_needs_reload() ? "" : " disab=
led";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  +</table>
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +<div class=3D"right">
>>>>>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  + <input type=3D"hidden" name=3D"KEY" value=3D"">
>>>>>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"ZF_EDIT=
">$Lang::tr{'add'}</button>
>>>>>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_REL=
OAD" class=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>>>>>>>>>  + </form>
>>>>>>>>>>>>>>>  +</div>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show zonefiles entry editor
>>>>>>>>>>>>>>>  +sub _print_zonefile_editor {
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Key specified: Edit existing entry
>>>>>>>>>>>>>>>  + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>>>>>>>>>  + # Load data to be edited, but don't override already pre=
sent values (allows user to edit after error)
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_NAME'} //=3D $action_key;
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_URL'} //=3D $zonefiles{$action_key}{'url'=
};
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_REMARK'} //=3D $zonefiles{$action_key}{'r=
emark'};
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Fallback to empty form
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_NAME'} //=3D "";
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_URL'} //=3D "";
>>>>>>>>>>>>>>>  + $cgiparams{'ZF_REMARK'} //=3D "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz zf edito=
r'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  +<input type=3D"hidden" name=3D"KEY" value=3D"$action_key"=
>
>>>>>>>>>>>>>>>  +<table width=3D"100%">
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td width=3D"20%">$Lang::tr{'name'}:&nbsp;<img src=3D"/b=
lob.gif" alt=3D"*"></td>
>>>>>>>>>>>>>>>  + <td><input type=3D"text" name=3D"ZF_NAME" value=3D"$cgip=
arams{'ZF_NAME'}" size=3D"40" maxlength=3D"32" title=3D"$Lang::tr{'rpz zf r=
emark info'}" pattern=3D"[a-zA-Z0-9_]{1,32}" required></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td width=3D"20%">URL:&nbsp;<img src=3D"/blob.gif" alt=
=3D"*"></td>
>>>>>>>>>>>>>>>  + <td><input type=3D"url" name=3D"ZF_URL" value=3D"$cgipar=
ams{'ZF_URL'}" size=3D"40" maxlength=3D"128" required></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td width=3D"20%">$Lang::tr{'remark'}:</td>
>>>>>>>>>>>>>>>  + <td><input type=3D"text" name=3D"ZF_REMARK" value=3D"$cg=
iparams{'ZF_REMARK'}" size=3D"40" maxlength=3D"32"></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td colspan=3D"2"><hr></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td width=3D"55%"><img src=3D"/blob.gif" alt=3D"*">&nbsp=
;$Lang::tr{'required field'}</td>
>>>>>>>>>>>>>>>  + <td align=3D"right"><button type=3D"submit" name=3D"ACTI=
ON" value=3D"ZF_SAVE">$Lang::tr{'save'}</button></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  +</table>
>>>>>>>>>>>>>>>  +</form>
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +<div class=3D"right">
>>>>>>>>>>>>>>>  + <form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"NONE">$=
Lang::tr{'back'}</button>
>>>>>>>>>>>>>>>  + </form>
>>>>>>>>>>>>>>>  +</div>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Show custom allow/block files and related gui elements
>>>>>>>>>>>>>>>  +sub _print_customlists {
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Load lists from config, unless they are currently bein=
g edited
>>>>>>>>>>>>>>>  + if($action ne 'CL_SAVE') {
>>>>>>>>>>>>>>>  + $cgiparams{'ALLOW_LIST'} =3D join("\n", @{$customlists{'=
allow'}{'list'}});
>>>>>>>>>>>>>>>  + $cgiparams{'BLOCK_LIST'} =3D join("\n", @{$customlists{'=
block'}{'list'}});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $cgiparams{'ALLOW_ENABLED'} =3D ($customlists{'allow'}{'=
enabled'} eq 'on') ? 'on' : undef;
>>>>>>>>>>>>>>>  + $cgiparams{'BLOCK_ENABLED'} =3D ($customlists{'block'}{'=
enabled'} eq 'on') ? 'on' : undef;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Fallback to empty form
>>>>>>>>>>>>>>>  + $cgiparams{'ALLOW_LIST'} //=3D "";
>>>>>>>>>>>>>>>  + $cgiparams{'BLOCK_LIST'} //=3D "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # HTML checkboxes, unchecked =3D no or undef value in PO=
ST data
>>>>>>>>>>>>>>>  + my %checked =3D ();
>>>>>>>>>>>>>>>  + $checked{'ALLOW_ENABLED'} =3D (defined $cgiparams{'ALLOW=
_ENABLED'}) ? " checked" : "";
>>>>>>>>>>>>>>>  + $checked{'BLOCK_ENABLED'} =3D (defined $cgiparams{'BLOCK=
_ENABLED'}) ? " checked" : "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Disable reload button if not needed
>>>>>>>>>>>>>>>  + my $reload_state =3D &_rpz_needs_reload() ? "" : " disab=
led";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::openbox('100%', 'left', $Lang::tr{'rpz cl'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  +<form method=3D"post" action=3D"$ENV{'SCRIPT_NAME'}">
>>>>>>>>>>>>>>>  +<table width=3D"100%">
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td colspan=3D"2"><b>$Lang::tr{'rpz cl allow'}</b><br>$L=
ang::tr{'rpz cl allow info'}</td>
>>>>>>>>>>>>>>>  + <td colspan=3D"2"><b>$Lang::tr{'rpz cl block'}</b><br>$L=
ang::tr{'rpz cl block info'}</td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td colspan=3D"2"><textarea name=3D"ALLOW_LIST" class=3D=
"domainlist" cols=3D"45">
>>>>>>>>>>>>>>>  +$cgiparams{'ALLOW_LIST'}</textarea></td>
>>>>>>>>>>>>>>>  + <td colspan=3D"2"><textarea name=3D"BLOCK_LIST" class=3D=
"domainlist" cols=3D"45">
>>>>>>>>>>>>>>>  +$cgiparams{'BLOCK_LIST'}</textarea></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td><label for=3D"allow_enabled">$Lang::tr{'rpz cl allow =
enable'}</label></td>
>>>>>>>>>>>>>>>  + <td width=3D"15%"><input type=3D"checkbox" name=3D"ALLOW=
_ENABLED" id=3D"allow_enabled"$checked{'ALLOW_ENABLED'}></td>
>>>>>>>>>>>>>>>  + <td><label for=3D"block_enabled">$Lang::tr{'rpz cl block =
enable'}</label></td>
>>>>>>>>>>>>>>>  + <td width=3D"15%"><input type=3D"checkbox" name=3D"BLOCK=
_ENABLED" id=3D"block_enabled"$checked{'BLOCK_ENABLED'}></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td colspan=3D"4"><hr></td>
>>>>>>>>>>>>>>>  + </tr>
>>>>>>>>>>>>>>>  + <tr>
>>>>>>>>>>>>>>>  + <td align=3D"right" colspan=3D"4">
>>>>>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"CL_SAVE=
">$Lang::tr{'save'}</button>
>>>>>>>>>>>>>>>  + <button type=3D"submit" name=3D"ACTION" value=3D"RPZ_REL=
OAD" class=3D"commit"$reload_state>$Lang::tr{'rpz apply'}</button>
>>>>>>>>>>>>>>>  + </td>
>>>>>>>>>>>>>>>  +</table>
>>>>>>>>>>>>>>>  +</form>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &Header::closebox();
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Output javascript and extra gui elements
>>>>>>>>>>>>>>>  +sub _print_gui_extras {
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Apply/Restart button modifier key handler
>>>>>>>>>>>>>>>  + if(&_rpz_needs_reload()) {
>>>>>>>>>>>>>>>  + print <<END
>>>>>>>>>>>>>>>  +<script>
>>>>>>>>>>>>>>>  + // Commit modifier key handler
>>>>>>>>>>>>>>>  + (function(jq, document) {
>>>>>>>>>>>>>>>  + var keyEventsOn =3D false; // Keyboard events attached
>>>>>>>>>>>>>>>  + var keyModify =3D false; // Modifier key pressed
>>>>>>>>>>>>>>>  + var mouseHover =3D false; // Mouse over commit button
>>>>>>>>>>>>>>>  + var btnModified =3D false; // Button modified to "Restar=
t"
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + // Document-level key events, enable only while cursor i=
s over button
>>>>>>>>>>>>>>>  + function attachKeyEvents() {
>>>>>>>>>>>>>>>  + if(keyEventsOn) {
>>>>>>>>>>>>>>>  + return;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + keyEventsOn =3D true;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + jq(document).on("keydown.rpz", function(event) {
>>>>>>>>>>>>>>>  + if((!keyModify) && event.shiftKey) {
>>>>>>>>>>>>>>>  + keyModify =3D true;
>>>>>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + });
>>>>>>>>>>>>>>>  + jq(document).on("keyup.rpz", function(event) {
>>>>>>>>>>>>>>>  + if(keyModify && (!event.shiftKey)) {
>>>>>>>>>>>>>>>  + keyModify =3D false;
>>>>>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + });
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + function removeKeyEvents() {
>>>>>>>>>>>>>>>  + keyModify =3D false;
>>>>>>>>>>>>>>>  + if(keyEventsOn) {
>>>>>>>>>>>>>>>  + jq(document).off("keydown.rpz keyup.rpz");
>>>>>>>>>>>>>>>  + keyEventsOn =3D false;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + // Attach mouse hover events to commit buttons
>>>>>>>>>>>>>>>  + function attachMouseEvents() {
>>>>>>>>>>>>>>>  + jq("button.commit").on("mouseenter", function(event) {
>>>>>>>>>>>>>>>  + if(!mouseHover) {
>>>>>>>>>>>>>>>  + mouseHover =3D true;
>>>>>>>>>>>>>>>  + attachKeyEvents();
>>>>>>>>>>>>>>>  + // Handle already pressed key
>>>>>>>>>>>>>>>  + keyModify =3D !!(event.shiftKey);
>>>>>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + });
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + // Cursor moved away: Disable key listener to minimize e=
vents
>>>>>>>>>>>>>>>  + jq("button.commit").on("mouseleave", function() {
>>>>>>>>>>>>>>>  + if(mouseHover) {
>>>>>>>>>>>>>>>  + mouseHover =3D false;
>>>>>>>>>>>>>>>  + removeKeyEvents();
>>>>>>>>>>>>>>>  + handleModify();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + });
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + // Modify commit button
>>>>>>>>>>>>>>>  + function handleModify() {
>>>>>>>>>>>>>>>  + let modify =3D mouseHover && keyModify;
>>>>>>>>>>>>>>>  + if(btnModified !=3D modify) {
>>>>>>>>>>>>>>>  + if(modify) {
>>>>>>>>>>>>>>>  + jq("button.commit").text("$Lang::tr{'restart'}").val("UN=
B_RESTART");
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + jq("button.commit").text("$Lang::tr{'rpz apply'}").val("=
RPZ_RELOAD");
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + btnModified =3D modify;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + // jQuery DOM ready
>>>>>>>>>>>>>>>  + jq(function() {
>>>>>>>>>>>>>>>  + attachMouseEvents();
>>>>>>>>>>>>>>>  + });
>>>>>>>>>>>>>>>  + })(jQuery, document);
>>>>>>>>>>>>>>>  +</script>
>>>>>>>>>>>>>>>  +END
>>>>>>>>>>>>>>>  +;
>>>>>>>>>>>>>>>  + } # End of modifier key handler
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Internal action processing functions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Toggle zonefile on/off
>>>>>>>>>>>>>>>  +sub _action_zf_toggle {
>>>>>>>>>>>>>>>  + return unless(defined $zonefiles{$action_key});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>>>>>  + my $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Perform toggle action
>>>>>>>>>>>>>>>  + if($enabled eq 'on') {
>>>>>>>>>>>>>>>  + $enabled =3D 'off';
>>>>>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 're=
move', $action_key, '--no-reload');
>>>>>>>>>>>>>>>  + } else {
>>>>>>>>>>>>>>>  + $enabled =3D 'on';
>>>>>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 'ad=
d', $action_key, $zonefiles{$action_key}{'url'}, '--no-reload');
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Save changes
>>>>>>>>>>>>>>>  + $zonefiles{$action_key}{'enabled'} =3D $enabled;
>>>>>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Remove zonefile
>>>>>>>>>>>>>>>  +sub _action_zf_remove {
>>>>>>>>>>>>>>>  + return unless(defined $zonefiles{$action_key});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Remove from rpz-config if currently active
>>>>>>>>>>>>>>>  + if($zonefiles{$action_key}{'enabled'} eq 'on') {
>>>>>>>>>>>>>>>  + my $result =3D &General::system('/usr/sbin/rpz-config',=
 'remove', $action_key, '--no-reload');
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Remove from data hash and save changes
>>>>>>>>>>>>>>>  + delete $zonefiles{$action_key};
>>>>>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Clear action_key, as the entry is now removed entirely
>>>>>>>>>>>>>>>  + $action_key =3D "";
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Create or update zonefile entry
>>>>>>>>>>>>>>>  +# Returns undef if gui needs to stay in editor mode
>>>>>>>>>>>>>>>  +sub _action_zf_save {
>>>>>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + my $name =3D $cgiparams{'ZF_NAME'} // "";
>>>>>>>>>>>>>>>  + my $url =3D $cgiparams{'ZF_URL'} // "";
>>>>>>>>>>>>>>>  + my $remark =3D $cgiparams{'ZF_REMARK'} // "";
>>>>>>>>>>>>>>>  + my $enabled =3D 'on'; # Enable new entries by default
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Note on variables:
>>>>>>>>>>>>>>>  + # name =3D unique key, will be used to address the entry
>>>>>>>>>>>>>>>  + # action_key =3D name of the entry being edited, empty f=
or new entry
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Only check for unique name if it changed
>>>>>>>>>>>>>>>  + # (this also checks new entries because the action_key i=
s empty in this case)
>>>>>>>>>>>>>>>  + $result =3D &_rpz_validate_zonefile($name, $url, $remark=
, (lc($name) ne lc($action_key)));
>>>>>>>>>>>>>>>  + return unless &_rpz_check_result($result, 0);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Edit existing entry: Determine what was changed
>>>>>>>>>>>>>>>  + if(($action_key) && (defined $zonefiles{$action_key})) {
>>>>>>>>>>>>>>>  + # Name und URL remain unchanged, only save remark and fi=
nish
>>>>>>>>>>>>>>>  + if(($name eq $action_key) && ($url eq $zonefiles{$action=
_key}{'url'})) {
>>>>>>>>>>>>>>>  + $zonefiles{$action_key}{'remark'} =3D $remark;
>>>>>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Entry was changed and needs to be recreated, preserve=
 status
>>>>>>>>>>>>>>>  + $enabled =3D $zonefiles{$action_key}{'enabled'};
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Remove from rpz-config
>>>>>>>>>>>>>>>  + return unless &_action_zf_remove();
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Add new entry to rpz-config
>>>>>>>>>>>>>>>  + if($enabled eq 'on') {
>>>>>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-config', 'ad=
d', $name, $url, '--no-reload');
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Check for errors, request service reload on success
>>>>>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Add to global data hash and save changes
>>>>>>>>>>>>>>>  + my %entry =3D ('enabled' =3D> $enabled,
>>>>>>>>>>>>>>>  + 'url' =3D> $url,
>>>>>>>>>>>>>>>  + 'remark' =3D> $remark);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + $zonefiles{$name} =3D \%entry;
>>>>>>>>>>>>>>>  + &_zonefiles_save_conf();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Save custom lists
>>>>>>>>>>>>>>>  +sub _action_cl_save {
>>>>>>>>>>>>>>>  + return unless((defined $cgiparams{'ALLOW_LIST'}) && (def=
ined $cgiparams{'BLOCK_LIST'}));
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + my $result =3D 0;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + my @allowlist =3D split(/\R/, $cgiparams{'ALLOW_LIST'});
>>>>>>>>>>>>>>>  + my @blocklist =3D split(/\R/, $cgiparams{'BLOCK_LIST'});
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Validate lists
>>>>>>>>>>>>>>>  + $result =3D &_rpz_validate_customlist(\@allowlist);
>>>>>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(202, $result);
>>>>>>>>>>>>>>>  + return;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + $result =3D &_rpz_validate_customlist(\@blocklist);
>>>>>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr(203, $result);
>>>>>>>>>>>>>>>  + return;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Add to global data hash and save changes
>>>>>>>>>>>>>>>  + $customlists{'allow'}{'list'} =3D \@allowlist;
>>>>>>>>>>>>>>>  + $customlists{'block'}{'list'} =3D \@blocklist;
>>>>>>>>>>>>>>>  + $customlists{'allow'}{'enabled'} =3D (defined $cgiparams=
{'ALLOW_ENABLED'}) ? 'on' : 'off';
>>>>>>>>>>>>>>>  + $customlists{'block'}{'enabled'} =3D (defined $cgiparams=
{'BLOCK_ENABLED'}) ? 'on' : 'off';
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + &_customlists_save_conf();
>>>>>>>>>>>>>>>  + &_customlist_export('allow', $RPZ_ALLOWLIST);
>>>>>>>>>>>>>>>  + &_customlist_export('block', $RPZ_BLOCKLIST);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Make new lists, request service reload on success
>>>>>>>>>>>>>>>  + $result =3D &General::system('/usr/sbin/rpz-make', 'allo=
wblock', '--no-reload');
>>>>>>>>>>>>>>>  + return unless &_rpz_check_result($result, 1);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Trigger rpz-config reload
>>>>>>>>>>>>>>>  +sub _action_rpz_reload {
>>>>>>>>>>>>>>>  + return 1 unless &_rpz_needs_reload();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Immediately clear flag to prevent multiple reloads
>>>>>>>>>>>>>>>  + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>>>>>>>>>  + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOA=
D_FLAG: $!";
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Perform reload, recreate reload flag on error to enabl=
e retry
>>>>>>>>>>>>>>>  + my $result =3D &General::system('/usr/sbin/rpz-config',=
 'reload');
>>>>>>>>>>>>>>>  + if(not &_rpz_check_result($result, 0)) {
>>>>>>>>>>>>>>>  + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>>>>>>>>>  + return;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Trigger unbound restart
>>>>>>>>>>>>>>>  +sub _action_unb_restart {
>>>>>>>>>>>>>>>  + return 1 unless &_rpz_needs_reload();
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Immediately clear flag to prevent multiple restarts
>>>>>>>>>>>>>>>  + if(-f $RPZ_RELOAD_FLAG) {
>>>>>>>>>>>>>>>  + unlink($RPZ_RELOAD_FLAG) or die "Can't remove $RPZ_RELOA=
D_FLAG: $!";
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Perform restart, unboundctrl always exits zero
>>>>>>>>>>>>>>>  + &General::system('/usr/local/bin/unboundctrl', 'restart'=
);
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Internal rpz-config functions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Translate rpz-config exitcodes and messages
>>>>>>>>>>>>>>>  +# 100-199: rpz-config, 200-299: webgui
>>>>>>>>>>>>>>>  +sub _rpz_error_tr {
>>>>>>>>>>>>>>>  + my ($error, $append) =3D @_;
>>>>>>>>>>>>>>>  + $append //=3D '';
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Translate numeric exit codes
>>>>>>>>>>>>>>>  + if(looks_like_number($error)) {
>>>>>>>>>>>>>>>  + if(defined $Lang::tr{"rpz exitcode $error"}) {
>>>>>>>>>>>>>>>  + $error =3D $Lang::tr{"rpz exitcode $error"};
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return "RPZ $Lang::tr{'error'}: $error" . &Header::escap=
e($append);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Check result of rpz-config system call, request reload=
 on success
>>>>>>>>>>>>>>>  +sub _rpz_check_result {
>>>>>>>>>>>>>>>  + my ($result, $request_reload) =3D @_;
>>>>>>>>>>>>>>>  + $request_reload //=3D 0;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # exitcode 0 =3D success
>>>>>>>>>>>>>>>  + if($result !=3D 0) {
>>>>>>>>>>>>>>>  + $errormessage =3D &_rpz_error_tr($result);
>>>>>>>>>>>>>>>  + return;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Set reload flag
>>>>>>>>>>>>>>>  + if($request_reload) {
>>>>>>>>>>>>>>>  + &General::system('touch', "$RPZ_RELOAD_FLAG");
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 1;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Test whether reload flag is set
>>>>>>>>>>>>>>>  +sub _rpz_needs_reload {
>>>>>>>>>>>>>>>  + return (-f $RPZ_RELOAD_FLAG);
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Validate a zonefile entry, returns rpz-config exitcode=
 on failure. Use _rpz_check_result to verify.
>>>>>>>>>>>>>>>  +# unique =3D check for unique name
>>>>>>>>>>>>>>>  +sub _rpz_validate_zonefile {
>>>>>>>>>>>>>>>  + my ($name, $url, $remark, $unique) =3D @_;
>>>>>>>>>>>>>>>  + $unique //=3D 1;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + unless($name =3D~ /^[a-zA-Z0-9_]{1,32}$/) {
>>>>>>>>>>>>>>>  + return 101;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + unless($url =3D~ /^[\w+\.:;\/\\&@#%?=3D\-~|!]{1,128}$/)=
 {
>>>>>>>>>>>>>>>  + return 105;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + unless($remark =3D~ /^[\w \-()\.:;*\/\\?!&=3D]{0,32}$/)=
 {
>>>>>>>>>>>>>>>  + return 201;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Check against already existing names
>>>>>>>>>>>>>>>  + if($unique) {
>>>>>>>>>>>>>>>  + foreach my $existing (keys %zonefiles) {
>>>>>>>>>>>>>>>  + if(lc($name) eq lc($existing)) {
>>>>>>>>>>>>>>>  + return 104;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 0;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Validate a custom list, returns number of rejected line =
on failure. Check for non-zero results.
>>>>>>>>>>>>>>>  +# listref =3D array reference, cleanup =3D remove invalid =
entries instead of returning an error
>>>>>>>>>>>>>>>  +sub _rpz_validate_customlist {
>>>>>>>>>>>>>>>  + my ($listref, $cleanup) =3D @_;
>>>>>>>>>>>>>>>  + $cleanup //=3D 0;
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + foreach my $index (reverse 0..$#{$listref}) {
>>>>>>>>>>>>>>>  + my $row =3D @$listref[$index];
>>>>>>>>>>>>>>>  + next unless($row); # Skip/allow empty lines
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Reject/remove everything besides wildcard domains and=
 remarks
>>>>>>>>>>>>>>>  + if((not &General::validwildcarddomainname($row)) && (not =
$row =3D~ /^;[\w \-()\.:;*\/\\?!&=3D]*$/)) {
>>>>>>>>>>>>>>>  + unless($cleanup) {
>>>>>>>>>>>>>>>  + # +1 for user friendly line number and to ensure non-zer=
o exitcode
>>>>>>>>>>>>>>>  + return $index + 1;
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Remove current row
>>>>>>>>>>>>>>>  + splice(@$listref, $index, 1);
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  + }
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + return 0;
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +###--- Internal misc functions ---###
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Send HTTP 303 redirect headers for post/request/get pat=
tern
>>>>>>>>>>>>>>>  +# (Must be sent before calling &Header::showhttpheaders()=
)
>>>>>>>>>>>>>>>  +sub _http_prg_redirect {
>>>>>>>>>>>>>>>  + my $location =3D "https://$ENV{'SERVER_NAME'}:$ENV{'SERV=
ER_PORT'}$ENV{'SCRIPT_NAME'}";
>>>>>>>>>>>>>>>  + print "Status: 303 See Other\n";
>>>>>>>>>>>>>>>  + print "Location: $location\n";
>>>>>>>>>>>>>>>  +}
>>>>>>>>>>>>>>>  diff --git a/lfs/rpz b/lfs/rpz
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..7ddbc38e5
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/lfs/rpz
>>>>>>>>>>>>>>>  @@ -0,0 +1,96 @@
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# Definitions
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +include Config
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +SUMMARY =3D response policy zone - RPZ reputation system=
 for unbound DNS
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +VER =3D 1.0.0
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +THISAPP =3D rpz-$(VER)
>>>>>>>>>>>>>>>  +DIR_APP =3D $(DIR_SRC)/$(THISAPP)
>>>>>>>>>>>>>>>  +TARGET =3D $(DIR_INFO)/$(THISAPP)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +PROG =3D rpz
>>>>>>>>>>>>>>>  +PAK_VER =3D 18
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +DEPS =3D
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +SERVICES =3D
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# Top-level Rules
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +install : $(TARGET)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +check :
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +download :
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +b2 :
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +dist:
>>>>>>>>>>>>>>>  + @$(PAK)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# Installation Details
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +$(TARGET) :
>>>>>>>>>>>>>>>  + @$(PREBUILD)
>>>>>>>>>>>>>>>  + @rm -rf $(DIR_APP)
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # RPZ scripts
>>>>>>>>>>>>>>>  + install --verbose --mode=3D755 \
>>>>>>>>>>>>>>>  + $(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-sleep,rpz-ma=
ke,rpz-functions} \
>>>>>>>>>>>>>>>  + --target-directory=3D/usr/sbin
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # RPZ config files
>>>>>>>>>>>>>>>  + mkdir -pv /etc/unbound/local.d
>>>>>>>>>>>>>>>  + install --verbose --mode=3D644 --owner=3Dnobody --group=
=3Dnobody \
>>>>>>>>>>>>>>>  + $(DIR_CONF)/rpz/00-rpz.conf \
>>>>>>>>>>>>>>>  + --target-directory=3D/etc/unbound/local.d
>>>>>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /etc/unbound/l=
ocal.d
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # RPZ custom list files for allow and block
>>>>>>>>>>>>>>>  + mkdir -pv /var/ipfire/dns/rpz
>>>>>>>>>>>>>>>  + touch /var/ipfire/dns/rpz/{allowlist,blocklist}
>>>>>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /var/ipfire/dn=
s/rpz
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # RPZ zone files
>>>>>>>>>>>>>>>  + # create empty RPZ config file to avoid a unbound config =
error
>>>>>>>>>>>>>>>  + mkdir -pv /etc/unbound/zonefiles
>>>>>>>>>>>>>>>  + touch /etc/unbound/zonefiles/allow.rpz
>>>>>>>>>>>>>>>  + chown --verbose --recursive nobody:nobody /etc/unbound/z=
onefiles
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Install addon-specific language-files
>>>>>>>>>>>>>>>  + install --verbose --mode=3D004 $(DIR_CONF)/rpz/rpz.*.pl=
 \
>>>>>>>>>>>>>>>  + --target-directory=3D/var/ipfire/addon-lang
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + # Install backup definition
>>>>>>>>>>>>>>>  + cp -vf $(DIR_CONF)/backup/includes/rpz /var/ipfire/backu=
p/addons/includes/rpz
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  + @rm -rf $(DIR_APP)
>>>>>>>>>>>>>>>  + @$(POSTBUILD)
>>>>>>>>>>>>>>>  diff --git a/make.sh b/make.sh
>>>>>>>>>>>>>>>  index 827ea9e77..a77535b13 100755
>>>>>>>>>>>>>>>  --- a/make.sh
>>>>>>>>>>>>>>>  +++ b/make.sh
>>>>>>>>>>>>>>>  @@ -390,7 +390,7 @@ prepareenv() {
>>>>>>>>>>>>>>>  if [ "${free_space}" -lt "${required_space}" ]; then
>>>>>>>>>>>>>>>  # Add any consumed space
>>>>>>>>>>>>>>>  while read -r consumed_space path; do
>>>>>>>>>>>>>>>  - (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>>>>>>>>>  + (( free_space +=3D consumed_space / 1024 / 1024 ))
>>>>>>>>>>>>>>>  done <<< "$(du --summarize --bytes "${BUILD_DIR}" "${IMAGE=
S_DIR}" "${LOG_DIR}" 2>/dev/null)"
>>>>>>>>>>>>>>>  fi
>>>>>>>>>>>>>>>   @@ -2087,6 +2087,7 @@ build_system() {
>>>>>>>>>>>>>>>  lfsmake2 btrfs-progs
>>>>>>>>>>>>>>>  lfsmake2 inotify-tools
>>>>>>>>>>>>>>>  lfsmake2 grub-btrfs
>>>>>>>>>>>>>>>  + lfsmake2 rpz
>>>>>>>>>>>>>>>   lfsmake2 linux
>>>>>>>>>>>>>>>  lfsmake2 rtl8812au
>>>>>>>>>>>>>>>  diff --git a/src/paks/rpz/install.sh b/src/paks/rpz/instal=
l.sh
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..ef99bf742
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/src/paks/rpz/install.sh
>>>>>>>>>>>>>>>  @@ -0,0 +1,36 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +#
>>>>>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>>>>>  +extract_files
>>>>>>>>>>>>>>>  +restore_backup ${NAME}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# fix user created files
>>>>>>>>>>>>>>>  +chown --verbose --recursive nobody:nobody \
>>>>>>>>>>>>>>>  + /var/ipfire/dns/rpz \
>>>>>>>>>>>>>>>  + /etc/unbound/zonefiles \
>>>>>>>>>>>>>>>  + /etc/unbound/local.d
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# restart unbound to load config file
>>>>>>>>>>>>>>>  +/etc/init.d/unbound restart
>>>>>>>>>>>>>>>  diff --git a/src/paks/rpz/uninstall.sh b/src/paks/rpz/unin=
stall.sh
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..e11427df3
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/src/paks/rpz/uninstall.sh
>>>>>>>>>>>>>>>  @@ -0,0 +1,38 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +#
>>>>>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# stop unbound to delete RPZ conf file
>>>>>>>>>>>>>>>  +/etc/init.d/unbound stop
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +make_backup ${NAME}
>>>>>>>>>>>>>>>  +remove_files
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# delete rpz config files. Otherwise unbound will throw e=
rror:
>>>>>>>>>>>>>>>  +# "[1723428668] unbound-control[17117:0] error: connect:=
 Connection refused for 127.0.0.1 port 8953"
>>>>>>>>>>>>>>>  +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# start unbound to load unbound config file
>>>>>>>>>>>>>>>  +/etc/init.d/unbound start
>>>>>>>>>>>>>>>  diff --git a/src/paks/rpz/update.sh b/src/paks/rpz/update.=
sh
>>>>>>>>>>>>>>>  new file mode 100644
>>>>>>>>>>>>>>>  index 000000000..9bc340bc6
>>>>>>>>>>>>>>>  --- /dev/null
>>>>>>>>>>>>>>>  +++ b/src/paks/rpz/update.sh
>>>>>>>>>>>>>>>  @@ -0,0 +1,52 @@
>>>>>>>>>>>>>>>  +#!/bin/bash
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# IPFire.org - A linux based firewall #
>>>>>>>>>>>>>>>  +# Copyright (C) 2024 IPFire Team <info@ipfire.org> #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is free software: you can redistribute it=
 and/or modify #
>>>>>>>>>>>>>>>  +# it under the terms of the GNU General Public License as =
published by #
>>>>>>>>>>>>>>>  +# the Free Software Foundation, either version 3 of the L=
icense, or #
>>>>>>>>>>>>>>>  +# (at your option) any later version. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# This program is distributed in the hope that it will be =
useful, #
>>>>>>>>>>>>>>>  +# but WITHOUT ANY WARRANTY; without even the implied warr=
anty of #
>>>>>>>>>>>>>>>  +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Se=
e the #
>>>>>>>>>>>>>>>  +# GNU General Public License for more details. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +# You should have received a copy of the GNU General Publ=
ic License #
>>>>>>>>>>>>>>>  +# along with this program. If not, see <http://www.gnu.or=
g/licenses/>. #
>>>>>>>>>>>>>>>  +# #
>>>>>>>>>>>>>>>  +#########################################################=
######################
>>>>>>>>>>>>>>>  +#
>>>>>>>>>>>>>>>  +. /opt/pakfire/lib/functions.sh
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# from update.sh
>>>>>>>>>>>>>>>  +extract_backup_includes
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# stop unbound to delete RPZ conf file
>>>>>>>>>>>>>>>  +/etc/init.d/unbound stop
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# from uninstall.sh
>>>>>>>>>>>>>>>  +make_backup ${NAME}
>>>>>>>>>>>>>>>  +remove_files
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# delete rpz config files. Otherwise unbound will throw e=
rror:
>>>>>>>>>>>>>>>  +# "unbound-control[nn:0] error: connect: Connection refus=
ed for 127.0.0.1 port 8953"
>>>>>>>>>>>>>>>  +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# from install.sh
>>>>>>>>>>>>>>>  +extract_files
>>>>>>>>>>>>>>>  +restore_backup ${NAME}
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# fix user created files
>>>>>>>>>>>>>>>  +chown --verbose --recursive nobody:nobody \
>>>>>>>>>>>>>>>  + /var/ipfire/dns/rpz \
>>>>>>>>>>>>>>>  + /etc/unbound/zonefiles \
>>>>>>>>>>>>>>>  + /etc/unbound/local.d
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# Update Language cache
>>>>>>>>>>>>>>>  +/usr/local/bin/update-lang-cache
>>>>>>>>>>>>>>>  +
>>>>>>>>>>>>>>>  +# restart unbound to load config files
>>>>>>>>>>>>>>>  +/etc/init.d/unbound start
>>>>>>>>>>>>>>>  --
>>>>>>>>>>>>>>>  2.39.5
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>  Jon
>>>>>>>>>>>>>    --
>>>>>>>>>>>>>  Jon Murphy
>>>>>>>>>>>>>  jon.murphy@ipfire.org
>>>>>>>>>>>
>>>>>>>>>>>  Jon
>>>>>>>>>>>    --
>>>>>>>>>>>  Jon Murphy
>>>>>>>>>>>  jon.murphy@ipfire.org
>
>
>
--------=_MB0D870594-C58D-410D-903E-4878F7455AE4
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head>

<style id=3D"css_styles" type=3D"text/css"><!--blockquote.cite { margin-lef=
t: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-le=
ft: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px;=
 padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding=
-top: 0px; }
a img { border: 0px; }
table { border-collapse: collapse; }
li[style=3D'text-align: center;'], li[style=3D'text-align: center; '], li[s=
tyle=3D'text-align: right;'], li[style=3D'text-align: right; '] {  list-sty=
le-position: inside;}
body { font-family: Menlo; font-size: 9pt; }
.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb soli=
d; padding-left: 0.3em; }
a.em-mention[href] { text-decoration: none; color: inherit; border-radius:=
 3px; padding-left: 2px; padding-right: 2px; background-color: #e2e2e2; }
--></style></head><body class=3D"plain" style=3D"overflow-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;"><div><br /></div=
><div><br /><div class=3D"quote"><div id=3D"xe8f6bc75d1714c4283059a35e20c09=
02"><div class=3D"plain_line" style=3D"margin: 3px 0px 12px 5px;">And where =
are these stored?</div>
<div class=3D"plain_line" style=3D"margin: 3px 0px 12px 5px;"></div></div><=
/div></div><div><br /></div><div>In `/etc/unbound/zonefiles`:</div><div><br =
/></div><div><br /></div><div>[root@ipfire ~] # ls -al /etc/unbound/zonefi=
les</div><div>total 20664</div><div>drwxr-xr-x 2 nobody nobody=C2=A0 =C2=A0=
=C2=A0 4096 Mar 24 04:40 .</div><div>drwxr-xr-x 4 root=C2=A0 =C2=A0root=C2=
=A0 =C2=A0=C2=A0 =C2=A0 4096 Mar 19 16:24 ..</div><div>-rw-r--r-- 1 nobody=
 nobody=C2=A0 3999087 Mar 23 15:11 adhocSB.rpz</div><div>-rw-r--r-- 1 nobody =
nobody=C2=A0 =C2=A0=C2=A0 1411 Mar 23 14:23 allow.rpz</div><div>-rw-r--r-- =
1 nobody nobody=C2=A0 =C2=A0 25355 Mar 24 04:40 AmazonTrkrHZ.rpz</div><div=
>-rw-r--r-- 1 nobody nobody=C2=A0 =C2=A0=C2=A0 7241 Mar 24 04:40 AppleTrkrH=
Z.rpz</div><div>-rw-r--r-- 1 nobody nobody=C2=A0 =C2=A0=C2=A0 =C2=A0178 Mar =
23 14:23 block.rpz</div><div>-rw-r--r-- 1 nobody nobody=C2=A0 =C2=A0 78496 =
Mar 24 04:40 DOHblockHZ.rpz</div><div>-rw-r--r-- 1 nobody nobody 16983551=
 Mar 24 04:40 MxProPlusHZ.rpz</div><div>-rw-r--r-- 1 nobody nobody=C2=A0 =C2=
=A0=C2=A0 2893 Mar 24 04:40 tldHZ.rpz</div><div>-rw-r--r-- 1 nobody nobody=
=C2=A0 =C2=A0 29419 Mar 24 04:40 WinTrkrHZ.rpz</div><div>[root@ipfire ~] #=
=C2=A0</div><div><br /></div>
<div><br /></div>
<div><br /></div>
<div>
<div>------ Original Message ------</div>
<div>From "Michael Tremer" &lt;michael.tremer@ipfire.org&gt;</div>
<div>To "Bernhard Bitsch" &lt;bbitsch@ipfire.org&gt;</div>
<div>Cc development@lists.ipfire.org</div>
<div>Date 3/24/2025 9:25:40=E2=80=AFAM</div>
<div>Subject Re: [PATCH] RPZ: update code to include WEBGUI and additional=
 languages</div></div><div><br /></div>
<div id=3D"x86ed91c8811744e"><blockquote type=3D"cite" class=3D"cite2">

<div class=3D"plain_line">Hello,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> On 24 Mar 2025, at 13:33, Bernhard Bitsch &lt;bb=
itsch@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Am 24.03.2025 um 11:17 schrieb Michael Tremer:</=
div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Hello Jon,</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> On 24 Mar 2025, at 00:00, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> FYI - I was wrong Unbound RPZ is _not_ watching=
 the serial number, it is watching the "refresh", the number after the seria=
l number.</div>
</blockquote>
<div class=3D"plain_line"> Refresh just tells the client how often to check =
for an update.</div>
<div class=3D"plain_line"> If that is actually being set by the list publis=
her, then we have another problem here, because they could put some insanel=
y low value there and we would then DDoS their infrastructure. I think we s=
hould keep it like we have it in other places that we control how often we=
 want to check or pull for updates.</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You are right. But an extra update process waste=
s additional processor time. The update mechanism of unbound does the check =
for update ( however it is realized ) nevertheless.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">Yes, doing more things needs resources. But we ar=
e not seriously considering whether an IPFire system has enough resources t=
o perform the download of a text file, or are we?</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> I understand that you don=E2=80=99t speak C, but =
you got the information from somewhere. Documentation maybe? Since that is =
out of date very often I like to consult the code.</div>
<div class=3D"plain_line"> From testing.  Downloading rpz files using rpz u=
nbound, and watching what happens.  If the rpz file is setup for "once per=
 day" refresh, then it only downloads one time.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> However that won=E2=80=99t solve our problem . . =
. and having no cache.</div>
<div class=3D"plain_line"> In `/etc/unbound/tuning.conf` there is `rrset-ca=
che-size: 128m`. Are you referring to a different cache.</div>
</blockquote>
<div class=3D"plain_line"> Naturally unbound is loading the zone into its m=
emory which we generally call cache.</div>
<div class=3D"plain_line"> When I say cache I am thinking about persistent=
 data storage across multiple restarts of Unbound. If I am downloading 100 M=
iB of RPZ lists (which is presumably still on the lower end) and I reboot m=
y firewall, I do not want to download the same data again. We can only ever =
download a list *once* unless we are 100% certain that it has changed. The=
n we can download it once again.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The RPZ lists are stored in files in persistent=
 storage. Unbound creates the internal cache from these.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">And where are these stored?</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> Maybe we need to implement both?</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Yes.  There are very few AXFR list (I think only =
four were found).  And many more HTTPS rpz files.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> ------ Original Message ------</div>
<div class=3D"plain_line"> From "Michael Tremer" &lt;michael.tremer@ipfire.=
org&gt;</div>
<div class=3D"plain_line"> To "Jon Murphy" &lt;jon.murphy@ipfire.org&gt;</d=
iv>
<div class=3D"plain_line"> Cc "IPFire: Development-List" &lt;development@li=
sts.ipfire.org&gt;</div>
<div class=3D"plain_line"> Date 3/20/2025 11:26:43=E2=80=AFAM</div>
<div class=3D"plain_line"> Subject Re: [PATCH] RPZ: update code to include=
 WEBGUI and additional languages</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Hello Jon,</div>
<div class=3D"plain_line">  Please don=E2=80=99t forget to Cc the list...</=
div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 19 Mar 2025, at 18:27, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Where in the code is this implemented? I cannot=
 find anything like this:</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">  Keep in mind I am not a "C" person. Maybe in th=
is section?:</div>
<div class=3D"plain_line">  https://git.ipfire.org/?p=3Dthirdparty/unbound.=
git;a=3Dblob;f=3Dservices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e6786523966=
15b1b7d#l5875</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">  This where the AXFR response is being handled w=
hen doing a DNS zone transfer. This code is not being called when performin=
g a HTTP download.</div>
<div class=3D"plain_line">  I understand that you don=E2=80=99t speak C, bu=
t you got the information from somewhere. Documentation maybe? Since that i=
s out of date very often I like to consult the code.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> =E2=80=94</div>
<div class=3D"plain_line">  When I was just learning about RPZ I created a=
 separate RPZ file for testing. When I changed the SOA line with a new seria=
l number, the RPZ file download would happen in about 5 minutes.</div>
<div class=3D"plain_line">  https://people.ipfire.org/~jon/sblack-adhoc.rpz=
</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">  It might well be that the file is not being rel=
oaded if the download matches the content that unbound already has. That wo=
uld of course save some resources.</div>
<div class=3D"plain_line">  However that won=E2=80=99t solve our problem wi=
th redundant downloads and having no cache.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> That is how I found out the SOA line is watched=
 for a serial number change.</div>
<div class=3D"plain_line">  I=E2=80=99ll reconfirm my findings.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line"> The second reason is that we have a lot of firew=
alls out there. Not all of them will enable this feature and all of the lis=
ts, but even if it is a good chunk, we will generate terabytes of traffic w=
hich put load on the infrastructure and will cost money. It simply is not w=
hat we want to do, regardless of self-hosting those lists and pulling them=
 from somewhere else.</div>
</blockquote>
</blockquote>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">  So I understand, are you thinking of hosting RP=
Z AXFR (DNS zone transfer) on IPFire infrastructure?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">  No, I don=E2=80=99t think that we can generally =
do this. The biggest problem is licensing as we cannot take anyones conten=
t and host it ourselves. We would re-distribute those lists and that will o=
nly work with permission of the publishers. I assume that would be too much =
work to actually get some useful content out there. We might limit ourselv=
es to only those lists that are under a very permissive license. Nobody wan=
ts that.</div>
<div class=3D"plain_line">  From a technical point of view, DNS over TCP mi=
ght not be very nice in terms of forging the transfer and so we would need=
 TLS as well=E2=80=A6 It should work, but even if we would be able to encour=
age other people to publish their lists I doubt they would implement DNS ov=
er TLS for authoritative DNS. That standard is in very early stages as well=
.</div>
<div class=3D"plain_line">  As far as I can see, those vendors who offer a=
 list as a commercial product are using DNS to distribute it (e.g. Spamhaus)=
. Those people who have made this all a hobby are throwing the lists onto G=
itHub and let them handle the traffic.</div>
<div class=3D"plain_line">  Maybe we need to implement both?</div>
<div class=3D"plain_line">  -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">    On 3/19/25 5:35 AM, Michael Tremer wrote:</di=
v>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Hello Jon,</div>
<div class=3D"plain_line">  Where in the code is this implemented? I cannot =
find anything like this:</div>
<div class=3D"plain_line">  Unbound loads the entire file into memory and t=
hen starts parsing it. The only special treatment there is is to check whet=
her the first line is a valid zone entry. It does not even have to be a SOA =
record.</div>
<div class=3D"plain_line">  https://git.ipfire.org/?p=3Dthirdparty/unbound.=
git;a=3Dblob;f=3Dservices/authzone.c;hb=3D30b9cb5f813003d0a2b1c2e6786523966=
15b1b7d#l1188</div>
<div class=3D"plain_line">  I am also concerned that Unbound will not be ab=
le to support an upstream proxy for any downloads. The caching situation is =
also unclear for me, so I believe that we will be looking at writing a cus=
tom downloader that implements all these things.</div>
<div class=3D"plain_line">  -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 19 Mar 2025, at 02:58, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The emphasis is on the repeated downloads of the =
same list. That is</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> =E2=80=8B&gt; what cannot happen.</div>
<div class=3D"plain_line">  The Unbound RPZ code, as installed within IPFir=
e, watches for a change</div>
<div class=3D"plain_line"> =E2=80=8Bin the SOA line of each RPZ file. This=
 is an example of the first few</div>
<div class=3D"plain_line"> =E2=80=8Blines for every RPZ file.</div>
<div class=3D"plain_line">  $TTL 300</div>
<div class=3D"plain_line"> @ SOA localhost. root.localhost. 1742298960 4320=
0 3600 86400 300</div>
<div class=3D"plain_line"> NS localhost.</div>
<div class=3D"plain_line"> ;</div>
<div class=3D"plain_line"> ; Title: HaGeZi's Pop-Up Ads DNS Blocklist</div>
<div class=3D"plain_line"> ; Description: Blocks annoying and malicious pop=
-up ads.</div>
<div class=3D"plain_line">  If the SOA serial number changes (e.g. the 1742=
298960), then Unbound RPZ</div>
<div class=3D"plain_line"> =E2=80=8Bcode does its thing and downloads. Othe=
rwise there is no download.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So there has to be a way to ensure that we won=
=E2=80=99t download a list again</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> =E2=80=8B&gt; unless it has actually changed.</d=
iv>
<div class=3D"plain_line">  This should do what you want but I may be missi=
ng your point.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> DNS has a builtin functionality called AXFR. It=
 simply does the job</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> =E2=80=8B&gt; for you. I was just wondering whet=
her that was not being used.</div>
<div class=3D"plain_line">  I need to read about AXFR/IXFR and learn a litt=
le more.</div>
<div class=3D"plain_line">  Jon</div>
<div class=3D"plain_line">  On 3/17/25 5:35 AM, Michael Tremer wrote:</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Good Morning Jon,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 16 Mar 2025, at 17:00, Jon Murphy &lt;jon.mur=
phy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  Michael,</div>
<div class=3D"plain_line">  I was reading through you response again an I w=
ant to understand this post:</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I have also stated that we cannot download any l=
ists over HTTPS again and again and again. The implementation that we have=
 here seems to exactly do that and therefore I think that my feedback has be=
en dismissed entirely.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> So if RPZ doesn't use HTTPS, what is it using? I =
am missing a key point here.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The emphasis is on the repeated downloads of the =
same list. That is what cannot happen.</div>
<div class=3D"plain_line">  Although it might not affect a lot of people in =
our general user-base, there are some that have a metered connection and w=
ill pay for data by volume. Some of the lists I looked at are just under 20 =
MiB. Therefore we need to keep any traffic down to a minimum. The second r=
eason is that we have a lot of firewalls out there. Not all of them will en=
able this feature and all of the lists, but even if it is a good chunk, we=
 will generate terabytes of traffic which put load on the infrastructure and =
will cost money. It simply is not what we want to do, regardless of self-h=
osting those lists and pulling them from somewhere else.</div>
<div class=3D"plain_line">  So there has to be a way to ensure that we won=
=E2=80=99t download a list again unless it has actually changed.</div>
<div class=3D"plain_line">  DNS has a builtin functionality called AXFR. It =
simply does the job for you. I was just wondering whether that was not bei=
ng used.</div>
<div class=3D"plain_line">  HTTPS is an option because that is simply what=
 we use elsewhere, but extra functionality will have to be built for it.</di=
v>
<div class=3D"plain_line">  -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">   On 2/13/25 3:34 PM, jon wrote:</div>
<blockquote type=3D"cite" class=3D"cite">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Michael,</div>
<div class=3D"plain_line">  I=E2=80=99ve read through your comments a few t=
imes and I ended up with many more questions.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> What I rather mean is that it has never been add=
ed as a topic on the agenda and it has not been pitched by yourself.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> To me the efforts to get new code accepted seem=
 to have changed and it seemed easier in the past. In the past I made the Co=
re Team aware via the Dev Mailing List and wrote a simple two or three para=
graphs of "What is it? / What is the value? / Here is the code"</div>
<div class=3D"plain_line">   So in an effort to move forward: How exactly i=
s something presented to the Core Team?</div>
<div class=3D"plain_line">  Is there an example of a recent effort that was =
presented that I can see as a sample? (This type of info can also be added =
to the Wiki)</div>
<div class=3D"plain_line">  I understand you want it this way, but I don=E2=
=80=99t know what exactly is needed. Please be specific.</div>
<div class=3D"plain_line">   Jon</div>
<div class=3D"plain_line">  PS - I am not ignoring your other comments, I a=
m just trying to move forward and keep things simple.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On Feb 8, 2025, at 1:27=E2=80=AFPM, Michael Trem=
er &lt;michael.tremer@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  Hello Jon,</div>
<div class=3D"plain_line">  Thanks for your reply. And good that you are co=
pying everyone into this conversation.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 8 Feb 2025, at 18:41, jon &lt;jon.murphy@ipfi=
re.org&gt; wrote:</div>
<div class=3D"plain_line">  Michael,</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I think I have covered this all at lengths befor=
e that this project has been started as a separate effort</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Yes, this has been a separate effort (a very pub=
lic separate effort). Yes, as you pointed this out early on with the "proof=
-of-concept" and then my request for people to help test RPZ. Nothing was h=
idden.</div>
<div class=3D"plain_line">  This was done because you (and maybe others) di=
d not have the time and I wanted to help and because I needed assistance wi=
th RPZ. I tried my best to do this without bothering you.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I don=E2=80=99t that it is accurate that nobody=
 wanted to help on this. The list was always open - although not every email =
has been replied to swiftly it is also your responsibility to raise a ques=
tion again if it was missed. People here have open ears.</div>
<div class=3D"plain_line">  It was also stated on this very list on in our=
 documentation that working on something without involving the core team is=
 a risky undertaking. Of course IPFire is free software and so everyone is f=
ree to fork if they wish to do so.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> and as far as I am aware none of the other team=
 members has been involved. This has not been discussed either on this list, =
on our calls.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You were aware many steps along the way. See you=
r email on July 28, 2024, August 15, 2024, September 30, 2024, December 23, =
2024, and January 16. My attempts to get the team involved were met with "=
things are busy" and sometimes silence. (Yes, I get it, people are busy.)</=
div>
<div class=3D"plain_line">  You and Adolf, Leo, Erik and Bernhard have been =
aware since the beginning. You mention you were aware of the "proof-of-con=
cept". If you include those beginning posts, since Sep 2023.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Yes, I am aware of a proof-of-concept that I hav=
e been running myself for a long time. I am also aware of the efforts that=
 you have been taking.</div>
<div class=3D"plain_line">  Yet I don=E2=80=99t think there has ever been a=
ny joint effort, or am I seeing that wrong?</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> This has not been discussed . . . on our calls.<=
/div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On the July 28th you stated:</div>
<div class=3D"plain_line"> "We have talked about RPZ many times on the mont=
hly call since the URL filter feature is falling more and more out of fashi=
on. I think there is also many posts about this on the forum."</div>
<div class=3D"plain_line">  Please don=E2=80=99t insult me again by stating =
"you know what I mean".</div>
<div class=3D"plain_line">  And it has been discussed but not documented in =
the Monthly Meeting notes.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I am not at all insulting you. I don=E2=80=99t w=
ant to take this down to a personal level at all. This is a public mailing=
 list and people who read this don=E2=80=99t need to listen to an argument w=
e are having. They are here for the tech inside IPFire.</div>
<div class=3D"plain_line">  When I wrote that it has not been discussed tha=
t does not mean that we have not been touching on the topic. We have been t=
alking about lots of things on the calls, the weather, politics, how our pe=
ts are. None of that makes it to the logs. What I rather mean is that it ha=
s never been added as a topic on the agenda and it has not been pitched by=
 yourself.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Instead there has been a separate conversation o=
n the forum with the occasional dip here to the list. But that was not a re=
gular two-way conversation.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Regular conversation on the Dev Mailing list is=
 many times met with silence. I get it, people are busy.</div>
<div class=3D"plain_line">  And regular two-way conversation doesn=E2=80=99=
t happen on the list. At least not with me. I=E2=80=99d be happy to point o=
ut the posts that were met with silence.</div>
<div class=3D"plain_line"> Again, I get it, people are busy.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> And you think my emails are not being met with s=
ilence? This has nothing to do with this specific topic. This has something =
to do with how occupied people are and how engaged they are on certain top=
ics. Not everyone is involved in all the things and simply will ignore emai=
ls simply based on their subject line.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> But the "dip here to the list" were my attempts=
 to get a conversation started. As I said, many time met with silence.</div>
<div class=3D"plain_line">  The only place I was not met with silence was o=
n the Community. You have a great group of people in the Community. It is a =
shame you don=E2=80=99t want to have others help. It would reduce your wor=
kload.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You should stop making statements that are not t=
rue. Who doesn=E2=80=99t want anyone to help?</div>
<div class=3D"plain_line">  Not having this conversation on a Saturday even=
ing would reduce my workload. At least it would free up time for something=
 else. Helping with the things that are already on the go would reduce the w=
orkload of the entire team. Starting one thing at a time and finishing it i=
s a lot better to manage than starting a hundred things and not even finish =
one. I can tell you that I already have a hundred things on the go.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Therefore, what am I supposed to do with this em=
ail?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> To me it is beyond obvious=E2=80=A6</div>
<div class=3D"plain_line">  If it isn=E2=80=99t what you want, then guide m=
e with how to do this the correct way. And be specific. I am trying to help=
. I am trying to make things better. I am trying to do things the right way=
.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> To me it isn=E2=80=99t. This is yet another proj=
ect that has been dumped to the list like so many before and later on every=
one has left to have the team deal with the rest.</div>
<div class=3D"plain_line">  It is a huge patch set. You explained what the=
 vision is, but that is about it. There is no chance this will continue if t=
his disagreement isn=E2=80=99t solved first. I didn=E2=80=99t even look at=
 the code.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that I don=E2=
=80=99t agree with.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> I asked multiple times if you "agreed with the c=
oncept" and again, met with silence. Yes I get it, people are busy.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Having support for RPZ? Yes, it was definitely o=
n the roadmap. That I agree with.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> So many fundamental things that I have been rais=
ing have either not been discussed or outright dismissed.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You mentioned this a in the past, but for some r=
eason you do not disclose what I dismissed. Why do you continue to make thi=
s harder, wouldn=E2=80=99t it not be easier to tell me what I have dismisse=
d?</div>
<div class=3D"plain_line">  I have sent multiple emails trying to answer yo=
ur concerns and comments. On July 28, Aug 14, Aug 22, Aug 23, Sep 30, etc.<=
/div>
<div class=3D"plain_line">  I=E2=80=99ve gone through all of the questions=
 you asked and I cannot find a "dismissed" item.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Maybe I need to be *more clear*. I feel humoured =
by this.</div>
<div class=3D"plain_line">  It is late on a Saturday and I want my dinner s=
oon, but certainly I have stated that this should never be an add-on consid=
ering it is supposed to replace URL Filter. We should never allow people to =
add their own sources. I have also stated that we cannot download any list=
s over HTTPS again and again and again. The implementation that we have her=
e seems to exactly do that and therefore I think that my feedback has been=
 dismissed entirely.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> I don=E2=80=99t want to merge code that has no f=
uture inside IPFire as there is no constructive conversation with the maint=
ainers of it.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> The maintainers of Unbound and/or RPZ?</div>
<div class=3D"plain_line">  The maintainers of Hagezi list, the threatfox l=
ist, the urlhaus list, etc.?</div>
<div class=3D"plain_line">  What else? The maintainers or the RPZ scripts?=
 That is me. Let=E2=80=99s talk!</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> You. I don=E2=80=99t care much about the provide=
rs of the lists.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> See, this is where it gets confusing. There are=
 hundreds of open source packages as part of IPFire. Pick the last five year=
s of items added to the IPFire build. You're telling me you have "construct=
ive conversation with the maintainers" of all of the added packages?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> They publish their software and they don=E2=80=
=99t care whether I am pulling it or not. They publish it with the commitme=
nt to maintain it - sometimes for better and sometimes for worse.</div>
<div class=3D"plain_line">  You care about me pulling your code and I don=
=E2=80=99t know whether you would commit to maintain this.</div>
<div class=3D"plain_line">  These two are very different cases.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Pick the IP Blocklists list (i.e., 3CORESEC, ABU=
SECH, DSHIELD, SPAMHAUS, etc.) or the Suricata lists (i.e.,Emergingthreats.=
net &lt;http://emergingthreats.net/&gt;,Abuse.ch &lt;http://abuse.ch/&gt;,=
 etc.). So you=E2=80=99ve have "constructive conversation with the maintaine=
rs"?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Yes, occasionally I have phone calls with a few=
 of these providers.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Having been trying for a long time to make you a=
ware of this, nothing of this should come as a surprise.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Ha! Yes a surprise. In the beginning you seemed=
 interested as IPFire needed a replacement for URL Filter. You asked good qu=
estions about the lists picked, asked for the value to the users, etc. And=
 I answered the best I could.</div>
<div class=3D"plain_line">  You even asked: =E2=80=9CWhy is this realised a=
s an add-on and not part of the core system?=E2=80=9D from your Jul 28, 202=
4 email.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Ah, so, why is the patch creating an add-on? Not =
that I am saying that what I say is law, but it has not been challenged ei=
ther. If my input is being ignored, why should I put this to the top of my=
 list of priorities? I am not disappointed about this, just trying to be ver=
y good with my time.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> And on January 16, 2025 I wrote a message lookin=
g for help. And you were kind to respond quickly. So in three weeks time, s=
ince the kind response, something has changed. You went from supportive to=
 "this".</div>
<div class=3D"plain_line">  So yes, I am surprised.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Well, maybe I should not have replied to that em=
ail. It was clear that you were on some path that was not right, but you we=
re not interested before in finding the right path from the beginning.</div=
>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line"> Please consider if that can be changed and if th=
ere is a path forward with this.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Be more specific, what has to change? What exact=
ly did I dismiss?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Dismissal is just my assumption. I don=E2=80=99t =
know what you actually did with my feedback. I can only see the end produc=
t that does not seem contain much of it. Repeatedly I have been pointing ou=
t that we should think before we build. I am sure a lot of hours have now g=
one into some code that simply does not satisfy me. And I am not not talkin=
g about the code itself, what it does is what I don=E2=80=99t think is righ=
t for us.</div>
<div class=3D"plain_line">  The process is very clear for me that we should =
first of all think whether we want a certain feature now. Then there shoul=
d be a clear roadmap for everyone to follow; tasks can be split-up as we go =
and hopefully then have something that is maintainable, interesting for ou=
r users and even would do us proud. This is how this should work.</div>
<div class=3D"plain_line">  So, what has to change? I don=E2=80=99t think w=
ith shouting at each other, throwing patches around and making me generally =
unhappy is a good start.</div>
<div class=3D"plain_line">  -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On Feb 6, 2025, at 2:13=E2=80=AFPM, Michael Trem=
er &lt;michael.tremer@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  Hello Jon,</div>
<div class=3D"plain_line">  Well, here we are again with another patch rega=
rding this feature.</div>
<div class=3D"plain_line">  I cannot quite see from your email what the que=
stion is, but if this is a request to have this merged into IPFire, I am on=
ce again sorry to disappoint you.</div>
<div class=3D"plain_line">  I think I have covered this all at lengths befo=
re that this project has been started as a separate effort and as far as I=
 am aware none of the other team members has been involved. This has not bee=
n discussed either on this list, on our calls. Instead there has been a sep=
arate conversation on the forum with the occasional dip here to the list. B=
ut that was not a regular two-way conversation. Therefore, what am I suppos=
ed to do with this email?</div>
<div class=3D"plain_line">  I don=E2=80=99t want to merge code that I don=
=E2=80=99t agree with. So many fundamental things that I have been raising=
 have either not been discussed or outright dismissed.</div>
<div class=3D"plain_line">  I don=E2=80=99t want to merge code that has no=
 future inside IPFire as there is no constructive conversation with the main=
tainers of it.</div>
<div class=3D"plain_line">  Having been trying for a long time to make you=
 aware of this, nothing of this should come as a surprise.</div>
<div class=3D"plain_line">  Please consider if that can be changed and if t=
here is a path forward with this.</div>
<div class=3D"plain_line">  All the best,</div>
<div class=3D"plain_line"> -Michael</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> On 6 Feb 2025, at 16:35, Jon Murphy &lt;jon.murp=
hy@ipfire.org&gt; wrote:</div>
<div class=3D"plain_line">  What is it?</div>
<div class=3D"plain_line"> Response Policy Zone (RPZ) is a mechanism to def=
ine local policies in a</div>
<div class=3D"plain_line"> standardized way and load those policies from ex=
ternal sources.</div>
<div class=3D"plain_line"> Bottom line: RPZ allows admins to easily block a=
ccess to websites via DNS lookup.</div>
<div class=3D"plain_line">  RPZ can block websites via categories. Examples =
include: fake websites, annoying</div>
<div class=3D"plain_line"> pop-up ads, newly registered domains, DoH bypass =
sites, bad "host" services,</div>
<div class=3D"plain_line"> maliscious top level domains (e.g., *.zip, *.mov=
), piracy, gambling, pornography,</div>
<div class=3D"plain_line"> and more. RPZ lists come from various RPZ provid=
ers and their available</div>
<div class=3D"plain_line"> catagories.</div>
<div class=3D"plain_line">  This RPZ add-on enables the RPZ functionality b=
y adding a couple lines in a</div>
<div class=3D"plain_line"> configuration file. This add-on simply adds conf=
iguration files and adds</div>
<div class=3D"plain_line"> scripts (config, metrics and sleep) to make RPZ=
 easier for the admin to use.</div>
<div class=3D"plain_line">  The RPZ scripts include additional languages: G=
erman, Spanish, French, Turkish,</div>
<div class=3D"plain_line"> and Italian.</div>
<div class=3D"plain_line">  RPZ itself was release in 2010 and has been par=
t of the IPFire build since ~2015.</div>
<div class=3D"plain_line">  Why is it needed? What is its value?</div>
<div class=3D"plain_line">  - The RPZ concept places this filtering into IP=
Fire, our internet access</div>
<div class=3D"plain_line"> gateway, which is (should be) solely used as DNS =
source of the internal network.</div>
<div class=3D"plain_line">  - As most sites use HTTPS it makes it difficult =
to filter traffic with URL</div>
<div class=3D"plain_line"> Filter without also properly configuring convent=
ional (non-transparent)</div>
<div class=3D"plain_line"> mode on the proxy. RPZ is a nice replacement for =
the URL Filter.</div>
<div class=3D"plain_line">  - No need to install and maintain an additional =
device like PiHole or AdBlock</div>
<div class=3D"plain_line"> browser extensions on multiple user devices.</di=
v>
<div class=3D"plain_line">  - This is an additional layer of protection for =
users. Less worry someone will</div>
<div class=3D"plain_line"> click on something that gets them into trouble.=
 And, saying this with emphasis,</div>
<div class=3D"plain_line"> the ability to do it in one place!</div>
<div class=3D"plain_line">  - Blocked sites save on unneeded traffic and ca=
n lessen the threat of malware</div>
<div class=3D"plain_line"> in advertisements</div>
<div class=3D"plain_line">  - Logging allows the admin to see the site bloc=
ked and take actions</div>
<div class=3D"plain_line">  - RPZ will be used at the home, home-office (wo=
rk from home), schools,</div>
<div class=3D"plain_line"> ministerial, and at the office. Device counts ar=
e small (2-6) to medium (~80)</div>
<div class=3D"plain_line"> to mediam-large (200+).</div>
<div class=3D"plain_line">  - RPZ can block ads, popups, phishing, scammers=
, spyware, malware, annoying</div>
<div class=3D"plain_line"> popups, NSFW links, DOH servers, and the usual i=
nternet trash.</div>
<div class=3D"plain_line">  ------------------------------</div>
<div class=3D"plain_line">  Change Log for RPZ add-on</div>
<div class=3D"plain_line">  rpz-1.0.0-18 on 2025-02-05</div>
<div class=3D"plain_line"> - Build for approval &amp; release as IPFire add=
-on</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.18-18.ipfire on 2025-02-01</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added a mod key to force a unboun=
d restart</div>
<div class=3D"plain_line">  rpz-config and rpz-make:</div>
<div class=3D"plain_line"> - new feature: added action for unbound restart=
 `rpz-config unbound-restart`</div>
<div class=3D"plain_line">  rpz-metrics:</div>
<div class=3D"plain_line"> - simple reformatting</div>
<div class=3D"plain_line"> - rename far right column from "last update" to=
 "last download"</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.17-17.ipfire on 2024-12-09</div>
<div class=3D"plain_line"> rpz-make</div>
<div class=3D"plain_line"> - bug fix: corrected validation regex for wildca=
rds like: `*.domain.com`</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.16-16.ipfire on 2024-11-18</div>
<div class=3D"plain_line"> rpz-make</div>
<div class=3D"plain_line"> - new feature: updated validation regex</div>
<div class=3D"plain_line"> - bug fix: moved validation to beginning of proc=
ess. Now we validate before</div>
<div class=3D"plain_line"> creating config files.</div>
<div class=3D"plain_line">  rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: use CSS color variables of the ma=
in ipfire theme</div>
<div class=3D"plain_line"> - bug fix: empty zonefile remarks were stored as =
=E2=80=9Cundef=E2=80=9D and caused a warning</div>
<div class=3D"plain_line"> - bug fix: HTML textarea removes the first empty =
line in a custom list</div>
<div class=3D"plain_line"> - thank you Leo!</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.15-15.ipfire on 2024-11-04</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Turki=
sh (thank you Peppe)</div>
<div class=3D"plain_line">  rpz-make</div>
<div class=3D"plain_line"> - bug fix: corrected empty allow/block list issu=
e. An empty allow/block list</div>
<div class=3D"plain_line"> will now remove contents of allow/block.rpz file=
s and remove unneeded</div>
<div class=3D"plain_line"> allow/block.conf file. (thank you iptom)</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.14-14.ipfire on 2024-10-29</div>
<div class=3D"plain_line"> rpz-config:</div>
<div class=3D"plain_line"> - bug fix: correct missing rpz extension. `rpz-c=
onfig list` displayed URL</div>
<div class=3D"plain_line"> incorrectly (thank you Bernhard)</div>
<div class=3D"plain_line">  rpz.cgi:</div>
<div class=3D"plain_line"> - bug fix: remove extra `"` in language files (t=
hank you Bernhard)</div>
<div class=3D"plain_line"> - new feature: slightly dim "apply" button when=
 not enabled</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.13-13.ipfire on 2024-10-27</div>
<div class=3D"plain_line"> - skipped</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.12-12.ipfire on 2024-10-21</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Frenc=
h (thank you gw-ipfire)</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.11-11.ipfire on 2024-10-18</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Itali=
an (thank you umberto)</div>
<div class=3D"plain_line"> - new feature: added new language file for Spani=
sh (thank you Roberto)</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.10-10.ipfire on 2024-10-15</div>
<div class=3D"plain_line"> rpz-make:</div>
<div class=3D"plain_line"> - bug fix: corrected validation error for a cust=
om list entry (thank you siosios)</div>
<div class=3D"plain_line"> - e.g., `*.cloudflare-dns.com`</div>
<div class=3D"plain_line">  install.sh:</div>
<div class=3D"plain_line"> - bug fix: add chown to correct user created fil=
es</div>
<div class=3D"plain_line">  update.sh:</div>
<div class=3D"plain_line"> - bug fix: add chown to correct user created fil=
es (thank you siosios)</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.9-9.ipfire on 2024-10-08</div>
<div class=3D"plain_line"> rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new language file for Germa=
n (thank you Leo)</div>
<div class=3D"plain_line"> - bug fix: add missing "rpz exitcode 110"</div>
<div class=3D"plain_line"> - bug fix: corrected missing RPZ menu item at me=
nu &gt; IPFire</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.8-8.ipfire on 2024-10-04</div>
<div class=3D"plain_line"> - skipped</div>
<div class=3D"plain_line">  ---</div>
<div class=3D"plain_line">  rpz-beta-0.1.7-7.ipfire on 2024-10-03</div>
<div class=3D"plain_line"> All:</div>
<div class=3D"plain_line"> - new feature: includes beta version numbers for =
pakfire package,</div>
<div class=3D"plain_line"> instead of only `rpz-1.0.0-1.ipfire`, for each r=
elease.</div>
<div class=3D"plain_line">  rpz.cgi:</div>
<div class=3D"plain_line"> - new feature: added new WebGUI at `rpz.cgi`</di=
v>
<div class=3D"plain_line"> - a BIG thank you to Leo Hofmann for all of his=
 work creating the webgui!!</div>
<div class=3D"plain_line"> - bug fix: corrected missing RPZ menu item at me=
nu &gt; IPFire</div>
<div class=3D"plain_line">  rpz-make:</div>
<div class=3D"plain_line"> - new feature: validate entries in allowlist and =
blocklist</div>
<div class=3D"plain_line"> - new feature: add "no-reload" option for WebGUI=
</div>
<div class=3D"plain_line">  rpz-metrics:</div>
<div class=3D"plain_line"> - new feature: info can be sorted by name, by hi=
t count, by line count, by</div>
<div class=3D"plain_line"> "enabled" list or all lists</div>
<div class=3D"plain_line">  backups:</div>
<div class=3D"plain_line"> - bug fix: include all files in `/var/ipfire/dns=
/rpz` directory in backup</div>
<div class=3D"plain_line">  update.sh:</div>
<div class=3D"plain_line"> - bug fix: corrected ownership for `/var/ipfire/=
dns/rpz` directory during an</div>
<div class=3D"plain_line"> update</div>
<div class=3D"plain_line">  Build:</div>
<div class=3D"plain_line"> - bug fix: `block.rpz.conf` and `block.rpz` from =
build. Files to be created</div>
<div class=3D"plain_line"> by `rpz-make`</div>
<div class=3D"plain_line">  WebGUI and German language file</div>
<div class=3D"plain_line"> Contribution-by: Leo-Andres Hofmann &lt;hofmann@=
leo-andres.de&gt;</div>
<div class=3D"plain_line">  Spanish language file</div>
<div class=3D"plain_line"> Contribution-by: Roberto Pe=C3=B1a</div>
<div class=3D"plain_line">  Italian language file</div>
<div class=3D"plain_line"> Contribution-by: Umberto Parma</div>
<div class=3D"plain_line">  French language file</div>
<div class=3D"plain_line"> Contribution-by: gw-ipfire</div>
<div class=3D"plain_line">  Turkish language file</div>
<div class=3D"plain_line"> Contribution-by: Peppe Tech</div>
<div class=3D"plain_line">  Contribution-by: Bernhard Bitsch &lt;bbitsch@ip=
fire.org&gt;</div>
<div class=3D"plain_line"> Contribution-by: Erik Kapfer &lt;erik.kapfer@ipf=
ire.org&gt;</div>
<div class=3D"plain_line"> Signed-off-by: Jon Murphy &lt;jon.murphy@ipfire.=
org</div>
<div class=3D"plain_line"> ---</div>
<div class=3D"plain_line"> config/backup/includes/rpz | 4 +</div>
<div class=3D"plain_line"> config/cfgroot/manualpages | 1 +</div>
<div class=3D"plain_line"> config/menu/EX-rpz.menu | 6 +</div>
<div class=3D"plain_line"> config/rootfiles/common/configroot | 1 +</div>
<div class=3D"plain_line"> config/rootfiles/common/web-user-interface | 1 +=
</div>
<div class=3D"plain_line"> config/rootfiles/packages/rpz | 20 +</div>
<div class=3D"plain_line"> config/rpz/00-rpz.conf | 10 +</div>
<div class=3D"plain_line"> config/rpz/rpz-config | 130 +++</div>
<div class=3D"plain_line"> config/rpz/rpz-functions | 85 ++</div>
<div class=3D"plain_line"> config/rpz/rpz-make | 203 +++++</div>
<div class=3D"plain_line"> config/rpz/rpz-metrics | 170 ++++</div>
<div class=3D"plain_line"> config/rpz/rpz-sleep | 58 ++</div>
<div class=3D"plain_line"> config/rpz/rpz.de.pl | 30 +</div>
<div class=3D"plain_line"> config/rpz/rpz.en.pl | 30 +</div>
<div class=3D"plain_line"> config/rpz/rpz.es.pl | 30 +</div>
<div class=3D"plain_line"> config/rpz/rpz.fr.pl | 30 +</div>
<div class=3D"plain_line"> config/rpz/rpz.it.pl | 30 +</div>
<div class=3D"plain_line"> config/rpz/rpz.tr.pl | 30 +</div>
<div class=3D"plain_line"> html/cgi-bin/rpz.cgi | 923 +++++++++++++++++++++=
</div>
<div class=3D"plain_line"> lfs/rpz | 96 +++</div>
<div class=3D"plain_line"> make.sh | 3 +-</div>
<div class=3D"plain_line"> src/paks/rpz/install.sh | 36 +</div>
<div class=3D"plain_line"> src/paks/rpz/uninstall.sh | 38 +</div>
<div class=3D"plain_line"> src/paks/rpz/update.sh | 52 ++</div>
<div class=3D"plain_line"> 24 files changed, 2016 insertions(+), 1 deletion=
(-)</div>
<div class=3D"plain_line"> create mode 100644 config/backup/includes/rpz</d=
iv>
<div class=3D"plain_line"> create mode 100644 config/menu/EX-rpz.menu</div>
<div class=3D"plain_line"> create mode 100644 config/rootfiles/packages/rpz=
</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/00-rpz.conf</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-config</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-functions</div=
>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz-make</div>
<div class=3D"plain_line"> create mode 100755 config/rpz/rpz-metrics</div>
<div class=3D"plain_line"> create mode 100755 config/rpz/rpz-sleep</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.de.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.en.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.es.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.fr.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.it.pl</div>
<div class=3D"plain_line"> create mode 100644 config/rpz/rpz.tr.pl</div>
<div class=3D"plain_line"> create mode 100644 html/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> create mode 100644 lfs/rpz</div>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/install.sh</div>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/uninstall.sh</di=
v>
<div class=3D"plain_line"> create mode 100644 src/paks/rpz/update.sh</div>
<div class=3D"plain_line">  diff --git a/config/backup/includes/rpz b/confi=
g/backup/includes/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..36513e494</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/backup/includes/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,4 @@</div>
<div class=3D"plain_line"> +/var/ipfire/dns/rpz/*</div>
<div class=3D"plain_line"> +/etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> +/etc/unbound/zonefiles/block.rpz</div>
<div class=3D"plain_line"> +/etc/unbound/local.d/*rpz.conf</div>
<div class=3D"plain_line"> diff --git a/config/cfgroot/manualpages b/config=
/cfgroot/manualpages</div>
<div class=3D"plain_line"> index 1f7e01efc..d3a48c633 100644</div>
<div class=3D"plain_line"> --- a/config/cfgroot/manualpages</div>
<div class=3D"plain_line"> +++ b/config/cfgroot/manualpages</div>
<div class=3D"plain_line"> @@ -70,6 +70,7 @@ pakfire.cgi=3Dconfiguration/ip=
fire/pakfire</div>
<div class=3D"plain_line"> wlanap.cgi=3Daddons/wireless</div>
<div class=3D"plain_line"> tor.cgi=3Daddons/tor</div>
<div class=3D"plain_line"> samba.cgi=3Daddons/samba</div>
<div class=3D"plain_line"> +rpz.cgi=3Daddons/rpz</div>
<div class=3D"plain_line">  # Logs menu</div>
<div class=3D"plain_line"> logs.cgi/summary.dat=3Dconfiguration/logs/summar=
y</div>
<div class=3D"plain_line"> diff --git a/config/menu/EX-rpz.menu b/config/me=
nu/EX-rpz.menu</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..2f4daf410</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/menu/EX-rpz.menu</div>
<div class=3D"plain_line"> @@ -0,0 +1,6 @@</div>
<div class=3D"plain_line"> +$subipfire-&gt;{'20.rpz'} =3D {</div>
<div class=3D"plain_line"> + 'caption' =3D&gt; $Lang::tr{'rpz'},</div>
<div class=3D"plain_line"> + 'uri' =3D&gt; '/cgi-bin/rpz.cgi',</div>
<div class=3D"plain_line"> + 'title' =3D&gt; "RPZ",</div>
<div class=3D"plain_line"> + 'enabled' =3D&gt; 1,</div>
<div class=3D"plain_line"> +};</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/common/configroot=
 b/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> index 9839eee45..b30d6aae4 100644</div>
<div class=3D"plain_line"> --- a/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/common/configroot</div>
<div class=3D"plain_line"> @@ -120,6 +120,7 @@ var/ipfire/menu.d/70-log.men=
u</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-apcupsd.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-guardian.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-mympd.menu</div>
<div class=3D"plain_line"> +#var/ipfire/menu.d/EX-rpz.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-samba.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-tor.menu</div>
<div class=3D"plain_line"> #var/ipfire/menu.d/EX-transmission.menu</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/common/web-user-in=
terface b/config/rootfiles/common/web-user-interface</div>
<div class=3D"plain_line"> index 816241dae..e00464076 100644</div>
<div class=3D"plain_line"> --- a/config/rootfiles/common/web-user-interface=
</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/common/web-user-interface=
</div>
<div class=3D"plain_line"> @@ -69,6 +69,7 @@ srv/web/ipfire/cgi-bin/proxy.c=
gi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/qos.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/remote.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/routing.cgi</div>
<div class=3D"plain_line"> +#srv/web/ipfire/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> #srv/web/ipfire/cgi-bin/samba.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/services.cgi</div>
<div class=3D"plain_line"> srv/web/ipfire/cgi-bin/shutdown.cgi</div>
<div class=3D"plain_line"> diff --git a/config/rootfiles/packages/rpz b/con=
fig/rootfiles/packages/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..1c8663049</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rootfiles/packages/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,20 @@</div>
<div class=3D"plain_line"> +etc/unbound/local.d/00-rpz.conf</div>
<div class=3D"plain_line"> +etc/unbound/zonefiles</div>
<div class=3D"plain_line"> +etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> +usr/sbin/rpz-config</div>
<div class=3D"plain_line"> +usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +usr/sbin/rpz-make</div>
<div class=3D"plain_line"> +usr/sbin/rpz-metrics</div>
<div class=3D"plain_line"> +usr/sbin/rpz-sleep</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.de.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.en.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.es.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.fr.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.it.pl</div>
<div class=3D"plain_line"> +var/ipfire/addon-lang/rpz.tr.pl</div>
<div class=3D"plain_line"> +var/ipfire/backup/addons/includes/rpz</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz/allowlist</div>
<div class=3D"plain_line"> +var/ipfire/dns/rpz/blocklist</div>
<div class=3D"plain_line"> +var/ipfire/menu.d/EX-rpz.menu</div>
<div class=3D"plain_line"> +srv/web/ipfire/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> diff --git a/config/rpz/00-rpz.conf b/config/rpz=
/00-rpz.conf</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..f005a4f2e</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/00-rpz.conf</div>
<div class=3D"plain_line"> @@ -0,0 +1,10 @@</div>
<div class=3D"plain_line"> +server:</div>
<div class=3D"plain_line"> + module-config: "respip validator iterator"</di=
v>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpz:</div>
<div class=3D"plain_line"> + name: allow.rpz</div>
<div class=3D"plain_line"> + zonefile: /etc/unbound/zonefiles/allow.rpz</di=
v>
<div class=3D"plain_line"> + rpz-action-override: passthru</div>
<div class=3D"plain_line"> + rpz-log: yes</div>
<div class=3D"plain_line"> + rpz-log-name: allow</div>
<div class=3D"plain_line"> + rpz-signal-nxdomain-ra: yes</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-config b/config/rpz/=
rpz-config</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..c72d50f9b</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-config</div>
<div class=3D"plain_line"> @@ -0,0 +1,130 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024-2025 IPFire Team &lt;info@=
ipfire.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-11 - v44"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Functions ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +source /usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Main ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzAction=3D"${1}" # input RPZ action</div>
<div class=3D"plain_line"> +rpzName=3D"${2}" # input RPZ name</div>
<div class=3D"plain_line"> +rpzURL=3D"${3}" # input RPZ URL</div>
<div class=3D"plain_line"> +rpzOption1=3D"${4}" # input RPZ option #1</div>
<div class=3D"plain_line"> +rpzOption2=3D"${5}" # input RPZ option #2</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzConfig=3D"/etc/unbound/local.d/${rpzName}.rp=
z.conf" # output zone conf file</div>
<div class=3D"plain_line"> +rpzFile=3D"/etc/unbound/zonefiles/${rpzName}.rp=
z" # output for RPZ file</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzLog=3D"yes" # log default is yes</div>
<div class=3D"plain_line"> +ucReload=3D"yes" # reload default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> + case "$1" in</div>
<div class=3D"plain_line"> + --no-log ) rpzLog=3D"no" ;;</div>
<div class=3D"plain_line"> + --no-reload ) ucReload=3D"no" ; checkConf=3D"n=
o" ;;</div>
<div class=3D"plain_line"> + esac</div>
<div class=3D"plain_line"> + shift # Shift after checking all the cases to=
 get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${rpzAction}" in</div>
<div class=3D"plain_line"> + # add new rpz list</div>
<div class=3D"plain_line"> + add )</div>
<div class=3D"plain_line"> + check_name "${rpzName}" # is this a valid name=
?</div>
<div class=3D"plain_line"> + # does this config already exist? If yes, then =
exit</div>
<div class=3D"plain_line"> + if [[ -f "${rpzConfig}" ]] ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: duplicate - ${rpzConfig}=
 already exists. exit"</div>
<div class=3D"plain_line"> + exit 104</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # is this a valid URL?</div>
<div class=3D"plain_line"> + regex=3D'^https://[-[:alnum:]\+&amp;@#/%?=3D~_=
|!:,.;]*[-[:alnum:]\+&amp;@#/%=3D~_|]'</div>
<div class=3D"plain_line"> + if ! [[ "${rpzURL}" =3D~ $regex ]] ; then</div=
>
<div class=3D"plain_line"> + msg_log "error: rpz: the URL is not valid: \"$=
{rpzURL}\". exit."</div>
<div class=3D"plain_line"> + exit 105</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # create the zone config file</div>
<div class=3D"plain_line"> + {</div>
<div class=3D"plain_line"> + echo "rpz:"</div>
<div class=3D"plain_line"> + echo " name: ${rpzName}.rpz"</div>
<div class=3D"plain_line"> + echo " zonefile: ${rpzFile}"</div>
<div class=3D"plain_line"> + echo " url: ${rpzURL}"</div>
<div class=3D"plain_line"> + echo " rpz-action-override: nxdomain"</div>
<div class=3D"plain_line"> + echo " rpz-log: ${rpzLog}"</div>
<div class=3D"plain_line"> + echo " rpz-log-name: ${rpzName}"</div>
<div class=3D"plain_line"> + echo " rpz-signal-nxdomain-ra: yes"</div>
<div class=3D"plain_line"> + } &gt; "${rpzConfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # set-up zonefile</div>
<div class=3D"plain_line"> + # create an empty rpz file if it does not exis=
t</div>
<div class=3D"plain_line"> + if [[ ! -f "${rpzFile}" ]] ; then</div>
<div class=3D"plain_line"> + touch "${rpzFile}"</div>
<div class=3D"plain_line"> + # unbound requires these settings for rpz file=
s</div>
<div class=3D"plain_line"> + set_permissions "${rpzFile}" "${rpzConfig}"</d=
iv>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # trash config file &amp; rpz file</div>
<div class=3D"plain_line"> + remove )</div>
<div class=3D"plain_line"> + if ! [[ -f "${rpzConfig}" ]] ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: cannot remove ${rpzConfig=
}, does not exist. exit"</div>
<div class=3D"plain_line"> + exit 106</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + msg_log "info: rpz: remove config file &amp; r=
pz file \"${rpzName}\""</div>
<div class=3D"plain_line"> + rm "${rpzConfig}"</div>
<div class=3D"plain_line"> + rm "${rpzFile}"</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + reload )</div>
<div class=3D"plain_line"> + check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + list )</div>
<div class=3D"plain_line"> + awk -F':' '/^\s*name:/{ gsub(/[[:blank:]]|\.rp=
z/, "",$2) ; NAME=3D$2 } \</div>
<div class=3D"plain_line"> + /^\s*url:/{ gsub(/[[:blank:]]/, "") ; print NA=
ME"=3D"$2":"$3} ' \</div>
<div class=3D"plain_line"> + /etc/unbound/local.d/*rpz.conf</div>
<div class=3D"plain_line"> + exit</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + unbound-restart )</div>
<div class=3D"plain_line"> + check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> + unbound_restart</div>
<div class=3D"plain_line"> + exit</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + * )</div>
<div class=3D"plain_line"> + msg_log "error: rpz: missing or incorrect para=
meter"</div>
<div class=3D"plain_line"> + printf "Usage: $(basename "$0") &lt;ACTION&gt; =
&lt;NAME&gt; &lt;URL&gt; &lt;OPTION&gt; &lt;OPTION&gt;\n"</div>
<div class=3D"plain_line"> + printf "Version: ${version}\n"</div>
<div class=3D"plain_line"> + exit 108</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload "${ucReload}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-functions b/config/r=
pz/rpz-functions</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ace1d2690</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-functions</div>
<div class=3D"plain_line"> @@ -0,0 +1,85 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2024-12-10 - v02"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Functions ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log () {</div>
<div class=3D"plain_line"> + logger --tag "${tagName}" "$*"</div>
<div class=3D"plain_line"> + if tty --silent ; then</div>
<div class=3D"plain_line"> + echo "${tagName}:" "$*"</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# check for a valid name</div>
<div class=3D"plain_line"> +check_name () {</div>
<div class=3D"plain_line"> + local theName=3D"${1}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + regex=3D'^[a-zA-Z0-9_]+$' # no dash or plus, a=
lpha numeric only</div>
<div class=3D"plain_line"> + regex1=3D'^(allow|block)$' # allow and block a=
re reserved NAMEs</div>
<div class=3D"plain_line"> + if [[ ! "${theName}" =3D~ $regex ]] || [[ "${t=
heName}" =3D~ $regex1 ]] ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: the NAME is not valid: \"=
${theName}\". exit."</div>
<div class=3D"plain_line"> + exit 101</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +set_permissions () {</div>
<div class=3D"plain_line"> + chown nobody:nobody "$@"</div>
<div class=3D"plain_line"> + chmod 644 "$@"</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +check_unbound_conf () {</div>
<div class=3D"plain_line"> + local thecheckConf=3D"${1:-yes}" # check confi=
g default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # check the above config files</div>
<div class=3D"plain_line"> + if [[ "${thecheckConf}" =3D=3D yes ]] ; then</=
div>
<div class=3D"plain_line"> + msg_log "info: rpz: check for errors with \"un=
bound-checkconf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if ! unbound-checkconf ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: unbound-checkconf found i=
nvalid configuration."</div>
<div class=3D"plain_line"> + msg_log \</div>
<div class=3D"plain_line"> + "error: rpz: In Terminal run the command \"unb=
ound-checkconf\" for more information. exit."</div>
<div class=3D"plain_line"> + exit 102</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload () {</div>
<div class=3D"plain_line"> + local theReload=3D"${1:-yes}" # reload default =
is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if [[ "${theReload}" =3D=3D yes ]] ; then</div=
>
<div class=3D"plain_line"> + # reload due to the changes</div>
<div class=3D"plain_line"> + msg_log "info: rpz: run \"unbound-control relo=
ad\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if ! unbound-control reload ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: unbound-control reload. e=
xit."</div>
<div class=3D"plain_line"> + exit 109</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_restart () {</div>
<div class=3D"plain_line"> + # restart due to the changes</div>
<div class=3D"plain_line"> + msg_log "info: rpz: run \"unbound restart\""</=
div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + /usr/local/bin/unboundctrl restart</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-make b/config/rpz/rp=
z-make</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..927d55170</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-make</div>
<div class=3D"plain_line"> @@ -0,0 +1,203 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024-2025 IPFire Team &lt;info@=
ipfire.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-11 - v14"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Functions ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +source /usr/sbin/rpz-functions</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# create the config file for allow</div>
<div class=3D"plain_line"> +make_allow_config () {</div>
<div class=3D"plain_line"> + local theLog=3D"${1:-yes}" # log default ON</d=
iv>
<div class=3D"plain_line"> + local theConfig=3D"/etc/unbound/local.d/00-rpz=
.conf" # output zone conf file</div>
<div class=3D"plain_line"> + local theList=3D"/var/ipfire/dns/rpz/allowlist=
" # input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + msg_log "info: rpz: make config file \"00-rpz.=
conf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + echo "server:</div>
<div class=3D"plain_line"> + module-config: \"respip validator iterator\""=
 &gt; "${theConfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # does allow list exist?</div>
<div class=3D"plain_line"> + if [[ -s "${theList}" ]] &amp;&amp; grep -q .=
 "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + echo "rpz:</div>
<div class=3D"plain_line"> + name: allow.rpz</div>
<div class=3D"plain_line"> + zonefile: /etc/unbound/zonefiles/allow.rpz</di=
v>
<div class=3D"plain_line"> + rpz-action-override: passthru</div>
<div class=3D"plain_line"> + rpz-log: ${theLog}</div>
<div class=3D"plain_line"> + rpz-log-name: allow</div>
<div class=3D"plain_line"> + rpz-signal-nxdomain-ra: yes" &gt;&gt; "${theCo=
nfig}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # set-up zonefile - unbound requires these set=
tings for rpz files</div>
<div class=3D"plain_line"> + set_permissions "${theConfig}"</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# create the config file for block</div>
<div class=3D"plain_line"> +make_block_config () {</div>
<div class=3D"plain_line"> + local theLog=3D"${1:-yes}" # log default ON</d=
iv>
<div class=3D"plain_line"> + local theConfig=3D"/etc/unbound/local.d/block.=
rpz.conf" # output zone conf file</div>
<div class=3D"plain_line"> + local theList=3D"/var/ipfire/dns/rpz/blocklist=
" # input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + msg_log "info: rpz: make config file \"block.r=
pz.conf\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # does block list exist?</div>
<div class=3D"plain_line"> + if [[ -s "${theList}" ]] &amp;&amp; grep -q .=
 "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + echo "rpz:</div>
<div class=3D"plain_line"> + name: block.rpz</div>
<div class=3D"plain_line"> + zonefile: /etc/unbound/zonefiles/block.rpz</di=
v>
<div class=3D"plain_line"> + rpz-action-override: nxdomain</div>
<div class=3D"plain_line"> + rpz-log: ${theLog}</div>
<div class=3D"plain_line"> + rpz-log-name: block</div>
<div class=3D"plain_line"> + rpz-signal-nxdomain-ra: yes" &gt; "${theConfig=
}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # set-up zonefile - unbound requires these set=
tings for rpz files</div>
<div class=3D"plain_line"> + set_permissions "${theConfig}"</div>
<div class=3D"plain_line"> + else</div>
<div class=3D"plain_line"> + # no - trash the config file</div>
<div class=3D"plain_line"> + rm --verbose /etc/unbound/local.d/block.rpz.co=
nf</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# create an RPZ file for allow or block</div>
<div class=3D"plain_line"> +make_rpz_file () {</div>
<div class=3D"plain_line"> + local theName=3D"${1}" # allow or block</div>
<div class=3D"plain_line"> + local theAction=3D'.' # the default is nxdomai=
n or block</div>
<div class=3D"plain_line"> + local actionList</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + local theList=3D"/var/ipfire/dns/rpz/${theName=
}list" # input custom list of domains</div>
<div class=3D"plain_line"> + local theZonefile=3D"/etc/unbound/zonefiles/${=
theName}.rpz" # output file for RPZ</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # does a list exist?</div>
<div class=3D"plain_line"> + if [[ -s "${theList}" ]] &amp;&amp; grep -q .=
 "${theList}" ; then</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # for allow set to passthru</div>
<div class=3D"plain_line"> + [[ "${theName}" =3D=3D allow ]] &amp;&amp; the=
Action=3D'rpz-passthru.'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # drop any extra "blanks" and add "CNAME &lt;R=
PZ action&gt;." to each line</div>
<div class=3D"plain_line"> + actionList=3D$( awk '{$1=3D$1};1' "${theList}" =
|</div>
<div class=3D"plain_line"> + sed "/^[^;].*[[:alnum:]]/ s|$| CNAME ${theActi=
on}|" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + msg_log "info: rpz: create zonefile for \"${th=
eName}list\""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +echo "; Name: ${theName} list</div>
<div class=3D"plain_line"> +; Last modified: $(date "+%Y-%m-%d at %H.%M.%S=
 %Z")</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +; domains with actions list</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +${actionList}" &gt; "${theZonefile}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # set-up zonefile - unbound requires these set=
tings for rpz files</div>
<div class=3D"plain_line"> + set_permissions "${theZonefile}"</div>
<div class=3D"plain_line"> + # set-up allow/block list files</div>
<div class=3D"plain_line"> + set_permissions "${theList}"</div>
<div class=3D"plain_line"> + else</div>
<div class=3D"plain_line"> + msg_log "info: rpz: the ${theList} is empty."<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + rm --verbose "${theZonefile}" # trash the RPZ=
 file</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# check if allow/block list is valid</div>
<div class=3D"plain_line"> +validate_list () {</div>
<div class=3D"plain_line"> + local theName=3D"${1}" # allow or block</div>
<div class=3D"plain_line"> + local theList=3D"/var/ipfire/dns/rpz/${theName=
}list" # input custom list of domains</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # remove good:</div>
<div class=3D"plain_line"> + # - properly formated domain names with or wit=
hout leading wildcard</div>
<div class=3D"plain_line"> + # - properly formated top level domain (TLD) n=
ames with wildcard</div>
<div class=3D"plain_line"> + # - blank lines and comment lines</div>
<div class=3D"plain_line"> + # remaining lines are considered "bad"</div>
<div class=3D"plain_line"> + bad_lines=3D$( sed --regexp-extended \</div>
<div class=3D"plain_line"> + '/^(\*\.)?([a-zA-Z0-9](([a-zA-Z0-9\-]){0,61}[a=
-zA-Z0-9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])$/d ;=
</div>
<div class=3D"plain_line"> + /^(\*\.)([a-z]{2,61}|xn--[a-z0-9]{1,60})$/d ;<=
/div>
<div class=3D"plain_line"> + /^$/d ; /^;/d' "${theList}" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if [[ ! -z "${bad_lines}" ]] ; then</div>
<div class=3D"plain_line"> + msg_log "error: rpz: invalid line(s) in ${theL=
ist}."</div>
<div class=3D"plain_line"> + printf "%s\n" "bad line(s): ${bad_lines}"</div=
>
<div class=3D"plain_line"> + exit 110</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Main ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzName=3D"${1}" # input RPZ name</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +rpzLog=3D"yes" # log default is yes</div>
<div class=3D"plain_line"> +ucReload=3D"yes" # reload default is yes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> + case "$1" in</div>
<div class=3D"plain_line"> + --no-log ) rpzLog=3D"no" ;;</div>
<div class=3D"plain_line"> + --no-reload ) ucReload=3D"no" ; checkConf=3D"n=
o" ;;</div>
<div class=3D"plain_line"> + esac</div>
<div class=3D"plain_line"> + shift # Shift after checking all the cases to=
 get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${rpzName}" in</div>
<div class=3D"plain_line"> + # make a new allow or block rpz file</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + allow )</div>
<div class=3D"plain_line"> + validate_list 'allow' # is the allowlist valid=
?</div>
<div class=3D"plain_line"> + make_allow_config "${rpzLog}"</div>
<div class=3D"plain_line"> + make_rpz_file 'allow'</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + allowblock )</div>
<div class=3D"plain_line"> + validate_list 'allow' # is the list valid?</di=
v>
<div class=3D"plain_line"> + make_allow_config "${rpzLog}"</div>
<div class=3D"plain_line"> + make_rpz_file 'allow'</div>
<div class=3D"plain_line"> + ;&amp;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + block )</div>
<div class=3D"plain_line"> + validate_list 'block' # is the blocklist valid=
?</div>
<div class=3D"plain_line"> + make_block_config "${rpzLog}"</div>
<div class=3D"plain_line"> + make_rpz_file 'block'</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + reload )</div>
<div class=3D"plain_line"> + check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + unbound-restart )</div>
<div class=3D"plain_line"> + check_unbound_conf "${checkConf}"</div>
<div class=3D"plain_line"> + unbound_restart</div>
<div class=3D"plain_line"> + exit</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + * )</div>
<div class=3D"plain_line"> + msg_log "error: rpz: missing or incorrect para=
meter"</div>
<div class=3D"plain_line"> + printf "Usage: $(basename "$0") &lt;NAME&gt; &=
lt;OPTION&gt; &lt;OPTION&gt;\n"</div>
<div class=3D"plain_line"> + printf "Version: ${version}\n"</div>
<div class=3D"plain_line"> + exit 108</div>
<div class=3D"plain_line"> + ;;</div>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +unbound_control_reload "${ucReload}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-metrics b/config/rpz=
/rpz-metrics</div>
<div class=3D"plain_line"> new file mode 100755</div>
<div class=3D"plain_line"> index 000000000..4d43e1629</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-metrics</div>
<div class=3D"plain_line"> @@ -0,0 +1,170 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2025-01-20 - v25"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Main ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +weeks=3D"2" # default to two message logs</div>
<div class=3D"plain_line"> +sortBy=3D"name" # default "by name"</div>
<div class=3D"plain_line"> +rpzActive=3D"enabled" # default "enabled only"<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +while [[ $# -gt 0 ]] ; do</div>
<div class=3D"plain_line"> + case "$1" in</div>
<div class=3D"plain_line"> + --by-names | --by-name | name ) sortBy=3D"name=
" ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + --by-hits | --by-hit | hits | hit ) sortBy=3D"=
hit" ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + --by-lines | --by-line | lines | line ) sortBy=
=3D"line" ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + --by-effect ) sortBy=3D"effect" ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + --enabled-only ) rpzActive=3D"enabled" ;;</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + --active-all | --all | all ) rpzActive=3D"all" =
;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + [0-9] | [0-9][0-9] ) weeks=3D$1 ;;</div>
<div class=3D"plain_line"> + esac</div>
<div class=3D"plain_line"> + shift # Shift after checking all the cases to=
 get next option</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get the list of message logs for N weeks</div=
>
<div class=3D"plain_line"> +messageLogs=3D$( find /var/log/messages* -type=
 f | sort --version-sort |</div>
<div class=3D"plain_line"> + head -"${weeks}" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get the list of RPZ names &amp; counts from t=
he message log(s)</div>
<div class=3D"plain_line"> +rpzNameCount=3D$( for logf in ${messageLogs} ;=
 do</div>
<div class=3D"plain_line"> + zgrep --text --fixed-strings 'info: rpz: appli=
ed' "${logf}" |</div>
<div class=3D"plain_line"> + awk '$10 ~ /\[\w*]/ { print $10 }' ;</div>
<div class=3D"plain_line"> + done | sort | uniq --count )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# flip results and remove brackets `[` and `]`<=
/div>
<div class=3D"plain_line"> +rpzNameCount=3D$( echo "${rpzNameCount}" |</div=
>
<div class=3D"plain_line"> + awk '{ print $2, $1 }' |</div>
<div class=3D"plain_line"> + sed --regexp-extended 's|^\[(.*)\]|\1|' )</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# grab only names</div>
<div class=3D"plain_line"> +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ p=
rint $1 }' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get list of RPZ files</div>
<div class=3D"plain_line"> +rpzFileList=3D$( find /etc/unbound/zonefiles -t=
ype f -iname "*.rpz" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get basename of those files</div>
<div class=3D"plain_line"> +rpzBaseNames=3D$( echo "${rpzFileList}" |</div>
<div class=3D"plain_line"> + sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g =
;' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# add to rpzNames</div>
<div class=3D"plain_line"> +rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}"<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# drop duplicate names</div>
<div class=3D"plain_line"> +rpzNames=3D$( echo "${rpzNames}" | sort --uniqu=
e )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get line count for each RPZ</div>
<div class=3D"plain_line"> +lineCount=3D$( echo "${rpzFileList}" | xargs wc =
-l )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get comment line count and blank line count f=
or each RPZ</div>
<div class=3D"plain_line"> +commentCount=3D$( echo "${rpzFileList}" | xargs =
grep --count -e "^$" -e "^;" )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get modified date each RPZ</div>
<div class=3D"plain_line"> +modDateList=3D$( echo "${rpzFileList}" | xargs=
 stat -c '%.10y %n' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +ucListAuthZones=3D$( unbound-control list_auth_=
zones )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# get width of RPZ names</div>
<div class=3D"plain_line"> +pWidth=3D$( echo "${rpzNames}" | awk '{ print $=
1" " }' | wc -L )</div>
<div class=3D"plain_line"> +pFormat=3D"%-${pWidth}s %-8s %-8s %8s %12s %12s=
\n"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# print title line</div>
<div class=3D"plain_line"> +printf "${pFormat}" "name" "hits" "active" "lin=
es" " hits/line" "last download"</div>
<div class=3D"plain_line"> +printf -- "--------------"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +theResults=3D""</div>
<div class=3D"plain_line"> +totalLines=3D0</div>
<div class=3D"plain_line"> +totalHits=3D0</div>
<div class=3D"plain_line"> +while read -r theName</div>
<div class=3D"plain_line"> +do</div>
<div class=3D"plain_line"> + printf -- "--" # pretend progress bar</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # is this RPZ list active?</div>
<div class=3D"plain_line"> + theActive=3D"disabled"</div>
<div class=3D"plain_line"> + if grep --quiet "^${theName}\.rpz" &lt;&lt;&lt=
; "${ucListAuthZones}"</div>
<div class=3D"plain_line"> + then</div>
<div class=3D"plain_line"> + theActive=3D"enabled"</div>
<div class=3D"plain_line"> + else</div>
<div class=3D"plain_line"> + [[ "${rpzActive}" =3D=3D enabled ]] &amp;&amp; =
continue</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # get hit count</div>
<div class=3D"plain_line"> + theHits=3D"0"</div>
<div class=3D"plain_line"> + if output=3D$( grep "^${theName}\s" &lt;&lt;&l=
t; "${rpzNameCount}" ) ; then</div>
<div class=3D"plain_line"> + theHits=3D$( echo "${output}" | awk '{ print $=
2 }' )</div>
<div class=3D"plain_line"> + totalHits=3D$(( totalHits + theHits ))</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # get line count</div>
<div class=3D"plain_line"> + theLines=3D"n/a"</div>
<div class=3D"plain_line"> + hitsPerLine=3D"0"</div>
<div class=3D"plain_line"> + if output=3D$( grep --fixed-strings "/${theNam=
e}.rpz" &lt;&lt;&lt; "${lineCount}" ) ; then</div>
<div class=3D"plain_line"> + theLines=3D$( echo "${output}" | awk '{ print=
 $1 }' )</div>
<div class=3D"plain_line"> + totalLines=3D$(( totalLines + theLines ))</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if [[ "${theLines}" -gt 2 ]] ; then</div>
<div class=3D"plain_line"> + hitsPerLine=3D$(( 100 * theHits / theLines ))<=
/div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # get modification date</div>
<div class=3D"plain_line"> + theModDate=3D"n/a"</div>
<div class=3D"plain_line"> + if output=3D$( grep --fixed-strings "/${theNam=
e}.rpz" &lt;&lt;&lt; "${modDateList}" ) ; then</div>
<div class=3D"plain_line"> + theModDate=3D$( echo "${output}" | awk '{ prin=
t $1 }' )</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # add to results list</div>
<div class=3D"plain_line"> + theResults+=3D"${theName} ${theHits} ${theActi=
ve} ${theLines} ${hitsPerLine} ${theModDate}"$'\n'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +done &lt;&lt;&lt; "${rpzNames}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +case "${sortBy}" in</div>
<div class=3D"plain_line"> + # sort by "active" then by "name"</div>
<div class=3D"plain_line"> + name) sortArg=3D(-k3,3r -k1,1) ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # sort by "active" then by "hits" then by "nam=
e"</div>
<div class=3D"plain_line"> + hit) sortArg=3D(-k3,3r -k2,2nr -k1,1) ;;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # sort by "active" then by "lines" then by "na=
me"</div>
<div class=3D"plain_line"> + line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;;</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # sort by "active" then by "effect" then by "n=
ame"</div>
<div class=3D"plain_line"> + effect) sortArg=3D(-k3,3r -k5,5nr -k1,1) ;;</d=
iv>
<div class=3D"plain_line"> +esac</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +printf -- "--------------\n"</div>
<div class=3D"plain_line"> +# remove blank lines, sort, print as columns</d=
iv>
<div class=3D"plain_line"> +echo "${theResults}" |</div>
<div class=3D"plain_line"> + awk '!/^[[:space:]]*$/' |</div>
<div class=3D"plain_line"> + sort "${sortArg[@]}" |</div>
<div class=3D"plain_line"> + awk --assign=3Dwidth=3D"${pWidth}" \</div>
<div class=3D"plain_line"> + '{ printf "%-*s %-8s %-8s %8s %10s %% %12s\n", =
width, $1, $2, $3, $4, $5, $6 }'</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D"=
 "" "=3D=3D=3D=3D=3D=3D=3D=3D" "" ""</div>
<div class=3D"plain_line"> +printf "${pFormat}" "Totals --&gt;" "${totalHit=
s}" "" "${totalLines}" "" ""</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz-sleep b/config/rpz/r=
pz-sleep</div>
<div class=3D"plain_line"> new file mode 100755</div>
<div class=3D"plain_line"> index 000000000..dd3603599</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz-sleep</div>
<div class=3D"plain_line"> @@ -0,0 +1,58 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +version=3D"2024-08-16" # v05</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Functions ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# send message to message log</div>
<div class=3D"plain_line"> +msg_log () {</div>
<div class=3D"plain_line"> + logger --tag "${tagName}" "$*"</div>
<div class=3D"plain_line"> + if tty --silent ; then</div>
<div class=3D"plain_line"> + echo "${tagName}:" "$*"</div>
<div class=3D"plain_line"> + fi</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +############### Main ###############</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +tagName=3D"unbound"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +sleepTime=3D"${1:-5m}" # default to sleep for 5=
m (5 minutes)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +zoneList=3D$( unbound-control list_auth_zones | =
awk '{print $1}' )</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +for zone in ${zoneList} ; do</div>
<div class=3D"plain_line"> + printf "disable ${zone}\t"</div>
<div class=3D"plain_line"> + unbound-control rpz_disable "${zone}"</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log "info: rpz: disabled all zones for ${sl=
eepTime}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +sleep "${sleepTime}"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +for zone in ${zoneList} ; do</div>
<div class=3D"plain_line"> + printf "enable ${zone}\t"</div>
<div class=3D"plain_line"> + unbound-control rpz_enable "${zone}"</div>
<div class=3D"plain_line"> +done</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +msg_log "info: rpz: enabled all zones"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +exit</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.de.pl b/config/rpz/r=
pz.de.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..3770c6bb0</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.de.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# Added for Response Policy Zone (RPZ) add-on</=
div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; '=C3=9Cbernehmen',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Benutzerdefinier=
te Allowlist aktivieren:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Zugelassene Domain=
s (eine pro Zeile)&lt;br&gt;Beispiel: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Benutzerdefinierte Allo=
wlist',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Benutzerdefinier=
te Blocklist aktivieren:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Gesperrte Domains=
 (eine pro Zeile)&lt;br&gt;Beispiel: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Benutzerdefinierte Bloc=
klist',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Benutzerdefinierte Listen',</=
div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'Der Name enth=C3=A4=
lt unzul=C3=A4ssige Zeichen',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
at eine fehlerhafte Konfiguration ermittelt. F=C3=BChren Sie das Kommando u=
nbound-checkconf auf der Konsole aus, um weitere Informationen zu erhalten.=
',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'Die benutzerdefinie=
rte Allow-/Blocklist ist leer',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'Ein Eintrag mit ide=
ntischem Namen existiert bereits',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'Die URL ist ung=C3=
=BCltig',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'Eintrag kann nicht=
 entfernt werden, der Name existiert nicht',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'Der Name ist ung=C3=
=BCltig - nur "allow" oder "block" m=C3=B6glich',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'Fehlende oder inkor=
rekte Parameter',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rel=
oad ist fehlgeschlagen',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'Die benutzerdefinie=
rte Allow-/Blocklist enth=C3=A4lt unzul=C3=A4ssige Eintr=C3=A4ge',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'Die Anmerkung enth=
=C3=A4lt unzul=C3=A4ssige Zeichen',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'Ung=C3=BCltiger Ein=
trag in der benutzerdefinierten Allowlist, Zeile ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'Ung=C3=BCltiger Ein=
trag in der benutzerdefinierten Blocklist, Zeile ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Ausgew=C3=A4hlter E=
intrag existiert nicht: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Zonendatei-Eintrag bea=
rbeiten',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importiert aus rpz-=
config)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Erlaubte Zeichen=
 sind a-z, A-Z, 0-9 und Unterstriche',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonendateien',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.en.pl b/config/rpz/r=
pz.en.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..0720a8940</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.en.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# Added for Response Policy Zone (RPZ) add-on</=
div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Apply',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Enable custom al=
lowlist:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Allowed domains (o=
ne per line)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Custom allowlist',</div=
>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Enable custom bl=
ocklist:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Blocked domains (o=
ne per line)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Custom blocklist',</div=
>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Custom lists',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'the NAME is not val=
id',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf f=
ound invalid configuration. In the Terminal run the command unbound-checkco=
nf for more information',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'the allow/block lis=
t is empty',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicate - NAME al=
ready exists',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'the URL is not vali=
d',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'cannot remove the N=
AME does not exist',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'the NAME is not val=
id - "allow" or "block" only',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'missing or incorrec=
t parameter',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rel=
oad failed',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'custom Allowlist/Bl=
ocklist contains invalid entries',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'the REMARK is not v=
alid',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'invalid entry in al=
lowlist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'invalid entry in bl=
ocklist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Selected entry does =
not exist: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Edit zonefiles entry',=
</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(imported from rpz-c=
onfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Valid characters=
 are a-z, A-Z, 0-9 and underscore.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.es.pl b/config/rpz/r=
pz.es.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..98628e4aa</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.es.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# Added for Response Policy Zone (RPZ) add-on</=
div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Zonas de pol=C3=ADtica de respue=
sta (RPZ)',</div>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Aplicar',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Habilitar la lis=
ta blanca personalizada:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Dominio permitido=
 (uno por l=C3=ADnea)&lt;br&gt;Ejemplo: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Lista blanca personaliz=
ada',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Habilitar la lis=
ta negra personalizada:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Dominio bloqueado=
 (uno por l=C3=ADnea)&lt;br&gt;Ejemplo: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Lista negra personaliza=
da',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Lista personalizada',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'El NOMBRE no es v=
=C3=A1lido',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
a encontrado una configuraci=C3=B3n no v=C3=A1lida. Desde Terminal, ejecute =
el comando unbound-checkconf para mayor informaci=C3=B3n',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'La lista de permiti=
dos/bloqueados est=C3=A1 vac=C3=ADa',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicado - NOMBRE=
 ya existe',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'la URL no es v=C3=
=A1lida',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'no es posible elimi=
nar el NOMBRE que no existe',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'el NOMBRE no es v=
=C3=A1lido - s=C3=B3lo "permitir" o "bloquear"',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'par=C3=A1metro falt=
ante o incorrecto',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'Error al recargar u=
nbound-control',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la Lista blanca/Lis=
ta negra personalizada contiene entradas no v=C3=A1lidas',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'el COMENTARIO no es =
v=C3=A1lido',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'entrada no v=C3=A1l=
ida en la lista blanca, l=C3=ADnea ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'entrada no v=C3=A1l=
ida en la lista negra, l=C3=ADnea ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'La entrada seleccio=
nada no existe: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Editar la entrada de a=
rchivos de zona',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importado de rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Los caracteres v=
=C3=A1lidos son a-z, A-Z, 0-9 y gui=C3=B3n bajo',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Archivos de zona',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.fr.pl b/config/rpz/r=
pz.fr.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..f35f3c2d0</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.fr.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# Added for Response Policy Zone (RPZ) add-on</=
div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Appliquer',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Activer la liste =
d\'autorisations personnalis=C3=A9e:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Domaines autoris=
=C3=A9s (un par ligne)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Liste d\'autorisations=
 personnalis=C3=A9e',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Activer la liste =
de blocage personnalis=C3=A9e:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Domaines bloqu=C3=
=A9s (un par ligne)&lt;br&gt;Example: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'liste de blocage person=
nalis=C3=A9',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Listes personnalis=C3=A9es',<=
/div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'le NOM n\'est pas v=
alide',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf c=
onfiguration non valide trouv=C3=A9e. Dans le terminal, ex=C3=A9cutez la co=
mmande unbound-checkconf pour plus d\'informations',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'la liste autoriser/=
bloquer est vide',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'le NOM existe d=C3=
=A9j=C3=A0',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'L\'URL n\'est pas v=
alide',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'impossible de suppr=
imer le NOM n\'existe pas',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'le NOM n\'est pas v=
alide - =C2=AB autoriser =C2=BB ou =C2=AB bloquer =C2=BB seulement',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'param=C3=A8tre manq=
uant ou incorrect',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control rec=
hargement =C3=A9chou=C3=A9',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la liste autoriser/=
bloquer contient des entr=C3=A9es non valides',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'la REMARQUE n\'est=
 pas valable',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'entr=C3=A9e non val=
ide dans la liste d\'autorisation, ligne ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'entr=C3=A9e non val=
ide dans la liste de blocs, ligne ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'L\'entr=C3=A9e s=C3=
=A9lectionn=C3=A9e n\'existe pas: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Modifier l\'entr=C3=A9=
e Fichiers Zone',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(import=C3=A9 de rpz=
-config)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Les caract=C3=A8r=
es valides sont a-z, A-Z, 0-9 et soulignement.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Fichiers Zone',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.it.pl b/config/rpz/r=
pz.it.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ee81605c9</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.it.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# Added for Response Policy Zone (RPZ) add-on</=
div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Applica',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; 'Abilita la White=
list personalizzata:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Domini consentiti=
 (uno per riga)&lt;br&gt;Esempio: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Whitelist personalizzat=
a',</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; 'Abilita la Black=
list personalizzata:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Domini bloccati (u=
no per riga)&lt;br&gt;Esempio: domain.com, *.domain.com',</div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Blacklist personalizzat=
a',</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Liste personalizzate',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'il NOME non =C3=A8=
 valido',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf h=
a trovato una configurazione non valida. Dal Terminale esegui il comando un=
bound-checkconf per maggiori informazioni',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'l\'elenco consentit=
i/bloccati =C3=A8 vuoto',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'duplicato - NAME es=
iste di gi=C3=A0',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'l\'URL non =C3=A8 v=
alido',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; 'non =C3=A8 possibil=
e rimuovere il NOME non esiste',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'il NOME non =C3=A8=
 valido - solo "consenti" o "blocca"',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'parametro mancante=
 o non corretto',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'ricaricamento del c=
ontrollo non associato non riuscito',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'la Whitelist/Blackl=
ist personalizzata contiene voci non valide',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'l"OSSERVAZIONE non =
=C3=A8 valida',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'voce non valida nel=
la Whitelist, riga ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'voce non valida nel=
la Blacklist, riga ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'La voce selezionata =
non esiste: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'Modifica la voce dei f=
ile di zona',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(importato da rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'I caratteri valid=
i sono a-z, A-Z, 0-9 e trattino basso',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/config/rpz/rpz.tr.pl b/config/rpz/r=
pz.tr.pl</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..00226e192</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/config/rpz/rpz.tr.pl</div>
<div class=3D"plain_line"> @@ -0,0 +1,30 @@</div>
<div class=3D"plain_line"> +# I=EF=BF=BDin eklendi Ayriyeten Response Polic=
y Zone (RPZ)</div>
<div class=3D"plain_line"> +%tr =3D (%tr,</div>
<div class=3D"plain_line"> +'rpz' =3D&gt; 'Response Policy Zones (RPZ)',</d=
iv>
<div class=3D"plain_line"> +'rpz apply' =3D&gt; 'Uygulamak',</div>
<div class=3D"plain_line"> +'rpz cl allow enable' =3D&gt; '=EF=BF=BDzel Etk=
inlestir allowlist:',</div>
<div class=3D"plain_line"> +'rpz cl allow info' =3D&gt; 'Izin verilmis doma=
ins (satir basina bir)&lt;br&gt;=EF=BF=BDrnegin: domain.com, *.domain.com',=
</div>
<div class=3D"plain_line"> +'rpz cl allow' =3D&gt; 'Etkinlestir allowlist',=
</div>
<div class=3D"plain_line"> +'rpz cl block enable' =3D&gt; '=EF=BF=BDzel Etk=
inlestir blocklist:',</div>
<div class=3D"plain_line"> +'rpz cl block info' =3D&gt; 'Engellenmis domain=
s (satir basina bir)&lt;br&gt;=EF=BF=BDrnegin: domain.com, *.domain.com',</=
div>
<div class=3D"plain_line"> +'rpz cl block' =3D&gt; 'Engellenmis blocklist',=
</div>
<div class=3D"plain_line"> +'rpz cl' =3D&gt; 'Engellenmis lists',</div>
<div class=3D"plain_line"> +'rpz exitcode 101' =3D&gt; 'NAME ge=EF=BF=BDerl=
i degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 102' =3D&gt; 'unbound-checkconf g=
e=EF=BF=BDersiz yapilandirma bulundu. Terminalde daha fazla bilgi i=EF=BF=
=BDin Unbound-checkConf komutunu =EF=BF=BDalistirin',</div>
<div class=3D"plain_line"> +'rpz exitcode 103' =3D&gt; 'allow/block liste b=
os',</div>
<div class=3D"plain_line"> +'rpz exitcode 104' =3D&gt; 'kopyalamak - NAME z=
aten var',</div>
<div class=3D"plain_line"> +'rpz exitcode 105' =3D&gt; 'URL ge=EF=BF=BDerli =
degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 106' =3D&gt; '=EF=BF=BDikarilamiy=
or NAME yok',</div>
<div class=3D"plain_line"> +'rpz exitcode 107' =3D&gt; 'NAME ge=EF=BF=BDerl=
i degil - "allow" veya "block" yalniz',</div>
<div class=3D"plain_line"> +'rpz exitcode 108' =3D&gt; 'Parametre eksik vey=
a yanlis',</div>
<div class=3D"plain_line"> +'rpz exitcode 109' =3D&gt; 'unbound-control bas=
arisiz',</div>
<div class=3D"plain_line"> +'rpz exitcode 110' =3D&gt; 'Engellenmis Allowli=
st/Blocklist ge=EF=BF=BDersiz girisler i=EF=BF=BDerir',</div>
<div class=3D"plain_line"> +'rpz exitcode 201' =3D&gt; 'REMARK ge=EF=BF=BDe=
rli degil',</div>
<div class=3D"plain_line"> +'rpz exitcode 202' =3D&gt; 'Ge=EF=BF=BDersiz gi=
ris allowlist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 203' =3D&gt; 'Ge=EF=BF=BDersiz gi=
ris blocklist, line ',</div>
<div class=3D"plain_line"> +'rpz exitcode 204' =3D&gt; 'Se=EF=BF=BDilen gir=
is yok: ',</div>
<div class=3D"plain_line"> +'rpz zf editor' =3D&gt; 'yazimlamak zonefiles g=
iris',</div>
<div class=3D"plain_line"> +'rpz zf imported' =3D&gt; '(ithal edildi rpz-co=
nfig)',</div>
<div class=3D"plain_line"> +'rpz zf remark info' =3D&gt; 'Ge=EF=BF=BDerli k=
arakterler a-z, A-Z, 0-9ve alt=EF=BF=BDst.',</div>
<div class=3D"plain_line"> +'rpz zf' =3D&gt; 'Zonefiles',</div>
<div class=3D"plain_line"> +);</div>
<div class=3D"plain_line"> diff --git a/html/cgi-bin/rpz.cgi b/html/cgi-bin=
/rpz.cgi</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..a821c92ac</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/html/cgi-bin/rpz.cgi</div>
<div class=3D"plain_line"> @@ -0,0 +1,923 @@</div>
<div class=3D"plain_line"> +#!/usr/bin/perl</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2005-2024 IPFire Team &lt;info@=
ipfire.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +use strict;</div>
<div class=3D"plain_line"> +use Scalar::Util qw(looks_like_number);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# debugging</div>
<div class=3D"plain_line"> +#use warnings;</div>
<div class=3D"plain_line"> +#use CGI::Carp 'fatalsToBrowser';</div>
<div class=3D"plain_line"> +#use Data::Dumper;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +require '/var/ipfire/general-functions.pl';</di=
v>
<div class=3D"plain_line"> +require "${General::swroot}/lang.pl";</div>
<div class=3D"plain_line"> +require "${General::swroot}/header.pl";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Extra HTML ---###</div>
<div class=3D"plain_line"> +my $extraHead =3D &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;style&gt;</div>
<div class=3D"plain_line"> + /* alternating row background */</div>
<div class=3D"plain_line"> + .tbl tr:nth-child(2n+2) {</div>
<div class=3D"plain_line"> + background-color: var(--color-light-grey);</di=
v>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + .tbl tr:nth-child(2n+3) {</div>
<div class=3D"plain_line"> + background-color: var(--color-grey);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + /* text styles */</div>
<div class=3D"plain_line"> + .tbl th:not(:last-child) {</div>
<div class=3D"plain_line"> + text-align: left;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + div.right {</div>
<div class=3D"plain_line"> + text-align: right;</div>
<div class=3D"plain_line"> + margin-top: 0.5em;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + /* customlist input */</div>
<div class=3D"plain_line"> + textarea.domainlist {</div>
<div class=3D"plain_line"> + margin: 0.5em 0;</div>
<div class=3D"plain_line"> + resize: vertical;</div>
<div class=3D"plain_line"> + min-height: 10em;</div>
<div class=3D"plain_line"> + overflow: auto;</div>
<div class=3D"plain_line"> + white-space: pre;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + button[type=3Dsubmit]:disabled {</div>
<div class=3D"plain_line"> + opacity: 0.6;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +&lt;/style&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +###--- End of extra HTML ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +### Settings ###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Request DNS service reload after configuratio=
n change</div>
<div class=3D"plain_line"> +my $RPZ_RELOAD_FLAG =3D "${General::swroot}/dns=
/rpz/reload.flag";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Configuration file for all available zonefile=
s</div>
<div class=3D"plain_line"> +# Format: index, name (unique), enabled (on/off=
), URL, remark</div>
<div class=3D"plain_line"> +my $ZONEFILES_CONF =3D "${General::swroot}/dns/=
rpz/zonefiles.conf";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Configuration file for custom lists</div>
<div class=3D"plain_line"> +# IDs: 0=3Dallowlist, 1=3Dblocklist, 2=3Doption=
s (allow/block enabled)</div>
<div class=3D"plain_line"> +my $CUSTOMLISTS_CONF =3D "${General::swroot}/dn=
s/rpz/customlists.conf";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Export custom lists to rpz-config</div>
<div class=3D"plain_line"> +my $RPZ_ALLOWLIST =3D "${General::swroot}/dns/r=
pz/allowlist";</div>
<div class=3D"plain_line"> +my $RPZ_BLOCKLIST =3D "${General::swroot}/dns/r=
pz/blocklist";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +### Preparation ###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Create missing config files</div>
<div class=3D"plain_line"> +unless(-f $ZONEFILES_CONF) { &amp;General::syst=
em('touch', "$ZONEFILES_CONF"); }</div>
<div class=3D"plain_line"> +unless(-f $CUSTOMLISTS_CONF) { &amp;General::sy=
stem('touch', "$CUSTOMLISTS_CONF"); }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global gui data</div>
<div class=3D"plain_line"> +my $errormessage =3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global configuration data</div>
<div class=3D"plain_line"> +my %zonefiles =3D ();</div>
<div class=3D"plain_line"> +my %customlists =3D ();</div>
<div class=3D"plain_line"> +&amp;_zonefiles_load();</div>
<div class=3D"plain_line"> +&amp;_customlists_load();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Global CGI form data</div>
<div class=3D"plain_line"> +my %cgiparams =3D ();</div>
<div class=3D"plain_line"> +&amp;Header::getcgihash(\%cgiparams);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +my $action =3D $cgiparams{'ACTION'} // 'NONE';<=
/div>
<div class=3D"plain_line"> +my $action_key =3D $cgiparams{'KEY'} // ''; # e=
ntry being edited, empty =3D none/new</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Process form actions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Zonefiles action: Check whether the requested =
entry exists</div>
<div class=3D"plain_line"> +if((substr($action, 0, 3) eq 'ZF_') &amp;&amp;=
 ($action_key)) {</div>
<div class=3D"plain_line"> + unless(defined $zonefiles{$action_key}) {</div=
>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(204, $act=
ion_key);</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Perform actions</div>
<div class=3D"plain_line"> +if($action eq 'ZF_SAVE') { ## Save new or modif=
ied zonefiles entry</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_save()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE'; # success, return to main=
 page</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $action =3D 'ZF_EDIT'; # error occured, keep e=
diting</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'ZF_TOGGLE') { ## Toggle on/=
off</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_toggle()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'ZF_REMOVE') { ## Remove ent=
ry</div>
<div class=3D"plain_line"> + if(&amp;_action_zf_remove()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'CL_SAVE') { ## Save custom=
 lists</div>
<div class=3D"plain_line"> + if(&amp;_action_cl_save()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'RPZ_RELOAD') { ## Reload dn=
s configuration</div>
<div class=3D"plain_line"> + if(&amp;_action_rpz_reload()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +} elsif($action eq 'UNB_RESTART') { ## Restart=
 unbound service</div>
<div class=3D"plain_line"> + if(&amp;_action_unb_restart()) {</div>
<div class=3D"plain_line"> + $action =3D 'NONE';</div>
<div class=3D"plain_line"> + &amp;_http_prg_redirect();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Start GUI ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +## Start http output</div>
<div class=3D"plain_line"> +&amp;Header::showhttpheaders();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Start HTML</div>
<div class=3D"plain_line"> +&amp;Header::openpage($Lang::tr{'rpz'}, 1, $ext=
raHead);</div>
<div class=3D"plain_line"> +&amp;Header::openbigbox('100%', 'left', '');</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show error messages</div>
<div class=3D"plain_line"> +if($errormessage) {</div>
<div class=3D"plain_line"> + &amp;_print_message($errormessage);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Handle zonefile add/edit mode</div>
<div class=3D"plain_line"> +if($action eq "ZF_EDIT") {</div>
<div class=3D"plain_line"> + &amp;_print_zonefile_editor();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Finalize page and exit cleanly</div>
<div class=3D"plain_line"> + &amp;Header::closebigbox();</div>
<div class=3D"plain_line"> + &amp;Header::closepage();</div>
<div class=3D"plain_line"> + exit(0);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show gui elements</div>
<div class=3D"plain_line"> +&amp;_print_zonefiles();</div>
<div class=3D"plain_line"> +&amp;_print_customlists();</div>
<div class=3D"plain_line"> +&amp;_print_gui_extras();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&amp;Header::closebigbox();</div>
<div class=3D"plain_line"> +&amp;Header::closepage();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- End of GUI ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal configuration file functions --=
-###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Load all available zonefiles from rpz-config=
 and the internal configuration</div>
<div class=3D"plain_line"> +sub _zonefiles_load {</div>
<div class=3D"plain_line"> + # Clean start</div>
<div class=3D"plain_line"> + %zonefiles =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Source 1: Get the currently enabled zonefile=
s from rpz-config (expected format [name]=3D[URL])</div>
<div class=3D"plain_line"> + my @enabled_files =3D &amp;General::system_out=
put('/usr/sbin/rpz-config', 'list');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $row (@enabled_files) {</div>
<div class=3D"plain_line"> + chomp($row);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Use regex instead of split() to skip non-mat=
ching lines</div>
<div class=3D"plain_line"> + next unless($row =3D~ /^(\w+)=3D(.+)$/);</div>
<div class=3D"plain_line"> + my ($name, $url) =3D ($1, $2);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Unique names are already guaranteed by rpz-c=
onfig</div>
<div class=3D"plain_line"> + if(&amp;_rpz_validate_zonefile($name, $url, ''=
, 0) =3D=3D 0) {</div>
<div class=3D"plain_line"> + # Populate global data hash, mark all found en=
tries as enabled</div>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; 'on',</div>
<div class=3D"plain_line"> + 'url' =3D&gt; $url,</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $Lang::tr{'rpz zf imported'})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Source 2: Get additional data and disabled e=
ntries from configuration file</div>
<div class=3D"plain_line"> + my %configured_files =3D ();</div>
<div class=3D"plain_line"> + &amp;General::readhasharray($ZONEFILES_CONF, \=
%configured_files);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $row (values (%configured_files)) {=
</div>
<div class=3D"plain_line"> + my ($name, $enabled, $url, $remark) =3D @$row;=
</div>
<div class=3D"plain_line"> + $remark //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + next unless($name);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check whether this row belongs to an entry a=
lready imported from rpz-config</div>
<div class=3D"plain_line"> + if(defined $zonefiles{$name}) {</div>
<div class=3D"plain_line"> + # Existing entry, only merge additional data</=
div>
<div class=3D"plain_line"> + $zonefiles{$name}{'remark'} =3D $remark;</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + # Skip entry if it is marked as enabled but no=
t found by rpz-config. It was then deleted manually</div>
<div class=3D"plain_line"> + if($enabled ne 'on') {</div>
<div class=3D"plain_line"> + # Populate global data hash</div>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; 'off',</div>
<div class=3D"plain_line"> + 'url' =3D&gt; $url // "",</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $remark);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save internal zonefiles configuration</div>
<div class=3D"plain_line"> +sub _zonefiles_save_conf {</div>
<div class=3D"plain_line"> + my $index =3D 0;</div>
<div class=3D"plain_line"> + my %export =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Loop trough all zonefiles and create "hashar=
ray" type export</div>
<div class=3D"plain_line"> + foreach my $name (keys %zonefiles) {</div>
<div class=3D"plain_line"> + my @entry =3D ($name,</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'enabled'},</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'url'},</div>
<div class=3D"plain_line"> + $zonefiles{$name}{'remark'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $export{$index++} =3D \@entry;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;General::writehasharray($ZONEFILES_CONF,=
 \%export);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Load custom lists from rpz-config and the int=
ernal configuration</div>
<div class=3D"plain_line"> +sub _customlists_load {</div>
<div class=3D"plain_line"> + # Clean start</div>
<div class=3D"plain_line"> + %customlists =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Load configuration file</div>
<div class=3D"plain_line"> + my %lists_conf =3D ();</div>
<div class=3D"plain_line"> + &amp;General::readhasharray($CUSTOMLISTS_CONF, =
\%lists_conf);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Get list options, enabled by default to star=
t import</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'enabled'} =3D $lists_co=
nf{2}[0] // 'on';</div>
<div class=3D"plain_line"> + $customlists{'block'}{'enabled'} =3D $lists_co=
nf{2}[1] // 'on';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Import enabled list from rpz-config, otherwi=
se retrieve stored or empty list from configuration file</div>
<div class=3D"plain_line"> + if($customlists{'allow'}{'enabled'} eq 'on') {=
</div>
<div class=3D"plain_line"> + &amp;_customlist_import('allow', $RPZ_ALLOWLIS=
T);</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'list'} =3D $lists_conf{=
0} // [];</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + if($customlists{'block'}{'enabled'} eq 'on') {=
</div>
<div class=3D"plain_line"> + &amp;_customlist_import('block', $RPZ_BLOCKLIS=
T);</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $customlists{'block'}{'list'} =3D $lists_conf{=
1} // [];</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save internal custom lists configuration</div=
>
<div class=3D"plain_line"> +sub _customlists_save_conf {</div>
<div class=3D"plain_line"> + my %export =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Match IDs with import function</div>
<div class=3D"plain_line"> + $export{0} =3D $customlists{'allow'}{'list'};<=
/div>
<div class=3D"plain_line"> + $export{1} =3D $customlists{'block'}{'list'};<=
/div>
<div class=3D"plain_line"> + $export{2} =3D [$customlists{'allow'}{'enabled=
'}, $customlists{'block'}{'enabled'}];</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;General::writehasharray($CUSTOMLISTS_CONF=
, \%export);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Import a custom list from plain file, returns =
empty list if file is missing</div>
<div class=3D"plain_line"> +sub _customlist_import {</div>
<div class=3D"plain_line"> + my ($listname, $filename) =3D @_;</div>
<div class=3D"plain_line"> + my @list =3D ();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # File exists, load and check all lines</div>
<div class=3D"plain_line"> + if(-f $filename) {</div>
<div class=3D"plain_line"> + open(my $FH, '&lt;', $filename) or die "Can't=
 read $filename: $!";</div>
<div class=3D"plain_line"> + while(my $line =3D &lt;$FH&gt;) {</div>
<div class=3D"plain_line"> + chomp($line);</div>
<div class=3D"plain_line"> + push(@list, $line);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + close($FH);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Clean up imported data</div>
<div class=3D"plain_line"> + &amp;_rpz_validate_customlist(\@list, 1);</div=
>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $customlists{$listname}{'list'} =3D \@list;</d=
iv>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Export a custom list to plain file or clear f=
ile if list is disabled</div>
<div class=3D"plain_line"> +sub _customlist_export {</div>
<div class=3D"plain_line"> + my ($listname, $filename) =3D @_;</div>
<div class=3D"plain_line"> + return unless(defined $customlists{$listname})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Write enabled domain list to file, otherwise =
save empty file</div>
<div class=3D"plain_line"> + open(my $FH, '&gt;', $filename) or die "Can't=
 write $filename: $!";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + if($customlists{$listname}{'enabled'} eq 'on') =
{</div>
<div class=3D"plain_line"> + foreach my $line (@{$customlists{$listname}{'l=
ist'}}) {</div>
<div class=3D"plain_line"> + print $FH "$line\n";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + print $FH "; Note: This list is currently disa=
bled by $ENV{'SCRIPT_NAME'}\n";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + close($FH);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal gui functions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show simple message box</div>
<div class=3D"plain_line"> +sub _print_message {</div>
<div class=3D"plain_line"> + my ($message, $title) =3D @_;</div>
<div class=3D"plain_line"> + $title ||=3D $Lang::tr{'error messages'};</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $title);<=
/div>
<div class=3D"plain_line"> + print "&lt;span&gt;$message&lt;/span&gt;";</di=
v>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show all zone files and related gui elements<=
/div>
<div class=3D"plain_line"> +sub _print_zonefiles {</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz zf'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;table class=3D"tbl" width=3D"100%"&gt;</div=
>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;$Lang::tr{'name'}&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;URL&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th&gt;$Lang::tr{'remark'}&lt;/th&gt;</div>
<div class=3D"plain_line"> + &lt;th colspan=3D"3"&gt;$Lang::tr{'action'}&lt=
;/th&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Sort zonefiles by name and loop trough all e=
ntries</div>
<div class=3D"plain_line"> + foreach my $name (sort keys %zonefiles) {</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Toggle button label translation</div>
<div class=3D"plain_line"> + my $toggle_tr =3D ($zonefiles{$name}{'enabled'=
} eq 'on') ? $Lang::tr{'click to disable'} : $Lang::tr{'click to enable'};<=
/div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;$name&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;$zonefiles{$name}{'url'}&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;td&gt;$zonefiles{$name}{'remark'}&lt;/td&g=
t;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_TOGGLE"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/$zonef=
iles{$name}{'enabled'}.gif" title=3D"$toggle_tr" alt=3D"$toggle_tr"&gt;</di=
v>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_EDIT"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/edit.g=
if" title=3D"$Lang::tr{'edit'}" alt=3D"$Lang::tr{'edit'}"&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"center" width=3D"5%"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D"$name"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"ACTION" valu=
e=3D"ZF_REMOVE"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"image" src=3D"/images/delete=
.gif" title=3D"$Lang::tr{'remove'}" alt=3D"$Lang::tr{'remove'}"&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Disable reload button if not needed</div>
<div class=3D"plain_line"> + my $reload_state =3D &amp;_rpz_needs_reload()=
 ? "" : " disabled";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&lt;div class=3D"right"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;input type=3D"hidden" name=3D"KEY" value=
=3D""&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"ZF_EDIT"&gt;$Lang::tr{'add'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"RPZ_RELOAD" class=3D"commit"$reload_state&gt;$Lang::tr{'rpz apply'}&l=
t;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> +&lt;/div&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show zonefiles entry editor</div>
<div class=3D"plain_line"> +sub _print_zonefile_editor {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Key specified: Edit existing entry</div>
<div class=3D"plain_line"> + if(($action_key) &amp;&amp; (defined $zonefile=
s{$action_key})) {</div>
<div class=3D"plain_line"> + # Load data to be edited, but don't override a=
lready present values (allows user to edit after error)</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_NAME'} //=3D $action_key;</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_URL'} //=3D $zonefiles{$action_=
key}{'url'};</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_REMARK'} //=3D $zonefiles{$acti=
on_key}{'remark'};</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Fallback to empty form</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_NAME'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_URL'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'ZF_REMARK'} //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz zf editor'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;form method=3D"post" action=3D"$ENV{'SCRIPT=
_NAME'}"&gt;</div>
<div class=3D"plain_line"> +&lt;input type=3D"hidden" name=3D"KEY" value=3D=
"$action_key"&gt;</div>
<div class=3D"plain_line"> +&lt;table width=3D"100%"&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;$Lang::tr{'name'}:&amp=
;nbsp;&lt;img src=3D"/blob.gif" alt=3D"*"&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"text" name=3D"ZF_N=
AME" value=3D"$cgiparams{'ZF_NAME'}" size=3D"40" maxlength=3D"32" title=3D"=
$Lang::tr{'rpz zf remark info'}" pattern=3D"[a-zA-Z0-9_]{1,32}" required&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;URL:&amp;nbsp;&lt;img=
 src=3D"/blob.gif" alt=3D"*"&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"url" name=3D"ZF_UR=
L" value=3D"$cgiparams{'ZF_URL'}" size=3D"40" maxlength=3D"128" required&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"20%"&gt;$Lang::tr{'remark'}:&l=
t;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;input type=3D"text" name=3D"ZF_R=
EMARK" value=3D"$cgiparams{'ZF_REMARK'}" size=3D"40" maxlength=3D"32"&gt;&l=
t;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;hr&gt;&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"55%"&gt;&lt;img src=3D"/blob.g=
if" alt=3D"*"&gt;&amp;nbsp;$Lang::tr{'required field'}&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"right"&gt;&lt;button type=3D"s=
ubmit" name=3D"ACTION" value=3D"ZF_SAVE"&gt;$Lang::tr{'save'}&lt;/button&gt=
;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +&lt;/form&gt;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +&lt;div class=3D"right"&gt;</div>
<div class=3D"plain_line"> + &lt;form method=3D"post" action=3D"$ENV{'SCRIP=
T_NAME'}"&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"NONE"&gt;$Lang::tr{'back'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/form&gt;</div>
<div class=3D"plain_line"> +&lt;/div&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Show custom allow/block files and related gui =
elements</div>
<div class=3D"plain_line"> +sub _print_customlists {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Load lists from config, unless they are curr=
ently being edited</div>
<div class=3D"plain_line"> + if($action ne 'CL_SAVE') {</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_LIST'} =3D join("\n", @{$cus=
tomlists{'allow'}{'list'}});</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_LIST'} =3D join("\n", @{$cus=
tomlists{'block'}{'list'}});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_ENABLED'} =3D ($customlists{=
'allow'}{'enabled'} eq 'on') ? 'on' : undef;</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_ENABLED'} =3D ($customlists{=
'block'}{'enabled'} eq 'on') ? 'on' : undef;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Fallback to empty form</div>
<div class=3D"plain_line"> + $cgiparams{'ALLOW_LIST'} //=3D "";</div>
<div class=3D"plain_line"> + $cgiparams{'BLOCK_LIST'} //=3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # HTML checkboxes, unchecked =3D no or undef v=
alue in POST data</div>
<div class=3D"plain_line"> + my %checked =3D ();</div>
<div class=3D"plain_line"> + $checked{'ALLOW_ENABLED'} =3D (defined $cgipar=
ams{'ALLOW_ENABLED'}) ? " checked" : "";</div>
<div class=3D"plain_line"> + $checked{'BLOCK_ENABLED'} =3D (defined $cgipar=
ams{'BLOCK_ENABLED'}) ? " checked" : "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Disable reload button if not needed</div>
<div class=3D"plain_line"> + my $reload_state =3D &amp;_rpz_needs_reload()=
 ? "" : " disabled";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::openbox('100%', 'left', $Lang::tr=
{'rpz cl'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;form method=3D"post" action=3D"$ENV{'SCRIPT=
_NAME'}"&gt;</div>
<div class=3D"plain_line"> +&lt;table width=3D"100%"&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;b&gt;$Lang::tr{'rp=
z cl allow'}&lt;/b&gt;&lt;br&gt;$Lang::tr{'rpz cl allow info'}&lt;/td&gt;</=
div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;b&gt;$Lang::tr{'rp=
z cl block'}&lt;/b&gt;&lt;br&gt;$Lang::tr{'rpz cl block info'}&lt;/td&gt;</=
div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;textarea name=3D"A=
LLOW_LIST" class=3D"domainlist" cols=3D"45"&gt;</div>
<div class=3D"plain_line"> +$cgiparams{'ALLOW_LIST'}&lt;/textarea&gt;&lt;/t=
d&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"2"&gt;&lt;textarea name=3D"B=
LOCK_LIST" class=3D"domainlist" cols=3D"45"&gt;</div>
<div class=3D"plain_line"> +$cgiparams{'BLOCK_LIST'}&lt;/textarea&gt;&lt;/t=
d&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;label for=3D"allow_enabled"&gt;$=
Lang::tr{'rpz cl allow enable'}&lt;/label&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"15%"&gt;&lt;input type=3D"chec=
kbox" name=3D"ALLOW_ENABLED" id=3D"allow_enabled"$checked{'ALLOW_ENABLED'}&=
gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td&gt;&lt;label for=3D"block_enabled"&gt;$=
Lang::tr{'rpz cl block enable'}&lt;/label&gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;td width=3D"15%"&gt;&lt;input type=3D"chec=
kbox" name=3D"BLOCK_ENABLED" id=3D"block_enabled"$checked{'BLOCK_ENABLED'}&=
gt;&lt;/td&gt;</div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td colspan=3D"4"&gt;&lt;hr&gt;&lt;/td&gt;<=
/div>
<div class=3D"plain_line"> + &lt;/tr&gt;</div>
<div class=3D"plain_line"> + &lt;tr&gt;</div>
<div class=3D"plain_line"> + &lt;td align=3D"right" colspan=3D"4"&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"CL_SAVE"&gt;$Lang::tr{'save'}&lt;/button&gt;</div>
<div class=3D"plain_line"> + &lt;button type=3D"submit" name=3D"ACTION" val=
ue=3D"RPZ_RELOAD" class=3D"commit"$reload_state&gt;$Lang::tr{'rpz apply'}&l=
t;/button&gt;</div>
<div class=3D"plain_line"> + &lt;/td&gt;</div>
<div class=3D"plain_line"> +&lt;/table&gt;</div>
<div class=3D"plain_line"> +&lt;/form&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;Header::closebox();</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Output javascript and extra gui elements</div=
>
<div class=3D"plain_line"> +sub _print_gui_extras {</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Apply/Restart button modifier key handler</d=
iv>
<div class=3D"plain_line"> + if(&amp;_rpz_needs_reload()) {</div>
<div class=3D"plain_line"> + print &lt;&lt;END</div>
<div class=3D"plain_line"> +&lt;script&gt;</div>
<div class=3D"plain_line"> + // Commit modifier key handler</div>
<div class=3D"plain_line"> + (function(jq, document) {</div>
<div class=3D"plain_line"> + var keyEventsOn =3D false; // Keyboard events=
 attached</div>
<div class=3D"plain_line"> + var keyModify =3D false; // Modifier key press=
ed</div>
<div class=3D"plain_line"> + var mouseHover =3D false; // Mouse over commit =
button</div>
<div class=3D"plain_line"> + var btnModified =3D false; // Button modified=
 to "Restart"</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Document-level key events, enable only whil=
e cursor is over button</div>
<div class=3D"plain_line"> + function attachKeyEvents() {</div>
<div class=3D"plain_line"> + if(keyEventsOn) {</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + keyEventsOn =3D true;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + jq(document).on("keydown.rpz", function(event) =
{</div>
<div class=3D"plain_line"> + if((!keyModify) &amp;&amp; event.shiftKey) {</=
div>
<div class=3D"plain_line"> + keyModify =3D true;</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + jq(document).on("keyup.rpz", function(event) {=
</div>
<div class=3D"plain_line"> + if(keyModify &amp;&amp; (!event.shiftKey)) {</=
div>
<div class=3D"plain_line"> + keyModify =3D false;</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + function removeKeyEvents() {</div>
<div class=3D"plain_line"> + keyModify =3D false;</div>
<div class=3D"plain_line"> + if(keyEventsOn) {</div>
<div class=3D"plain_line"> + jq(document).off("keydown.rpz keyup.rpz");</di=
v>
<div class=3D"plain_line"> + keyEventsOn =3D false;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Attach mouse hover events to commit buttons=
</div>
<div class=3D"plain_line"> + function attachMouseEvents() {</div>
<div class=3D"plain_line"> + jq("button.commit").on("mouseenter", function(=
event) {</div>
<div class=3D"plain_line"> + if(!mouseHover) {</div>
<div class=3D"plain_line"> + mouseHover =3D true;</div>
<div class=3D"plain_line"> + attachKeyEvents();</div>
<div class=3D"plain_line"> + // Handle already pressed key</div>
<div class=3D"plain_line"> + keyModify =3D !!(event.shiftKey);</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Cursor moved away: Disable key listener to=
 minimize events</div>
<div class=3D"plain_line"> + jq("button.commit").on("mouseleave", function(=
) {</div>
<div class=3D"plain_line"> + if(mouseHover) {</div>
<div class=3D"plain_line"> + mouseHover =3D false;</div>
<div class=3D"plain_line"> + removeKeyEvents();</div>
<div class=3D"plain_line"> + handleModify();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // Modify commit button</div>
<div class=3D"plain_line"> + function handleModify() {</div>
<div class=3D"plain_line"> + let modify =3D mouseHover &amp;&amp; keyModify=
;</div>
<div class=3D"plain_line"> + if(btnModified !=3D modify) {</div>
<div class=3D"plain_line"> + if(modify) {</div>
<div class=3D"plain_line"> + jq("button.commit").text("$Lang::tr{'restart'}=
").val("UNB_RESTART");</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + jq("button.commit").text("$Lang::tr{'rpz apply=
'}").val("RPZ_RELOAD");</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + btnModified =3D modify;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + // jQuery DOM ready</div>
<div class=3D"plain_line"> + jq(function() {</div>
<div class=3D"plain_line"> + attachMouseEvents();</div>
<div class=3D"plain_line"> + });</div>
<div class=3D"plain_line"> + })(jQuery, document);</div>
<div class=3D"plain_line"> +&lt;/script&gt;</div>
<div class=3D"plain_line"> +END</div>
<div class=3D"plain_line"> +;</div>
<div class=3D"plain_line"> + } # End of modifier key handler</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal action processing functions ---=
###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Toggle zonefile on/off</div>
<div class=3D"plain_line"> +sub _action_zf_toggle {</div>
<div class=3D"plain_line"> + return unless(defined $zonefiles{$action_key})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> + my $enabled =3D $zonefiles{$action_key}{'enabl=
ed'};</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform toggle action</div>
<div class=3D"plain_line"> + if($enabled eq 'on') {</div>
<div class=3D"plain_line"> + $enabled =3D 'off';</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'remove', $action_key, '--no-reload');</div>
<div class=3D"plain_line"> + } else {</div>
<div class=3D"plain_line"> + $enabled =3D 'on';</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'add', $action_key, $zonefiles{$action_key}{'url'}, '--no-reload=
');</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Save changes</div>
<div class=3D"plain_line"> + $zonefiles{$action_key}{'enabled'} =3D $enable=
d;</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Remove zonefile</div>
<div class=3D"plain_line"> +sub _action_zf_remove {</div>
<div class=3D"plain_line"> + return unless(defined $zonefiles{$action_key})=
;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from rpz-config if currently active</=
div>
<div class=3D"plain_line"> + if($zonefiles{$action_key}{'enabled'} eq 'on') =
{</div>
<div class=3D"plain_line"> + my $result =3D &amp;General::system('/usr/sbin=
/rpz-config', 'remove', $action_key, '--no-reload');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from data hash and save changes</div>
<div class=3D"plain_line"> + delete $zonefiles{$action_key};</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Clear action_key, as the entry is now remove=
d entirely</div>
<div class=3D"plain_line"> + $action_key =3D "";</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Create or update zonefile entry</div>
<div class=3D"plain_line"> +# Returns undef if gui needs to stay in editor=
 mode</div>
<div class=3D"plain_line"> +sub _action_zf_save {</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $name =3D $cgiparams{'ZF_NAME'} // "";</div=
>
<div class=3D"plain_line"> + my $url =3D $cgiparams{'ZF_URL'} // "";</div>
<div class=3D"plain_line"> + my $remark =3D $cgiparams{'ZF_REMARK'} // "";<=
/div>
<div class=3D"plain_line"> + my $enabled =3D 'on'; # Enable new entries by=
 default</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Note on variables:</div>
<div class=3D"plain_line"> + # name =3D unique key, will be used to address =
the entry</div>
<div class=3D"plain_line"> + # action_key =3D name of the entry being edite=
d, empty for new entry</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Only check for unique name if it changed</di=
v>
<div class=3D"plain_line"> + # (this also checks new entries because the ac=
tion_key is empty in this case)</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_zonefile($name, =
$url, $remark, (lc($name) ne lc($action_key)));</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 0);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Edit existing entry: Determine what was chan=
ged</div>
<div class=3D"plain_line"> + if(($action_key) &amp;&amp; (defined $zonefile=
s{$action_key})) {</div>
<div class=3D"plain_line"> + # Name und URL remain unchanged, only save rem=
ark and finish</div>
<div class=3D"plain_line"> + if(($name eq $action_key) &amp;&amp; ($url eq=
 $zonefiles{$action_key}{'url'})) {</div>
<div class=3D"plain_line"> + $zonefiles{$action_key}{'remark'} =3D $remark;=
</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Entry was changed and needs to be recreated, =
preserve status</div>
<div class=3D"plain_line"> + $enabled =3D $zonefiles{$action_key}{'enabled'=
};</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove from rpz-config</div>
<div class=3D"plain_line"> + return unless &amp;_action_zf_remove();</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add new entry to rpz-config</div>
<div class=3D"plain_line"> + if($enabled eq 'on') {</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-config', 'add', $name, $url, '--no-reload');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check for errors, request service reload on=
 success</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add to global data hash and save changes</di=
v>
<div class=3D"plain_line"> + my %entry =3D ('enabled' =3D&gt; $enabled,</di=
v>
<div class=3D"plain_line"> + 'url' =3D&gt; $url,</div>
<div class=3D"plain_line"> + 'remark' =3D&gt; $remark);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + $zonefiles{$name} =3D \%entry;</div>
<div class=3D"plain_line"> + &amp;_zonefiles_save_conf();</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Save custom lists</div>
<div class=3D"plain_line"> +sub _action_cl_save {</div>
<div class=3D"plain_line"> + return unless((defined $cgiparams{'ALLOW_LIST'=
}) &amp;&amp; (defined $cgiparams{'BLOCK_LIST'}));</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my $result =3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + my @allowlist =3D split(/\R/, $cgiparams{'ALLO=
W_LIST'});</div>
<div class=3D"plain_line"> + my @blocklist =3D split(/\R/, $cgiparams{'BLOC=
K_LIST'});</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Validate lists</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_customlist(\@al=
lowlist);</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(202, $res=
ult);</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + $result =3D &amp;_rpz_validate_customlist(\@bl=
ocklist);</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr(203, $res=
ult);</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Add to global data hash and save changes</di=
v>
<div class=3D"plain_line"> + $customlists{'allow'}{'list'} =3D \@allowlist;=
</div>
<div class=3D"plain_line"> + $customlists{'block'}{'list'} =3D \@blocklist;=
</div>
<div class=3D"plain_line"> + $customlists{'allow'}{'enabled'} =3D (defined=
 $cgiparams{'ALLOW_ENABLED'}) ? 'on' : 'off';</div>
<div class=3D"plain_line"> + $customlists{'block'}{'enabled'} =3D (defined=
 $cgiparams{'BLOCK_ENABLED'}) ? 'on' : 'off';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + &amp;_customlists_save_conf();</div>
<div class=3D"plain_line"> + &amp;_customlist_export('allow', $RPZ_ALLOWLIS=
T);</div>
<div class=3D"plain_line"> + &amp;_customlist_export('block', $RPZ_BLOCKLIS=
T);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Make new lists, request service reload on su=
ccess</div>
<div class=3D"plain_line"> + $result =3D &amp;General::system('/usr/sbin/rp=
z-make', 'allowblock', '--no-reload');</div>
<div class=3D"plain_line"> + return unless &amp;_rpz_check_result($result,=
 1);</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Trigger rpz-config reload</div>
<div class=3D"plain_line"> +sub _action_rpz_reload {</div>
<div class=3D"plain_line"> + return 1 unless &amp;_rpz_needs_reload();</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Immediately clear flag to prevent multiple r=
eloads</div>
<div class=3D"plain_line"> + if(-f $RPZ_RELOAD_FLAG) {</div>
<div class=3D"plain_line"> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove=
 $RPZ_RELOAD_FLAG: $!";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform reload, recreate reload flag on erro=
r to enable retry</div>
<div class=3D"plain_line"> + my $result =3D &amp;General::system('/usr/sbin=
/rpz-config', 'reload');</div>
<div class=3D"plain_line"> + if(not &amp;_rpz_check_result($result, 0)) {</=
div>
<div class=3D"plain_line"> + &amp;General::system('touch', "$RPZ_RELOAD_FLA=
G");</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Trigger unbound restart</div>
<div class=3D"plain_line"> +sub _action_unb_restart {</div>
<div class=3D"plain_line"> + return 1 unless &amp;_rpz_needs_reload();</div=
>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Immediately clear flag to prevent multiple r=
estarts</div>
<div class=3D"plain_line"> + if(-f $RPZ_RELOAD_FLAG) {</div>
<div class=3D"plain_line"> + unlink($RPZ_RELOAD_FLAG) or die "Can't remove=
 $RPZ_RELOAD_FLAG: $!";</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Perform restart, unboundctrl always exits ze=
ro</div>
<div class=3D"plain_line"> + &amp;General::system('/usr/local/bin/unboundct=
rl', 'restart');</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal rpz-config functions ---###</di=
v>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Translate rpz-config exitcodes and messages</=
div>
<div class=3D"plain_line"> +# 100-199: rpz-config, 200-299: webgui</div>
<div class=3D"plain_line"> +sub _rpz_error_tr {</div>
<div class=3D"plain_line"> + my ($error, $append) =3D @_;</div>
<div class=3D"plain_line"> + $append //=3D '';</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Translate numeric exit codes</div>
<div class=3D"plain_line"> + if(looks_like_number($error)) {</div>
<div class=3D"plain_line"> + if(defined $Lang::tr{"rpz exitcode $error"}) {=
</div>
<div class=3D"plain_line"> + $error =3D $Lang::tr{"rpz exitcode $error"};</=
div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return "RPZ $Lang::tr{'error'}: $error" . &amp=
;Header::escape($append);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Check result of rpz-config system call, reque=
st reload on success</div>
<div class=3D"plain_line"> +sub _rpz_check_result {</div>
<div class=3D"plain_line"> + my ($result, $request_reload) =3D @_;</div>
<div class=3D"plain_line"> + $request_reload //=3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # exitcode 0 =3D success</div>
<div class=3D"plain_line"> + if($result !=3D 0) {</div>
<div class=3D"plain_line"> + $errormessage =3D &amp;_rpz_error_tr($result);=
</div>
<div class=3D"plain_line"> + return;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Set reload flag</div>
<div class=3D"plain_line"> + if($request_reload) {</div>
<div class=3D"plain_line"> + &amp;General::system('touch', "$RPZ_RELOAD_FLA=
G");</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 1;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Test whether reload flag is set</div>
<div class=3D"plain_line"> +sub _rpz_needs_reload {</div>
<div class=3D"plain_line"> + return (-f $RPZ_RELOAD_FLAG);</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Validate a zonefile entry, returns rpz-config =
exitcode on failure. Use _rpz_check_result to verify.</div>
<div class=3D"plain_line"> +# unique =3D check for unique name</div>
<div class=3D"plain_line"> +sub _rpz_validate_zonefile {</div>
<div class=3D"plain_line"> + my ($name, $url, $remark, $unique) =3D @_;</di=
v>
<div class=3D"plain_line"> + $unique //=3D 1;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + unless($name =3D~ /^[a-zA-Z0-9_]{1,32}$/) {</d=
iv>
<div class=3D"plain_line"> + return 101;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + unless($url =3D~ /^[\w+\.:;\/\\&amp;@#%?=3D\-~=
|!]{1,128}$/) {</div>
<div class=3D"plain_line"> + return 105;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + unless($remark =3D~ /^[\w \-()\.:;*\/\\?!&amp;=
=3D]{0,32}$/) {</div>
<div class=3D"plain_line"> + return 201;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Check against already existing names</div>
<div class=3D"plain_line"> + if($unique) {</div>
<div class=3D"plain_line"> + foreach my $existing (keys %zonefiles) {</div>
<div class=3D"plain_line"> + if(lc($name) eq lc($existing)) {</div>
<div class=3D"plain_line"> + return 104;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 0;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Validate a custom list, returns number of rej=
ected line on failure. Check for non-zero results.</div>
<div class=3D"plain_line"> +# listref =3D array reference, cleanup =3D remo=
ve invalid entries instead of returning an error</div>
<div class=3D"plain_line"> +sub _rpz_validate_customlist {</div>
<div class=3D"plain_line"> + my ($listref, $cleanup) =3D @_;</div>
<div class=3D"plain_line"> + $cleanup //=3D 0;</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + foreach my $index (reverse 0..$#{$listref}) {<=
/div>
<div class=3D"plain_line"> + my $row =3D @$listref[$index];</div>
<div class=3D"plain_line"> + next unless($row); # Skip/allow empty lines</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Reject/remove everything besides wildcard do=
mains and remarks</div>
<div class=3D"plain_line"> + if((not &amp;General::validwildcarddomainname(=
$row)) &amp;&amp; (not $row =3D~ /^;[\w \-()\.:;*\/\\?!&amp;=3D]*$/)) {</di=
v>
<div class=3D"plain_line"> + unless($cleanup) {</div>
<div class=3D"plain_line"> + # +1 for user friendly line number and to ensu=
re non-zero exitcode</div>
<div class=3D"plain_line"> + return $index + 1;</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Remove current row</div>
<div class=3D"plain_line"> + splice(@$listref, $index, 1);</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> + }</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + return 0;</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###--- Internal misc functions ---###</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Send HTTP 303 redirect headers for post/reque=
st/get pattern</div>
<div class=3D"plain_line"> +# (Must be sent before calling &amp;Header::sho=
whttpheaders())</div>
<div class=3D"plain_line"> +sub _http_prg_redirect {</div>
<div class=3D"plain_line"> + my $location =3D "https://$ENV{'SERVER_NAME'}:=
$ENV{'SERVER_PORT'}$ENV{'SCRIPT_NAME'}";</div>
<div class=3D"plain_line"> + print "Status: 303 See Other\n";</div>
<div class=3D"plain_line"> + print "Location: $location\n";</div>
<div class=3D"plain_line"> +}</div>
<div class=3D"plain_line"> diff --git a/lfs/rpz b/lfs/rpz</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..7ddbc38e5</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/lfs/rpz</div>
<div class=3D"plain_line"> @@ -0,0 +1,96 @@</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# Definitions</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +include Config</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +SUMMARY =3D response policy zone - RPZ reputati=
on system for unbound DNS</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +VER =3D 1.0.0</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +THISAPP =3D rpz-$(VER)</div>
<div class=3D"plain_line"> +DIR_APP =3D $(DIR_SRC)/$(THISAPP)</div>
<div class=3D"plain_line"> +TARGET =3D $(DIR_INFO)/$(THISAPP)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +PROG =3D rpz</div>
<div class=3D"plain_line"> +PAK_VER =3D 18</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +DEPS =3D</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +SERVICES =3D</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# Top-level Rules</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +install : $(TARGET)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +check :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +download :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +b2 :</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +dist:</div>
<div class=3D"plain_line"> + @$(PAK)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# Installation Details</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +$(TARGET) :</div>
<div class=3D"plain_line"> + @$(PREBUILD)</div>
<div class=3D"plain_line"> + @rm -rf $(DIR_APP)</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # RPZ scripts</div>
<div class=3D"plain_line"> + install --verbose --mode=3D755 \</div>
<div class=3D"plain_line"> + $(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-sl=
eep,rpz-make,rpz-functions} \</div>
<div class=3D"plain_line"> + --target-directory=3D/usr/sbin</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # RPZ config files</div>
<div class=3D"plain_line"> + mkdir -pv /etc/unbound/local.d</div>
<div class=3D"plain_line"> + install --verbose --mode=3D644 --owner=3Dnobod=
y --group=3Dnobody \</div>
<div class=3D"plain_line"> + $(DIR_CONF)/rpz/00-rpz.conf \</div>
<div class=3D"plain_line"> + --target-directory=3D/etc/unbound/local.d</div=
>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /etc=
/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # RPZ custom list files for allow and block</d=
iv>
<div class=3D"plain_line"> + mkdir -pv /var/ipfire/dns/rpz</div>
<div class=3D"plain_line"> + touch /var/ipfire/dns/rpz/{allowlist,blocklist=
}</div>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /var=
/ipfire/dns/rpz</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # RPZ zone files</div>
<div class=3D"plain_line"> + # create empty RPZ config file to avoid a unbo=
und config error</div>
<div class=3D"plain_line"> + mkdir -pv /etc/unbound/zonefiles</div>
<div class=3D"plain_line"> + touch /etc/unbound/zonefiles/allow.rpz</div>
<div class=3D"plain_line"> + chown --verbose --recursive nobody:nobody /etc=
/unbound/zonefiles</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Install addon-specific language-files</div>
<div class=3D"plain_line"> + install --verbose --mode=3D004 $(DIR_CONF)/rpz=
/rpz.*.pl \</div>
<div class=3D"plain_line"> + --target-directory=3D/var/ipfire/addon-lang</d=
iv>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + # Install backup definition</div>
<div class=3D"plain_line"> + cp -vf $(DIR_CONF)/backup/includes/rpz /var/ip=
fire/backup/addons/includes/rpz</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> + @rm -rf $(DIR_APP)</div>
<div class=3D"plain_line"> + @$(POSTBUILD)</div>
<div class=3D"plain_line"> diff --git a/make.sh b/make.sh</div>
<div class=3D"plain_line"> index 827ea9e77..a77535b13 100755</div>
<div class=3D"plain_line"> --- a/make.sh</div>
<div class=3D"plain_line"> +++ b/make.sh</div>
<div class=3D"plain_line"> @@ -390,7 +390,7 @@ prepareenv() {</div>
<div class=3D"plain_line"> if [ "${free_space}" -lt "${required_space}" ];=
 then</div>
<div class=3D"plain_line"> # Add any consumed space</div>
<div class=3D"plain_line"> while read -r consumed_space path; do</div>
<div class=3D"plain_line"> - (( free_space +=3D consumed_space / 1024 / 102=
4 ))</div>
<div class=3D"plain_line"> + (( free_space +=3D consumed_space / 1024 / 102=
4 ))</div>
<div class=3D"plain_line"> done &lt;&lt;&lt; "$(du --summarize --bytes "${B=
UILD_DIR}" "${IMAGES_DIR}" "${LOG_DIR}" 2&gt;/dev/null)"</div>
<div class=3D"plain_line"> fi</div>
<div class=3D"plain_line">  @@ -2087,6 +2087,7 @@ build_system() {</div>
<div class=3D"plain_line"> lfsmake2 btrfs-progs</div>
<div class=3D"plain_line"> lfsmake2 inotify-tools</div>
<div class=3D"plain_line"> lfsmake2 grub-btrfs</div>
<div class=3D"plain_line"> + lfsmake2 rpz</div>
<div class=3D"plain_line">  lfsmake2 linux</div>
<div class=3D"plain_line"> lfsmake2 rtl8812au</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/install.sh b/src/paks/=
rpz/install.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..ef99bf742</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/install.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,36 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +extract_files</div>
<div class=3D"plain_line"> +restore_backup ${NAME}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# fix user created files</div>
<div class=3D"plain_line"> +chown --verbose --recursive nobody:nobody \</di=
v>
<div class=3D"plain_line"> + /var/ipfire/dns/rpz \</div>
<div class=3D"plain_line"> + /etc/unbound/zonefiles \</div>
<div class=3D"plain_line"> + /etc/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# restart unbound to load config file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound restart</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/uninstall.sh b/src/pak=
s/rpz/uninstall.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..e11427df3</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/uninstall.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,38 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# stop unbound to delete RPZ conf file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound stop</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +make_backup ${NAME}</div>
<div class=3D"plain_line"> +remove_files</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# delete rpz config files. Otherwise unbound wi=
ll throw error:</div>
<div class=3D"plain_line"> +# "[1723428668] unbound-control[17117:0] error: =
connect: Connection refused for 127.0.0.1 port 8953"</div>
<div class=3D"plain_line"> +/bin/rm --verbose --force /etc/unbound/local.d/=
*.rpz.conf</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# start unbound to load unbound config file</di=
v>
<div class=3D"plain_line"> +/etc/init.d/unbound start</div>
<div class=3D"plain_line"> diff --git a/src/paks/rpz/update.sh b/src/paks/r=
pz/update.sh</div>
<div class=3D"plain_line"> new file mode 100644</div>
<div class=3D"plain_line"> index 000000000..9bc340bc6</div>
<div class=3D"plain_line"> --- /dev/null</div>
<div class=3D"plain_line"> +++ b/src/paks/rpz/update.sh</div>
<div class=3D"plain_line"> @@ -0,0 +1,52 @@</div>
<div class=3D"plain_line"> +#!/bin/bash</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# IPFire.org - A linux based firewall #</div>
<div class=3D"plain_line"> +# Copyright (C) 2024 IPFire Team &lt;info@ipfir=
e.org&gt; #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is free software: you can redist=
ribute it and/or modify #</div>
<div class=3D"plain_line"> +# it under the terms of the GNU General Public=
 License as published by #</div>
<div class=3D"plain_line"> +# the Free Software Foundation, either version=
 3 of the License, or #</div>
<div class=3D"plain_line"> +# (at your option) any later version. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# This program is distributed in the hope that=
 it will be useful, #</div>
<div class=3D"plain_line"> +# but WITHOUT ANY WARRANTY; without even the im=
plied warranty of #</div>
<div class=3D"plain_line"> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR P=
URPOSE. See the #</div>
<div class=3D"plain_line"> +# GNU General Public License for more details.=
 #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +# You should have received a copy of the GNU Ge=
neral Public License #</div>
<div class=3D"plain_line"> +# along with this program. If not, see &lt;http=
://www.gnu.org/licenses/&gt;. #</div>
<div class=3D"plain_line"> +# #</div>
<div class=3D"plain_line"> +###############################################=
################################</div>
<div class=3D"plain_line"> +#</div>
<div class=3D"plain_line"> +. /opt/pakfire/lib/functions.sh</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# from update.sh</div>
<div class=3D"plain_line"> +extract_backup_includes</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# stop unbound to delete RPZ conf file</div>
<div class=3D"plain_line"> +/etc/init.d/unbound stop</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# from uninstall.sh</div>
<div class=3D"plain_line"> +make_backup ${NAME}</div>
<div class=3D"plain_line"> +remove_files</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# delete rpz config files. Otherwise unbound wi=
ll throw error:</div>
<div class=3D"plain_line"> +# "unbound-control[nn:0] error: connect: Connec=
tion refused for 127.0.0.1 port 8953"</div>
<div class=3D"plain_line"> +/bin/rm --verbose --force /etc/unbound/local.d/=
*.rpz.conf</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# from install.sh</div>
<div class=3D"plain_line"> +extract_files</div>
<div class=3D"plain_line"> +restore_backup ${NAME}</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# fix user created files</div>
<div class=3D"plain_line"> +chown --verbose --recursive nobody:nobody \</di=
v>
<div class=3D"plain_line"> + /var/ipfire/dns/rpz \</div>
<div class=3D"plain_line"> + /etc/unbound/zonefiles \</div>
<div class=3D"plain_line"> + /etc/unbound/local.d</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# Update Language cache</div>
<div class=3D"plain_line"> +/usr/local/bin/update-lang-cache</div>
<div class=3D"plain_line"> +</div>
<div class=3D"plain_line"> +# restart unbound to load config files</div>
<div class=3D"plain_line"> +/etc/init.d/unbound start</div>
<div class=3D"plain_line"> --</div>
<div class=3D"plain_line"> 2.39.5</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote>
</blockquote>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">   --</div>
<div class=3D"plain_line"> Jon Murphy</div>
<div class=3D"plain_line"> jon.murphy@ipfire.org</div>
</blockquote>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line"> Jon</div>
<div class=3D"plain_line">   --</div>
<div class=3D"plain_line"> Jon Murphy</div>
<div class=3D"plain_line"> jon.murphy@ipfire.org</div>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote></div>
</body></html>
--------=_MB0D870594-C58D-410D-903E-4878F7455AE4--