On 14 Feb 2022, at 21:11, Peter Müller peter.mueller@ipfire.org wrote:
Hello Stefan,
after the ipset patch series, I agree with this one.
If I got it right, the DROP_HOSTILE functionality as introduced in https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=97154d057bdbc7fa34309e9a... will to have adjusted to using ipset as well.
Yes it does.
I will work on a patch for this. As long as both the ipset series and the latter are merged, everything is fine to me, hence:
I would suggest to get this on the list first before merging any of these. There are changes that will remove the old data format for xt_geoip so that we could not run a hybrid with XD using xt_geoip and everything else using ipset.
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Also, it is good to see especially xt_geoip go due to security reasons... :-)
Thanks, and best regards, Peter Müller
Acked-by: Michael Tremer michael.tremer@ipfire.org
None of the provided modules are in use, so this package safely can be dropped.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/rootfiles/common/xtables-addons | 44 --------- lfs/xtables-addons | 118 ------------------------- make.sh | 2 - 3 files changed, 164 deletions(-) delete mode 100644 config/rootfiles/common/xtables-addons delete mode 100644 lfs/xtables-addons
diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons deleted file mode 100644 index 51b0d208d..000000000 --- a/config/rootfiles/common/xtables-addons +++ /dev/null @@ -1,44 +0,0 @@ -lib/xtables/libxt_ACCOUNT.so -lib/xtables/libxt_CHAOS.so -lib/xtables/libxt_DELUDE.so -lib/xtables/libxt_DHCPMAC.so -lib/xtables/libxt_DNETMAP.so -lib/xtables/libxt_ECHO.so -lib/xtables/libxt_IPMARK.so -lib/xtables/libxt_LOGMARK.so -lib/xtables/libxt_PROTO.so -lib/xtables/libxt_SYSRQ.so -lib/xtables/libxt_TARPIT.so -lib/xtables/libxt_condition.so -lib/xtables/libxt_dhcpmac.so -lib/xtables/libxt_fuzzy.so -lib/xtables/libxt_geoip.so -lib/xtables/libxt_gradm.so -lib/xtables/libxt_iface.so -lib/xtables/libxt_ipp2p.so -lib/xtables/libxt_ipv4options.so -lib/xtables/libxt_length2.so -lib/xtables/libxt_lscan.so -lib/xtables/libxt_pknock.so -lib/xtables/libxt_psd.so -lib/xtables/libxt_quota2.so -usr/bin/xt_geoip_query -#usr/lib/libxt_ACCOUNT_cl.la -#usr/lib/libxt_ACCOUNT_cl.so -usr/lib/libxt_ACCOUNT_cl.so.0 -usr/lib/libxt_ACCOUNT_cl.so.0.0.0 -#usr/libexec/xtables-addons -#usr/libexec/xtables-addons/xt_geoip_build -#usr/libexec/xtables-addons/xt_geoip_build_maxmind -#usr/libexec/xtables-addons/xt_geoip_dl -#usr/libexec/xtables-addons/xt_geoip_dl_maxmind -usr/sbin/iptaccount -usr/sbin/pknlusr -#usr/share/man/man1/xt_geoip_build.1 -#usr/share/man/man1/xt_geoip_build_maxmind.1 -#usr/share/man/man1/xt_geoip_dl.1 -#usr/share/man/man1/xt_geoip_dl_maxmind.1 -#usr/share/man/man1/xt_geoip_query.1 -#usr/share/man/man8/iptaccount.8 -#usr/share/man/man8/pknlusr.8 -#usr/share/man/man8/xtables-addons.8 diff --git a/lfs/xtables-addons b/lfs/xtables-addons deleted file mode 100644 index fdea1ffcd..000000000 --- a/lfs/xtables-addons +++ /dev/null @@ -1,118 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -###############################################################################
-############################################################################### -# Definitions -###############################################################################
-include Config
-VERSUFIX = ipfire$(KCFG) -MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
-VER = 3.18
-THISAPP = xtables-addons-$(VER) -DL_FILE = $(THISAPP).tar.xz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP)
-ifeq "$(USPACE)" "1"
- TARGET = $(DIR_INFO)/$(THISAPP)
-else
- TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX)
-endif
-############################################################################### -# Top-level Rules -###############################################################################
-objects = $(DL_FILE)
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 755471b1dc6808f274f914fa11552698
-install : $(TARGET)
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 : $(subst %,%_MD5,$(objects))
-dist:
- $(PAK)
-############################################################################### -# Downloading, checking, md5sum -###############################################################################
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-############################################################################### -# Installation Details -###############################################################################
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- # Only build the specified modules.
-# cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \ -# $(DIR_APP)/mconfig
-# Check if we build the modules for a kernel or the userspace parts. -ifeq "$(USPACE)" "1"
- cd $(DIR_APP) && ./configure \
--prefix=/usr \--without-kbuild- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
-else
- cd $(DIR_APP) && ./configure \
--with-kbuild=/lib/modules/$$(uname -r)$(KCFG)/build- cd $(DIR_APP) && make $(MAKETUNING)
- # Install the built kernel modules.
- mkdir -p $(MODPATH)
- cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
/lib/modules/$$(uname -r)$(KCFG)/build/scripts/sign-file sha512 \/lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.pem \/lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.x509 \$$f; \xz $$f; \install -m 644 $$f.xz $(MODPATH); \- done
-endif
- # Create directory for the databases.
- mkdir -pv /usr/share/xt_geoip/
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/make.sh b/make.sh index 79798834a..7fee7ad40 100755 --- a/make.sh +++ b/make.sh @@ -1184,10 +1184,8 @@ buildipfire() { lfsmake2 rtl8812au KCFG="" lfsmake2 rtl8822bu KCFG="" lfsmake2 xradio KCFG=""
lfsmake2 xtables-addons KCFG="" lfsmake2 linux-initrd KCFG=""
lfsmake2 xtables-addons USPACE="1" lfsmake2 libgpg-error lfsmake2 libgcrypt lfsmake2 libassuan