I'm sending this through patchwork now, since I've found that the last patches wouldn't apply (they contained *local* paths, sorry for that).
Short background of this patch: - It adds [DNS/NTP]_FORCED_ON_[INTERFACE] options to '/var/ipfire/optionsfw/settings'. - The corresponding options should only be visible if the respective interface is actually available. If BLUE interface doesn't exist, there shouldn't be any visible ON/OFF switches for 'DNS/NTP on BLUE' or BLUE logging options. - Language strings were altered accordingly, they come in a later patch of this series. - Screenshots: => https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-f... ['Masquerading on BLUE' is not shown because screenshots were made on a testmachine.] - One thing that DOESN'T work: For changes to take effect without a complete reboot, it is necessary to restart the firewall rules through '/etc/init.d/firewall restart'. I tried to implement this by adding a 'Save and Restart'-button. But whatever I tried, this won't work through the Web-GUI. Neither by calling the init-file, nor with a newly written 'optionsfwctrl.c' program. The save function is working, but I wasn't able to trigger a restart of the firewall rules. No seen errors, it just won't work. Calling the new 'optionsfwctrl.c' through console or restarting the rules with '/etc/init.d/firewall restart' was ok, though (e.g.). This has been marked in the patch (line 29).
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- html/cgi-bin/optionsfw.cgi | 101 ++++++++++++++++++++++++++++++++----- 1 file changed, 87 insertions(+), 14 deletions(-)
diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 47aba59cb..bec90b731 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -69,6 +69,31 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { &General::readhash($filename, %settings); # Load good settings }
+if ($settings{'ACTION'} eq $Lang::tr{'fw settings save and restart'}) { + if ($settings{'defpol'} ne '1'){ + $errormessage .= $Lang::tr{'new optionsfw later'}; + &General::writehash($filename, %settings); # Save good settings + system("/usr/local/bin/firewallctrl"); + }else{ + if ($settings{'POLICY'} ne ''){ + $fwdfwsettings{'POLICY'} = $settings{'POLICY'}; + } + if ($settings{'POLICY1'} ne ''){ + $fwdfwsettings{'POLICY1'} = $settings{'POLICY1'}; + } + my $MODE = $fwdfwsettings{'POLICY'}; + my $MODE1 = $fwdfwsettings{'POLICY1'}; + %fwdfwsettings = (); + $fwdfwsettings{'POLICY'} = "$MODE"; + $fwdfwsettings{'POLICY1'} = "$MODE1"; + &General::writehash("${General::swroot}/firewall/settings", %fwdfwsettings); + &General::readhash("${General::swroot}/firewall/settings", %fwdfwsettings); + system("/usr/local/bin/firewallctrl"); + system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1 "); # <--- !THIS DOESN'T WORK! + } + &General::readhash($filename, %settings); # Load good settings +} + &Header::openpage($Lang::tr{'options fw'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); &General::readhash($filename, %settings); @@ -158,6 +183,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORANGE'}} = 'selected="sele $selected{'MASQUERADE_BLUE'}{'off'} = ''; $selected{'MASQUERADE_BLUE'}{'on'} = ''; $selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} = 'selected="selected"'; +$checked{'DNS_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'DNS_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} = "checked='checked'";
&Header::openbox('100%', 'center',); print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>"; @@ -207,7 +244,38 @@ END END }
- print <<END +print <<END; + <table width='95%' cellspacing='0'> + <tr bgcolor='$color{'color20'}'></tr> + <tr> </tr> + <td colspan='2' align='left'><b>$Lang::tr{'fw green'}</b></td> + </tr> + <tr><td align='left' width='60%'>$Lang::tr{'dns force on green'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DNS_FORCE_ON_GREEN' value='on' $checked{'DNS_FORCE_ON_GREEN'}{'on'} />/ + <input type='radio' name='DNS_FORCE_ON_GREEN' value='off' $checked{'DNS_FORCE_ON_GREEN'}{'off'} /> $Lang::tr{'off'}</td></tr> + <tr><td align='left' width='60%'>$Lang::tr{'ntp force on green'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='NTP_FORCE_ON_GREEN' value='on' $checked{'NTP_FORCE_ON_GREEN'}{'on'} />/ + <input type='radio' name='NTP_FORCE_ON_GREEN' value='off' $checked{'NTP_FORCE_ON_GREEN'}{'off'} /> $Lang::tr{'off'}</td></tr> +END + + if (&Header::blue_used()) { + print <<END; + <table width='95%' cellspacing='0'> + <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr> + <tr> </tr> + <tr> + <tr><td align='left' width='60%'>$Lang::tr{'dns force on blue'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DNS_FORCE_ON_BLUE' value='on' $checked{'DNS_FORCE_ON_BLUE'}{'on'} />/ + <input type='radio' name='DNS_FORCE_ON_BLUE' value='off' $checked{'DNS_FORCE_ON_BLUE'}{'off'} /> $Lang::tr{'off'}</td></tr> + <tr><td align='left' width='60%'>$Lang::tr{'ntp force on blue'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='NTP_FORCE_ON_BLUE' value='on' $checked{'NTP_FORCE_ON_BLUE'}{'on'} />/ + <input type='radio' name='NTP_FORCE_ON_BLUE' value='off' $checked{'NTP_FORCE_ON_BLUE'}{'off'} /> $Lang::tr{'off'}</td></tr> + <tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/ + <input type='radio' name='DROPPROXY' value='off' $checked{'DROPPROXY'}{'off'} /> $Lang::tr{'off'}</td></tr> + <tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/ + <input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> $Lang::tr{'off'}</td></tr> + </td> + </tr> +END + } + + print <<END; </table>
<br> @@ -224,21 +292,25 @@ END <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'}</td></tr> <tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/ <input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/ +END + + if (&Header::blue_used()) { + print <<END; + <table width='95%' cellspacing='0'> + <tr> + <tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/ <input type='radio' name='DROPWIRELESSINPUT' value='off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/ + <tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/ <input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'}</td></tr> -</table> -<br/> + </tr> +END + } + + print <<END; + </table> + + <br/>
-<table width='95%' cellspacing='0'> -<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/ - <input type='radio' name='DROPPROXY' value='off' $checked{'DROPPROXY'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop samba'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPSAMBA' value='on' $checked{'DROPSAMBA'}{'on'} />/ - <input type='radio' name='DROPSAMBA' value='off' $checked{'DROPSAMBA'}{'off'} /> $Lang::tr{'off'}</td></tr> -</table> -<br> <table width='95%' cellspacing='0'> <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw settings'}</b></td></tr> <tr><td align='left' width='60%'>$Lang::tr{'fw settings color'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='SHOWCOLORS' value='on' $checked{'SHOWCOLORS'}{'on'} />/ @@ -323,7 +395,8 @@ END <br /> <table width='100%' cellspacing='0'> <tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'> -<input type='submit' name='ACTION' value=$Lang::tr{'save'} /> +<input type='submit' name='ACTION' value='$Lang::tr{'save'}' /> +<input type='submit' name='ACTION' value='$Lang::tr{'fw settings save and restart'}' /> </form></td></tr> </table> </form>
I used '/etc/rc.d/init.d/firewall' with REDIRECT rules and placed them just behind the CAPITVE_PORTAL_CHAIN, as Michael mentioned on the list. I hope, I got the right place.
Short background: - To avoid creating duplicate rule entries, I used code like 'if ! iptables -t nat -C..." or 'if iptables -t nat -C..." ("Check for the existence of a rule"). This was done because I wanted to be absolutely sure that a specific rule would only be created if it doesn't already exist. To reduce output noise I added '>/dev/null 2>&1', where it seemed necessary.
Results: If I delete just *one* rule manually, only the missing rule will be created, I found no duplicates. ON/OFF switches worked as expected.
ToDo: Adding the default settings (all OFF) during install ('update.sh') to '/var/ipfire/optionsfw/settings'. Restart using Web-GUI with 'Save and Restart' button. By now, restart is only possible through only console.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- src/initscripts/system/firewall | 71 +++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 65f1c979b..4e02bd3d9 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -246,6 +246,77 @@ iptables_init() { iptables -A ${i} -j CAPTIVE_PORTAL done
+# Force DNS REDIRECT on GREEN (udp, tcp, 53) +if [ "$DNS_FORCE_ON_GREEN" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT + fi + + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi +fi + +# Force DNS REDIRECT on BLUE (udp, tcp, 53) +if [ "$DNS_FORCE_ON_BLUE" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT + fi + + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + +fi + +# Force NTP REDIRECT on GREEN (udp, 123) +if [ "$NTP_FORCE_ON_GREEN" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1 + fi + +fi + +# Force DNS REDIRECT on BLUE (udp, 123) +if [ "$NTP_FORCE_ON_BLUE" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1 + fi + +fi + # Accept everything connected for i in INPUT FORWARD OUTPUT; do iptables -A ${i} -j CONNTRACK
Hi,
at a first glance this patch seems to be okay.
We should include in the announcement of the core update containing this patch a remark, that a possible work-around in firewall.local according the community article must be removed. Otherwise the system contains the REDIRECT rules twice. This would result in firewall, where these REDIRECTS cannot be switched off as supposed by the .cgi
Regards, Bernhard
Gesendet: Samstag, 28. November 2020 um 15:03 Uhr Von: "Matthias Fischer" matthias.fischer@ipfire.org An: development@lists.ipfire.org Betreff: [PATCH 2/3] /etc/init.d/firewall: Modified for 'forcing dns on green/blue'
I used '/etc/rc.d/init.d/firewall' with REDIRECT rules and placed them just behind the CAPITVE_PORTAL_CHAIN, as Michael mentioned on the list. I hope, I got the right place.
Short background:
- To avoid creating duplicate rule entries, I used code like 'if ! iptables -t nat -C..." or 'if iptables -t nat -C..." ("Check for the existence of a rule"). This was done because I wanted to be absolutely sure that a specific rule would only be created if it doesn't already exist. To reduce output noise I added '>/dev/null 2>&1', where it seemed necessary.
Results: If I delete just *one* rule manually, only the missing rule will be created, I found no duplicates. ON/OFF switches worked as expected.
ToDo: Adding the default settings (all OFF) during install ('update.sh') to '/var/ipfire/optionsfw/settings'. Restart using Web-GUI with 'Save and Restart' button. By now, restart is only possible through only console.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
src/initscripts/system/firewall | 71 +++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 65f1c979b..4e02bd3d9 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -246,6 +246,77 @@ iptables_init() { iptables -A ${i} -j CAPTIVE_PORTAL done
+# Force DNS REDIRECT on GREEN (udp, tcp, 53) +if [ "$DNS_FORCE_ON_GREEN" == "on" ]; then
- if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT- fi
- if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT- fi
+else
- if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1- fi
- if iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1- fi
+fi
+# Force DNS REDIRECT on BLUE (udp, tcp, 53) +if [ "$DNS_FORCE_ON_BLUE" == "on" ]; then
- if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT- fi
- if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT- fi
+else
- if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1- fi
- if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1- fi
+fi
+# Force NTP REDIRECT on GREEN (udp, 123) +if [ "$NTP_FORCE_ON_GREEN" == "on" ]; then
- if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT- fi
+else
- if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1- fi
+fi
+# Force DNS REDIRECT on BLUE (udp, 123) +if [ "$NTP_FORCE_ON_BLUE" == "on" ]; then
- if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT- fi
+else
- if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then
iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1- fi
+fi
- # Accept everything connected for i in INPUT FORWARD OUTPUT; do iptables -A ${i} -j CONNTRACK
-- 2.18.0
Added the necessary translation strings for 'de.pl' and 'en.pl'.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- langs/de/cgi-bin/de.pl | 6 ++++++ langs/en/cgi-bin/en.pl | 6 ++++++ 2 files changed, 12 insertions(+)
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 2fb46e741..6adb3afa0 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -834,6 +834,8 @@ 'dns error 0' => 'Die IP Adresse vom <strong>primären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>sekundären</strong> DNS Server Adresse ist jedoch gültig.<br />', 'dns error 01' => 'Die eingegebene IP Adresse des <strong>primären</strong> wie auch des <strong>sekundären</strong> DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!', 'dns error 1' => 'Die IP Adresse vom <strong>sekundären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>primäre</strong> DNS Server Adresse ist jedoch gültig.', +'dns force on blue' => 'Erzwinge lokale DNS-Server auf BLAU', +'dns force on green' => 'Erzwinge lokale DNS-Server auf GRÜN', 'dns forward disable dnssec' => 'DNSSEC deaktivieren (nicht empfohlen)', 'dns forwarding dnssec disabled notice' => '(DNSSEC deaktiviert)', 'dns header' => 'DNS Server Adressen zuweisen nur mit DHCP an red0', @@ -1102,12 +1104,14 @@ 'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig', 'fw blue' => 'Firewalloptionen für das Blaue Interface', 'fw default drop' => 'Firewallrichtlinie', +'fw green' => 'Firewalloptionen für das Grüne Interface', 'fw logging' => 'Firewallprotokollierung', 'fw settings' => 'Firewalleinstellungen', 'fw settings color' => 'Farben in Regeltabelle anzeigen', 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen', 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen', 'fw settings ruletable' => 'Leere Regeltabellen anzeigen', +'fw settings save and restart' => 'Speichern und Neustart', 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)', 'fwdfw DROP' => 'Verwerfen (DROP)', 'fwdfw MODE1' => 'Alle Pakete verwerfen', @@ -1812,6 +1816,8 @@ 'november' => 'November', 'ntp common settings' => 'Allgemeine Einstellungen', 'ntp configuration' => 'Zeitserverkonfiguration', +'ntp force on green' => 'Erzwinge lokale NTP-Server auf GRÜN', +'ntp force on blue' => 'Erzwinge lokale NTP-Server auf BLAU', 'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muss NTP vorher aktiviert sein.', 'ntp server' => 'NTP-Server', 'ntp sync' => 'Synchronisation', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index b5284effa..f76211544 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -857,6 +857,8 @@ 'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.', 'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!', 'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.', +'dns force on green' => 'Force DNS to use local DNS servers on GREEN', +'dns force on blue' => 'Force DNS to use local DNS servers on BLUE', 'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)', 'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)', 'dns header' => 'Assign DNS server addresses only for DHCP on red0', @@ -1128,12 +1130,14 @@ 'from warn email bad' => 'From e-mail address is not valid', 'fw blue' => 'Firewall options for BLUE interface', 'fw default drop' => 'Firewall policy', +'fw green' => 'Firewall options for GREEN interface', 'fw logging' => 'Firewall logging', 'fw settings' => 'Firewall settings', 'fw settings color' => 'Show colors in ruletable', 'fw settings dropdown' => 'Show all networks on rulecreation site', 'fw settings remark' => 'Show remarks in ruletable', 'fw settings ruletable' => 'Show empty ruletables', +'fw settings save and restart' => 'Save and Restart', 'fwdfw ACCEPT' => 'ACCEPT', 'fwdfw DROP' => 'DROP', 'fwdfw MODE1' => 'Drop all packets', @@ -1842,6 +1846,8 @@ 'november' => 'November', 'ntp common settings' => 'Common settings', 'ntp configuration' => 'NTP Configuration', +'ntp force on green' => 'Force NTP to use local NTP servers on GREEN', +'ntp force on blue' => 'Force NTP to use local NTP servers on BLUE', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', 'ntp sync' => 'Synchronization',
-
Bernhard Bitsch -
Matthias Fischer