This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2b6c5f257980b0f9e4d31f26ac1945092a45df6a (commit)
via dadffbf738474d649b7177d56acedbad51d6e603 (commit)
via fd24071f657fff2dfa8f878b8eef5d6a1dcf20d8 (commit)
via 7e7788ea0bf73e122b71f56e972565d910a1e302 (commit)
via 9d870c49eb75331f75bd84daeb6bed658d8a1b90 (commit)
via 84004f0538945215dda2b52fe2f664274dc884ce (commit)
via 03b08c08f0be261f47335ebf6e608b4b5d6d153a (commit)
via 4d81e0f3812fc272b2515a631a2e98c4ae76a42b (commit)
via c6df357fd4fefe2a8285ec92e38bd40361fe788e (commit)
via b3c53248d97ee083fcf43cc5ff745396be06ca1a (commit)
from 38cacce21b42d9e7c079e646096e486ac706e546 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2b6c5f257980b0f9e4d31f26ac1945092a45df6a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 13 15:43:52 2014 +0100
ipfire theme: Fix default setting for hostname in title.
commit dadffbf738474d649b7177d56acedbad51d6e603
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Mar 13 15:35:14 2014 +0100
fwhost.cgi: disable "use warnings"
commit fd24071f657fff2dfa8f878b8eef5d6a1dcf20d8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 13 15:37:05 2014 +0100
Update translations.
commit 7e7788ea0bf73e122b71f56e972565d910a1e302
Merge: 9d870c4 03b08c0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 13 15:32:00 2014 +0100
Merge remote-tracking branch 'amarx/BETA3' into next
commit 9d870c49eb75331f75bd84daeb6bed658d8a1b90
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 13 15:29:53 2014 +0100
entropy graph: Remove trend line.
commit 84004f0538945215dda2b52fe2f664274dc884ce
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 13 15:27:14 2014 +0100
Add link to entropy page and show if there is hardware support available.
commit 03b08c08f0be261f47335ebf6e608b4b5d6d153a
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Mar 13 15:27:01 2014 +0100
VPN Checksubnets: Buttons are now Language Strings
commit 4d81e0f3812fc272b2515a631a2e98c4ae76a42b
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Mar 13 15:09:01 2014 +0100
VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed
commit c6df357fd4fefe2a8285ec92e38bd40361fe788e
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Mar 13 13:53:39 2014 +0100
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically
commit b3c53248d97ee083fcf43cc5ff745396be06ca1a
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Mar 13 13:53:39 2014 +0100
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 79 ++++++++++++++++++++--------
config/cfgroot/graphs.pl | 2 -
config/menu/20-status.menu | 6 +++
doc/language_issues.de | 2 +
doc/language_issues.en | 2 +
doc/language_issues.es | 12 ++++-
doc/language_issues.fr | 12 ++++-
doc/language_issues.nl | 12 ++++-
doc/language_issues.pl | 12 ++++-
doc/language_issues.ru | 12 ++++-
doc/language_issues.tr | 12 +++++
doc/language_missings | 40 ++++++++++++++
html/cgi-bin/entropy.cgi | 36 +++++++++++++
html/cgi-bin/firewall.cgi | 20 -------
html/cgi-bin/fwhosts.cgi | 3 +-
html/cgi-bin/ovpnmain.cgi | 21 ++++++--
html/cgi-bin/vpnmain.cgi | 27 ++++++----
html/html/themes/ipfire/include/functions.pl | 2 +-
langs/de/cgi-bin/de.pl | 12 ++++-
langs/en/cgi-bin/en.pl | 12 ++++-
20 files changed, 264 insertions(+), 72 deletions(-)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 386b047..adfba54 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -506,24 +506,46 @@ sub validipandmask
sub checksubnets
{
- my %ccdconfhash=();
- my @ccdconf=();
- my $ccdname=$_[0];
- my $ccdnet=$_[1];
+ my %ccdconfhash=();
+ my %ovpnconfhash=();
+ my %vpnconf=();
+ my %ipsecconf=();
+ my %ownnet=();
+ my %ovpnconf=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $ownnet=$_[2];
my $errormessage;
my ($ip,$cidr)=split(/\//,$ccdnet);
$cidr=&iporsubtocidr($cidr);
+
#get OVPN-Subnet (dynamic range)
- my %ovpnconf=();
&readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
$ovpncidr=&iporsubtocidr($ovpncidr);
+
#check if we try to use same network as ovpn server
if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
return $errormessage;
}
- #check if we use a network-name/subnet that already exists
+
+ #check if we try to use same network as another ovpn N2N
+ if($ownnet ne 'ovpn'){
+ &readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfhash);
+ foreach my $key (keys %ovpnconfhash) {
+ if ($ovpnconfhash{$key}[3] eq 'net'){
+ my @ovpnnet=split (/\//,$ovpnconfhash{$key}[11]);
+ if (&IpInSubnet($ip,$ovpnnet[0],&iporsubtodec($ovpnnet[1]))){
+ $errormessage=$errormessage.$Lang::tr{'ccd err isovpnn2n'}." $ovpnconfhash{$key}[1] <br>";
+ return $errormessage;
+ }
+ }
+ }
+ }
+
+ #check if we use a network-name/subnet (static-ovpn) that already exists
&readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
foreach my $key (keys %ccdconfhash) {
@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
@@ -535,32 +557,45 @@ sub checksubnets
my ($newip,$newsub) = split(/\//,$ccdnet);
if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1])))
{
- $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+ $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}." $ccdconfhash{$key}[0]<br>";
return $errormessage;
}
}
+
#check if we use a ipsec right network which is already defined
- my %ipsecconf=();
- &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
- foreach my $key (keys %ipsecconf){
- if ($ipsecconf{$key}[11] ne ''){
- my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
- $ipsecsub=&iporsubtodec($ipsecsub);
- if($ipsecconf{$key}[1] ne $ccdname){
- if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
- $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]";
- return $errormessage;
+ if($ownnet ne 'ipsec'){
+ &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+ foreach my $key (keys %ipsecconf){
+ if ($ipsecconf{$key}[11] ne ''){
+ my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+ $ipsecsub=&iporsubtodec($ipsecsub);
+ if($ipsecconf{$key}[1] ne $ccdname){
+ if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+ $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]";
+ return $errormessage;
+ }
}
}
}
}
+
+ #check if we use the ipsec RW Network (if defined)
+ &readhash("${General::swroot}/vpn/settings", \%vpnconf);
+ if ($vpnconf{'RW_NET'} ne ''){
+ my ($ipsecrwnet,$ipsecrwsub)=split (/\//, $vpnconf{'RW_NET'});
+ if (&IpInSubnet($ip,$ipsecrwnet,&iporsubtodec($ipsecrwsub)))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err isipsecrw'}."<br>";
+ return $errormessage;
+ }
+ }
+
#check if we use one of ipfire's networks (green,orange,blue)
- my %ownnet=();
&readhash("${General::swroot}/ethernet/settings", \%ownnet);
- if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
- if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
- if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
- if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
}
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index 81b6fa4..4942c98 100644
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -1140,7 +1140,6 @@ sub updateentropygraph {
"-t $Lang::tr{'entropy'}",
"-v $Lang::tr{'bit'}",
"DEF:entropy=$mainsettings{'RRDLOG'}/collectd/localhost/entropy/entropy.rrd:entropy:AVERAGE",
- "CDEF:entropytrend=entropy,43200,TREND",
"LINE3:entropy#ff0000:" . sprintf("%-15s", $Lang::tr{'entropy'}),
"VDEF:entrmin=entropy,MINIMUM",
"VDEF:entrmax=entropy,MAXIMUM",
@@ -1148,7 +1147,6 @@ sub updateentropygraph {
"GPRINT:entrmax:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'maximum'}),
"GPRINT:entrmin:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'minimum'}),
"GPRINT:entravg:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'average'}) . "\\n",
- "LINE3:entropytrend#000000",
);
RRDs::graph (@command);
diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu
index c0b780a..8899310 100644
--- a/config/menu/20-status.menu
+++ b/config/menu/20-status.menu
@@ -46,6 +46,12 @@
'title' => "$Lang::tr{'hardware graphs'}",
'enabled' => 1,
};
+ $substatus->{'61.entropy'} = {
+ 'caption' => "$Lang::tr{'entropy'}",
+ 'uri' => '/cgi-bin/entropy.cgi',
+ 'title' => "$Lang::tr{'entropy graphs'}",
+ 'enabled' => 1,
+ };
$substatus->{'71.connections'} = {
'caption' => $Lang::tr{'connections'},
'uri' => '/cgi-bin/connections.cgi',
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 881d318..94cf2ce 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -206,6 +206,8 @@ WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
WARNING: translation string unused: fwdfw err prot_port1
WARNING: translation string unused: fwdfw final_rule
WARNING: translation string unused: fwdfw from
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 611a0de..b69be53 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
WARNING: translation string unused: fwdfw err prot_port1
WARNING: translation string unused: fwdfw final_rule
WARNING: translation string unused: fwdfw from
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 636b05f..8ff311d 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot_port
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: visit us at
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 30cc1f1..69f260d 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -603,6 +603,8 @@ WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
@@ -638,6 +640,7 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -648,6 +651,7 @@ WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled
@@ -690,9 +694,7 @@ WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot_port
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
@@ -738,6 +740,7 @@ WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
@@ -812,6 +815,7 @@ WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
@@ -825,6 +829,7 @@ WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: ntp common settings
WARNING: untranslated string: ntp sync
@@ -868,6 +873,8 @@ WARNING: untranslated string: snort working
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
@@ -917,6 +924,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
WARNING: untranslated string: upload new ruleset
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter file ext block
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index e04aae3..59c9ecb 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -591,6 +591,8 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: ccd iroute2
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
@@ -603,6 +605,7 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -612,6 +615,7 @@ WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: fw default drop
@@ -637,9 +641,7 @@ WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot_port
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
@@ -685,6 +687,7 @@ WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
@@ -759,6 +762,7 @@ WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
@@ -771,6 +775,7 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn network
WARNING: untranslated string: ovpn mgmt in root range
@@ -787,6 +792,8 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: ssh
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
@@ -835,6 +842,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: wlan client
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 636b05f..8ff311d 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot_port
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: visit us at
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 195ffc1..c7679b7 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -596,6 +596,8 @@ WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
@@ -632,6 +634,7 @@ WARNING: untranslated string: dnsforward edit an entry
WARNING: untranslated string: dnsforward entries
WARNING: untranslated string: dnsforward forward_server
WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -642,6 +645,7 @@ WARNING: untranslated string: drop outgoing
WARNING: untranslated string: emerging rules
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
WARNING: untranslated string: extrahd install or load driver
@@ -674,9 +678,7 @@ WARNING: untranslated string: fwdfw dnat porterr
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw edit
WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
WARNING: untranslated string: fwdfw err prot_port
WARNING: untranslated string: fwdfw err remark
WARNING: untranslated string: fwdfw err ruleexists
@@ -722,6 +724,7 @@ WARNING: untranslated string: fwdfw use nat
WARNING: untranslated string: fwdfw use srcport
WARNING: untranslated string: fwdfw use srv
WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwdfw wd_fri
WARNING: untranslated string: fwdfw wd_mon
WARNING: untranslated string: fwdfw wd_sat
@@ -796,6 +799,7 @@ WARNING: untranslated string: fwhost type
WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
@@ -810,6 +814,7 @@ WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: minute
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn default
WARNING: untranslated string: openvpn destination port used
@@ -850,6 +855,8 @@ WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: tor
WARNING: untranslated string: tor accounting
WARNING: untranslated string: tor accounting bytes
@@ -898,6 +905,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: visit us at
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 3f27ba2..abcb6ee 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad
WARNING: translation string unused: fwdfw MODE1
WARNING: translation string unused: fwdfw MODE2
WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
WARNING: translation string unused: fwdfw err prot_port1
WARNING: translation string unused: fwdfw final_rule
WARNING: translation string unused: fwdfw from
@@ -636,10 +638,13 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
WARNING: untranslated string: advproxy proxy port transparent
WARNING: untranslated string: bit
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: default ip
WARNING: untranslated string: dnat address
WARNING: untranslated string: dns servers
+WARNING: untranslated string: downlink
WARNING: untranslated string: dpd delay
WARNING: untranslated string: dpd timeout
WARNING: untranslated string: drop action
@@ -649,14 +654,17 @@ WARNING: untranslated string: drop forward
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: fwdfw dnat extport
WARNING: untranslated string: fwdfw dnat nochoice
WARNING: untranslated string: fwdfw dnat porterr2
WARNING: untranslated string: fwdfw hint mac
+WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
@@ -669,6 +677,7 @@ WARNING: untranslated string: mac filter
WARNING: untranslated string: maximum
WARNING: untranslated string: minimum
WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn network
WARNING: untranslated string: ovpn mgmt in root range
@@ -684,7 +693,10 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: ssh
WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
WARNING: untranslated string: tor directory port
WARNING: untranslated string: tor errmsg invalid directory port
+WARNING: untranslated string: uplink
WARNING: untranslated string: urlfilter redirect template
WARNING: untranslated string: wlan clients
diff --git a/doc/language_missings b/doc/language_missings
index 2ca9bf6..8e13c90 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -39,6 +39,8 @@
< ccd err iroute
< ccd err irouteexist
< ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -75,6 +77,7 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
@@ -84,6 +87,7 @@
< drop outgoing
< encryption
< entropy
+< entropy graphs
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -185,6 +189,7 @@
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
+< fwdfw warn1
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
@@ -278,6 +283,7 @@
< fw settings remark
< fw settings ruletable
< grouptype
+< hardware support
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
@@ -292,6 +298,7 @@
< minimum
< minute
< most preferred
+< no hardware random number generator
< notice
< ntp common settings
< ntp sync
@@ -333,6 +340,8 @@
< ssh
< static routes
< support donation
+< system has hwrng
+< system has rdrand
< system information
< tor
< tor 0 = disabled
@@ -389,6 +398,7 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< upload new ruleset
< uptime
< uptime load average
@@ -483,6 +493,8 @@
< ccd err iroute
< ccd err irouteexist
< ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -518,6 +530,7 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
@@ -527,6 +540,7 @@
< drop outgoing
< encryption
< entropy
+< entropy graphs
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -628,6 +642,7 @@
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
+< fwdfw warn1
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
@@ -721,6 +736,7 @@
< fw settings remark
< fw settings ruletable
< grouptype
+< hardware support
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
@@ -735,6 +751,7 @@
< minimum
< minute
< most preferred
+< no hardware random number generator
< notice
< openvpn default
< openvpn destination port used
@@ -792,6 +809,8 @@
< ssh
< static routes
< support donation
+< system has hwrng
+< system has rdrand
< system information
< tor
< tor 0 = disabled
@@ -848,6 +867,7 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< uptime
< uptime load average
< urlfilter redirect template
@@ -918,6 +938,8 @@
< ccd err iroute
< ccd err irouteexist
< ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -953,6 +975,7 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
@@ -962,6 +985,7 @@
< drop outgoing
< encryption
< entropy
+< entropy graphs
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
@@ -1055,6 +1079,7 @@
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
+< fwdfw warn1
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
@@ -1148,6 +1173,7 @@
< fw settings remark
< fw settings ruletable
< grouptype
+< hardware support
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
@@ -1162,6 +1188,7 @@
< minimum
< minute
< most preferred
+< no hardware random number generator
< notice
< openvpn default
< openvpn destination port used
@@ -1204,6 +1231,8 @@
< ssh
< static routes
< support donation
+< system has hwrng
+< system has rdrand
< tor
< tor 0 = disabled
< tor accounting
@@ -1259,6 +1288,7 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< uptime
< uptime load average
< urlfilter redirect template
@@ -1330,6 +1360,8 @@
< ccd err iroute
< ccd err irouteexist
< ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -1367,6 +1399,7 @@
< dnsforward forward_server
< dnsforward zone
< dns servers
+< downlink
< dpd delay
< dpd timeout
< drop action
@@ -1377,6 +1410,7 @@
< Edit an existing route
< encryption
< entropy
+< entropy graphs
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
@@ -1471,6 +1505,7 @@
< fwdfw use nat
< fwdfw use srcport
< fwdfw use srv
+< fwdfw warn1
< fwdfw wd_fri
< fwdfw wd_mon
< fwdfw wd_sat
@@ -1564,6 +1599,7 @@
< fw settings remark
< fw settings ruletable
< grouptype
+< hardware support
< hour-graph
< incoming traffic in bytes per second
< integrity
@@ -1581,6 +1617,7 @@
< minute
< month-graph
< most preferred
+< no hardware random number generator
< notice
< openvpn default
< openvpn destination port used
@@ -1620,6 +1657,8 @@
< ssh
< static routes
< support donation
+< system has hwrng
+< system has rdrand
< tor
< tor 0 = disabled
< tor accounting
@@ -1675,6 +1714,7 @@
< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
+< uplink
< uptime
< uptime load average
< urlfilter redirect template
diff --git a/html/cgi-bin/entropy.cgi b/html/cgi-bin/entropy.cgi
index 9362e78..bd3de82 100755
--- a/html/cgi-bin/entropy.cgi
+++ b/html/cgi-bin/entropy.cgi
@@ -48,6 +48,42 @@ if ( $querry[0] ne~ "") {
&Graphs::makegraphbox("entropy.cgi", "day", '', 350);
&Header::closebox();
+ # Check for hardware support.
+ my $message;
+ my $message_colour = $Header::colourred;
+ if (&has_hwrng()) {
+ $message = $Lang::tr{'system has hwrng'};
+ $message_colour = $Header::colourgreen;
+ } elsif (&has_rdrand()) {
+ $message = $Lang::tr{'system has rdrand'};
+ $message_colour = $Header::colourgreen;
+ } else {
+ $message = $Lang::tr{'no hardware random number generator'};
+ }
+
+ &Header::openbox('100%', 'center', $Lang::tr{'hardware support'});
+ print <<EOF;
+ <p style="color: $message_colour; text-align: center;">$message</p>
+EOF
+ &Header::closebox();
+
&Header::closebigbox();
&Header::closepage();
}
+
+sub has_hwrng() {
+ return (-c "/dev/hwrng");
+}
+
+sub has_rdrand() {
+ open(FILE, "/proc/cpuinfo") or return 0;
+ my @cpuinfo = <FILE>;
+ close(FILE);
+
+ my @result = grep(/rdrand/, @cpuinfo);
+ if (@result) {
+ return 1;
+ }
+
+ return 0;
+}
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 7bcb079..82684e0 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -2375,26 +2375,18 @@ END
if($$hash{$key}[3] eq 'ipsec_net_src'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_net_src'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[3] eq 'ovpn_host_src'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2402,26 +2394,18 @@ END
if($$hash{$key}[5] eq 'ipsec_net_tgt'){
if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
}
@@ -2429,15 +2413,11 @@ END
foreach my $netgroup (sort keys %customgrp){
if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
foreach my $srvgroup (sort keys %customservicegrp){
if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
$coloryellow='on';
- &disable_rule($key);
- $$hash{$key}[2]='';
}
}
$$hash{'ACTIVE'}=$$hash{$key}[2];
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index 049233c..2d128f5 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -21,7 +21,8 @@
use strict;
# enable only the following on debugging purpose
-use warnings;
+#use warnings;
+
use Sort::Naturally;
use CGI::Carp 'fatalsToBrowser';
no warnings 'uninitialized';
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index fa801a9..877e09c 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2159,7 +2159,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
} else {
$errormessage = $Lang::tr{'invalid key'};
}
-
+ &General::firewall_reload();
###
### Download PKCS12 file
@@ -3509,8 +3509,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
- }
-
+ }
+ #Check if remote subnet is used elsewhere
+ my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
+ $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
+ if ($warnmessage){
+ $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+ }
}
# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
@@ -4569,6 +4574,16 @@ END
&Header::closebox();
}
+ if ($warnmessage) {
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
+ print "$warnmessage<br>";
+ print "$Lang::tr{'fwdfw warn1'}<br>";
+ &Header::closebox();
+ print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+ &Header::closepage();
+ exit 0;
+ }
+
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my $srunning = "no";
my $activeonrun = "";
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index af836da..f5ec500 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1225,7 +1225,7 @@ END
} else {
$errormessage = $Lang::tr{'invalid key'};
}
-
+ &General::firewall_reload();
###
### Choose between adding a host-net or net-net connection
###
@@ -1407,14 +1407,13 @@ END
goto VPNCONF_ERROR;
}
-#temporary disabled (BUG 10294)
-# if ($cgiparams{'TYPE'} eq 'net'){
-# $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
-# if ($errormessage ne ''){
-# goto VPNCONF_ERROR;
-# }
-#
-# }
+ if ($cgiparams{'TYPE'} eq 'net'){
+ $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec');
+ if ($warnmessage ne ''){
+ $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+ }
+ }
+
if ($cgiparams{'AUTH'} eq 'psk') {
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
@@ -2612,6 +2611,16 @@ EOF
&Header::closebox();
}
+ if ($warnmessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
+ print "$warnmessage<br>";
+ print "$Lang::tr{'fwdfw warn1'}<br>";
+ &Header::closebox();
+ print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+ &Header::closepage();
+ exit 0;
+ }
+
&Header::openbox('100%', 'left', $Lang::tr{'global settings'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl
index f71181e..0c47cd4 100644
--- a/html/html/themes/ipfire/include/functions.pl
+++ b/html/html/themes/ipfire/include/functions.pl
@@ -110,7 +110,7 @@ sub openpage {
&genmenu();
my $headline = "IPFire";
- if ($settings{'WINDOWWITHHOSTNAME'} eq 'on') {
+ if (($settings{'WINDOWWITHHOSTNAME'} eq 'on') || ($settings{'WINDOWWITHHOSTNAME'} eq '')) {
$headline = "$settings{'HOSTNAME'}.$settings{'DOMAINNAME'}";
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index e951b68..1042707 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -481,8 +481,10 @@
'ccd err iroute' => 'Netzadresse für Route ungültig.',
'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
-'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
-'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
+'ccd err isipsecrw' => 'Diese Subnetzadresse wird bereits für das IPsec-RW Netz verwendet.',
+'ccd err isovpnn2n' => 'Die Subnetzadresse wird für bereits für eine OpenVPN Netz-zu-Netz-Verbindung verwendet.',
+'ccd err isovpnnet' => 'Die Subnetzadresse wird für bereits für den OpenVPN-Server verwendet.',
+'ccd err issubnet' => 'Die Subnetzadresse wird bereits verwendet.',
'ccd err name' => 'Es muss ein Name angegeben werden.',
'ccd err nameexist' => 'Name existiert bereits.',
'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.',
@@ -813,6 +815,7 @@
'enter ack class' => 'Legen Sie hier die ACK-Klasse fest <br /> und klicken Sie danach auf <i>Speichern</i>.',
'enter data' => 'Geben Sie die Daten ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
'entropy' => 'Entropie',
+'entropy graphs' => 'Entropiegraphen',
'err bk 1' => 'Fehler beim Erzeugen des Archivs',
'err bk 10 password' => 'Fehler beim Datensicherungs-Passwort',
'err bk 2 key' => 'Fehler beim Erzeugen der Schlüsseldatei',
@@ -1005,6 +1008,7 @@
'fwdfw use srcport' => 'Quellport:',
'fwdfw use srv' => 'Zielport:',
'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
+'fwdfw warn1' => 'Dies kann dazu führen, dass Firewallregeln auf Netze angewendet werden, für die sie nicht gedacht sind.',
'fwdfw wd_fri' => 'Fr',
'fwdfw wd_mon' => 'Mo',
'fwdfw wd_sat' => 'Sa',
@@ -1131,6 +1135,7 @@
'harddisk temperature' => 'Festplattentemperatur',
'harddisk temperature graphs' => 'HDD-Diagramme',
'hardware graphs' => 'Hardware-Diagramme',
+'hardware support' => 'Hardware-Unterstützung',
'hdd temperature in' => 'Festplattentemperatur in',
'help' => 'Hilfe',
'high' => 'Hoch',
@@ -1506,6 +1511,7 @@
'no eciadsl synch.bin file' => 'Keine ECI ADSL Datei synch.bin vorhanden. Bitte hochladen.',
'no filter pass' => 'Legen Sie hier die Standardklassen fest durch die nicht-gefilterte Pakete gehen.',
'no fritzdsl driver' => 'Kein Fritz!DSL-Treiber vorhanden. Bitte hochladen.',
+'no hardware random number generator' => 'Dieses System hat keine Entropiequelle.',
'no information available' => 'Keine Informationen verfügbar.',
'no log selected' => 'kein Log ausgewählt',
'no modem selected' => 'Kein Modem ausgewählt',
@@ -1976,6 +1982,8 @@
'swap usage per' => 'Nutzung von Auslagerungsspeicher (Swap) pro',
'system' => 'System',
'system graphs' => 'System-Diagramme',
+'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
+'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
'system information' => 'Systeminformationen',
'system log viewer' => 'Betrachter der System-Logdateien',
'system logs' => 'System-Logdateien',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index d8cfdc7..62facdc 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -499,8 +499,10 @@
'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
'ccd err iroute' => 'Network address for route is invalid.',
'ccd err irouteexist' => 'This route is already in use.',
-'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
-'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
+'ccd err isipsecnet' => 'The given subnet address is already used by an IPsec network.',
+'ccd err isipsecrw' => 'The given subnet address is already used by the IPsec rw network.',
+'ccd err isovpnn2n' => 'The subnet address is already in use for an OpenVPN net-to-net connection.',
+'ccd err isovpnnet' => 'The subnet address is already in use for the OpenVPN server.',
'ccd err issubnet' => 'Subnet address already in use.',
'ccd err name' => 'Please choose a name.',
'ccd err nameexist' => 'Name already exists.',
@@ -839,6 +841,7 @@
'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
'entropy' => 'Entropy',
+'entropy graphs' => 'Entropy Graphs',
'err bk 1' => 'Error creating archive',
'err bk 10 password' => 'Error with backup password',
'err bk 2 key' => 'Error creating key file',
@@ -1031,6 +1034,7 @@
'fwdfw use srcport' => 'Source port:',
'fwdfw use srv' => 'Destination port:',
'fwdfw useless rule' => 'This rule is useless.',
+'fwdfw warn1' => 'This might lead to firewallrules which are applied to networks for which they are not intended to be.',
'fwdfw wd_fri' => 'Fri',
'fwdfw wd_mon' => 'Mon',
'fwdfw wd_sat' => 'Sat',
@@ -1159,6 +1163,7 @@
'harddisk temperature' => 'Harddisk Temperature',
'harddisk temperature graphs' => 'HDD Graphs',
'hardware graphs' => 'Hardware Graphs',
+'hardware support' => 'Hardware Support',
'hdd temperature in' => 'Harddisk temperature in',
'help' => 'Help',
'high' => 'High',
@@ -1535,6 +1540,7 @@
'no eciadsl synch.bin file' => 'No ECI ADSL synch.bin file. Please upload.',
'no filter pass' => 'Enter the standard class for non-filtered packets.',
'no fritzdsl driver' => 'No Fritz!DSL driver. Please upload.',
+'no hardware random number generator' => 'This system has no source for entropy.',
'no information available' => 'No information available.',
'no log selected' => 'No log selected',
'no modem selected' => 'No modem selected',
@@ -2011,6 +2017,8 @@
'swap usage per' => 'Swap usage per',
'system' => 'System',
'system graphs' => 'System Graphs',
+'system has hwrng' => 'This system has got a hardware random number generator.',
+'system has rdrand' => 'This system has got support for Intel(R) RDRAND.',
'system information' => 'System Information',
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',
hooks/post-receive
--
IPFire 2.x development tree