This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via b563d5bd69c862c9ae1dd53fb1acff3d76af8761 (commit)
via 7b97359b99add6f343a4687d5f2f6a8a86304b4f (commit)
via 92206da35aef825891d5e46aeb28bb0cda043510 (commit)
via 00a083aaf2003ef8f970a9c69ccf0e8020391176 (commit)
from 2f8a33e182f981153a61568261ba4daf3cd7492b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b563d5bd69c862c9ae1dd53fb1acff3d76af8761
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 5 07:58:07 2020 +0000
core143: add backup include and ids-functions
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7b97359b99add6f343a4687d5f2f6a8a86304b4f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 3 16:59:12 2020 +0200
IDS: Add GREEN and BLUE addresses to the list of DNS servers.
Fixes #12349.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 92206da35aef825891d5e46aeb28bb0cda043510
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 3 12:50:04 2020 +0200
Backup: Add idsrules tarball.
The tarball is required to generate and restore the IDS ruleset.
Fixes #12319.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 00a083aaf2003ef8f970a9c69ccf0e8020391176
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 3 12:50:03 2020 +0200
Backup: Add suricata rules-settings file.
This file contains the configured ruleset and oinkcode settings and
therefore needs to be backuped and restored.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/include | 2 ++
config/cfgroot/ids-functions.pl | 15 +++++++++++++++
config/rootfiles/core/143/filelists/files | 2 ++
3 files changed, 19 insertions(+)
Difference in files:
diff --git a/config/backup/include b/config/backup/include
index 0153272f7..5db452cda 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -49,6 +49,7 @@
/var/ipfire/qos/bin/qos.sh
/var/ipfire/suricata/*.conf
/var/ipfire/suricata/*.yaml
+/var/ipfire/suricata/rules-settings
/var/ipfire/*/settings
/var/ipfire/time/
/var/ipfire/urlfilter
@@ -58,3 +59,4 @@
/var/log/rrd/*
/var/log/rrd/collectd
/var/log/vnstat
+/var/tmp/idsrules.tar.gz
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index af8a927e0..7a2d98f03 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -711,13 +711,28 @@ sub generate_dns_servers_file() {
# Get the used DNS servers.
my @nameservers = &General::get_nameservers();
+ # Get network settings.
+ my %netsettings;
+ &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
# Format dns servers declaration.
my $line = "";
# Check if the system has configured nameservers.
if (@nameservers) {
+ # Add the GREEN address as DNS servers.
+ push(@nameservers, $netsettings{'GREEN_ADDRESS'});
+
+ # Check if a BLUE zone exists.
+ if ($netsettings{'BLUE_ADDRESS'}) {
+ # Add the BLUE address to the array of nameservers.
+ push(@nameservers, $netsettings{'BLUE_ADDRESS'});
+ }
+
+ # Generate the line which will be written to the DNS servers file.
$line = join(",", @nameservers);
} else {
+ # External net simply contains (any).
$line = "\$EXTERNAL_NET";
}
diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files
index 28c759fe3..816fffe9a 100644
--- a/config/rootfiles/core/143/filelists/files
+++ b/config/rootfiles/core/143/filelists/files
@@ -14,4 +14,6 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
usr/lib/firewall/rules.pl
var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
+var/ipfire/ids-functions.pl
var/ipfire/suricata/oinkmaster.conf
hooks/post-receive
--
IPFire 2.x development tree