This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 3cba134fa88e94d62c5d14d862c60642d5a37240 (commit) via 7ab6a8536cb653b8c096ac67b87eaa3ddf228e12 (commit) via 73372ed4e6b573c4a1078b771df4f6623fc79927 (commit) via 5bdefccbbc18f604b39305a84d238d13988b9a78 (commit) from f1eb69d672ae21db7c314bcbab1bbd2e9b4c7c5a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 3cba134fa88e94d62c5d14d862c60642d5a37240 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 28 20:51:24 2014 +0100
core76: Cleanup rootfile.
p2protocols is not an actual configuration file editable by the user.
commit 7ab6a8536cb653b8c096ac67b87eaa3ddf228e12 Merge: 73372ed 5bdefcc Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 28 20:49:32 2014 +0100
Merge remote-tracking branch 'stevee/core-76-update' into next
commit 73372ed4e6b573c4a1078b771df4f6623fc79927 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 28 20:48:24 2014 +0100
firewall: Move scripts from /var/ipfire/firewall/bin to /usr/lib/firewall.
commit 5bdefccbbc18f604b39305a84d238d13988b9a78 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 18 23:36:41 2014 +0100
Core 76: Don't extract firewall config files.
While updating the configfiles of the firewall has been extracted and replaced, the existing one's if the new firewall was allready installed. As a result of this behaviour all firewall rules, settings or created groups were lost. We now try to create them by using touch if they do not exist.
-----------------------------------------------------------------------
Summary of changes: config/firewall/rules.pl | 2 +- config/rootfiles/common/configroot | 3 --- config/rootfiles/common/stage2 | 3 +++ config/rootfiles/core/76/filelists/firewall | 13 ------------- config/rootfiles/core/76/update.sh | 19 +++++++++++++++++++ lfs/configroot | 11 +++-------- lfs/stage2 | 7 +++++++ src/misc-progs/firewallctrl.c | 2 +- 8 files changed, 34 insertions(+), 26 deletions(-)
Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index f26ae5f..4380764 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -45,7 +45,7 @@ my @DPROT=(); my @p2ps=(); require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; -require "${General::swroot}/firewall/bin/firewall-lib.pl"; +require "/usr/lib/firewall/firewall-lib.pl";
my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index b1097cd..f509370 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -50,9 +50,6 @@ var/ipfire/extrahd #var/ipfire/extrahd/scan #var/ipfire/extrahd/settings var/ipfire/firewall -#var/ipfire/firewall/bin -#var/ipfire/firewall/bin/firewall-lib.pl -#var/ipfire/firewall/bin/rules.pl #var/ipfire/firewall/config #var/ipfire/firewall/dmz #var/ipfire/firewall/input diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 4286cec..a796624 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -66,6 +66,9 @@ root/ipfire #usr/bin/perl #usr/include #usr/lib +usr/lib/firewall +usr/lib/firewall/firewall-lib.pl +usr/lib/firewall/rules.pl #usr/lib/libgcc_s.so usr/lib/libgcc_s.so.1 #usr/lib/libstdc++.la diff --git a/config/rootfiles/core/76/filelists/firewall b/config/rootfiles/core/76/filelists/firewall index 3edde8e..1c58191 100644 --- a/config/rootfiles/core/76/filelists/firewall +++ b/config/rootfiles/core/76/filelists/firewall @@ -9,19 +9,6 @@ usr/sbin/convert-outgoingfw usr/sbin/convert-portfw usr/sbin/convert-xtaccess usr/sbin/firewall-policy -var/ipfire/firewall -var/ipfire/firewall/bin/firewall-lib.pl -var/ipfire/firewall/bin/rules.pl -var/ipfire/firewall/config -var/ipfire/firewall/input -var/ipfire/firewall/outgoing var/ipfire/firewall/p2protocols -var/ipfire/firewall/settings -var/ipfire/fwhosts -var/ipfire/fwhosts/customhosts -var/ipfire/fwhosts/customnetworks -var/ipfire/fwhosts/customgroups -var/ipfire/fwhosts/customservices -var/ipfire/fwhosts/customservicegrp var/ipfire/fwhosts/icmp-types var/ipfire/menu.d/50-firewall.menu diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh index a8f726a..0295a64 100644 --- a/config/rootfiles/core/76/update.sh +++ b/config/rootfiles/core/76/update.sh @@ -192,6 +192,10 @@ fi
ln -svf ../run /var/run
+# Creating directories for new firewall. +mkdir -p /var/ipfire/firewall +mkdir -p /var/ipfire/fwhosts + # #Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / @@ -253,6 +257,21 @@ rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
+# Create config files for firewall and fix permissions. +touch /var/ipfire/firewall/config +touch /var/ipfire/firewall/input +touch /var/ipfire/firewall/outgoing +touch /var/ipfire/firewall/settings +touch /var/ipfire/fwhosts/customhosts +touch /var/ipfire/fwhosts/customnetworks +touch /var/ipfire/fwhosts/customgroups +touch /var/ipfire/fwhosts/customservices +touch /var/ipfire/fwhosts/customservicegrp + +# Fix ownership. +chown -R nobody:nobody /var/ipfire/firewall +chown -R nobody:nobody /var/ipfire/fwhosts + # Convert firewall configuration /usr/sbin/convert-xtaccess /usr/sbin/convert-outgoingfw diff --git a/lfs/configroot b/lfs/configroot index 98e7af3..8250a77 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -51,7 +51,7 @@ $(TARGET) :
# Create all directories for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \ - ethernet extrahd/bin fwlogs fwhosts firewall firewall/bin isdn key langs logging mac main \ + ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \ menu.d modem net-traffic net-traffic/templates nfs optionsfw \ ovpn patches pakfire portfw ppp private proxy/advanced/cre \ proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ @@ -99,13 +99,11 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ - cp $(DIR_SRC)/config/firewall/rules.pl $(CONFIG_ROOT)/firewall/bin/rules.pl cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols - cp $(DIR_SRC)/config/firewall/firewall-lib.pl $(CONFIG_ROOT)/firewall/bin/firewall-lib.pl cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices @@ -132,13 +130,10 @@ $(TARGET) : echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings - - # set rules.pl executable - chmod 755 $(CONFIG_ROOT)/firewall/bin/rules.pl - + # set converters executable chmod 755 /usr/sbin/convert-* - + # Modify variables in header.pl sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ -e "s+VERSION+$(VERSION)+g" \ diff --git a/lfs/stage2 b/lfs/stage2 index 3d64f68..956f589 100644 --- a/lfs/stage2 +++ b/lfs/stage2 @@ -101,6 +101,13 @@ $(TARGET) : # Move script to correct place. mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
+ # Install firewall scripts. + mkdir -pv /usr/lib/firewall + install -m 755 $(DIR_SRC)/config/firewall/rules.pl \ + /usr/lib/firewall/rules.pl + install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \ + /usr/lib/firewall/firewall-lib.pl + # Nobody user -mkdir -p /home/nobody chown -R nobody:nobody /home/nobody diff --git a/src/misc-progs/firewallctrl.c b/src/misc-progs/firewallctrl.c index 97de271..0f17659 100644 --- a/src/misc-progs/firewallctrl.c +++ b/src/misc-progs/firewallctrl.c @@ -13,7 +13,7 @@ int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1);
- int retval = safe_system("/var/ipfire/firewall/bin/rules.pl"); + int retval = safe_system("/usr/lib/firewall/rules.pl");
/* If rules.pl has been successfully executed, the indicator * file is removed. */
hooks/post-receive -- IPFire 2.x development tree