This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via c50ba483d2e9e6c5b403847152e76afe1470453b (commit) via 8245f77ee35511458ba528d9083394af72574757 (commit) via be3aaa7961be31becab7aa7e8138e5934b258670 (commit) via 3e862ce4f99059002b60994addc87a013d298b38 (commit) via f9dec458f39323bead4686f9e1a3bb827a9bd134 (commit) via c47f57d4e73f04da8a57f5f90fd3bb0ab8e9170a (commit) via e4ba53ed590428632025982d0dbd7af9b4e71084 (commit) via 900e2e99c4464a0b4200e6d9873a3c2570bcc30e (commit) via 5ced384b719877abfe0c78d9345a645f4531e38a (commit) via f7a617a02573dccce4713ce3448116d2bc173757 (commit) via dfee7582f9b386126fcaa6c8cdcb98677e34f5b4 (commit) from 774df2479dfc7f1dba314da193d62bf828bb9edf (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit c50ba483d2e9e6c5b403847152e76afe1470453b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 21:56:56 2013 +0200
misc-progs: rootfile updates.
commit 8245f77ee35511458ba528d9083394af72574757 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 21:53:47 2013 +0200
misc-progs: fix typo in Makefile.
commit be3aaa7961be31becab7aa7e8138e5934b258670 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 20:51:42 2013 +0200
core71: add proxy-squidclam changes to updater.
commit 3e862ce4f99059002b60994addc87a013d298b38 Merge: f9dec45 5ced384 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 20:49:23 2013 +0200
Merge remote-tracking branch 'stevee/proxy-squidclamav' into next
Conflicts: config/cfgroot/general-functions.pl
commit f9dec458f39323bead4686f9e1a3bb827a9bd134 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 20:42:59 2013 +0200
core71: add dnsforward to updater.
commit c47f57d4e73f04da8a57f5f90fd3bb0ab8e9170a Merge: 774df24 e4ba53e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Jul 15 20:38:27 2013 +0200
Merge remote-tracking branch 'stevee/dnsforward' into next
commit e4ba53ed590428632025982d0dbd7af9b4e71084 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jul 14 11:55:29 2013 +0200
dnsmasq: Add feature to forward domains to certain DNS servers.
Fixes #10369.
commit 900e2e99c4464a0b4200e6d9873a3c2570bcc30e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jul 14 13:01:13 2013 +0200
Cleanup in 30-network.menu.
* Removed entry for non existing upload.cgi. * Fix indentation for several menu points.
commit 5ced384b719877abfe0c78d9345a645f4531e38a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jul 7 10:26:30 2013 +0200
squidclamav: Never use IPv6.
Squidclamav uses curl to resolve all kind of addresses which the system allow. If the remote address is an IPv6 address, squidclamav hangs forever.
Nico Prenzel has found a solution to force the usage of IPv4 to prevent from this issue.
Fixes #10376.
commit f7a617a02573dccce4713ce3448116d2bc173757 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 23 22:45:57 2013 +0200
squidclamav: Update squidclamav.conf to use and trust the proxy cache.
If squidclamav is already installed, the configuration will be saved and updated during the upgrade process.
Reference #10367.
commit dfee7582f9b386126fcaa6c8cdcb98677e34f5b4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 23 22:29:30 2013 +0200
Increase performance of the squidclamav redirector.
To boost up the performance, now we trust the proxy cache.
I add some changes to the proxy.cgi to configure the proxy and the squidclamav in the right way.
I also add a hook that allows us to generate a new configuration if the cgi script will be launched from the shell.
Fixes #10367.
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 23 ++ config/menu/30-network.menu | 30 +- config/rootfiles/common/misc-progs | 1 + config/rootfiles/core/71/filelists/files | 5 + config/squidclamav/squidclamav.conf | 9 +- html/cgi-bin/dnsforward.cgi | 359 +++++++++++++++++++++++ html/cgi-bin/proxy.cgi | 41 ++- langs/de/cgi-bin/de.pl | 7 + langs/en/cgi-bin/en.pl | 7 + lfs/squidclamav | 3 +- src/initscripts/init.d/dnsmasq | 26 +- src/misc-progs/Makefile | 5 +- src/misc-progs/{updxsetperms.c => dnsmasqctrl.c} | 12 +- src/paks/squidclamav/update.sh | 10 + src/patches/squidclamav-5.11-dont_use_ipv6.patch | 13 + 15 files changed, 519 insertions(+), 32 deletions(-) create mode 100644 html/cgi-bin/dnsforward.cgi copy src/misc-progs/{updxsetperms.c => dnsmasqctrl.c} (59%) create mode 100644 src/patches/squidclamav-5.11-dont_use_ipv6.patch
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 3cdb36f..41643d8 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1030,4 +1030,27 @@ sub RedIsWireless() { return 0; }
+# Function to read a file with UTF-8 charset. +sub read_file_utf8 ($) { + my ($file) = @_; + + open my $in, '<:encoding(UTF-8)', $file or die "Could not open '$file' for reading $!"; + local $/ = undef; + my $all = <$in>; + close $in; + + return $all; +} + +# Function to write a file with UTF-8 charset. +sub write_file_utf8 ($) { + my ($file, $content) = @_; + + open my $out, '>:encoding(UTF-8)', $file or die "Could not open '$file' for writing $!";; + print $out $content; + close $out; + + return; +} + 1; diff --git a/config/menu/30-network.menu b/config/menu/30-network.menu index f4645b8..c50508f 100644 --- a/config/menu/30-network.menu +++ b/config/menu/30-network.menu @@ -35,37 +35,37 @@ 'title' => "$Lang::tr{'edit hosts'}", 'enabled' => 1, }; - $subnetwork->{'51.routes'} = { + $subnetwork->{'51.dnsmenu'} = { + 'caption' => $Lang::tr{'dns menu'}, + 'uri' => '/cgi-bin/dns.cgi', + 'title' => "$Lang::tr{'dns menu'}", + 'enabled' => `grep "RED_TYPE=DHCP" /var/ipfire/ethernet/settings`, + }; + $subnetwork->{'52.dnsforward'} = { + 'caption' => $Lang::tr{'dnsforward'}, + 'uri' => '/cgi-bin/dnsforward.cgi', + 'title' => "$Lang::tr{'dnsforward'}", + 'enabled' => 1 + }; + $subnetwork->{'60.routes'} = { 'caption' => $Lang::tr{'static routes'}, 'uri' => '/cgi-bin/routing.cgi', 'title' => "$Lang::tr{'static routes'}", 'enabled' => 1, }; - $subnetwork->{'60.upload'} = { - 'caption' => $Lang::tr{'upload'}, - 'uri' => '/cgi-bin/upload.cgi', - 'title' => "$Lang::tr{'upload'}", - 'enabled' => 0, - }; $subnetwork->{'70.aliases'} = { 'caption' => $Lang::tr{'aliases'}, 'uri' => '/cgi-bin/aliases.cgi', 'title' => "$Lang::tr{'aliases'}", 'enabled' => `grep "RED_TYPE=STATIC" /var/ipfire/ethernet/settings`, }; - $subnetwork->{'80.dnsmenu'} = { - 'caption' => $Lang::tr{'dns menu'}, - 'uri' => '/cgi-bin/dns.cgi', - 'title' => "$Lang::tr{'dns menu'}", - 'enabled' => `grep "RED_TYPE=DHCP" /var/ipfire/ethernet/settings`, - }; - $subnetwork->{'90.macadressmenu'} = { + $subnetwork->{'80.macadressmenu'} = { 'caption' => $Lang::tr{'mac address menu'}, 'uri' => '/cgi-bin/mac.cgi', 'title' => "$Lang::tr{'mac address menu'}", 'enabled' => 1, }; - $subnetwork->{'99.wakeonlan'} = { + $subnetwork->{'90.wakeonlan'} = { 'caption' => $Lang::tr{'WakeOnLan'}, 'uri' => '/cgi-bin/wakeonlan.cgi', 'title' => "$Lang::tr{'WakeOnLan'}", diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 3f48f83..a8dac59 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -3,6 +3,7 @@ usr/local/bin/addonctrl usr/local/bin/backupctrl #usr/local/bin/clamavctrl usr/local/bin/dhcpctrl +usr/local/bin/dnsmasqctrl usr/local/bin/extrahdctrl usr/local/bin/fireinfoctrl usr/local/bin/getconntracktable diff --git a/config/rootfiles/core/71/filelists/files b/config/rootfiles/core/71/filelists/files index db039f3..9dd0e30 100644 --- a/config/rootfiles/core/71/filelists/files +++ b/config/rootfiles/core/71/filelists/files @@ -3,6 +3,7 @@ etc/issue var/ipfire/general-functions.pl var/ipfire/header.pl var/ipfire/menu.d/10-system.menu +var/ipfire/menu.d/30-network.menu etc/rc.d/init.d/dnsmasq etc/rc.d/init.d/wlanclient etc/rc.d/init.d/networking/functions.network @@ -11,9 +12,13 @@ etc/rc.d/init.d/networking/red etc/rc.d/rc0.d/K82wlanclient etc/rc.d/rc3.d/S19wlanclient etc/rc.d/rc6.d/K82wlanclient +usr/local/bin/dnsmasqctrl usr/local/bin/wirelessclient +srv/web/ipfire/cgi-bin/dnsforward.cgi srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi +var/ipfire/general-functions.pl var/ipfire/langs var/ipfire/backup/include diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squidclamav.conf index 19bffa0..2b8f5dc 100644 --- a/config/squidclamav/squidclamav.conf +++ b/config/squidclamav/squidclamav.conf @@ -1,6 +1,5 @@ -#squid_ip 127.0.0.1 -#squid_port 3128 -proxy none +squid_ip 127.0.0.1 +squid_port 800 # logfile /var/log/squid/squidclamav.log redirect http://127.0.0.1:81/clwarn.cgi @@ -15,7 +14,7 @@ clamd_local /var/run/clamav/clamd maxsize 5000000 maxredir 30 timeout 60 -#trust_cache 1 +trust_cache 1 # # Do not scan standard HTTP images abort ^.*.(ico|gif|png|jpg)$ @@ -37,4 +36,4 @@ abortcontent ^video/x-flv$ abortcontent ^.*application/x-mms-framed.*$ # # White list some sites -whitelist .*.clamav.net \ No newline at end of file +whitelist .*.clamav.net diff --git a/html/cgi-bin/dnsforward.cgi b/html/cgi-bin/dnsforward.cgi new file mode 100644 index 0000000..15d430c --- /dev/null +++ b/html/cgi-bin/dnsforward.cgi @@ -0,0 +1,359 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2013 IPFire Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::colouryellow} ); +undef (@dummy); + +my %cgiparams=(); +my %checked=(); +my %selected=(); +my $errormessage = ''; +my $filename = "${General::swroot}/dnsforward/config"; +my $changed = 'no'; + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +&Header::showhttpheaders(); + +$cgiparams{'ENABLED'} = 'off'; +$cgiparams{'ACTION'} = ''; +$cgiparams{'ZONE'} = ''; +$cgiparams{'FORWARD_SERVER'} = ''; +$cgiparams{'REMARK'} =''; +&Header::getcgihash(%cgiparams); +open(FILE, $filename) or die 'Unable to open config file.'; +my @current = <FILE>; +close(FILE); + +### +# Add / Edit entries. +# +if ($cgiparams{'ACTION'} eq $Lang::tr{'add'}) +{ + # Check if the entered domainname is valid. + unless (&General::validdomainname($cgiparams{'ZONE'})) { + $errormessage = $Lang::tr{'invalid domain name'}; + } + + # Check if the settings for the forward server are valid. + unless(&General::validip($cgiparams{'FORWARD_SERVER'})) { + $errormessage = $Lang::tr{'invalid ip'}; + } + + # Go further if there was no error. + if ( ! $errormessage) + { + # Check if a remark has been entered. + $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); + + # Check if we want to edit an existing or add a new entry. + if($cgiparams{'EDITING'} eq 'no') { + open(FILE,">>$filename") or die 'Unable to open config file.'; + flock FILE, 2; + print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n"; + } else { + open(FILE, ">$filename") or die 'Unable to open config file.'; + flock FILE, 2; + my $id = 0; + foreach my $line (@current) + { + $id++; + if ($cgiparams{'EDITING'} eq $id) { + print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n"; + } else { print FILE "$line"; } + } + } + close(FILE); + undef %cgiparams; + $changed = 'yes'; + } else { + # stay on edit mode if an error occur + if ($cgiparams{'EDITING'} ne 'no') + { + $cgiparams{'ACTION'} = $Lang::tr{'edit'}; + $cgiparams{'ID'} = $cgiparams{'EDITING'}; + } + } + # Restart dnsmasq. + system('/usr/local/bin/dnsmasqctrl restart >/dev/null'); +} + +### +# Remove existing entries. +# +if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) +{ + my $id = 0; + open(FILE, ">$filename") or die 'Unable to open config file.'; + flock FILE, 2; + foreach my $line (@current) + { + $id++; + unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } + } + close(FILE); + # Restart dnsmasq. + system('/usr/local/bin/dnsmasqctrl restart >/dev/null'); +} + +### +# Toggle Enable/Disable for entries. +# +if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) +{ + open(FILE, ">$filename") or die 'Unable to open config file.'; + flock FILE, 2; + my $id = 0; + foreach my $line (@current) + { + $id++; + unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; } + else + { + chomp($line); + my @temp = split(/,/,$line); + print FILE "$cgiparams{'ENABLE'},$temp[1],$temp[2],$temp[3]\n"; + } + } + close(FILE); + # Restart dnsmasq. + system('/usr/local/bin/dnsmasqctrl restart >/dev/null'); +} + +### +# Read items for edit mode. +# +if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) +{ + my $id = 0; + foreach my $line (@current) + { + $id++; + if ($cgiparams{'ID'} eq $id) + { + chomp($line); + my @temp = split(/,/,$line); + $cgiparams{'ENABLED'} = $temp[0]; + $cgiparams{'ZONE'} = $temp[1]; + $cgiparams{'FORWARD_SERVER'} = $temp[2]; + $cgiparams{'REMARK'} = $temp[3]; + } + } +} + +$checked{'ENABLED'}{'off'} = ''; +$checked{'ENABLED'}{'on'} = ''; +$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'"; + +&Header::openpage($Lang::tr{'dnsforward configuration'}, 1, ''); + +&Header::openbigbox('100%', 'left', '', $errormessage); + +### +# Error messages layout. +# +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage\n"; + print " </class>\n"; + &Header::closebox(); +} + +print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; + +my $buttontext = $Lang::tr{'add'}; +if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { + &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'}); + $buttontext = $Lang::tr{'update'}; +} else { + &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'}); +} + +### +# Content of the main page. +# +print <<END +<table width='100%'> + <tr> + <td width='20%' class='base'><font>$Lang::tr{'dnsforward zone'}:</font></td> + <td><input type='text' name='ZONE' value='$cgiparams{'ZONE'}' size='24' /></td> + <td width='30%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> + </tr> + + <tr> + <td width='20%' class='base'><font>$Lang::tr{'dnsforward forward_server'}:</font></td> + <td><input type='text' name='FORWARD_SERVER' value='$cgiparams{'FORWARD_SERVER'}' size='24' /></td> + </tr> +</table> + +<table width='100%'> + <tr> + <td width ='20%' class='base'><font class='boldbase'>$Lang::tr{'remark'}:</font> <img src='/blob.gif' alt='*' /></td> + <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td> + </tr> +</table> + +<hr> + +<table width='100%'> + <tr> + <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' /> <font class='base'>$Lang::tr{'this field may be blank'}</font></td> + <td width='40%' align='center'> + <input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /> + <input type='submit' name='SUBMIT' value='$buttontext' /> + </td> + </tr> +</table> +END +; +if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { + print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n"; +} else { + print "<input type='hidden' name='EDITING' value='no' />\n"; +} + +&Header::closebox(); +print "</form>\n"; + +### +# Existing rules. +# +&Header::openbox('100%', 'left', $Lang::tr{'dnsforward entries'}); +print <<END +<table width='100%'> + <tr> + <td width='35%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward zone'}</b></td> + <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward forward_server'}</b></td> + <td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> + <td width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td> + </tr> +END +; + +# If something has happened re-read config +if($cgiparams{'ACTION'} ne '' or $changed ne 'no') +{ + open(FILE, $filename) or die 'Unable to open config file.'; + @current = <FILE>; + close(FILE); +} + +### +# Re-read entries and highlight selected item for editing. +# +my $id = 0; +foreach my $line (@current) +{ + $id++; + chomp($line); + my @temp = split(/,/,$line); + my $toggle = ''; + my $gif = ''; + my $gdesc = ''; + my $toggle = ''; + + if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) { + print "<tr bgcolor='${Header::colouryellow}'>\n"; } + elsif ($id % 2) { + print "<tr bgcolor='$color{'color22'}'>\n"; } + else { + print "<tr bgcolor='$color{'color20'}'>\n"; } + + if ($temp[0] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};} + else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; } + +### +# Display edit page. +# +print <<END + <td align='center'>$temp[1]</td> + <td align='center'>$temp[2]</td> + <td align='center'>$temp[3]</td> + <td align='center'> + <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' /> + <input type='hidden' name='ID' value='$id' /> + <input type='hidden' name='ENABLE' value='$toggle' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> + </form> + </td> + <td align='center'> + <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' /> + <input type='hidden' name='ID' value='$id' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> + </form> + </td> + <td align='center'> + <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' /> + <input type='hidden' name='ID' value='$id' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' /> + </form> + </td> +</tr> +END + ; +} +print "</table>\n"; + +### +# Print the legend at the bottom if there are any configured entries. +# +# Check if the file size is zero - no existing entries. +if ( ! -z "$filename") { +print <<END +<table> + <tr> + <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> + <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> + <td class='base'>$Lang::tr{'click to disable'}</td> + <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td> + <td class='base'>$Lang::tr{'click to enable'}</td> + <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> + <td class='base'>$Lang::tr{'edit'}</td> + <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> + <td class='base'>$Lang::tr{'remove'}</td> + </tr> +</table> +END +; +} + +&Header::closebox(); + +&Header::closebigbox(); + +&Header::closepage(); diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index fb313ac..c42d35a 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -699,6 +699,16 @@ if (!$errormessage) &read_acls; }
+# ------------------------------------------------------------------ + +# Hook to regenerate the configuration files, if cgi got called from command line. +if ($ENV{"REMOTE_ADDR"} eq "") { + writeconfig(); + exit(0); +} + +# ------------------------------------------------------------------- + $checked{'ENABLE'}{'off'} = ''; $checked{'ENABLE'}{'on'} = ''; $checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'"; @@ -3061,12 +3071,6 @@ icp_port 0
END ; - - # Include file with user defined settings. - if (-e "/etc/squid/squid.conf.pre.local") { - print FILE "include /etc/squid/squid.conf.pre.local\n\n"; - } - print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } @@ -3448,6 +3452,19 @@ END close (ACL); } if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } + + # Check if squidclamav is enabled. + if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { + print FILE "\n#Settings for squidclamav:\n"; + print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n"; + print FILE "acl to_localhost dst 127.0.0.0/8\n"; + print FILE "acl purge method PURGE\n"; + print FILE "http_access deny to_localhost\n"; + print FILE "http_access allow localhost\n"; + print FILE "http_access allow purge localhost\n"; + print FILE "http_access deny purge\n"; + print FILE "url_rewrite_access deny localhost\n"; + } print FILE <<END
#Access to squid: @@ -3963,6 +3980,18 @@ END print FILE "include /etc/squid/squid.conf.local\n"; } close FILE; + + # Proxy settings for squidclamav - if installed. + # + # Check if squidclamav is enabled. + if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { + + my $configfile='/etc/squidclamav.conf'; + + my $data = &General::read_file_utf8($configfile); + $data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g; + &General::write_file_utf8($configfile, $data); + } }
# ------------------------------------------------------------------- diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 1ed9ccd..d1ad7b0 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -714,6 +714,13 @@ 'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!', 'dns server' => 'DNS Server', 'dns title' => 'Domain Name System', +'dnsforward' => 'DNS-Weiterleitung', +'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen:', +'dnsforward configuration' => 'Einstellungen für DNS Weiterleitung', +'dnsforward edit an entry' => 'Existierenden Eintrag bearbeiten:', +'dnsforward entries' => 'Aktuelle Einträge:', +'dnsforward forward_server' => 'DNS-Server', +'dnsforward zone' => 'Zone', 'do not log this port list' => 'Verwerfe diese Port-Liste kurz bevor sie protokolliert werden (reduziert Protokollgröße)', 'dod' => 'Dial-on-Demand-Modus', 'dod for dns' => 'Dial-on-Demand für DNS:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index cdca462..30d0734 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -737,6 +737,13 @@ 'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!', 'dns server' => 'DNS Server', 'dns title' => 'Domain Name System', +'dnsforward' => 'DNS forwarding', +'dnsforward add a new entry' => 'Add a new entry:', +'dnsforward configuration' => 'DNS forward configuration', +'dnsforward edit an entry' => 'Edit an existing entry:', +'dnsforward entries' => 'Current entries:', +'dnsforward forward_server' => 'Nameserver', +'dnsforward zone' => 'Zone', 'do not log this port list' => 'Drop this port list just before they are logged (reduces log size)', 'dod' => 'Dial on Demand', 'dod for dns' => 'Dial on Demand for DNS:', diff --git a/lfs/squidclamav b/lfs/squidclamav index 86255f8..79bf5d0 100644 --- a/lfs/squidclamav +++ b/lfs/squidclamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squidclamav -PAK_VER = 15 +PAK_VER = 17
DEPS = "clamav"
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make install install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq index 1b2c0c2..a02097e 100644 --- a/src/initscripts/init.d/dnsmasq +++ b/src/initscripts/init.d/dnsmasq @@ -22,6 +22,26 @@ fi
SHOW_SRV=1
+function dns_forward_args() { + local file="${1}" + + # Do nothing if file is empty. + [ -s "${file}" ] || return + + local cmdline + + local enabled zone server remark + while IFS="," read -r enabled zone server remark; do + # Line must be enabled. + [ "${enabled}" = "on" ] || continue + + cmdline="${cmdline} --server=/${zone}/${server}" + done < ${file} + + echo "${cmdline}" +} + + case "${1}" in start) # kill already running copy of dnsmasq... @@ -47,8 +67,12 @@ case "${1}" in fi fi [ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf" - + ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`" + + # Add custom forward dns zones. + ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)" + ARGS="$ARGS $CUSTOM_ARGS"
loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 0a4fda6..2ec7878 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -33,7 +33,7 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ - getconntracktable wirelessclient + getconntracktable wirelessclient dnsmasqctrl SUID_UPDX = updxsetperms
install : all @@ -161,3 +161,6 @@ getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varva
wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o -o $@ + +dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o + $(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@ diff --git a/src/misc-progs/dnsmasqctrl.c b/src/misc-progs/dnsmasqctrl.c new file mode 100644 index 0000000..8ac3360 --- /dev/null +++ b/src/misc-progs/dnsmasqctrl.c @@ -0,0 +1,34 @@ +/* This file is part of the IPFire Firewall. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include "setuid.h" + +int main(int argc, char *argv[]) { + + if (!(initsetuid())) + exit(1); + + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n"); + exit(1); + } + + if (strcmp(argv[1], "restart") == 0) { + safe_system("/etc/rc.d/init.d/dnsmasq restart"); + } else { + fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n"); + exit(1); + } + + return 0; +} diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh index 9551602..4b54216 100644 --- a/src/paks/squidclamav/update.sh +++ b/src/paks/squidclamav/update.sh @@ -35,4 +35,14 @@ if [ "$VERSION" -lt "11" ]; then sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf fi
+if [ "$VERSION" -lt "16" ]; then + sed -e "s/proxy none//g" -i /etc/squidclamav.conf + sed -e "s/^#squid_ip 127.0.0.1/squid_ip 127.0.0.1/g" \ + -e "s/^#squid_port 3128/squid_port 800/g" \ + -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf + + # Regenerate configuration files. + perl /srv/web/ipfire/cgi-bin/proxy.cgi +fi + /etc/init.d/squid restart diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch new file mode 100644 index 0000000..4588962 --- /dev/null +++ b/src/patches/squidclamav-5.11-dont_use_ipv6.patch @@ -0,0 +1,13 @@ +diff -Nur a/src/squidclamav.c b/src/squidclamav.c +--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 ++++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 +@@ -413,6 +413,9 @@ + /* Suppress error: SSL certificate problem, verify that the CA cert is OK */ + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); ++ ++ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ ++ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); + } + } + /* create a squidguard child process and setup pipes */
hooks/post-receive -- IPFire 2.x development tree