This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via d7534b193e43ef5de7602b5dc7070f8ab4212554 (commit) via d482af1005aa3ed1b81d85798229866459f3f9d0 (commit) via 5d7ed5413e774e4c34556706921a4c2e49d756f5 (commit) via 917272331d6fe6a011d6cf41e0a285e349d47b85 (commit) via 3f8fbea51d91b3fbabdb0e901e6fcc376db41b04 (commit) via d3f1f999278eedff0e1fa3ac7303ee711e93f0e1 (commit) via 095c2253f4c1205e2cd09589b8e08c924d717863 (commit) via 4041ad922dc8050faaeccc24f31c78fb166f7f92 (commit) via bd4ea3c25bfa9a9a8b11c613e293070f57e6ecfd (commit) via 1498017b64188e2d43e3f647f7cc673905da0ed9 (commit) via 3d8249d34fb6df24168df4ab8052136b54343672 (commit) via 9bde9a2023b6847b3ad45a3de9d4346cfac2390f (commit) via cdb4dc96305083c0d16977fb6e1db1d665bb6196 (commit) via d9716b067d5ad6c904653840c70d9fde01eac3f7 (commit) from 6a0328658a0a3ca9b9bcdb95aedc427ebd5196ae (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit d7534b193e43ef5de7602b5dc7070f8ab4212554 Merge: 6a03286 d482af1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Sep 5 14:32:42 2010 +0200
Merge branch 'master' into next
Conflicts: config/rootfiles/core/40/exclude config/rootfiles/core/40/filelists/files config/rootfiles/core/40/update.sh make.sh
-----------------------------------------------------------------------
Summary of changes: config/outgoingfw/outgoingfw.pl | 41 ++++++--- config/rootfiles/common/configroot | 2 +- config/rootfiles/common/snort | 2 +- config/rootfiles/common/strongswan | 10 ++- doc/packages-list.txt | 6 +- html/cgi-bin/ids.cgi | 4 +- html/cgi-bin/outgoingfw.cgi | 69 ++++++++++---- html/cgi-bin/outgoinggrp.cgi | 178 +++++++++++++++++++++++++++++++++--- langs/de/cgi-bin/de.pl | 23 +++-- langs/en/cgi-bin/en.pl | 29 ++++--- langs/es/cgi-bin/es.pl | 12 ++- langs/fr/cgi-bin/fr.pl | 23 +++-- lfs/configroot | 10 +- lfs/{e1000 => igb} | 16 ++-- lfs/snort | 4 +- lfs/strongswan | 4 +- make.sh | 4 +- src/initscripts/init.d/firewall | 2 + 18 files changed, 329 insertions(+), 110 deletions(-) copy lfs/{e1000 => igb} (89%)
Difference in files: diff --git a/config/outgoingfw/outgoingfw.pl b/config/outgoingfw/outgoingfw.pl index 1bdd612..e2f9093 100644 --- a/config/outgoingfw/outgoingfw.pl +++ b/config/outgoingfw/outgoingfw.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2005-2010 IPTifre Team # +# Copyright (C) 2005-2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -94,7 +94,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) { $outfwsettings{'STATE'} = "DENY"; $POLICY = "ACCEPT"; - $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'"; + $DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '"; }
### Initialize IPTables @@ -102,6 +102,10 @@ system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1"); system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1"); system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1");
+system("/sbin/iptables --flush OUTGOINGFWMAC >/dev/null 2>&1"); +system("/sbin/iptables --delete-chain OUTGOINGFWMAC >/dev/null 2>&1"); +system("/sbin/iptables -N OUTGOINGFWMAC >/dev/null 2>&1"); + if ( $outfwsettings{'POLICY'} eq 'MODE0' ) { exit 0 } @@ -109,8 +113,12 @@ if ( $outfwsettings{'POLICY'} eq 'MODE0' ) { if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { $CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j ACCEPT"; + if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } $CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j ACCEPT"; + if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } }
foreach $configentry (sort @configs) @@ -148,16 +156,21 @@ foreach $configentry (sort @configs) } elsif ($configline[2] eq 'all') { @SOURCE = ("0/0"); $DEV = ""; + } elsif ($configline[2] eq 'mac') { + @SOURCE = ("$configline[6]"); + $DEV = ""; } else { - if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) - { + if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) { @SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`; + } elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) { + @SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`; + $configline[2] = "mac"; } $DEV = ""; }
if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; } - + if ($configline[3] eq 'tcp') { @PROTO = ("tcp"); } elsif ($configline[3] eq 'udp') { @@ -174,9 +187,14 @@ foreach $configentry (sort @configs) foreach $SOURCE (@SOURCE) { $SOURCE =~ s/\s//gi;
- if ( $SOURCE eq "" ){next;} + if ( $SOURCE eq "" ){next;}
- $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; + if ( $configline[6] ne "" || $configline[2] eq 'mac' ){ + $SOURCE =~ s/[^a-zA-Z0-9]/:/gi; + $CMD = "/sbin/iptables -A OUTGOINGFWMAC -m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO"; + } else { + $CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO"; + }
if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) { $DPORT = "$configline[8]"; @@ -187,11 +205,6 @@ foreach $configentry (sort @configs) $CMD = "$CMD -i $DEV"; }
- if ($configline[6]) { - $MAC = "$configline[6]"; - $CMD = "$CMD -m mac --mac-source $MAC"; - } - if ($configline[17] && $configline[18]) { if ($configline[10]){$DAY = "Mon,"} if ($configline[11]){$DAY .= "Tue,"} @@ -263,10 +276,10 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) { } }
- $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'"; + $CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW '"; if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); } -} +} \ No newline at end of file diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index abc1ee3..5f0faf3 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -102,7 +102,7 @@ var/ipfire/outgoing var/ipfire/outgoing/defaultservices #var/ipfire/outgoing/groups #var/ipfire/outgoing/groups/ipgroups -#var/ipfire/outgoing/ipgroups +#var/ipfire/outgoing/groups/macgroups #var/ipfire/outgoing/p2protocols #var/ipfire/outgoing/rules #var/ipfire/outgoing/settings diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort index 91970dd..2357b4d 100644 --- a/config/rootfiles/common/snort +++ b/config/rootfiles/common/snort @@ -52,7 +52,6 @@ usr/lib/snort_dynamicpreprocessor #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0 -#usr/man/man8/snort.8 usr/sbin/snort #usr/share/doc/snort #usr/share/doc/snort/AUTHORS @@ -106,4 +105,5 @@ usr/sbin/snort #usr/share/doc/snort/USAGE #usr/share/doc/snort/WISHLIST #usr/share/doc/snort/generators +#usr/share/man/man8/snort.8 var/log/snort diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index bd0f1de..8b9ec78 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -1,5 +1,4 @@ etc/ipsec.conf -etc/ipsec.user.conf #etc/ipsec.d etc/ipsec.d/aacerts etc/ipsec.d/acerts @@ -10,7 +9,6 @@ etc/ipsec.d/ocspcerts etc/ipsec.d/private etc/ipsec.d/reqs etc/ipsec.secrets -etc/ipsec.user.secrets etc/strongswan.conf #usr/lib/libcharon.a #usr/lib/libcharon.la @@ -81,6 +79,9 @@ usr/libexec/ipsec/plugins/libstrongswan-random.so #usr/libexec/ipsec/plugins/libstrongswan-resolve.a #usr/libexec/ipsec/plugins/libstrongswan-resolve.la usr/libexec/ipsec/plugins/libstrongswan-resolve.so +#usr/libexec/ipsec/plugins/libstrongswan-revocation.a +#usr/libexec/ipsec/plugins/libstrongswan-revocation.la +usr/libexec/ipsec/plugins/libstrongswan-revocation.so #usr/libexec/ipsec/plugins/libstrongswan-sha1.a #usr/libexec/ipsec/plugins/libstrongswan-sha1.la usr/libexec/ipsec/plugins/libstrongswan-sha1.so @@ -99,6 +100,9 @@ usr/libexec/ipsec/plugins/libstrongswan-updown.so #usr/libexec/ipsec/plugins/libstrongswan-x509.a #usr/libexec/ipsec/plugins/libstrongswan-x509.la usr/libexec/ipsec/plugins/libstrongswan-x509.so +#usr/libexec/ipsec/plugins/libstrongswan-xauth.a +#usr/libexec/ipsec/plugins/libstrongswan-xauth.la +usr/libexec/ipsec/plugins/libstrongswan-xauth.so #usr/libexec/ipsec/plugins/libstrongswan-xcbc.a #usr/libexec/ipsec/plugins/libstrongswan-xcbc.la usr/libexec/ipsec/plugins/libstrongswan-xcbc.so @@ -136,3 +140,5 @@ usr/sbin/ipsec #usr/share/man/man8/pluto.8 #usr/share/man/man8/scepclient.8 #usr/share/man/man8/starter.8 +etc/ipsec.user.conf +etc/ipsec.user.secrets diff --git a/doc/packages-list.txt b/doc/packages-list.txt index ae670ea..9b61031 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -148,6 +148,8 @@ * icecream-0.9.4.8 * icegenerator-0.5.5-pre2 * iftop-0.17 +* igb-2.3.4-kmod-2.6.32.15-ipfire +* igb-2.3.4-kmod-2.6.32.15-ipfire-xen * igmpproxy-0.1 * imspector-0.9 * inetutils-1.4.2 @@ -306,7 +308,7 @@ * shadow-4.0.15 * slang-1.4.9 * smartmontools-5.39.1 -* snort-2.8.6 +* snort-2.8.6.1 * sox-12.18.1 * spandsp-0.0.6pre12 * splix-2.0.0-rc2 @@ -318,7 +320,7 @@ * sshfs-fuse-2.2 * sslh-1.7a * streamripper-1.63.5 -* strongswan-4.4.0 +* strongswan-4.4.1 * sudo-1.6.8p12 * sysfsutils-1.3.0 * sysklogd-1.5 diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 4d66d22..1b70ca6 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -264,11 +264,11 @@ if (-e "/etc/snort/snort.conf") {
if ($snortsettings{'RULES'} eq 'subscripted') { #$url="http://dl.snort.org/sub-rules/snortrules-snapshot-2.8_s.tar.gz?oink_code=$sn..."; - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860_s.tar.gz/$snortsetti..."; + $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2861_s.tar.gz/$snortsetti..."; #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings%7B%27OINKCODE%27%..."; } elsif ($snortsettings{'RULES'} eq 'registered') { #$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=$snor..."; - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/$snortsetting..."; + $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2861.tar.gz/$snortsetting..."; #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings%7B%27OINKCODE%27%..."; } else { $url="http://www.emergingthreats.net/rules/emerging.rules.tar.gz"; diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi index b746a8e..07fcb39 100644 --- a/html/cgi-bin/outgoingfw.cgi +++ b/html/cgi-bin/outgoingfw.cgi @@ -321,7 +321,7 @@ END $outfwsettings{'ACTION'} = 'Add rule'; } } -if ($outfwsettings{'ACTION'} eq 'Add rule') +if ($outfwsettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &addrule(); exit @@ -343,7 +343,7 @@ if ($outfwsettings{'POLICY'} ne 'MODE0'){ &Header::openbox('100%', 'center', 'Rules'); print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='submit' name='ACTION' value='Add rule' /> + <input type='submit' name='ACTION' value='$Lang::tr{'Add Rule'}' /> </form> END ; @@ -462,14 +462,22 @@ END END ; if (($outfwsettings{'SIP'}) || ($outfwsettings{'SMAC'})) { - unless ($outfwsettings{'SIP'}) { $outfwsettings{'DISPLAY_SIP'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; } - unless ($outfwsettings{'SMAC'}) { $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; } else { $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; } - print <<END - <tr><td width='14%' align='right'>$Lang::tr{'source ip or net'}: - <td width='14%' align='left'>$outfwsettings{'DISPLAY_SIP'} - <td width='44%' colspan='2' align='center'> -END -; + + unless ($outfwsettings{'SIP'}) { + $outfwsettings{'DISPLAY_SIP'} = 'ALL'; + } else { + $outfwsettings{'DISPLAY_SIP'} = $outfwsettings{'SIP'}; + } + + unless ($outfwsettings{'SMAC'}) { + $outfwsettings{'DISPLAY_SMAC'} = 'ALL'; + print "<tr><td /><td align='left'>$Lang::tr{'source ip or net'}: </td>"; + print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SIP'}</td>"; + } else { + $outfwsettings{'DISPLAY_SMAC'} = $outfwsettings{'SMAC'}; + print "<tr><td /><td align='left'>$Lang::tr{'source'} $Lang::tr{'mac address'}: </td>"; + print "<td align='left' colspan='2'>$outfwsettings{'DISPLAY_SMAC'}</td>"; + } } print <<END <tr><td width='14%' align='right'>$Lang::tr{'time'} - </td> @@ -559,13 +567,13 @@ END if ($p2pline[2] eq 'on') { print <<END <input type='hidden' name='ACTION' value='disable' /> - <input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoingfw p2p allow'}' title='$Lang::tr{'outgoingfw p2p allow'}'/> + <input type='image' name='submit' src='/images/stock_ok.png' alt='$Lang::tr{'outgoing firewall p2p allow'}' title='$Lang::tr{'outgoing firewall p2p allow'}'/> END ; } else { print <<END <input type='hidden' name='ACTION' value='enable' /> - <input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoingfw p2p deny'}' title='$Lang::tr{'outgoingfw p2p deny'}' /> + <input type='image' name='submit' src='/images/stock_stop.png' alt='$Lang::tr{'outgoing firewall p2p deny'}' title='$Lang::tr{'outgoing firewall p2p deny'}' /> END ; } @@ -576,7 +584,7 @@ END } print <<END </table> - <br />$Lang::tr{'outgoingfw p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoingfw p2p deny'}'> $Lang::tr{'outgoingfw p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoingfw p2p deny'}'> $Lang::tr{'outgoingfw p2p description 3'} + <br />$Lang::tr{'outgoing firewall p2p description 1'} <img src='/images/stock_ok.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 2'} <img src='/images/stock_stop.png' align='absmiddle' alt='$Lang::tr{'outgoing firewall p2p deny'}'> $Lang::tr{'outgoing firewall p2p description 3'} END ; &Header::closebox(); @@ -586,9 +594,9 @@ END print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> - <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoingfw mode0'}</td></tr> - <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoingfw mode1'}</td></tr> - <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoingfw mode2'}</td></tr> + <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 0:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode0'}</td></tr> + <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 1:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode1'}</td></tr> + <tr><td width='10%' align='left'><b>$Lang::tr{'mode'} 2:</b><td width='90%' align='left' colspan='2'>$Lang::tr{'outgoing firewall mode2'}</td></tr> <tr><td colspan='3'><hr /></td></tr> <tr><td width='10%' align='left'> <select name='POLICY' style="width: 85px"><option value='MODE0' $selected{'POLICY'}{'MODE0'}>$Lang::tr{'mode'} 0</option><option value='MODE1' $selected{'POLICY'}{'MODE1'}>$Lang::tr{'mode'} 1</option><option value='MODE2' $selected{'POLICY'}{'MODE2'}>$Lang::tr{'mode'} 2</option></select> <td width='45%' align='left'><input type='submit' name='ACTION' value=$Lang::tr{'save'} /> @@ -597,7 +605,7 @@ END ; if ($outfwsettings{'POLICY'} ne 'MODE0') { print <<END - $Lang::tr{'outgoingfw reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} /> + $Lang::tr{'outgoing firewall reset'}: <input type='submit' name='ACTION' value=$Lang::tr{'reset'} /> END ; } @@ -627,7 +635,7 @@ print <<END <td width='30%' align='left' colspan='2'><input type='checkbox' name='ENABLED' $selected{'ENABLED'} /></td> </tr> <tr> - <td width='20%' align='right'>$Lang::tr{'protocol'}:</td> + <td width='20%' align='right'>$Lang::tr{'protocol'}</td> <td width='30%' align='left'> <select name='PROT'> <option value='all' $selected{'PROT'}{'all'}>All</option> @@ -655,6 +663,9 @@ END <select name='SNET'> <optgroup label='---'> <option value='all' $selected{'SNET'}{'ALL'}>$Lang::tr{'all'}</option> + <optgroup label='$Lang::tr{'mac address'}'> + <option value='mac' $selected{'SNET'}{'mac'}>$Lang::tr{'source'} $Lang::tr{'mac address'}</option> + </optgroup> <optgroup label='$Lang::tr{'ip address'}'> <option value='ip' $selected{'SNET'}{'ip'}>$Lang::tr{'source ip or net'}</option> <option value='red' $selected{'SNET'}{'red'}>$Lang::tr{'red'} IP</option> @@ -674,7 +685,7 @@ END } print <<END </optgroup> - <optgroup label='$Lang::tr{'advproxy NCSA group'}'> + <optgroup label='IP $Lang::tr{'advproxy NCSA group'}'> END ; my @ipgroups = qx(ls $configpath/ipgroups/); @@ -683,10 +694,26 @@ END } print <<END </optgroup> + <optgroup label='MAC $Lang::tr{'advproxy NCSA group'}'> +END +; + my @macgroups = qx(ls $configpath/macgroups/); + foreach (sort @macgroups){ + print "\t\t\t\t\t<option value='$_' $selected{'SNET'}{'$_'}>$_</option>\n"; + } + print <<END + </optgroup> </select> </td> - <td width='20%' align='right' colspan='2'>$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td> - <td width='30%' align='left' colspan='2'><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td> + <td align='right' colspan='4'><font color='red'>$Lang::tr{'outgoing firewall warning'}</font></td> + </tr> + <tr> + <td align='right' colspan='4' >$Lang::tr{'source ip or net'}<img src='/blob.gif' /></td> + <td align='left' colspan='4' ><input type='text' name='SIP' value='$outfwsettings{'SIP'}' /></td> + </tr> + <tr> + <td align='right' colspan='4' >$Lang::tr{'source'} $Lang::tr{'mac address'}: <img src='/blob.gif' /> + <td align='left' colspan='4' ><input type='text' name='SMAC' maxlength='23' value='$outfwsettings{'SMAC'}' /> </tr> <tr> <td width='20%' align='right'>$Lang::tr{'logging'}:</td> diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi index a94ac82..f99468e 100644 --- a/html/cgi-bin/outgoinggrp.cgi +++ b/html/cgi-bin/outgoinggrp.cgi @@ -48,13 +48,13 @@ my %mainsettings = (); ### Values that have to be initialized $outgrpsettings{'ACTION'} = ''; $outgrpsettings{'ipgroup'} = 'none'; -$outgrpsettings{'portgroup'} = 'none'; +$outgrpsettings{'macgroup'} = 'none';
&Header::getcgihash(%outgrpsettings); delete $outgrpsettings{'__CGI__'};delete $outgrpsettings{'x'};delete $outgrpsettings{'y'};
$selected{'ipgroup'}{$outgrpsettings{'ipgroup'}} = "selected='selected'"; -$selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'"; +$selected{'macgroup'}{$outgrpsettings{'macgroup'}} = "selected='selected'";
&Header::openpage($Lang::tr{'outgoing firewall groups'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); @@ -75,24 +75,54 @@ $selected{'portgroup'}{$outgrpsettings{'portgroup'}} = "selected='selected'"; ############################################################################################################################ ############################################################################################################################
-if ($errormessage) -{ - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<class name='base'>$errormessage\n"; - print " </class>\n"; - &Header::closebox(); -} - if ($outgrpsettings{'ACTION'} eq 'newipgroup') { &newipgroup(); } elsif ($outgrpsettings{'ACTION'} eq 'deleteipgroup' ) { unlink("$configpath/ipgroups/$outgrpsettings{'ipgroup'}"); } elsif ($outgrpsettings{'ACTION'} eq 'addipgroup') { - open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; - flock (FILE, 2); - print FILE $outgrpsettings{'ipgroupcontent'}."\n"; - close FILE; + + if ( -e "$configpath/macgroups/$outgrpsettings{'ipgroup'}" ){ + $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'ipgroup'} eq "all" || $outgrpsettings{'ipgroup'} eq "red" || $outgrpsettings{'ipgroup'} eq "blue" || + $outgrpsettings{'ipgroup'} eq "green" || $outgrpsettings{'ipgroup'} eq "orange" || $outgrpsettings{'ipgroup'} eq "ip" || + $outgrpsettings{'ipgroup'} eq "mac" || $outgrpsettings{'ipgroup'} eq "ovpn" || $outgrpsettings{'ipgroup'} eq "ipsec" ) { + $errormessage = "$Lang::tr{'outgoing firewall reserved groupname'}"; + } else { + open (FILE, ">$configpath/ipgroups/$outgrpsettings{'ipgroup'}") or die "Can't save $outgrpsettings{'ipgroup'} settings $!"; + flock (FILE, 2); + print FILE $outgrpsettings{'ipgroupcontent'}."\n"; + close FILE; + } +} + +if ($outgrpsettings{'ACTION'} eq 'newmacgroup') +{ + &newmacgroup(); +} elsif ($outgrpsettings{'ACTION'} eq 'deletemacgroup' ) { + unlink("$configpath/macgroups/$outgrpsettings{'macgroup'}"); +} elsif ($outgrpsettings{'ACTION'} eq 'addmacgroup') { + + if ( -e "$configpath/ipgroups/$outgrpsettings{'macgroup'}" ){ + $errormessage = "$Lang::tr{'outgoing firewall group error'}"; + } elsif ( $outgrpsettings{'macgroup'} eq "all" || $outgrpsettings{'macgroup'} eq "red" || $outgrpsettings{'macgroup'} eq "blue" || + $outgrpsettings{'macgroup'} eq "green" || $outgrpsettings{'macgroup'} eq "orange" || $outgrpsettings{'macgroup'} eq "ip" || + $outgrpsettings{'macgroup'} eq "mac" || $outgrpsettings{'macgroup'} eq "ovpn" || $outgrpsettings{'macgroup'} eq "ipsec" ) { + $errormessage = "$Lang::tr{'outgoing firewall reserved groupname'}"; + } else { + open (FILE, ">$configpath/macgroups/$outgrpsettings{'macgroup'}") or die "Can't save $outgrpsettings{'macgroup'} settings $!"; + flock (FILE, 2); + print FILE $outgrpsettings{'macgroupcontent'}."\n"; + close FILE; + } +} + +if ($errormessage) +{ + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<class name='base'><font color=red>$errormessage\n</font>"; + print " </class>\n"; + &Header::closebox(); }
############################################################################################################################ @@ -107,6 +137,7 @@ $ipgroupcontent =~ s/\n/<br />/g; &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'});
print <<END +<a name="outgoing showipgroup"</a> <br /> <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'> <table width='95%' cellspacing='0'> @@ -171,9 +202,91 @@ END ; &Header::closebox();
+############################################################################################################################ +############################################################################################################################ + +my @macgroups = qx(ls $configpath/macgroups/); +if ($outgrpsettings{'macgroup'} eq "none" and $#macgroups >= 0 ){ $outgrpsettings{'macgroup'} = $macgroups[0];} + +my $macgroupcontent = `cat $configpath/macgroups/$outgrpsettings{'macgroup'} 2>/dev/null`; +$macgroupcontent =~ s/\n/<br />/g; + +&Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall mac groups'}); + +print <<END +<a name="outgoing showmacgroup"</a> +<br /> +<form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> +<table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall mac groups'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'><select name='macgroup' style="width: 200px"> +END +; +foreach my $member (@macgroups) {chomp $member;print" <option value='$member' $selected{'macgroup'}{$member}>$member</option>\n";} +print <<END + </select></td> + <td align='left'> + <input type='hidden' name='ACTION' value='showmacgroup' /> + <input type='image' alt='$Lang::tr{'outgoing firewall view group'}' title='$Lang::tr{'outgoing firewall view group'}' src='/images/format-justify-fill.png' /> + </td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='left'><font size=1>$macgroupcontent</font></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td colspan='3' align='center'><font size=1>$Lang::tr{'outgoing firewall mac groups'} - $outgrpsettings{'macgroup'}</font></td> + </tr> +</table> +</form> +<table width='10%' cellspacing='0'> +<tr> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='newmacgroup' /> + <input type='image' alt='$Lang::tr{'new'}' title='$Lang::tr{'new'}' src='/images/list-add.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='savemacgroup' /> + <input type='hidden' name='macgroup' value='$outgrpsettings{'macgroup'}' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </form> + </td> + <td align='center'> + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <input type='hidden' name='ACTION' value='deletemacgroup' /> + <input type='hidden' name='macgroup' value='$outgrpsettings{'macgroup'}' /> + <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /> + </form> + </td> +</tr> +</table> + +END +; +&Header::closebox(); + &Header::closebigbox(); &Header::closepage();
+ +############################################################################################################################ +############################################################################################################################ + + sub newipgroup { &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add ip group'}); @@ -210,3 +323,40 @@ END &Header::closepage(); exit 0; } + +sub newmacgroup +{ + &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall add mac group'}); + +print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'> + <table width='95%' cellspacing='0'> + <tr> + <td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'outgoing firewall add mac group'}</b></td> + </tr> + <tr> + <td colspan='3' align='left'><br /></td> + </tr> + <tr> + <td align='left' colspan='2'> + <input type='text' name='macgroup' value='newgroup' size="30" /> + </td> + <td align='left'> + <input type='hidden' name='ACTION' value='addmacgroup' /> + <input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /> + </td> + </tr> + <tr> + <td align='left' colspan='3'> + <textarea name="macgroupcontent" cols="20" rows="5" Wrap="off">00:24:F6:04:5F:2b\n14:26:36:5A:5F:2B\n</textarea> + </td> + </tr> + </table> + </form> +END +; + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit 0; +} \ No newline at end of file diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 7d55857..6b01831 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -22,6 +22,8 @@ 'ConnSched scheduled actions' => 'Geplante Aktionen', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Wähle Profil', +'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese', +'outgoing firewall outgoing firewall reserved groupname' => 'Bitte einen anderen Gruppennamen verwenden, dieser ist ein reserviertes Wort.', 'ConnSched time' => 'Zeit:', 'ConnSched up' => 'Hoch', 'ConnSched weekdays' => 'Wochentage:', @@ -1275,17 +1277,20 @@ 'outgoing firewall groups' => 'Firewall Gruppen', 'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen', 'outgoing firewall ip groups' => 'Ausgehende Firewall IP Adressgruppen', +'outgoing firewall add mac group' => 'MAC Adressgruppen hinzufügen', +'outgoing firewall mac groups' => 'Ausgehende Firewall MAC Adressgruppen', 'outgoing firewall view group' => 'Gruppe anzeigen', +'outgoing firewall group error' => 'Eine Gruppe mit dem selben Namen existiert bereits.', 'outgoing traffic in bytes per second' => 'Abgehender Verkehr', -'outgoingfw mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.', -'outgoingfw mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.', -'outgoingfw mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.', -'outgoingfw p2p description 1' => 'Das Symbol', -'outgoingfw p2p description 2' => 'bedeutet, dass das P2P-Protokoll erlaubt wird oder', -'outgoingfw p2p description 3' => 'das P2P-Protokoll gesperrt wird.', -'outgoingfw p2p deny' => 'P2P-Protokoll ist gesperrt!', -'outgoingfw p2p allow' => 'P2P-Protokoll ist erlaubt!', -'outgoingfw reset' => 'Alle Regeln löschen', +'outgoing firewall mode0' => 'In diesem Modus ist es allen Rechnern im Netzwerk uneingeschränkt möglich Verbindungen ins Internet aufzubauen.', +'outgoing firewall mode1' => 'In diesem Modus werden nur Verbindungen nach den oben definierten Regeln zugelassen.', +'outgoing firewall mode2' => 'In diesem Modus werden sämtliche Verbindungen erlaubt, bis auf die oben definierten Block-Regeln.', +'outgoing firewall p2p description 1' => 'Das Symbol', +'outgoing firewall p2p description 2' => 'bedeutet, dass das P2P-Protokoll erlaubt wird oder', +'outgoing firewall p2p description 3' => 'das P2P-Protokoll gesperrt wird.', +'outgoing firewall p2p deny' => 'P2P-Protokoll ist gesperrt!', +'outgoing firewall p2p allow' => 'P2P-Protokoll ist erlaubt!', +'outgoing firewall reset' => 'Alle Regeln löschen', 'override mtu' => 'Überschreibe Standard MTU', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Verbindungs-Statistik', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a66ec67..907de5d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -19,6 +19,8 @@ 'ConnSched ipsecstop' => 'IPSec stop', 'ConnSched reconnect' => 'Reconnect', 'ConnSched scheduled actions' => 'Scheduled actions', +'outgoing firewall warning' => 'Not selecting source ip or mac ignores them', +'outgoing firewall outgoing firewall reserved groupname' => 'Please use another group name, this name is reserved.', 'ConnSched scheduler' => 'Scheduler', 'ConnSched select profile' => 'Select profile', 'modify' => 'Modify', @@ -643,7 +645,7 @@ 'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease', 'dhcp configuration' => 'DHCP configuration', 'dhcp create fixed leases' => 'Create fixed leases', -'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC adress or the hostname, or you enter both.', +'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC address or the hostname, or you enter both.', 'dhcp fixed lease help1' => 'IP Addresses might be entered as FQDN', 'dhcp mode' => 'DHCP', 'dhcp server' => 'DHCP Server', @@ -1101,7 +1103,7 @@ 'mac address' => 'MAC Address', 'mac address menu' => 'Assign MAC-address', 'mac address in use' => 'MAC address already in use', -'mac address title' => 'Medium Access Control Adresse', +'mac address title' => 'Medium Access Control Address', 'mac address header' => 'MAC address on red0', 'mac address error not valid' => 'MAC addresse not valid!', 'mac address error not 00' => 'MAC addresse has to start with 00!', @@ -1303,18 +1305,21 @@ 'outgoing firewall' => 'Outgoing Firewall', 'outgoing firewall groups' => 'Firewall Groups', 'outgoing firewall add ip group' => 'Add IP Address Group', -'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups', +'outgoing firewall ip groups' => 'Outgoing Firewall IP Address Groups', +'outgoing firewall add mac group' => 'Add MAC Address Group', +'outgoing firewall mac groups' => 'Outgoing Firewall MAC Address Groups', 'outgoing firewall view group' => 'View group', +'outgoing firewall group error' => 'A group with the same name exists.', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', -'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', -'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', -'outgoingfw mode2' => 'Using this mode, all connections are allowed despited off the defined ones.', -'outgoingfw p2p description 1' => 'The button', -'outgoingfw p2p description 2' => 'means that the p2p protocol is allowed or', -'outgoingfw p2p description 3' => 'that the p2p protocol is denied.', -'outgoingfw p2p deny' => 'p2p protocol is denied', -'outgoingfw p2p allow' => 'p2p protocol is allowed', -'outgoingfw reset' => 'Reset all', +'outgoing firewall mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', +'outgoing firewall mode1' => 'Using this mode, only connections based on the defined rules are allowed.', +'outgoing firewall mode2' => 'Using this mode, all connections are allowed despited off the defined ones.', +'outgoing firewall p2p description 1' => 'The button', +'outgoing firewall p2p description 2' => 'means that the p2p protocol is allowed or', +'outgoing firewall p2p description 3' => 'that the p2p protocol is denied.', +'outgoing firewall p2p deny' => 'p2p protocol is denied', +'outgoing firewall p2p allow' => 'p2p protocol is allowed', +'outgoing firewall reset' => 'Reset all', 'override mtu' => 'Override default MTU', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'OpenVPN Connection Statistics', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 5a2fbe3..8074cd2 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -18,6 +18,8 @@ 'ConnSched ipsecstop' => 'Detener IPSec', 'ConnSched reconnect' => 'Reconectar', 'ConnSched scheduled actions' => 'Acciones planificadas', +'outgoing firewall warning' => 'No seleccionar ip origen o mac las ignora', +'outgoing firewall outgoing firewall reserved groupname' => 'Por favor, utilice otro nombre de grupo, este nombre está reservado', 'ConnSched scheduler' => 'Planificador', 'ConnSched select profile' => 'Elegir Perfil', 'modify' => 'Modificar', @@ -1300,11 +1302,11 @@ 'outgoing' => 'salida', 'outgoing firewall' => 'Firewall de salida', 'outgoing traffic in bytes per second' => 'Tráfico de salida', -'outgoingfw mode0' => 'Usando este modo, todos los clientes tienen acceso al internet sin restricciones.', -'outgoingfw mode1' => 'Usando este modo, solamente las conexión basadas en las reglas definidas son permitidas.', -'outgoingfw mode2' => 'Usando este modo, todas las conexioens son permitidas sin importar las ya definidias.', -'outgoingfw p2p description' => 'Presiones el botón correspondiente para activar/desactivar el módulo de bloqueo P2P', -'outgoingfw reset' => 'Restablecer todo', +'outgoing firewall mode0' => 'Usando este modo, todos los clientes tienen acceso al internet sin restricciones.', +'outgoing firewall mode1' => 'Usando este modo, solamente las conexión basadas en las reglas definidas son permitidas.', +'outgoing firewall mode2' => 'Usando este modo, todas las conexioens son permitidas sin importar las ya definidias.', +'outgoing firewall p2p description' => 'Presiones el botón correspondiente para activar/desactivar el módulo de bloqueo P2P', +'outgoing firewall reset' => 'Restablecer todo', 'override mtu' => 'Sobreescribir MTU por defecto', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'Estadisticas de conexión OpenVPN', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index dbc11bf..7904bb6 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -18,6 +18,8 @@ 'ConnSched ipsecstart' => 'IPSec (re)démarrage', 'ConnSched ipsecstop' => 'IPSec arrêt', 'ConnSched reconnect' => 'Reconnecter', +'outgoing firewall warning' => 'Ne pas choisir IP source ou Mac ignore les', +'outgoing firewall outgoing firewall reserved groupname' => 'S il vous plaît utilisez un autre nom de groupe, ce nom est réservé.', 'ConnSched scheduled actions' => 'Actions planifiées', 'ConnSched scheduler' => 'Planificateur', 'ConnSched select profile' => 'Sélectionner profil', @@ -1301,17 +1303,20 @@ 'outgoing firewall groups' => 'Groupes de pare-feu', 'outgoing firewall add ip group' => 'Ajouter un groupe d'adresses IP', 'outgoing firewall ip groups' => 'Groupes d'adresses IP du pare-feu sortant', +'outgoing firewall add mac group' => 'Ajouter un groupe d'adresses MAC', +'outgoing firewall mac groups' => 'Groupes d'adresses MAC du pare-feu sortant', 'outgoing firewall view group' => 'Voir le groupe', +'outgoing firewall group error' => 'Un groupe portant le même nom existe.', 'outgoing traffic in bytes per second' => 'Trafic sortant', -'outgoingfw mode0' => 'En utilisant ce mode, tous les clients peuvent avoir accès à Internet sans restrictions.', -'outgoingfw mode1' => 'En utilisant ce mode, seules les connexions basées sur les règles prédéfinies sont autorisées.', -'outgoingfw mode2' => 'En utilisant ce mode, toutes les connexions sont autorisées sans tenir compte de la liste de définitions.', -'outgoingfw p2p description 1' => 'Le bouton', -'outgoingfw p2p description 2' => ' signifie que le protocol est autorisé ou', -'outgoingfw p2p description 3' => 'que le protocole p2p est bloqué.', -'outgoingfw p2p deny' => 'le protocole p2p est refusé', -'outgoingfw p2p allow' => 'le protocole p2p est autorisé', -'outgoingfw reset' => 'Tout réinitialiser', +'outgoing firewall mode0' => 'En utilisant ce mode, tous les clients peuvent avoir accès à Internet sans restrictions.', +'outgoing firewall mode1' => 'En utilisant ce mode, seules les connexions basées sur les règles prédéfinies sont autorisées.', +'outgoing firewall mode2' => 'En utilisant ce mode, toutes les connexions sont autorisées sans tenir compte de la liste de définitions.', +'outgoing firewall p2p description 1' => 'Le bouton', +'outgoing firewall p2p description 2' => ' signifie que le protocol est autorisé ou', +'outgoing firewall p2p description 3' => 'que le protocole p2p est bloqué.', +'outgoing firewall p2p deny' => 'le protocole p2p est refusé', +'outgoing firewall p2p allow' => 'le protocole p2p est autorisé', +'outgoing firewall reset' => 'Tout réinitialiser', 'override mtu' => 'Outrepasser le MTU par défaut', 'ovpn' => 'OpenVPN', 'ovpn con stat' => 'Statistiques de connexions OpenVPN', diff --git a/lfs/configroot b/lfs/configroot index 544bb25..ff1a206 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -51,12 +51,12 @@ $(TARGET) :
# Create all directories for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns \ - ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ + ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \ - patches pakfire portfw ppp private proxy/advanced/cre proxy/calamaris/bin qos/bin red \ - remote sensors snort time tripwire/report updatexlrator/bin updatexlrator/autocheck \ - urlfilter/autoupdate urlfilter/bin upnp vpn \ - wakeonlan wireless xtaccess ; do \ + outgoing/groups/macgroups patches pakfire portfw ppp private proxy/advanced/cre \ + proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ + updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ + wakeonlan wireless xtaccess ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done
diff --git a/lfs/igb b/lfs/igb new file mode 100644 index 0000000..522a801 --- /dev/null +++ b/lfs/igb @@ -0,0 +1,90 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +ifeq "$(XEN)" "1" + VERSUFIX = ipfire-xen +else + VERSUFIX = ipfire +endif + +VER = 2.3.4 + +THISAPP = igb-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = b0ea2a70198746b69392ef935b61454a + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + #Save original igb module + -mv /lib/modules/$(KVER)-$(VERSUFIX)/kernel/drivers/net/igb/igb.ko \ + /lib/modules/$(KVER)-$(VERSUFIX)/kernel/drivers/net/igb/igb.ko.org + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP)/src && make -C /lib/modules/$(KVER)-$(VERSUFIX)/build/ \ + SUBDIRS=$(DIR_APP)/src modules + cd $(DIR_APP)/src && install -m 644 igb.ko \ + /lib/modules/$(KVER)-$(VERSUFIX)/kernel/drivers/net/igb + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/snort b/lfs/snort index 4b2e348..c44b14e 100644 --- a/lfs/snort +++ b/lfs/snort @@ -24,7 +24,7 @@
include Config
-VER = 2.8.6 +VER = 2.8.6.1
THISAPP = snort-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b1c2d3ddb1c0a859a47c5a31d19e60ad +$(DL_FILE)_MD5 = b1119396a32e9df0d80404e4b6c49166
install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan index 6e8c747..51fae77 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 4.4.0 +VER = 4.4.1
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = bfb0f1c8ef1344e1ae8157bdde060fed +$(DL_FILE)_MD5 = b5730083d8d98e71eada2f7aa93f74af
install : $(TARGET)
diff --git a/make.sh b/make.sh index 4d4529f..732a06f 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.8test" # Version number -CORE="40" # Core Level (Filename) +CORE="41" # Core Level (Filename) PAKFIRE_CORE="40" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan @@ -355,6 +355,7 @@ buildipfire() { ipfiremake r8101 XEN=1 ipfiremake e1000 XEN=1 ipfiremake e1000e XEN=1 + ipfiremake igb XEN=1 ipfiremake linux ipfiremake kqemu # ipfiremake kvm-kmod @@ -370,6 +371,7 @@ buildipfire() { ipfiremake r8101 ipfiremake e1000 ipfiremake e1000e + ipfiremake igb ipfiremake pkg-config ipfiremake linux-atm ipfiremake cpio diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index c38cce5..366ae07 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -147,6 +147,7 @@ case "$1" in /sbin/iptables -N CUSTOMOUTPUT /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT /sbin/iptables -N OUTGOINGFW + /sbin/iptables -N OUTGOINGFWMAC /sbin/iptables -A OUTPUT -j OUTGOINGFW /sbin/iptables -t nat -N CUSTOMPREROUTING /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING @@ -182,6 +183,7 @@ case "$1" in /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# Outgoing Firewall + /sbin/iptables -A FORWARD -j OUTGOINGFWMAC /sbin/iptables -A FORWARD -j OUTGOINGFW
# localhost and ethernet.
hooks/post-receive -- IPFire 2.x development tree