This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via f224c3f26535c5b8c7530f32af933697c9678fb2 (commit) via a10733a5d8580b6ab8cff46235daab6547723781 (commit) from ac2f710771ba327b5b8fd1b8f3829b977d08aa24 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f224c3f26535c5b8c7530f32af933697c9678fb2 Author: Arne Fitzenreiter Arne_F@ipfire.org Date: Thu Jan 3 16:28:21 2013 +0100
red.up: add script to cleanup conntrack-table if red ip has changed.
commit a10733a5d8580b6ab8cff46235daab6547723781 Author: Arne Fitzenreiter Arne_F@ipfire.org Date: Thu Jan 3 14:27:11 2013 +0100
conntrack-tools: add conntrack and needed deps.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/armv5tel/initscripts | 1 + config/rootfiles/common/conntrack-tools | 6 ++++ config/rootfiles/common/i586/initscripts | 1 + config/rootfiles/common/iptables | 38 +++++++++++++--------- config/rootfiles/common/libmnl | 7 ++++ config/rootfiles/core/66/filelists/conntrack-tools | 1 + config/rootfiles/core/66/filelists/files | 1 + config/rootfiles/core/66/filelists/libmnl | 1 + lfs/{libpng => conntrack-tools} | 10 +++--- lfs/iptables | 20 ++++++++++-- lfs/{libpng => libmnl} | 10 +++--- make.sh | 2 ++ .../init.d/networking/red.up/01-conntrack-cleanup | 25 ++++++++++++++ 13 files changed, 95 insertions(+), 28 deletions(-) create mode 100644 config/rootfiles/common/conntrack-tools create mode 100644 config/rootfiles/common/libmnl create mode 120000 config/rootfiles/core/66/filelists/conntrack-tools create mode 120000 config/rootfiles/core/66/filelists/libmnl copy lfs/{libpng => conntrack-tools} (93%) copy lfs/{libpng => libmnl} (93%) create mode 100644 src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
Difference in files: diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 90f9be1..1a613ac 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -73,6 +73,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn etc/rc.d/init.d/networking/red.down/20-RL-firewall etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl #etc/rc.d/init.d/networking/red.up +etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq etc/rc.d/init.d/networking/red.up/10-miniupnpd etc/rc.d/init.d/networking/red.up/10-multicast diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/common/conntrack-tools new file mode 100644 index 0000000..5ce29aa --- /dev/null +++ b/config/rootfiles/common/conntrack-tools @@ -0,0 +1,6 @@ +usr/sbin/conntrack +#usr/sbin/conntrackd +#usr/sbin/nfct +#usr/share/man/man8/conntrack.8 +#usr/share/man/man8/conntrackd.8 +#usr/share/man/man8/nfct.8 diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 737e878..f26e244 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -75,6 +75,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn etc/rc.d/init.d/networking/red.down/20-RL-firewall etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl #etc/rc.d/init.d/networking/red.up +etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq etc/rc.d/init.d/networking/red.up/10-miniupnpd etc/rc.d/init.d/networking/red.up/10-multicast diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index d30cbf5..39225a4 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -140,6 +140,18 @@ sbin/xtables-multi #usr/include/libiptc/xtcshared.h #usr/include/libipulog #usr/include/libipulog/libipulog.h +#usr/include/libnetfilter_conntrack +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_icmp.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h +#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h +#usr/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +#usr/include/libnetfilter_cttimeout +#usr/include/libnetfilter_cttimeout/libnetfilter_cttimeout.h #usr/include/libnetfilter_queue #usr/include/libnetfilter_queue/libipq.h #usr/include/libnetfilter_queue/libnetfilter_queue.h @@ -149,14 +161,9 @@ sbin/xtables-multi #usr/include/libnfnetlink/linux_nfnetlink.h #usr/include/libnfnetlink/linux_nfnetlink_compat.h #usr/include/linux/netfilter/Kbuild -#usr/include/linux/netfilter/ipset #usr/include/linux/netfilter/ipset/Kbuild -#usr/include/linux/netfilter/ipset/ip_set.h #usr/include/linux/netfilter/ipset/ip_set_ahash.h -#usr/include/linux/netfilter/ipset/ip_set_bitmap.h #usr/include/linux/netfilter/ipset/ip_set_getport.h -#usr/include/linux/netfilter/ipset/ip_set_hash.h -#usr/include/linux/netfilter/ipset/ip_set_list.h #usr/include/linux/netfilter/ipset/ip_set_timeout.h #usr/include/linux/netfilter/ipset/pfxlen.h #usr/include/linux/netfilter/nf_conntrack_amanda.h @@ -171,23 +178,20 @@ sbin/xtables-multi #usr/include/linux/netfilter/nf_conntrack_sip.h #usr/include/linux/netfilter/nf_conntrack_snmp.h #usr/include/linux/netfilter/nf_conntrack_tftp.h -#usr/include/linux/netfilter/xt_AUDIT.h -#usr/include/linux/netfilter/xt_CHECKSUM.h -#usr/include/linux/netfilter/xt_CT.h -#usr/include/linux/netfilter/xt_IDLETIMER.h #usr/include/linux/netfilter/xt_IMQ.h -#usr/include/linux/netfilter/xt_TEE.h -#usr/include/linux/netfilter/xt_addrtype.h -#usr/include/linux/netfilter/xt_cpu.h -#usr/include/linux/netfilter/xt_devgroup.h -#usr/include/linux/netfilter/xt_ipvs.h #usr/include/linux/netfilter/xt_layer7.h -#usr/include/linux/netfilter/xt_set.h -#usr/include/linux/netfilter/xt_socket.h #usr/include/net/netfilter #usr/include/net/netfilter/nf_conntrack_tuple.h #usr/include/net/netfilter/nf_nat.h #usr/include/xtables.h +#usr/lib/libnetfilter_conntrack.la +usr/lib/libnetfilter_conntrack.so +usr/lib/libnetfilter_conntrack.so.3 +usr/lib/libnetfilter_conntrack.so.3.4.0 +#usr/lib/libnetfilter_cttimeout.la +usr/lib/libnetfilter_cttimeout.so +usr/lib/libnetfilter_cttimeout.so.1 +usr/lib/libnetfilter_cttimeout.so.1.0.0 #usr/lib/libnetfilter_queue.a #usr/lib/libnetfilter_queue.la usr/lib/libnetfilter_queue.so @@ -207,6 +211,8 @@ usr/lib/libnfnetlink.so.0.2.0 #usr/lib/pkgconfig/libip6tc.pc #usr/lib/pkgconfig/libipq.pc #usr/lib/pkgconfig/libiptc.pc +#usr/lib/pkgconfig/libnetfilter_conntrack.pc +#usr/lib/pkgconfig/libnetfilter_cttimeout.pc #usr/lib/pkgconfig/libnetfilter_queue.pc #usr/lib/pkgconfig/libnfnetlink.pc #usr/lib/pkgconfig/xtables.pc diff --git a/config/rootfiles/common/libmnl b/config/rootfiles/common/libmnl new file mode 100644 index 0000000..36732c4 --- /dev/null +++ b/config/rootfiles/common/libmnl @@ -0,0 +1,7 @@ +#usr/include/libmnl +#usr/include/libmnl/libmnl.h +#usr/lib/libmnl.la +usr/lib/libmnl.so +usr/lib/libmnl.so.0 +usr/lib/libmnl.so.0.1.0 +#usr/lib/pkgconfig/libmnl.pc diff --git a/config/rootfiles/core/66/filelists/conntrack-tools b/config/rootfiles/core/66/filelists/conntrack-tools new file mode 120000 index 0000000..88fbe06 --- /dev/null +++ b/config/rootfiles/core/66/filelists/conntrack-tools @@ -0,0 +1 @@ +../../../common/conntrack-tools \ No newline at end of file diff --git a/config/rootfiles/core/66/filelists/files b/config/rootfiles/core/66/filelists/files index bf51301..91142e0 100644 --- a/config/rootfiles/core/66/filelists/files +++ b/config/rootfiles/core/66/filelists/files @@ -7,6 +7,7 @@ etc/rc.d/init.d/halt etc/rc.d/init.d/leds etc/rc.d/init.d/mountfs etc/rc.d/init.d/network +etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup etc/rc.d/init.d/networking/red.up/98-leds etc/rc.d/init.d/partresize etc/rc.d/init.d/reboot diff --git a/config/rootfiles/core/66/filelists/libmnl b/config/rootfiles/core/66/filelists/libmnl new file mode 120000 index 0000000..f671c41 --- /dev/null +++ b/config/rootfiles/core/66/filelists/libmnl @@ -0,0 +1 @@ +../../../common/libmnl \ No newline at end of file diff --git a/lfs/conntrack-tools b/lfs/conntrack-tools new file mode 100644 index 0000000..f5ea315 --- /dev/null +++ b/lfs/conntrack-tools @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.2.2 + +THISAPP = conntrack-tools-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = a8afc813e16265655f83991fc0df35b6 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/iptables b/lfs/iptables index ceb560d..a247ba7 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -38,17 +38,23 @@ TARGET = $(DIR_INFO)/$(THISAPP) objects = $(DL_FILE) \ netfilter-layer7-v2.22.tar.gz \ libnfnetlink-1.0.0.tar.bz2 \ - libnetfilter_queue-0.0.17.tar.bz2 + libnetfilter_queue-0.0.17.tar.bz2 \ + libnetfilter_conntrack-1.0.2.tar.bz2 \ + libnetfilter_cttimeout-1.0.0.tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz libnfnetlink-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-1.0.0.tar.bz2 libnetfilter_queue-0.0.17.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.17.tar.bz2 +libnetfilter_conntrack-1.0.2.tar.bz2 = $(URL_IPFIRE)/libnetfilter_conntrack-1.0.2.tar.bz2 +libnetfilter_cttimeout-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnetfilter_cttimeout-1.0.0.tar.bz2
$(DL_FILE)_MD5 = 5ab24ad683f76689cfe7e0c73f44855d netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f libnfnetlink-1.0.0.tar.bz2_MD5 = 016fdec8389242615024c529acc1adb8 libnetfilter_queue-0.0.17.tar.bz2_MD5 = 2cde35e678ead3a8f9eb896bf807a159 +libnetfilter_conntrack-1.0.2.tar.bz2_MD5 = 447114b5d61bb9a9617ead3217c3d3ff +libnetfilter_cttimeout-1.0.0.tar.bz2_MD5 = 7697437fc9ebb6f6b83df56a633db7f9
install : $(TARGET)
@@ -124,5 +130,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make install
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_conntrack-1.0.2.tar.bz2 + cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && ./configure --prefix=/usr + cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && make install + + cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_cttimeout-1.0.0.tar.bz2 + cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && ./configure --prefix=/usr + cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make install + @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-1.0.0 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.17 @$(POSTBUILD) diff --git a/lfs/libmnl b/lfs/libmnl new file mode 100644 index 0000000..5341e4b --- /dev/null +++ b/lfs/libmnl @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.0.3 + +THISAPP = libmnl-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 7d95fc3bea3365bc03c48e484224f65f + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 21808c9..b1d7cf6 100755 --- a/make.sh +++ b/make.sh @@ -509,7 +509,9 @@ buildipfire() { ipfiremake mtools ipfiremake initscripts ipfiremake whatmask + ipfiremake libmnl ipfiremake iptables + ipfiremake conntrack-tools ipfiremake libupnp ipfiremake ipaddr ipfiremake iputils diff --git a/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup new file mode 100644 index 0000000..4bb43b9 --- /dev/null +++ b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup @@ -0,0 +1,25 @@ +#!/bin/bash +############################################################################ +# conntrack-cleanup - remove conntrack entries with the last red ipaddress # +############################################################################ +# + +curr_ip=`cat /var/ipfire/red/local-ipaddress 2>/dev/null` +last_ip=`cat /var/lock/last-ipaddress 2>/dev/null` + +if [ "$curr_ip" == "$last_ip" ]; then + exit 0 +fi + +if [ -z "$curr_ip" ]; then + echo ERROR: cannot read current IP. + exit 1 +fi + +if [ ! -z "$last_ip" ]; then + conntrack -D -s $last_ip 2>&1 > /dev/null + conntrack -D -d $last_ip 2>&1 > /dev/null + conntrack -D -r $last_ip 2>&1 > /dev/null + conntrack -D -q $last_ip 2>&1 > /dev/null +fi +echo $curr_ip > /var/lock/last-ipaddress
hooks/post-receive -- IPFire 2.x development tree