This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 42c2acc2187861abc00420c3e272cebd8aa53db3 (commit) via 0df4cf71052ea7a64dcf5ab8d141c54ad239b16f (commit) via be967dc920565a3d6768a885c496898a55442b35 (commit) from a2c2c4c74ceea5379fdd71fc35d8ef3682eccff8 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 42c2acc2187861abc00420c3e272cebd8aa53db3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 18 16:19:59 2019 +0200
core137: add path of qosctrl
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0df4cf71052ea7a64dcf5ab8d141c54ad239b16f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 18 16:16:35 2019 +0200
core137: erase lm_sensors config after collectd start
this is needed to research the sensors with updated kernel after next reboot.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit be967dc920565a3d6768a885c496898a55442b35 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Oct 18 16:13:49 2019 +0200
Revert "firewall: always allow outgoing DNS traffic to root servers"
This reverts commit 70cd5c42f003292bd1ecb9e38018782679dbd01e.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/137/filelists/files | 3 +++ config/rootfiles/core/137/update.sh | 11 +++++++---- src/initscripts/system/firewall | 12 ------------ 3 files changed, 10 insertions(+), 16 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files index 33f86862f..3b7c8d23b 100644 --- a/config/rootfiles/core/137/filelists/files +++ b/config/rootfiles/core/137/filelists/files @@ -1,6 +1,8 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi +usr/lib/firewall/rules.pl +usr/sbin/firewall-policy var/ipfire/langs etc/logrotate.conf etc/rc.d/init.d/firewall @@ -17,3 +19,4 @@ usr/local/bin/xt_geoip_update var/ipfire/backup/bin/backup.pl var/ipfire/qos/bin/makeqosscripts.pl var/ipfire/suricata/ruleset-sources +srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/137/update.sh index 98fdff83d..da87f9430 100644 --- a/config/rootfiles/core/137/update.sh +++ b/config/rootfiles/core/137/update.sh @@ -77,12 +77,11 @@ rm -rf /boot/zImage-*-ipfire-* rm -rf /boot/uInit-*-ipfire-* rm -rf /boot/dtb-*-ipfire-* rm -rf /lib/modules -rm -f /etc/sysconfig/lm_sensors
# Remove files
# Stop services -qosctrl stop +/usr/local/bin/qosctrl stop
# Extract files extract_files @@ -99,9 +98,13 @@ ldconfig /etc/init.d/unbound restart /etc/init.d/collectd restart
+# remove lm_sensor config after collectd was started +# to reserch sensors at next boot with updated kernel +rm -f /etc/sysconfig/lm_sensors + # generate new qos script -qosctrl generate -qosctrl start +/usr/local/bin/qosctrl generate +/usr/local/bin/qosctrl start
# Search sensors again after reboot into the new kernel rm -f /etc/sysconfig/lm_sensors diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 602bd6c5b..ec396c708 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -6,7 +6,6 @@ eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings) eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings) -ROOTHINTS="/etc/unbound/root.hints" IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
if [ -f /var/ipfire/red/device ]; then @@ -308,17 +307,6 @@ iptables_init() { iptables -A INPUT -j TOR_INPUT iptables -N TOR_OUTPUT iptables -A OUTPUT -j TOR_OUTPUT - - # Allow outgoing DNS traffic (TCP and UDP) to DNS root servers - local rootserverips="$( awk '/\s+A\s+/ { print $4 }' ${ROOTHINTS} )" - ipset -N root-servers iphash - - for ip in "${rootserverips[@]}"; do - ipset add root-servers $ip - done - - iptables -A OUTPUT -m set --match-set root-servers dst -p tcp --dport 53 -j ACCEPT - iptables -A OUTPUT -m set --match-set root-servers dst -p udp --dport 53 -j ACCEPT # Jump into the actual firewall ruleset. iptables -N INPUTFW
hooks/post-receive -- IPFire 2.x development tree