This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 820b2909825479b52696886d1f9054c0f709d3f0 (commit) via 0851afba33bf8f1a4562a7e755bec5af23d4d03e (commit) via 5e39f3c08a4a6e9f402b18c267fe82595cb0596b (commit) via e8b389e0f0a88f064c192305e8bbbc366300af24 (commit) via 316d14c43ad3b0b27cfa6984d8253e8f9255a87c (commit) via 6874a5765b887b51e324e1afbddc4516d66a710f (commit) via 5b2ec053c25b80843958864d4305b3108b55dd3c (commit) via c3c2ae4475a0e99a6163027405a45a1e2b4fa8b6 (commit) from 32e7b93c284fe02450e28f431453621537214a03 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 820b2909825479b52696886d1f9054c0f709d3f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:32:57 2019 +0100
Move IPS to a higher position in the Firewall menu
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0851afba33bf8f1a4562a7e755bec5af23d4d03e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:24:28 2019 +0100
remote.cgi: Move SSH Agent Forwarding to the top
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5e39f3c08a4a6e9f402b18c267fe82595cb0596b Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:22:14 2019 +0100
sshctrl: Fix syntax of generated sed command
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e8b389e0f0a88f064c192305e8bbbc366300af24 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:02:57 2019 +0100
core131: Ship PTR changes in hosts.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 316d14c43ad3b0b27cfa6984d8253e8f9255a87c Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:00:25 2019 +0100
Update list of contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6874a5765b887b51e324e1afbddc4516d66a710f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 18:04:00 2019 +0000
Unbound: do not generate PTR if the user requested not to, do so
Partially fixes #12030
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b2ec053c25b80843958864d4305b3108b55dd3c Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 22:58:35 2019 +0100
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c3c2ae4475a0e99a6163027405a45a1e2b4fa8b6 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 18:04:00 2019 +0000
add option for selective PTR generation on hosts.cgi
In some cases, it might be useful to create an additional host (i.e. for round robin loadbalancing) without assigning another PTR to the IP address specified.
This patch introduces the ability to check or uncheck PTR generation for each host individually.
Partially fixes #12030
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/menu/50-firewall.menu | 18 +++++------ config/rootfiles/core/131/filelists/files | 2 ++ doc/language_issues.en | 3 ++ doc/language_issues.es | 3 ++ doc/language_issues.fr | 3 ++ doc/language_issues.it | 3 ++ doc/language_issues.nl | 3 ++ doc/language_issues.pl | 3 ++ doc/language_issues.ru | 3 ++ doc/language_issues.tr | 3 ++ doc/language_missings | 21 +++++++++++++ html/cgi-bin/credits.cgi | 4 +-- html/cgi-bin/hosts.cgi | 52 +++++++++++++++++++++++-------- html/cgi-bin/remote.cgi | 10 +++--- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 4 ++- src/initscripts/system/unbound | 7 +++-- src/misc-progs/sshctrl.c | 4 +-- 18 files changed, 114 insertions(+), 34 deletions(-)
Difference in files: diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index 77642b0ac..5ec1f67fc 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -16,35 +16,35 @@ 'title' => "$Lang::tr{'options fw'}", 'enabled' => 1, }; - $subfirewall->{'40.p2p'} = { + $subfirewall->{'40.ids'} = {'caption' => $Lang::tr{'intrusion detection'}, + 'uri' => '/cgi-bin/ids.cgi', + 'title' => "$Lang::tr{'intrusion detection system'}", + 'enabled' => 1, + }; + $subfirewall->{'50.p2p'} = { 'caption' => $Lang::tr{'p2p block'}, 'uri' => '/cgi-bin/p2p-block.cgi', 'title' => "P2P-Block", 'enabled' => 1, }; - $subfirewall->{'50.geoipblock'} = { + $subfirewall->{'60.geoipblock'} = { 'caption' => $Lang::tr{'geoipblock'}, 'uri' => '/cgi-bin/geoip-block.cgi', 'title' => $Lang::tr{'geoipblock'}, 'enabled' => 1, }; - $subfirewall->{'60.wireless'} = { + $subfirewall->{'70.wireless'} = { 'caption' => $Lang::tr{'blue access'}, 'uri' => '/cgi-bin/wireless.cgi', 'title' => "$Lang::tr{'blue access'}", 'enabled' => 1, }; - $subfirewall->{'70.upnp'} = { + $subfirewall->{'80.upnp'} = { 'caption' => 'UPnP', 'uri' => '/cgi-bin/upnp.cgi', 'title' => "Universal Plug and Play", 'enabled' => 0, }; - $subfirewall->{'80.ids'} = {'caption' => $Lang::tr{'intrusion detection'}, - 'uri' => '/cgi-bin/ids.cgi', - 'title' => "$Lang::tr{'intrusion detection system'}", - 'enabled' => 1, - }; $subfirewall->{'90.iptables'} = { 'caption' => $Lang::tr{'ipts'}, 'uri' => '/cgi-bin/iptables.cgi', diff --git a/config/rootfiles/core/131/filelists/files b/config/rootfiles/core/131/filelists/files index 0cb51ca88..810c67b1e 100644 --- a/config/rootfiles/core/131/filelists/files +++ b/config/rootfiles/core/131/filelists/files @@ -7,11 +7,13 @@ etc/rc.d/init.d/collectd etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/red.up/23-suricata etc/rc.d/init.d/suricata +etc/rc.d/init.d/unbound etc/syslog.conf lib/udev/network-hotplug-rename opt/pakfire/etc/pakfire.conf srv/web/ipfire/cgi-bin/aliases.cgi srv/web/ipfire/cgi-bin/dnsforward.cgi +srv/web/ipfire/cgi-bin/hosts.cgi srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/ids.dat srv/web/ipfire/cgi-bin/logs.cgi/log.dat diff --git a/doc/language_issues.en b/doc/language_issues.en index b8affb54d..72d94868a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -951,6 +951,7 @@ WARNING: untranslated string: gen dh = Generate new Diffie-Hellman parameters WARNING: untranslated string: generate a certificate = Generate a certificate: WARNING: untranslated string: generate dh key = Generate Diffie-Hellman parameters WARNING: untranslated string: generate iso = Generate ISO +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: generate root/host certificates = Generate root/host certificates WARNING: untranslated string: generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient = Generating the root and host certificates may take a long time. It can take up to several minutes on older hardware. Please be patient. WARNING: untranslated string: genre = Genre @@ -1499,6 +1500,7 @@ WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: WARNING: untranslated string: qos add subclass = Add subclass @@ -1633,6 +1635,7 @@ WARNING: untranslated string: src port = Src Port WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh access = SSH Access WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh fingerprint = Fingerprint WARNING: untranslated string: ssh host keys = SSH Host Keys WARNING: untranslated string: ssh is disabled = SSH is disabled. Stopping. diff --git a/doc/language_issues.es b/doc/language_issues.es index 690416af7..f292ebb85 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1022,6 +1022,7 @@ WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. WARNING: untranslated string: gen dh = Generate new Diffie-Hellman parameters WARNING: untranslated string: generate dh key = Generate Diffie-Hellman parameters +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: grouptype = Grouptype: WARNING: untranslated string: guardian = Guardian WARNING: untranslated string: guardian block a host = unknown string @@ -1192,6 +1193,7 @@ WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS @@ -1212,6 +1214,7 @@ WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 8f8b8d39f..e903e017d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -789,6 +789,7 @@ WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string @@ -860,10 +861,12 @@ WARNING: untranslated string: local ip address = Local IP Address WARNING: untranslated string: mtu = MTU WARNING: untranslated string: no data = unknown string WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: system is offline = The system is offline. WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode diff --git a/doc/language_issues.it b/doc/language_issues.it index f8a3f6ac1..c18ff4d2b 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -854,6 +854,7 @@ WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost cust geoiplocation = GeoIP Locations WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: fwhost newgeoipgrp = GeoIP Groups +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: geoip = GeoIP WARNING: untranslated string: geoipblock = GeoIP Block WARNING: untranslated string: geoipblock block countries = Block countries @@ -961,6 +962,7 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: required field = Required field WARNING: untranslated string: route config changed = unknown string @@ -971,6 +973,7 @@ WARNING: untranslated string: samba join a domain = Join a domain WARNING: untranslated string: samba join domain = Join domain WARNING: untranslated string: search = Search WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2a1a0877c..509a58f0b 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -867,6 +867,7 @@ WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: fwhost newgeoipgrp = GeoIP Groups WARNING: untranslated string: gen dh = Generate new Diffie-Hellman parameters WARNING: untranslated string: generate dh key = Generate Diffie-Hellman parameters +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: geoip = GeoIP WARNING: untranslated string: geoipblock = GeoIP Block WARNING: untranslated string: geoipblock block countries = Block countries @@ -999,6 +1000,7 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: required field = Required field @@ -1014,6 +1016,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 690416af7..f292ebb85 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1022,6 +1022,7 @@ WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. WARNING: untranslated string: gen dh = Generate new Diffie-Hellman parameters WARNING: untranslated string: generate dh key = Generate Diffie-Hellman parameters +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: grouptype = Grouptype: WARNING: untranslated string: guardian = Guardian WARNING: untranslated string: guardian block a host = unknown string @@ -1192,6 +1193,7 @@ WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS @@ -1212,6 +1214,7 @@ WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_issues.ru b/doc/language_issues.ru index c67a93125..d6fa07a3c 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1016,6 +1016,7 @@ WARNING: untranslated string: fwhost used = Used WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster. WARNING: untranslated string: gen dh = Generate new Diffie-Hellman parameters WARNING: untranslated string: generate dh key = Generate Diffie-Hellman parameters +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: geoip = GeoIP WARNING: untranslated string: geoipblock = GeoIP Block WARNING: untranslated string: geoipblock block countries = Block countries @@ -1188,6 +1189,7 @@ WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS @@ -1208,6 +1210,7 @@ WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 7ebb4d0e7..9a4339db9 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -794,6 +794,7 @@ WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string @@ -868,11 +869,13 @@ WARNING: untranslated string: no data = unknown string WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br> WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br> +WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: ssh active sessions = Active logins +WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since WARNING: untranslated string: ssh no active logins = No active logins WARNING: untranslated string: ssh username = Username diff --git a/doc/language_missings b/doc/language_missings index 07813f252..9d13d4775 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -493,6 +493,7 @@ < fw settings ruletable < gen dh < generate dh key +< generate ptr < grouptype < guardian < hardware support @@ -656,6 +657,7 @@ < proxy reports monthly < proxy reports today < proxy reports weekly +< ptr < qos enter bandwidths < random number generator daemon < rdns @@ -674,6 +676,7 @@ < source ip country < ssh < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username @@ -841,6 +844,7 @@ < dnsforward dnssec disabled < dns forwarding dnssec disabled notice < emerging pro rules +< generate ptr < ids apply < ids apply ruleset changes < ids automatic rules update @@ -874,7 +878,9 @@ < ipsec settings < local ip address < mtu +< ptr < runmode +< ssh agent forwarding < subnet mask < system is offline < transport mode does not support vti @@ -1008,6 +1014,7 @@ < fwhost cust geoipgroup < fwhost cust geoiplocation < fwhost newgeoipgrp +< generate ptr < geoip < geoipblock < geoipblock block countries @@ -1083,6 +1090,7 @@ < pptp netconfig < pptp peer < pptp route +< ptr < rdns < required field < runmode @@ -1090,6 +1098,7 @@ < samba join domain < search < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username @@ -1290,6 +1299,7 @@ < fwhost newgeoipgrp < gen dh < generate dh key +< generate ptr < geoip < geoipblock < geoipblock block countries @@ -1393,6 +1403,7 @@ < pptp netconfig < pptp peer < pptp route +< ptr < random number generator daemon < rdns < required field @@ -1405,6 +1416,7 @@ < software version < source ip country < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username @@ -1888,6 +1900,7 @@ < fw settings ruletable < gen dh < generate dh key +< generate ptr < geoip < geoipblock < geoipblock block countries @@ -2047,6 +2060,7 @@ < proxy reports monthly < proxy reports today < proxy reports weekly +< ptr < qos enter bandwidths < random number generator daemon < rdns @@ -2064,6 +2078,7 @@ < source ip country < ssh < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username @@ -2652,6 +2667,7 @@ < fw settings ruletable < gen dh < generate dh key +< generate ptr < geoip < geoipblock < geoipblock block countries @@ -2811,6 +2827,7 @@ < proxy reports monthly < proxy reports today < proxy reports weekly +< ptr < qos enter bandwidths < random number generator daemon < rdns @@ -2828,6 +2845,7 @@ < source ip country < ssh < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username @@ -3000,6 +3018,7 @@ < dns forwarding dnssec disabled notice < emerging pro rules < fwdfw all subnets +< generate ptr < ids apply < ids apply ruleset changes < ids automatic rules update @@ -3037,8 +3056,10 @@ < ovpn error dh < ovpn error md5 < ovpn warning rfc3280 +< ptr < runmode < ssh active sessions +< ssh agent forwarding < ssh login time < ssh no active logins < ssh username diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index 337e8bc22..baa49fd3b 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -90,12 +90,13 @@ Rene Zingel, Sascha Kilian, Ronald Wiesinger, Stephan Feddersen, +Stéphane Pautrel, Justin Luth, Michael Eitelwein, -Stéphane Pautrel, Bernhard Bitsch, Dominik Hassler, Larsen, +Alexander Koch, Gabriel Rolland, Anton D. Seliverstov, Bernhard Bittner, @@ -105,7 +106,6 @@ Jakub Ratajczak, Jorrit de Jonge, Jörn-Ingo Weigert, Przemek Zdroik, -Alexander Koch, Alexander Rudolf Gruber, Andrew Bellows, Axel Gembe, diff --git a/html/cgi-bin/hosts.cgi b/html/cgi-bin/hosts.cgi index 41fe8a5b6..973c480b3 100644 --- a/html/cgi-bin/hosts.cgi +++ b/html/cgi-bin/hosts.cgi @@ -2,9 +2,9 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # -# This program is free software you can redistribute it and/or modify # +# This program is free software you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # @@ -50,9 +50,10 @@ our %settings = (); #Must not be saved ! $settings{'EN'} = ''; # reuse for dummy field in position zero $settings{'IP'} = ''; -$settings{'HOST'} = ''; -$settings{'DOM'} = ''; -my @nosaved=('EN','IP','HOST','DOM'); # List here ALL setting2 fields. Mandatory +$settings{'HOST'} = ''; +$settings{'DOM'} = ''; +$settings{'PTR'} = ''; +my @nosaved=('EN','IP','HOST','DOM','PTR'); # List here ALL setting2 fields. Mandatory
$settings{'ACTION'} = ''; # add/edit/remove $settings{'KEY1'} = ''; # point record for ACTION @@ -78,6 +79,10 @@ if (open(FILE, "$datafile")) { ## Settings1 Box not used... &General::readhash("${General::swroot}/main/settings", %settings);
+# Set PTR to off if filed was not received +if ($settings{'PTR'} eq '') { + $settings{'PTR'} = 'off'; +}
## Now manipulate the multi-line list with Settings2 # Basic actions are: @@ -122,13 +127,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) { $errormessage = $Lang::tr{'invalid domain name'}; }
- unless ($errormessage) { if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'}\n"); + unshift (@current, "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'},$settings{'PTR'}\n"); &General::log($Lang::tr{'hosts config added'}); } else { - @current[$settings{'KEY1'}] = "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'}\n"; + @current[$settings{'KEY1'}] = "$settings{'EN'},$settings{'IP'},$settings{'HOST'},$settings{'DOM'},$settings{'PTR'}\n"; $settings{'KEY1'} = ''; # End edit mode &General::log($Lang::tr{'hosts config changed'}); } @@ -150,6 +154,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'IP'}=$temp[1]; $settings{'HOST'}=$temp[2]; $settings{'DOM'}=$temp[3]; + if ($temp[4] eq '') { + $settings{'PTR'} = 'on'; + } else { + $settings{'PTR'}=$temp[4]; + } }
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { @@ -190,6 +199,7 @@ if ($settings{'ACTION'} eq '' ) { # First launch from GUI # Place here default value when nothing is initialized $settings{'EN'} = 'on'; $settings{'DOM'} = $settings{'DOMAINNAME'}; + $settings{'PTR'} = 'on'; }
&Header::openpage($Lang::tr{'hostname'}, 1, ''); @@ -238,6 +248,7 @@ if ($errormessage) { # Second check box is for editing the list # $checked{'EN'}{'on'} = ($settings{'EN'} eq '' ) ? '' : "checked='checked'"; +$checked{'PTR'}{'on'} = ($settings{'PTR'} eq 'off' ) ? '' : "checked='checked'";
my $buttontext = $Lang::tr{'add'}; if ($settings{'KEY1'} ne '') { @@ -257,9 +268,16 @@ print <<END <td><input type='text' name='IP' value='$settings{'IP'}' /></td> <td class='base'>$Lang::tr{'hostname'}: <img src='/blob.gif' alt='*' /></td> <td><input type='text' name='HOST' value='$settings{'HOST'}' /></td> -</tr><tr> +</tr> +<tr> <td class='base'>$Lang::tr{'domain name'}:</td> <td><input type='text' name='DOM' value='$settings{'DOM'}' /></td> + <td class='base'>$Lang::tr{'generate ptr'}:</td> + <td><input type='checkbox' name='PTR' $checked{'PTR'}{'on'} /></td> +</tr> +<tr> + <td> </td> + <td> </td> <td class='base'>$Lang::tr{'enabled'}</td> <td><input type='checkbox' name='EN' $checked{'EN'}{'on'} /></td> </tr> @@ -288,7 +306,8 @@ print <<END <tr> <th width='20%' align='center'><a href='$ENV{'SCRIPT_NAME'}?IP'><b>$Lang::tr{'host ip'}</b></a></th> <th width='20%' align='center'><a href='$ENV{'SCRIPT_NAME'}?HOST'><b>$Lang::tr{'hostname'}</b></a></th> - <th width='50%' align='center'><a href='$ENV{'SCRIPT_NAME'}?DOM'><b>$Lang::tr{'domain name'}</b></a></th> + <th width='40%' align='center'><a href='$ENV{'SCRIPT_NAME'}?DOM'><b>$Lang::tr{'domain name'}</b></a></th> + <th width='10%' align='center' class='boldbase'><b>$Lang::tr{'ptr'}</b></th> <th width='10%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th> </tr> END @@ -315,6 +334,12 @@ foreach my $line (@current) { $gdesc = $Lang::tr{'click to enable'}; }
+ if ($temp[4] eq '' || $temp[4] eq 'on') { + $temp[4] = $Lang::tr{'yes'}; + } else { + $temp[4] = $Lang::tr{'no'}; + } + #Colorize each line if ($settings{'KEY1'} eq $key) { print "<tr bgcolor='${Header::colouryellow}'>"; @@ -329,6 +354,7 @@ foreach my $line (@current) { <td align='center' $col>$temp[1]</td> <td align='center' $col>$temp[2]</td> <td align='center' $col>$temp[3]</td> +<td align='center' $col>$temp[4]</td> <td align='center' $col> <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> @@ -430,14 +456,14 @@ sub SortDataFile my $key = 0; foreach my $line (@current) { chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK) - my @temp = ( '','','', ''); + my @temp = ( '','','','',''); @temp = split (',',$line);
# Build a pair 'Field Name',value for each of the data dataline. # Each SORTABLE field must have is pair. # Other data fields (non sortable) can be grouped in one - my @record = ('KEY',$key++,'EN',$temp[0],'IP',$temp[1],'HOST',$temp[2],'DOM',$temp[3]); + my @record = ('KEY',$key++,'EN',$temp[0],'IP',$temp[1],'HOST',$temp[2],'DOM',$temp[3],'PTR',$temp[4]); my $record = {}; # create a reference to empty hash %{$record} = @record; # populate that hash with @record $entries{$record->{KEY}} = $record; # add this to a hash of hashes @@ -447,7 +473,7 @@ sub SortDataFile
# Each field value is printed , with the newline ! Don't forget separator and order of them. foreach my $entry (sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{EN},$entries{$entry}->{IP},$entries{$entry}->{HOST},$entries{$entry}->{DOM}\n"; + print FILE "$entries{$entry}->{EN},$entries{$entry}->{IP},$entries{$entry}->{HOST},$entries{$entry}->{DOM},$entries{$entry}->{PTR}\n"; }
close(FILE); diff --git a/html/cgi-bin/remote.cgi b/html/cgi-bin/remote.cgi index 10d94fe99..8beb84efa 100644 --- a/html/cgi-bin/remote.cgi +++ b/html/cgi-bin/remote.cgi @@ -145,6 +145,11 @@ print <<END <td><input type='checkbox' name='ENABLE_SSH' $checked{'ENABLE_SSH'}{'on'} /></td> <td class='base' colspan='2'>$Lang::tr{'ssh access'}</td> </tr> +<tr> + <td> </td> + <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td> + <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td> +</tr> <tr> <td> </td> <td><input type='checkbox' name='ENABLE_SSH_PORTFW' $checked{'ENABLE_SSH_PORTFW'}{'on'} /></td> @@ -165,11 +170,6 @@ print <<END <td><input type='checkbox' name='SSH_PORT' $checked{'SSH_PORT'}{'on'} /></td> <td width='100%' class='base'>$Lang::tr{'ssh port'}</td> </tr> -<tr> - <td> </td> - <td><input type='checkbox' name='SSH_AGENT_FORWARDING' $checked{'SSH_AGENT_FORWARDING'}{'on'} /></td> - <td width='100%' class='base'>$Lang::tr{'ssh agent forwarding'}</td> -</tr> <tr> <td align='right' colspan='3'> <input type='submit' name='ACTION' value='$Lang::tr{'ssh tempstart15'}' /> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d63ebe6e5..90b1ada06 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1261,6 +1261,7 @@ 'generate a certificate' => 'Erzeuge ein Zertifikat:', 'generate dh key' => 'Diffie-Hellman Key generieren', 'generate iso' => 'ISO erstellen', +'generate ptr' => 'PTR erzeugen', 'generate root/host certificates' => 'Erzeuge Root/Host-Zertifikate', 'generate tripwire keys and init' => 'Tripwire Initalisierung', 'generatekeys' => 'Neue Schlüssel erzeugen', @@ -1998,6 +1999,7 @@ 'proxy reports today' => 'Heute', 'proxy reports weekly' => 'Wöchentliche Berichte', 'psk' => 'PSK', +'ptr' => 'PTR', 'pulse' => 'Puls', 'pulse dial' => 'Pulswahl:', 'qos add subclass' => 'Unterklasse hinzufügen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a709604b0..98e99f150 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1293,6 +1293,7 @@ 'generate a certificate' => 'Generate a certificate:', 'generate dh key' => 'Generate Diffie-Hellman parameters', 'generate iso' => 'Generate ISO', +'generate ptr' => 'Generate PTR', 'generate root/host certificates' => 'Generate root/host certificates', 'generate tripwire keys and init' => 'generate tripwire keys and init', 'generatekeys' => 'Generate Keys', @@ -2036,6 +2037,7 @@ 'proxy reports today' => 'Today', 'proxy reports weekly' => 'Weekly reports', 'psk' => 'PSK', +'ptr' => 'PTR', 'pulse' => 'Pulse', 'pulse dial' => 'Pulse dial:', 'qos add subclass' => 'Add subclass', @@ -2230,7 +2232,7 @@ 'ssh access' => 'SSH Access', 'ssh access tip' => 'IPFire SSH is not using default port 22!', 'ssh active sessions' => 'Active logins', -'ssh agent forwarding' => 'Enable SSH agent forwarding', +'ssh agent forwarding' => 'Allow SSH Agent Forwarding', 'ssh fingerprint' => 'Fingerprint', 'ssh host keys' => 'SSH Host Keys', 'ssh is disabled' => 'SSH is disabled. Stopping.', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index af9bcef73..e87f9e10d 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -172,9 +172,9 @@ own_hostname() { }
update_hosts() { - local enabled address hostname domainname + local enabled address hostname domainname generateptr
- while IFS="," read -r enabled address hostname domainname; do + while IFS="," read -r enabled address hostname domainname generateptr; do [ "${enabled}" = "on" ] || continue
# Build FQDN @@ -185,6 +185,9 @@ update_hosts() { # Skip reverse resolution if the address equals the GREEN address [ "${address}" = "${GREEN_ADDRESS}" ] && continue
+ # Skip reverse resolution if user requested not to do so + [ "${generateptr}" = "off" ] && continue + # Add RDNS address=$(ip_address_revptr ${address}) unbound-control -q local_data "${address} ${LOCAL_TTL} IN PTR ${fqdn}" diff --git a/src/misc-progs/sshctrl.c b/src/misc-progs/sshctrl.c index 476dbc9d5..f855c5a4a 100644 --- a/src/misc-progs/sshctrl.c +++ b/src/misc-progs/sshctrl.c @@ -72,9 +72,9 @@ int main(int argc, char *argv[]) strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/;", STRING_SIZE - 1 ); if(findkey(kv, "SSH_PORT", buffer) && !strcmp(buffer,"on")) - strlcat(command, "s/^Port .*$/Port 22/", STRING_SIZE - 1 ); + strlcat(command, "s/^Port .*$/Port 22/;", STRING_SIZE - 1 ); else - strlcat(command, "s/^Port .*$/Port 222/", STRING_SIZE - 1 ); + strlcat(command, "s/^Port .*$/Port 222/;", STRING_SIZE - 1 );
if(findkey(kv, "SSH_AGENT_FORWARDING", buffer) && !strcmp(buffer,"on")) strlcat(command, "s/^AllowAgentForwarding .*$/AllowAgentForwarding yes/;", STRING_SIZE - 1 );
hooks/post-receive -- IPFire 2.x development tree