[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 240acdfd875b2c143e2ef95e2100382c4b6d0569 - IPFire-SCM

18 Jan 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  240acdfd875b2c143e2ef95e2100382c4b6d0569 (commit)
       via  37c84696a2c0eecda7bed87bea042018469c4120 (commit)
       via  0053269b90ed2902506fc46d9eaa3cc9472d7ccd (commit)
       via  917ee261019ef78e8cc5a681fa2abf55c8999e18 (commit)
      from  c27850183cce88fa26024be063a71a002bca5111 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 240acdfd875b2c143e2ef95e2100382c4b6d0569
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Jan 18 18:37:40 2014 +0100
Drop "Extra Query" for Shutdown and Reboot from gui.cgi.
In the past this option has been used to prevent users from
    accidently shutting down or rebooting their systems. With IPFire 2.15
    there is a own subpage on the WUI for doing this actions, so there is no
    need anymore for those extra query.
commit 37c84696a2c0eecda7bed87bea042018469c4120
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Jan 18 18:11:09 2014 +0100
Make firewall convert scripts more robust.
The converter scripts procude a lot of error, when they get executed on a system with
    a previously installed version of the New Firewall or they get run twice.
In this case the scripts will detect that their input files are missing and will exit with
    an error message. The scripts now also check if the input files are empty (no corresponding
    rules created) and will exit with an nothing to do message.
commit 0053269b90ed2902506fc46d9eaa3cc9472d7ccd
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Jan 18 18:05:32 2014 +0100
Core 76: Fix sed command.
There was a syntax error in one of the sed commands, which produced the following error:
    sed: -e expression #1, char 34: unknown option to `s'.
commit 917ee261019ef78e8cc5a681fa2abf55c8999e18
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Jan 18 18:00:37 2014 +0100
Core76: Drop output of iptables commands.
When updating a system with previously installed New Firewall,
    the required firewall chains already are created. In this case error messages
    will be displayed which could be ignored but may unsettle somebody.
-----------------------------------------------------------------------
Summary of changes:
 config/firewall/convert-dmz        |  9 +++++++++
 config/firewall/convert-outgoingfw | 28 ++++++++++++++++++++++++----
 config/firewall/convert-portfw     | 11 +++++++++++
 config/firewall/convert-xtaccess   | 11 +++++++++++
 config/rootfiles/core/76/update.sh | 16 ++++++++--------
 html/cgi-bin/gui.cgi               | 17 -----------------
 6 files changed, 63 insertions(+), 29 deletions(-)
Difference in files:

diff --git a/config/firewall/convert-dmz b/config/firewall/convert-dmz
index fbcc4cf..7b77045 100755
--- a/config/firewall/convert-dmz
+++ b/config/firewall/convert-dmz
@@ -55,6 +55,15 @@ my $field29 = 'ALL';
 my $field30 = '';
 my $field31 = 'dnat';
+if (! -e "$dmzconfig") {
+	print "DMZ config file not found. Exiting!\n";
+	exit(1);
+}
+
+if (! -s "$dmzconfig") {
+	print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+	exit(0);
+}
open(FILE, $dmzconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw
index 4f8bcdc..ea49375 100755
--- a/config/firewall/convert-outgoingfw
+++ b/config/firewall/convert-outgoingfw
@@ -48,8 +48,8 @@ my $ccdconfig		= "${General::swroot}/ovpn/ccd.conf";
 my $fwdfwconfig		= "${General::swroot}/firewall/config";
 my $outfwconfig		= "${General::swroot}/firewall/outgoing";
 my $fwdfwsettings	= "${General::swroot}/firewall/settings";
-my @ipgroups = qx(ls $ipgrouppath);
-my @macgroups = qx(ls $macgrouppath);
+my @ipgroups = qx(ls $ipgrouppath 2>/dev/null);
+my @macgroups = qx(ls $macgrouppath 2>/dev/null);
 my @hostarray=();
 my %outsettings=();
 my %hosts=();
@@ -65,16 +65,36 @@ my %ownnet=();
 my %ovpnSettings = ();
 my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', 'Активен', 'Aktif');
 &General::readhash("${General::swroot}/ovpn/settings", %ovpnSettings);
-&General::readhash($outfwsettings,%outsettings);
 &General::readhash("${General::swroot}/ethernet/settings", %ownnet);
+if (-e "$outfwsettings") {
+	&General::readhash($outfwsettings,%outsettings);
+}
+else
+{
+	print "Config file for outgoing-firewall not found. Exiting!\n";
+	exit(1);
+}
+
+if (! -s "$outfwsettings") {
+        print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+        exit(0);
+}
+
 #ONLY RUN if /var/ipfire/outgoing exists
 if ( -d "/var/ipfire/outgoing"){
    &process_groups;
    &process_rules;
    &process_p2p;
 }
+else
+{
+	print "/var/ipfire/outgoing not found. Exiting!\n";
+	exit 1
+}
+
 system("/usr/local/bin/firewallctrl");
+
 sub process_groups
 {
    if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
@@ -111,7 +131,7 @@ sub process_groups
    foreach my $group (@macgroups){
    	chomp $group;
    	print LOG "\nProcessing MAC-GROUP: $group...\n";
-		open (DATEI, "<$macgrouppath/$group");
+		open (DATEI, "<$macgrouppath/$group") or die 'Unable to open config file.';
    	my @zeilen = <DATEI>;
    	foreach my $mac (@zeilen){
    		chomp($mac);
diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw
index 447ef90..fedddee 100755
--- a/config/firewall/convert-portfw
+++ b/config/firewall/convert-portfw
@@ -36,6 +36,17 @@ my ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$rem
 my ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
 my $count=0;
 my $jump;
+
+if (! -e "$portfwconfig") {
+        print "Config file for portforward not found. Exiting!\n";
+        exit(1);
+}
+
+if (! -s "$portfwconfig") {
+        print "Empty portforward configuration file. Nothing to do. Exiting...\n";
+        exit(0);
+}
+
 if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
 open(FILE, $portfwconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
diff --git a/config/firewall/convert-xtaccess b/config/firewall/convert-xtaccess
index 363af7a..d11e09c 100755
--- a/config/firewall/convert-xtaccess
+++ b/config/firewall/convert-xtaccess
@@ -49,6 +49,17 @@ my $field28 = '';
 my $field29 = 'ALL';
 my $field30 = '';
 my $field31 = 'dnat';
+
+if (! -e "$xtaccessconfig") {
+        print "Config file for external access not found. Exiting!\n";
+        exit(1);
+}
+
+if (! -s "$xtaccessconfig") {
+        print "Empty external access configuration file. Nothing to do. Exiting...\n";
+        exit(0);
+}
+
 open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
 close(FILE);
diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index ea1ede9..cf0d2f9 100644
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -245,13 +245,13 @@ rm -f /usr/local/bin/outgoingfwctrl
 rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
# Generate chains for new firewall
-/sbin/iptables -N INPUTFW
-/sbin/iptables -N FORWARDFW
-/sbin/iptables -N POLICYFWD
-/sbin/iptables -N POLICYIN
-/sbin/iptables -N POLICYOUT
-/sbin/iptables -t nat -N NAT_SOURCE
-/sbin/iptables -t nat -N NAT_DESTINATION
+/sbin/iptables -N INPUTFW 2>/dev/null
+/sbin/iptables -N FORWARDFW 2>/dev/null
+/sbin/iptables -N POLICYFWD 2>/dev/null
+/sbin/iptables -N POLICYIN 2>/dev/null
+/sbin/iptables -N POLICYOUT 2>/dev/null
+/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
+/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
# Convert firewall configuration
 /usr/sbin/convert-xtaccess
@@ -267,7 +267,7 @@ sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
 sed -i -e "s/^proc/#proc/g" /etc/fstab
 sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
 sed -i -e "s/^devpts/#devpts/g" /etc/fstab
-sed -i -e "s|^none\s/var/run|#none	/var/run|/g" /etc/fstab
+sed -i -e "s|^none\s/var/run|#none	/var/run|g" /etc/fstab
# Convert udev persistent network rules
 sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
diff --git a/html/cgi-bin/gui.cgi b/html/cgi-bin/gui.cgi
index dfdf7cd..80a0596 100644
--- a/html/cgi-bin/gui.cgi
+++ b/html/cgi-bin/gui.cgi
@@ -38,7 +38,6 @@ my $errormessage='';
$cgiparams{'SPEED'} = 'off';
 $cgiparams{'WINDOWWITHHOSTNAME'} = 'off';
-$cgiparams{'REBOOTQUESTION'} = 'off';
 $cgiparams{'REFRESHINDEX'} = 'off';
 $cgiparams{'ACTION'} = '';
 &Header::getcgihash(%cgiparams);
@@ -87,7 +86,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
         # write cgi vars to the file.
    $mainsettings{'LANGUAGE'} = $cgiparams{'lang'};
    $mainsettings{'WINDOWWITHHOSTNAME'} = $cgiparams{'WINDOWWITHHOSTNAME'};
-	$mainsettings{'REBOOTQUESTION'} = $cgiparams{'REBOOTQUESTION'};
    $mainsettings{'PPPUPDOWNBEEP'} = $cgiparams{'PPPUPDOWNBEEP'};
    $mainsettings{'SPEED'} = $cgiparams{'SPEED'};
    $mainsettings{'THEME'} = $cgiparams{'theme'};
@@ -101,12 +99,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
    } else {
    	$cgiparams{'WINDOWWITHHOSTNAME'} = 'on';
    }
-	
-	if ($mainsettings{'REBOOTQUESTION'}) {
-		$cgiparams{'REBOOTQUESTION'} = $mainsettings{'REBOOTQUESTION'};
-	} else {
-		$cgiparams{'REBOOTQUESTION'} = 'on';
-	}
if ($mainsettings{'PPPUPDOWNBEEP'}) {
    	$cgiparams{'PPPUPDOWNBEEP'} = $mainsettings{'PPPUPDOWNBEEP'};
@@ -139,7 +131,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
 if ($cgiparams{'ACTION'} eq "$Lang::tr{'restore defaults'}")
 {
    $cgiparams{'WINDOWWITHHOSTNAME'} = 'on';
-	$cgiparams{'REBOOTQUESTION'} = 'on';
    $cgiparams{'PPPUPDOWNBEEP'} = 'on';
    $cgiparams{'REFRESHINDEX'} = 'off';
    $cgiparams{'SPEED'} = 'on';
@@ -150,10 +141,6 @@ $checked{'WINDOWWITHHOSTNAME'}{'off'} = '';
 $checked{'WINDOWWITHHOSTNAME'}{'on'} = '';
 $checked{'WINDOWWITHHOSTNAME'}{$cgiparams{'WINDOWWITHHOSTNAME'}} = "checked='checked'";
-$checked{'REBOOTQUESTION'}{'off'} = '';
-$checked{'REBOOTQUESTION'}{'on'} = '';
-$checked{'REBOOTQUESTION'}{$cgiparams{'REBOOTQUESTION'}} = "checked='checked'";
-
 $checked{'PPPUPDOWNBEEP'}{'off'} = '';
 $checked{'PPPUPDOWNBEEP'}{'on'} = '';
 $checked{'PPPUPDOWNBEEP'}{$cgiparams{'PPPUPDOWNBEEP'}} = "checked='checked'";
@@ -185,10 +172,6 @@ print <<END
     <td>$Lang::tr{'display hostname in window title'}</td>
 </tr>
 <tr>
-    <td><input type='checkbox' name='REBOOTQUESTION' $checked{'REBOOTQUESTION'}{'on'} /></td>
-    <td>$Lang::tr{'reboot question'}</td>
-</tr>
-<tr>
     <td><input type='checkbox' name='REFRESHINDEX' $checked{'REFRESHINDEX'}{'on'} /></td>
     <td>$Lang::tr{'refresh index page while connected'}</td>
 </tr>
hooks/post-receive
--
IPFire 2.x development tree

    