This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via b563d5bd69c862c9ae1dd53fb1acff3d76af8761 (commit) via 7b97359b99add6f343a4687d5f2f6a8a86304b4f (commit) via 92206da35aef825891d5e46aeb28bb0cda043510 (commit) via 00a083aaf2003ef8f970a9c69ccf0e8020391176 (commit) from 2f8a33e182f981153a61568261ba4daf3cd7492b (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b563d5bd69c862c9ae1dd53fb1acff3d76af8761 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 5 07:58:07 2020 +0000
core143: add backup include and ids-functions
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7b97359b99add6f343a4687d5f2f6a8a86304b4f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 3 16:59:12 2020 +0200
IDS: Add GREEN and BLUE addresses to the list of DNS servers.
Fixes #12349.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 92206da35aef825891d5e46aeb28bb0cda043510 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 3 12:50:04 2020 +0200
Backup: Add idsrules tarball.
The tarball is required to generate and restore the IDS ruleset.
Fixes #12319.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 00a083aaf2003ef8f970a9c69ccf0e8020391176 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 3 12:50:03 2020 +0200
Backup: Add suricata rules-settings file.
This file contains the configured ruleset and oinkcode settings and therefore needs to be backuped and restored.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 2 ++ config/cfgroot/ids-functions.pl | 15 +++++++++++++++ config/rootfiles/core/143/filelists/files | 2 ++ 3 files changed, 19 insertions(+)
Difference in files: diff --git a/config/backup/include b/config/backup/include index 0153272f7..5db452cda 100644 --- a/config/backup/include +++ b/config/backup/include @@ -49,6 +49,7 @@ /var/ipfire/qos/bin/qos.sh /var/ipfire/suricata/*.conf /var/ipfire/suricata/*.yaml +/var/ipfire/suricata/rules-settings /var/ipfire/*/settings /var/ipfire/time/ /var/ipfire/urlfilter @@ -58,3 +59,4 @@ /var/log/rrd/* /var/log/rrd/collectd /var/log/vnstat +/var/tmp/idsrules.tar.gz diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index af8a927e0..7a2d98f03 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -711,13 +711,28 @@ sub generate_dns_servers_file() { # Get the used DNS servers. my @nameservers = &General::get_nameservers();
+ # Get network settings. + my %netsettings; + &General::readhash("${General::swroot}/ethernet/settings", %netsettings); + # Format dns servers declaration. my $line = "";
# Check if the system has configured nameservers. if (@nameservers) { + # Add the GREEN address as DNS servers. + push(@nameservers, $netsettings{'GREEN_ADDRESS'}); + + # Check if a BLUE zone exists. + if ($netsettings{'BLUE_ADDRESS'}) { + # Add the BLUE address to the array of nameservers. + push(@nameservers, $netsettings{'BLUE_ADDRESS'}); + } + + # Generate the line which will be written to the DNS servers file. $line = join(",", @nameservers); } else { + # External net simply contains (any). $line = "$EXTERNAL_NET"; }
diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files index 28c759fe3..816fffe9a 100644 --- a/config/rootfiles/core/143/filelists/files +++ b/config/rootfiles/core/143/filelists/files @@ -14,4 +14,6 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/lib/firewall/rules.pl var/ipfire/backup/bin/backup.pl +var/ipfire/backup/include +var/ipfire/ids-functions.pl var/ipfire/suricata/oinkmaster.conf
hooks/post-receive -- IPFire 2.x development tree