This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 9fcba2b5df715041e4a9057e749de2faee46e508 (commit) via 32d91ecad81e1d18b5631d9a58692725926cc908 (commit) via 977007bfd9b463e9c6418ccf1547dee0944cc82b (commit) via a3712ff967ddc5dff05a39a8319981ba9b42b6a6 (commit) via 2f662bf05894c031754e4e7d9c807709a72bb674 (commit) via 8e7c5e65ad3ad6ab9005b0018b9dfaa4532183b4 (commit) from c485f38c996cab87c98a78f1cadc2c2197d30625 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 9fcba2b5df715041e4a9057e749de2faee46e508 Merge: 32d91ec c485f38 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:24:12 2016 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 32d91ecad81e1d18b5631d9a58692725926cc908 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:23:22 2016 +0100
conntrack: Remove old disable_nf_sip indicator file
This is not used any more and not needed either.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 977007bfd9b463e9c6418ccf1547dee0944cc82b Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:22:31 2016 +0100
core101: Migrate conntrack settings that broke in 100
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a3712ff967ddc5dff05a39a8319981ba9b42b6a6 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:15:55 2016 +0100
core101: Add recent changes on firewall
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2f662bf05894c031754e4e7d9c807709a72bb674 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:14:14 2016 +0100
optionsfw.cgi: Clean up code
Add translation to radio buttons. No functional changes.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8e7c5e65ad3ad6ab9005b0018b9dfaa4532183b4 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 20 16:04:24 2016 +0100
firewall: Fix connection tracking for PPTP
GRE connections were not correctly forwarded without the helper being enabled. Choosing the wrong protocol here did not allow us to load it properly.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/configroot | 1 - config/rootfiles/core/101/filelists/files | 2 + config/rootfiles/core/101/update.sh | 16 ++++++++ html/cgi-bin/optionsfw.cgi | 65 +++++++++++++++++++++++++------ lfs/configroot | 2 +- src/initscripts/init.d/firewall | 2 +- 6 files changed, 73 insertions(+), 15 deletions(-)
Difference in files: diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 71539ef..f37f97e 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -94,7 +94,6 @@ var/ipfire/logging var/ipfire/mac #var/ipfire/mac/settings var/ipfire/main -#var/ipfire/main/disable_nf_sip #var/ipfire/main/hosts #var/ipfire/main/routing #var/ipfire/main/settings diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files index 0f75ac8..c04cff6 100644 --- a/config/rootfiles/core/101/filelists/files +++ b/config/rootfiles/core/101/filelists/files @@ -1,5 +1,7 @@ etc/system-release etc/issue +etc/rc.d/init.d/firewall srv/web/ipfire/cgi-bin/chpasswd.cgi srv/web/ipfire/cgi-bin/ipinfo.cgi +srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/config/rootfiles/core/101/update.sh b/config/rootfiles/core/101/update.sh index f448474..eb81d61 100644 --- a/config/rootfiles/core/101/update.sh +++ b/config/rootfiles/core/101/update.sh @@ -50,6 +50,22 @@ extract_files # update linker config ldconfig
+# Fix conntrack configuration +for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do + if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then + echo "${i}=on" + fi +done >> /var/ipfire/optionsfw/settings + +# Special handling for SIP +if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then + if [ -e "/var/ipfire/main/disable_nf_sip" ]; then + echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings + rm -f /var/ipfire/main/disable_nf_sip + else + echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings + fi +fi
# Update Language cache #/usr/local/bin/update-lang-cache diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 7a0e8e0..1ab3c7d 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -129,6 +129,9 @@ $checked{'CONNTRACK_H323'}{$settings{'CONNTRACK_H323'}} = "checked='checked'"; $checked{'CONNTRACK_IRC'}{'off'} = ''; $checked{'CONNTRACK_IRC'}{'on'} = ''; $checked{'CONNTRACK_IRC'}{$settings{'CONNTRACK_IRC'}} = "checked='checked'"; +$checked{'CONNTRACK_PPTP'}{'off'} = ''; +$checked{'CONNTRACK_PPTP'}{'on'} = ''; +$checked{'CONNTRACK_PPTP'}{$settings{'CONNTRACK_PPTP'}} = "checked='checked'"; $checked{'CONNTRACK_SIP'}{'off'} = ''; $checked{'CONNTRACK_SIP'}{'on'} = ''; $checked{'CONNTRACK_SIP'}{$settings{'CONNTRACK_SIP'}} = "checked='checked'"; @@ -239,21 +242,59 @@ END <tr><td align='left' width='60%'>$Lang::tr{'fw settings dropdown'}</td><td align='left'>on <input type='radio' name='SHOWDROPDOWN' value='on' $checked{'SHOWDROPDOWN'}{'on'} />/ <input type='radio' name='SHOWDROPDOWN' value='off' $checked{'SHOWDROPDOWN'}{'off'} /> off</td></tr> </table> + <br /> -<table width='95%' cellspacing='0'> -<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'application layer gateways'}</b></td></tr> -<tr><td align='left' width='60%'>FTP</td><td align='left'>on <input type='radio' name='CONNTRACK_FTP' value='on' $checked{'CONNTRACK_FTP'}{'on'} />/ - <input type='radio' name='CONNTRACK_FTP' value='off' $checked{'CONNTRACK_FTP'}{'off'} /> off</td></tr> -<tr><td align='left' width='60%'>H.323</td><td align='left'>on <input type='radio' name='CONNTRACK_H323' value='on' $checked{'CONNTRACK_H323'}{'on'} />/ - <input type='radio' name='CONNTRACK_H323' value='off' $checked{'CONNTRACK_H323'}{'off'} /> off</td></tr> -<tr><td align='left' width='60%'>IRC</td><td align='left'>on <input type='radio' name='CONNTRACK_IRC' value='on' $checked{'CONNTRACK_IRC'}{'on'} />/ - <input type='radio' name='CONNTRACK_IRC' value='off' $checked{'CONNTRACK_IRC'}{'off'} /> off</td></tr> -<tr><td align='left' width='60%'>SIP</td><td align='left'>on <input type='radio' name='CONNTRACK_SIP' value='on' $checked{'CONNTRACK_SIP'}{'on'} />/ - <input type='radio' name='CONNTRACK_SIP' value='off' $checked{'CONNTRACK_SIP'}{'off'} /> off</td></tr> -<tr><td align='left' width='60%'>TFTP</td><td align='left'>on <input type='radio' name='CONNTRACK_TFTP' value='on' $checked{'CONNTRACK_TFTP'}{'on'} />/ - <input type='radio' name='CONNTRACK_TFTP' value='off' $checked{'CONNTRACK_TFTP'}{'off'} /> off</td></tr>
+<table width='95%' cellspacing='0'> + <tr bgcolor='$color{'color20'}'> + <td colspan='2' align='left'> + <b>$Lang::tr{'application layer gateways'}</b> + </td> + </tr> + <tr> + <td align='left' width='60%'>FTP</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_FTP' value='on' $checked{'CONNTRACK_FTP'}{'on'} /> / + <input type='radio' name='CONNTRACK_FTP' value='off' $checked{'CONNTRACK_FTP'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>H.323</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_H323' value='on' $checked{'CONNTRACK_H323'}{'on'} /> / + <input type='radio' name='CONNTRACK_H323' value='off' $checked{'CONNTRACK_H323'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>IRC</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_IRC' value='on' $checked{'CONNTRACK_IRC'}{'on'} /> / + <input type='radio' name='CONNTRACK_IRC' value='off' $checked{'CONNTRACK_IRC'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>PPTP</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_PPTP' value='on' $checked{'CONNTRACK_PPTP'}{'on'} /> / + <input type='radio' name='CONNTRACK_PPTP' value='off' $checked{'CONNTRACK_PPTP'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>SIP</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_SIP' value='on' $checked{'CONNTRACK_SIP'}{'on'} /> / + <input type='radio' name='CONNTRACK_SIP' value='off' $checked{'CONNTRACK_SIP'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>TFTP</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='CONNTRACK_TFTP' value='on' $checked{'CONNTRACK_TFTP'}{'on'} /> / + <input type='radio' name='CONNTRACK_TFTP' value='off' $checked{'CONNTRACK_TFTP'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> </table> + <br /> <table width='95%' cellspacing='0'> <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr> diff --git a/lfs/configroot b/lfs/configroot index f8e9ce4..f02894e 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -66,7 +66,7 @@ $(TARGET) : dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \ - isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \ + isdn/settings mac/settings main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index cb52670..1d6309c 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -128,7 +128,7 @@ iptables_init() { if [ "${CONNTRACK_PPTP}" = "on" ]; then iptables -A CONNTRACK -m conntrack --ctstate RELATED \ -m helper --helper pptp -j ACCEPT - iptables -t raw -A CONNTRACK -p udp --dport 1723 -j CT --helper pptp + iptables -t raw -A CONNTRACK -p tcp --dport 1723 -j CT --helper pptp fi
# TFTP
hooks/post-receive -- IPFire 2.x development tree