* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3cba134fa88e94d62c5d14d862c60642d5a37240
@ 2014-01-28 19:51 git
0 siblings, 0 replies; only message in thread
From: git @ 2014-01-28 19:51 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 9638 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 3cba134fa88e94d62c5d14d862c60642d5a37240 (commit)
via 7ab6a8536cb653b8c096ac67b87eaa3ddf228e12 (commit)
via 73372ed4e6b573c4a1078b771df4f6623fc79927 (commit)
via 5bdefccbbc18f604b39305a84d238d13988b9a78 (commit)
from f1eb69d672ae21db7c314bcbab1bbd2e9b4c7c5a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3cba134fa88e94d62c5d14d862c60642d5a37240
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 28 20:51:24 2014 +0100
core76: Cleanup rootfile.
p2protocols is not an actual configuration file editable
by the user.
commit 7ab6a8536cb653b8c096ac67b87eaa3ddf228e12
Merge: 73372ed 5bdefcc
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 28 20:49:32 2014 +0100
Merge remote-tracking branch 'stevee/core-76-update' into next
commit 73372ed4e6b573c4a1078b771df4f6623fc79927
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jan 28 20:48:24 2014 +0100
firewall: Move scripts from /var/ipfire/firewall/bin to /usr/lib/firewall.
commit 5bdefccbbc18f604b39305a84d238d13988b9a78
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 18 23:36:41 2014 +0100
Core 76: Don't extract firewall config files.
While updating the configfiles of the firewall has been extracted and replaced,
the existing one's if the new firewall was allready installed. As a result of
this behaviour all firewall rules, settings or created groups were lost. We now
try to create them by using touch if they do not exist.
-----------------------------------------------------------------------
Summary of changes:
config/firewall/rules.pl | 2 +-
config/rootfiles/common/configroot | 3 ---
config/rootfiles/common/stage2 | 3 +++
config/rootfiles/core/76/filelists/firewall | 13 -------------
config/rootfiles/core/76/update.sh | 19 +++++++++++++++++++
lfs/configroot | 11 +++--------
lfs/stage2 | 7 +++++++
src/misc-progs/firewallctrl.c | 2 +-
8 files changed, 34 insertions(+), 26 deletions(-)
Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index f26ae5f..4380764 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -45,7 +45,7 @@ my @DPROT=();
my @p2ps=();
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
-require "${General::swroot}/firewall/bin/firewall-lib.pl";
+require "/usr/lib/firewall/firewall-lib.pl";
my $configfwdfw = "${General::swroot}/firewall/config";
my $configinput = "${General::swroot}/firewall/input";
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index b1097cd..f509370 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -50,9 +50,6 @@ var/ipfire/extrahd
#var/ipfire/extrahd/scan
#var/ipfire/extrahd/settings
var/ipfire/firewall
-#var/ipfire/firewall/bin
-#var/ipfire/firewall/bin/firewall-lib.pl
-#var/ipfire/firewall/bin/rules.pl
#var/ipfire/firewall/config
#var/ipfire/firewall/dmz
#var/ipfire/firewall/input
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 4286cec..a796624 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -66,6 +66,9 @@ root/ipfire
#usr/bin/perl
#usr/include
#usr/lib
+usr/lib/firewall
+usr/lib/firewall/firewall-lib.pl
+usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
#usr/lib/libstdc++.la
diff --git a/config/rootfiles/core/76/filelists/firewall b/config/rootfiles/core/76/filelists/firewall
index 3edde8e..1c58191 100644
--- a/config/rootfiles/core/76/filelists/firewall
+++ b/config/rootfiles/core/76/filelists/firewall
@@ -9,19 +9,6 @@ usr/sbin/convert-outgoingfw
usr/sbin/convert-portfw
usr/sbin/convert-xtaccess
usr/sbin/firewall-policy
-var/ipfire/firewall
-var/ipfire/firewall/bin/firewall-lib.pl
-var/ipfire/firewall/bin/rules.pl
-var/ipfire/firewall/config
-var/ipfire/firewall/input
-var/ipfire/firewall/outgoing
var/ipfire/firewall/p2protocols
-var/ipfire/firewall/settings
-var/ipfire/fwhosts
-var/ipfire/fwhosts/customhosts
-var/ipfire/fwhosts/customnetworks
-var/ipfire/fwhosts/customgroups
-var/ipfire/fwhosts/customservices
-var/ipfire/fwhosts/customservicegrp
var/ipfire/fwhosts/icmp-types
var/ipfire/menu.d/50-firewall.menu
diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index a8f726a..0295a64 100644
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -192,6 +192,10 @@ fi
ln -svf ../run /var/run
+# Creating directories for new firewall.
+mkdir -p /var/ipfire/firewall
+mkdir -p /var/ipfire/fwhosts
+
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
@@ -253,6 +257,21 @@ rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
+# Create config files for firewall and fix permissions.
+touch /var/ipfire/firewall/config
+touch /var/ipfire/firewall/input
+touch /var/ipfire/firewall/outgoing
+touch /var/ipfire/firewall/settings
+touch /var/ipfire/fwhosts/customhosts
+touch /var/ipfire/fwhosts/customnetworks
+touch /var/ipfire/fwhosts/customgroups
+touch /var/ipfire/fwhosts/customservices
+touch /var/ipfire/fwhosts/customservicegrp
+
+# Fix ownership.
+chown -R nobody:nobody /var/ipfire/firewall
+chown -R nobody:nobody /var/ipfire/fwhosts
+
# Convert firewall configuration
/usr/sbin/convert-xtaccess
/usr/sbin/convert-outgoingfw
diff --git a/lfs/configroot b/lfs/configroot
index 98e7af3..8250a77 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -51,7 +51,7 @@ $(TARGET) :
# Create all directories
for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
- ethernet extrahd/bin fwlogs fwhosts firewall firewall/bin isdn key langs logging mac main \
+ ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
menu.d modem net-traffic net-traffic/templates nfs optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
@@ -99,13 +99,11 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
- cp $(DIR_SRC)/config/firewall/rules.pl $(CONFIG_ROOT)/firewall/bin/rules.pl
cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess
cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw
cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols
- cp $(DIR_SRC)/config/firewall/firewall-lib.pl $(CONFIG_ROOT)/firewall/bin/firewall-lib.pl
cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
@@ -132,13 +130,10 @@ $(TARGET) :
echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
-
- # set rules.pl executable
- chmod 755 $(CONFIG_ROOT)/firewall/bin/rules.pl
-
+
# set converters executable
chmod 755 /usr/sbin/convert-*
-
+
# Modify variables in header.pl
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
-e "s+VERSION+$(VERSION)+g" \
diff --git a/lfs/stage2 b/lfs/stage2
index 3d64f68..956f589 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -101,6 +101,13 @@ $(TARGET) :
# Move script to correct place.
mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
+ # Install firewall scripts.
+ mkdir -pv /usr/lib/firewall
+ install -m 755 $(DIR_SRC)/config/firewall/rules.pl \
+ /usr/lib/firewall/rules.pl
+ install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
+ /usr/lib/firewall/firewall-lib.pl
+
# Nobody user
-mkdir -p /home/nobody
chown -R nobody:nobody /home/nobody
diff --git a/src/misc-progs/firewallctrl.c b/src/misc-progs/firewallctrl.c
index 97de271..0f17659 100644
--- a/src/misc-progs/firewallctrl.c
+++ b/src/misc-progs/firewallctrl.c
@@ -13,7 +13,7 @@ int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
- int retval = safe_system("/var/ipfire/firewall/bin/rules.pl");
+ int retval = safe_system("/usr/lib/firewall/rules.pl");
/* If rules.pl has been successfully executed, the indicator
* file is removed. */
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-01-28 19:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-28 19:51 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3cba134fa88e94d62c5d14d862c60642d5a37240 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox