[git.ipfire.org] IPFire 2.x development tree branch, core84, updated. e43b21264f8b0c28a9b03f8f65d46e47572df719

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, core84, updated. e43b21264f8b0c28a9b03f8f65d46e47572df719
@ 2014-10-04 11:54 git
  0 siblings, 0 replies; 2+ messages in thread
From: git @ 2014-10-04 11:54 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 3931 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, core84 has been updated
       via  e43b21264f8b0c28a9b03f8f65d46e47572df719 (commit)
       via  791c2b45d873d02d3955ac846b69a3ee1e1f6f47 (commit)
       via  243f8ca6e937084c18085d85278ee9c200c69936 (commit)
      from  8285512a18dad754da18e57e25445609f6ad7148 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e43b21264f8b0c28a9b03f8f65d46e47572df719
Merge: 8285512 791c2b4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Sat Oct 4 13:53:49 2014 +0200

    Merge branch 'next'

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl                                 | 14 ++++++++++++--
 config/rootfiles/{oldcore/32 => core/84}/filelists/squid |  0
 config/rootfiles/core/84/update.sh                       |  2 ++
 lfs/squid                                                |  4 ++--
 4 files changed, 16 insertions(+), 4 deletions(-)
 copy config/rootfiles/{oldcore/32 => core/84}/filelists/squid (100%)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 40fb8dd..4d70382 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -131,6 +131,12 @@ sub print_rule {
 	print "\n";
 }
 
+sub count_elements {
+	my $hash = shift;
+
+	return scalar @$hash;
+}
+
 sub flush {
 	run("$IPTABLES -F $CHAIN_INPUT");
 	run("$IPTABLES -F $CHAIN_FORWARD");
@@ -186,6 +192,9 @@ sub buildrules {
 		# Skip disabled rules.
 		next unless ($$hash{$key}[2] eq 'ON');
 
+		# Count number of elements in this line
+		my $elements = &count_elements($$hash{$key});
+
 		if ($DEBUG) {
 			print_rule($$hash{$key});
 		}
@@ -270,7 +279,8 @@ sub buildrules {
 
 		# Concurrent connection limit
 		my @ratelimit_options = ();
-		if ($$hash{$key}[32] eq 'ON') {
+
+		if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
 			my $conn_limit = $$hash{$key}[33];
 
 			if ($conn_limit ge 1) {
@@ -286,7 +296,7 @@ sub buildrules {
 		}
 
 		# Ratelimit
-		if ($$hash{$key}[34] eq 'ON') {
+		if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
 			my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
 
 				if ($rate_limit) {
diff --git a/config/rootfiles/core/84/filelists/squid b/config/rootfiles/core/84/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/84/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/84/update.sh b/config/rootfiles/core/84/update.sh
index 1b83326..93a9e20 100644
--- a/config/rootfiles/core/84/update.sh
+++ b/config/rootfiles/core/84/update.sh
@@ -32,6 +32,7 @@ do
 done
 
 # Stop services
+/etc/init.d/squid stop
 /etc/init.d/dnsmasq stop
 
 # Remove old files
@@ -41,6 +42,7 @@ extract_files
 
 # Start services
 /etc/init.d/dnsmasq start
+/etc/init.d/squid start
 
 # Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
diff --git a/lfs/squid b/lfs/squid
index 921feeb..548abd9 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.4.7
+VER        = 3.4.8
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 74677634121649ccb87a5655fcd4298d
+$(DL_FILE)_MD5 = b0c4335447248810169f58ea4d8b204a
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [git.ipfire.org] IPFire 2.x development tree branch, core84, updated. e43b21264f8b0c28a9b03f8f65d46e47572df719
@ 2014-10-04 16:00 git
  0 siblings, 0 replies; 2+ messages in thread
From: git @ 2014-10-04 16:00 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 2467 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, core84 has been updated
  discards  402c0097ec47b82437296507bc2c5118b8cf9401 (commit)

This update discarded existing revisions and left the branch pointing at
a previous point in the repository history.

 * -- * -- N (e43b21264f8b0c28a9b03f8f65d46e47572df719)
            \
             O -- O -- O (402c0097ec47b82437296507bc2c5118b8cf9401)

The removed revisions are not necessarilly gone - if another reference
still refers to them they will stay in the repository.

No new revisions were added by this update.

Summary of changes:
 config/firewall/rules.pl        | 16 +++++++++++++---
 src/initscripts/init.d/firewall |  5 -----
 2 files changed, 13 insertions(+), 8 deletions(-)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 58cc439..4d70382 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -554,19 +554,29 @@ sub time_convert_to_minutes {
 }
 
 sub p2pblock {
+	my $search_action;
+	my $target;
+
+	if ($fwdfwsettings{"POLICY"} eq "MODE1") {
+		$search_action = "on";
+		$target = "ACCEPT";
+	} else {
+		$search_action = "off";
+		$target = "DROP";
+	}
+
 	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
 	my @protocols = ();
 	foreach my $p2pentry (<FILE>) {
 		my @p2pline = split(/\;/, $p2pentry);
-		next unless ($p2pline[2] eq "off";
+		next unless ($p2pline[2] eq $search_action);
 
 		push(@protocols, "--$p2pline[1]");
 	}
 	close(FILE);
 
 	if (@protocols) {
-		run("$IPTABLES -F P2PBLOCK");
-		run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
+		run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target");
 	}
 }
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 9620c80..66ca432 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -84,11 +84,6 @@ iptables_init() {
 	iptables -A INPUT   -p tcp -j BADTCP
 	iptables -A FORWARD -p tcp -j BADTCP
 
-	# P2P Block (must before connection tracking)
-	iptables -N P2PBLOCK
-	iptables -A INPUT   -p tcp -j P2PBLOCK
-	iptables -A FORWARD -p tcp -j P2PBLOCK
-
 	# Connection tracking chain
 	iptables -N CONNTRACK
 	iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-10-04 16:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-04 11:54 [git.ipfire.org] IPFire 2.x development tree branch, core84, updated. e43b21264f8b0c28a9b03f8f65d46e47572df719 git
2014-10-04 16:00 git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox