From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0389942c2bc24b93de68269606bcd11a4ce57dab
Date: Sat, 18 Apr 2015 16:16:11 +0200 [thread overview]
Message-ID: <20150418141612.6147E21EA6@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 133009 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 0389942c2bc24b93de68269606bcd11a4ce57dab (commit)
via 49b70d62a939c564bb1386d3f5b13eb1f98bd55f (commit)
via db5b5de9a9cbb53b713cbc95a80021e458a5041f (commit)
via 46d3a4cb16ea09393fa141f56478e7d1d247b67c (commit)
via b8fe6ca756adb45f7ea92b6211204d17fc701ff1 (commit)
via 30654fd82b9185597689c701c99987e02de2a959 (commit)
via cbc5a4374fd19c8657792f14813da52b801fd681 (commit)
via 91d6b6ef07fc9915dcb2ca8ed0147118615b690d (commit)
via e6c4f090b694a8d102da5b2765dcdac871f20517 (commit)
via 054d584786a60ed443d96642eb5a094e265da637 (commit)
via ef4edcfb203a3610efb7e47cb6f4e3337cb2e312 (commit)
via a8e59d803594f5af0ac1532e89aac6bd11600ecf (commit)
via 0ff5b2b0ac39be6954e0b727e21d98c631bb051b (commit)
via 64d886f53f0dcd5c6284b56b4965ad19eaf4d80a (commit)
via 85abe3323a0b43976686d1c8e875861c7510abce (commit)
via d9f47d9b9e5041ee9b9d5fc40471cffe67d2a35e (commit)
via 1ed8aedfdb9af8deaafac797b85b68c407feb6d7 (commit)
via 0bb4b135d121cec8efbae6c63b3ea6cf85eacb97 (commit)
via e24668f99a053d2073de80fe2d0dc8c5d73d2cbc (commit)
via 663221a256af64d3bfe8c9bc0fe534059eb7dcee (commit)
via 16bbdeb988cec0e4af25a0be334e23842ad9414a (commit)
via 93bfe63d55bf611887fbc25c251c6fb0ce2ab1d4 (commit)
via b9ca2fa60f1ac0127d0bbddb016d0acb578e660d (commit)
via 6897c329b5b323567267d364fefdf01a9bff5688 (commit)
via 2e3cb8edbc9f203adf6d702cfddf465ccaf2e2d7 (commit)
via bc9446c65ff048ebce8c0665cc0efe2231fb37de (commit)
via d9bf6d8b2f195e8d1f0287af19cf9fed331e9377 (commit)
via c0a97a0f4a9c7787801015301a34a01da39596f5 (commit)
via e472a10de91406b6440add5245de388cb4ab34f5 (commit)
via 1dcd87157d4b52ee304094a586674dcb4919c3ba (commit)
via 4313aa18e9e3b3f6717946b88c8a67f79dea40be (commit)
via 192a8266e2571a324a793fa512a9c852661ae25b (commit)
via a2b7328a265fb414929d8194b509580054f5c753 (commit)
via e497310ee02c7b6f2071bf021f26bc254d97f439 (commit)
via 0909c0d15058ddf023369afefab634781cc2702d (commit)
via 58c74d078780b88bf060fa179bd55dd483164b87 (commit)
via f2d941436b9721cdbfc37f0c7769088d14621d13 (commit)
via 211694e588cf65dba21b6f9eb32f1ca7fd4520eb (commit)
via 593c32275adf2b5bc7a887ad1d14350863ee57e4 (commit)
via cab02e2a5f77eaf0bc12f7c115348baf2a04b699 (commit)
via 484e01fc3791c7cce818c4d578b5e883846b4c51 (commit)
via 2285f9da225d245dda6653ce05de9665bd9a792d (commit)
via ca842e182227d69ea70e90e18f5a81d458cf06d3 (commit)
via cc26ba71a193700177d8bc118e79b050964562f7 (commit)
via 11ad82532e54fedd2a9b55f5c4a7b2f7a62a2002 (commit)
via 91634dbe88cc85a77b1b30246e527d3dac908f24 (commit)
via cebb1b7cb1327b87e3fa6932eee151a26a9f85c2 (commit)
via b8e0573b5c698df6ba5587da9c4fc9595288ae79 (commit)
via 72074fcdd2169a4698d5a5dec288e2adeca9af67 (commit)
via bf235e962cdd2d0d95d9a6ccfef0b449d181bb04 (commit)
via 67716b19bb5ab806fdd63f630e53c158dabedf2d (commit)
from d54a2ce45232412d2b674df51cc8012d8e2c846d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0389942c2bc24b93de68269606bcd11a4ce57dab
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 18 16:16:01 2015 +0200
Update translations
commit 49b70d62a939c564bb1386d3f5b13eb1f98bd55f
Merge: d54a2ce db5b5de
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 18 16:15:17 2015 +0200
Merge remote-tracking branch 'stevee/core-90-geoip' into next
commit db5b5de9a9cbb53b713cbc95a80021e458a5041f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 22:00:51 2015 +0200
Core90: Update crontab.
commit 46d3a4cb16ea09393fa141f56478e7d1d247b67c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 20:37:00 2015 +0200
Core90: Add GeoIP to update.
commit b8fe6ca756adb45f7ea92b6211204d17fc701ff1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 19:40:53 2015 +0200
Roofile updates for GeoIP related files.
commit 30654fd82b9185597689c701c99987e02de2a959
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 19:39:11 2015 +0200
configroot: Add geoip related files.
Create required empty files and install geoip-functions.pl to
desired destination.
commit cbc5a4374fd19c8657792f14813da52b801fd681
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 10:51:44 2015 +0200
Revert "perl-Locale-Country: Update country codes to version 3.33."
This reverts commit bf235e962cdd2d0d95d9a6ccfef0b449d181bb04.
commit 91d6b6ef07fc9915dcb2ca8ed0147118615b690d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 16 10:51:03 2015 +0200
Revert roofile update for Locale-Country.
This reverts commit f2d941436b9721cdbfc37f0c7769088d14621d13.
commit e6c4f090b694a8d102da5b2765dcdac871f20517
Merge: 30986db 054d584
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Apr 15 17:10:49 2015 +0200
Merge branch 'next-geoip' into core-90-geoip
commit 054d584786a60ed443d96642eb5a094e265da637
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 9 18:14:48 2015 +0200
de.pl: Fix umlauts in GeoIP related strings.
This issue has been intruced in commit 0ff5b2b0ac39be6954e0b727e21d98c631bb051b.
commit ef4edcfb203a3610efb7e47cb6f4e3337cb2e312
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Apr 1 20:29:00 2015 +0200
crontab: Fix syntax for xt_geoip_update call.
commit a8e59d803594f5af0ac1532e89aac6bd11600ecf
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Mar 31 22:14:56 2015 +0200
GeoIP: Update english translation.
commit 0ff5b2b0ac39be6954e0b727e21d98c631bb051b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Mar 31 19:45:15 2015 +0200
GeoIP: Add german translation.
commit 64d886f53f0dcd5c6284b56b4965ad19eaf4d80a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Mar 31 18:56:32 2015 +0200
crontab: Call xt_geoip_update random once a month.
commit 85abe3323a0b43976686d1c8e875861c7510abce
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 22 18:53:17 2015 +0100
Add spanish translations for GeoIP related strings.
A big thanks to Roberto Peña to provide them on the IPFire forum.
http://forum.ipfire.org/viewtopic.php?f=52&t=11950&sid=f50fe6f51e0f45f1402c7a2164225398&start=30#p82360
commit d9f47d9b9e5041ee9b9d5fc40471cffe67d2a35e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 19 22:09:24 2015 +0100
xt_geoip_update: Add support for upstream proxy.
commit 1ed8aedfdb9af8deaafac797b85b68c407feb6d7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 15 11:41:50 2015 +0100
fwhosts.cgi: Fix fw-reload detection when adding new entries to a geoip group.
Read-in firewall config files for detection if the current group is used
by at least one firewall rule and mark the firewall to need a reload if
neccessary.
Fixes #10771.
commit 0bb4b135d121cec8efbae6c63b3ea6cf85eacb97
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 8 10:09:16 2015 +0100
rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.
Otherwise existing rules still remain in the chain and will be processed
even geoipblock has been disabled.
commit e24668f99a053d2073de80fe2d0dc8c5d73d2cbc
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 7 22:39:32 2015 +0100
networking/red.up/99-geoip-database: Fix empty folder check.
commit 663221a256af64d3bfe8c9bc0fe534059eb7dcee
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 7 21:31:27 2015 +0100
xt_geoip_update: Fix script path.
commit 16bbdeb988cec0e4af25a0be334e23842ad9414a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 7 21:30:19 2015 +0100
networking/red.up/99-geoip-database: Fix typo.
commit 93bfe63d55bf611887fbc25c251c6fb0ce2ab1d4
Merge: e60cd3a b9ca2fa
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 15 11:38:45 2015 +0100
Merge branch 'seventeen-geoip' into next-geoip
commit b9ca2fa60f1ac0127d0bbddb016d0acb578e660d
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Feb 17 17:01:42 2015 +0100
Add support for generating GeoIP-based firewall rules.
This commit adds support to the rules.pl and firewall-lib.pl to generate
correct iptables commands for inserting GeoIP-based firewall rules
into the kernel.
commit 6897c329b5b323567267d364fefdf01a9bff5688
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 17 08:41:16 2015 +0100
xt_geoip_update: Fix mktemp calls.
commit 2e3cb8edbc9f203adf6d702cfddf465ccaf2e2d7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Feb 14 19:18:27 2015 +0100
stage2: Rootfile update.
commit bc9446c65ff048ebce8c0665cc0efe2231fb37de
Merge: d9bf6d8 309b7de
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Feb 14 12:34:31 2015 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen-geoip
Conflicts:
make.sh
commit d9bf6d8b2f195e8d1f0287af19cf9fed331e9377
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Feb 12 20:10:05 2015 +0100
Language file update.
commit c0a97a0f4a9c7787801015301a34a01da39596f5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Feb 8 18:41:44 2015 +0100
firewall.cgi: Add support for GeoIP locations / GeoIP groups.
commit e472a10de91406b6440add5245de388cb4ab34f5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Feb 8 18:24:51 2015 +0100
geoip-block.cgi: Use geoip-functions.pl.
commit 1dcd87157d4b52ee304094a586674dcb4919c3ba
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Feb 8 18:23:01 2015 +0100
geoip-functions.pl: A collection of functions dealing with GeoIP.
commit 4313aa18e9e3b3f6717946b88c8a67f79dea40be
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Feb 8 13:37:06 2015 +0100
fwhosts.cgi: Add support for GeoIP groups.
commit 192a8266e2571a324a793fa512a9c852661ae25b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 14:07:06 2015 +0100
geoip-block.cgi: Requires firewall-lib.pl.
commit a2b7328a265fb414929d8194b509580054f5c753
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 13:52:29 2015 +0100
Language file update.
commit e497310ee02c7b6f2071bf021f26bc254d97f439
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 13:51:28 2015 +0100
Add "GeoIP Block" to firewall menu.
commit 0909c0d15058ddf023369afefab634781cc2702d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 13:40:34 2015 +0100
Automatically download and update GeoIP Databases.
commit 58c74d078780b88bf060fa179bd55dd483164b87
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 13:36:06 2015 +0100
lfs/stage2: Add directory for geoip databases.
commit f2d941436b9721cdbfc37f0c7769088d14621d13
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 08:23:53 2015 +0100
Rootfile update.
commit 211694e588cf65dba21b6f9eb32f1ca7fd4520eb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 01:05:45 2015 +0100
firewall: Add support for geoipblock to rules.pl.
commit 593c32275adf2b5bc7a887ad1d14350863ee57e4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 01:03:21 2015 +0100
Move "sub get_geoip_locations" to firewall-lib.
commit cab02e2a5f77eaf0bc12f7c115348baf2a04b699
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 00:57:23 2015 +0100
Add "GEOIPBLOCK" chains to firewall initscript.
commit 484e01fc3791c7cce818c4d578b5e883846b4c51
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 00:56:00 2015 +0100
Add default config file for geoipblock.
commit 2285f9da225d245dda6653ce05de9665bd9a792d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 00:55:17 2015 +0100
Add xt_geoip_update script.
This script will download the latest available geoip database, convert
it into a compatible binary format and move it to the correct destination.
commit ca842e182227d69ea70e90e18f5a81d458cf06d3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jan 4 00:54:46 2015 +0100
xt_geoip_build: Script to convert GeoIP CSV into compatible binary databases.
This is a cleaned up version of the original build script shipped by the
xtables-addons source code.
The following abilities have been removed:
* IPv6 support
* Big Endian
commit cc26ba71a193700177d8bc118e79b050964562f7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 20:22:05 2015 +0100
header.pl: Increase maximum allowed size of hashes.
The "getcgihash" function only allowed hashes with a maximum size of 512kb, which
was to small for the new geoip-block.cgi. As a result of this some form data
were cut-off and couldn't be processed correctly.
commit 11ad82532e54fedd2a9b55f5c4a7b2f7a62a2002
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 20:20:45 2015 +0100
Language file update for geoip blocking.
commit 91634dbe88cc85a77b1b30246e527d3dac908f24
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 20:20:10 2015 +0100
geoip-block.cgi: New CGI for managing geoip blocking.
commit cebb1b7cb1327b87e3fa6932eee151a26a9f85c2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 20:15:28 2015 +0100
general-functions.pl: Add function to get full country name.
This function will return the full name a country specified by
it's country shortcut. It also will provide some additional names
which are not handled by the perl locale module but are parts of
ISO 3166.
commit b8e0573b5c698df6ba5587da9c4fc9595288ae79
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 14:07:49 2015 +0100
xtables-addons: New package.
The xtables-addons package provides many additional filter modules for iptables.
Currently we are only building the "geoip" module which can be used to create
firewall rules which will do actions based on the country membership of the senders/targets
address.
In order to build the required kernel modules I had to change build order for
several packages as well.
commit 72074fcdd2169a4698d5a5dec288e2adeca9af67
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 14:03:20 2015 +0100
perl-Text-CSV_XS: New package.
This perl module is required to convert the provided geoip databases in CSV format into
a useable binary format for the geoip module.
commit bf235e962cdd2d0d95d9a6ccfef0b449d181bb04
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 3 14:01:43 2015 +0100
perl-Locale-Country: Update country codes to version 3.33.
commit 67716b19bb5ab806fdd63f630e53c158dabedf2d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Dec 20 16:02:29 2014 +0100
perl-Text-CSV_XS: New package.
This is a dependency for the xtables-geoip module to convert the only in the cvs
provided geoip list into a compatible binary format.
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 1 +
config/cfgroot/geoip-functions.pl | 90 ++++
config/cfgroot/header.pl | 2 +-
config/cron/crontab | 3 +
config/firewall/firewall-lib.pl | 61 +++
config/firewall/geoipblock | 1 +
config/firewall/rules.pl | 49 +-
config/menu/50-firewall.menu | 6 +
config/rootfiles/common/apache2 | 1 +
config/rootfiles/common/armv5tel/initscripts | 1 +
config/rootfiles/common/configroot | 3 +
config/rootfiles/common/i586/initscripts | 1 +
config/rootfiles/common/perl-Text-CSV_XS | 8 +
config/rootfiles/common/stage2 | 4 +
config/rootfiles/common/xtables-addons | 7 +
config/rootfiles/core/90/exclude | 4 +-
config/rootfiles/core/90/filelists/files | 12 +
.../rootfiles/core/90/filelists/perl-Text-CSV_XS | 1 +
config/rootfiles/core/90/filelists/xtables-addons | 1 +
config/rootfiles/core/90/update.sh | 26 +
config/xtables-addons/mconfig | 24 +
doc/language_issues.de | 8 +
doc/language_issues.en | 8 +
doc/language_issues.es | 10 +
doc/language_issues.fr | 14 +
doc/language_issues.it | 17 +
doc/language_issues.nl | 14 +
doc/language_issues.pl | 10 +
doc/language_issues.ru | 14 +
doc/language_issues.tr | 14 +
doc/language_missings | 70 +++
html/cgi-bin/firewall.cgi | 67 ++-
html/cgi-bin/fwhosts.cgi | 534 ++++++++++++++++++++-
html/cgi-bin/geoip-block.cgi | 263 ++++++++++
langs/de/cgi-bin/de.pl | 20 +
langs/en/cgi-bin/en.pl | 20 +
langs/es/cgi-bin/es.pl | 10 +
lfs/configroot | 5 +-
lfs/{Mail-Tools => perl-Text-CSV_XS} | 12 +-
lfs/stage2 | 2 +-
lfs/{kmod => xtables-addons} | 52 +-
make.sh | 13 +-
src/initscripts/init.d/firewall | 5 +
.../init.d/networking/red.up/99-geoip-database | 23 +
src/scripts/xt_geoip_build | 89 ++++
src/scripts/xt_geoip_update | 137 ++++++
46 files changed, 1701 insertions(+), 36 deletions(-)
create mode 100644 config/cfgroot/geoip-functions.pl
mode change 100755 => 100644 config/firewall/firewall-lib.pl
create mode 100644 config/firewall/geoipblock
mode change 100755 => 100644 config/firewall/rules.pl
create mode 100644 config/rootfiles/common/perl-Text-CSV_XS
create mode 100644 config/rootfiles/common/xtables-addons
create mode 120000 config/rootfiles/core/90/filelists/perl-Text-CSV_XS
create mode 120000 config/rootfiles/core/90/filelists/xtables-addons
create mode 100644 config/xtables-addons/mconfig
create mode 100644 html/cgi-bin/geoip-block.cgi
copy lfs/{Mail-Tools => perl-Text-CSV_XS} (93%)
copy lfs/{kmod => xtables-addons} (77%)
create mode 100644 src/initscripts/init.d/networking/red.up/99-geoip-database
create mode 100644 src/scripts/xt_geoip_build
create mode 100644 src/scripts/xt_geoip_update
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 35ae7c0..29f7e8c 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -17,6 +17,7 @@ package General;
use strict;
use Socket;
use IO::Socket;
+use Locale::Country;
use Net::SSLeay;
use Net::IPv4Addr qw(:all);
$|=1; # line buffering
diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl
new file mode 100644
index 0000000..68b6f50
--- /dev/null
+++ b/config/cfgroot/geoip-functions.pl
@@ -0,0 +1,90 @@
+#!/usr/bin/perl -w
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2015 IPFire Team <info(a)ipfire.org>. #
+# #
+############################################################################
+
+package GeoIP;
+
+use Locale::Country;
+
+# Function to get the flag icon for a specified country code.
+sub get_flag_icon($) {
+ my ($input) = @_;
+
+ # Webserver's root dir. (Required for generating full path)
+ my $webroot = "/srv/web/ipfire/html";
+
+ # Directory which contains the flag icons.
+ my $flagdir = "/images/flags";
+
+ # File extension of the country flags.
+ my $ext = "png";
+
+ # Remove whitespaces.
+ chomp($input);
+
+ # Convert given country code to lower case.
+ my $ccode = lc($input);
+
+ # Generate filename, based on the contry code in lower case
+ # and the defined file extension.
+ my $file = join('.', $ccode,$ext);
+
+ # Generate path inside webroot to the previously generated file.
+ my $flag_icon = join('/', $flagdir,$file);
+
+ # Generate absolute path to the icon file.
+ my $absolute_path = join('', $webroot,$flag_icon);
+
+ # Check if the a icon file exists.
+ if (-e "$absolute_path") {
+ # Return content of flag_icon.
+ return $flag_icon;
+ }
+}
+
+# Function to get the county name by a given country code.
+sub get_full_country_name($) {
+ my ($input) = @_;
+ my $name;
+
+ # Remove whitespaces.
+ chomp($input);
+
+ # Convert input into lower case format.
+ my $code = lc($input);
+
+ # Handle country codes which are not in the list.
+ if ($code eq "a1") { $name = "Anonymous Proxy" }
+ elsif ($code eq "a2") { $name = "Satellite Provider" }
+ elsif ($code eq "o1") { $name = "Other Country" }
+ elsif ($code eq "ap") { $name = "Asia/Pacific Region" }
+ elsif ($code eq "eu") { $name = "Europe" }
+ elsif ($code eq "yu") { $name = "Yugoslavia" }
+ else {
+ # Use perl built-in module to get the country code.
+ $name = &Locale::Country::code2country($code);
+ }
+
+ return $name;
+}
+
+1;
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index cf895bf..974c4d8 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -263,7 +263,7 @@ sub getcgihash {
return if ($ENV{'REQUEST_METHOD'} ne 'POST');
if (!$params->{'wantfile'}) {
$CGI::DISABLE_UPLOADS = 1;
- $CGI::POST_MAX = 512 * 1024;
+ $CGI::POST_MAX = 1024 * 1024;
} else {
$CGI::POST_MAX = 10 * 1024 * 1024;
}
diff --git a/config/cron/crontab b/config/cron/crontab
index d78d08f..d5e5d7e 100644
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -57,3 +57,6 @@ HOME=/
# Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
+
+# Update GeoIP database once a month.
+%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
old mode 100755
new mode 100644
index f3cd67f..b389fac
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -27,6 +27,7 @@ package fwlib;
my %customnetwork=();
my %customhost=();
my %customgrp=();
+my %customgeoipgrp=();
my %customservice=();
my %customservicegrp=();
my %ccdnet=();
@@ -42,6 +43,7 @@ require '/var/ipfire/general-functions.pl';
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
@@ -59,6 +61,7 @@ my $netsettings = "${General::swroot}/ethernet/settings";
&General::readhasharray("$confignet", \%customnetwork);
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$configgrp", \%customgrp);
+&General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
&General::readhasharray("$configccdnet", \%ccdnet);
&General::readhasharray("$configccdhost", \%ccdhost);
&General::readhasharray("$configipsec", \%ipsecconf);
@@ -300,6 +303,17 @@ sub get_addresses
}
}
}
+ }elsif ($addr_type ~~ ["cust_geoip_src", "cust_geoip_tgt"] && $value =~ "group:") {
+ $value=substr($value,6);
+ foreach my $grp (sort {$a <=> $b} keys %customgeoipgrp) {
+ if ($customgeoipgrp{$grp}[0] eq $value) {
+ my @address = &get_address($addr_type, $customgeoipgrp{$grp}[2], $type);
+
+ if (@address) {
+ push(@addresses, @address);
+ }
+ }
+ }
} else {
my @address = &get_address($addr_type, $value, $type);
@@ -414,6 +428,20 @@ sub get_address
}
}
+ # Handle rule options with GeoIP as source.
+ } elsif ($key eq "cust_geoip_src") {
+ # Get external interface.
+ my $external_interface = &get_external_interface();
+
+ push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+
+ # Handle rule options with GeoIP as target.
+ } elsif ($key eq "cust_geoip_tgt") {
+ # Get external interface.
+ my $external_interface = &get_external_interface();
+
+ push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+
# If nothing was selected, we assume "any".
} else {
push(@ret, ["0/0", ""]);
@@ -552,4 +580,37 @@ sub get_internal_firewall_ip_address
return 0;
}
+sub get_geoip_locations() {
+ # Path to the directory which contains the binary geoip
+ # databases.
+ my $directory="/usr/share/xt_geoip/LE";
+
+ # Array to store the final country list.
+ my @country_codes = ();
+
+ # Open location and do a directory listing.
+ opendir(DIR, "$directory");
+ my @locations = readdir(DIR);
+ closedir(DIR);
+
+ # Loop through the directory listing, and cut of the file extensions.
+ foreach my $location (sort @locations) {
+ # skip . and ..
+ next if($location =~ /^\.$/);
+ next if($location =~ /^\.\.$/);
+
+ # Remove whitespaces.
+ chomp($location);
+
+ # Cut-off file extension.
+ my ($country_code, $extension) = split(/\./, $location);
+
+ # Add country code to array.
+ push(@country_codes, $country_code);
+ }
+
+ # Return final array.
+ return @country_codes;
+}
+
return 1;
diff --git a/config/firewall/geoipblock b/config/firewall/geoipblock
new file mode 100644
index 0000000..4d483d3
--- /dev/null
+++ b/config/firewall/geoipblock
@@ -0,0 +1 @@
+GEOIPBLOCK_ENABLED=off
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
old mode 100755
new mode 100644
index 8abc675..5358996
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -60,6 +60,7 @@ my $configfwdfw = "${General::swroot}/firewall/config";
my $configinput = "${General::swroot}/firewall/input";
my $configoutgoing = "${General::swroot}/firewall/outgoing";
my $p2pfile = "${General::swroot}/firewall/p2protocols";
+my $geoipfile = "${General::swroot}/firewall/geoipblock";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
@@ -102,6 +103,9 @@ sub main {
# Load P2P block rules.
&p2pblock();
+ # Load GeoIP block rules.
+ &geoipblock();
+
# Reload firewall policy.
run("/usr/sbin/firewall-policy");
@@ -365,13 +369,17 @@ sub buildrules {
my @source_options = ();
if ($source =~ /mac/) {
push(@source_options, $source);
- } elsif ($source) {
+ } elsif ($source =~ /-m geoip/) {
+ push(@source_options, $source);
+ } elsif($source) {
push(@source_options, ("-s", $source));
}
# Prepare destination options.
my @destination_options = ();
- if ($destination) {
+ if ($destination =~ /-m geoip/) {
+ push(@destination_options, $destination);
+ } elsif ($destination) {
push(@destination_options, ("-d", $destination));
}
@@ -570,6 +578,43 @@ sub p2pblock {
}
}
+sub geoipblock {
+ my %geoipsettings = ();
+
+ # Check if the geoip settings file exists
+ if (-e "$geoipfile") {
+ # Read settings file
+ &General::readhash("$geoipfile", \%geoipsettings);
+ } else {
+ # Drop active rules.
+ run("$IPTABLES -F GEOIPBLOCK");
+
+ # Exit submodule, go on processing the remaining script
+ return;
+ }
+
+ # If geoip blocking is not enabled, we are finished here.
+ if ($geoipsettings{'GEOIPBLOCK_ENABLED'} ne "on") {
+ # Exit submodule. Process remaining script.
+ return;
+ }
+
+ # Get supported locations.
+ my @locations = &fwlib::get_geoip_locations();
+
+ # Flush iptables chain.
+ run("$IPTABLES -F GEOIPBLOCK");
+
+ # Loop through all supported geoip locations and
+ # create iptables rules, if blocking this country
+ # is enabled.
+ foreach my $location (@locations) {
+ if($geoipsettings{$location} eq "on") {
+ run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP");
+ }
+ }
+}
+
sub get_protocols {
my $hash = shift;
my $key = shift;
diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index e872e64..7271b32 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -22,6 +22,12 @@
'title' => "P2P-Block",
'enabled' => 1,
};
+ $subfirewall->{'50.geoipblock'} = {
+ 'caption' => $Lang::tr{'geoipblock'},
+ 'uri' => '/cgi-bin/geoip-block.cgi',
+ 'title' => $Lang::tr{'geoipblock'},
+ 'enabled' => 1,
+ };
$subfirewall->{'60.wireless'} = {
'caption' => $Lang::tr{'blue access'},
'uri' => '/cgi-bin/wireless.cgi',
diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 55dd04e..8033a87 100644
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1402,6 +1402,7 @@ srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/geoip-block.cgi
srv/web/ipfire/cgi-bin/gpl.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 8ddf34a..b4cd8f8 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -92,6 +92,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-fireinfo
+etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
#etc/rc.d/init.d/nfs-server
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index eaf1af6..f6cbb61 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -52,6 +52,7 @@ var/ipfire/extrahd
var/ipfire/firewall
#var/ipfire/firewall/config
#var/ipfire/firewall/dmz
+#var/ipfire/firewall/geoipblock
#var/ipfire/firewall/input
#var/ipfire/firewall/nat
#var/ipfire/firewall/outgoing
@@ -59,6 +60,7 @@ var/ipfire/firewall
#var/ipfire/firewall/settings
var/ipfire/fwhosts
#var/ipfire/fwhosts/customgroups
+#var/ipfire/fwhosts/customgeoipgrp
#var/ipfire/fwhosts/customhosts
#var/ipfire/fwhosts/customnetworks
#var/ipfire/fwhosts/customservicegrp
@@ -69,6 +71,7 @@ var/ipfire/fwlogs
#var/ipfire/fwlogs/ipsettings
#var/ipfire/fwlogs/portsettings
var/ipfire/general-functions.pl
+var/ipfire/geoip-functions.pl
var/ipfire/graphs.pl
var/ipfire/header.pl
var/ipfire/isdn
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 3d4dd62..878ba66 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -94,6 +94,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-fireinfo
+etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
#etc/rc.d/init.d/nfs-server
diff --git a/config/rootfiles/common/perl-Text-CSV_XS b/config/rootfiles/common/perl-Text-CSV_XS
new file mode 100644
index 0000000..ca2f642
--- /dev/null
+++ b/config/rootfiles/common/perl-Text-CSV_XS
@@ -0,0 +1,8 @@
+#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/Text
+usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/Text/CSV_XS.pm
+#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Text
+#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Text/CSV_XS
+#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Text/CSV_XS/.packlist
+#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.bs
+usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.so
+#usr/share/man/man3/Text::CSV_XS.3
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index f506daf..90e28d9 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -101,6 +101,8 @@ usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-bootloader
usr/local/bin/update-lang-cache
+usr/local/bin/xt_geoip_build
+usr/local/bin/xt_geoip_update
#usr/local/include
#usr/local/lib
#usr/local/lib/sse2
@@ -120,6 +122,7 @@ usr/local/bin/update-lang-cache
#usr/local/share/man/man8
#usr/local/share/misc
#usr/local/share/terminfo
+#usr/local/share/xt_geoip
#usr/local/share/zoneinfo
#usr/local/src
#usr/sbin
@@ -142,6 +145,7 @@ usr/share/doc/licenses/GPLv3
#usr/share/man/man8
#usr/share/misc
#usr/share/terminfo
+#usr/share/xt_geoip
#usr/share/zoneinfo
#var
#var/cache
diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons
new file mode 100644
index 0000000..9053c28
--- /dev/null
+++ b/config/rootfiles/common/xtables-addons
@@ -0,0 +1,7 @@
+lib/xtables/libxt_geoip.so
+#usr/libexec/xtables-addons
+usr/libexec/xtables-addons/xt_geoip_build
+usr/libexec/xtables-addons/xt_geoip_dl
+#usr/share/man/man1/xt_geoip_build.1
+#usr/share/man/man1/xt_geoip_dl.1
+#usr/share/man/man8/xtables-addons.8
diff --git a/config/rootfiles/core/90/exclude b/config/rootfiles/core/90/exclude
index 5be5371..56e840d 100644
--- a/config/rootfiles/core/90/exclude
+++ b/config/rootfiles/core/90/exclude
@@ -17,10 +17,12 @@ etc/sysconfig/modules
etc/sysconfig/rc.local
etc/udev/rules.d/30-persistent-network.rules
srv/web/ipfire/html/proxy.pac
-var/ipfire/time
+var/ipfire/firewall/geoipblock
+var/ipfire/fwhosts/custmgeoipgrp
var/ipfire/ovpn/ccd.conf
var/ipfire/ovpn/ccdroute
var/ipfire/ovpn/ccdroute2
+var/ipfire/time
var/log/cache
var/state/dhcp/dhcpd.leases
var/updatecache
diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files
index 2ef5ded..5f05eb5 100644
--- a/config/rootfiles/core/90/filelists/files
+++ b/config/rootfiles/core/90/filelists/files
@@ -1,7 +1,19 @@
etc/system-release
etc/issue
+etc/rc.d/init.d/firewall
etc/rc.d/init.d/network-trigger
+etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/rcsysinit.d/S90network-trigger
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/geoip-block.cgi
+usr/lib/firewall/firewall-lib.pl
usr/lib/firewall/rules.pl
+usr/local/bin/xt_geoip_build
+usr/local/bin/xt_geoip_update
+var/ipfire/general-functions.pl
+var/ipfire/geoip-functions.pl
+var/ipfire/header.pl
var/ipfire/backup/include
var/ipfire/langs
+var/ipfire/menu.d/50-firewall.menu
diff --git a/config/rootfiles/core/90/filelists/perl-Text-CSV_XS b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS
new file mode 120000
index 0000000..ec1202f
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS
@@ -0,0 +1 @@
+../../../common/perl-Text-CSV_XS
\ No newline at end of file
diff --git a/config/rootfiles/core/90/filelists/xtables-addons b/config/rootfiles/core/90/filelists/xtables-addons
new file mode 120000
index 0000000..2e24c42
--- /dev/null
+++ b/config/rootfiles/core/90/filelists/xtables-addons
@@ -0,0 +1 @@
+../../../common/xtables-addons
\ No newline at end of file
diff --git a/config/rootfiles/core/90/update.sh b/config/rootfiles/core/90/update.sh
index 6af052c..5e09240 100644
--- a/config/rootfiles/core/90/update.sh
+++ b/config/rootfiles/core/90/update.sh
@@ -159,6 +159,32 @@ if [ $BOOTSPACE -lt 1000 ]; then
esac
fi
+# Create GeoIP related files if they do not exist yet.
+if [ ! -e "/var/ipfire/firewall/geoipblock" ]; then
+ touch /var/ipfire/firewall/geoipblock
+ chown nobody:nobody /var/ipfire/firewall/geoipblock
+
+ # Insert default value into file.
+ echo "GEOIPBLOCK_ENABLED=off" >> /var/ipfire/firewall/geoipblock
+fi
+if [ ! -e "/var/ipfire/fwhosts/customgeoipgrp" ]; then
+ touch /var/ipfire/fwhosts/customgeoipgrp
+ chown nobody:nobody /var/ipfire/fwhosts/customgeoipgrp
+fi
+
+# Download/Update GeoIP databases.
+/usr/local/bin/xt_geoip_update
+
+# Update crontab
+grep -q /usr/local/bin/xt_geoip_update /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig
+
+# Update GeoIP database once a month.
+%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+EOF
+
+fcrontab -z &>/dev/null
+
+
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
diff --git a/config/xtables-addons/mconfig b/config/xtables-addons/mconfig
new file mode 100644
index 0000000..92e47f0
--- /dev/null
+++ b/config/xtables-addons/mconfig
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+#
+build_ACCOUNT=n
+build_CHAOS=n
+build_DELUDE=n
+build_DHCPMAC=n
+build_DNETMAP=n
+build_ECHO=n
+build_IPMARK=n
+build_LOGMARK=n
+build_SYSRQ=n
+build_TARPIT=n
+build_condition=n
+build_fuzzy=n
+build_geoip=m
+build_gradm=n
+build_iface=n
+build_ipp2p=n
+build_ipv4options=n
+build_length2=n
+build_lscan=n
+build_pknock=n
+build_psd=n
+build_quota2=n
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 3a31661..1ccc654 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -75,6 +75,7 @@ WARNING: translation string unused: bad characters in
WARNING: translation string unused: behind a proxy
WARNING: translation string unused: bitrate
WARNING: translation string unused: bleeding rules
+WARNING: translation string unused: block
WARNING: translation string unused: blue access use hint
WARNING: translation string unused: blue interface
WARNING: translation string unused: cache management
@@ -243,6 +244,7 @@ WARNING: translation string unused: fwhost Standard Network
WARNING: translation string unused: fwhost attention
WARNING: translation string unused: fwhost blue
WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost cust geoip
WARNING: translation string unused: fwhost err addrgrp
WARNING: translation string unused: fwhost err hostorip
WARNING: translation string unused: fwhost err mac
@@ -258,6 +260,9 @@ WARNING: translation string unused: fwhost wo subnet
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
@@ -576,6 +581,8 @@ WARNING: translation string unused: transfer limits
WARNING: translation string unused: transparent on
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
+WARNING: translation string unused: unblock
+WARNING: translation string unused: unblock all
WARNING: translation string unused: unencrypted
WARNING: translation string unused: update transcript
WARNING: translation string unused: updates
@@ -632,6 +639,7 @@ WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: emerging rules
+WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: no data
diff --git a/doc/language_issues.en b/doc/language_issues.en
index da14d97..b7be862 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -93,6 +93,7 @@ WARNING: translation string unused: bewan adsl pci st
WARNING: translation string unused: bewan adsl usb
WARNING: translation string unused: bitrate
WARNING: translation string unused: bleeding rules
+WARNING: translation string unused: block
WARNING: translation string unused: blue access use hint
WARNING: translation string unused: blue interface
WARNING: translation string unused: cache management
@@ -266,6 +267,7 @@ WARNING: translation string unused: fwhost Standard Network
WARNING: translation string unused: fwhost attention
WARNING: translation string unused: fwhost blue
WARNING: translation string unused: fwhost changeremark
+WARNING: translation string unused: fwhost cust geoip
WARNING: translation string unused: fwhost err addrgrp
WARNING: translation string unused: fwhost err hostorip
WARNING: translation string unused: fwhost err mac
@@ -283,6 +285,9 @@ WARNING: translation string unused: g.lite
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
@@ -609,6 +614,8 @@ WARNING: translation string unused: transfer limits
WARNING: translation string unused: transparent on
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
+WARNING: translation string unused: unblock
+WARNING: translation string unused: unblock all
WARNING: translation string unused: unencrypted
WARNING: translation string unused: update transcript
WARNING: translation string unused: updates
@@ -664,6 +671,7 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: no data
diff --git a/doc/language_issues.es b/doc/language_issues.es
index f76cd5e..086dfbd 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
@@ -650,6 +653,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
WARNING: untranslated string: count
WARNING: untranslated string: countries
WARNING: untranslated string: country codes and flags
@@ -794,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
@@ -806,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
@@ -845,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
@@ -1025,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 178ddff..47ee3fb 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -660,6 +660,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
WARNING: untranslated string: count
WARNING: untranslated string: countries
WARNING: untranslated string: country codes and flags
@@ -805,6 +806,7 @@ WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
@@ -817,6 +819,9 @@ WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
@@ -856,6 +861,7 @@ WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
@@ -872,6 +878,13 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
@@ -1033,6 +1046,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: untranslated string: upload new ruleset
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 0f69ce8..098f440 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -672,13 +672,26 @@ WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy group access control
WARNING: untranslated string: advproxy group required
WARNING: untranslated string: bytes
+WARNING: untranslated string: check all
WARNING: untranslated string: fwdfw err concon
WARNING: untranslated string: fwdfw err ratecon
WARNING: untranslated string: fwdfw limitconcon
WARNING: untranslated string: fwdfw maxconcon
WARNING: untranslated string: fwdfw numcon
WARNING: untranslated string: fwdfw ratelimit
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming overhead in bytes per second
@@ -700,3 +713,7 @@ WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: samba join a domain
WARNING: untranslated string: samba join domain
+WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn statistic n2n
+WARNING: untranslated string: vpn statistic rw
+WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 1053474..602441d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -671,6 +671,7 @@ WARNING: untranslated string: advproxy group required
WARNING: untranslated string: atm device
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
+WARNING: untranslated string: check all
WARNING: untranslated string: default
WARNING: untranslated string: dh
WARNING: untranslated string: dh key move failed
@@ -691,9 +692,21 @@ WARNING: untranslated string: fwdfw limitconcon
WARNING: untranslated string: fwdfw maxconcon
WARNING: untranslated string: fwdfw numcon
WARNING: untranslated string: fwdfw ratelimit
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
@@ -747,6 +760,7 @@ WARNING: untranslated string: show tls-auth key
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ta key
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: upload dh key
WARNING: untranslated string: vendor
WARNING: untranslated string: vpn statistic n2n
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index f76cd5e..086dfbd 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite
WARNING: translation string unused: gen static key
WARNING: translation string unused: generate
WARNING: translation string unused: genkey
+WARNING: translation string unused: geoipblock country code
+WARNING: translation string unused: geoipblock country name
+WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
@@ -650,6 +653,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
WARNING: untranslated string: count
WARNING: untranslated string: countries
WARNING: untranslated string: country codes and flags
@@ -794,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
@@ -806,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
@@ -845,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
@@ -1025,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index f524498..94724d4 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -653,6 +653,7 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
+WARNING: untranslated string: check all
WARNING: untranslated string: community rules
WARNING: untranslated string: count
WARNING: untranslated string: countries
@@ -789,6 +790,7 @@ WARNING: untranslated string: fwdfw wd_thu
WARNING: untranslated string: fwdfw wd_tue
WARNING: untranslated string: fwdfw wd_wed
WARNING: untranslated string: fwhost OpenVPN N-2-N
+WARNING: untranslated string: fwhost addgeoipgrp
WARNING: untranslated string: fwhost addgrp
WARNING: untranslated string: fwhost addgrpname
WARNING: untranslated string: fwhost addhost
@@ -801,6 +803,9 @@ WARNING: untranslated string: fwhost ccdhost
WARNING: untranslated string: fwhost ccdnet
WARNING: untranslated string: fwhost change
WARNING: untranslated string: fwhost cust addr
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost cust grp
WARNING: untranslated string: fwhost cust net
WARNING: untranslated string: fwhost cust service
@@ -840,6 +845,7 @@ WARNING: untranslated string: fwhost ip_mac
WARNING: untranslated string: fwhost ipsec net
WARNING: untranslated string: fwhost menu
WARNING: untranslated string: fwhost netaddress
+WARNING: untranslated string: fwhost newgeoipgrp
WARNING: untranslated string: fwhost newgrp
WARNING: untranslated string: fwhost newhost
WARNING: untranslated string: fwhost newnet
@@ -856,6 +862,13 @@ WARNING: untranslated string: fwhost used
WARNING: untranslated string: fwhost welcome
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: grouptype
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
@@ -1014,6 +1027,7 @@ WARNING: untranslated string: tor traffic limit hard
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: untranslated string: uptime load average
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 310b636..6f846c7 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -664,7 +664,20 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: check all
+WARNING: untranslated string: fwhost addgeoipgrp
+WARNING: untranslated string: fwhost cust geoipgroup
+WARNING: untranslated string: fwhost cust geoipgrp
+WARNING: untranslated string: fwhost cust geoiplocation
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: fwhost newgeoipgrp
+WARNING: untranslated string: geoip
+WARNING: untranslated string: geoipblock
+WARNING: untranslated string: geoipblock block countries
+WARNING: untranslated string: geoipblock configuration
+WARNING: untranslated string: geoipblock country is allowed
+WARNING: untranslated string: geoipblock country is blocked
+WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming overhead in bytes per second
@@ -677,6 +690,7 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: uncheck all
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
diff --git a/doc/language_missings b/doc/language_missings
index 0d73d2a..9fdc0d2 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -29,6 +29,7 @@
< atm device
< attention
< bit
+< block
< capabilities
< ccd add
< ccd choose net
@@ -70,6 +71,7 @@
< ccd routes
< ccd subnet
< ccd used
+< check all
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -233,6 +235,7 @@
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
+< fwhost addgeoipgrp
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
@@ -248,6 +251,9 @@
< fwhost change
< fwhost changeremark
< fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
< fwhost cust grp
< fwhost cust net
< fwhost Custom Host
@@ -298,6 +304,7 @@
< fwhost IpSec Network
< fwhost menu
< fwhost netaddress
+< fwhost newgeoipgrp
< fwhost newgrp
< fwhost newhost
< fwhost newnet
@@ -327,6 +334,16 @@
< fw settings ruletable
< gen dh
< generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
< grouptype
< hardware support
< imei
@@ -496,6 +513,9 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
< updxlrtr sources
< updxlrtr standard view
< uplink
@@ -589,6 +609,7 @@
< atm device
< attention
< bit
+< block
< capabilities
< ccd add
< ccd choose net
@@ -630,6 +651,7 @@
< ccd routes
< ccd subnet
< ccd used
+< check all
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -792,6 +814,7 @@
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
+< fwhost addgeoipgrp
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
@@ -807,6 +830,9 @@
< fwhost change
< fwhost changeremark
< fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
< fwhost cust grp
< fwhost cust net
< fwhost Custom Host
@@ -857,6 +883,7 @@
< fwhost IpSec Network
< fwhost menu
< fwhost netaddress
+< fwhost newgeoipgrp
< fwhost newgrp
< fwhost newhost
< fwhost newnet
@@ -1071,6 +1098,9 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
< updxlrtr sources
< updxlrtr standard view
< uplink
@@ -1140,6 +1170,7 @@
< atm device
< attention
< bit
+< block
< capabilities
< ccd add
< ccd choose net
@@ -1181,6 +1212,7 @@
< ccd routes
< ccd subnet
< ccd used
+< check all
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -1335,6 +1367,7 @@
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
+< fwhost addgeoipgrp
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
@@ -1350,6 +1383,9 @@
< fwhost change
< fwhost changeremark
< fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
< fwhost cust grp
< fwhost cust net
< fwhost Custom Host
@@ -1400,6 +1436,7 @@
< fwhost IpSec Network
< fwhost menu
< fwhost netaddress
+< fwhost newgeoipgrp
< fwhost newgrp
< fwhost newhost
< fwhost newnet
@@ -1429,6 +1466,16 @@
< fw settings ruletable
< gen dh
< generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
< grouptype
< hardware support
< imei
@@ -1598,6 +1645,9 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
< updxlrtr sources
< updxlrtr standard view
< uplink
@@ -1668,6 +1718,7 @@
< atm device
< attention
< bit
+< block
< capabilities
< ccd add
< ccd choose net
@@ -1709,6 +1760,7 @@
< ccd routes
< ccd subnet
< ccd used
+< check all
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -1867,6 +1919,7 @@
< fwdfw wd_tue
< fwdfw wd_wed
< fwdfw xt access
+< fwhost addgeoipgrp
< fwhost addgrp
< fwhost addgrpname
< fwhost addhost
@@ -1882,6 +1935,9 @@
< fwhost change
< fwhost changeremark
< fwhost cust addr
+< fwhost cust geoip
+< fwhost cust geoipgroup
+< fwhost cust geoiplocation
< fwhost cust grp
< fwhost cust net
< fwhost Custom Host
@@ -1932,6 +1988,7 @@
< fwhost IpSec Network
< fwhost menu
< fwhost netaddress
+< fwhost newgeoipgrp
< fwhost newgrp
< fwhost newhost
< fwhost newnet
@@ -1961,6 +2018,16 @@
< fw settings ruletable
< gen dh
< generate dh key
+< geoip
+< geoipblock
+< geoipblock block countries
+< geoipblock configuration
+< geoipblock country code
+< geoipblock country is allowed
+< geoipblock country is blocked
+< geoipblock country name
+< geoipblock enable feature
+< geoipblock flag
< grouptype
< hardware support
< hour-graph
@@ -2130,6 +2197,9 @@
< tor traffic limit soft
< tor traffic read written
< tor use exit nodes
+< unblock
+< unblock all
+< uncheck all
< updxlrtr sources
< updxlrtr standard view
< uplink
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 39b732c..3e1b336 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -33,6 +33,7 @@ no warnings 'uninitialized';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/geoip-functions.pl";
require "/usr/lib/firewall/firewall-lib.pl";
unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); }
@@ -47,6 +48,7 @@ my %defaultNetworks=();
my %netsettings=();
my %customhost=();
my %customgrp=();
+my %customgeoipgrp=();
my %customnetworks=();
my %customservice=();
my %customservicegrp=();
@@ -74,6 +76,7 @@ my $color;
my $confignet = "${General::swroot}/fwhosts/customnetworks";
my $confighost = "${General::swroot}/fwhosts/customhosts";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
+my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
my $configccdnet = "${General::swroot}/ovpn/ccd.conf";
@@ -1060,6 +1063,54 @@ END
}
print"</select></td>";
}
+ # geoip locations / groups.
+ my @geoip_locations = &fwlib::get_geoip_locations();
+
+ print "<tr>\n";
+ print "<td valign='top'><input type='radio' name='$grp' id='cust_geoip_$srctgt' value='cust_geoip_$srctgt' $checked{$grp}{'cust_geoip_'.$srctgt}></td>\n";
+ print "<td>$Lang::tr{'geoip'}</td>\n";
+ print "<td align='right'><select name='cust_geoip_$srctgt' style='width:200px;'>\n";
+
+ # Add GeoIP groups to dropdown.
+ if (!-z $configgeoipgrp) {
+ print "<optgroup label='$Lang::tr{'fwhost cust geoipgroup'}'>\n";
+ foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } keys %customgeoipgrp) {
+ my $selected;
+
+ # Generate stored value for select detection.
+ my $stored = join(':', "group",$customgeoipgrp{$key}[0]);
+
+ # Only show a group once and group with elements.
+ if($helper ne $customgeoipgrp{$key}[0] && $customgeoipgrp{$key}[2] ne 'none') {
+ # Mark current entry as selected.
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $stored) {
+ $selected = "selected='selected'";
+ }
+ print"<option $selected value='group:$customgeoipgrp{$key}[0]'>$customgeoipgrp{$key}[0]</option>\n";
+ }
+ $helper=$customgeoipgrp{$key}[0];
+ }
+ print "</optgroup>\n";
+ }
+
+ # Add locations.
+ print "<optgroup label='$Lang::tr{'fwhost cust geoiplocation'}'>\n";
+ foreach my $location (@geoip_locations) {
+ # Get country name.
+ my $country_name = &GeoIP::get_full_country_name($location);
+
+ # Mark current entry as selected.
+ my $selected;
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $location) {
+ $selected = "selected='selected'";
+ }
+ print "<option $selected value='$location'>$location - $country_name</option>\n";
+ }
+ print "</optgroup>\n";
+
+ # Close GeoIP dropdown.
+ print "</select></td>\n";
+
#End left table. start right table (vpn)
print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
# CCD networks
@@ -1397,6 +1448,7 @@ sub newrule
&General::readhasharray("$confighost", \%customhost);
&General::readhasharray("$configccdhost", \%ccdhost);
&General::readhasharray("$configgrp", \%customgrp);
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
&General::readhasharray("$configipsec", \%ipsecconf);
&General::get_aliases(\%aliases);
my %checked=();
@@ -2525,6 +2577,13 @@ END
}else{
print $$hash{$key}[4];
}
+ }elsif ($$hash{$key}[3] eq 'cust_geoip_src') {
+ my ($split1,$split2) = split(":", $$hash{$key}[4]);
+ if ($split2) {
+ print "$split2\n";
+ }else{
+ print "$Lang::tr{'geoip'}: $$hash{$key}[4]\n";
+ }
}elsif ($$hash{$key}[4] eq 'RED1'){
print "$ipfireiface $Lang::tr{'fwdfw red'}";
}elsif ($$hash{$key}[4] eq 'ALL'){
@@ -2601,6 +2660,13 @@ END
}else{
print $$hash{$key}[6];
}
+ }elsif ($$hash{$key}[5] eq 'cust_geoip_tgt') {
+ my ($split1,$split2) = split(":", $$hash{$key}[6]);
+ if ($split2) {
+ print "$split2\n";
+ }else{
+ print "$Lang::tr{'geoip'}: $$hash{$key}[6]\n";
+ }
}elsif ($$hash{$key}[5] eq 'tgt_addr'){
my ($split1,$split2) = split("/",$$hash{$key}[6]);
if ($split2 eq '32'){
@@ -2618,7 +2684,6 @@ END
#RULE ACTIVE
if($$hash{$key}[2] eq 'ON'){
$gif="/images/on.gif"
-
}else{
$gif="/images/off.gif"
}
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index f42947e..994a50a 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -27,6 +27,8 @@ use Sort::Naturally;
use CGI::Carp 'fatalsToBrowser';
no warnings 'uninitialized';
require '/var/ipfire/general-functions.pl';
+require "/var/ipfire/geoip-functions.pl";
+require "/usr/lib/firewall/firewall-lib.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
@@ -36,6 +38,7 @@ my %customhost=();
my %customgrp=();
my %customservice=();
my %customservicegrp=();
+my %customgeoipgrp=();
my %ccdnet=();
my %ccdhost=();
my %ipsecconf=();
@@ -62,6 +65,7 @@ my $configccdhost = "${General::swroot}/ovpn/ovpnconfig";
my $configipsec = "${General::swroot}/vpn/config";
my $configsrv = "${General::swroot}/fwhosts/customservices";
my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp";
+my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp";
my $fwconfigfwd = "${General::swroot}/firewall/config";
my $fwconfiginp = "${General::swroot}/firewall/input";
my $fwconfigout = "${General::swroot}/firewall/outgoing";
@@ -73,6 +77,7 @@ unless (-e $confighost) { system("touch $confighost"); }
unless (-e $configgrp) { system("touch $configgrp"); }
unless (-e $configsrv) { system("touch $configsrv"); }
unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
+unless (-e $configgeoipgrp) { system("touch $configgeoipgrp"); }
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
@@ -671,6 +676,87 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'savegeoipgrp')
+{
+ my $grp=$fwhostsettings{'grp_name'};
+ my $rem=$fwhostsettings{'remark'};
+ my $count;
+ my $type;
+ my @target;
+ my @newgrp;
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+
+ # Check for existing group name.
+ if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){
+ $errormessage = $Lang::tr{'fwhost err grpexist'};
+ }
+
+ # Check remark.
+ if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){
+ $errormessage = $Lang::tr{'fwhost err remark'};
+ }
+
+ if ($fwhostsettings{'update'} eq 'on'){
+ @target=$fwhostsettings{'COUNTRY_CODE'};
+ $type='GeoIP Group';
+
+ #check if host/net exists in grp
+ my $test="$grp,$fwhostsettings{'oldremark'},@target";
+ foreach my $key (keys %customgeoipgrp) {
+ my $test1="$customgeoipgrp{$key}[0],$customgeoipgrp{$key}[1],$customgeoipgrp{$key}[2]";
+ if ($test1 eq $test){
+ $errormessage=$Lang::tr{'fwhost err isingrp'};
+ $fwhostsettings{'update'} = 'on';
+ }
+ }
+ }
+
+ if (!$errormessage){
+ #on first save, we have an empty @target, so fill it with nothing
+ my $targetvalues=@target;
+ if ($targetvalues == '0'){
+ @target="none";
+ }
+ #on update, we have to delete the dummy entry
+ foreach my $key (keys %customgeoipgrp){
+ if ($customgeoipgrp{$key}[0] eq $grp && $customgeoipgrp{$key}[2] eq "none"){
+ delete $customgeoipgrp{$key};
+ last;
+ }
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ #create array with new lines
+ foreach my $line (@target){
+ push (@newgrp,"$grp,$rem,$line");
+ }
+ #append new entries
+ my $key = &General::findhasharraykey (\%customgeoipgrp);
+ foreach my $line (@newgrp){
+ foreach my $i (0 .. 3) { $customgeoipgrp{$key}[$i] = "";}
+ my ($a,$b,$c,$d) = split (",",$line);
+ $customgeoipgrp{$key}[0] = $a;
+ $customgeoipgrp{$key}[1] = $b;
+ $customgeoipgrp{$key}[2] = $c;
+ $customgeoipgrp{$key}[3] = $type;
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+ #update counter in Host/Net
+ $fwhostsettings{'update'}='on';
+ }
+ #check if ruleupdate is needed
+ my $geoipgrpcount=0;
+ $geoipgrpcount=&getgeoipcount($grp);
+ if($geoipgrpcount > 0 )
+ {
+ &General::firewall_config_changed();
+ }
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
if ($fwhostsettings{'ACTION'} eq 'saveservice')
{
my $ICMP;
@@ -798,6 +884,12 @@ if ($fwhostsettings{'ACTION'} eq 'editgrp')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'editgeoipgrp')
+{
+ $fwhostsettings{'update'}='on';
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
if ($fwhostsettings{'ACTION'} eq 'editservice')
{
$fwhostsettings{'updatesrv'}='on';
@@ -830,6 +922,12 @@ if ($fwhostsettings{'ACTION'} eq 'resetgrp')
$fwhostsettings{'remark'} ="";
&showmenu;
}
+if ($fwhostsettings{'ACTION'} eq 'resetgeoipgrp')
+{
+ $fwhostsettings{'grp_name'} ="";
+ $fwhostsettings{'remark'} ="";
+ &showmenu;
+}
# delete
if ($fwhostsettings{'ACTION'} eq 'delnet')
{
@@ -887,6 +985,37 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'deletegeoipgrpentry')
+{
+ my $grpremark;
+ my $grpname;
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ foreach my $key (keys %customgeoipgrp){
+ if($customgeoipgrp{$key}[0].",".$customgeoipgrp{$key}[1].",".$customgeoipgrp{$key}[2].",".$customgeoipgrp{$key}[3] eq $fwhostsettings{'delentry'}){
+ $grpname=$customgeoipgrp{$key}[0];
+ $grpremark=$customgeoipgrp{$key}[1];
+ #check if we delete the last entry, then generate dummy
+ if ($fwhostsettings{'last'} eq 'on'){
+ $customgeoipgrp{$key}[1] = '';
+ $customgeoipgrp{$key}[2] = 'none';
+ $customgeoipgrp{$key}[3] = '';
+ $fwhostsettings{'last'}='';
+ last;
+ }else{
+ delete $customgeoipgrp{$key};
+ }
+ }
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+ &General::firewall_config_changed();
+ if ($fwhostsettings{'update'} eq 'on'){
+ $fwhostsettings{'remark'}= $grpremark;
+ $fwhostsettings{'grp_name'}=$grpname;
+ }
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
+
if ($fwhostsettings{'ACTION'} eq 'delgrp')
{
&General::readhasharray("$configgrp", \%customgrp);
@@ -903,6 +1032,22 @@ if ($fwhostsettings{'ACTION'} eq 'delgrp')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'delgeoipgrp')
+{
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ &decrease($fwhostsettings{'grp_name'});
+ foreach my $key (sort keys %customgeoipgrp)
+ {
+ if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp_name'})
+ {
+ delete $customgeoipgrp{$key};
+ }
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+ $fwhostsettings{'grp_name'}='';
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
if ($fwhostsettings{'ACTION'} eq 'delservice')
{
&General::readhasharray("$configsrv", \%customservice);
@@ -977,6 +1122,11 @@ if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'})
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgeoipgrp'})
+{
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'})
{
&addservice;
@@ -1011,6 +1161,31 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpremark')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpremark')
+{
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){
+ foreach my $key (sort keys %customgeoipgrp)
+ {
+ if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgeoipgrp{$key}[1] eq $fwhostsettings{'oldrem'})
+ {
+ $customgeoipgrp{$key}[1]='';
+ $customgeoipgrp{$key}[1]=$fwhostsettings{'newrem'};
+ }
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp);
+ $fwhostsettings{'update'}='on';
+ $fwhostsettings{'remark'}=$fwhostsettings{'newrem'};
+ }else{
+ $errormessage=$Lang::tr{'fwhost err remark'};
+ $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'};
+ $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+ $fwhostsettings{'update'} = 'on';
+ }
+ $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'};
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark')
{
&General::readhasharray("$configsrvgrp", \%customservicegrp );
@@ -1085,6 +1260,29 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpname')
&addgrp;
&viewtablegrp;
}
+if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpname')
+{
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp );
+ if ($fwhostsettings{'oldgrpname'} ne $fwhostsettings{'grp'}){
+ #Check new groupname
+ if (!&validhostname($fwhostsettings{'grp'})){
+ $errormessage.=$Lang::tr{'fwhost err name'}."<br>";
+ }
+ if (!$errormessage){
+ # Rename group.
+ foreach my $key (keys %customgeoipgrp) {
+ if($customgeoipgrp{$key}[0] eq $fwhostsettings{'oldgrpname'}){
+ $customgeoipgrp{$key}[0]=$fwhostsettings{'grp'};
+ }
+ }
+ &General::writehasharray("$configgeoipgrp", \%customgeoipgrp );
+ #change name in FW Rules
+ &changenameinfw($fwhostsettings{'oldgrpname'},$fwhostsettings{'grp'},6);
+ }
+ }
+ &addgeoipgrp;
+ &viewtablegeoipgrp;
+}
### VIEW ###
if($fwhostsettings{'ACTION'} eq '')
{
@@ -1096,7 +1294,7 @@ sub showmenu {
print "$Lang::tr{'fwhost welcome'}";
print<<END;
<br><br><table border='0' width='100%'>
- <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ></form></td>
+ <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgeoipgrp'}' ></form></td>
<td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
<tr><td colspan='6'></td></tr></table>
END
@@ -1381,6 +1579,113 @@ END
print"<tr><td style='text-align:right;'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
&Header::closebox();
}
+sub addgeoipgrp
+{
+ &hint;
+ &error;
+ &showmenu;
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgeoipgrp'});
+
+ my %checked=();
+ my $show='';
+ $checked{'check1'}{'off'} = '';
+ $checked{'check1'}{'on'} = '';
+ $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED';
+ $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'};
+ $fwhostsettings{'oldgrpname'}=$fwhostsettings{'grp_name'};
+ my $grp=$fwhostsettings{'grp_name'};
+ my $rem=$fwhostsettings{'remark'};
+ if ($fwhostsettings{'update'} eq ''){
+ print<<END;
+ <table width='100%' border='0'>
+ <tr>
+ <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+ <td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='30'></td>
+ </tr>
+ <tr>
+ <td>$Lang::tr{'remark'}:</td>
+ <td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 99%;'></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ </table>
+END
+ } else {
+ print<<END;
+ <table width='100%' border='0'>
+ <form method='post'><tr>
+ <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+ <td style='width:30%;'><input type='TEXT' name='grp' value='$fwhostsettings{'grp_name'}' size='30'></td>
+ <td>
+ <input type='submit' value='$Lang::tr{'fwhost change'}'>
+ <input type='hidden' name='oldgrpname' value='$fwhostsettings{'oldgrpname'}'>
+ <input type='hidden' name='ACTION' value='changegeoipgrpname'>
+ </td>
+ <td></td>
+ </tr></form>
+ <tr><form method='post' style='display:inline'>
+ <td>$Lang::tr{'remark'}:</td>
+ <td colspan='2' style='width:98%;'>
+ <input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'>
+ </td>
+ <td align='right'>
+ <input type='submit' value='$Lang::tr{'fwhost change'}'>
+ <input type='hidden' name='grp' value='$fwhostsettings{'grp_name'}'>
+ <input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'>
+ <input type='hidden' name='ACTION' value='changegeoipgrpremark'>
+ </td>
+ </tr></form>
+ </table>
+ <br><br>
+END
+ }
+ if ($fwhostsettings{'update'} eq 'on') {
+ my @geoip_locations = &fwlib::get_geoip_locations();
+
+ print<<END;
+ <form method='post'>
+ <input type='hidden' name='remark' value='$rem'>
+ <input type='hidden' name='grp_name' value='$grp'>
+
+ <table width='100%' border='0'>
+ <tr>
+ <td style='text-align:left;'>
+ <select name='COUNTRY_CODE' style='width:16em;'>";
+END
+ foreach my $location (@geoip_locations) {
+ # Get full country name.
+ my $fullname = &GeoIP::get_full_country_name($location);
+
+ print"<option value='$location'>$location - $fullname</option>\n";
+ }
+ print <<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+ <br><br>
+END
+ }
+ print <<END;
+ <table width='100%'>
+ <tr><td style='text-align:right;'>
+ <input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' />
+ <input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'>
+ <input type='hidden' name='update' value=\"$fwhostsettings{'update'}\">
+ <input type='hidden' name='ACTION' value='savegeoipgrp' >
+ </form>
+
+ <form method='post' style='display:inline'>
+
+ <input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'>
+ <input type='hidden' name='ACTION' value='resetgeoipgrp'>
+
+ </form>
+ </td></tr></table>
+END
+ &Header::closebox();
+}
sub addservice
{
&error;
@@ -1839,6 +2144,195 @@ sub viewtablegrp
}
}
+sub viewtablegeoipgrp
+{
+ # If our filesize is "zero" there is nothing to read-in.
+ if (-z "$configgeoipgrp") {
+ return;
+ }
+
+ &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust geoipgrp'});
+ &General::readhasharray("$configgeoipgrp", \%customgeoipgrp);
+ &General::readhasharray("$fwconfigfwd", \%fwfwd);
+ &General::readhasharray("$fwconfiginp", \%fwinp);
+ &General::readhasharray("$fwconfigout", \%fwout);
+ my @grp=();
+ my $helper='';
+ my $count=1;
+ my $country_code;
+ my $grpname;
+ my $remark;
+ my $number;
+ my $delflag;
+ my @counter;
+ my %hash;
+
+ # If there are no groups we are finished here.
+ if (!keys %customgeoipgrp) {
+ print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>";
+ return;
+ }
+
+ # Put all groups in a hash.
+ foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+ sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+ push (@counter,$customgeoipgrp{$key}[0]);
+ }
+
+ # Increase current used key.
+ foreach my $key1 (@counter) {
+ $hash{$key1}++ ;
+ }
+
+ # Sort hash.
+ foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+ sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+ $count++;
+ if ($helper ne $customgeoipgrp{$key}[0]) {
+ $delflag='0';
+
+ foreach my $key1 (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) }
+ sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) {
+
+ if ($customgeoipgrp{$key}[0] eq $customgeoipgrp{$key1}[0])
+ {
+ $delflag++;
+ }
+ if($delflag > 1){
+ last;
+ }
+ }
+
+ $number=1;
+
+ # Groupname.
+ $grpname=$customgeoipgrp{$key}[0];
+
+ # Group remark.
+ $remark="$customgeoipgrp{$key}[1]";
+
+ # Country code.
+ $country_code="$customgeoipgrp{$key}[2]";
+
+ if ($count gt 1){
+ print"</table>";
+ $count=1;
+ }
+
+ # Display groups header.
+ print "<br><b><u>$grpname</u></b> \n";
+ print "<b>$Lang::tr{'remark'}:</b>  $remark  \n" if ($remark ne '');
+
+ # Get group count.
+ my $geoipgrpcount=&getgeoipcount($grpname);
+ print "<b>$Lang::tr{'used'}:</b> $geoipgrpcount x";
+
+ # Only display delete icon, if the group is not used by a firewall rule.
+ if($geoipgrpcount == '0') {
+ print"<form method='post' style='display:inline'>\n";
+ print"<input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' />\n";
+ print"<input type='hidden' name='grp_name' value='$grpname' >\n";
+ print"<input type='hidden' name='ACTION' value='delgeoipgrp'>\n";
+ print"</form>";
+ }
+
+ # Icon for group editing.
+print <<END;
+ <form method='post' style='display:inline'>
+ <input type='image' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' align='right'/>
+ <input type='hidden' name='grp_name' value='$grpname' >
+ <input type='hidden' name='remark' value='$remark' >
+ <input type='hidden' name='ACTION' value='editgeoipgrp'>
+ </form>
+
+ <table width='100%' cellspacing='0' class='tbl'>
+END
+ # Display headlines if the group contains any entries.
+ if ($country_code ne "none") {
+print <<END;
+ <tr>
+ <td width='10%' align='center'>
+ <b>$Lang::tr{'flag'}</b>
+ </td>
+
+ <td width='10%'align='center'>
+ <b>$Lang::tr{'countrycode'}</b>
+ </td>
+
+ <td width='70%'align='left'>
+ <b>$Lang::tr{'country'}</b>
+ </td>
+
+ <td width='10%' align='right'></td>
+ </tr>
+END
+ }
+ }
+
+ # Check if our group contains any entries.
+ if ($country_code eq "none") {
+ print "<tr><td>$Lang::tr{'fwhost err emptytable'}</td></tr>\n";
+ } else {
+ # Check if we are currently editing a group and assign column backgound colors.
+ my $col='';
+ if ( ($fwhostsettings{'ACTION'} eq 'editgeoipgrp' || $fwhostsettings{'update'} ne '')
+ && $fwhostsettings{'grp_name'} eq $customgeoipgrp{$key}[0]) {
+ $col="bgcolor='${Header::colouryellow}'";
+ } elsif ($count %2 == 0){
+ $col="bgcolor='$color{'color20'}'";
+ } else {
+ $col="bgcolor='$color{'color22'}'";
+ }
+
+ # Get country flag.
+ my $icon = &GeoIP::get_flag_icon($customgeoipgrp{$key}[2]);
+
+ # Print column with flag icon.
+ my $col_content;
+ if ($icon) {
+ $col_content = "<img src='$icon' alt='$customgeoipgrp{$key}[2]' title='$customgeoipgrp{$key}[2]'>";
+ } else {
+ $col_content = "<b>N/A</b>";
+ }
+
+ print "<td align='center' $col>$col_content</td>\n";
+
+ # Print column with country code.
+ print "<td align='center' $col>$customgeoipgrp{$key}[2]</td>\n";
+
+ # Print column with full country name.
+ my $country_name = &GeoIP::get_full_country_name($customgeoipgrp{$key}[2]);
+ print "<td align='left' $col>$country_name</td>\n";
+
+ # Generate from for removing entries from a group.
+ print "<td align='right' width='1%' $col><form method='post'>\n";
+
+ if ($delflag > 0){
+ print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}'/>\n";
+
+ # Check if this group only has a single entry.
+ foreach my $key2 (keys %hash) {
+ if ($hash{$key2}<2 && $key2 eq $customgeoipgrp{$key}[0]){
+ print "<input type='hidden' name='last' value='on'>" ;
+ }
+ }
+ }
+
+ print "<input type='hidden' name='ACTION' value='deletegeoipgrpentry'>\n";
+ print "<input type='hidden' name='update' value='$fwhostsettings{'update'}'>\n";
+ print "<input type='hidden' name='delentry' value='$grpname,$remark,$customgeoipgrp{$key}[2],$customgeoipgrp{$key}[3]'>\n";
+ print "</form>\n";
+ print "</td>\n";
+ print "</tr>\n";
+ }
+
+ $helper=$customgeoipgrp{$key}[0];
+ $number++;
+ }
+
+ print"</table>\n";
+ &Header::closebox();
+}
sub viewtableservice
{
my $count=0;
@@ -2196,6 +2690,44 @@ sub gethostcount
}
return $srvcounter;
}
+sub getgeoipcount
+{
+ my $groupname=shift;
+ my $counter=0;
+
+ # GeoIP groups are stored as "group:groupname" in the
+ # firewall settings files.
+ my $searchstring = join(':', "group",$groupname);
+
+ # Count services used in firewall - forward
+ foreach my $key1 (keys %fwfwd) {
+ if($fwfwd{$key1}[4] eq $searchstring){
+ $counter++;
+ }
+ if($fwfwd{$key1}[6] eq $searchstring){
+ $counter++;
+ }
+ }
+ #Count services used in firewall - input
+ foreach my $key2 (keys %fwinp) {
+ if($fwinp{$key2}[4] eq $searchstring){
+ $counter++;
+ }
+ if($fwinp{$key2}[6] eq $searchstring){
+ $counter++;
+ }
+ }
+ #Count services used in firewall - outgoing
+ foreach my $key3 (keys %fwout) {
+ if($fwout{$key3}[4] eq $searchstring){
+ $counter++;
+ }
+ if($fwout{$key3}[6] eq $searchstring){
+ $counter++;
+ }
+ }
+ return $counter;
+}
sub getnetcount
{
my $searchstring=shift;
diff --git a/html/cgi-bin/geoip-block.cgi b/html/cgi-bin/geoip-block.cgi
new file mode 100644
index 0000000..ccbfa92
--- /dev/null
+++ b/html/cgi-bin/geoip-block.cgi
@@ -0,0 +1,263 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Developemnt Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "/usr/lib/firewall/firewall-lib.pl";
+
+my $notice;
+my $settingsfile = "${General::swroot}/firewall/geoipblock";
+
+my %color = ();
+my %mainsettings = ();
+my %settings = ();
+my %cgiparams = ();
+
+# Read configuration file.
+&General::readhash("$settingsfile", \%settings);
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+
+#Get GUI values
+&Header::getcgihash(\%cgiparams);
+
+# Call subfunction to get all available locations.
+my @locations = &fwlib::get_geoip_locations();
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
+ # Check if we want to disable geoipblock.
+ if (exists $cgiparams{'GEOIPBLOCK_ENABLED'}) {
+ $settings{'GEOIPBLOCK_ENABLED'} = "on";
+ } else {
+ $settings{'GEOIPBLOCK_ENABLED'} = "off";
+ }
+
+ # Loop through our locations array to prevent from
+ # non existing countries or code.
+ foreach my $cn (@locations) {
+ # Check if blocking for this country should be enabled/disabled.
+ if (exists $cgiparams{$cn}) {
+ $settings{$cn} = "on";
+ } else {
+ $settings{$cn} = "off";
+ }
+ }
+
+ &General::writehash("$settingsfile", \%settings);
+
+ # Mark the firewall config as changed.
+ &General::firewall_config_changed();
+
+ # Assign reload notice. We directly can use
+ # the notice from p2p block.
+ $notice = $Lang::tr{'p2p block save notice'};
+}
+
+&Header::openpage($Lang::tr{'geoipblock configuration'}, 1, '');
+
+# Print notice that a firewall reload is required.
+if ($notice) {
+ &Header::openbox('100%', 'left', $Lang::tr{'notice'});
+ print "<font class='base'>$notice</font>";
+ &Header::closebox();
+}
+
+# Checkbox pre-selection.
+my $checked;
+if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") {
+ $checked = "checked='checked'";
+}
+
+# Print box to enable/disable geoipblock.
+print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+&Header::openbox('100%', 'center', $Lang::tr{'geoipblock'});
+print <<END;
+ <table width='95%'>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'geoipblock enable feature'}
+ <td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ </table>
+
+ <hr>
+
+ <table width='95%'>
+ <tr>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+ </tr>
+ </table>
+END
+
+&Header::closebox();
+
+&Header::openbox('100%', 'center', $Lang::tr{'geoipblock block countries'});
+### JAVA SCRIPT ###
+print <<END;
+<script>
+ // Function to allow checking all checkboxes at once.
+ function check_all() {
+ \$("#countries").find(":checkbox").prop("checked", true);
+ }
+
+ function uncheck_all() {
+ \$("#countries").find(":checkbox").prop("checked", false);
+ }
+</script>
+
+<table width='95%' class='tbl' id="countries">
+ <tr>
+ <td width='5%' align='center' bgcolor='$color{'color20'}'></td>
+ <td width='5%' align='center' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'flag'}</b>
+ </td>
+ <td width='5%' align='center' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'countrycode'}</b>
+ </td>
+ <td with='35%' align='left' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'country'}</b>
+ </td>
+
+ <td width='5%' bgcolor='$color{'color20'}'> </td>
+
+ <td width='5%' align='center' bgcolor='$color{'color20'}'></td>
+ <td width='5%' align='center' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'flag'}</b>
+ </td>
+ <td width='5%' align='center' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'countrycode'}</b>
+ </td>
+ <td with='35%' align='left' bgcolor='$color{'color20'}'>
+ <b>$Lang::tr{'country'}</b>
+ </td>
+ </tr>
+END
+
+my $lines;
+my $lines2;
+my $col;
+foreach my $location (@locations) {
+ # Country code in upper case. (DE)
+ my $ccode_uc = $location;
+
+ # County code in lower case. (de)
+ my $ccode_lc = lc($location);
+
+ # Full name of the country based on the country code.
+ my $cname = &GeoIP::get_full_country_name($ccode_lc);
+
+ # Get flag icon for of the country.
+ my $flag_icon = &GeoIP::get_flag_icon($ccode_uc);
+
+ my $flag;
+ # Check if a flag for the country is available.
+ if ($flag_icon) {
+ $flag="<img src='$flag_icon' alt='$ccode_uc' title='$ccode_uc'>";
+ } else {
+ $flag="<b>N/A</b>";
+ }
+
+ # Checkbox pre-selection.
+ my $checked;
+ if ($settings{$ccode_uc} eq "on") {
+ $checked = "checked='checked'";
+ }
+
+ # Colour lines.
+ if ($lines % 2) {
+ $col="bgcolor='$color{'color20'}'";
+ } else {
+ $col="bgcolor='$color{'color22'}'";
+ }
+
+ # Grouping elements.
+ my $line_start;
+ my $line_end;
+ if ($lines2 % 2) {
+ # Increase lines (background color by once.
+ $lines++;
+
+ # Add empty column in front.
+ $line_start="<td $col> </td>";
+
+ # When the line number can be diveded by "2",
+ # we are going to close the line.
+ $line_end="</tr>";
+ } else {
+ # When the line number is not divideable by "2",
+ # we are starting a new line.
+ $line_start="<tr>";
+ $line_end;
+ }
+
+ print "$line_start<td align='center' $col><input type='checkbox' name='$ccode_uc' $checked></td>\n";
+ print "<td align='center' $col>$flag</td>\n";
+ print "<td align='center' $col>$ccode_uc</td>\n";
+ print "<td align='left' $col>$cname</td>$line_end\n";
+
+$lines2++;
+}
+
+print <<END;
+</table>
+
+<table width='95%'>
+ <tr>
+ <td align='right'>
+ <a href="javascript:check_all()">$Lang::tr{'check all'}</a> /
+ <a href="javascript:uncheck_all()">$Lang::tr{'uncheck all'}</a>
+ </td>
+ </tr>
+ <tr>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+ </tr>
+</table>
+
+<hr>
+
+<table width='70%'>
+ <tr>
+ <td width='5%'><img src='/images/on.gif'></td>
+ <td>$Lang::tr{'geoipblock country is blocked'}</td>
+ <td width='5%'><img src='/images/off.gif'></td>
+ <td>$Lang::tr{'geoipblock country is allowed'}</td>
+ </tr>
+</table>
+END
+
+&Header::closebox();
+print"</form>\n";
+
+&Header::closebigbox();
+&Header::closepage();
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index fe4a200..e295412 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -416,6 +416,7 @@
'bit' => 'Bit',
'bitrate' => 'Bitrate',
'bleeding rules' => 'Bleeding Edge Snort Rules',
+'block' => 'Blocken',
'blue' => 'BLAU',
'blue access' => 'Zugriff auf Blau',
'blue access use hint' => 'Sie müssen mindestens die MAC- oder die IP-Adresse für ein Gerät angeben. Optional können Sie sowohl MAC- als auch IP-Adresse angeben.',
@@ -532,6 +533,7 @@
'chain' => 'Verknüpfung',
'change passwords' => 'Passwörter ändern',
'change share' => 'Freigabeeinstellungen ändern',
+'check all' => 'Alle auswählen',
'check for net traffic update' => 'Prüfe auf Net-Traffic-Updates',
'check vpn lr' => 'Überprüfen',
'choose config' => 'Konfiguration auswählen',
@@ -1067,6 +1069,7 @@
'fwhost OpenVPN static host' => 'OpenVPN statischer Host',
'fwhost OpenVPN static network' => 'OpenVPN statisches Netzwerk',
'fwhost Standard Network' => 'Standard-Netzwerk',
+'fwhost addgeoipgrp' => 'Neue GeoIP-Gruppe hinzufügen',
'fwhost addgrp' => 'Neue Gruppe hinzufügen',
'fwhost addgrpname' => 'Gruppenname:',
'fwhost addhost' => 'Neuen Host hinzufügen',
@@ -1082,6 +1085,9 @@
'fwhost change' => 'Ändern',
'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.',
'fwhost cust addr' => 'Hosts',
+'fwhost cust geoip' => 'GeoIP-Gruppen',
+'fwhost cust geoipgroup' => 'GeoIP-Gruppen',
+'fwhost cust geoiplocation' => 'GeoIP Ländercodes',
'fwhost cust grp' => 'Gruppen',
'fwhost cust net' => 'Netzwerke',
'fwhost cust service' => 'Dienste',
@@ -1128,6 +1134,7 @@
'fwhost ipsec net' => 'IPsec-Netzwerke:',
'fwhost menu' => 'Firewallgruppen',
'fwhost netaddress' => 'Netzwerkadresse',
+'fwhost newgeoipgrp' => 'GeoIP-Gruppen',
'fwhost newgrp' => 'Netzwerk-/Hostgruppen',
'fwhost newhost' => 'Hosts',
'fwhost newnet' => 'Netzwerke',
@@ -1162,6 +1169,16 @@
'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern. Auf älterer Hardware kann es mehrere Minuten lang dauern. Bitte haben Sie etwas Geduld.',
'genkey' => 'PSK erzeugen',
'genre' => 'Genre',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Länderfilter',
+'geoipblock configuration' => 'GeoIP Konfiguration',
+'geoipblock country code' => 'Ländercode',
+'geoipblock country is allowed' => 'Eingehende Verbindungen aus diesem Land sind erlaubt.',
+'geoipblock country is blocked' => 'Eingehende Verbindungen aus diesem Land werden blockiert.',
+'geoipblock country name' => 'Ländername',
+'geoipblock enable feature' => 'GeoIP basierte Filterung aktivieren:',
+'geoipblock flag' => 'Flagge',
'global settings' => 'Globale Einstellungen',
'gpl i accept these terms and conditions' => 'Ich akzeptiere diese Bedingungen und Konditionen',
'gpl license agreement' => 'Lizenz-Vereinbarung',
@@ -2216,6 +2233,9 @@
'umount removable media before to unplug' => 'Wechselmedien vor dem Entfernen unbedingt abmelden',
'unable to alter profiles while red is active' => 'Profile können nicht geändert werden, solange ROT aktiv ist.',
'unable to contact' => 'Kann nicht erreicht werden',
+'unblock' => 'Entblocken',
+'unblock all' => 'Alle entblocken',
+'uncheck all' => 'Alle abwählen',
'unencrypted' => 'Nicht verschlüsselt',
'uninstall' => 'Deinstallieren',
'unix charset' => 'UNIX-Charset',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 174300e..80c0552 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -435,6 +435,7 @@
'bit' => 'bit',
'bitrate' => 'Bitrate',
'bleeding rules' => 'Bleeding Edge Snort Rules',
+'block' => 'Block',
'blue' => 'BLUE',
'blue access' => 'Blue Access',
'blue access use hint' => 'You have to enter the MAC or the IP Address for a device. To enter both is also possible',
@@ -550,6 +551,7 @@
'chain' => 'Chain',
'change passwords' => 'Change passwords',
'change share' => 'edit share options',
+'check all' => 'Check all',
'check for net traffic update' => 'Check for Net-Traffic updates',
'check vpn lr' => 'Check',
'choose config' => 'Choose config',
@@ -1094,6 +1096,7 @@
'fwhost OpenVPN static host' => 'OpenVPN static host',
'fwhost OpenVPN static network' => 'OpenVPN static network',
'fwhost Standard Network' => 'Standard network',
+'fwhost addgeoipgrp' => 'Add new GeoIP group',
'fwhost addgrp' => 'Add new network/host group',
'fwhost addgrpname' => 'Group name:',
'fwhost addhost' => 'Add new host',
@@ -1109,6 +1112,9 @@
'fwhost change' => 'Modify',
'fwhost changeremark' => 'You modified just the remark',
'fwhost cust addr' => 'Hosts',
+'fwhost cust geoip' => 'GeoIP Groups',
+'fwhost cust geoipgroup' => 'GeoIP Groups',
+'fwhost cust geoiplocation' => 'GeoIP Locations',
'fwhost cust grp' => 'Network/Host Groups',
'fwhost cust net' => 'Networks',
'fwhost cust service' => 'Services',
@@ -1155,6 +1161,7 @@
'fwhost ipsec net' => 'IPsec networks:',
'fwhost menu' => 'Firewall Groups',
'fwhost netaddress' => 'Network address',
+'fwhost newgeoipgrp' => 'GeoIP Groups',
'fwhost newgrp' => 'Network/Host Groups',
'fwhost newhost' => 'Hosts',
'fwhost newnet' => 'Networks',
@@ -1191,6 +1198,16 @@
'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generating the root and host certificates may take a long time. It can take up to several minutes on older hardware. Please be patient.',
'genkey' => 'Generate PSK',
'genre' => 'Genre',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Block countries',
+'geoipblock configuration' => 'GeoIP Configuration',
+'geoipblock country code' => 'Country Code',
+'geoipblock country is allowed' => 'Incoming traffic from this country is allowed',
+'geoipblock country is blocked' => 'Incoming traffic from this country will be blocked',
+'geoipblock country name' => 'Country Name',
+'geoipblock enable feature' => 'Enable GeoIP based blocking:',
+'geoipblock flag' => 'Flag',
'global settings' => 'Global Settings',
'gpl i accept these terms and conditions' => 'I accept these terms and conditions',
'gpl license agreement' => 'License Agreement',
@@ -2255,6 +2272,9 @@
'umount removable media before to unplug' => 'Umount removable media before unplugging the device',
'unable to alter profiles while red is active' => 'Unable to alter profiles while RED is active.',
'unable to contact' => 'Unable to contact',
+'unblock' => 'Unblock',
+'unblock all' => 'Unblock all',
+'uncheck all' => 'Uncheck all',
'unencrypted' => 'Unencrypted',
'uninstall' => 'Uninstall',
'unix charset' => 'UNIX Charset',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index b7c50ff..90f4237 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -866,6 +866,16 @@
'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generar los certificador root y host puede tomar mucho tiempo. Puede durar varios minutos en equipos antiguos. Por favor sea paciente.',
'genkey' => 'Generar PSK',
'genre' => 'Género',
+'geoip' => 'GeoIP',
+'geoipblock' => 'GeoIP Block',
+'geoipblock block countries' => 'Países bloqueados',
+'geoipblock configuration' => 'Configuración GeoIP',
+'geoipblock country code' => 'Código del País',
+'geoipblock country is allowed' => 'Se permite el tráfico procedente de este País',
+'geoipblock country is blocked' => 'Se deniega el tráfico procedente de este País',
+'geoipblock country name' => 'Nombre del País',
+'geoipblock enable feature' => 'Habilitar bloqueo basado GeoIP:',
+'geoipblock flag' => 'Bandera',
'global settings' => 'Configuraciones globales',
'gpl i accept these terms and conditions' => 'I accept these terms and conditions',
'gpl license agreement' => 'License Agreement',
diff --git a/lfs/configroot b/lfs/configroot
index e0bb346..601cdf6 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -64,8 +64,8 @@ $(TARGET) :
for i in auth/users backup/include.user backup/exclude.user \
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
- ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/input firewall/outgoing \
- fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
+ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
+ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
@@ -78,6 +78,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
diff --git a/lfs/perl-Text-CSV_XS b/lfs/perl-Text-CSV_XS
new file mode 100644
index 0000000..f94593f
--- /dev/null
+++ b/lfs/perl-Text-CSV_XS
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+VER = 1.12
+
+THISAPP = Text-CSV_XS-$(VER)
+DL_FILE = ${THISAPP}.tgz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = b91f2d806054b68c2a29d3da5821fe87
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/stage2 b/lfs/stage2
index 53f81d1..3203983 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -55,7 +55,7 @@ $(TARGET) :
-install -dv -m 1777 /tmp /var/tmp
-mkdir -pv /usr/{,local/}{bin,include,lib{,/sse2},sbin,src}
-mkdir -pv /usr/{,local/}share/{doc,info,locale,man}
- -mkdir -v /usr/{,local/}share/{misc,terminfo,zoneinfo}
+ -mkdir -v /usr/{,local/}share/{misc,terminfo,xt_geoip,zoneinfo}
-mkdir -pv /usr/{,local/}share/man/man{1..8}
#-for dir in /usr /usr/local; do \
# ln -sv share/{man,doc,info} $$dir; \
diff --git a/lfs/xtables-addons b/lfs/xtables-addons
new file mode 100644
index 0000000..1848dc9
--- /dev/null
+++ b/lfs/xtables-addons
@@ -0,0 +1,110 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VERSUFIX = ipfire$(KCFG)
+MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
+
+VER = 2.6
+
+THISAPP = xtables-addons-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+
+ifeq "$(USPACE)" "1"
+ TARGET = $(DIR_INFO)/$(THISAPP)
+else
+ TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX)
+endif
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 087835ba7e564481b6fd398692268340
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+ # Only build the specified modules.
+ cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
+ $(DIR_APP)/mconfig
+
+# Check if we build the modules for a kernel or the userspace parts.
+ifeq "$(USPACE)" "1"
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --without-kbuild
+
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+else
+ cd $(DIR_APP) && ./configure \
+ --with-kbuild=/usr/src/linux-$(KVER)/
+
+ cd $(DIR_APP) && make $(MAKETUNING)
+
+ # Install the built kernel modules.
+ cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
+ install -m 644 $$f $(MODPATH); \
+ done
+endif
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 316917e..6662096 100755
--- a/make.sh
+++ b/make.sh
@@ -383,6 +383,7 @@ buildipfire() {
export LOGFILE
ipfiremake configroot
ipfiremake backup
+ ipfiremake pkg-config
ipfiremake libusb
ipfiremake libusbx
ipfiremake libpcap
@@ -403,6 +404,8 @@ buildipfire() {
ipfiremake multipath-tools
ipfiremake freetype
ipfiremake grub
+ ipfiremake libmnl
+ ipfiremake iptables
case "${TARGET_ARCH}" in
i586)
@@ -413,6 +416,7 @@ buildipfire() {
ipfiremake e1000e KCFG="-pae"
# ipfiremake igb KCFG="-pae"
ipfiremake ixgbe KCFG="-pae"
+ ipfiremake xtables-addons KCFG="-pae"
ipfiremake linux-initrd KCFG="-pae"
# x86 kernel build
@@ -422,6 +426,7 @@ buildipfire() {
ipfiremake e1000e KCFG=""
# ipfiremake igb KCFG=""
ipfiremake ixgbe KCFG=""
+ ipfiremake xtables-addons KCFG=""
ipfiremake linux-initrd KCFG=""
;;
@@ -430,6 +435,7 @@ buildipfire() {
ipfiremake linux KCFG="-rpi"
ipfiremake backports KCFG="-rpi"
ipfiremake cryptodev KCFG="-rpi"
+ ipfiremake xtables-addons KCFG="-rpi"
ipfiremake linux-initrd KCFG="-rpi"
# arm multi platform (Panda, Wandboard ...) kernel build
@@ -439,6 +445,7 @@ buildipfire() {
ipfiremake e1000e KCFG="-multi"
# ipfiremake igb KCFG="-multi"
ipfiremake ixgbe KCFG="-multi"
+ ipfiremake xtables-addons KCFG="-multi"
ipfiremake linux-initrd KCFG="-multi"
# arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
@@ -448,10 +455,11 @@ buildipfire() {
ipfiremake e1000e KCFG="-kirkwood"
# ipfiremake igb KCFG="-kirkwood"
ipfiremake ixgbe KCFG="-kirkwood"
+ ipfiremake xtables-addons KCFG="-kirkwood"
ipfiremake linux-initrd KCFG="-kirkwood"
;;
esac
- ipfiremake pkg-config
+ ipfiremake xtables-addons USPACE="1"
ipfiremake openssl
ipfiremake openssl-compat
ipfiremake libgpg-error
@@ -526,8 +534,6 @@ buildipfire() {
ipfiremake mtools
ipfiremake initscripts
ipfiremake whatmask
- ipfiremake libmnl
- ipfiremake iptables
ipfiremake conntrack-tools
ipfiremake libupnp
ipfiremake ipaddr
@@ -810,6 +816,7 @@ buildipfire() {
ipfiremake squid-accounting
ipfiremake pigz
ipfiremake tmux
+ ipfiremake perl-Text-CSV_XS
ipfiremake swconfig
ipfiremake haproxy
}
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c383652..8ca02bc 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,6 +179,11 @@ iptables_init() {
iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
fi
+ # GeoIP block
+ iptables -N GEOIPBLOCK
+ iptables -A INPUT -j GEOIPBLOCK
+ iptables -A FORWARD -j GEOIPBLOCK
+
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
iptables -N IPSECINPUT
iptables -N IPSECFORWARD
diff --git a/src/initscripts/init.d/networking/red.up/99-geoip-database b/src/initscripts/init.d/networking/red.up/99-geoip-database
new file mode 100644
index 0000000..4bd3ee2
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.up/99-geoip-database
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Get the GeoIP database if no one exists yet.
+
+DIR="/usr/share/xt_geoip/*"
+
+found=false
+
+# Check if the directory contains any data.
+for i in $DIR; do
+ # Ignore "." and ".."
+ if [ -d "$i" ]; then
+ found=true
+ break
+ fi
+done
+
+# Download ruleset if none has been found.
+if ! ${found}; then
+ /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+fi
+
+exit 0
diff --git a/src/scripts/xt_geoip_build b/src/scripts/xt_geoip_build
new file mode 100644
index 0000000..202156f
--- /dev/null
+++ b/src/scripts/xt_geoip_build
@@ -0,0 +1,89 @@
+#!/usr/bin/perl
+#
+# Converter for MaxMind CSV database to binary, for xt_geoip
+# Copyright © Jan Engelhardt, 2008-2011
+#
+use Getopt::Long;
+use IO::Handle;
+use Text::CSV_XS; # or trade for Text::CSV
+use strict;
+
+my $csv = Text::CSV_XS->new({
+ allow_whitespace => 1,
+ binary => 1,
+ eol => $/,
+}); # or Text::CSV
+my $target_dir = ".";
+
+&Getopt::Long::Configure(qw(bundling));
+&GetOptions(
+ "D=s" => \$target_dir,
+);
+
+if (!-d $target_dir) {
+ print STDERR "Target directory $target_dir does not exist.\n";
+ exit 1;
+}
+
+my $dir = "$target_dir/LE";
+if (!-e $dir && !mkdir($dir)) {
+ print STDERR "Could not mkdir $dir: $!\n";
+ exit 1;
+}
+
+&dump(&collect());
+
+sub collect
+{
+ my %country;
+
+ while (my $row = $csv->getline(*ARGV)) {
+ if (!defined($country{$row->[4]})) {
+ $country{$row->[4]} = {
+ name => $row->[5],
+ pool_v4 => [],
+ pool_v6 => [],
+ };
+ }
+ my $c = $country{$row->[4]};
+
+ push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]);
+
+ if ($. % 4096 == 0) {
+ print STDERR "\r\e[2K$. entries";
+ }
+ }
+
+ print STDERR "\r\e[2K$. entries total\n";
+ return \%country;
+}
+
+sub dump
+{
+ my $country = shift @_;
+
+ foreach my $iso_code (sort keys %$country) {
+ &dump_one($iso_code, $country->{$iso_code});
+ }
+}
+
+sub dump_one
+{
+ my($iso_code, $country) = @_;
+ my($file, $fh_le, $fh_be);
+
+ printf "%5u IPv4 ranges for %s %s\n",
+ scalar(@{$country->{pool_v4}}),
+ $iso_code, $country->{name};
+
+ $file = "$target_dir/LE/".uc($iso_code).".iv4";
+ if (!open($fh_le, "> $file")) {
+ print STDERR "Error opening $file: $!\n";
+ exit 1;
+ }
+ foreach my $range (@{$country->{pool_v4}}) {
+ print $fh_le pack("VV", $range->[0], $range->[1]);
+ #print $fh_be pack("NN", $range->[0], $range->[1]);
+ }
+ close $fh_le;
+}
diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update
new file mode 100644
index 0000000..0ee7744
--- /dev/null
+++ b/src/scripts/xt_geoip_update
@@ -0,0 +1,137 @@
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 IPFire Development Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+TMP_PATH=$(mktemp -d)
+TMP_FILE=$(mktemp -p $TMP_PATH)
+
+SCRIPT_PATH=/usr/local/bin
+DEST_PATH=/usr/share/xt_geoip
+
+DL_URL=http://geolite.maxmind.com/download/geoip/database
+DL_FILE=GeoIPCountryCSV.zip
+
+CSV_FILE=GeoIPCountryWhois.csv
+
+ARCH=LE
+
+eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
+
+function download() {
+ echo "Downloading latest GeoIP ruleset..."
+
+ # Create temporary directory.
+ mkdir -pv $TMP_PATH
+
+ # Proxy settings.
+ # Check if a proxy should be used.
+ if [[ $UPSTREAM_PROXY ]]; then
+ PROXYSETTINGS="-e http_proxy=http://"
+
+ # Check if authentication against the proxy is configured.
+ if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
+ PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
+ fi
+
+ # Add proxy server.
+ PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
+ fi
+
+ # Get the latest GeoIP database from server.
+ wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
+
+ # Extract files.
+ unzip $TMP_FILE -d $TMP_PATH
+
+ return 0
+}
+
+function build() {
+ echo "Convert database..."
+
+ # Check if the csv file exists.
+ if [ ! -e $TMP_PATH/$CSV_FILE ]; then
+ echo "$TMP_PATH/$CSV_FILE not found. Exiting."
+ return 1
+ fi
+
+ # Run script to convert the CSV file into several xtables
+ # compatible binary files.
+ if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then
+ echo "Could not convert ruleset. Aborting." >&2
+ return 1
+ fi
+
+ return 0
+}
+
+function install() {
+ echo "Install databases..."
+
+ # Check if our destination exist.
+ if [ ! -e "$DEST_PATH" ]; then
+ mkdir -p $DEST_PATH &>/dev/null
+ fi
+
+ # Install databases.
+ if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then
+ echo "Could not copy files. Aborting." >&2
+ return 1
+ fi
+
+ return 0
+}
+
+function cleanup() {
+ echo "Cleaning up temporary files..."
+ if ! rm -rf $TMP_PATH &>/dev/null; then
+ echo "Could not remove files. Aborting." >&2
+ return 1
+ fi
+
+ return 0
+}
+
+function main() {
+ # Download ruleset.
+ download || exit $?
+
+ # Convert the ruleset.
+ if ! build; then
+ # Do cleanup.
+ cleanup || exit $?
+ exit 1
+ fi
+
+ # Install the converted ruleset.
+ if ! install; then
+ # Do cleanup.
+ cleanup || exit $?
+ exit 1
+ fi
+
+ # Finaly remove temporary files.
+ cleanup || exit $?
+
+ return 0
+}
+
+# Run the main function.
+main
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2015-04-18 14:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150418141612.6147E21EA6@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox