[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 9fcba2b5df715041e4a9057e749de2faee46e508

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 12008 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  9fcba2b5df715041e4a9057e749de2faee46e508 (commit)
       via  32d91ecad81e1d18b5631d9a58692725926cc908 (commit)
       via  977007bfd9b463e9c6418ccf1547dee0944cc82b (commit)
       via  a3712ff967ddc5dff05a39a8319981ba9b42b6a6 (commit)
       via  2f662bf05894c031754e4e7d9c807709a72bb674 (commit)
       via  8e7c5e65ad3ad6ab9005b0018b9dfaa4532183b4 (commit)
      from  c485f38c996cab87c98a78f1cadc2c2197d30625 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9fcba2b5df715041e4a9057e749de2faee46e508
Merge: 32d91ec c485f38
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:24:12 2016 +0100

    Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

commit 32d91ecad81e1d18b5631d9a58692725926cc908
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:23:22 2016 +0100

    conntrack: Remove old disable_nf_sip indicator file
    
    This is not used any more and not needed either.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 977007bfd9b463e9c6418ccf1547dee0944cc82b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:22:31 2016 +0100

    core101: Migrate conntrack settings that broke in 100
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a3712ff967ddc5dff05a39a8319981ba9b42b6a6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:15:55 2016 +0100

    core101: Add recent changes on firewall
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 2f662bf05894c031754e4e7d9c807709a72bb674
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:14:14 2016 +0100

    optionsfw.cgi: Clean up code
    
    Add translation to radio buttons. No functional changes.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 8e7c5e65ad3ad6ab9005b0018b9dfaa4532183b4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Apr 20 16:04:24 2016 +0100

    firewall: Fix connection tracking for PPTP
    
    GRE connections were not correctly forwarded without the helper
    being enabled. Choosing the wrong protocol here did not allow
    us to load it properly.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/configroot        |  1 -
 config/rootfiles/core/101/filelists/files |  2 +
 config/rootfiles/core/101/update.sh       | 16 ++++++++
 html/cgi-bin/optionsfw.cgi                | 65 +++++++++++++++++++++++++------
 lfs/configroot                            |  2 +-
 src/initscripts/init.d/firewall           |  2 +-
 6 files changed, 73 insertions(+), 15 deletions(-)

Difference in files:
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 71539ef..f37f97e 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -94,7 +94,6 @@ var/ipfire/logging
 var/ipfire/mac
 #var/ipfire/mac/settings
 var/ipfire/main
-#var/ipfire/main/disable_nf_sip
 #var/ipfire/main/hosts
 #var/ipfire/main/routing
 #var/ipfire/main/settings
diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files
index 0f75ac8..c04cff6 100644
--- a/config/rootfiles/core/101/filelists/files
+++ b/config/rootfiles/core/101/filelists/files
@@ -1,5 +1,7 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/firewall
 srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/ipinfo.cgi
+srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/config/rootfiles/core/101/update.sh b/config/rootfiles/core/101/update.sh
index f448474..eb81d61 100644
--- a/config/rootfiles/core/101/update.sh
+++ b/config/rootfiles/core/101/update.sh
@@ -50,6 +50,22 @@ extract_files
 # update linker config
 ldconfig
 
+# Fix conntrack configuration
+for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do
+	if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then
+		echo "${i}=on"
+	fi
+done >> /var/ipfire/optionsfw/settings
+
+# Special handling for SIP
+if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then
+	if [ -e "/var/ipfire/main/disable_nf_sip" ]; then
+		echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings
+		rm -f /var/ipfire/main/disable_nf_sip
+	else
+		echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings
+	fi
+fi
 
 # Update Language cache
 #/usr/local/bin/update-lang-cache
diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
index 7a0e8e0..1ab3c7d 100644
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -129,6 +129,9 @@ $checked{'CONNTRACK_H323'}{$settings{'CONNTRACK_H323'}} = "checked='checked'";
 $checked{'CONNTRACK_IRC'}{'off'} = '';
 $checked{'CONNTRACK_IRC'}{'on'} = '';
 $checked{'CONNTRACK_IRC'}{$settings{'CONNTRACK_IRC'}} = "checked='checked'";
+$checked{'CONNTRACK_PPTP'}{'off'} = '';
+$checked{'CONNTRACK_PPTP'}{'on'} = '';
+$checked{'CONNTRACK_PPTP'}{$settings{'CONNTRACK_PPTP'}} = "checked='checked'";
 $checked{'CONNTRACK_SIP'}{'off'} = '';
 $checked{'CONNTRACK_SIP'}{'on'} = '';
 $checked{'CONNTRACK_SIP'}{$settings{'CONNTRACK_SIP'}} = "checked='checked'";
@@ -239,21 +242,59 @@ END
 <tr><td align='left' width='60%'>$Lang::tr{'fw settings dropdown'}</td><td align='left'>on <input type='radio' name='SHOWDROPDOWN' value='on' $checked{'SHOWDROPDOWN'}{'on'} />/
 																						<input type='radio' name='SHOWDROPDOWN' value='off' $checked{'SHOWDROPDOWN'}{'off'} /> off</td></tr>																																																												
 </table>
+
 <br />
-<table width='95%' cellspacing='0'>
-<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'application layer gateways'}</b></td></tr>
-<tr><td align='left' width='60%'>FTP</td><td align='left'>on <input type='radio' name='CONNTRACK_FTP' value='on' $checked{'CONNTRACK_FTP'}{'on'} />/
-																						<input type='radio' name='CONNTRACK_FTP' value='off' $checked{'CONNTRACK_FTP'}{'off'} /> off</td></tr>
-<tr><td align='left' width='60%'>H.323</td><td align='left'>on <input type='radio' name='CONNTRACK_H323' value='on' $checked{'CONNTRACK_H323'}{'on'} />/
-																						<input type='radio' name='CONNTRACK_H323' value='off' $checked{'CONNTRACK_H323'}{'off'} /> off</td></tr>
-<tr><td align='left' width='60%'>IRC</td><td align='left'>on <input type='radio' name='CONNTRACK_IRC' value='on' $checked{'CONNTRACK_IRC'}{'on'} />/
-																						<input type='radio' name='CONNTRACK_IRC' value='off' $checked{'CONNTRACK_IRC'}{'off'} /> off</td></tr>
-<tr><td align='left' width='60%'>SIP</td><td align='left'>on <input type='radio' name='CONNTRACK_SIP' value='on' $checked{'CONNTRACK_SIP'}{'on'} />/
-																						<input type='radio' name='CONNTRACK_SIP' value='off' $checked{'CONNTRACK_SIP'}{'off'} /> off</td></tr>
-<tr><td align='left' width='60%'>TFTP</td><td align='left'>on <input type='radio' name='CONNTRACK_TFTP' value='on' $checked{'CONNTRACK_TFTP'}{'on'} />/
-																						<input type='radio' name='CONNTRACK_TFTP' value='off' $checked{'CONNTRACK_TFTP'}{'off'} /> off</td></tr>
 
+<table width='95%' cellspacing='0'>
+	<tr bgcolor='$color{'color20'}'>
+		<td colspan='2' align='left'>
+			<b>$Lang::tr{'application layer gateways'}</b>
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>FTP</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_FTP' value='on' $checked{'CONNTRACK_FTP'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_FTP' value='off' $checked{'CONNTRACK_FTP'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>H.323</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_H323' value='on' $checked{'CONNTRACK_H323'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_H323' value='off' $checked{'CONNTRACK_H323'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>IRC</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_IRC' value='on' $checked{'CONNTRACK_IRC'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_IRC' value='off' $checked{'CONNTRACK_IRC'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>PPTP</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_PPTP' value='on' $checked{'CONNTRACK_PPTP'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_PPTP' value='off' $checked{'CONNTRACK_PPTP'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>SIP</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_SIP' value='on' $checked{'CONNTRACK_SIP'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_SIP' value='off' $checked{'CONNTRACK_SIP'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align='left' width='60%'>TFTP</td>
+		<td align='left'>
+			$Lang::tr{'on'} <input type='radio' name='CONNTRACK_TFTP' value='on' $checked{'CONNTRACK_TFTP'}{'on'} /> /
+			<input type='radio' name='CONNTRACK_TFTP' value='off' $checked{'CONNTRACK_TFTP'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
 </table>
+
 <br />
 <table width='95%' cellspacing='0'>
 <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw default drop'}</b></td></tr>
diff --git a/lfs/configroot b/lfs/configroot
index f8e9ce4..f02894e 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -66,7 +66,7 @@ $(TARGET) :
 	    dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
 	    ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
 	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
-	    isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
+	    isdn/settings mac/settings main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
 	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
 	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
 	    qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index cb52670..1d6309c 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -128,7 +128,7 @@ iptables_init() {
 	if [ "${CONNTRACK_PPTP}" = "on" ]; then
 		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
 			-m helper --helper pptp -j ACCEPT
-		iptables -t raw -A CONNTRACK -p udp --dport 1723 -j CT --helper pptp
+		iptables -t raw -A CONNTRACK -p tcp --dport 1723 -j CT --helper pptp
 	fi
 
 	# TFTP


hooks/post-receive
--
IPFire 2.x development tree