From mboxrd@z Thu Jan  1 00:00:00 1970
From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 4d2c384543fdd50b2471a5442f7f91361f6a74ff
Date: Sun, 01 Jul 2018 13:37:45 +0100
Message-ID: <20180701123746.CB5EA1081BCF@git01.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8388000581020815116=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============8388000581020815116==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  4d2c384543fdd50b2471a5442f7f91361f6a74ff (commit)
       via  05375f12755c426d4153a3e93251cb26f4cd539c (commit)
       via  6cedc16d90cbce2d09c909d1dd79119bd161b344 (commit)
       via  54e3be22f263e7135c039b98744ecdfa694f53e9 (commit)
       via  a44eed2536009e8e7c929eb9aa13ca9d730b627f (commit)
       via  9aeae881332edf777a7defe06260891d8d081ea5 (commit)
       via  352796cad7aa2f40ac983149d9fc9928fd1a0f1d (commit)
       via  df5cc48dd685bc83e3196ef35ee9f507c66d79a2 (commit)
       via  0779907e1b8ba65516280234ff6d90aa244340f8 (commit)
       via  79d32988c52b65d5254c991e7a41367451af21a6 (commit)
       via  1ff69fca2a336c71ccd9d13846d0501f128d916e (commit)
       via  c6e5fcdf127bac77d2b34d9e84dbb6eb5fdda146 (commit)
       via  eeab80f8dcb7ad8564ac684e014f1a67be82923e (commit)
       via  733fae2abe50fb190ff1cd96c2de39558ed3ed9d (commit)
       via  46a5bac6ed7aa1e03200d26eeaaad65bd35ee5ef (commit)
       via  080e79f149257dd23fd25c35f498083fc1a862a1 (commit)
       via  dc845b6c81cfd8622e4c060e08edf8c22ff68e1a (commit)
       via  eb7ccf87c566f32557088d09fa69fdcdeef2a1be (commit)
       via  464c27554ced7b1d4fbb0d454bb7db2856d2af34 (commit)
       via  9a56118b61ae307e2cceac44df0ff867cc5bf6aa (commit)
       via  787469ebd6349c688443995146535de781f755de (commit)
       via  475ae4b3dbb29ba67a16e48910d3fa8130a8b2c3 (commit)
       via  470e85c3652ca52393fca8204a1052471753aa8b (commit)
       via  2e42a9eaa15d43885b46dd977c540293446d641a (commit)
       via  48a7737fdd50db0384e0c999a768c7cf3052200b (commit)
       via  f487e373930472b234f637a03273604d3c7a241c (commit)
       via  4c0bd63ea4c21eb8140eb5a54b2eeda4b43b7e8e (commit)
       via  a1c5ceeb347e75f03e042c2e90bb23d6024a4641 (commit)
       via  4e9000b4d8435d952cca982020ca70f8d64b45ec (commit)
       via  c7141f04791dc1c3bf6799e260497be614201a75 (commit)
       via  8f2c3b49b6b12a1edad5e4f0cd3feb0beda22c21 (commit)
       via  16c31d10040db4f175642376b284a0f98609e19e (commit)
       via  7d06d0de7b7ec2f6a8ccf4b7c179f2538780beb1 (commit)
       via  0f224ad770d01494db31c875ef2e31a766735527 (commit)
       via  1a0d8b0573cd4cb573cf891f2ac26520fa5573bb (commit)
       via  c86fd963d20b82593032c3c4b2d47dbdaa9def1a (commit)
       via  607240e28c4f1572b3d7735c6e2a45387a90ea6d (commit)
       via  3273ff48f04fe01364eb413966d7afb351a9cb41 (commit)
       via  0009de91e886514e05002eed1286f6007dea3876 (commit)
       via  8b59ef085e4de8ea38e0ac9859c72f5a93194c9d (commit)
       via  7fa83c2fe79fd2f3f32885707591637f559401a3 (commit)
       via  fd52e82a7252a7559c694fce6570aab461c331e3 (commit)
       via  d97ba75fe5634055850deda7a594d52e901dbe75 (commit)
       via  6723afef0922295dbd8ea66171270040b0edc002 (commit)
       via  bd3bcb45d611f1e5f39fae07f6c5b189c1e64560 (commit)
       via  563c50216300ab2078fabfe305fea93aaeb2d5e5 (commit)
       via  348360292979236e94a8e44fa8c4668941ad95da (commit)
       via  1c21ebf8d5464d3d84e8d2dc247a77870f3961df (commit)
       via  1f2a90b5521eec74569c8d6f1a9902fc0aa44bbf (commit)
      from  bc91a66281193d7fca60858e5efed5ec73ad9fe0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4d2c384543fdd50b2471a5442f7f91361f6a74ff
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 13:34:56 2018 +0100

    core123: Ship changed vpnmain.cgi
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 05375f12755c426d4153a3e93251cb26f4cd539c
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Sat Jun 30 17:18:30 2018 +0200

    add ChaCha20/Poly1305 to IPsec WebUI
   =20
    The algorithm is selected by default since it is considered
    to be both secure and state-of-the-art. This required Linux kernel
    > 4.2, which is satisfied by Core Update 2.12 122.
   =20
    Fixes #11549
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 6cedc16d90cbce2d09c909d1dd79119bd161b344
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Sat Jun 30 17:15:22 2018 +0200

    update cryptography settings in StrongSwan LFS file
   =20
    The RC2 plugin was never supported by the WebUI and is insecure,
    so it became obsolete here. To support new ChaCha20/Poly1305, the
    corresponding module needs to be enabled.
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 54e3be22f263e7135c039b98744ecdfa694f53e9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 13:34:19 2018 +0100

    core123: Ship updated packages and files
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a44eed2536009e8e7c929eb9aa13ca9d730b627f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 12:38:48 2018 +0100

    proxy.cgi: The group name cannot be in quotes
   =20
    Squid interprets the quotes as part of the group name, too
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 9aeae881332edf777a7defe06260891d8d081ea5
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Wed Jun 20 17:00:36 2018 +0200

    smartmontools: update to 6.6.
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 352796cad7aa2f40ac983149d9fc9928fd1a0f1d
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Wed Jun 20 17:04:26 2018 +0200

    lynis: update to 2.6.4
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit df5cc48dd685bc83e3196ef35ee9f507c66d79a2
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Sat Jun 30 17:16:37 2018 +0200

    update StrongSwan to 5.6.3
   =20
    This also takes advantage of changed crypto plugins (see first
    patch) and updates the rootfile.
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 0779907e1b8ba65516280234ff6d90aa244340f8
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Sat Jun 30 12:07:15 2018 +0200

    libgcrypt: update to 1.8.3
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 79d32988c52b65d5254c991e7a41367451af21a6
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Mon Jun 25 17:31:01 2018 +0200

    unbound: Update to 1.7.3
   =20
    For details see:
    http://www.unbound.net/download.html
   =20
    Best,
    Matthias
   =20
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 1ff69fca2a336c71ccd9d13846d0501f128d916e
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date:   Thu Jun 21 13:54:36 2018 +0200

    OpenVPN: Update to version 2.4.6
   =20
    Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit c6e5fcdf127bac77d2b34d9e84dbb6eb5fdda146
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Wed Jun 20 17:13:01 2018 +0200

    conntrack-tools: update to 1.4.5
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit eeab80f8dcb7ad8564ac684e014f1a67be82923e
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Wed Jun 20 17:11:28 2018 +0200

    libnetfilter_conntrack: update to 1.0.7
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 733fae2abe50fb190ff1cd96c2de39558ed3ed9d
Author: Peter M=C3=BCller <peter.mueller(a)link38.eu>
Date:   Wed Jun 20 17:09:05 2018 +0200

    iptables: update to 1.6.2
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 46a5bac6ed7aa1e03200d26eeaaad65bd35ee5ef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 12:24:25 2018 +0100

    vpnmain.cgi: Remove unused code that prevented the page from loading with=
out GREEN
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 080e79f149257dd23fd25c35f498083fc1a862a1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 12:21:59 2018 +0100

    Don't show proxy configuration pages when GREEN is not available
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit dc845b6c81cfd8622e4c060e08edf8c22ff68e1a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 12:15:00 2018 +0100

    AWS: Hide certain things on the web UI
   =20
    Those are practically unusable on AWS.
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit eb7ccf87c566f32557088d09fa69fdcdeef2a1be
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:54:51 2018 +0100

    AWS: Store instance id
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 464c27554ced7b1d4fbb0d454bb7db2856d2af34
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:52:54 2018 +0100

    aws: Re-enable check if we are actually running on EC2
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 9a56118b61ae307e2cceac44df0ff867cc5bf6aa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:51:39 2018 +0100

    aws: Suppress any output from ending dhclient
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 787469ebd6349c688443995146535de781f755de
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:51:18 2018 +0100

    aws: No need to wake up udev again
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 475ae4b3dbb29ba67a16e48910d3fa8130a8b2c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:49:57 2018 +0100

    firewall: Suppress more warnings when initialising without GREEN
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 470e85c3652ca52393fca8204a1052471753aa8b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:44:14 2018 +0100

    AWS: Rename network interfaces only when necessary
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 2e42a9eaa15d43885b46dd977c540293446d641a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 11:43:35 2018 +0100

    AWS: Import SSH keys before meddling with the network
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 48a7737fdd50db0384e0c999a768c7cf3052200b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jul 1 10:32:31 2018 +0100

    firewall: Allow starting without a green interface
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit f487e373930472b234f637a03273604d3c7a241c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 20:35:29 2018 +0100

    AWS: No need to restart udev any more
   =20
    The renames the network interfaces itself now
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 4c0bd63ea4c21eb8140eb5a54b2eeda4b43b7e8e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:58:42 2018 +0100

    localnet: Don't write local hostname to /etc/hosts
   =20
    This is now being provided by nss-myhostname
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a1c5ceeb347e75f03e042c2e90bb23d6024a4641
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:56:56 2018 +0100

    nsswitch.conf: Use nss-myhostname to resolve local hostname
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 4e9000b4d8435d952cca982020ca70f8d64b45ec
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:51:38 2018 +0100

    nss-myhostname: New package
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit c7141f04791dc1c3bf6799e260497be614201a75
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:40:31 2018 +0100

    AWS: Rename all interfaces when booting up
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 8f2c3b49b6b12a1edad5e4f0cd3feb0beda22c21
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:25:29 2018 +0100

    aws: Apply SSH configuration changes
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 16c31d10040db4f175642376b284a0f98609e19e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jun 30 19:25:15 2018 +0100

    openssh: Write port 22 into the default configuration file
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 7d06d0de7b7ec2f6a8ccf4b7c179f2538780beb1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Jun 28 11:15:29 2018 +0100

    AWS: Restart udev to rename network interfaces
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 0f224ad770d01494db31c875ef2e31a766735527
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Jun 28 11:01:33 2018 +0100

    AWS: Add support for ORANGE
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 1a0d8b0573cd4cb573cf891f2ac26520fa5573bb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Jun 28 10:57:50 2018 +0100

    AWS: Remove some debugging line
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit c86fd963d20b82593032c3c4b2d47dbdaa9def1a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Jun 28 10:57:13 2018 +0100

    AWS: Calculate gateway and DNS IP addresses only for RED
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 607240e28c4f1572b3d7735c6e2a45387a90ea6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Jun 28 10:55:24 2018 +0100

    AWS: Use correct IP address for the internal DNS
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 3273ff48f04fe01364eb413966d7afb351a9cb41
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 27 10:05:55 2018 +0100

    aws: Write HOSTNAME and DOMAINNAME when not set
   =20
    Previously we expected the entire settings file to be empty
    but since we are now shipping some defaults for other settings.
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 0009de91e886514e05002eed1286f6007dea3876
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 27 09:59:47 2018 +0100

    Ship default settings for language, theme, etc. in all images
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 8b59ef085e4de8ea38e0ac9859c72f5a93194c9d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 27 09:56:32 2018 +0100

    aws: Ensure that SSH checkbox is enabled, too
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 7fa83c2fe79fd2f3f32885707591637f559401a3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 27 09:55:09 2018 +0100

    aws: Enable SSH on the first start
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit fd52e82a7252a7559c694fce6570aab461c331e3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 11:08:04 2018 +0100

    setup: Write /etc/hosts in initscript
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit d97ba75fe5634055850deda7a594d52e901dbe75
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 11:01:24 2018 +0100

    setup: Don't write configuration files for TCP wrapper any more
   =20
    This has been removed from the distribution a long time ago
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 6723afef0922295dbd8ea66171270040b0edc002
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 10:59:49 2018 +0100

    apache: Write hostname into configuration at boot time
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit bd3bcb45d611f1e5f39fae07f6c5b189c1e64560
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 10:55:39 2018 +0100

    AWS: Import aws setup script
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 563c50216300ab2078fabfe305fea93aaeb2d5e5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 10:54:36 2018 +0100

    dhcp: Ship dhclient
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 348360292979236e94a8e44fa8c4668941ad95da
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 25 10:53:53 2018 +0100

    ssh: Update default configuration
   =20
    This patch removes an old switch to enable SSH 1 and
    makes port 22 the default port.
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 1c21ebf8d5464d3d84e8d2dc247a77870f3961df
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 6 12:19:17 2018 +0100

    Add initscript that automatically configures IPFire on AWS EC2
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 1f2a90b5521eec74569c8d6f1a9902fc0aa44bbf
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Wed Jun 6 12:06:54 2018 +0100

    flash-image: Make sure that GRUB boots the first entry
   =20
    This is required when importing an image into AWS EC2 or
    the import of the image fails.
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 .../cfgroot/aws-functions.pl                       |  18 +-
 config/cfgroot/header.pl                           |  24 ++
 config/cfgroot/main-settings                       |   5 +
 config/cfgroot/ssh-settings                        |   3 +-
 config/etc/nsswitch.conf                           |   2 +-
 config/firewall/firewall-policy                    |  18 +-
 config/rootfiles/common/aarch64/initscripts        |   3 +
 config/rootfiles/common/armv5tel/initscripts       |   3 +
 config/rootfiles/common/configroot                 |   1 +
 config/rootfiles/common/conntrack-tools            |  13 +
 config/rootfiles/common/dhcp                       |   2 +-
 config/rootfiles/common/i586/initscripts           |   3 +
 config/rootfiles/common/iptables                   |  18 +-
 config/rootfiles/common/libgcrypt                  |   2 +-
 config/rootfiles/common/libnetfilter_conntrack     |   3 +-
 config/rootfiles/common/nss-myhostname             |   4 +
 config/rootfiles/common/strongswan                 |   6 +-
 config/rootfiles/common/unbound                    |   2 +-
 config/rootfiles/common/x86_64/initscripts         |   3 +
 .../110 =3D> core/123}/filelists/conntrack-tools     |   0
 config/rootfiles/core/123/filelists/files          |   9 +
 .../{oldcore/28 =3D> core/123}/filelists/iptables    |   0
 config/rootfiles/core/123/filelists/nss-myhostname |   1 +
 .../{oldcore/106 =3D> core/123}/filelists/strongswan |   0
 config/rootfiles/packages/lynis                    |  47 +++-
 html/cgi-bin/proxy.cgi                             |   4 +-
 html/cgi-bin/vpnmain.cgi                           |  22 +-
 lfs/apache2                                        |   2 +-
 lfs/configroot                                     |   2 +
 lfs/conntrack-tools                                |   4 +-
 lfs/flash-images                                   |   8 +-
 lfs/initscripts                                    |   1 +
 lfs/iptables                                       |   5 +-
 lfs/libgcrypt                                      |   4 +-
 lfs/libnetfilter_conntrack                         |   4 +-
 lfs/lynis                                          |   6 +-
 lfs/{libpcap =3D> nss-myhostname}                    |  14 +-
 lfs/openssh                                        |   2 +-
 lfs/openvpn                                        |   4 +-
 lfs/smartmontools                                  |   4 +-
 lfs/strongswan                                     |   7 +-
 lfs/unbound                                        |   4 +-
 make.sh                                            |   1 +
 src/initscripts/helper/aws-setup                   | 276 +++++++++++++++++++=
++
 src/initscripts/system/apache                      |   3 +
 src/initscripts/system/aws                         |  80 ++++++
 src/initscripts/system/firewall                    |  10 +-
 src/initscripts/system/localnet                    |   9 +
 src/initscripts/system/udev                        |  10 +-
 src/setup/misc.c                                   |  91 -------
 50 files changed, 585 insertions(+), 182 deletions(-)
 copy src/paks/wio/uninstall.sh =3D> config/cfgroot/aws-functions.pl (89%)
 create mode 100644 config/cfgroot/main-settings
 create mode 100644 config/rootfiles/common/nss-myhostname
 copy config/rootfiles/{oldcore/110 =3D> core/123}/filelists/conntrack-tools =
(100%)
 copy config/rootfiles/{oldcore/28 =3D> core/123}/filelists/iptables (100%)
 create mode 120000 config/rootfiles/core/123/filelists/nss-myhostname
 copy config/rootfiles/{oldcore/106 =3D> core/123}/filelists/strongswan (100%)
 copy lfs/{libpcap =3D> nss-myhostname} (92%)
 create mode 100644 src/initscripts/helper/aws-setup
 create mode 100644 src/initscripts/system/aws

Difference in files:
diff --git a/config/cfgroot/aws-functions.pl b/config/cfgroot/aws-functions.pl
new file mode 100644
index 000000000..5fd97125c
--- /dev/null
+++ b/config/cfgroot/aws-functions.pl
@@ -0,0 +1,34 @@
+#!/usr/bin/perl -w
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2018 IPFire Team <info(a)ipfire.org>.                       =
 #
+#                                                                          #
+############################################################################
+
+package AWS;
+
+sub running_on_ec2() {
+	if (-e "/var/run/aws-instance-id") {
+		return 1;
+	}
+
+	return 0;
+}
+
+1;
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 974c4d8b2..e8d9d377c 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -19,6 +19,8 @@ use Time::Local;
=20
 $|=3D1; # line buffering
=20
+require "/var/ipfire/aws-functions.pl";
+
 $Header::revision =3D 'final';
 $Header::swroot =3D '/var/ipfire';
 $Header::graphdir=3D'/srv/web/ipfire/html/graphs';
@@ -97,6 +99,14 @@ require "${swroot}/langs/en.pl";
 require "${swroot}/langs/${language}.pl";
 eval `/bin/cat /srv/web/ipfire/html/themes/$THEME_NAME/include/functions.pl`;
=20
+sub green_used() {
+    if ($ethsettings{'GREEN_DEV'} && $ethsettings{'GREEN_DEV'} ne "") {
+        return 1;
+    }
+
+    return 0;
+}
+
 sub orange_used () {
     if ($ethsettings{'CONFIG_TYPE'} =3D~ /^[24]$/) {
 	return 1;
@@ -161,6 +171,20 @@ sub genmenu {
     if ( $ethsettings{'RED_TYPE'} eq "PPPOE" && $pppsettings{'MONPORT'} ne "=
" ) {
         $menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} =3D =
1;
     }
+
+    # Disbale unusable things on EC2
+    if (&AWS::running_on_ec2()) {
+        $menu->{'03.network'}{'subMenu'}->{'30.dhcp'}{'enabled'} =3D 0;
+        $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} =
=3D 0;
+        $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} =3D 0;
+    }
+
+    # Disable proxy when no GREEN is available
+    if (!&green_used()) {
+        $menu->{'03.network'}{'subMenu'}->{'20.proxy'}{'enabled'} =3D 0;
+        $menu->{'03.network'}{'subMenu'}->{'21.urlfilter'}{'enabled'} =3D 0;
+        $menu->{'03.network'}{'subMenu'}->{'22.updxlrator'}{'enabled'} =3D 0;
+    }
   }
 }
=20
diff --git a/config/cfgroot/main-settings b/config/cfgroot/main-settings
new file mode 100644
index 000000000..7d4e7fb79
--- /dev/null
+++ b/config/cfgroot/main-settings
@@ -0,0 +1,5 @@
+THEME=3Dipfire
+LANGUAGE=3Den
+RRDLOG=3D/var/log/rrd
+KEYMAP=3D/lib/kbd/keymaps/i386/qwerty/us.map.gz
+TIMEZONE=3D/usr/share/zoneinfo/posix/UTC
diff --git a/config/cfgroot/ssh-settings b/config/cfgroot/ssh-settings
index 83b8876dd..5741431c1 100644
--- a/config/cfgroot/ssh-settings
+++ b/config/cfgroot/ssh-settings
@@ -1,6 +1,5 @@
 ENABLE_SSH_KEYS=3Doff
-ENABLE_SSH_PROTOCOL1=3Doff
 ENABLE_SSH_PASSWORDS=3Don
 ENABLE_SSH_PORTFW=3Doff
 ENABLE_SSH=3Doff
-__CGI__=3DCGI=3DHASH(0x840b7a0)
+SSH_PORT=3Don
diff --git a/config/etc/nsswitch.conf b/config/etc/nsswitch.conf
index 067e63b48..468fd1c88 100644
--- a/config/etc/nsswitch.conf
+++ b/config/etc/nsswitch.conf
@@ -4,7 +4,7 @@ passwd: files
 group: files
 shadow: files
=20
-hosts: files dns
+hosts: files dns myhostname
 networks: files
=20
 protocols: files
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index cbba3b021..c0a526f22 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -58,7 +58,9 @@ HAVE_OPENVPN=3D"true"
 # INPUT
=20
 # Allow access from GREEN
-iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+if [ -n "${GREEN_DEV}" ]; then
+	iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+fi
=20
 # Allow access from BLUE
 if [ "${HAVE_BLUE}" =3D "true" ] && [ -n "${BLUE_DEV}" ]; then
@@ -119,12 +121,14 @@ case "${POLICY}" in
=20
 	*)
 		# Access from GREEN is granted to everywhere
-		if [ "${IFACE}" =3D "${GREEN_DEV}" ]; then
-			# internet via green
-			# don't check source IP/NET if IFACE is GREEN
-			iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
-		else
-			iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_N=
ETMASK}" -j ACCEPT
+		if [ -n "${GREEN_DEV}" ]; then
+			if [ "${IFACE}" =3D "${GREEN_DEV}" ]; then
+				# internet via green
+				# don't check source IP/NET if IFACE is GREEN
+				iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+			else
+				iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_=
NETMASK}" -j ACCEPT
+			fi
 		fi
=20
 		# Grant access for IPsec VPN connections
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/c=
ommon/aarch64/initscripts
index 9e9e1a71a..3cb05d95f 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -1,10 +1,12 @@
 etc/init.d
 #etc/rc.d
 #etc/rc.d/helper
+etc/rc.d/helper/aws-setup
 etc/rc.d/helper/getdnsfromdhcpc.pl
 #etc/rc.d/init.d
 etc/rc.d/init.d/acpid
 etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
 etc/rc.d/init.d/beep
 etc/rc.d/init.d/checkfs
 etc/rc.d/init.d/cleanfs
@@ -184,6 +186,7 @@ etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/=
common/armv5tel/initscripts
index 9e9e1a71a..3cb05d95f 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -1,10 +1,12 @@
 etc/init.d
 #etc/rc.d
 #etc/rc.d/helper
+etc/rc.d/helper/aws-setup
 etc/rc.d/helper/getdnsfromdhcpc.pl
 #etc/rc.d/init.d
 etc/rc.d/init.d/acpid
 etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
 etc/rc.d/init.d/beep
 etc/rc.d/init.d/checkfs
 etc/rc.d/init.d/cleanfs
@@ -184,6 +186,7 @@ etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/con=
figroot
index 73b7bc01f..87389915e 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -7,6 +7,7 @@ usr/sbin/firewall-policy
 var/ipfire/addon-lang
 var/ipfire/auth
 #var/ipfire/auth/users
+var/ipfire/aws-functions.pl
 #var/ipfire/backup
 var/ipfire/backup/exclude.user
 var/ipfire/backup/include.user
diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/commo=
n/conntrack-tools
index 52b642abc..ef392df67 100644
--- a/config/rootfiles/common/conntrack-tools
+++ b/config/rootfiles/common/conntrack-tools
@@ -1,13 +1,26 @@
 #usr/lib/conntrack-tools
+#usr/lib/conntrack-tools/ct_helper_amanda.la
+usr/lib/conntrack-tools/ct_helper_amanda.so
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.la
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.so
 #usr/lib/conntrack-tools/ct_helper_ftp.la
 usr/lib/conntrack-tools/ct_helper_ftp.so
+#usr/lib/conntrack-tools/ct_helper_mdns.la
+usr/lib/conntrack-tools/ct_helper_mdns.so
 #usr/lib/conntrack-tools/ct_helper_rpc.la
 usr/lib/conntrack-tools/ct_helper_rpc.so
+#usr/lib/conntrack-tools/ct_helper_sane.la
+usr/lib/conntrack-tools/ct_helper_sane.so
+#usr/lib/conntrack-tools/ct_helper_ssdp.la
+usr/lib/conntrack-tools/ct_helper_ssdp.so
+#usr/lib/conntrack-tools/ct_helper_tftp.la
+usr/lib/conntrack-tools/ct_helper_tftp.so
 #usr/lib/conntrack-tools/ct_helper_tns.la
 usr/lib/conntrack-tools/ct_helper_tns.so
 usr/sbin/conntrack
 usr/sbin/conntrackd
 usr/sbin/nfct
+#usr/share/man/man5/conntrackd.conf.5
 #usr/share/man/man8/conntrack.8
 #usr/share/man/man8/conntrackd.8
 #usr/share/man/man8/nfct.8
diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp
index 9e6d52e4e..03b076826 100644
--- a/config/rootfiles/common/dhcp
+++ b/config/rootfiles/common/dhcp
@@ -18,7 +18,7 @@ etc/dhcp/dhcpd.conf
 #usr/lib/libdhcp.a
 #usr/lib/libdhcpctl.a
 #usr/lib/libomapi.a
-#usr/sbin/dhclient
+usr/sbin/dhclient
 usr/sbin/dhcpd
 usr/sbin/dhcrelay
 #usr/share/man/man1/omshell.1
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/comm=
on/i586/initscripts
index cc0e4580d..2c2306975 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -1,10 +1,12 @@
 etc/init.d
 #etc/rc.d
 #etc/rc.d/helper
+etc/rc.d/helper/aws-setup
 etc/rc.d/helper/getdnsfromdhcpc.pl
 #etc/rc.d/init.d
 etc/rc.d/init.d/acpid
 etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
 etc/rc.d/init.d/beep
 etc/rc.d/init.d/checkfs
 etc/rc.d/init.d/cleanfs
@@ -182,6 +184,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptab=
les
index 09e827c2a..d0c1065cb 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -16,9 +16,13 @@ lib/libiptc.so.0
 lib/libiptc.so.0.0.0
 #lib/libxtables.la
 lib/libxtables.so
-lib/libxtables.so.10
-lib/libxtables.so.10.0.0
-lib/xtables
+lib/libxtables.so.12
+lib/libxtables.so.12.0.0
+#lib/xtables
+#lib/xtables/libebt_802_3.so
+#lib/xtables/libebt_ip.so
+#lib/xtables/libebt_log.so
+#lib/xtables/libebt_mark_m.so
 #lib/xtables/libip6t_DNAT.so
 #lib/xtables/libip6t_DNPT.so
 #lib/xtables/libip6t_HL.so
@@ -39,16 +43,15 @@ lib/xtables
 #lib/xtables/libip6t_ipv6header.so
 #lib/xtables/libip6t_mh.so
 #lib/xtables/libip6t_rt.so
+#lib/xtables/libip6t_srh.so
 #lib/xtables/libipt_CLUSTERIP.so
 #lib/xtables/libipt_DNAT.so
 #lib/xtables/libipt_ECN.so
 #lib/xtables/libipt_LOG.so
 #lib/xtables/libipt_MASQUERADE.so
-#lib/xtables/libipt_MIRROR.so
 #lib/xtables/libipt_NETMAP.so
 #lib/xtables/libipt_REDIRECT.so
 #lib/xtables/libipt_REJECT.so
-#lib/xtables/libipt_SAME.so
 #lib/xtables/libipt_SNAT.so
 #lib/xtables/libipt_TTL.so
 #lib/xtables/libipt_ULOG.so
@@ -56,7 +59,6 @@ lib/xtables
 #lib/xtables/libipt_icmp.so
 #lib/xtables/libipt_realm.so
 #lib/xtables/libipt_ttl.so
-#lib/xtables/libipt_unclean.so
 #lib/xtables/libxt_AUDIT.so
 #lib/xtables/libxt_CHECKSUM.so
 #lib/xtables/libxt_CLASSIFY.so
@@ -84,6 +86,7 @@ lib/xtables
 #lib/xtables/libxt_TRACE.so
 #lib/xtables/libxt_addrtype.so
 #lib/xtables/libxt_bpf.so
+#lib/xtables/libxt_cgroup.so
 #lib/xtables/libxt_cluster.so
 #lib/xtables/libxt_comment.so
 #lib/xtables/libxt_connbytes.so
@@ -99,12 +102,14 @@ lib/xtables
 #lib/xtables/libxt_esp.so
 #lib/xtables/libxt_hashlimit.so
 #lib/xtables/libxt_helper.so
+#lib/xtables/libxt_ipcomp.so
 #lib/xtables/libxt_iprange.so
 #lib/xtables/libxt_ipvs.so
 #lib/xtables/libxt_layer7.so
 #lib/xtables/libxt_length.so
 #lib/xtables/libxt_limit.so
 #lib/xtables/libxt_mac.so
+#lib/xtables/libxt_mangle.so
 #lib/xtables/libxt_mark.so
 #lib/xtables/libxt_multiport.so
 #lib/xtables/libxt_nfacct.so
@@ -172,5 +177,6 @@ sbin/xtables-multi
 #usr/share/man/man8/iptables-restore.8
 #usr/share/man/man8/iptables-save.8
 #usr/share/man/man8/iptables.8
+#usr/share/man/man8/nfnl_osf.8
 #usr/share/xtables
 usr/share/xtables/pf.os
diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libg=
crypt
index e67fae932..e46507d46 100644
--- a/config/rootfiles/common/libgcrypt
+++ b/config/rootfiles/common/libgcrypt
@@ -6,7 +6,7 @@
 #usr/lib/libgcrypt.la
 #usr/lib/libgcrypt.so
 usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.2.2
+usr/lib/libgcrypt.so.20.2.3
 #usr/share/aclocal/libgcrypt.m4
 #usr/share/info/gcrypt.info
 #usr/share/man/man1/hmac256.1
diff --git a/config/rootfiles/common/libnetfilter_conntrack b/config/rootfile=
s/common/libnetfilter_conntrack
index 03000ec01..f5c776359 100644
--- a/config/rootfiles/common/libnetfilter_conntrack
+++ b/config/rootfiles/common/libnetfilter_conntrack
@@ -7,9 +7,10 @@
 #usr/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
 #usr/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
 #usr/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h
+#usr/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
 #usr/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
 #usr/lib/libnetfilter_conntrack.la
 #usr/lib/libnetfilter_conntrack.so
 usr/lib/libnetfilter_conntrack.so.3
-usr/lib/libnetfilter_conntrack.so.3.6.0
+usr/lib/libnetfilter_conntrack.so.3.7.0
 #usr/lib/pkgconfig/libnetfilter_conntrack.pc
diff --git a/config/rootfiles/common/nss-myhostname b/config/rootfiles/common=
/nss-myhostname
new file mode 100644
index 000000000..13f38ae42
--- /dev/null
+++ b/config/rootfiles/common/nss-myhostname
@@ -0,0 +1,4 @@
+lib/libnss_myhostname.so.2
+#usr/share/doc/nss-myhostname
+#usr/share/doc/nss-myhostname/README.html
+#usr/share/doc/nss-myhostname/style.css
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/str=
ongswan
index 0a0dd050e..6981a7ca8 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -17,6 +17,7 @@ etc/strongswan.d/charon.conf
 etc/strongswan.d/charon/aes.conf
 etc/strongswan.d/charon/attr.conf
 etc/strongswan.d/charon/ccm.conf
+etc/strongswan.d/charon/chapoly.conf
 etc/strongswan.d/charon/cmac.conf
 etc/strongswan.d/charon/constraints.conf
 etc/strongswan.d/charon/counters.conf
@@ -51,7 +52,6 @@ etc/strongswan.d/charon/pkcs7.conf
 etc/strongswan.d/charon/pkcs8.conf
 etc/strongswan.d/charon/pubkey.conf
 etc/strongswan.d/charon/random.conf
-etc/strongswan.d/charon/rc2.conf
 etc/strongswan.d/charon/resolve.conf
 etc/strongswan.d/charon/revocation.conf
 etc/strongswan.d/charon/sha1.conf
@@ -112,6 +112,7 @@ usr/lib/ipsec/libvici.so.0.0.0
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
 usr/lib/ipsec/plugins/libstrongswan-ccm.so
+usr/lib/ipsec/plugins/libstrongswan-chapoly.so
 usr/lib/ipsec/plugins/libstrongswan-cmac.so
 usr/lib/ipsec/plugins/libstrongswan-constraints.so
 usr/lib/ipsec/plugins/libstrongswan-counters.so
@@ -146,7 +147,6 @@ usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
 usr/lib/ipsec/plugins/libstrongswan-pubkey.so
 usr/lib/ipsec/plugins/libstrongswan-random.so
-usr/lib/ipsec/plugins/libstrongswan-rc2.so
 usr/lib/ipsec/plugins/libstrongswan-resolve.so
 usr/lib/ipsec/plugins/libstrongswan-revocation.so
 usr/lib/ipsec/plugins/libstrongswan-sha1.so
@@ -197,6 +197,7 @@ usr/sbin/swanctl
 #usr/share/strongswan/templates/config/plugins/aes.conf
 #usr/share/strongswan/templates/config/plugins/attr.conf
 #usr/share/strongswan/templates/config/plugins/ccm.conf
+#usr/share/strongswan/templates/config/plugins/chapoly.conf
 #usr/share/strongswan/templates/config/plugins/cmac.conf
 #usr/share/strongswan/templates/config/plugins/constraints.conf
 #usr/share/strongswan/templates/config/plugins/counters.conf
@@ -231,7 +232,6 @@ usr/sbin/swanctl
 #usr/share/strongswan/templates/config/plugins/pkcs8.conf
 #usr/share/strongswan/templates/config/plugins/pubkey.conf
 #usr/share/strongswan/templates/config/plugins/random.conf
-#usr/share/strongswan/templates/config/plugins/rc2.conf
 #usr/share/strongswan/templates/config/plugins/resolve.conf
 #usr/share/strongswan/templates/config/plugins/revocation.conf
 #usr/share/strongswan/templates/config/plugins/sha1.conf
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index af089054c..f3172f028 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.2
-usr/lib/libunbound.so.2.5.10
+usr/lib/libunbound.so.2.5.11
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/co=
mmon/x86_64/initscripts
index cc0e4580d..2c2306975 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -1,10 +1,12 @@
 etc/init.d
 #etc/rc.d
 #etc/rc.d/helper
+etc/rc.d/helper/aws-setup
 etc/rc.d/helper/getdnsfromdhcpc.pl
 #etc/rc.d/init.d
 etc/rc.d/init.d/acpid
 etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
 etc/rc.d/init.d/beep
 etc/rc.d/init.d/checkfs
 etc/rc.d/init.d/cleanfs
@@ -182,6 +184,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
 etc/rc.d/rcsysinit.d/S50cleanfs
 etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
 etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/core/123/filelists/conntrack-tools b/config/roo=
tfiles/core/123/filelists/conntrack-tools
new file mode 120000
index 000000000..88fbe061e
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/conntrack-tools
@@ -0,0 +1 @@
+../../../common/conntrack-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/files b/config/rootfiles/cor=
e/123/filelists/files
index 718af9eda..52586b9d4 100644
--- a/config/rootfiles/core/123/filelists/files
+++ b/config/rootfiles/core/123/filelists/files
@@ -1,7 +1,16 @@
 etc/system-release
 etc/issue
+etc/rc.d/helper/aws-setup
+etc/rc.d/init.d/aws
+etc/rc.d/rcsysinit.d/S74aws
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/sbin/dhclient
 var/ipfire/backup/exclude
 var/ipfire/langs
+var/ipfire/aws-functions.pl
+var/ipfire/header.pl
+var/ipfire/general-functions.pl
diff --git a/config/rootfiles/core/123/filelists/iptables b/config/rootfiles/=
core/123/filelists/iptables
new file mode 120000
index 000000000..8caf12bcc
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/iptables
@@ -0,0 +1 @@
+../../../common/iptables
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/nss-myhostname b/config/root=
files/core/123/filelists/nss-myhostname
new file mode 120000
index 000000000..7d8203185
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/nss-myhostname
@@ -0,0 +1 @@
+../../../common/nss-myhostname
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/strongswan b/config/rootfile=
s/core/123/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
index 6199853d3..9a2c21268 100644
--- a/config/rootfiles/packages/lynis
+++ b/config/rootfiles/packages/lynis
@@ -1,15 +1,43 @@
 var/ipfire/lynis
-#var/ipfire/lynis/CONTRIBUTORS
+#var/ipfire/lynis/CHANGELOG.md
+#var/ipfire/lynis/CODE_OF_CONDUCT.md
+#var/ipfire/lynis/CONTRIBUTING.md
+#var/ipfire/lynis/CONTRIBUTORS.md
 #var/ipfire/lynis/db
 var/ipfire/lynis/db/fileperms.db
 var/ipfire/lynis/db/hints.db
 var/ipfire/lynis/db/integrity.db
+var/ipfire/lynis/db/languages
+var/ipfire/lynis/db/languages/br
+var/ipfire/lynis/db/languages/cn
+var/ipfire/lynis/db/languages/de
+var/ipfire/lynis/db/languages/en
+var/ipfire/lynis/db/languages/en-GB
+var/ipfire/lynis/db/languages/en-US
+var/ipfire/lynis/db/languages/es
+var/ipfire/lynis/db/languages/fi
+var/ipfire/lynis/db/languages/fr
+var/ipfire/lynis/db/languages/gr
+var/ipfire/lynis/db/languages/he
+var/ipfire/lynis/db/languages/hu
+var/ipfire/lynis/db/languages/it
+var/ipfire/lynis/db/languages/ja
+var/ipfire/lynis/db/languages/nb-NO
+var/ipfire/lynis/db/languages/nl
+var/ipfire/lynis/db/languages/nl-BE
+var/ipfire/lynis/db/languages/nl-NL
+var/ipfire/lynis/db/languages/pl
+var/ipfire/lynis/db/languages/pt
+var/ipfire/lynis/db/languages/ru
+var/ipfire/lynis/db/languages/se
+var/ipfire/lynis/db/languages/tr
 var/ipfire/lynis/db/malware-susp.db
 var/ipfire/lynis/db/malware.db
 var/ipfire/lynis/db/sbl.db
+var/ipfire/lynis/db/tests.db
 var/ipfire/lynis/default.prf
+var/ipfire/lynis/developer.prf
 #var/ipfire/lynis/extras
-var/ipfire/lynis/extras/.bzrignore
 #var/ipfire/lynis/extras/README
 #var/ipfire/lynis/extras/bash_completion.d
 var/ipfire/lynis/extras/bash_completion.d/lynis
@@ -22,11 +50,18 @@ var/ipfire/lynis/extras/lynis.spec
 #var/ipfire/lynis/extras/systemd
 #var/ipfire/lynis/extras/systemd/lynis.service
 #var/ipfire/lynis/extras/systemd/lynis.timer
+#var/ipfire/lynis/extras/travis-ci
+#var/ipfire/lynis/extras/travis-ci/before_script.sh
 #var/ipfire/lynis/include
 var/ipfire/lynis/include/binaries
 var/ipfire/lynis/include/consts
 var/ipfire/lynis/include/data_upload
 var/ipfire/lynis/include/functions
+var/ipfire/lynis/include/helper_audit_dockerfile
+var/ipfire/lynis/include/helper_configure
+var/ipfire/lynis/include/helper_show
+var/ipfire/lynis/include/helper_system_remote_scan
+var/ipfire/lynis/include/helper_update
 var/ipfire/lynis/include/osdetection
 var/ipfire/lynis/include/parameters
 var/ipfire/lynis/include/profiles
@@ -35,15 +70,16 @@ var/ipfire/lynis/include/tests_accounting
 var/ipfire/lynis/include/tests_authentication
 var/ipfire/lynis/include/tests_banners
 var/ipfire/lynis/include/tests_boot_services
+var/ipfire/lynis/include/tests_containers
 var/ipfire/lynis/include/tests_crypto
 var/ipfire/lynis/include/tests_custom.template
 var/ipfire/lynis/include/tests_databases
+var/ipfire/lynis/include/tests_dns
 var/ipfire/lynis/include/tests_file_integrity
 var/ipfire/lynis/include/tests_file_permissions
 var/ipfire/lynis/include/tests_filesystems
 var/ipfire/lynis/include/tests_firewalls
 var/ipfire/lynis/include/tests_hardening
-var/ipfire/lynis/include/tests_hardening_tools
 var/ipfire/lynis/include/tests_homedirs
 var/ipfire/lynis/include/tests_insecure_services
 var/ipfire/lynis/include/tests_kernel
@@ -62,16 +98,17 @@ var/ipfire/lynis/include/tests_printers_spools
 var/ipfire/lynis/include/tests_scheduling
 var/ipfire/lynis/include/tests_shells
 var/ipfire/lynis/include/tests_snmp
-#var/ipfire/lynis/include/tests_solaris
 var/ipfire/lynis/include/tests_squid
 var/ipfire/lynis/include/tests_ssh
 var/ipfire/lynis/include/tests_storage
 var/ipfire/lynis/include/tests_storage_nfs
-var/ipfire/lynis/include/tests_tcpwrappers
+var/ipfire/lynis/include/tests_system_integrity
 var/ipfire/lynis/include/tests_time
 var/ipfire/lynis/include/tests_tooling
+var/ipfire/lynis/include/tests_usb
 var/ipfire/lynis/include/tests_virtualization
 var/ipfire/lynis/include/tests_webservers
+var/ipfire/lynis/include/tool_tips
 var/ipfire/lynis/lynis
 var/ipfire/lynis/lynis.8
 #var/ipfire/lynis/plugins
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c36fc4e70..738425b9a 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3428,7 +3428,7 @@ END
 				my $ntlm_auth_group =3D $proxysettings{'NTLM_AUTH_GROUP'};
 				$ntlm_auth_group =3D~ s/\\/\+/;
=20
-				print FILE " --require-membership-of=3D\"$ntlm_auth_group\"";
+				print FILE " --require-membership-of=3D$ntlm_auth_group";
 			}
 			print FILE "\n";
=20
@@ -3441,7 +3441,7 @@ END
 					my $ntlm_auth_group =3D $proxysettings{'NTLM_AUTH_GROUP'};
 					$ntlm_auth_group =3D~ s/\\/\+/;
=20
-					print FILE " --require-membership-of=3D\"$ntlm_auth_group\"";
+					print FILE " --require-membership-of=3D$ntlm_auth_group";
 				}
 				print FILE "\n";
 				print FILE "auth_param basic children 10\n";
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index eefe97599..e557122df 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -58,16 +58,6 @@ my %mainsettings =3D ();
=20
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
=20
-my $green_cidr =3D &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netse=
ttings{'GREEN_NETMASK'}");
-my $blue_cidr =3D "# Blue not defined";
-if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
-	$blue_cidr =3D &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettin=
gs{'BLUE_NETMASK'}");
-}
-my $orange_cidr =3D "# Orange not defined";
-if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
-	$orange_cidr =3D &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netse=
ttings{'ORANGE_NETMASK'}");
-}
-
 my %INACTIVITY_TIMEOUTS =3D (
 	300		=3D> $Lang::tr{'five minutes'},
 	600		=3D> $Lang::tr{'ten minutes'},
@@ -1919,11 +1909,11 @@ END
 	$cgiparams{'REMOTE_ID'} =3D '';
=20
 	#use default advanced value
-	$cgiparams{'IKE_ENCRYPTION'}	=3D 'aes256gcm128|aes256gcm96|aes256gcm64|aes2=
56|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes12=
8gcm64|aes128'; #[18];
+	$cgiparams{'IKE_ENCRYPTION'}	=3D 'chacha20poly1305|aes256gcm128|aes256gcm96=
|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|=
aes128gcm96|aes128gcm64|aes128'; #[18];
 	$cgiparams{'IKE_INTEGRITY'}		=3D 'sha2_512|sha2_256'; #[19];
 	$cgiparams{'IKE_GROUPTYPE'}		=3D 'curve25519|4096|3072|2048'; #[20];
 	$cgiparams{'IKE_LIFETIME'}		=3D '3'; #[16];
-	$cgiparams{'ESP_ENCRYPTION'}	=3D 'aes256gcm128|aes256gcm96|aes256gcm64|aes2=
56|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes12=
8gcm64|aes128'; #[21];
+	$cgiparams{'ESP_ENCRYPTION'}	=3D 'chacha20poly1305|aes256gcm128|aes256gcm96=
|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|=
aes128gcm96|aes128gcm64|aes128'; #[21];
 	$cgiparams{'ESP_INTEGRITY'}		=3D 'sha2_512|sha2_256'; #[22];
 	$cgiparams{'ESP_GROUPTYPE'}		=3D 'curve25519|4096|3072|2048'; #[23];
 	$cgiparams{'ESP_KEYLIFE'}		=3D '1'; #[17];
@@ -2180,7 +2170,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|12=
8))$/) {
+			if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|ca=
mellia(256|192|128))$/) {
 				$errormessage =3D $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2221,7 +2211,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|12=
8))$/) {
+			if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|ca=
mellia(256|192|128))$/) {
 				$errormessage =3D $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2347,6 +2337,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	}
=20
 	ADVANCED_ERROR:
+	$checked{'IKE_ENCRYPTION'}{'chacha20poly1305'} =3D '';
 	$checked{'IKE_ENCRYPTION'}{'aes256'} =3D '';
 	$checked{'IKE_ENCRYPTION'}{'aes192'} =3D '';
 	$checked{'IKE_ENCRYPTION'}{'aes128'} =3D '';
@@ -2385,6 +2376,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	@temp =3D split('\|', $cgiparams{'IKE_GROUPTYPE'});
 	foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} =3D "selected=3D's=
elected'"; }
=20
+	$checked{'ESP_ENCRYPTION'}{'chacha20poly1305'} =3D '';
 	$checked{'ESP_ENCRYPTION'}{'aes256'} =3D '';
 	$checked{'ESP_ENCRYPTION'}{'aes192'} =3D '';
 	$checked{'ESP_ENCRYPTION'}{'aes128'} =3D '';
@@ -2497,6 +2489,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			<td class=3D'boldbase' width=3D"15%">$Lang::tr{'encryption'}</td>
 			<td class=3D'boldbase'>
 				<select name=3D'IKE_ENCRYPTION' multiple=3D'multiple' size=3D'6' style=
=3D'width: 100%'>
+					<option value=3D'chacha20poly1305' $checked{'IKE_ENCRYPTION'}{'chacha20=
poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
 					<option value=3D'aes256gcm128' $checked{'IKE_ENCRYPTION'}{'aes256gcm128=
'}>256 bit AES-GCM/128 bit ICV</option>
 					<option value=3D'aes256gcm96' $checked{'IKE_ENCRYPTION'}{'aes256gcm96'}=
>256 bit AES-GCM/96 bit ICV</option>
 					<option value=3D'aes256gcm64' $checked{'IKE_ENCRYPTION'}{'aes256gcm64'}=
>256 bit AES-GCM/64 bit ICV</option>
@@ -2517,6 +2510,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			</td>
 			<td class=3D'boldbase'>
 				<select name=3D'ESP_ENCRYPTION' multiple=3D'multiple' size=3D'6' style=
=3D'width: 100%'>
+					<option value=3D'chacha20poly1305' $checked{'ESP_ENCRYPTION'}{'chacha20=
poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
 					<option value=3D'aes256gcm128' $checked{'ESP_ENCRYPTION'}{'aes256gcm128=
'}>256 bit AES-GCM/128 bit ICV</option>
 					<option value=3D'aes256gcm96' $checked{'ESP_ENCRYPTION'}{'aes256gcm96'}=
>256 bit AES-GCM/96 bit ICV</option>
 					<option value=3D'aes256gcm64' $checked{'ESP_ENCRYPTION'}{'aes256gcm64'}=
>256 bit AES-GCM/64 bit ICV</option>
diff --git a/lfs/apache2 b/lfs/apache2
index 69b05341d..16dd101d7 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -113,7 +113,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
=20
 	# Install apache config
 	cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
-	ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
+	touch /etc/httpd/conf/hostname.conf
=20
 	# Create captive logging directory
 	-mkdir -pv /var/log/httpd/captive
diff --git a/lfs/configroot b/lfs/configroot
index 426b3a58d..c2833fd4a 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -79,6 +79,7 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/general-functions.pl	$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/network-functions.pl	$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl		$(CONFIG_ROOT)/
+	cp $(DIR_SRC)/config/cfgroot/aws-functions.pl		$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/lang.pl			$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/countries.pl		$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/graphs.pl			$(CONFIG_ROOT)/
@@ -94,6 +95,7 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/nfs-server			$(CONFIG_ROOT)/nfs/nfs-server
 	cp $(DIR_SRC)/config/cfgroot/proxy-acl			$(CONFIG_ROOT)/proxy/acl-1.4
 	cp $(DIR_SRC)/config/qos/*						$(CONFIG_ROOT)/qos/bin/
+	cp $(DIR_SRC)/config/cfgroot/main-settings		$(CONFIG_ROOT)/main/settings
 	cp $(DIR_SRC)/config/cfgroot/ssh-settings		$(CONFIG_ROOT)/remote/settings
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings	$(CONFIG_ROOT)/logging/settin=
gs
diff --git a/lfs/conntrack-tools b/lfs/conntrack-tools
index d8a1099a7..f5c1dea66 100644
--- a/lfs/conntrack-tools
+++ b/lfs/conntrack-tools
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.4.4
+VER        =3D 1.4.5
=20
 THISAPP    =3D conntrack-tools-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D acd9e0b27cf16ae3092ba900e4d7560e
+$(DL_FILE)_MD5 =3D 9356a0cd4df81a597ac26d87ccfebac4
=20
 install : $(TARGET)
=20
diff --git a/lfs/flash-images b/lfs/flash-images
index f2ac6a34a..40aca5377 100644
--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -128,10 +128,6 @@ ifneq "$(BUILD_PLATFORM)" "arm"
 else
 	tar -x -C $(MNThdd)/ -f /install/cdrom/distro.img
 endif
-	echo "LANGUAGE=3Den" >> $(MNThdd)/var/ipfire/main/settings
-	echo "HOSTNAME=3D$(SNAME)" >> $(MNThdd)/var/ipfire/main/settings
-	echo "THEME=3Dipfire" >> $(MNThdd)/var/ipfire/main/settings
-
 	-touch $(MNThdd)/lib/modules/$(KVER)-ipfire/modules.dep
 	mkdir $(MNThdd)/proc
 	mount --bind /proc $(MNThdd)/proc
@@ -153,7 +149,6 @@ ifeq "$(BOOTLOADER)" "grub"
 	# Enable also serial console on GRUB
 	echo "GRUB_TERMINAL=3D\"serial console\"" >> $(MNThdd)/etc/default/grub
 	echo "GRUB_SERIAL_COMMAND=3D\"serial --unit=3D0 --speed=3D115200\"" >> $(MN=
Thdd)/etc/default/grub
-	echo "GRUB_TIMEOUT=3D-1" >> $(MNThdd)/etc/default/grub
=20
 	# Add additional entry for Serial console
 	cp $(DIR_SRC)/config/flash-images/grub/11_linux_scon \
@@ -163,6 +158,9 @@ ifeq "$(BOOTLOADER)" "grub"
 	mkdir -pv $(MNThdd)/boot/grub
 	chroot $(MNThdd) grub-mkconfig -o /boot/grub/grub.cfg
=20
+	# Boot the first kernel by default
+	chroot $(MNThdd) grub-set-default 0
+
 	# Insert the UUID because grub-mkconfig often fails to
 	# detect that correctly
 	sed -i $(MNThdd)/boot/grub/grub.cfg \
diff --git a/lfs/initscripts b/lfs/initscripts
index 0d7f40cad..9b611a276 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -173,6 +173,7 @@ $(TARGET) :
 	ln -sf ../init.d/setclock    /etc/rc.d/rc0.d/K47setclock
 	ln -sf ../init.d/setclock    /etc/rc.d/rc6.d/K47setclock
 	ln -sf ../init.d/console     /etc/rc.d/rcsysinit.d/S70console
+	ln -sf ../init.d/aws         /etc/rc.d/rcsysinit.d/S74aws
 	ln -sf ../init.d/firstsetup  /etc/rc.d/rcsysinit.d/S75firstsetup
 	ln -sf ../init.d/localnet    /etc/rc.d/rcsysinit.d/S80localnet
 	ln -sf ../init.d/pakfire     /etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/lfs/iptables b/lfs/iptables
index b7ce9289a..35bb259ca 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.4.21
+VER        =3D 1.6.2
=20
 THISAPP    =3D iptables-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -41,7 +41,7 @@ objects =3D $(DL_FILE) \
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
 netfilter-layer7-v2.22.tar.gz =3D $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
=20
-$(DL_FILE)_MD5 =3D 536d048c8e8eeebcd9757d0863ebb0c0
+$(DL_FILE)_MD5 =3D 7d2b7847e4aa8832a18437b8a4c1873d
 netfilter-layer7-v2.22.tar.gz_MD5 =3D 98dff8a3d5a31885b73341633f69501f
=20
 install : $(TARGET)
@@ -92,6 +92,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--bindir=3D/sbin \
 		--sbindir=3D/sbin \
 		--mandir=3D/usr/share/man \
+		--disable-nftables \
 		--with-pkgconfigdir=3D/usr/lib/pkgconfig
=20
 	cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/lfs/libgcrypt b/lfs/libgcrypt
index 3fba2797d..e7c387ceb 100644
--- a/lfs/libgcrypt
+++ b/lfs/libgcrypt
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.8.2
+VER        =3D 1.8.3
=20
 THISAPP    =3D libgcrypt-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D cfb0b5c79eab07686b6898160a407139
+$(DL_FILE)_MD5 =3D 3139c2402e844985a67fb288a930534d
=20
 install : $(TARGET)
=20
diff --git a/lfs/libnetfilter_conntrack b/lfs/libnetfilter_conntrack
index 168f4277a..2095863ca 100644
--- a/lfs/libnetfilter_conntrack
+++ b/lfs/libnetfilter_conntrack
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.0.6
+VER        =3D 1.0.7
=20
 THISAPP    =3D libnetfilter_conntrack-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 7139c5f408dd9606ffecfd5dcda8175b
+$(DL_FILE)_MD5 =3D 013d182c2df716fcb5eb2a1fb7febd1f
=20
 install : $(TARGET)
=20
diff --git a/lfs/lynis b/lfs/lynis
index b3cabd752..8003a298e 100644
--- a/lfs/lynis
+++ b/lfs/lynis
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.6.4
+VER        =3D 2.6.4
=20
 THISAPP    =3D lynis-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DIR_APP    =3D $(DIR_SRC)/lynis
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
=20
 PROG       =3D lynis
-PAK_VER    =3D 5
+PAK_VER    =3D 6
 DEPS       =3D ""
=20
 ############################################################################=
###
@@ -44,7 +44,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D dfa946388af8926bd24f772d4fa4830a
+$(DL_FILE)_MD5 =3D a5afd484b7aabf8af73adbc67a8f8756
=20
 install : $(TARGET)
=20
diff --git a/lfs/nss-myhostname b/lfs/nss-myhostname
new file mode 100644
index 000000000..9274e7588
--- /dev/null
+++ b/lfs/nss-myhostname
@@ -0,0 +1,77 @@
+############################################################################=
###
+#                                                                           =
  #
+# IPFire.org - A linux based firewall                                       =
  #
+# Copyright (C) 2007-2017  IPFire Team  <info(a)ipfire.org>                 =
    #
+#                                                                           =
  #
+# This program is free software: you can redistribute it and/or modify      =
  #
+# it under the terms of the GNU General Public License as published by      =
  #
+# the Free Software Foundation, either version 3 of the License, or         =
  #
+# (at your option) any later version.                                       =
  #
+#                                                                           =
  #
+# This program is distributed in the hope that it will be useful,           =
  #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of            =
  #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             =
  #
+# GNU General Public License for more details.                              =
  #
+#                                                                           =
  #
+# You should have received a copy of the GNU General Public License         =
  #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.     =
  #
+#                                                                           =
  #
+############################################################################=
###
+
+############################################################################=
###
+# Definitions
+############################################################################=
###
+
+include Config
+
+VER        =3D 0.3
+
+THISAPP    =3D nss-myhostname-$(VER)
+DL_FILE    =3D $(THISAPP).tar.gz
+DL_FROM    =3D $(URL_IPFIRE)
+DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
+TARGET     =3D $(DIR_INFO)/$(THISAPP)
+
+############################################################################=
###
+# Top-level Rules
+############################################################################=
###
+
+objects =3D $(DL_FILE)
+
+$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 =3D d4ab9ac36c053ab8fb836db1cbd4a48f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+############################################################################=
###
+# Downloading, checking, md5sum
+############################################################################=
###
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+############################################################################=
###
+# Installation Details
+############################################################################=
###
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./configure --prefix=3D/usr --libdir=3D/lib
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/openssh b/lfs/openssh
index 2db56b09c..9d551f198 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
=20
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
-	sed -i -e 's/^#\?Port .*$$/Port 222/' \
+	sed -i -e 's/^#\?Port .*$$/Port 22/' \
 		-e 's/^#\?Protocol .*$$/Protocol 2/' \
 		-e 's/^#\?LoginGraceTime .*$$/LoginGraceTime 30s/' \
 		-e 's/^#\?PubkeyAuthentication .*$$/PubkeyAuthentication yes/' \
diff --git a/lfs/openvpn b/lfs/openvpn
index 5bd9da7a2..819ff05c5 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 2.4.5
+VER        =3D 2.4.6
=20
 THISAPP    =3D openvpn-$(VER)
 DL_FILE    =3D $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D c510ad3c8fce738c678dbcc54367c945
+$(DL_FILE)_MD5 =3D 3a1f3f63bdaede443b4df49957df9405
=20
 install : $(TARGET)
=20
diff --git a/lfs/smartmontools b/lfs/smartmontools
index 6c6d7db1d..a3c660a20 100644
--- a/lfs/smartmontools
+++ b/lfs/smartmontools
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 6.5
+VER        =3D 6.6
=20
 THISAPP    =3D smartmontools-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 093aeec3f8f39fa9a37593c4012d3156
+$(DL_FILE)_MD5 =3D 9ae2c6e7131cd2813edcc65cbe5f223f
=20
 install : $(TARGET)
=20
diff --git a/lfs/strongswan b/lfs/strongswan
index 58f8c5e9b..102c24724 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 5.6.2
+VER        =3D 5.6.3
=20
 THISAPP    =3D strongswan-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 46aa3aa18fbc4bd528f9a0345ce79913
+$(DL_FILE)_MD5 =3D a6a28eeb22aa58080a7581771a5b63f9
=20
 install : $(TARGET)
=20
@@ -92,8 +92,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-eap-peap \
 		--enable-eap-mschapv2 \
 		--enable-eap-identity \
+		--enable-chapoly \
 		--disable-padlock \
-		--disable-chapoly \
+		--disable-rc2 \
 		$(CONFIGURE_OPTIONS)
=20
 	cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/lfs/unbound b/lfs/unbound
index 4adc1a00c..b4c1b02f3 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.7.2
+VER        =3D 1.7.3
=20
 THISAPP    =3D unbound-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 1f4fd7e5032a9c5658cbde2c83f5f3be
+$(DL_FILE)_MD5 =3D ea45068fb27ef358f581227b99645525
=20
 install : $(TARGET)
=20
diff --git a/make.sh b/make.sh
index 0238cc387..948bc6ed3 100755
--- a/make.sh
+++ b/make.sh
@@ -1535,6 +1535,7 @@ buildipfire() {
   lfsmake2 iftop
   lfsmake2 mdns-repeater
   lfsmake2 i2c-tools
+  lfsmake2 nss-myhostname
 }
=20
 buildinstaller() {
diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-se=
tup
new file mode 100644
index 000000000..f4ec45d90
--- /dev/null
+++ b/src/initscripts/helper/aws-setup
@@ -0,0 +1,276 @@
+#!/bin/bash
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+get() {
+	local file=3D"${1}"
+
+	wget -qO - "http://169.254.169.254/latest/meta-data/${file}"
+}
+
+to_address() {
+	local n=3D"${1}"
+
+	local o1=3D$(( (n & 0xff000000) >> 24 ))
+	local o2=3D$(( (n & 0xff0000) >> 16 ))
+	local o3=3D$(( (n & 0xff00) >> 8 ))
+	local o4=3D$(( (n & 0xff) ))
+
+	printf "%d.%d.%d.%d\n" "${o1}" "${o2}" "${o3}" "${o4}"
+}
+
+to_integer() {
+	local address=3D"${1}"
+
+	local integer=3D0
+
+	local i
+	for i in ${address//\./ }; do
+		integer=3D$(( (integer << 8) + i ))
+	done
+
+	printf "%d\n" "${integer}"
+}
+
+prefix2netmask() {
+	local prefix=3D${1}
+
+	local zeros=3D$(( 32 - prefix ))
+	local netmask=3D0
+
+	local i
+	for (( i=3D0; i<${zeros}; i++ )); do
+		netmask=3D$(( (netmask << 1) ^ 1 ))
+	done
+
+	to_address "$(( netmask ^ 0xffffffff ))"
+}
+
+find_interface() {
+	local mac=3D"${1}"
+
+	local path
+	for path in /sys/class/net/*; do
+		local address=3D"$(<${path}/address)"
+
+		if [ "${mac}" =3D "${address}" ]; then
+			basename "${path}"
+			return 0
+		fi
+	done
+
+	return 1
+}
+
+import_aws_configuration() {
+	local instance_id=3D"$(get instance-id)"
+
+	boot_mesg "Importing AWS configuration for instance ${instance_id}..."
+
+	# Store instance ID
+	echo "${instance_id}" > /var/run/aws-instance-id
+
+	# Initialise system settings
+	local hostname=3D$(get local-hostname)
+
+	# Set hostname
+	if ! grep -q "^HOSTNAME=3D" /var/ipfire/main/settings; then
+		echo "HOSTNAME=3D${hostname%%.*}" >> /var/ipfire/main/settings
+	fi
+
+	# Set domainname
+	if ! grep -q "^DOMAINNAME=3D" /var/ipfire/main/settings; then
+		echo "DOMAINNAME=3D${hostname#*.}" >> /var/ipfire/main/settings
+	fi
+
+	# Import SSH keys
+	local line
+	for line in $(get "public-keys/"); do
+		local key_no=3D"${line%=3D*}"
+
+		local key=3D"$(get public-keys/${key_no}/openssh-key)"
+		if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/d=
ev/null; then
+			mkdir -p /root/.ssh
+			chmod 700 /root/.ssh
+
+			echo "${key}" >> /root/.ssh/authorized_keys
+			chmod 600 /root/.ssh/authorized_keys
+		fi
+	done
+
+	# Import any DNS server settings
+	eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=3D" /var/ipfire/ether=
net/settings 2>/dev/null))
+
+	# Import network configuration
+	# After this, no network connectivity will be available from this script du=
e to the
+	# renaming of the network interfaces for which they have to be shut down
+	local config_type=3D1
+	: > /var/ipfire/ethernet/settings
+
+	local mac
+	for mac in $(get network/interfaces/macs/); do
+		# Remove trailing slash
+		mac=3D"${mac//\//}"
+
+		local device_number=3D"$(get "network/interfaces/macs/${mac}/device-number=
")"
+		local interface_id=3D"$(get "network/interfaces/macs/${mac}/interface-id")"
+
+		# First IPv4 address
+		local ipv4_address=3D"$(get "network/interfaces/macs/${mac}/local-ipv4s" |=
 head -n1)"
+		local ipv4_address_num=3D"$(to_integer "${ipv4_address}")"
+
+		# Get VPC subnet
+		local vpc=3D"$(get "network/interfaces/macs/${mac}/vpc-ipv4-cidr-block")"
+		local vpc_netaddress=3D"${vpc%/*}"
+		local vpc_netaddress_num=3D"$(to_integer "${vpc_netaddress}")"
+
+		# Get subnet size
+		local subnet=3D"$(get "network/interfaces/macs/${mac}/subnet-ipv4-cidr-blo=
ck")"
+
+		local prefix=3D"${subnet#*/}"
+		local netmask=3D"$(prefix2netmask "${prefix}")"
+		local netmask_num=3D"$(to_integer "${netmask}")"
+
+		# Calculate the network and broadcast addresses
+		local netaddress=3D"${subnet%/*}"
+		local netaddress_num=3D"$(to_integer "${netaddress}")"
+		local broadcast=3D"$(to_address $(( ipv4_address_num | (0xffffffff ^ netma=
sk_num) )))"
+
+		case "${device_number}" in
+			# RED
+			0)
+				local interface_name=3D"red0"
+
+				# The gateway is always the first IP address in the subnet
+				local gateway=3D"$(to_address $(( netaddress_num + 1 )))"
+
+				# The AWS internal DNS service is available on the second IP address of =
the VPC
+				local dns1=3D"$(to_address $(( vpc_netaddress_num + 2 )))"
+				local dns2=3D
+
+				(
+					echo "RED_TYPE=3DSTATIC"
+					echo "RED_DEV=3D${interface_name}"
+					echo "RED_MACADDR=3D${mac}"
+					echo "RED_DESCRIPTION=3D'${interface_id}'"
+					echo "RED_ADDRESS=3D${ipv4_address}"
+					echo "RED_NETMASK=3D${netmask}"
+					echo "RED_NETADDRESS=3D${netaddress}"
+					echo "RED_BROADCAST=3D${broadcast}"
+					echo "DEFAULT_GATEWAY=3D${gateway}"
+					echo "DNS1=3D${DNS1:-${dns1}}"
+					echo "DNS2=3D${DNS2:-${dns2}}"
+				) >> /var/ipfire/ethernet/settings
+
+				# Import aliases for RED
+				for alias in $(get "network/interfaces/macs/${mac}/local-ipv4s" | tail -=
n +2); do
+					echo "${alias},on,"
+				done > /var/ipfire/ethernet/aliases
+				;;
+
+			# GREEN
+			1)
+				local interface_name=3D"green0"
+
+				(
+					echo "GREEN_DEV=3D${interface_name}"
+					echo "GREEN_MACADDR=3D${mac}"
+					echo "GREEN_DESCRIPTION=3D'${interface_id}'"
+					echo "GREEN_ADDRESS=3D${ipv4_address}"
+					echo "GREEN_NETMASK=3D${netmask}"
+					echo "GREEN_NETADDRESS=3D${netaddress}"
+					echo "GREEN_BROADCAST=3D${broadcast}"
+				) >> /var/ipfire/ethernet/settings
+				;;
+
+			# ORANGE
+			2)
+				local interface_name=3D"orange0"
+				config_type=3D2
+
+				(
+					echo "ORANGE_DEV=3D${interface_name}"
+					echo "ORANGE_MACADDR=3D${mac}"
+					echo "ORANGE_DESCRIPTION=3D'${interface_id}'"
+					echo "ORANGE_ADDRESS=3D${ipv4_address}"
+					echo "ORANGE_NETMASK=3D${netmask}"
+					echo "ORANGE_NETADDRESS=3D${netaddress}"
+					echo "ORANGE_BROADCAST=3D${broadcast}"
+				) >> /var/ipfire/ethernet/settings
+				;;
+		esac
+
+		# Rename interface
+		local interface=3D"$(find_interface "${mac}")"
+
+		if [ -n "${interface}" ] && [ -n "${interface_name}" ] && [ "${interface}"=
 !=3D "${interface_name}" ]; then
+			ip link set "${interface}" down
+			ip link set "${interface}" name "${interface_name}"
+		fi
+	done
+
+	# Save CONFIG_TYPE
+	echo "CONFIG_TYPE=3D${config_type}" >> /var/ipfire/ethernet/settings
+
+	# Actions performed only on the very first start
+	if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
+		# Enable SSH
+		sed -e "s/ENABLE_SSH=3D.*/ENABLE_SSH=3Don/g" -i /var/ipfire/remote/settings
+
+		touch /var/ipfire/remote/enablessh
+		chown nobody:nobody /var/ipfire/remote/enablessh
+
+		# Enable SSH key authentication
+		sed -e "s/^ENABLE_SSH_KEYS=3D.*/ENABLE_SSH_KEYS=3Don/" -i /var/ipfire/remo=
te/settings
+
+		# Apply SSH settings
+		/usr/local/bin/sshctrl
+
+		# Firewall rules for SSH and WEBIF
+		(
+			echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_sr=
v,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+			echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_POR=
T,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+		) >> /var/ipfire/firewall/input
+
+		# This script has now completed the first steps of setup
+		touch /var/ipfire/main/firstsetup_ok
+	fi
+
+	# All done
+	echo_ok
+}
+
+case "${reason}" in
+	PREINIT)
+		# Bring up the interface
+		ip link set "${interface}" up
+		;;
+
+	BOUND|RENEW|REBIND|REBOOT)
+		# Remove any previous IP addresses
+		ip addr flush dev "${interface}"
+
+		# Add (or re-add) the new IP address
+		ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}"
+
+		# Add the default route
+		ip route add default via "${new_routers}"
+
+		# Import AWS configuration
+		import_aws_configuration
+		;;
+
+	EXPIRE|FAIL|RELEASE|STOP)
+		# Remove all IP addresses
+		ip addr flush dev "${interface}"
+		;;
+
+	*)
+		echo "Unhandled reason: ${reason}" >&2
+		exit 2
+		;;
+esac
+
+# Terminate
+exit 0
diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index f2a9fb872..d9cc7fa48 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -61,6 +61,9 @@ case "$1" in
 		# Generate all required certificates
 		generate_certificates
=20
+		# Update hostname
+		echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
+
 		boot_mesg "Starting Apache daemon..."
 		/usr/sbin/apachectl -k start
 		evaluate_retval
diff --git a/src/initscripts/system/aws b/src/initscripts/system/aws
new file mode 100644
index 000000000..f2a5c7cb7
--- /dev/null
+++ b/src/initscripts/system/aws
@@ -0,0 +1,80 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/aws
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances=
.html
+running_on_ec2() {
+	local uuid
+
+	# Check if the hypervisor UUID starts with ec2
+	if [ -r "/sys/hypervisor/uuid" ]; then
+		uuid=3D$(</sys/hypervisor/uuid)
+
+		[ "${uuid:0:3}" =3D "ec2" ] && return 0
+	fi
+
+	# Check if the DMI product UUID starts with EC2
+	if [ -r "/sys/devices/virtual/dmi/id/product_uuid" ]; then
+		uuid=3D$(</sys/devices/virtual/dmi/id/product_uuid)
+
+		[ "${uuid:0:3}" =3D "EC2" ] && return 0
+	fi
+
+	# We are not running on AWS EC2
+	return 1
+}
+
+case "${1}" in
+	start)
+		# Do nothing if we are not running on AWS EC2
+		running_on_ec2 || exit 0
+
+		# Find the first interface to use
+		for i in /sys/class/net/*; do
+			[ -d "${i}" ] || continue
+			i=3D$(basename ${i})
+
+			# Skip loopback
+			[ "${i}" =3D "lo" ] && continue
+
+			# Use whatever we have found
+			intf=3D"${i}"
+			break
+		done
+
+		# Check if we found a network interface
+		if [ ! -n "${intf}" ]; then
+			echo_failure
+
+			boot_mesg -n "Could not find a network interface" ${FAILURE}
+			boot_mesg "" ${NORMAL}
+		fi
+
+		# Run a DHCP client and set up the system accordingly
+		dhclient -sf /etc/rc.d/helper/aws-setup "${intf}"
+
+		# End DHCP client immediately
+		dhclient -sf /etc/rc.d/helper/aws-setup -r "${intf}" &>/dev/null
+		;;
+
+	status)
+		if running_on_ec2; then
+			echo "This system is running on AWS EC2"
+			exit 0
+		else
+			echo "This system is NOT running on AWS EC2"
+			exit 1
+		fi
+		;;
+
+	*)
+		echo "Usage: ${0} {start|status}"
+		exit 1
+		;;
+esac
+
+# End $rc_base/init.d/aws
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index cab791c1f..707209987 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -280,7 +280,9 @@ iptables_init() {
 	# Always allow accessing the web GUI from GREEN.
 	iptables -N GUIINPUT
 	iptables -A INPUT -j GUIINPUT
-	iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+	if [ -n "${GREEN_DEV}" ]; then
+		iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+	fi
=20
 	# WIRELESS chains
 	iptables -N WIRELESSINPUT
@@ -329,8 +331,10 @@ iptables_init() {
 	iptables -t nat -N NAT_DESTINATION_FIX
 	iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
=20
-	iptables -t nat -A NAT_DESTINATION_FIX \
-		-m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+	if [ -n "${GREEN_ADDRESS}" ]; then
+		iptables -t nat -A NAT_DESTINATION_FIX \
+			-m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+	fi
=20
 	if [ -n "${BLUE_ADDRESS}" ]; then
 		iptables -t nat -A NAT_DESTINATION_FIX \
diff --git a/src/initscripts/system/localnet b/src/initscripts/system/localnet
index ff374bb2b..e071216fd 100644
--- a/src/initscripts/system/localnet
+++ b/src/initscripts/system/localnet
@@ -22,6 +22,12 @@ write_resolv_conf() {
 	) > /etc/resolv.conf
 }
=20
+write_hosts() {
+	(
+		echo "127.0.0.1	localhost.localdomain localhost"
+	) > /etc/hosts
+}
+
 case "${1}" in
 	start)
 		eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
@@ -40,6 +46,9 @@ case "${1}" in
 			evaluate_retval
 		fi
=20
+		# Update hosts
+		write_hosts
+
 		# Update resolv.conf
 		write_resolv_conf
 		;;
diff --git a/src/initscripts/system/udev b/src/initscripts/system/udev
index 6cf8771ea..5e0d9bdfd 100644
--- a/src/initscripts/system/udev
+++ b/src/initscripts/system/udev
@@ -60,7 +60,8 @@ case "${1}" in
=20
 		# Start the udev daemon to continually watch for, and act on,
 		# uevents
-		/sbin/udevd --daemon
+		boot_mesg "Starting udev daemon..."
+		loadproc udevd --daemon
=20
 		# Now traverse /sys in order to "coldplug" devices that have
 		# already been discovered
@@ -72,6 +73,13 @@ case "${1}" in
=20
 		;;
=20
+	restart)
+		boot_mesg "Stopping udev daemon..."
+		killproc udevd
+
+		exec $0 start
+		;;
+
 	*)
 		echo "Usage ${0} {start}"
 		exit 1
diff --git a/src/setup/misc.c b/src/setup/misc.c
index a31b1d8a8..f9ba39b8c 100644
--- a/src/setup/misc.c
+++ b/src/setup/misc.c
@@ -19,31 +19,13 @@ extern char *mylog;
=20
 extern int automode;
=20
-/* This will rewrite /etc/hosts, /etc/hosts.*, and the apache ServerName fil=
e. */
 int writehostsfiles(void)
 {=09
-	char address[STRING_SIZE] =3D "";
-	char netaddress[STRING_SIZE] =3D "";
-	char netmask[STRING_SIZE] =3D "";
 	char message[1000];
-	FILE *file, *hosts;
 	struct keyvalue *kv;
 	char hostname[STRING_SIZE];
 	char domainname[STRING_SIZE] =3D "localdomain";
 	char commandstring[STRING_SIZE];
-	char buffer[STRING_SIZE];
-=09
-	kv =3D initkeyvalues();
-	if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))
-	{
-		freekeyvalues(kv);
-		errorbox(_("Unable to open settings file"));
-		return 0;
-	}
-	findkey(kv, "GREEN_ADDRESS", address);
-	findkey(kv, "GREEN_NETADDRESS", netaddress);
-	findkey(kv, "GREEN_NETMASK", netmask);=09
-	freekeyvalues(kv);
 =09
 	kv =3D initkeyvalues();
 	if (!(readkeyvalues(kv, CONFIG_ROOT "/main/settings")))
@@ -57,79 +39,6 @@ int writehostsfiles(void)
 	findkey(kv, "DOMAINNAME", domainname);
 	freekeyvalues(kv);
 	=09
-	if (!(file =3D fopen(CONFIG_ROOT "/main/hostname.conf", "w")))
-	{
-		sprintf (message, _("Unable to write %s/main/hostname.conf"), CONFIG_ROOT);
-		errorbox(message);
-		return 0;
-	}
-	fprintf(file, "ServerName %s.%s\n", hostname,domainname);
-	fclose(file);
-=09
-	if (!(file =3D fopen(CONFIG_ROOT "/main/hosts", "r")))
-	{
-		errorbox(_("Unable to open main hosts file."));
-		return 0;
-	}
-	if (!(hosts =3D fopen("/etc/hosts", "w")))
-	{
-		errorbox(_("Unable to write /etc/hosts."));
-		return 0;
-	}
-	fprintf(hosts, "127.0.0.1\tlocalhost\n");
-	if (strlen(domainname))
-		fprintf(hosts, "%s\t%s.%s\t%s\n",address,hostname,domainname,hostname);
-	else
-		fprintf(hosts, "%s\t%s\n",address,hostname);
-	while (fgets(buffer, STRING_SIZE, file))
-	{
-		char *token, *ip, *host, *domain;
-
-		buffer[strlen(buffer) - 1] =3D 0;
-
-		token =3D strtok(buffer, ",");
-
-		ip =3D strtok(NULL, ",");
-		host =3D strtok(NULL, ",");
-		domain =3D strtok(NULL, ",");
-
-		if (!(ip && host))
-			break;
-
-		if (strlen(ip) < 7 || strlen(ip) > 15
-		 || strspn(ip, "0123456789.") !=3D strlen(ip))
-			break;
-
-		if (strspn(host, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123=
456789-") !=3D strlen(host))
-			break;
-
-		if (domain)
-			fprintf(hosts, "%s\t%s.%s\t%s\n",ip,host,domain,host);
-		else
-			fprintf(hosts, "%s\t%s\n",ip,host);
-	}
-	fclose(file);
-	fclose(hosts);
-=09
-	/* TCP wrappers stuff. */
-	if (!(file =3D fopen("/etc/hosts.deny", "w")))
-	{
-		errorbox(_("Unable to write /etc/hosts.deny."));
-		return 0;
-	}
-	fprintf(file, "ALL : ALL\n");
-	fclose(file);
-=09
-	if (!(file =3D fopen("/etc/hosts.allow", "w")))
-	{
-		errorbox(_("Unable to write /etc/hosts.allow."));
-		return 0;
-	}
-	fprintf(file, "sshd : ALL\n");
-	fprintf(file, "ALL  : localhost\n");
-	fprintf(file, "ALL  : %s/%s\n", netaddress, netmask);
-	fclose(file);
-=09
 	sprintf(commandstring, "/bin/hostname %s.%s", hostname, domainname);
 	if (mysystem(NULL, commandstring))
 	{


hooks/post-receive
--
IPFire 2.x development tree

--===============8388000581020815116==--