From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 820e90db0f2cd2ee81a3e978a2c9315e08307ac2
Date: Thu, 12 Jul 2018 10:22:35 +0100 [thread overview]
Message-ID: <20180712092236.165621081BD8@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 11399 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 820e90db0f2cd2ee81a3e978a2c9315e08307ac2 (commit)
via 7471256910d6dfdfcfc9c73f79afde3236443376 (commit)
via 693208bf63671ec9d6f345e858b0bd6d0ebec064 (commit)
from 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 820e90db0f2cd2ee81a3e978a2c9315e08307ac2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 12 10:04:37 2018 +0100
iptables: Ship all modules
These have been all disabled with the last update of
the iptables package.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7471256910d6dfdfcfc9c73f79afde3236443376
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 12 10:03:34 2018 +0100
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 693208bf63671ec9d6f345e858b0bd6d0ebec064
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 12 09:59:31 2018 +0100
aws: Don't start ssh right away
sshctrl calls sshd directly which won't work at time of the first boot
because no keys will be generated.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/hwdata | 3 +-
config/rootfiles/common/iptables | 232 +++++++++++++++++++--------------------
config/rootfiles/common/setup | 1 +
config/rootfiles/common/sudo | 1 -
src/initscripts/helper/aws-setup | 7 +-
5 files changed, 123 insertions(+), 121 deletions(-)
Difference in files:
diff --git a/config/rootfiles/common/hwdata b/config/rootfiles/common/hwdata
index 30d51a2d0..db268e887 100644
--- a/config/rootfiles/common/hwdata
+++ b/config/rootfiles/common/hwdata
@@ -1,2 +1,3 @@
-usr/share/hwdata/usb.ids
+#usr/share/hwdata
usr/share/hwdata/pci.ids
+usr/share/hwdata/usb.ids
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index d0c1065cb..d7584c0ad 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -19,122 +19,122 @@ lib/libxtables.so
lib/libxtables.so.12
lib/libxtables.so.12.0.0
#lib/xtables
-#lib/xtables/libebt_802_3.so
-#lib/xtables/libebt_ip.so
-#lib/xtables/libebt_log.so
-#lib/xtables/libebt_mark_m.so
-#lib/xtables/libip6t_DNAT.so
-#lib/xtables/libip6t_DNPT.so
-#lib/xtables/libip6t_HL.so
-#lib/xtables/libip6t_LOG.so
-#lib/xtables/libip6t_MASQUERADE.so
-#lib/xtables/libip6t_NETMAP.so
-#lib/xtables/libip6t_REDIRECT.so
-#lib/xtables/libip6t_REJECT.so
-#lib/xtables/libip6t_SNAT.so
-#lib/xtables/libip6t_SNPT.so
-#lib/xtables/libip6t_ah.so
-#lib/xtables/libip6t_dst.so
-#lib/xtables/libip6t_eui64.so
-#lib/xtables/libip6t_frag.so
-#lib/xtables/libip6t_hbh.so
-#lib/xtables/libip6t_hl.so
-#lib/xtables/libip6t_icmp6.so
-#lib/xtables/libip6t_ipv6header.so
-#lib/xtables/libip6t_mh.so
-#lib/xtables/libip6t_rt.so
-#lib/xtables/libip6t_srh.so
-#lib/xtables/libipt_CLUSTERIP.so
-#lib/xtables/libipt_DNAT.so
-#lib/xtables/libipt_ECN.so
-#lib/xtables/libipt_LOG.so
-#lib/xtables/libipt_MASQUERADE.so
-#lib/xtables/libipt_NETMAP.so
-#lib/xtables/libipt_REDIRECT.so
-#lib/xtables/libipt_REJECT.so
-#lib/xtables/libipt_SNAT.so
-#lib/xtables/libipt_TTL.so
-#lib/xtables/libipt_ULOG.so
-#lib/xtables/libipt_ah.so
-#lib/xtables/libipt_icmp.so
-#lib/xtables/libipt_realm.so
-#lib/xtables/libipt_ttl.so
-#lib/xtables/libxt_AUDIT.so
-#lib/xtables/libxt_CHECKSUM.so
-#lib/xtables/libxt_CLASSIFY.so
-#lib/xtables/libxt_CONNMARK.so
-#lib/xtables/libxt_CONNSECMARK.so
-#lib/xtables/libxt_CT.so
-#lib/xtables/libxt_DSCP.so
-#lib/xtables/libxt_HMARK.so
-#lib/xtables/libxt_IDLETIMER.so
-#lib/xtables/libxt_IMQ.so
-#lib/xtables/libxt_LED.so
-#lib/xtables/libxt_MARK.so
-#lib/xtables/libxt_NFLOG.so
-#lib/xtables/libxt_NFQUEUE.so
-#lib/xtables/libxt_NOTRACK.so
-#lib/xtables/libxt_RATEEST.so
-#lib/xtables/libxt_SECMARK.so
-#lib/xtables/libxt_SET.so
-#lib/xtables/libxt_SYNPROXY.so
-#lib/xtables/libxt_TCPMSS.so
-#lib/xtables/libxt_TCPOPTSTRIP.so
-#lib/xtables/libxt_TEE.so
-#lib/xtables/libxt_TOS.so
-#lib/xtables/libxt_TPROXY.so
-#lib/xtables/libxt_TRACE.so
-#lib/xtables/libxt_addrtype.so
-#lib/xtables/libxt_bpf.so
-#lib/xtables/libxt_cgroup.so
-#lib/xtables/libxt_cluster.so
-#lib/xtables/libxt_comment.so
-#lib/xtables/libxt_connbytes.so
-#lib/xtables/libxt_connlabel.so
-#lib/xtables/libxt_connlimit.so
-#lib/xtables/libxt_connmark.so
-#lib/xtables/libxt_conntrack.so
-#lib/xtables/libxt_cpu.so
-#lib/xtables/libxt_dccp.so
-#lib/xtables/libxt_devgroup.so
-#lib/xtables/libxt_dscp.so
-#lib/xtables/libxt_ecn.so
-#lib/xtables/libxt_esp.so
-#lib/xtables/libxt_hashlimit.so
-#lib/xtables/libxt_helper.so
-#lib/xtables/libxt_ipcomp.so
-#lib/xtables/libxt_iprange.so
-#lib/xtables/libxt_ipvs.so
-#lib/xtables/libxt_layer7.so
-#lib/xtables/libxt_length.so
-#lib/xtables/libxt_limit.so
-#lib/xtables/libxt_mac.so
-#lib/xtables/libxt_mangle.so
-#lib/xtables/libxt_mark.so
-#lib/xtables/libxt_multiport.so
-#lib/xtables/libxt_nfacct.so
-#lib/xtables/libxt_osf.so
-#lib/xtables/libxt_owner.so
-#lib/xtables/libxt_physdev.so
-#lib/xtables/libxt_pkttype.so
-#lib/xtables/libxt_policy.so
-#lib/xtables/libxt_quota.so
-#lib/xtables/libxt_rateest.so
-#lib/xtables/libxt_recent.so
-#lib/xtables/libxt_rpfilter.so
-#lib/xtables/libxt_sctp.so
-#lib/xtables/libxt_set.so
-#lib/xtables/libxt_socket.so
-#lib/xtables/libxt_standard.so
-#lib/xtables/libxt_state.so
-#lib/xtables/libxt_statistic.so
-#lib/xtables/libxt_string.so
-#lib/xtables/libxt_tcp.so
-#lib/xtables/libxt_tcpmss.so
-#lib/xtables/libxt_time.so
-#lib/xtables/libxt_tos.so
-#lib/xtables/libxt_u32.so
-#lib/xtables/libxt_udp.so
+lib/xtables/libebt_802_3.so
+lib/xtables/libebt_ip.so
+lib/xtables/libebt_log.so
+lib/xtables/libebt_mark_m.so
+lib/xtables/libip6t_DNAT.so
+lib/xtables/libip6t_DNPT.so
+lib/xtables/libip6t_HL.so
+lib/xtables/libip6t_LOG.so
+lib/xtables/libip6t_MASQUERADE.so
+lib/xtables/libip6t_NETMAP.so
+lib/xtables/libip6t_REDIRECT.so
+lib/xtables/libip6t_REJECT.so
+lib/xtables/libip6t_SNAT.so
+lib/xtables/libip6t_SNPT.so
+lib/xtables/libip6t_ah.so
+lib/xtables/libip6t_dst.so
+lib/xtables/libip6t_eui64.so
+lib/xtables/libip6t_frag.so
+lib/xtables/libip6t_hbh.so
+lib/xtables/libip6t_hl.so
+lib/xtables/libip6t_icmp6.so
+lib/xtables/libip6t_ipv6header.so
+lib/xtables/libip6t_mh.so
+lib/xtables/libip6t_rt.so
+lib/xtables/libip6t_srh.so
+lib/xtables/libipt_CLUSTERIP.so
+lib/xtables/libipt_DNAT.so
+lib/xtables/libipt_ECN.so
+lib/xtables/libipt_LOG.so
+lib/xtables/libipt_MASQUERADE.so
+lib/xtables/libipt_NETMAP.so
+lib/xtables/libipt_REDIRECT.so
+lib/xtables/libipt_REJECT.so
+lib/xtables/libipt_SNAT.so
+lib/xtables/libipt_TTL.so
+lib/xtables/libipt_ULOG.so
+lib/xtables/libipt_ah.so
+lib/xtables/libipt_icmp.so
+lib/xtables/libipt_realm.so
+lib/xtables/libipt_ttl.so
+lib/xtables/libxt_AUDIT.so
+lib/xtables/libxt_CHECKSUM.so
+lib/xtables/libxt_CLASSIFY.so
+lib/xtables/libxt_CONNMARK.so
+lib/xtables/libxt_CONNSECMARK.so
+lib/xtables/libxt_CT.so
+lib/xtables/libxt_DSCP.so
+lib/xtables/libxt_HMARK.so
+lib/xtables/libxt_IDLETIMER.so
+lib/xtables/libxt_IMQ.so
+lib/xtables/libxt_LED.so
+lib/xtables/libxt_MARK.so
+lib/xtables/libxt_NFLOG.so
+lib/xtables/libxt_NFQUEUE.so
+lib/xtables/libxt_NOTRACK.so
+lib/xtables/libxt_RATEEST.so
+lib/xtables/libxt_SECMARK.so
+lib/xtables/libxt_SET.so
+lib/xtables/libxt_SYNPROXY.so
+lib/xtables/libxt_TCPMSS.so
+lib/xtables/libxt_TCPOPTSTRIP.so
+lib/xtables/libxt_TEE.so
+lib/xtables/libxt_TOS.so
+lib/xtables/libxt_TPROXY.so
+lib/xtables/libxt_TRACE.so
+lib/xtables/libxt_addrtype.so
+lib/xtables/libxt_bpf.so
+lib/xtables/libxt_cgroup.so
+lib/xtables/libxt_cluster.so
+lib/xtables/libxt_comment.so
+lib/xtables/libxt_connbytes.so
+lib/xtables/libxt_connlabel.so
+lib/xtables/libxt_connlimit.so
+lib/xtables/libxt_connmark.so
+lib/xtables/libxt_conntrack.so
+lib/xtables/libxt_cpu.so
+lib/xtables/libxt_dccp.so
+lib/xtables/libxt_devgroup.so
+lib/xtables/libxt_dscp.so
+lib/xtables/libxt_ecn.so
+lib/xtables/libxt_esp.so
+lib/xtables/libxt_hashlimit.so
+lib/xtables/libxt_helper.so
+lib/xtables/libxt_ipcomp.so
+lib/xtables/libxt_iprange.so
+lib/xtables/libxt_ipvs.so
+lib/xtables/libxt_layer7.so
+lib/xtables/libxt_length.so
+lib/xtables/libxt_limit.so
+lib/xtables/libxt_mac.so
+lib/xtables/libxt_mangle.so
+lib/xtables/libxt_mark.so
+lib/xtables/libxt_multiport.so
+lib/xtables/libxt_nfacct.so
+lib/xtables/libxt_osf.so
+lib/xtables/libxt_owner.so
+lib/xtables/libxt_physdev.so
+lib/xtables/libxt_pkttype.so
+lib/xtables/libxt_policy.so
+lib/xtables/libxt_quota.so
+lib/xtables/libxt_rateest.so
+lib/xtables/libxt_recent.so
+lib/xtables/libxt_rpfilter.so
+lib/xtables/libxt_sctp.so
+lib/xtables/libxt_set.so
+lib/xtables/libxt_socket.so
+lib/xtables/libxt_standard.so
+lib/xtables/libxt_state.so
+lib/xtables/libxt_statistic.so
+lib/xtables/libxt_string.so
+lib/xtables/libxt_tcp.so
+lib/xtables/libxt_tcpmss.so
+lib/xtables/libxt_time.so
+lib/xtables/libxt_tos.so
+lib/xtables/libxt_u32.so
+lib/xtables/libxt_udp.so
sbin/ip6tables
sbin/ip6tables-restore
sbin/ip6tables-save
diff --git a/config/rootfiles/common/setup b/config/rootfiles/common/setup
index 5da99c1cf..45e529806 100644
--- a/config/rootfiles/common/setup
+++ b/config/rootfiles/common/setup
@@ -1,3 +1,4 @@
+#etc/sudoers.d
etc/sudoers.d/setup
usr/bin/probenic.sh
usr/bin/run-setup
diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo
index d6ac72d4f..860981890 100644
--- a/config/rootfiles/common/sudo
+++ b/config/rootfiles/common/sudo
@@ -1,5 +1,4 @@
etc/sudoers
-etc/sudoers.d
usr/bin/sudo
usr/bin/sudoedit
usr/bin/sudoreplay
diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup
index 0ae727c3f..a273aff7d 100644
--- a/src/initscripts/helper/aws-setup
+++ b/src/initscripts/helper/aws-setup
@@ -226,15 +226,16 @@ import_aws_configuration() {
# Enable SSH
sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
- touch /var/ipfire/remote/enablessh
- chown nobody:nobody /var/ipfire/remote/enablessh
-
# Enable SSH key authentication
sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
# Apply SSH settings
/usr/local/bin/sshctrl
+ # Mark SSH to start immediately (but not right now)
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
# Firewall rules for SSH and WEBIF
(
echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2018-07-12 9:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180712092236.165621081BD8@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox