From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 42c2acc2187861abc00420c3e272cebd8aa53db3
Date: Fri, 18 Oct 2019 14:21:06 +0000 [thread overview]
Message-ID: <46vp9b0WNzz2xqV@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 4884 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 42c2acc2187861abc00420c3e272cebd8aa53db3 (commit)
via 0df4cf71052ea7a64dcf5ab8d141c54ad239b16f (commit)
via be967dc920565a3d6768a885c496898a55442b35 (commit)
from a2c2c4c74ceea5379fdd71fc35d8ef3682eccff8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 42c2acc2187861abc00420c3e272cebd8aa53db3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Oct 18 16:19:59 2019 +0200
core137: add path of qosctrl
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0df4cf71052ea7a64dcf5ab8d141c54ad239b16f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Oct 18 16:16:35 2019 +0200
core137: erase lm_sensors config after collectd start
this is needed to research the sensors with updated kernel
after next reboot.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit be967dc920565a3d6768a885c496898a55442b35
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Oct 18 16:13:49 2019 +0200
Revert "firewall: always allow outgoing DNS traffic to root servers"
This reverts commit 70cd5c42f003292bd1ecb9e38018782679dbd01e.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/137/filelists/files | 3 +++
config/rootfiles/core/137/update.sh | 11 +++++++----
src/initscripts/system/firewall | 12 ------------
3 files changed, 10 insertions(+), 16 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files
index 33f86862f..3b7c8d23b 100644
--- a/config/rootfiles/core/137/filelists/files
+++ b/config/rootfiles/core/137/filelists/files
@@ -1,6 +1,8 @@
etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/credits.cgi
+usr/lib/firewall/rules.pl
+usr/sbin/firewall-policy
var/ipfire/langs
etc/logrotate.conf
etc/rc.d/init.d/firewall
@@ -17,3 +19,4 @@ usr/local/bin/xt_geoip_update
var/ipfire/backup/bin/backup.pl
var/ipfire/qos/bin/makeqosscripts.pl
var/ipfire/suricata/ruleset-sources
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/137/update.sh
index 98fdff83d..da87f9430 100644
--- a/config/rootfiles/core/137/update.sh
+++ b/config/rootfiles/core/137/update.sh
@@ -77,12 +77,11 @@ rm -rf /boot/zImage-*-ipfire-*
rm -rf /boot/uInit-*-ipfire-*
rm -rf /boot/dtb-*-ipfire-*
rm -rf /lib/modules
-rm -f /etc/sysconfig/lm_sensors
# Remove files
# Stop services
-qosctrl stop
+/usr/local/bin/qosctrl stop
# Extract files
extract_files
@@ -99,9 +98,13 @@ ldconfig
/etc/init.d/unbound restart
/etc/init.d/collectd restart
+# remove lm_sensor config after collectd was started
+# to reserch sensors at next boot with updated kernel
+rm -f /etc/sysconfig/lm_sensors
+
# generate new qos script
-qosctrl generate
-qosctrl start
+/usr/local/bin/qosctrl generate
+/usr/local/bin/qosctrl start
# Search sensors again after reboot into the new kernel
rm -f /etc/sysconfig/lm_sensors
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 602bd6c5b..ec396c708 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -6,7 +6,6 @@
eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
-ROOTHINTS="/etc/unbound/root.hints"
IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
if [ -f /var/ipfire/red/device ]; then
@@ -308,17 +307,6 @@ iptables_init() {
iptables -A INPUT -j TOR_INPUT
iptables -N TOR_OUTPUT
iptables -A OUTPUT -j TOR_OUTPUT
-
- # Allow outgoing DNS traffic (TCP and UDP) to DNS root servers
- local rootserverips="$( awk '/\s+A\s+/ { print $4 }' ${ROOTHINTS} )"
- ipset -N root-servers iphash
-
- for ip in "${rootserverips[@]}"; do
- ipset add root-servers $ip
- done
-
- iptables -A OUTPUT -m set --match-set root-servers dst -p tcp --dport 53 -j ACCEPT
- iptables -A OUTPUT -m set --match-set root-servers dst -p udp --dport 53 -j ACCEPT
# Jump into the actual firewall ruleset.
iptables -N INPUTFW
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-10-18 14:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46vp9b0WNzz2xqV@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox