* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ec6f8b6de04c4e761d998b16e2ec16df2bfb2cef
@ 2026-04-20 10:27 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-20 10:27 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via ec6f8b6de04c4e761d998b16e2ec16df2bfb2cef (commit)
via e3fc6db16b1cd81796f41d367697cdbeafa73aa0 (commit)
via 694d208d9ea37b20f704bfbe2ae466ac23ad3355 (commit)
via 7998d7af4759d8a24f6175c237dc18dd5a33fa15 (commit)
via a7f578e949a385e79f1b39f5ac19d7fea32f4bed (commit)
via fb248260597a1734a2c32137615a1e74fe536c05 (commit)
via 171f4e965cc2419a584a0b7abfdc0b8a4087462c (commit)
via 4d482385bcb91537003c54c081afc3ed1ad75f4f (commit)
from 0930c24100b106b43488f5a29c1e4b9b603d976d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ec6f8b6de04c4e761d998b16e2ec16df2bfb2cef
Merge: 694d208d9 e3fc6db16
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Apr 20 10:27:22 2026 +0000
Merge branch 'master' into next
commit 694d208d9ea37b20f704bfbe2ae466ac23ad3355
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Apr 20 10:26:29 2026 +0000
core202: Ship network-functions.pl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 7998d7af4759d8a24f6175c237dc18dd5a33fa15
Merge: 0930c2410 a7f578e94
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Apr 20 10:25:21 2026 +0000
Merge branch 'master' into next
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/network-functions.pl | 17 +++++++++++++++++
config/rootfiles/core/202/filelists/files | 1 +
config/rootfiles/oldcore/201/filelists/files | 1 +
html/cgi-bin/dnsbl.cgi | 17 +++++++++++++++++
src/initscripts/system/unbound | 2 +-
5 files changed, 37 insertions(+), 1 deletion(-)
Difference in files:
diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl
index ad89fc777..6716cfe4b 100644
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -344,6 +344,23 @@ sub normalize_network($) {
return "${address}/${prefix}";
}
+sub normalize_networks($) {
+ my @networks = ();
+
+ foreach my $network (@_) {
+ # Convert any IP addresses to networks
+ if (&check_ip_address($network)) {
+ push(@networks, "${network}/32");
+ next;
+ }
+
+ $network = &normalize_network($network);
+ push(@networks, $network);
+ }
+
+ return @networks;
+}
+
# Returns True if $address is in $network.
sub ip_address_in_network($$) {
my $address = shift;
diff --git a/config/rootfiles/core/202/filelists/files b/config/rootfiles/core/202/filelists/files
index d33860022..92ffde38d 100644
--- a/config/rootfiles/core/202/filelists/files
+++ b/config/rootfiles/core/202/filelists/files
@@ -9,5 +9,6 @@ srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
var/ipfire/dns/dnsbl.json
var/ipfire/general-functions.pl
+var/ipfire/network-functions.pl
var/ipfire/urlfilter/bin/autoupdate.pl
var/spool/cron/root.orig
diff --git a/config/rootfiles/oldcore/201/filelists/files b/config/rootfiles/oldcore/201/filelists/files
index ef9e832d2..552e85feb 100644
--- a/config/rootfiles/oldcore/201/filelists/files
+++ b/config/rootfiles/oldcore/201/filelists/files
@@ -13,4 +13,5 @@ usr/bin/suricata-report-cron
var/ipfire/dns/dnsbl.json
var/ipfire/ids-functions.pl
var/ipfire/menu.d/50-firewall.menu
+var/ipfire/network-functions.pl
var/ipfire/urlfilter/bin/autoupdate.pl
diff --git a/html/cgi-bin/dnsbl.cgi b/html/cgi-bin/dnsbl.cgi
index 9b4e8dcab..c2f48381e 100644
--- a/html/cgi-bin/dnsbl.cgi
+++ b/html/cgi-bin/dnsbl.cgi
@@ -139,6 +139,9 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
}
}
+ # Normalize all networks
+ @custom_acl = &Network::normalize_networks(@custom_acl);
+
# Only go further, if there was no error message.
unless (scalar @errormessages) {
# Read-in settings file.
@@ -203,6 +206,20 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
push(@errormessages, "$dup - $Lang::tr{'dnsbl error domain specified twice'}");
}
+ # Check allowed domains
+ foreach my $domain (@ascii_allowed_domains) {
+ unless (&General::validfqdn($domain)) {
+ push(@errormessages, "$Lang::tr{'invalid domain name'}: ${domain}");
+ }
+ }
+
+ # Check blocked domains
+ foreach my $domain (@ascii_blocked_domains) {
+ unless (&General::validfqdn($domain)) {
+ push(@errormessages, "$Lang::tr{'invalid domain name'}: ${domain}");
+ }
+ }
+
# Check if a domain from the posted blocked domains array is allready part of
# the saved allowed domains array
$dup = &compare_arrays(\@custom_allowed_domains, \@ascii_blocked_domains);
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index cc658432a..2be3b81f1 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -265,7 +265,7 @@ write_dnsbl_zones() {
# Add any custom ACL
if [ -n "${custom_acls}" ]; then
- IFS='|' read -r -a custom_acl <<< "${custom_acls}"
+ IFS='|' read -r -a custom_acls <<< "${custom_acls}"
local custom_acl
for custom_acl in ${custom_acls[@]}; do
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-20 10:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-20 10:27 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. ec6f8b6de04c4e761d998b16e2ec16df2bfb2cef Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox