Patch-O-Matic in den Kernel eingebaut.

(Einige Module fehlen noch...) Unattended Installer bearbeitet. Firewallscript hinzugefuegt. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@360 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
2026-04-09 18:45:54 +02:00 · 2006-12-11 20:02:07 +00:00
parent 3fd5feeb3e
commit 3a1019f689
19 changed files with 1141 additions and 146 deletions
--- a/config/kernel/kernel.config.i586
+++ b/config/kernel/kernel.config.i586
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16
-# Tue Nov 28 19:31:51 2006
+# Wed Nov 29 00:06:35 2006
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -343,6 +343,7 @@ CONFIG_IP_PIMSM_V1=y
 CONFIG_IP_PIMSM_V2=y
 # CONFIG_ARPD is not set
 CONFIG_SYN_COOKIES=y
+CONFIG_IPSEC_NAT_TRAVERSAL=y
 CONFIG_INET_AH=y
 CONFIG_INET_ESP=y
 CONFIG_INET_IPCOMP=y
@@ -458,6 +459,9 @@ CONFIG_IP_NF_RAW=m
 CONFIG_IP_NF_ARPTABLES=m
 CONFIG_IP_NF_ARPFILTER=m
 CONFIG_IP_NF_ARP_MANGLE=m
+CONFIG_IP_NF_TARGET_TARPIT=m
+CONFIG_IP_NF_NAT_SIP=m
+CONFIG_IP_NF_SIP=m

 #
 # Bridge: Netfilter Configuration
@@ -579,6 +583,21 @@ CONFIG_IEEE80211=m
 CONFIG_IEEE80211_CRYPT_WEP=m
 # CONFIG_IEEE80211_CRYPT_CCMP is not set
 # CONFIG_IEEE80211_CRYPT_TKIP is not set
+CONFIG_KLIPS=m
+
+#
+# KLIPS options
+#
+CONFIG_KLIPS_ESP=y
+CONFIG_KLIPS_AH=y
+CONFIG_KLIPS_AUTH_HMAC_MD5=y
+CONFIG_KLIPS_AUTH_HMAC_SHA1=y
+# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_3DES=y
+CONFIG_KLIPS_ENC_AES=y
+# CONFIG_KLIPS_ENC_NULL is not set
+CONFIG_KLIPS_IPCOMP=y
+CONFIG_KLIPS_DEBUG=y

 #
 # Device Drivers
--- a/config/kernel/kernel.config.i586.smp
+++ b/config/kernel/kernel.config.i586.smp
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16
-# Tue Nov 28 19:33:09 2006
+# Wed Nov 29 00:35:50 2006
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -349,6 +349,7 @@ CONFIG_IP_PIMSM_V1=y
 CONFIG_IP_PIMSM_V2=y
 # CONFIG_ARPD is not set
 CONFIG_SYN_COOKIES=y
+CONFIG_IPSEC_NAT_TRAVERSAL=y
 CONFIG_INET_AH=y
 CONFIG_INET_ESP=y
 CONFIG_INET_IPCOMP=y
@@ -464,6 +465,9 @@ CONFIG_IP_NF_RAW=m
 CONFIG_IP_NF_ARPTABLES=m
 CONFIG_IP_NF_ARPFILTER=m
 CONFIG_IP_NF_ARP_MANGLE=m
+CONFIG_IP_NF_TARGET_TARPIT=m
+CONFIG_IP_NF_NAT_SIP=m
+CONFIG_IP_NF_SIP=m

 #
 # Bridge: Netfilter Configuration
@@ -585,6 +589,21 @@ CONFIG_IEEE80211=m
 CONFIG_IEEE80211_CRYPT_WEP=m
 # CONFIG_IEEE80211_CRYPT_CCMP is not set
 # CONFIG_IEEE80211_CRYPT_TKIP is not set
+CONFIG_KLIPS=m
+
+#
+# KLIPS options
+#
+CONFIG_KLIPS_ESP=y
+CONFIG_KLIPS_AH=y
+CONFIG_KLIPS_AUTH_HMAC_MD5=y
+CONFIG_KLIPS_AUTH_HMAC_SHA1=y
+# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_3DES=y
+CONFIG_KLIPS_ENC_AES=y
+# CONFIG_KLIPS_ENC_NULL is not set
+CONFIG_KLIPS_IPCOMP=y
+CONFIG_KLIPS_DEBUG=y

 #
 # Device Drivers
--- a/config/kernel/unattended.conf
+++ b/config/kernel/unattended.conf
@@ -3,9 +3,9 @@ HOSTNAME=ipfire
 KEYMAP=/usr/share/kbd/keymaps/i386/qwerty/de.map.gz
 LANGUAGE=de
 TIMEZONE=/usr/share/zoneinfo/posix/Europe/Berlin
-GREEN_ADDRESS=192.168.0.15
+GREEN_ADDRESS=192.168.180.30
 GREEN_NETMASK=255.255.255.0
-GREEN_NETADDRESS=192.168.0.0
-GREEN_BROADCAST=192.168.0.255
+GREEN_NETADDRESS=192.168.180.0
+GREEN_BROADCAST=192.168.180.255
 ROOT_PASSWORD=ipfire
 ADMIN_PASSWORD=ipfire
--- a/config/rootfiles/common/glib
+++ b/config/rootfiles/common/glib
@@ -0,0 +1,439 @@
+#usr/bin/glib-genmarshal
+#usr/bin/glib-gettextize
+#usr/bin/glib-mkenums
+#usr/bin/gobject-query
+#usr/include/glib-2.0
+#usr/include/glib-2.0/glib
+#usr/include/glib-2.0/glib-object.h
+#usr/include/glib-2.0/glib.h
+#usr/include/glib-2.0/glib/galloca.h
+#usr/include/glib-2.0/glib/garray.h
+#usr/include/glib-2.0/glib/gasyncqueue.h
+#usr/include/glib-2.0/glib/gatomic.h
+#usr/include/glib-2.0/glib/gbacktrace.h
+#usr/include/glib-2.0/glib/gcache.h
+#usr/include/glib-2.0/glib/gcompletion.h
+#usr/include/glib-2.0/glib/gconvert.h
+#usr/include/glib-2.0/glib/gdataset.h
+#usr/include/glib-2.0/glib/gdate.h
+#usr/include/glib-2.0/glib/gdir.h
+#usr/include/glib-2.0/glib/gerror.h
+#usr/include/glib-2.0/glib/gfileutils.h
+#usr/include/glib-2.0/glib/ghash.h
+#usr/include/glib-2.0/glib/ghook.h
+#usr/include/glib-2.0/glib/gi18n-lib.h
+#usr/include/glib-2.0/glib/gi18n.h
+#usr/include/glib-2.0/glib/giochannel.h
+#usr/include/glib-2.0/glib/gkeyfile.h
+#usr/include/glib-2.0/glib/glist.h
+#usr/include/glib-2.0/glib/gmacros.h
+#usr/include/glib-2.0/glib/gmain.h
+#usr/include/glib-2.0/glib/gmappedfile.h
+#usr/include/glib-2.0/glib/gmarkup.h
+#usr/include/glib-2.0/glib/gmem.h
+#usr/include/glib-2.0/glib/gmessages.h
+#usr/include/glib-2.0/glib/gnode.h
+#usr/include/glib-2.0/glib/goption.h
+#usr/include/glib-2.0/glib/gpattern.h
+#usr/include/glib-2.0/glib/gprimes.h
+#usr/include/glib-2.0/glib/gprintf.h
+#usr/include/glib-2.0/glib/gqsort.h
+#usr/include/glib-2.0/glib/gquark.h
+#usr/include/glib-2.0/glib/gqueue.h
+#usr/include/glib-2.0/glib/grand.h
+#usr/include/glib-2.0/glib/grel.h
+#usr/include/glib-2.0/glib/gscanner.h
+#usr/include/glib-2.0/glib/gshell.h
+#usr/include/glib-2.0/glib/gslice.h
+#usr/include/glib-2.0/glib/gslist.h
+#usr/include/glib-2.0/glib/gspawn.h
+#usr/include/glib-2.0/glib/gstdio.h
+#usr/include/glib-2.0/glib/gstrfuncs.h
+#usr/include/glib-2.0/glib/gstring.h
+#usr/include/glib-2.0/glib/gthread.h
+#usr/include/glib-2.0/glib/gthreadpool.h
+#usr/include/glib-2.0/glib/gtimer.h
+#usr/include/glib-2.0/glib/gtree.h
+#usr/include/glib-2.0/glib/gtypes.h
+#usr/include/glib-2.0/glib/gunicode.h
+#usr/include/glib-2.0/glib/gutils.h
+#usr/include/glib-2.0/glib/gwin32.h
+#usr/include/glib-2.0/gmodule.h
+#usr/include/glib-2.0/gobject
+#usr/include/glib-2.0/gobject/gboxed.h
+#usr/include/glib-2.0/gobject/gclosure.h
+#usr/include/glib-2.0/gobject/genums.h
+#usr/include/glib-2.0/gobject/gmarshal.h
+#usr/include/glib-2.0/gobject/gobject.h
+#usr/include/glib-2.0/gobject/gobjectnotifyqueue.c
+#usr/include/glib-2.0/gobject/gparam.h
+#usr/include/glib-2.0/gobject/gparamspecs.h
+#usr/include/glib-2.0/gobject/gsignal.h
+#usr/include/glib-2.0/gobject/gsourceclosure.h
+#usr/include/glib-2.0/gobject/gtype.h
+#usr/include/glib-2.0/gobject/gtypemodule.h
+#usr/include/glib-2.0/gobject/gtypeplugin.h
+#usr/include/glib-2.0/gobject/gvalue.h
+#usr/include/glib-2.0/gobject/gvaluearray.h
+#usr/include/glib-2.0/gobject/gvaluecollector.h
+#usr/include/glib-2.0/gobject/gvaluetypes.h
+#usr/lib/glib-2.0
+#usr/lib/glib-2.0/include
+#usr/lib/glib-2.0/include/glibconfig.h
+#usr/lib/libglib-2.0.la
+usr/lib/libglib-2.0.so
+usr/lib/libglib-2.0.so.0
+usr/lib/libglib-2.0.so.0.902.4
+#usr/lib/libgmodule-2.0.la
+usr/lib/libgmodule-2.0.so
+usr/lib/libgmodule-2.0.so.0
+usr/lib/libgmodule-2.0.so.0.902.4
+#usr/lib/libgobject-2.0.la
+usr/lib/libgobject-2.0.so
+usr/lib/libgobject-2.0.so.0
+usr/lib/libgobject-2.0.so.0.902.4
+#usr/lib/libgthread-2.0.la
+usr/lib/libgthread-2.0.so
+usr/lib/libgthread-2.0.so.0
+usr/lib/libgthread-2.0.so.0.902.4
+#usr/lib/pkgconfig/glib-2.0.pc
+#usr/lib/pkgconfig/gmodule-2.0.pc
+#usr/lib/pkgconfig/gmodule-export-2.0.pc
+#usr/lib/pkgconfig/gmodule-no-export-2.0.pc
+#usr/lib/pkgconfig/gobject-2.0.pc
+#usr/lib/pkgconfig/gthread-2.0.pc
+#usr/man/man1/glib-genmarshal.1
+#usr/man/man1/glib-gettextize.1
+#usr/man/man1/glib-mkenums.1
+#usr/man/man1/gobject-query.1
+#usr/share/aclocal/glib-2.0.m4
+#usr/share/aclocal/glib-gettext.m4
+#usr/share/glib-2.0
+#usr/share/glib-2.0/gettext
+#usr/share/glib-2.0/gettext/mkinstalldirs
+#usr/share/glib-2.0/gettext/po
+#usr/share/glib-2.0/gettext/po/Makefile.in.in
+#usr/share/gtk-doc/html/glib
+#usr/share/gtk-doc/html/glib/file-name-encodings.png
+#usr/share/gtk-doc/html/glib/glib-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Asynchronous-Queues.html
+#usr/share/gtk-doc/html/glib/glib-Atomic-Operations.html
+#usr/share/gtk-doc/html/glib/glib-Automatic-String-Completion.html
+#usr/share/gtk-doc/html/glib/glib-Balanced-Binary-Trees.html
+#usr/share/gtk-doc/html/glib/glib-Basic-Types.html
+#usr/share/gtk-doc/html/glib/glib-Byte-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Byte-Order-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Caches.html
+#usr/share/gtk-doc/html/glib/glib-Character-Set-Conversion.html
+#usr/share/gtk-doc/html/glib/glib-Commandline-option-parser.html
+#usr/share/gtk-doc/html/glib/glib-Datasets.html
+#usr/share/gtk-doc/html/glib/glib-Date-and-Time-Functions.html
+#usr/share/gtk-doc/html/glib/glib-Double-ended-Queues.html
+#usr/share/gtk-doc/html/glib/glib-Doubly-Linked-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Dynamic-Loading-of-Modules.html
+#usr/share/gtk-doc/html/glib/glib-Error-Reporting.html
+#usr/share/gtk-doc/html/glib/glib-File-Utilities.html
+#usr/share/gtk-doc/html/glib/glib-Glob-style-pattern-matching.html
+#usr/share/gtk-doc/html/glib/glib-Hash-Tables.html
+#usr/share/gtk-doc/html/glib/glib-Hook-Functions.html
+#usr/share/gtk-doc/html/glib/glib-I18N.html
+#usr/share/gtk-doc/html/glib/glib-IO-Channels.html
+#usr/share/gtk-doc/html/glib/glib-Key-value-file-parser.html
+#usr/share/gtk-doc/html/glib/glib-Keyed-Data-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Lexical-Scanner.html
+#usr/share/gtk-doc/html/glib/glib-Limits-of-Basic-Types.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Allocation.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Allocators.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Chunks.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Slices.html
+#usr/share/gtk-doc/html/glib/glib-Message-Logging.html
+#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Utility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-N-ary-Trees.html
+#usr/share/gtk-doc/html/glib/glib-Numerical-Definitions.html
+#usr/share/gtk-doc/html/glib/glib-Pointer-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Quarks.html
+#usr/share/gtk-doc/html/glib/glib-Random-Numbers.html
+#usr/share/gtk-doc/html/glib/glib-Relations-and-Tuples.html
+#usr/share/gtk-doc/html/glib/glib-Shell-related-Utilities.html
+#usr/share/gtk-doc/html/glib/glib-Simple-XML-Subset-Parser.html
+#usr/share/gtk-doc/html/glib/glib-Singly-Linked-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Spawning-Processes.html
+#usr/share/gtk-doc/html/glib/glib-Standard-Macros.html
+#usr/share/gtk-doc/html/glib/glib-String-Chunks.html
+#usr/share/gtk-doc/html/glib/glib-String-Utility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-Strings.html
+#usr/share/gtk-doc/html/glib/glib-The-Main-Event-Loop.html
+#usr/share/gtk-doc/html/glib/glib-Thread-Pools.html
+#usr/share/gtk-doc/html/glib/glib-Threads.html
+#usr/share/gtk-doc/html/glib/glib-Timers.html
+#usr/share/gtk-doc/html/glib/glib-Trash-Stacks.html
+#usr/share/gtk-doc/html/glib/glib-Type-Conversion-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Unicode-Manipulation.html
+#usr/share/gtk-doc/html/glib/glib-Version-Information.html
+#usr/share/gtk-doc/html/glib/glib-Warnings-and-Assertions.html
+#usr/share/gtk-doc/html/glib/glib-Windows-Compatibility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-building.html
+#usr/share/gtk-doc/html/glib/glib-changes.html
+#usr/share/gtk-doc/html/glib/glib-compiling.html
+#usr/share/gtk-doc/html/glib/glib-core.html
+#usr/share/gtk-doc/html/glib/glib-cross-compiling.html
+#usr/share/gtk-doc/html/glib/glib-data-types.html
+#usr/share/gtk-doc/html/glib/glib-fundamentals.html
+#usr/share/gtk-doc/html/glib/glib-gettextize.html
+#usr/share/gtk-doc/html/glib/glib-resources.html
+#usr/share/gtk-doc/html/glib/glib-running.html
+#usr/share/gtk-doc/html/glib/glib-utilities.html
+#usr/share/gtk-doc/html/glib/glib.devhelp
+#usr/share/gtk-doc/html/glib/glib.devhelp2
+#usr/share/gtk-doc/html/glib/glib.html
+#usr/share/gtk-doc/html/glib/home.png
+#usr/share/gtk-doc/html/glib/index.html
+#usr/share/gtk-doc/html/glib/index.sgml
+#usr/share/gtk-doc/html/glib/ix01.html
+#usr/share/gtk-doc/html/glib/ix02.html
+#usr/share/gtk-doc/html/glib/ix03.html
+#usr/share/gtk-doc/html/glib/ix04.html
+#usr/share/gtk-doc/html/glib/ix05.html
+#usr/share/gtk-doc/html/glib/ix06.html
+#usr/share/gtk-doc/html/glib/ix07.html
+#usr/share/gtk-doc/html/glib/left.png
+#usr/share/gtk-doc/html/glib/mainloop-states.gif
+#usr/share/gtk-doc/html/glib/right.png
+#usr/share/gtk-doc/html/glib/style.css
+#usr/share/gtk-doc/html/glib/tools.html
+#usr/share/gtk-doc/html/glib/up.png
+#usr/share/gtk-doc/html/gobject
+#usr/share/gtk-doc/html/gobject/GTypeModule.html
+#usr/share/gtk-doc/html/gobject/GTypePlugin.html
+#usr/share/gtk-doc/html/gobject/ch01.html
+#usr/share/gtk-doc/html/gobject/ch01s02.html
+#usr/share/gtk-doc/html/gobject/ch02.html
+#usr/share/gtk-doc/html/gobject/ch06s03.html
+#usr/share/gtk-doc/html/gobject/ch07s02.html
+#usr/share/gtk-doc/html/gobject/ch07s03.html
+#usr/share/gtk-doc/html/gobject/chapter-gobject.html
+#usr/share/gtk-doc/html/gobject/chapter-signal.html
+#usr/share/gtk-doc/html/gobject/glib-genmarshal.html
+#usr/share/gtk-doc/html/gobject/glib-mkenums.html
+#usr/share/gtk-doc/html/gobject/glue.png
+#usr/share/gtk-doc/html/gobject/gobject-Boxed-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-Closures.html
+#usr/share/gtk-doc/html/gobject/gobject-Enumeration-and-Flag-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-GParamSpec.html
+#usr/share/gtk-doc/html/gobject/gobject-Generic-values.html
+#usr/share/gtk-doc/html/gobject/gobject-Signals.html
+#usr/share/gtk-doc/html/gobject/gobject-Standard-Parameter-and-Value-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-The-Base-Object-Type.html
+#usr/share/gtk-doc/html/gobject/gobject-Type-Information.html
+#usr/share/gtk-doc/html/gobject/gobject-Value-arrays.html
+#usr/share/gtk-doc/html/gobject/gobject-Varargs-Value-Collection.html
+#usr/share/gtk-doc/html/gobject/gobject-memory.html
+#usr/share/gtk-doc/html/gobject/gobject-properties.html
+#usr/share/gtk-doc/html/gobject/gobject-query.html
+#usr/share/gtk-doc/html/gobject/gobject.devhelp
+#usr/share/gtk-doc/html/gobject/gobject.devhelp2
+#usr/share/gtk-doc/html/gobject/gtype-conventions.html
+#usr/share/gtk-doc/html/gobject/gtype-instantiable-classed.html
+#usr/share/gtk-doc/html/gobject/gtype-non-instantiable-classed.html
+#usr/share/gtk-doc/html/gobject/gtype-non-instantiable.html
+#usr/share/gtk-doc/html/gobject/home.png
+#usr/share/gtk-doc/html/gobject/howto-gobject-chainup.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-code.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-construction.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-destruction.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-methods.html
+#usr/share/gtk-doc/html/gobject/howto-gobject.html
+#usr/share/gtk-doc/html/gobject/howto-interface-implement.html
+#usr/share/gtk-doc/html/gobject/howto-interface-properties.html
+#usr/share/gtk-doc/html/gobject/howto-interface.html
+#usr/share/gtk-doc/html/gobject/howto-signals.html
+#usr/share/gtk-doc/html/gobject/index.html
+#usr/share/gtk-doc/html/gobject/index.sgml
+#usr/share/gtk-doc/html/gobject/ix01.html
+#usr/share/gtk-doc/html/gobject/ix02.html
+#usr/share/gtk-doc/html/gobject/ix03.html
+#usr/share/gtk-doc/html/gobject/ix04.html
+#usr/share/gtk-doc/html/gobject/ix05.html
+#usr/share/gtk-doc/html/gobject/ix06.html
+#usr/share/gtk-doc/html/gobject/ix07.html
+#usr/share/gtk-doc/html/gobject/left.png
+#usr/share/gtk-doc/html/gobject/pr01.html
+#usr/share/gtk-doc/html/gobject/pt01.html
+#usr/share/gtk-doc/html/gobject/pt02.html
+#usr/share/gtk-doc/html/gobject/pt03.html
+#usr/share/gtk-doc/html/gobject/right.png
+#usr/share/gtk-doc/html/gobject/rn01.html
+#usr/share/gtk-doc/html/gobject/rn02.html
+#usr/share/gtk-doc/html/gobject/signal.html
+#usr/share/gtk-doc/html/gobject/style.css
+#usr/share/gtk-doc/html/gobject/tools-ginspector.html
+#usr/share/gtk-doc/html/gobject/tools-gob.html
+#usr/share/gtk-doc/html/gobject/tools-gtkdoc.html
+#usr/share/gtk-doc/html/gobject/tools-refdb.html
+#usr/share/gtk-doc/html/gobject/up.png
+#usr/share/locale/am
+#usr/share/locale/am/LC_MESSAGES
+#usr/share/locale/am/LC_MESSAGES/glib20.mo
+#usr/share/locale/ar
+#usr/share/locale/ar/LC_MESSAGES
+#usr/share/locale/ar/LC_MESSAGES/glib20.mo
+#usr/share/locale/az
+#usr/share/locale/az/LC_MESSAGES
+#usr/share/locale/az/LC_MESSAGES/glib20.mo
+#usr/share/locale/be/LC_MESSAGES/glib20.mo
+#usr/share/locale/bg
+#usr/share/locale/bg/LC_MESSAGES
+#usr/share/locale/bg/LC_MESSAGES/glib20.mo
+#usr/share/locale/bn
+#usr/share/locale/bn/LC_MESSAGES
+#usr/share/locale/bn/LC_MESSAGES/glib20.mo
+#usr/share/locale/bs
+#usr/share/locale/bs/LC_MESSAGES
+#usr/share/locale/bs/LC_MESSAGES/glib20.mo
+#usr/share/locale/ca/LC_MESSAGES/glib20.mo
+#usr/share/locale/cs/LC_MESSAGES/glib20.mo
+#usr/share/locale/cy
+#usr/share/locale/cy/LC_MESSAGES
+#usr/share/locale/cy/LC_MESSAGES/glib20.mo
+#usr/share/locale/da/LC_MESSAGES/glib20.mo
+#usr/share/locale/de/LC_MESSAGES/glib20.mo
+#usr/share/locale/el/LC_MESSAGES/glib20.mo
+#usr/share/locale/en_CA
+#usr/share/locale/en_CA/LC_MESSAGES
+#usr/share/locale/en_CA/LC_MESSAGES/glib20.mo
+#usr/share/locale/en_GB/LC_MESSAGES/glib20.mo
+#usr/share/locale/eo
+#usr/share/locale/eo/LC_MESSAGES
+#usr/share/locale/eo/LC_MESSAGES/glib20.mo
+#usr/share/locale/es/LC_MESSAGES/glib20.mo
+#usr/share/locale/et/LC_MESSAGES/glib20.mo
+#usr/share/locale/eu
+#usr/share/locale/eu/LC_MESSAGES
+#usr/share/locale/eu/LC_MESSAGES/glib20.mo
+#usr/share/locale/fa
+#usr/share/locale/fa/LC_MESSAGES
+#usr/share/locale/fa/LC_MESSAGES/glib20.mo
+#usr/share/locale/fi/LC_MESSAGES/glib20.mo
+#usr/share/locale/fr/LC_MESSAGES/glib20.mo
+#usr/share/locale/ga
+#usr/share/locale/ga/LC_MESSAGES
+#usr/share/locale/ga/LC_MESSAGES/glib20.mo
+#usr/share/locale/gl/LC_MESSAGES/glib20.mo
+#usr/share/locale/gu
+#usr/share/locale/gu/LC_MESSAGES
+#usr/share/locale/gu/LC_MESSAGES/glib20.mo
+#usr/share/locale/he
+#usr/share/locale/he/LC_MESSAGES
+#usr/share/locale/he/LC_MESSAGES/glib20.mo
+#usr/share/locale/hi
+#usr/share/locale/hi/LC_MESSAGES
+#usr/share/locale/hi/LC_MESSAGES/glib20.mo
+#usr/share/locale/hr/LC_MESSAGES/glib20.mo
+#usr/share/locale/hu/LC_MESSAGES/glib20.mo
+#usr/share/locale/id
+#usr/share/locale/id/LC_MESSAGES
+#usr/share/locale/id/LC_MESSAGES/glib20.mo
+#usr/share/locale/is
+#usr/share/locale/is/LC_MESSAGES
+#usr/share/locale/is/LC_MESSAGES/glib20.mo
+#usr/share/locale/it/LC_MESSAGES/glib20.mo
+#usr/share/locale/ja/LC_MESSAGES/glib20.mo
+#usr/share/locale/ko/LC_MESSAGES/glib20.mo
+#usr/share/locale/ku
+#usr/share/locale/ku/LC_MESSAGES
+#usr/share/locale/ku/LC_MESSAGES/glib20.mo
+#usr/share/locale/lt
+#usr/share/locale/lt/LC_MESSAGES
+#usr/share/locale/lt/LC_MESSAGES/glib20.mo
+#usr/share/locale/lv
+#usr/share/locale/lv/LC_MESSAGES
+#usr/share/locale/lv/LC_MESSAGES/glib20.mo
+#usr/share/locale/mk
+#usr/share/locale/mk/LC_MESSAGES
+#usr/share/locale/mk/LC_MESSAGES/glib20.mo
+#usr/share/locale/ml
+#usr/share/locale/ml/LC_MESSAGES
+#usr/share/locale/ml/LC_MESSAGES/glib20.mo
+#usr/share/locale/mn
+#usr/share/locale/mn/LC_MESSAGES
+#usr/share/locale/mn/LC_MESSAGES/glib20.mo
+#usr/share/locale/ms
+#usr/share/locale/ms/LC_MESSAGES
+#usr/share/locale/ms/LC_MESSAGES/glib20.mo
+#usr/share/locale/nb/LC_MESSAGES/glib20.mo
+#usr/share/locale/ne
+#usr/share/locale/ne/LC_MESSAGES
+#usr/share/locale/ne/LC_MESSAGES/glib20.mo
+#usr/share/locale/nl/LC_MESSAGES/glib20.mo
+#usr/share/locale/nn
+#usr/share/locale/nn/LC_MESSAGES
+#usr/share/locale/nn/LC_MESSAGES/glib20.mo
+#usr/share/locale/no
+#usr/share/locale/no/LC_MESSAGES
+#usr/share/locale/no/LC_MESSAGES/glib20.mo
+#usr/share/locale/or
+#usr/share/locale/or/LC_MESSAGES
+#usr/share/locale/or/LC_MESSAGES/glib20.mo
+#usr/share/locale/pa
+#usr/share/locale/pa/LC_MESSAGES
+#usr/share/locale/pa/LC_MESSAGES/glib20.mo
+#usr/share/locale/pl/LC_MESSAGES/glib20.mo
+#usr/share/locale/pt
+#usr/share/locale/pt/LC_MESSAGES
+#usr/share/locale/pt/LC_MESSAGES/glib20.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/glib20.mo
+#usr/share/locale/ro/LC_MESSAGES/glib20.mo
+#usr/share/locale/ru/LC_MESSAGES/glib20.mo
+#usr/share/locale/rw
+#usr/share/locale/rw/LC_MESSAGES
+#usr/share/locale/rw/LC_MESSAGES/glib20.mo
+#usr/share/locale/sk/LC_MESSAGES/glib20.mo
+#usr/share/locale/sl/LC_MESSAGES/glib20.mo
+#usr/share/locale/sq
+#usr/share/locale/sq/LC_MESSAGES
+#usr/share/locale/sq/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr
+#usr/share/locale/sr/LC_MESSAGES
+#usr/share/locale/sr/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr@Latn
+#usr/share/locale/sr@Latn/LC_MESSAGES
+#usr/share/locale/sr@Latn/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr@ije
+#usr/share/locale/sr@ije/LC_MESSAGES
+#usr/share/locale/sr@ije/LC_MESSAGES/glib20.mo
+#usr/share/locale/sv/LC_MESSAGES/glib20.mo
+#usr/share/locale/ta
+#usr/share/locale/ta/LC_MESSAGES
+#usr/share/locale/ta/LC_MESSAGES/glib20.mo
+#usr/share/locale/te
+#usr/share/locale/te/LC_MESSAGES
+#usr/share/locale/te/LC_MESSAGES/glib20.mo
+#usr/share/locale/th
+#usr/share/locale/th/LC_MESSAGES
+#usr/share/locale/th/LC_MESSAGES/glib20.mo
+#usr/share/locale/tl
+#usr/share/locale/tl/LC_MESSAGES
+#usr/share/locale/tl/LC_MESSAGES/glib20.mo
+#usr/share/locale/tr/LC_MESSAGES/glib20.mo
+#usr/share/locale/tt
+#usr/share/locale/tt/LC_MESSAGES
+#usr/share/locale/tt/LC_MESSAGES/glib20.mo
+#usr/share/locale/uk/LC_MESSAGES/glib20.mo
+#usr/share/locale/vi
+#usr/share/locale/vi/LC_MESSAGES
+#usr/share/locale/vi/LC_MESSAGES/glib20.mo
+#usr/share/locale/wa
+#usr/share/locale/wa/LC_MESSAGES
+#usr/share/locale/wa/LC_MESSAGES/glib20.mo
+#usr/share/locale/xh
+#usr/share/locale/xh/LC_MESSAGES
+#usr/share/locale/xh/LC_MESSAGES/glib20.mo
+#usr/share/locale/yi
+#usr/share/locale/yi/LC_MESSAGES
+#usr/share/locale/yi/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_HK
+#usr/share/locale/zh_HK/LC_MESSAGES
+#usr/share/locale/zh_HK/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_TW/LC_MESSAGES/glib20.mo
--- a/config/rootfiles/common/kudzu
+++ b/config/rootfiles/common/kudzu
@@ -0,0 +1,125 @@
+#etc/rc.d/init.d
+#etc/rc.d/init.d/kudzu
+#etc/sysconfig
+#etc/sysconfig/kudzu
+sbin/kudzu
+#usr/include/kudzu
+#usr/include/kudzu/adb.h
+#usr/include/kudzu/alias.h
+#usr/include/kudzu/ddc.h
+#usr/include/kudzu/device.h
+#usr/include/kudzu/firewire.h
+#usr/include/kudzu/ide.h
+#usr/include/kudzu/isapnp.h
+#usr/include/kudzu/keyboard.h
+#usr/include/kudzu/kudzu.h
+#usr/include/kudzu/macio.h
+#usr/include/kudzu/misc.h
+#usr/include/kudzu/modules.h
+#usr/include/kudzu/parallel.h
+#usr/include/kudzu/pci.h
+#usr/include/kudzu/pcmcia.h
+#usr/include/kudzu/psaux.h
+#usr/include/kudzu/sbus.h
+#usr/include/kudzu/scsi.h
+#usr/include/kudzu/serial.h
+#usr/include/kudzu/usb.h
+usr/lib/libkudzu.a
+usr/lib/libkudzu_loader.a
+#usr/lib/python2.4/site-packages/_kudzumodule.so
+#usr/lib/python2.4/site-packages/drv_libxml2.pyc
+#usr/lib/python2.4/site-packages/kudzu.py
+#usr/lib/python2.4/site-packages/kudzu.pyc
+#usr/lib/python2.4/site-packages/libxml2.pyc
+#usr/lib/python2.4/site-packages/snack.pyc
+usr/sbin/kudzu
+#usr/share/locale/ar/LC_MESSAGES/kudzu.mo
+#usr/share/locale/as
+#usr/share/locale/as/LC_MESSAGES
+#usr/share/locale/as/LC_MESSAGES/kudzu.mo
+#usr/share/locale/be/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bg/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bn_IN
+#usr/share/locale/bn_IN/LC_MESSAGES
+#usr/share/locale/bn_IN/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bs/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ca/LC_MESSAGES/kudzu.mo
+#usr/share/locale/cs/LC_MESSAGES/kudzu.mo
+#usr/share/locale/cy/LC_MESSAGES/kudzu.mo
+#usr/share/locale/da/LC_MESSAGES/kudzu.mo
+#usr/share/locale/de/LC_MESSAGES/kudzu.mo
+#usr/share/locale/el/LC_MESSAGES/kudzu.mo
+#usr/share/locale/en_GB/LC_MESSAGES/kudzu.mo
+#usr/share/locale/es/LC_MESSAGES/kudzu.mo
+#usr/share/locale/et/LC_MESSAGES/kudzu.mo
+#usr/share/locale/eu_ES
+#usr/share/locale/eu_ES/LC_MESSAGES
+#usr/share/locale/eu_ES/LC_MESSAGES/kudzu.mo
+#usr/share/locale/fi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/fr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/gl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/gu/LC_MESSAGES/kudzu.mo
+#usr/share/locale/he/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hu/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hy
+#usr/share/locale/hy/LC_MESSAGES
+#usr/share/locale/hy/LC_MESSAGES/kudzu.mo
+#usr/share/locale/id/LC_MESSAGES/kudzu.mo
+#usr/share/locale/is/LC_MESSAGES/kudzu.mo
+#usr/share/locale/it/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ja/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ka/LC_MESSAGES/kudzu.mo
+#usr/share/locale/kn
+#usr/share/locale/kn/LC_MESSAGES
+#usr/share/locale/kn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ko/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ku/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lo
+#usr/share/locale/lo/LC_MESSAGES
+#usr/share/locale/lo/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lt/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lv/LC_MESSAGES/kudzu.mo
+#usr/share/locale/mk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ml/LC_MESSAGES/kudzu.mo
+#usr/share/locale/mr
+#usr/share/locale/mr/LC_MESSAGES
+#usr/share/locale/mr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ms/LC_MESSAGES/kudzu.mo
+#usr/share/locale/my
+#usr/share/locale/my/LC_MESSAGES
+#usr/share/locale/my/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nb/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/no/LC_MESSAGES/kudzu.mo
+#usr/share/locale/or/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pa/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pt/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ro/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ru/LC_MESSAGES/kudzu.mo
+#usr/share/locale/si
+#usr/share/locale/si/LC_MESSAGES
+#usr/share/locale/si/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sq/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sr@Latn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sv/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ta/LC_MESSAGES/kudzu.mo
+#usr/share/locale/te/LC_MESSAGES/kudzu.mo
+#usr/share/locale/tr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/uk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ur
+#usr/share/locale/ur/LC_MESSAGES
+#usr/share/locale/ur/LC_MESSAGES/kudzu.mo
+#usr/share/locale/vi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/wa/LC_MESSAGES/kudzu.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/kudzu.mo
+#usr/share/locale/zh_TW/LC_MESSAGES/kudzu.mo
+#usr/share/man/man8/kudzu.8
--- a/config/rootfiles/common/mc
+++ b/config/rootfiles/common/mc
@@ -0,0 +1,102 @@
+usr/bin/mc
+usr/bin/mcedit
+usr/bin/mcmfmt
+usr/bin/mcview
+#usr/lib/mc
+usr/lib/mc/cons.saver
+#usr/man/man1/mc.1
+#usr/man/man1/mcedit.1
+#usr/man/man1/mcview.1
+#usr/share/mc
+#usr/share/mc/bin
+usr/share/mc/bin/mc-wrapper.csh
+usr/share/mc/bin/mc-wrapper.sh
+usr/share/mc/bin/mc.csh
+usr/share/mc/bin/mc.sh
+usr/share/mc/cedit.menu
+usr/share/mc/edit.indent.rc
+usr/share/mc/edit.spell.rc
+#usr/share/mc/extfs
+usr/share/mc/extfs/README
+usr/share/mc/extfs/a
+usr/share/mc/extfs/apt
+usr/share/mc/extfs/audio
+usr/share/mc/extfs/bpp
+usr/share/mc/extfs/deb
+usr/share/mc/extfs/deba
+usr/share/mc/extfs/debd
+usr/share/mc/extfs/dpkg
+usr/share/mc/extfs/extfs.ini
+usr/share/mc/extfs/hp48
+usr/share/mc/extfs/lslR
+usr/share/mc/extfs/mailfs
+usr/share/mc/extfs/patchfs
+usr/share/mc/extfs/rpm
+usr/share/mc/extfs/rpms
+usr/share/mc/extfs/sfs.ini
+usr/share/mc/extfs/trpm
+usr/share/mc/extfs/uar
+usr/share/mc/extfs/uarj
+usr/share/mc/extfs/uha
+usr/share/mc/extfs/ulha
+usr/share/mc/extfs/urar
+usr/share/mc/extfs/uzip
+usr/share/mc/extfs/uzoo
+usr/share/mc/mc.ext
+usr/share/mc/mc.hint
+#usr/share/mc/mc.hint.cs
+#usr/share/mc/mc.hint.es
+#usr/share/mc/mc.hint.hu
+#usr/share/mc/mc.hint.it
+#usr/share/mc/mc.hint.nl
+#usr/share/mc/mc.hint.pl
+#usr/share/mc/mc.hint.ru
+#usr/share/mc/mc.hint.uk
+#usr/share/mc/mc.hint.zh
+usr/share/mc/mc.hlp
+usr/share/mc/mc.lib
+usr/share/mc/mc.menu
+#usr/share/mc/syntax
+usr/share/mc/syntax/Syntax
+usr/share/mc/syntax/ada95.syntax
+usr/share/mc/syntax/c.syntax
+usr/share/mc/syntax/changelog.syntax
+usr/share/mc/syntax/diff.syntax
+usr/share/mc/syntax/dos.syntax
+usr/share/mc/syntax/fortran.syntax
+usr/share/mc/syntax/html.syntax
+usr/share/mc/syntax/java.syntax
+usr/share/mc/syntax/js.syntax
+usr/share/mc/syntax/latex.syntax
+usr/share/mc/syntax/lisp.syntax
+usr/share/mc/syntax/lsm.syntax
+usr/share/mc/syntax/m4.syntax
+usr/share/mc/syntax/mail.syntax
+usr/share/mc/syntax/makefile.syntax
+usr/share/mc/syntax/ml.syntax
+usr/share/mc/syntax/nroff.syntax
+usr/share/mc/syntax/octave.syntax
+usr/share/mc/syntax/pascal.syntax
+usr/share/mc/syntax/perl.syntax
+usr/share/mc/syntax/php.syntax
+usr/share/mc/syntax/po.syntax
+usr/share/mc/syntax/python.syntax
+usr/share/mc/syntax/sh.syntax
+usr/share/mc/syntax/slang.syntax
+usr/share/mc/syntax/smalltalk.syntax
+usr/share/mc/syntax/spec.syntax
+usr/share/mc/syntax/sql.syntax
+usr/share/mc/syntax/swig.syntax
+usr/share/mc/syntax/syntax.syntax
+usr/share/mc/syntax/tcl.syntax
+usr/share/mc/syntax/texinfo.syntax
+usr/share/mc/syntax/unknown.syntax
+usr/share/mc/syntax/xml.syntax
+#usr/share/mc/term
+usr/share/mc/term/README.xterm
+usr/share/mc/term/ansi.ti
+usr/share/mc/term/linux.ti
+usr/share/mc/term/vt100.ti
+usr/share/mc/term/xterm.ad
+usr/share/mc/term/xterm.tcap
+usr/share/mc/term/xterm.ti
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -0,0 +1,29 @@
+usr/local/bin/getipstat
+#usr/local/bin/installfcdsl
+#usr/local/bin/installpackage
+#usr/local/bin/iowrap
+usr/local/bin/ipfirebackup
+usr/local/bin/ipfirebkcfg
+usr/local/bin/ipfirereboot
+usr/local/bin/ipfirerscfg
+usr/local/bin/ipsecctrl
+usr/local/bin/launch-ether-wake
+usr/local/bin/logwatch
+usr/local/bin/openvpnctrl
+usr/local/bin/qosctrl
+usr/local/bin/rebuildhosts
+usr/local/bin/restartapplejuice
+usr/local/bin/restartdhcp
+usr/local/bin/restartntpd
+usr/local/bin/restartsnort
+usr/local/bin/restartsquid
+usr/local/bin/restartssh
+usr/local/bin/restartsyslogd
+usr/local/bin/restartwireless
+usr/local/bin/setaliases
+usr/local/bin/setdate
+usr/local/bin/setdmzholes
+usr/local/bin/setfilters
+usr/local/bin/setportfw
+usr/local/bin/setxtaccess
+usr/local/bin/timecheckctrl
--- a/config/rootfiles/common/perl
+++ b/config/rootfiles/common/perl
@@ -512,7 +512,7 @@ usr/lib/perl5/5.8.8/i586-linux/ByteLoader.pm
 #usr/lib/perl5/5.8.8/i586-linux/CORE/warnings.h
 usr/lib/perl5/5.8.8/i586-linux/Config.pm
 #usr/lib/perl5/5.8.8/i586-linux/Config.pod
-#usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl
+usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl
 usr/lib/perl5/5.8.8/i586-linux/Cwd.pm
 usr/lib/perl5/5.8.8/i586-linux/DB_File.pm
 #usr/lib/perl5/5.8.8/i586-linux/Data
@@ -606,7 +606,7 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Cwd/Cwd.so
 #usr/lib/perl5/5.8.8/i586-linux/auto/DB_File
 #usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.bs
 usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.so
-#usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix
+usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix
 #usr/lib/perl5/5.8.8/i586-linux/auto/Data
 #usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper
 #usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper/Dumper.bs
@@ -626,12 +626,12 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper/Dumper.so
 #usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.bs
 usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.so
 #usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld
 #usr/lib/perl5/5.8.8/i586-linux/auto/Encode
 #usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte
 #usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte/Byte.bs
@@ -665,7 +665,7 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Fcntl/Fcntl.so
 #usr/lib/perl5/5.8.8/i586-linux/auto/File
 #usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob
 usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.bs
-#usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so
+usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so
 #usr/lib/perl5/5.8.8/i586-linux/auto/Filter
 #usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util
 #usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util/Call
--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -167,6 +167,7 @@
 * openssh-4.3p2
 * openssl-0.9.8d
 * openswan-2.4.6
+* openswan-2.4.7
 * openvpn-2.0.9
 * pam_mysql-0.7RC1
 * patch-2.5.4
--- a/lfs/kudzu
+++ b/lfs/kudzu
@@ -83,9 +83,8 @@ ifeq "$(LFS_PASS)" "install"
 	cd $(DIR_APP) && install -m 0755 kudzu /install/initrd/bin/kudzu
 	cd $(DIR_APP) && install -m 0644 libkudzu.a /install/initrd/lib
 	cd $(DIR_APP) && install -m 0644 libkudzu_loader.a /install/initrd/lib
-#	-mkdir -p /install/include/kudzu
-#	cd $(DIR_APP) && install -m 0644 *.h /install/include/kudzu
 else
+	rm -rf /usr/sbin/kudzu
 	cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make
 	cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install
 	cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install-program
--- a/lfs/linux
+++ b/lfs/linux
@@ -36,25 +36,22 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =

-# Normal build or /tools build.
+# Normal build or SMP build.
 #
-ifeq "$(PASS)" ""
-  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
-endif
-ifeq "$(PASS)" "S"
-  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
-endif
-ifeq "$(PASS)" "I"
-  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
+ifeq "$(SMP)" "1"
+	TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
+else
+	TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
 endif

 ###############################################################################
 # Top-level Rules
 ###############################################################################
 objects =$(DL_FILE) \
-	openswan-2.4.6.kernel-2.6-natt.patch.gz \
+	openswan-2.4.7.kernel-2.6-natt.patch.gz \
+	openswan-2.4.7.kernel-2.6-klips.patch.gz \
 	iptables-1.3.5.tar.bz2 \
-	patch-o-matic-ng-20060206.tar.bz2 \
+	patch-o-matic-ng-20061210.tar.bz2 \
 	kbc_option_2420.patch \
 	net4801.kernel.patch_2.4.31 \
 	netfilter-layer7-v2.6.tar.gz \
@@ -62,8 +59,9 @@ objects =$(DL_FILE) \

 $(DL_FILE)					= $(DL_FROM)/$(DL_FILE)
 patch-$(PATCHLEVEL).gz			= $(DL_FROM)/patch-$(PATCHLEVEL).gz
-openswan-2.4.6.kernel-2.6-natt.patch.gz	= $(URL_IPFIRE)/openswan-2.4.6.kernel-2.6-natt.patch.gz
-patch-o-matic-ng-20060206.tar.bz2    	= $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
+openswan-2.4.7.kernel-2.6-natt.patch.gz	= $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-natt.patch.gz
+openswan-2.4.7.kernel-2.6-klips.patch.gz	= $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-klips.patch.gz
+patch-o-matic-ng-20061210.tar.bz2    	= $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
 iptables-1.3.5.tar.bz2			= $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
 kbc_option_2420.patch			= $(URL_IPFIRE)/kbc_option_2420.patch
 net4801.kernel.patch_2.4.31			= $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
@@ -71,8 +69,9 @@ netfilter-layer7-v2.6.tar.gz		= $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz

 $(DL_FILE)_MD5					= 50695965725367f39007023feac5e256
 patch-$(PATCHLEVEL).gz_MD5				= 4b09dd018286850c20c0f051ced7b583
-openswan-2.4.6.kernel-2.6-natt.patch.gz_MD5	= 398110db4372ea3acc45bd66d6d86eac
-patch-o-matic-ng-20060206.tar.bz2_MD5		= eca9893afb753e331caddfe63142b566
+openswan-2.4.7.kernel-2.6-natt.patch.gz_MD5	= 980d8bbdb29a761b7f5aa852f373df62
+openswan-2.4.7.kernel-2.6-klips.patch.gz_MD5	= 5df0ffa2453488a407a23fc4ea4af879
+patch-o-matic-ng-20061210.tar.bz2_MD5		= 76edac76301b45f89e467b41c8cf4393
 iptables-1.3.5.tar.bz2_MD5				= 00fb916fa8040ca992a5ace56d905ea5
 kbc_option_2420.patch_MD5				= 6d37870344f7fcf97ace1fbf43323c60
 net4801.kernel.patch_2.4.31_MD5			= c7d64e3caedb2f2b10e1c11db7f73a04
@@ -106,6 +105,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+	# Update kernel to latest patchlevel
 	cd $(DIR_APP) && zcat $(DIR_DL)/patch-$(PATCHLEVEL).gz | patch -p1
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.16.27-utf8_input-1.patch
 	# Remove patch level in EXTRAVERSION.
@@ -113,86 +114,67 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# (installed in a different place) if only one part could be updated
 	cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
 	cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
+	cd $(DIR_APP) && sed -i -e 's/gettext//' scripts/kconfig/lkc.h

-	# Openswan-2
-	# cd $(DIR_SRC) && zcat $(DIR_DL)/openswan-2.4.6.kernel-2.6-natt.patch.gz | patch -Np0
+	# Openswan 2
+	cd $(DIR_SRC) && rm -rf openswan-*
+	cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.7.tar.gz
+	cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-natt.patch.gz | patch -Np1
+	cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-klips.patch.gz | patch -Np1
+	cd $(DIR_SRC)/openswan-* && sed -i -e 's/INC_USRLOCAL=\/usr\/local/INC_USRLOCAL=\/usr/' Makefile.inc

 	# Patch-o-matic
 	cd $(DIR_SRC) && rm -rf iptables-*
 	cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
 	cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
 	cd $(DIR_SRC) && rm -rf patch-o-matic*
-	cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20060206.tar.bz2
+	cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
+
+	cd $(DIR_SRC)/patch-o-matic-ng* && \
+		./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ --iptables-path=$(ROOT)/usr/src/iptables/ \
+			TARPIT h323-conntrack-nat cuseeme-nat \
+			sip-conntrack-nat 
+			# rtsp-conntrack-nat quake3-conntrack-nat mms-conntrack-nat

 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pending
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ base
-#	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ h323-conntrack-nat
-#	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ cuseeme-nat
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ mms-conntrack-nat
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pptp-conntrack-nat
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ rtsp-conntrack
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ quake3-conntrack-nat
-#	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ sip-conntrack-nat
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ip_queue_vwmark
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipp2p
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-01-output-hooks
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-02-input-hooks
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-03-policy-lookup
 #	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-04-policy-checks
-#	cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ TARPIT
 	
-	#layer7-patch
+	# Layer7-patch
 	cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/for_older_kernels/kernel-2.6.13-2.6.16-layer7-2.2.patch

 	# ip_conntrack permissions from 440 to 444
 	# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch

-ifeq "$(PASS)" ""
+ifeq "$(SMP)" ""
 	# Only do this once on the non-SMP pass
 	cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
 endif

-	# Olitec isdn gazel patch
-#	cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.23-olitec-isdn.patch
-
-	# Fix /proc/stat output
-#	cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/linux-2.4.26-proc-stat.patch
-
-	# Fix libata-core.c
-	# cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.26-scsi.patch
-
-	# frandom patch
-#	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-frandom-2.patch
-
-	# Propolice
-#	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-ssp-1.patch
-
-	# Support ppp-2.4.3 multilink behavior (terminate when no channel is connected)
-	# need updated libpcap older than 0.8.3
-	# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp_generic-ppp-2.4.3_multilink.patch
-
-	# R8169 clone D-link GSE-528T
-#	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.29_r8169clone.patch
-
-	# bootsplash
+	# Bootsplash
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bootsplash-3.1.6-2.6.15.diff

 	# Cleanup kernel source
 	cd $(DIR_APP) && make mrproper
-ifeq "$(PASS)" ""
+
+ifeq "$(SMP)" ""
 	cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE) $(DIR_APP)/.config
 endif
-ifeq "$(PASS)" "S"
+ifeq "$(SMP)" "1"
 	cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).smp $(DIR_APP)/.config
 endif
-ifeq "$(PASS)" "I"
-	cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).installer $(DIR_APP)/.config
-	cd $(DIR_APP) && sed -i -e 's/-O2/-Os/g' Makefile
-endif

 	cd $(DIR_APP) && make CC="$(KGCC)" oldconfig
-	cd $(DIR_APP) && make CC="$(KGCC)" dep
 	cd $(DIR_APP) && make CC="$(KGCC)" clean
 	if [ "$(PASS)" = "" ]; then \
 		cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
@@ -203,6 +185,8 @@ endif
 		ln -sf System.map-$(VER) /boot/System.map; \
 		cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
 		cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
+		cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
+		cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
 	elif [ "$(PASS)" = "S" ]; then \
 		cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =/EXTRAVERSION\ =\ -smp/' Makefile; \
 		cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
@@ -212,42 +196,16 @@ endif
 		ln -sf vmlinuz-$(VER)-smp /boot/vmlinuz-smp; \
 		cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
 		cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
-	elif [ "$(PASS)" = "I" ]; then \
-		cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
-		cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-installer; \
-		cd $(DIR_APP) && cp -v .config /boot/config-$(VER); \
+		cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
+		cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
 	fi
+
 	# remove symlinked pcmcia directory
-ifeq "$(PASS)" ""
+ifeq "$(SMP)" ""
 	rm -rf /lib/modules/$(VER)/pcmcia
-	find /lib/modules/$(VER)/ -name '*.o' -a -type f | xargs gzip -f9
-
-	# Move these SCSI drivers into same directory for probescsi.sh
-	mv -f  /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx/*     /lib/modules/$(VER)/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx
-	mv -f  /lib/modules/$(VER)/kernel/drivers/scsi/aacraid/*     /lib/modules/$(VER)/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aacraid
-	mv -f  /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2
 endif
-ifeq "$(PASS)" "S"
+ifeq "$(SMP)" "1"
 	rm -rf /lib/modules/$(VER)-smp/pcmcia
-	find /lib/modules/$(VER)-smp/ -name '*.o' -a -type f | xargs gzip -f9
-
-	# Move these SCSI drivers into same directory for probescsi.sh
-	mv -f  /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx/*     /lib/modules/$(VER)-smp/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx
-	mv -f  /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid/*     /lib/modules/$(VER)-smp/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid
-	mv -f  /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)-smp/kernel/drivers/scsi
-	rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2
-endif
-
-ifeq "$(PASS)" ""
-	# Only do this once on the non-SMP pass
-	# cd $(DIR_APP) && make mandocs
-	#-mkdir -p /usr/share/man/man9/
-	#cd $(DIR_APP) && cp -af Documentation/man/* /usr/share/man/man9/
 endif
 	@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables*
 	@$(POSTBUILD)
--- a/lfs/openswan
+++ b/lfs/openswan
@@ -26,7 +26,7 @@

 include Config

-VER        = 2.4.6
+VER        = 2.4.7

 THISAPP    = openswan-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = b34d71ca49dedad017879b0e912d40dd
+$(DL_FILE)_MD5 = 70f22e8adc39e07a165f75eccb7cd079

 install : $(TARGET)

--- a/make.sh
+++ b/make.sh
@@ -324,8 +324,7 @@ buildipfire() {
  ipfiremake ppp
  ipfiremake rp-pppoe
  ipfiremake unzip
-#  ipfiremake linux			PASS=I # Can we remove the installer kernel?
-  ipfiremake linux			PASS=S
+  ipfiremake linux			SMP=1
 #  ipfiremake 3cp4218		PASS=SMP
 #  ipfiremake amedyn			PASS=SMP
 #  ipfiremake cxacru			PASS=SMP
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -0,0 +1,295 @@
+#!/bin/sh
+
+eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
+
+if [ -f /var/ipfire/red/device ]; then
+	DEVICE=`/bin/cat /var/ipfire/red/device 2> /dev/null | /usr/bin/tr -d '\012'`
+fi
+
+iptables_init() {
+	# Flush all rules and delete all custom chains
+	/sbin/iptables -F
+	/sbin/iptables -t nat -F
+	/sbin/iptables -t mangle -F
+	/sbin/iptables -X
+	/sbin/iptables -t nat -X
+	/sbin/iptables -t mangle -X
+
+	# Set up policies
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P FORWARD DROP
+	/sbin/iptables -P OUTPUT ACCEPT
+
+	# Empty LOG_DROP and LOG_REJECT chains
+	/sbin/iptables -N LOG_DROP
+	/sbin/iptables -A LOG_DROP   -m limit --limit 10/minute -j LOG
+	/sbin/iptables -A LOG_DROP   -j DROP
+	/sbin/iptables -N LOG_REJECT
+	/sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG
+	/sbin/iptables -A LOG_REJECT -j REJECT
+
+	# This chain will log, then DROPs packets with certain bad combinations
+	# of flags might indicate a port-scan attempt (xmas, null, etc)
+	/sbin/iptables -N PSCAN
+	/sbin/iptables -A PSCAN -p tcp  -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
+	/sbin/iptables -A PSCAN -p udp  -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
+	/sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
+	/sbin/iptables -A PSCAN -f      -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
+	/sbin/iptables -A PSCAN -j DROP
+
+	# New tcp packets without SYN set - could well be an obscure type of port scan
+	# that's not covered above, may just be a broken windows machine
+	/sbin/iptables -N NEWNOTSYN
+	/sbin/iptables -A NEWNOTSYN  -m limit --limit 10/minute -j LOG  --log-prefix "NEW not SYN? "
+	/sbin/iptables -A NEWNOTSYN  -j DROP
+
+	# Chain to contain all the rules relating to bad TCP flags
+	/sbin/iptables -N BADTCP
+
+	# Disallow packets frequently used by port-scanners
+	# nmap xmas
+	/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH  -j PSCAN
+	# Null
+	/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN
+	# FIN
+	/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN
+	# SYN/RST (also catches xmas variants that set SYN+RST+...)
+	/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
+	# SYN/FIN (QueSO or nmap OS probe)
+	/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
+	# NEW TCP without SYN
+	/sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN
+
+	/sbin/iptables -A INPUT   -j BADTCP
+	/sbin/iptables -A FORWARD -j BADTCP
+
+}
+
+iptables_red() {
+	/sbin/iptables -F REDINPUT
+	/sbin/iptables -F REDFORWARD
+	/sbin/iptables -t nat -F REDNAT
+
+	# PPPoE / PPTP Device
+	if [ "$IFACE" != "" ]; then
+		# PPPoE / PPTP
+		if [ "$DEVICE" != "" ]; then
+			/sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
+		fi
+		if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
+			if [ "$RED_DEV" != "" ]; then
+				/sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
+			fi
+		fi
+	fi
+
+	# PPTP over DHCP
+	if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
+		/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
+		/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
+	fi
+
+	# Orange pinholes
+	if [ "$ORANGE_DEV" != "" ]; then
+		# This rule enables a host on ORANGE network to connect to the outside
+		# (only if we have a red connection)
+		if [ "$IFACE" != "" ]; then
+			/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT
+			/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT
+		fi
+	fi
+
+	if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
+		# DHCP
+		if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
+			/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+			/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+		fi
+		if [ "$METHOD" == "DHCP"  -a "$PROTOCOL" == "RFC1483" ]; then
+			/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+			/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+		fi
+
+		# Outgoing masquerading
+		/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+
+	fi
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	iptables_init
+
+	# Limit Packets- helps reduce dos/syn attacks
+	# original do nothing line
+	#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
+	# the correct one, but the negative '!' do nothing...
+	#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP
+
+	# Fix for braindead ISP's
+	/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+	# CUSTOM chains, can be used by the users themselves
+	/sbin/iptables -N CUSTOMINPUT
+	/sbin/iptables -A INPUT -j CUSTOMINPUT
+	/sbin/iptables -N CUSTOMFORWARD
+	/sbin/iptables -A FORWARD -j CUSTOMFORWARD
+	/sbin/iptables -N CUSTOMOUTPUT
+	/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
+	/sbin/iptables -t nat -N CUSTOMPREROUTING
+	/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
+	/sbin/iptables -t nat -N CUSTOMPOSTROUTING
+	/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+
+	# filtering from GUI
+	/sbin/iptables -N GUIINPUT
+	/sbin/iptables -A INPUT -j GUIINPUT
+
+	# Accept everything connected
+	/sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
+	/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+	# localhost and ethernet.
+	/sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT
+	/sbin/iptables -A INPUT   -s 127.0.0.0/8 -m state --state NEW -j DROP   # Loopback not on lo
+	/sbin/iptables -A INPUT   -d 127.0.0.0/8 -m state --state NEW -j DROP
+	/sbin/iptables -A FORWARD -i lo          -m state --state NEW -j ACCEPT
+	/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
+	/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
+	/sbin/iptables -A INPUT   -i $GREEN_DEV  -m state --state NEW -j ACCEPT -p ! icmp
+	/sbin/iptables -A FORWARD -i $GREEN_DEV  -m state --state NEW -j ACCEPT
+
+	# If a host on orange tries to initiate a connection to IPFire's red IP and
+	# the connection gets DNATed back through a port forward to a server on orange
+	# we end up with orange -> orange traffic passing through IPFire
+	[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
+
+	# accept all traffic from ipsec interfaces
+	/sbin/iptables -A INPUT   -i ipsec+ -j ACCEPT
+	/sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
+
+	# allow DHCP on BLUE to be turned on/off
+	/sbin/iptables -N DHCPBLUEINPUT 
+	/sbin/iptables -A INPUT -j DHCPBLUEINPUT
+
+	# IPSec chains
+	/sbin/iptables -N IPSECRED
+	/sbin/iptables -A INPUT -j IPSECRED
+	/sbin/iptables -N IPSECBLUE
+	/sbin/iptables -A INPUT -j IPSECBLUE
+
+	# WIRELESS chains
+	/sbin/iptables -N WIRELESSINPUT
+	/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
+	/sbin/iptables -N WIRELESSFORWARD
+	/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
+
+	# RED chain, used for the red interface
+	/sbin/iptables -N REDINPUT
+	/sbin/iptables -A INPUT -j REDINPUT
+	/sbin/iptables -N REDFORWARD
+	/sbin/iptables -A FORWARD -j REDFORWARD
+	/sbin/iptables -t nat -N REDNAT
+	/sbin/iptables -t nat -A POSTROUTING -j REDNAT
+
+	iptables_red
+
+	# DMZ pinhole chain.  setdmzholes setuid prog adds rules here to allow
+	# ORANGE to talk to GREEN / BLUE.
+	/sbin/iptables -N DMZHOLES
+	if [ "$ORANGE_DEV" != "" ]; then
+		/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
+	fi
+
+	# XTACCESS chain, used for external access
+	/sbin/iptables -N XTACCESS
+	/sbin/iptables -A INPUT -m state --state NEW -j XTACCESS
+
+	# PORTFWACCESS chain, used for portforwarding
+	/sbin/iptables -N PORTFWACCESS
+	/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
+
+	# Custom prerouting chains (for transparent proxy and port forwarding)
+	/sbin/iptables -t nat -N SQUID
+	/sbin/iptables -t nat -A PREROUTING -j SQUID
+	/sbin/iptables -t nat -N PORTFW
+	/sbin/iptables -t nat -A PREROUTING -j PORTFW
+
+
+	# Custom mangle chain (for port fowarding)
+	/sbin/iptables -t mangle -N PORTFWMANGLE
+	/sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE
+
+	# Postrouting rules (for port forwarding)
+	/sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
+	 --to-source $GREEN_ADDRESS
+	if [ "$BLUE_DEV" != "" ]; then
+		/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
+	fi
+	if [ "$ORANGE_DEV" != "" ]; then
+		/sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
+	fi
+
+	# run openvpn
+	/usr/local/bin/openvpnctrl --create-chains-and-rules
+
+	# run local firewall configuration, if present
+ 	if [ -x /etc/sysconfig/firewall.local ]; then
+		/etc/sysconfig/firewall.local start
+	fi
+	
+	# last rule in input and forward chain is for logging.
+	/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
+	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+        ;;
+  stop)
+	iptables_init
+	# Accept everyting connected
+	/sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+	# localhost and ethernet.
+	/sbin/iptables -A INPUT -i lo -j ACCEPT
+	/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT
+
+	if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
+		/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+		/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+	fi
+	if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then
+		/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+		/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+	fi
+
+	# stop openvpn
+	/usr/local/bin/openvpnctrl --delete-chains-and-rules
+
+	# run local firewall configuration, if present
+ 	if [ -x /etc/sysconfig/firewall.local ]; then
+		/etc/sysconfig/firewall.local stop
+	fi
+
+	/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
+	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+        ;;
+  reload)
+	iptables_red
+
+	# run local firewall configuration, if present
+ 	if [ -x /etc/sysconfig/firewall.local ]; then
+		/etc/sysconfig/firewall.local reload
+	fi
+	;;
+  restart)
+	$0 stop
+	$0 start
+	;;
+  *)
+        echo "Usage: $0 {start|stop|reload|restart}"
+        exit 1
+	;;
+esac
+
+exit 0
--- a/src/initscripts/init.d/network
+++ b/src/initscripts/init.d/network
@@ -82,7 +82,7 @@ case "${1}" in
 		fi

 		boot_mesg "Setting up IPFire firewall rules"
-		/etc/rc.d/rc.firewall start
+		/etc/rc.d/init.d/firewall start
 		evaluate_retval
 		boot_mesg "Setting up IP Accounting"
 		/etc/rc.d/helper/writeipac.pl
--- a/src/initscripts/sysconfig/clock
+++ b/src/initscripts/sysconfig/clock
@@ -1,5 +1,5 @@
 # Begin /etc/sysconfig/clock

-UTC=1
+UTC=0

 # End /etc/sysconfig/clock
--- a/src/initscripts/sysconfig/firewall.local
+++ b/src/initscripts/sysconfig/firewall.local
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Used for private firewall rules
+
+# See how we were called.
+case "$1" in
+  start)
+        ## add your 'start' rules here
+        ;;
+  stop)
+        ## add your 'stop' rules here
+        ;;
+  reload)
+        $0 stop
+        $0 start
+        ## add your 'reload' rules here
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|reload}"
+        ;;
+esac
--- a/src/initscripts/sysconfig/network
+++ b/src/initscripts/sysconfig/network
@@ -1 +1 @@
-HOSTNAME=ipfirebox
+HOSTNAME=ipfire
--- a/src/install+setup/install/main.c
+++ b/src/install+setup/install/main.c
@@ -14,7 +14,7 @@
 #define CDROM_INSTALL 0
 #define URL_INSTALL 1
 #define DISK_INSTALL 2
-#define INST_FILECOUNT 6600
+#define INST_FILECOUNT 5600
 #define UNATTENDED_CONF "/cdrom/boot/unattended.conf"

 int raid_disk = 0;
@@ -108,8 +108,6 @@ int unattended_setup(struct keyvalue *unattendedkv) {
    char green_broadcast[STRING_SIZE];
    char root_password[STRING_SIZE];
    char admin_password[STRING_SIZE];
-    char serial_console[STRING_SIZE];
-    char reversesort[STRING_SIZE];

    findkey(unattendedkv, "DOMAINNAME", domainname);
    findkey(unattendedkv, "HOSTNAME", hostname);
@@ -122,8 +120,6 @@ int unattended_setup(struct keyvalue *unattendedkv) {
    findkey(unattendedkv, "GREEN_BROADCAST", green_broadcast);
    findkey(unattendedkv, "ROOT_PASSWORD", root_password);
    findkey(unattendedkv, "ADMIN_PASSWORD", admin_password);
-    findkey(unattendedkv, "SERIAL_CONSOLE", serial_console);
-    findkey(unattendedkv, "REVERSE_NICS", reversesort);

    /* write main/settings. */
    replacekeyvalue(mainsettings, "DOMAINNAME", domainname);
@@ -138,7 +134,6 @@ int unattended_setup(struct keyvalue *unattendedkv) {
    fprintf(flog, "unattended: Starting setup\n");

    /* network */
-
    fprintf(flog, "unattended: setting up network configuration\n");

    (void) readkeyvalues(ethernetkv, "/harddisk" CONFIG_ROOT "/ethernet/settings");
@@ -164,7 +159,7 @@ int unattended_setup(struct keyvalue *unattendedkv) {
 	return 0;
    }
    fprintf(file, "ServerName %s\n", hostname);
-    fclose(file);				    
+    fclose(file);

    fprintf(flog, "unattended: writing hosts\n");
    if (!(hosts = fopen("/harddisk/etc/hosts", "w")))
@@ -174,7 +169,7 @@ int unattended_setup(struct keyvalue *unattendedkv) {
    }
    fprintf(hosts, "127.0.0.1\tlocalhost\n");
    fprintf(hosts, "%s\t%s.%s\t%s\n", green_address, hostname, domainname, hostname);
-    fclose(hosts);								
+    fclose(hosts);

    fprintf(flog, "unattended: writing hosts.allow\n");
    if (!(file = fopen("/harddisk/etc/hosts.allow", "w")))
@@ -196,47 +191,24 @@ int unattended_setup(struct keyvalue *unattendedkv) {
    fprintf(file, "ALL : ALL\n");
    fclose(file);

-    if (strcmp(serial_console, "yes") != 0) {
-	    snprintf(commandstring, STRING_SIZE,
-		     "/sbin/chroot /harddisk /bin/sed -i -e \"s/^s0/#s0/\" /etc/inittab");
-	    if (mysystem(commandstring)) {
-		    errorbox("unattended: ERROR modifying inittab");
-		    return 0;    
-	    }
-
-	    snprintf(commandstring, STRING_SIZE,
-		     "/sbin/chroot /harddisk /bin/sed -i -e \"s/^serial/#serial/; s/^terminal/#terminal/\" /boot/grub/grub.conf");
-	    if (mysystem(commandstring)) {
-		    errorbox("unattended: ERROR modifying inittab");
-		    return 0;
-	    }
-    }
-
-    /* set reverse sorting of interfaces */
-    if (strcmp(reversesort, "yes") == 0) {
-	    mysystem("/bin/touch /harddisk/var/ipfire/ethernet/reverse_nics");
-    }
-
    /* set root password */
    fprintf(flog, "unattended: setting root password\n");
-    
    snprintf(commandstring, STRING_SIZE,
 	    "/sbin/chroot /harddisk /bin/sh -c \"echo 'root:%s' | /usr/sbin/chpasswd\"", root_password);
    if (mysystem(commandstring)) {
 	errorbox("unattended: ERROR setting root password");
 	return 0;
    }
-    
+
    /* set admin password */
    fprintf(flog, "unattended: setting admin password\n");
    snprintf(commandstring, STRING_SIZE,
-	    "/sbin/chroot /harddisk /usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password);
+	    "/sbin/chroot /harddisk /usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password);
    if (mysystem(commandstring)) {
 	errorbox("unattended: ERROR setting admin password");
-	return 0;    
+	return 0;
    }
-    
-    return 1;								
+    return 1;
 }

 int main(int argc, char *argv[])
@@ -849,8 +821,18 @@ EXIT:
 			printf("Unable to mount proc in /harddisk.");
 		else
 		{
-			if (system("/sbin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL"))
-				printf("Unable to run setup.\n");
+
+			if (!unattended) {
+			    if (system("/bin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL"))
+				    printf("Unable to run setup.\n");
+			}
+			else {
+			    fprintf(flog, "Entering unattended setup\n");
+			    unattended_setup(unattendedkv);
+			    snprintf(commandstring, STRING_SIZE, "/bin/sleep 10");
+			    runcommandwithstatus(commandstring, "Unattended installation finished, system will reboot");
+			}
+
 			if (system("/bin/umount /harddisk/proc"))
 				printf("Unable to umount /harddisk/proc.\n");
 		}
@@ -858,7 +840,15 @@ EXIT:

 	fcloseall();

-	system("/sbin/swapoff /harddisk/swapfile");
+	if (swap_file) {
+		if (raid_disk)
+			snprintf(commandstring, STRING_SIZE, "/bin/swapoff %sp2", hdparams.devnode);
+		else
+			snprintf(commandstring, STRING_SIZE, "/bin/swapoff %s2", hdparams.devnode);
+	}
+
+	newtFinished();
+
 	system("/bin/umount /harddisk/var");
 	system("/bin/umount /harddisk/boot");
 	system("/bin/umount /harddisk");