Merge branch 'next' of https://github.com/ipfire/ipfire-2.x into feature_firewalllog_centergraph

config/cfgroot/general-functions.pl

@@ -506,24 +506,46 @@ sub validipandmask
 
 sub checksubnets
 {
-	my %ccdconfhash=();			
-	my @ccdconf=();				
-	my $ccdname=$_[0];			
-	my $ccdnet=$_[1];			
+	my %ccdconfhash=();
+	my %ovpnconfhash=();
+	my %vpnconf=();
+	my %ipsecconf=();
+	my %ownnet=();
+	my %ovpnconf=();
+	my @ccdconf=();
+	my $ccdname=$_[0];
+	my $ccdnet=$_[1];
+	my $ownnet=$_[2];
 	my $errormessage;
 	my ($ip,$cidr)=split(/\//,$ccdnet);
 	$cidr=&iporsubtocidr($cidr);
+
 	#get OVPN-Subnet (dynamic range)
-	my %ovpnconf=();
 	&readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
 	my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
 	$ovpncidr=&iporsubtocidr($ovpncidr);
+
 	#check if we try to use same network as ovpn server
 	if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
 			$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
 			return $errormessage;
 	}
-	#check if we use a network-name/subnet that already exists
+
+	#check if we try to use same network as another ovpn N2N
+	if($ownnet ne 'ovpn'){
+		&readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfhash);
+		foreach my $key (keys %ovpnconfhash) {
+			if ($ovpnconfhash{$key}[3] eq 'net'){
+				my @ovpnnet=split (/\//,$ovpnconfhash{$key}[11]);
+				if (&IpInSubnet($ip,$ovpnnet[0],&iporsubtodec($ovpnnet[1]))){
+					$errormessage=$errormessage.$Lang::tr{'ccd err isovpnn2n'}." $ovpnconfhash{$key}[1] <br>";
+					return $errormessage;
+				}
+			}
+		}
+	}
+
+	#check if we use a network-name/subnet (static-ovpn) that already exists
 	&readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
 	foreach my $key (keys %ccdconfhash) {
 		@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
@@ -535,32 +557,45 @@ sub checksubnets
 		my ($newip,$newsub) = split(/\//,$ccdnet);
 		if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) 
 		{
-			$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+			$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}." $ccdconfhash{$key}[0]<br>";
 			return $errormessage;
 		}
 	}
+
 	#check if we use a ipsec right network which is already defined
-	my %ipsecconf=();
-	&General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
-	foreach my $key (keys %ipsecconf){
-		if ($ipsecconf{$key}[11] ne ''){
-			my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
-			$ipsecsub=&iporsubtodec($ipsecsub);
-			if($ipsecconf{$key}[1] ne $ccdname){
-				if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
-					$errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
-					return $errormessage;
+	if($ownnet ne 'ipsec'){
+		&General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+		foreach my $key (keys %ipsecconf){
+			if ($ipsecconf{$key}[11] ne ''){
+				my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+				$ipsecsub=&iporsubtodec($ipsecsub);
+				if($ipsecconf{$key}[1] ne $ccdname){
+					if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+						$errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
+						return $errormessage;
+					}
 				}
 			}
 		}
 	}
+
+	#check if we use the ipsec RW Network (if defined)
+	&readhash("${General::swroot}/vpn/settings", \%vpnconf);
+	if ($vpnconf{'RW_NET'} ne ''){
+		my ($ipsecrwnet,$ipsecrwsub)=split (/\//, $vpnconf{'RW_NET'});
+		if (&IpInSubnet($ip,$ipsecrwnet,&iporsubtodec($ipsecrwsub)))
+		{
+			$errormessage=$errormessage.$Lang::tr{'ccd err isipsecrw'}."<br>";
+			return $errormessage;
+		}
+	}
+
 	#check if we use one of ipfire's networks (green,orange,blue)
-	my %ownnet=();
 	&readhash("${General::swroot}/ethernet/settings", \%ownnet);
-	if (($ownnet{'GREEN_NETADDRESS'}  	ne '' && $ownnet{'GREEN_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
-	if (($ownnet{'ORANGE_NETADDRESS'}	ne '' && $ownnet{'ORANGE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
-	if (($ownnet{'BLUE_NETADDRESS'} 	ne '' && $ownnet{'BLUE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
-	if (($ownnet{'RED_NETADDRESS'} 		ne '' && $ownnet{'RED_NETADDRESS'} 		ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+	if (($ownnet{'GREEN_NETADDRESS'}  	ne '' && $ownnet{'GREEN_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+	if (($ownnet{'ORANGE_NETADDRESS'}	ne '' && $ownnet{'ORANGE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+	if (($ownnet{'BLUE_NETADDRESS'} 	ne '' && $ownnet{'BLUE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+	if (($ownnet{'RED_NETADDRESS'} 		ne '' && $ownnet{'RED_NETADDRESS'} 		ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
 }
 
 
@@ -1039,7 +1074,7 @@ sub GetIcmpDescription ($) {
     'SKIP',
     'Photur',				#40
     'Experimental');
-    if ($index>41) {return 'unknown'} else {return @icmp_description[$index]};
+    if ($index>41) {return 'unknown'} else {return $icmp_description[$index]};
 }
 
 sub GetCoreUpdateVersion() {

config/cfgroot/graphs.pl

@@ -92,8 +92,8 @@ sub makegraphbox {
 	print "<a href='".$_[0]."?".$_[1]."?month' target='".$_[1]."box'><b>".$Lang::tr{'month'}."</b></a>";
 	print " - ";
 	print "<a href='".$_[0]."?".$_[1]."?year' target='".$_[1]."box'><b>".$Lang::tr{'year'}."</b></a>";
-	print "<iframe src='".$_[0]."?".$_[1]."?".$_[2]."' width='".$width."' height='".$height."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>";
 	print "</center>";
+	print "<iframe src='".$_[0]."?".$_[1]."?".$_[2]."' width='".$width."' height='".$height."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>";
 }
 
 # Generate the CPU Graph for the current period of time for values given by
@@ -1140,7 +1140,6 @@ sub updateentropygraph {
 		"-t $Lang::tr{'entropy'}",
 		"-v $Lang::tr{'bit'}",
 		"DEF:entropy=$mainsettings{'RRDLOG'}/collectd/localhost/entropy/entropy.rrd:entropy:AVERAGE",
-		"CDEF:entropytrend=entropy,43200,TREND",
 		"LINE3:entropy#ff0000:" . sprintf("%-15s", $Lang::tr{'entropy'}),
 		"VDEF:entrmin=entropy,MINIMUM",
 		"VDEF:entrmax=entropy,MAXIMUM",
@@ -1148,7 +1147,6 @@ sub updateentropygraph {
 		"GPRINT:entrmax:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'maximum'}),
 		"GPRINT:entrmin:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'minimum'}),
 		"GPRINT:entravg:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'average'}) . "\\n",
-		"LINE3:entropytrend#000000",
 	);
 
 	RRDs::graph (@command);

config/etc/sysctl.conf

@@ -1,7 +1,10 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.icmp_ratelimit = 1000
+net.ipv4.icmp_ratemask = 6168
 
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_fin_timeout = 30

config/firewall/firewall-policy

@@ -52,17 +52,39 @@ case "${CONFIG_TYPE}" in
 		;;
 esac
 
+HAVE_IPSEC="true"
+HAVE_OPENVPN="true"
+
 # INPUT
+
+# IPsec INPUT
+case "${HAVE_IPSEC},${POLICY}" in
+	true,MODE1) ;;
+	true,*)
+		iptables -A POLICYIN -m policy --pol ipsec --dir in -j ACCEPT
+		;;
+esac
+
+# OpenVPN INPUT
+# Allow direct access to the internal IP addresses of the firewall
+# from remote subnets if forward policy is allowed.
+case "${HAVE_OPENVPN},${POLICY}" in
+	true,MODE1) ;;
+	true,*)
+		iptables -A POLICYIN -i tun+ -j ACCEPT
+		;;
+esac
+
 case "${FWPOLICY2}" in
 	REJECT)
 		if [ "${DROPINPUT}" = "on" ]; then
-			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT "
 		fi
 		iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
 		;;
 	*) # DROP
 		if [ "${DROPINPUT}" = "on" ]; then
-			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
 		fi
 		iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
 		;;
@@ -74,13 +96,13 @@ case "${POLICY}" in
 		case "${FWPOLICY}" in
 			REJECT)
 				if [ "${DROPFORWARD}" = "on" ]; then
-					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD "
 				fi
 				iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
 				;;
 			*) # DROP
 				if [ "${DROPFORWARD}" = "on" ]; then
-					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
 				fi
 				iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
 				;;
@@ -107,13 +129,13 @@ case "${POLICY1}" in
 		case "${FWPOLICY1}" in
 			REJECT)
 				if [ "${DROPOUTGOING}" = "on" ]; then
-					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
+					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT "
 				fi
 				iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
 				;;
 			*) # DROP
 				if [ "${DROPOUTGOING}" == "on" ]; then
-					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
+					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
 				fi
 				iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
 				;;

config/fwhosts/customservices

@@ -28,7 +28,7 @@
 12,NetBIOS Name Service,137,TCP,BLANK,0
 15,IMAP,143,TCP,BLANK,0
 8,HTTP,80,TCP,BLANK,0
-4,Telnet,23,UDP,BLANK,0
+4,Telnet,23,TCP,BLANK,0
 34,DNS (TCP),53,TCP,,0
 19,FTPS data,989,TCP,BLANK,0
 5,SMTP,25,TCP,BLANK,0

config/kernel/kernel.config.armv5tel-ipfire-multi

@@ -333,7 +333,14 @@ CONFIG_ARCH_MULTIPLATFORM=y
 CONFIG_ARCH_MULTI_V7=y
 CONFIG_ARCH_MULTI_V6_V7=y
 # CONFIG_ARCH_MULTI_CPU_AUTO is not set
-# CONFIG_ARCH_MVEBU is not set
+CONFIG_ARCH_MVEBU=y
+
+#
+# Marvell SOC with device tree
+#
+CONFIG_MACH_ARMADA_370_XP=y
+CONFIG_MACH_ARMADA_370=y
+CONFIG_MACH_ARMADA_XP=y
 # CONFIG_ARCH_BCM is not set
 # CONFIG_GPIO_PCA953X is not set
 CONFIG_KEYBOARD_GPIO_POLLED=m
@@ -443,7 +450,7 @@ CONFIG_MACH_OMAP4_PANDA=y
 # CONFIG_OMAP3_SDRC_AC_TIMING is not set
 # CONFIG_ARCH_SOCFPGA is not set
 # CONFIG_PLAT_SPEAR is not set
-# CONFIG_ARCH_SUNXI is not set
+CONFIG_ARCH_SUNXI=y
 # CONFIG_ARCH_SIRF is not set
 # CONFIG_ARCH_TEGRA is not set
 # CONFIG_ARCH_U8500 is not set
@@ -460,12 +467,14 @@ CONFIG_ARCH_VIRT=y
 CONFIG_ARCH_VT8500=y
 CONFIG_ARCH_WM8850=y
 CONFIG_ARCH_ZYNQ=y
+CONFIG_PLAT_ORION=y
 CONFIG_PLAT_VERSATILE=y
 CONFIG_ARM_TIMER_SP804=y
 
 #
 # Processor Type
 #
+CONFIG_CPU_PJ4B=y
 CONFIG_CPU_V7=y
 CONFIG_CPU_32v6K=y
 CONFIG_CPU_32v7=y
@@ -502,6 +511,7 @@ CONFIG_ARM_L1_CACHE_SHIFT=6
 CONFIG_ARM_DMA_MEM_BUFFERABLE=y
 CONFIG_ARM_NR_BANKS=8
 CONFIG_MULTI_IRQ_HANDLER=y
+CONFIG_PJ4B_ERRATA_4742=y
 CONFIG_ARM_ERRATA_430973=y
 CONFIG_PL310_ERRATA_588369=y
 CONFIG_ARM_ERRATA_643719=y
@@ -1314,6 +1324,7 @@ CONFIG_CMA_AREAS=7
 #
 # Bus devices
 #
+CONFIG_MVEBU_MBUS=y
 CONFIG_OMAP_OCP2SCP=y
 CONFIG_OMAP_INTERCONNECT=y
 CONFIG_CONNECTOR=y
@@ -1402,6 +1413,7 @@ CONFIG_MTD_NAND_IDS=y
 CONFIG_MTD_NAND_GPMI_NAND=m
 # CONFIG_MTD_NAND_PLATFORM is not set
 # CONFIG_MTD_ALAUDA is not set
+CONFIG_MTD_NAND_ORION=y
 CONFIG_MTD_NAND_MXC=m
 # CONFIG_MTD_ONENAND is not set
 
@@ -1945,7 +1957,9 @@ CONFIG_NET_VENDOR_I825XX=y
 CONFIG_IP1000=m
 CONFIG_JME=m
 CONFIG_NET_VENDOR_MARVELL=y
+CONFIG_MV643XX_ETH=m
 CONFIG_MVMDIO=m
+CONFIG_MVNETA=m
 CONFIG_SKGE=m
 # CONFIG_SKGE_DEBUG is not set
 CONFIG_SKGE_GENESIS=y
@@ -2542,8 +2556,10 @@ CONFIG_SERIAL_8250_RSA=y
 #
 # Non-8250 serial port support
 #
-CONFIG_SERIAL_AMBA_PL010=m
-CONFIG_SERIAL_AMBA_PL011=m
+CONFIG_SERIAL_AMBA_PL010=y
+CONFIG_SERIAL_AMBA_PL010_CONSOLE=y
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
 # CONFIG_SERIAL_MFD_HSU is not set
 CONFIG_SERIAL_IMX=y
 CONFIG_SERIAL_IMX_CONSOLE=y
@@ -2627,6 +2643,7 @@ CONFIG_I2C_CBUS_GPIO=m
 CONFIG_I2C_GPIO=m
 CONFIG_I2C_IMX=m
 # CONFIG_I2C_INTEL_MID is not set
+CONFIG_I2C_MV64XXX=y
 CONFIG_I2C_NOMADIK=y
 # CONFIG_I2C_OCORES is not set
 CONFIG_I2C_OMAP=y
@@ -2708,8 +2725,12 @@ CONFIG_PINCTRL_IMX51=y
 CONFIG_PINCTRL_IMX53=y
 CONFIG_PINCTRL_IMX6Q=y
 CONFIG_PINCTRL_SINGLE=y
+CONFIG_PINCTRL_SUNXI=y
 # CONFIG_PINCTRL_EXYNOS is not set
 # CONFIG_PINCTRL_EXYNOS5440 is not set
+CONFIG_PINCTRL_MVEBU=y
+CONFIG_PINCTRL_ARMADA_370=y
+CONFIG_PINCTRL_ARMADA_XP=y
 CONFIG_PINCTRL_WMT=y
 CONFIG_PINCTRL_WM8850=y
 CONFIG_ARCH_HAVE_CUSTOM_GPIO_H=y
@@ -2727,6 +2748,7 @@ CONFIG_GPIO_GENERIC=y
 #
 CONFIG_GPIO_GENERIC_PLATFORM=y
 # CONFIG_GPIO_EM is not set
+CONFIG_GPIO_MVEBU=y
 CONFIG_GPIO_MXC=y
 CONFIG_GPIO_PL061=y
 # CONFIG_GPIO_RCAR is not set
@@ -2828,6 +2850,7 @@ CONFIG_CHARGER_TWL4030=y
 # CONFIG_BATTERY_GOLDFISH is not set
 CONFIG_POWER_RESET=y
 CONFIG_POWER_RESET_GPIO=y
+CONFIG_POWER_RESET_QNAP=y
 CONFIG_POWER_RESET_RESTART=y
 CONFIG_POWER_RESET_VEXPRESS=y
 CONFIG_POWER_AVS=y
@@ -2964,6 +2987,7 @@ CONFIG_THERMAL_GOV_USER_SPACE=y
 CONFIG_CPU_THERMAL=y
 CONFIG_THERMAL_EMULATION=y
 CONFIG_IMX_THERMAL=m
+CONFIG_ARMADA_THERMAL=m
 CONFIG_WATCHDOG=y
 CONFIG_WATCHDOG_CORE=y
 CONFIG_WATCHDOG_NOWAYOUT=y
@@ -4147,6 +4171,7 @@ CONFIG_USB_EHCI_TT_NEWSCHED=y
 CONFIG_USB_EHCI_PCI=y
 CONFIG_USB_EHCI_MXC=m
 CONFIG_USB_EHCI_HCD_OMAP=y
+CONFIG_USB_EHCI_HCD_ORION=y
 CONFIG_USB_EHCI_HCD_PLATFORM=y
 # CONFIG_USB_OXU210HP_HCD is not set
 # CONFIG_USB_ISP116X_HCD is not set
@@ -4345,6 +4370,7 @@ CONFIG_MMC_OMAP=y
 CONFIG_MMC_OMAP_HS=y
 CONFIG_MMC_MXC=m
 # CONFIG_MMC_TIFM_SD is not set
+CONFIG_MMC_MVSDIO=y
 # CONFIG_MMC_CB710 is not set
 # CONFIG_MMC_VIA_SDMMC is not set
 CONFIG_MMC_DW=m
@@ -4495,6 +4521,7 @@ CONFIG_RTC_DRV_OMAP=y
 CONFIG_RTC_DRV_PL030=m
 CONFIG_RTC_DRV_PL031=m
 CONFIG_RTC_DRV_VT8500=m
+CONFIG_RTC_DRV_MV=m
 CONFIG_RTC_DRV_MXC=m
 CONFIG_RTC_DRV_SNVS=m
 
@@ -4508,8 +4535,10 @@ CONFIG_DMADEVICES=y
 #
 # DMA Devices
 #
+CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y
 CONFIG_AMBA_PL08X=y
 # CONFIG_DW_DMAC is not set
+CONFIG_MV_XOR=y
 CONFIG_MX3_IPU=y
 CONFIG_MX3_IPU_IRQS=4
 CONFIG_TIMB_DMA=m
@@ -4687,6 +4716,9 @@ CONFIG_COMMON_CLK=y
 CONFIG_COMMON_CLK_VERSATILE=y
 CONFIG_COMMON_CLK_SI5351=m
 CONFIG_COMMON_CLK_AXI_CLKGEN=m
+CONFIG_MVEBU_CLK_CORE=y
+CONFIG_MVEBU_CLK_CPU=y
+CONFIG_MVEBU_CLK_GATING=y
 CONFIG_HWSPINLOCK=y
 
 #
@@ -4695,6 +4727,8 @@ CONFIG_HWSPINLOCK=y
 CONFIG_HWSPINLOCK_OMAP=y
 CONFIG_CLKSRC_OF=y
 CONFIG_CLKSRC_MMIO=y
+CONFIG_ARMADA_370_XP_TIMER=y
+CONFIG_SUN4I_TIMER=y
 CONFIG_VT8500_TIMER=y
 CONFIG_CADENCE_TTC_TIMER=y
 CONFIG_ARM_ARCH_TIMER=y
@@ -5457,7 +5491,9 @@ CONFIG_CRYPTO_USER_API=y
 CONFIG_CRYPTO_USER_API_HASH=y
 CONFIG_CRYPTO_USER_API_SKCIPHER=y
 CONFIG_CRYPTO_HW=y
-# CONFIG_CRYPTO_DEV_HIFN_795X is not set
+CONFIG_CRYPTO_DEV_MV_CESA=m
+CONFIG_CRYPTO_DEV_HIFN_795X=m
+CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
 CONFIG_CRYPTO_DEV_OMAP_SHAM=y
 CONFIG_CRYPTO_DEV_OMAP_AES=y
 CONFIG_ASYMMETRIC_KEY_TYPE=m

config/menu/20-status.menu

@@ -46,6 +46,12 @@
 				'title' => "$Lang::tr{'hardware graphs'}",
 				'enabled' => 1,
 			  };
+    $substatus->{'61.entropy'} = {
+				'caption' => "$Lang::tr{'entropy'}",
+				'uri' => '/cgi-bin/entropy.cgi',
+				'title' => "$Lang::tr{'entropy graphs'}",
+				'enabled' => 1,
+			  };
     $substatus->{'71.connections'} = {
 				'caption' => $Lang::tr{'connections'},
 				'uri' => '/cgi-bin/connections.cgi',

config/rootfiles/common/apache2

@@ -606,6 +606,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/mod/mod_authz_groupfile.html.ko.euc-kr
 #srv/web/ipfire/manual/mod/mod_authz_host.html
 #srv/web/ipfire/manual/mod/mod_authz_host.html.en
+#srv/web/ipfire/manual/mod/mod_authz_host.html.fr
 #srv/web/ipfire/manual/mod/mod_authz_host.html.ja.utf8
 #srv/web/ipfire/manual/mod/mod_authz_host.html.ko.euc-kr
 #srv/web/ipfire/manual/mod/mod_authz_owner.html
@@ -1330,12 +1331,12 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so
 #usr/lib/libapr-1.la
 usr/lib/libapr-1.so
 usr/lib/libapr-1.so.0
-usr/lib/libapr-1.so.0.4.6
+usr/lib/libapr-1.so.0.4.8
 #usr/lib/libaprutil-1.a
 #usr/lib/libaprutil-1.la
 usr/lib/libaprutil-1.so
 usr/lib/libaprutil-1.so.0
-usr/lib/libaprutil-1.so.0.4.1
+usr/lib/libaprutil-1.so.0.5.2
 #usr/lib/pkgconfig/apr-1.pc
 #usr/lib/pkgconfig/apr-util-1.pc
 #usr/sbin/ab

config/rootfiles/common/armv5tel/dracut

@@ -10,7 +10,6 @@ sbin/dracut-catimages
 sbin/dracut-gencmdline
 sbin/lsinitrd
 sbin/mkinitrd
-sbin/switch_root
 usr/share/dracut
 usr/share/dracut/dracut-functions
 usr/share/dracut/modules.d
@@ -55,6 +54,7 @@ usr/share/dracut/modules.d/99base/check
 usr/share/dracut/modules.d/99base/dracut-lib.sh
 usr/share/dracut/modules.d/99base/init
 usr/share/dracut/modules.d/99base/initqueue
+#usr/share/dracut/modules.d/99base/init~
 usr/share/dracut/modules.d/99base/install
 usr/share/dracut/modules.d/99base/loginit
 usr/share/dracut/modules.d/99base/parse-blacklist.sh
@@ -63,3 +63,4 @@ usr/share/dracut/modules.d/99base/parse-root-opts.sh
 #usr/share/man/man8/dracut-catimages.8
 #usr/share/man/man8/dracut-gencmdline.8
 #usr/share/man/man8/dracut.8
+sbin/switch_root

config/rootfiles/common/armv5tel/linux-headers

@@ -10,6 +10,7 @@
 #usr/include/asm-generic/ioctl.h
 #usr/include/asm-generic/ioctls.h
 #usr/include/asm-generic/ipcbuf.h
+#usr/include/asm-generic/kvm_para.h
 #usr/include/asm-generic/mman-common.h
 #usr/include/asm-generic/mman.h
 #usr/include/asm-generic/msgbuf.h
@@ -34,7 +35,6 @@
 #usr/include/asm-generic/types.h
 #usr/include/asm-generic/ucontext.h
 #usr/include/asm-generic/unistd.h
-#usr/include/asm/a.out.h
 #usr/include/asm/auxvec.h
 #usr/include/asm/bitsperlong.h
 #usr/include/asm/byteorder.h
@@ -44,6 +44,8 @@
 #usr/include/asm/ioctl.h
 #usr/include/asm/ioctls.h
 #usr/include/asm/ipcbuf.h
+#usr/include/asm/kvm.h
+#usr/include/asm/kvm_para.h
 #usr/include/asm/mman.h
 #usr/include/asm/msgbuf.h
 #usr/include/asm/param.h
@@ -68,20 +70,23 @@
 #usr/include/asm/unistd.h
 #usr/include/drm
 #usr/include/drm/drm.h
+#usr/include/drm/drm_fourcc.h
 #usr/include/drm/drm_mode.h
 #usr/include/drm/drm_sarea.h
+#usr/include/drm/exynos_drm.h
 #usr/include/drm/i810_drm.h
 #usr/include/drm/i915_drm.h
 #usr/include/drm/mga_drm.h
 #usr/include/drm/nouveau_drm.h
+#usr/include/drm/qxl_drm.h
 #usr/include/drm/r128_drm.h
 #usr/include/drm/radeon_drm.h
 #usr/include/drm/savage_drm.h
 #usr/include/drm/sis_drm.h
+#usr/include/drm/tegra_drm.h
 #usr/include/drm/via_drm.h
 #usr/include/drm/vmwgfx_drm.h
 #usr/include/linux
-#usr/include/linux/a.out.h
 #usr/include/linux/acct.h
 #usr/include/linux/adb.h
 #usr/include/linux/adfs_fs.h
@@ -118,11 +123,11 @@
 #usr/include/linux/baycom.h
 #usr/include/linux/bfs_fs.h
 #usr/include/linux/binfmts.h
-#usr/include/linux/blk_types.h
 #usr/include/linux/blkpg.h
 #usr/include/linux/blktrace_api.h
 #usr/include/linux/bpqether.h
 #usr/include/linux/bsg.h
+#usr/include/linux/btrfs.h
 #usr/include/linux/byteorder
 #usr/include/linux/byteorder/big_endian.h
 #usr/include/linux/byteorder/little_endian.h
@@ -140,7 +145,6 @@
 #usr/include/linux/capi.h
 #usr/include/linux/cciss_defs.h
 #usr/include/linux/cciss_ioctl.h
-#usr/include/linux/cdk.h
 #usr/include/linux/cdrom.h
 #usr/include/linux/cgroupstats.h
 #usr/include/linux/chio.h
@@ -149,7 +153,6 @@
 #usr/include/linux/coda.h
 #usr/include/linux/coda_psdev.h
 #usr/include/linux/coff.h
-#usr/include/linux/comstats.h
 #usr/include/linux/connector.h
 #usr/include/linux/const.h
 #usr/include/linux/cramfs_fs.h
@@ -186,7 +189,6 @@
 #usr/include/linux/errqueue.h
 #usr/include/linux/ethtool.h
 #usr/include/linux/eventpoll.h
-#usr/include/linux/ext2_fs.h
 #usr/include/linux/fadvise.h
 #usr/include/linux/falloc.h
 #usr/include/linux/fanotify.h
@@ -206,7 +208,6 @@
 #usr/include/linux/futex.h
 #usr/include/linux/gameport.h
 #usr/include/linux/gen_stats.h
-#usr/include/linux/generic_serial.h
 #usr/include/linux/genetlink.h
 #usr/include/linux/gfs2_ondisk.h
 #usr/include/linux/gigaset_dev.h
@@ -219,6 +220,9 @@
 #usr/include/linux/hiddev.h
 #usr/include/linux/hidraw.h
 #usr/include/linux/hpet.h
+#usr/include/linux/hsi
+#usr/include/linux/hsi/hsi_char.h
+#usr/include/linux/hw_breakpoint.h
 #usr/include/linux/hysdn_if.h
 #usr/include/linux/i2c-dev.h
 #usr/include/linux/i2c.h
@@ -235,7 +239,6 @@
 #usr/include/linux/if_bonding.h
 #usr/include/linux/if_bridge.h
 #usr/include/linux/if_cablemodem.h
-#usr/include/linux/if_ec.h
 #usr/include/linux/if_eql.h
 #usr/include/linux/if_ether.h
 #usr/include/linux/if_fc.h
@@ -252,8 +255,7 @@
 #usr/include/linux/if_pppol2tp.h
 #usr/include/linux/if_pppox.h
 #usr/include/linux/if_slip.h
-#usr/include/linux/if_strip.h
-#usr/include/linux/if_tr.h
+#usr/include/linux/if_team.h
 #usr/include/linux/if_tun.h
 #usr/include/linux/if_tunnel.h
 #usr/include/linux/if_vlan.h
@@ -295,8 +297,11 @@
 #usr/include/linux/kernel-page-flags.h
 #usr/include/linux/kernel.h
 #usr/include/linux/kernelcapi.h
+#usr/include/linux/kexec.h
 #usr/include/linux/keyboard.h
 #usr/include/linux/keyctl.h
+#usr/include/linux/kvm.h
+#usr/include/linux/kvm_para.h
 #usr/include/linux/l2tp.h
 #usr/include/linux/limits.h
 #usr/include/linux/llc.h
@@ -306,7 +311,9 @@
 #usr/include/linux/major.h
 #usr/include/linux/map_to_7segment.h
 #usr/include/linux/matroxfb.h
+#usr/include/linux/mdio.h
 #usr/include/linux/media.h
+#usr/include/linux/mei.h
 #usr/include/linux/mempolicy.h
 #usr/include/linux/meye.h
 #usr/include/linux/mii.h
@@ -331,6 +338,7 @@
 #usr/include/linux/net.h
 #usr/include/linux/net_dropmon.h
 #usr/include/linux/net_tstamp.h
+#usr/include/linux/netconf.h
 #usr/include/linux/netdevice.h
 #usr/include/linux/netfilter
 #usr/include/linux/netfilter.h
@@ -344,9 +352,13 @@
 #usr/include/linux/netfilter/nf_conntrack_sctp.h
 #usr/include/linux/netfilter/nf_conntrack_tcp.h
 #usr/include/linux/netfilter/nf_conntrack_tuple_common.h
+#usr/include/linux/netfilter/nf_nat.h
 #usr/include/linux/netfilter/nfnetlink.h
+#usr/include/linux/netfilter/nfnetlink_acct.h
 #usr/include/linux/netfilter/nfnetlink_compat.h
 #usr/include/linux/netfilter/nfnetlink_conntrack.h
+#usr/include/linux/netfilter/nfnetlink_cthelper.h
+#usr/include/linux/netfilter/nfnetlink_cttimeout.h
 #usr/include/linux/netfilter/nfnetlink_log.h
 #usr/include/linux/netfilter/nfnetlink_queue.h
 #usr/include/linux/netfilter/x_tables.h
@@ -359,6 +371,7 @@
 #usr/include/linux/netfilter/xt_DSCP.h
 #usr/include/linux/netfilter/xt_IDLETIMER.h
 #usr/include/linux/netfilter/xt_LED.h
+#usr/include/linux/netfilter/xt_LOG.h
 #usr/include/linux/netfilter/xt_MARK.h
 #usr/include/linux/netfilter/xt_NFLOG.h
 #usr/include/linux/netfilter/xt_NFQUEUE.h
@@ -369,9 +382,11 @@
 #usr/include/linux/netfilter/xt_TEE.h
 #usr/include/linux/netfilter/xt_TPROXY.h
 #usr/include/linux/netfilter/xt_addrtype.h
+#usr/include/linux/netfilter/xt_bpf.h
 #usr/include/linux/netfilter/xt_cluster.h
 #usr/include/linux/netfilter/xt_comment.h
 #usr/include/linux/netfilter/xt_connbytes.h
+#usr/include/linux/netfilter/xt_connlabel.h
 #usr/include/linux/netfilter/xt_connlimit.h
 #usr/include/linux/netfilter/xt_connmark.h
 #usr/include/linux/netfilter/xt_conntrack.h
@@ -379,6 +394,7 @@
 #usr/include/linux/netfilter/xt_dccp.h
 #usr/include/linux/netfilter/xt_devgroup.h
 #usr/include/linux/netfilter/xt_dscp.h
+#usr/include/linux/netfilter/xt_ecn.h
 #usr/include/linux/netfilter/xt_esp.h
 #usr/include/linux/netfilter/xt_hashlimit.h
 #usr/include/linux/netfilter/xt_helper.h
@@ -389,6 +405,7 @@
 #usr/include/linux/netfilter/xt_mac.h
 #usr/include/linux/netfilter/xt_mark.h
 #usr/include/linux/netfilter/xt_multiport.h
+#usr/include/linux/netfilter/xt_nfacct.h
 #usr/include/linux/netfilter/xt_osf.h
 #usr/include/linux/netfilter/xt_owner.h
 #usr/include/linux/netfilter/xt_physdev.h
@@ -435,26 +452,22 @@
 #usr/include/linux/netfilter_decnet.h
 #usr/include/linux/netfilter_ipv4
 #usr/include/linux/netfilter_ipv4.h
-#usr/include/linux/netfilter_ipv4/ip_queue.h
 #usr/include/linux/netfilter_ipv4/ip_tables.h
 #usr/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
 #usr/include/linux/netfilter_ipv4/ipt_ECN.h
 #usr/include/linux/netfilter_ipv4/ipt_LOG.h
 #usr/include/linux/netfilter_ipv4/ipt_REJECT.h
-#usr/include/linux/netfilter_ipv4/ipt_SAME.h
 #usr/include/linux/netfilter_ipv4/ipt_TTL.h
 #usr/include/linux/netfilter_ipv4/ipt_ULOG.h
-#usr/include/linux/netfilter_ipv4/ipt_addrtype.h
 #usr/include/linux/netfilter_ipv4/ipt_ah.h
 #usr/include/linux/netfilter_ipv4/ipt_ecn.h
-#usr/include/linux/netfilter_ipv4/ipt_realm.h
 #usr/include/linux/netfilter_ipv4/ipt_ttl.h
-#usr/include/linux/netfilter_ipv4/nf_nat.h
 #usr/include/linux/netfilter_ipv6
 #usr/include/linux/netfilter_ipv6.h
 #usr/include/linux/netfilter_ipv6/ip6_tables.h
 #usr/include/linux/netfilter_ipv6/ip6t_HL.h
 #usr/include/linux/netfilter_ipv6/ip6t_LOG.h
+#usr/include/linux/netfilter_ipv6/ip6t_NPT.h
 #usr/include/linux/netfilter_ipv6/ip6t_REJECT.h
 #usr/include/linux/netfilter_ipv6/ip6t_ah.h
 #usr/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -464,6 +477,7 @@
 #usr/include/linux/netfilter_ipv6/ip6t_opts.h
 #usr/include/linux/netfilter_ipv6/ip6t_rt.h
 #usr/include/linux/netlink.h
+#usr/include/linux/netlink_diag.h
 #usr/include/linux/netrom.h
 #usr/include/linux/nfc.h
 #usr/include/linux/nfs.h
@@ -476,6 +490,7 @@
 #usr/include/linux/nfs_mount.h
 #usr/include/linux/nfsacl.h
 #usr/include/linux/nfsd
+#usr/include/linux/nfsd/cld.h
 #usr/include/linux/nfsd/debug.h
 #usr/include/linux/nfsd/export.h
 #usr/include/linux/nfsd/nfsfh.h
@@ -486,6 +501,8 @@
 #usr/include/linux/omap3isp.h
 #usr/include/linux/omapfb.h
 #usr/include/linux/oom.h
+#usr/include/linux/openvswitch.h
+#usr/include/linux/packet_diag.h
 #usr/include/linux/param.h
 #usr/include/linux/parport.h
 #usr/include/linux/patchkey.h
@@ -505,6 +522,7 @@
 #usr/include/linux/posix_types.h
 #usr/include/linux/ppdev.h
 #usr/include/linux/ppp-comp.h
+#usr/include/linux/ppp-ioctl.h
 #usr/include/linux/ppp_defs.h
 #usr/include/linux/pps.h
 #usr/include/linux/prctl.h
@@ -533,7 +551,9 @@
 #usr/include/linux/scc.h
 #usr/include/linux/sched.h
 #usr/include/linux/screen_info.h
+#usr/include/linux/sctp.h
 #usr/include/linux/sdla.h
+#usr/include/linux/seccomp.h
 #usr/include/linux/securebits.h
 #usr/include/linux/selinux_netlink.h
 #usr/include/linux/sem.h
@@ -545,6 +565,7 @@
 #usr/include/linux/signal.h
 #usr/include/linux/signalfd.h
 #usr/include/linux/snmp.h
+#usr/include/linux/sock_diag.h
 #usr/include/linux/socket.h
 #usr/include/linux/sockios.h
 #usr/include/linux/som.h
@@ -563,6 +584,7 @@
 #usr/include/linux/swab.h
 #usr/include/linux/synclink.h
 #usr/include/linux/sysctl.h
+#usr/include/linux/sysinfo.h
 #usr/include/linux/taskstats.h
 #usr/include/linux/tc_act
 #usr/include/linux/tc_act/tc_csum.h
@@ -578,6 +600,7 @@
 #usr/include/linux/tc_ematch/tc_em_nbyte.h
 #usr/include/linux/tc_ematch/tc_em_text.h
 #usr/include/linux/tcp.h
+#usr/include/linux/tcp_metrics.h
 #usr/include/linux/telephony.h
 #usr/include/linux/termios.h
 #usr/include/linux/time.h
@@ -588,14 +611,17 @@
 #usr/include/linux/tipc_config.h
 #usr/include/linux/toshiba.h
 #usr/include/linux/tty.h
+#usr/include/linux/tty_flags.h
 #usr/include/linux/types.h
 #usr/include/linux/udf_fs_i.h
 #usr/include/linux/udp.h
+#usr/include/linux/uhid.h
 #usr/include/linux/uinput.h
 #usr/include/linux/uio.h
 #usr/include/linux/ultrasound.h
 #usr/include/linux/un.h
 #usr/include/linux/unistd.h
+#usr/include/linux/unix_diag.h
 #usr/include/linux/usb
 #usr/include/linux/usb/audio.h
 #usr/include/linux/usb/cdc.h
@@ -610,11 +636,16 @@
 #usr/include/linux/usbdevice_fs.h
 #usr/include/linux/utime.h
 #usr/include/linux/utsname.h
+#usr/include/linux/uuid.h
 #usr/include/linux/uvcvideo.h
+#usr/include/linux/v4l2-common.h
+#usr/include/linux/v4l2-controls.h
+#usr/include/linux/v4l2-dv-timings.h
 #usr/include/linux/v4l2-mediabus.h
 #usr/include/linux/v4l2-subdev.h
 #usr/include/linux/version.h
 #usr/include/linux/veth.h
+#usr/include/linux/vfio.h
 #usr/include/linux/vhost.h
 #usr/include/linux/videodev2.h
 #usr/include/linux/virtio_9p.h
@@ -664,11 +695,14 @@
 #usr/include/sound/asequencer.h
 #usr/include/sound/asound.h
 #usr/include/sound/asound_fm.h
+#usr/include/sound/compress_offload.h
+#usr/include/sound/compress_params.h
 #usr/include/sound/emu10k1.h
 #usr/include/sound/hdsp.h
 #usr/include/sound/hdspm.h
 #usr/include/sound/sb16_csp.h
 #usr/include/sound/sfnt_info.h
+#usr/include/uapi
 #usr/include/video
 #usr/include/video/edid.h
 #usr/include/video/sisfb.h

config/rootfiles/common/armv5tel/u-boot

@@ -1,8 +1,12 @@
+#boot/MLO
+boot/boot.scr
+boot/boot.script
+boot/convert_bootscript
+#boot/u-boot.img
 usr/bin/mkimage
 #usr/share/u-boot
 #usr/share/u-boot/pandaboard
 #usr/share/u-boot/pandaboard/MLO
-#usr/share/u-boot/pandaboard/u-boot.bin
 #usr/share/u-boot/pandaboard/u-boot.img
 #usr/share/u-boot/wandboard_dl
 #usr/share/u-boot/wandboard_dl/u-boot.imx

config/rootfiles/common/armv5tel/u-boot-panda

@@ -1,5 +0,0 @@
-#boot/MLO
-#boot/u-boot.bin
-boot/boot.scr
-boot/boot.script
-boot/convert_bootscript

config/rootfiles/common/i586/linux

@@ -1963,6 +1963,8 @@ lib/modules/KVER-ipfire
 #lib/modules/KVER-ipfire/kernel/drivers/staging/echo/echo.ko
 #lib/modules/KVER-ipfire/kernel/drivers/staging/et131x
 #lib/modules/KVER-ipfire/kernel/drivers/staging/et131x/et131x.ko
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rts5139
+#lib/modules/KVER-ipfire/kernel/drivers/staging/rts5139/rts5139.ko
 #lib/modules/KVER-ipfire/kernel/drivers/staging/slicoss
 #lib/modules/KVER-ipfire/kernel/drivers/staging/slicoss/slicoss.ko
 #lib/modules/KVER-ipfire/kernel/drivers/staging/usbip

config/rootfiles/core/76/filelists/beep

@@ -0,0 +1 @@
+../../../common/beep

config/rootfiles/packages/armv5tel/vdr_dvbapi

@@ -0,0 +1,3 @@
+etc/sysconfig/vdr-plugins.d/dvbapi.conf
+etc/vdr/plugins/dvbapi
+usr/lib/vdr/libvdr-dvbapi.so.2.0.0

config/rootfiles/packages/foomatic

@@ -22,8 +22,8 @@ usr/lib/perl5/site_perl/5.12.3/Foomatic/DB.pm
 usr/lib/perl5/site_perl/5.12.3/Foomatic/Defaults.pm
 usr/lib/perl5/site_perl/5.12.3/Foomatic/PPD.pm
 usr/lib/perl5/site_perl/5.12.3/Foomatic/UIElem.pm
-#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Foomatic
-#usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto/Foomatic/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Foomatic
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Foomatic/.packlist
 usr/sbin/foomatic-addpjloptions
 usr/sbin/foomatic-cleanupdrivers
 usr/sbin/foomatic-extract-text

config/rootfiles/packages/i586/vdr_dvbapi

@@ -0,0 +1,4 @@
+etc/sysconfig/vdr-plugins.d/dvbapi.conf
+etc/vdr/plugins/dvbapi
+usr/lib/vdr/libvdr-dvbapi.so.2.0.0
+usr/lib/vdr/libvdr-dvbapi.so.2.0.0-sse

config/rootfiles/packages/linux-pae

@@ -1963,6 +1963,8 @@ lib/modules/KVER-ipfire-pae
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/echo/echo.ko
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/et131x
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/et131x/et131x.ko
+#lib/modules/KVER-ipfire-pae/kernel/drivers/staging/rts5139
+#lib/modules/KVER-ipfire-pae/kernel/drivers/staging/rts5139/rts5139.ko
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/slicoss
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/slicoss/slicoss.ko
 #lib/modules/KVER-ipfire-pae/kernel/drivers/staging/usbip

config/rootfiles/packages/vdr_eepg

@@ -0,0 +1,2 @@
+etc/vdr/plugins/eepg
+usr/lib/vdr/libvdr-eepg.so.2.0.0

doc/language_issues.de

@@ -206,6 +206,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from

doc/language_issues.en

@@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from

doc/language_issues.es

@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at

doc/language_issues.fr

@@ -603,6 +603,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -638,6 +640,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -648,6 +651,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -690,9 +694,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -738,6 +740,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -812,6 +815,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -825,6 +829,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: ntp common settings
 WARNING: untranslated string: ntp sync
@@ -868,6 +873,8 @@ WARNING: untranslated string: snort working
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -917,6 +924,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
 WARNING: untranslated string: upload new ruleset
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter file ext block

doc/language_issues.nl

@@ -591,6 +591,8 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bit
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd iroute2
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default ip
@@ -603,6 +605,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -612,6 +615,7 @@ WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: fw default drop
@@ -637,9 +641,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -685,6 +687,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -759,6 +762,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -771,6 +775,7 @@ WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn network
 WARNING: untranslated string: ovpn mgmt in root range
@@ -787,6 +792,8 @@ WARNING: untranslated string: routing table
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
@@ -835,6 +842,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: wlan client

doc/language_issues.pl

@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at

doc/language_issues.ru

@@ -596,6 +596,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -632,6 +634,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -642,6 +645,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: extrahd because there is already a device mounted
 WARNING: untranslated string: extrahd cant umount
 WARNING: untranslated string: extrahd install or load driver
@@ -674,9 +678,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
-WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
-WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -722,6 +724,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -796,6 +799,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: incoming traffic in bytes per second
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
@@ -810,6 +814,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -850,6 +855,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
@@ -898,6 +905,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at

doc/language_issues.tr

@@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
+WARNING: translation string unused: fwdfw err nosrcip
+WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from
@@ -636,10 +638,13 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bit
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd err isipsecrw
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default ip
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
+WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -649,14 +654,17 @@ WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
+WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: fwdfw dnat extport
 WARNING: untranslated string: fwdfw dnat nochoice
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw hint mac
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -669,6 +677,7 @@ WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: most preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn network
 WARNING: untranslated string: ovpn mgmt in root range
@@ -684,7 +693,10 @@ WARNING: untranslated string: routing table
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: support donation
+WARNING: untranslated string: system has hwrng
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: tor directory port
 WARNING: untranslated string: tor errmsg invalid directory port
+WARNING: untranslated string: uplink
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: wlan clients

doc/language_missings

@@ -39,6 +39,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -75,6 +77,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -84,6 +87,7 @@
 < drop outgoing
 < encryption
 < entropy
+< entropy graphs
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
@@ -185,6 +189,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
+< fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -278,6 +283,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
+< hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -292,6 +298,7 @@
 < minimum
 < minute
 < most preferred
+< no hardware random number generator
 < notice
 < ntp common settings
 < ntp sync
@@ -333,6 +340,8 @@
 < ssh
 < static routes
 < support donation
+< system has hwrng
+< system has rdrand
 < system information
 < tor
 < tor 0 = disabled
@@ -389,6 +398,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
+< uplink
 < upload new ruleset
 < uptime
 < uptime load average
@@ -483,6 +493,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -518,6 +530,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -527,6 +540,7 @@
 < drop outgoing
 < encryption
 < entropy
+< entropy graphs
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
@@ -628,6 +642,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
+< fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -721,6 +736,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
+< hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -735,6 +751,7 @@
 < minimum
 < minute
 < most preferred
+< no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -792,6 +809,8 @@
 < ssh
 < static routes
 < support donation
+< system has hwrng
+< system has rdrand
 < system information
 < tor
 < tor 0 = disabled
@@ -848,6 +867,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
+< uplink
 < uptime
 < uptime load average
 < urlfilter redirect template
@@ -918,6 +938,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -953,6 +975,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -962,6 +985,7 @@
 < drop outgoing
 < encryption
 < entropy
+< entropy graphs
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < extrahd install or load driver
@@ -1055,6 +1079,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
+< fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -1148,6 +1173,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
+< hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -1162,6 +1188,7 @@
 < minimum
 < minute
 < most preferred
+< no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -1204,6 +1231,8 @@
 < ssh
 < static routes
 < support donation
+< system has hwrng
+< system has rdrand
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1259,6 +1288,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
+< uplink
 < uptime
 < uptime load average
 < urlfilter redirect template
@@ -1330,6 +1360,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
+< ccd err isipsecrw
+< ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -1367,6 +1399,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
+< downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -1377,6 +1410,7 @@
 < Edit an existing route
 < encryption
 < entropy
+< entropy graphs
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < extrahd install or load driver
@@ -1471,6 +1505,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
+< fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -1564,6 +1599,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
+< hardware support
 < hour-graph
 < incoming traffic in bytes per second
 < integrity
@@ -1581,6 +1617,7 @@
 < minute
 < month-graph
 < most preferred
+< no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -1620,6 +1657,8 @@
 < ssh
 < static routes
 < support donation
+< system has hwrng
+< system has rdrand
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1675,6 +1714,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
+< uplink
 < uptime
 < uptime load average
 < urlfilter redirect template

html/cgi-bin/entropy.cgi

@@ -48,6 +48,42 @@ if ( $querry[0] ne~ "") {
 	&Graphs::makegraphbox("entropy.cgi", "day", '', 350);
 	&Header::closebox();
 
+	# Check for hardware support.
+	my $message;
+	my $message_colour = $Header::colourred;
+	if (&has_hwrng()) {
+		$message = $Lang::tr{'system has hwrng'};
+		$message_colour = $Header::colourgreen;
+	} elsif (&has_rdrand()) {
+		$message = $Lang::tr{'system has rdrand'};
+		$message_colour = $Header::colourgreen;
+	} else {
+		$message = $Lang::tr{'no hardware random number generator'};
+	}
+
+	&Header::openbox('100%', 'center', $Lang::tr{'hardware support'});
+	print <<EOF;
+		<p style="color: $message_colour; text-align: center;">$message</p>
+EOF
+	&Header::closebox();
+
 	&Header::closebigbox();
 	&Header::closepage();
 }
+
+sub has_hwrng() {
+	return (-c "/dev/hwrng");
+}
+
+sub has_rdrand() {
+	open(FILE, "/proc/cpuinfo") or return 0;
+	my @cpuinfo = <FILE>;
+	close(FILE);
+
+	my @result = grep(/rdrand/, @cpuinfo);
+	if (@result) {
+		return 1;
+	}
+
+	return 0;
+}

html/cgi-bin/firewall.cgi

@@ -21,7 +21,11 @@
 
 use strict;
 use Sort::Naturally;
+use utf8;
+use feature 'unicode_strings';
+
 no warnings 'uninitialized';
+
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
@@ -194,6 +198,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 	$errormessage=&checksource;
 	if(!$errormessage){&checktarget;}
 	if(!$errormessage){&checkrule;}
+
 	#check if manual ip (source) is orange network
 	if ($fwdfwsettings{'grp1'} eq 'src_addr'){
 		my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
@@ -223,6 +228,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
 							$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
 						}
+						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+							$errormessage='';
+						}
 						if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
 							$fwdfwsettings{'nosave'} = 'on';
 						}
@@ -264,6 +272,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
 							$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
 						}
+						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+							$errormessage='';
+						}
 						if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
 							$fwdfwsettings{'nosave'} = 'on';
 						}
@@ -307,6 +318,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
 							$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
 						}
+						if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+							$errormessage='';
+						}
 						if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
 							$fwdfwsettings{'nosave'} = 'on';
 						}
@@ -498,8 +512,8 @@ sub checksource
 			return $errormessage;
 		}
 	}elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){
-		$errormessage.=$Lang::tr{'fwdfw err nosrcip'};
-		return $errormessage;
+		$fwdfwsettings{'grp1'}='std_net_src';
+		$fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL';
 	}
 
 	#check empty fields
@@ -599,8 +613,8 @@ sub checktarget
 			return $errormessage;
 		}
 	}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
-		$errormessage.=$Lang::tr{'fwdfw err notgtip'};
-		return $errormessage;
+		$fwdfwsettings{'grp2'}='std_net_tgt';
+		$fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL';
 	}
 	#check for mac in targetgroup
 	if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){
@@ -1286,6 +1300,12 @@ sub getcolor
 	my $val=shift;
 	my $hash=shift;
 	if($optionsfw{'SHOWCOLORS'} eq 'on'){
+		# Don't colourise MAC addresses
+		if (&General::validmac($val)) {
+			$tdcolor = "";
+			return;
+		}
+
 		#custom Hosts
 		if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){
 			foreach my $key (sort keys %$hash){
@@ -1565,7 +1585,7 @@ sub newrule
 	my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
 	if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;}
 	my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}});
-	if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;}
+	if ($dcidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;}
 	&Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'});
 	#------SOURCE-------------------------------------------------------
 	print "<form method='post'>";
@@ -2125,6 +2145,9 @@ sub saverule
 			&changerule($configfwdfw);
 			#print"6";
 		}
+		$fwdfwsettings{'ruleremark'}=~ s/,/;/g;
+		utf8::decode($fwdfwsettings{'ruleremark'});
+		$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
 		if ($fwdfwsettings{'updatefwrule'} ne 'on'){
 			my $key = &General::findhasharraykey ($hash);
 			$$hash{$key}[0]  = $fwdfwsettings{'RULE_ACTION'};
@@ -2260,22 +2283,19 @@ sub saverule
 sub validremark
 {
 	# Checks a hostname against RFC1035
-        my $remark = $_[0];
+	my $remark = $_[0];
 
-	# Each part should be at least two characters in length
-	# but no more than 63 characters
-	if (length ($remark) < 1 || length ($remark) > 255) {
-		return 0;}
-	# Only valid characters are a-z, A-Z, 0-9 and -
-	if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) {
-		return 0;}
-	# First character can only be a letter or a digit
-	if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9(]*$/) {
-		return 0;}
-	# Last character can only be a letter or a digit
-	if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) {
-		return 0;}
-	return 1;
+	# Try to decode $remark into UTF-8. If this doesn't work,
+	# we assume that the string it not sane.
+	if (!utf8::decode($remark)) {
+		return 0;
+	}
+
+	# Check if the string only contains of printable characters.
+	if ($remark =~ /^[[:print:]]*$/) {
+		return 1;
+	}
+	return 0;
 }
 sub viewtablerule
 {
@@ -2355,26 +2375,18 @@ END
 				if($$hash{$key}[3] eq  'ipsec_net_src'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_net_src'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_n2n_src'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_host_src'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2382,26 +2394,18 @@ END
 				if($$hash{$key}[5] eq 'ipsec_net_tgt'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
-						&disable_rule($key);
-						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2409,15 +2413,11 @@ END
 			foreach my $netgroup (sort keys %customgrp){
 				if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
 					$coloryellow='on';
-					&disable_rule($key);
-					$$hash{$key}[2]='';
 				}
 			}
 			foreach my $srvgroup (sort keys %customservicegrp){
 				if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
 					$coloryellow='on';
-					&disable_rule($key);
-					$$hash{$key}[2]='';
 				}
 			}
 			$$hash{'ACTIVE'}=$$hash{$key}[2];
@@ -2792,14 +2792,16 @@ END
 						<font color="$Header::colourorange">$Lang::tr{'orange'}</font>
 						($Lang::tr{'fwdfw pol block'})
 					</td>
+END
+			}
+
+			print <<END;
 					<td align='center'>
 						<font color="$Header::colourgreen">$Lang::tr{'green'}</font>
 						($Lang::tr{'fwdfw pol block'})
 					</td>
+				</tr>
 END
-			}
-
-			print"</tr>";
 		}
 
 		print <<END;

html/cgi-bin/fwhosts.cgi

@@ -21,7 +21,8 @@
 use strict;
 
 # enable only the following on debugging purpose
-use warnings;
+#use warnings;
+
 use Sort::Naturally;
 use CGI::Carp 'fatalsToBrowser';
 no warnings 'uninitialized';
@@ -48,7 +49,7 @@ my %fwfwd=();
 my %fwinp=();
 my %fwout=();
 my %ovpnsettings=();
-
+my %netsettings=();
 
 my $errormessage;
 my $hint;
@@ -80,7 +81,7 @@ unless (-e $configsrvgrp) { system("touch $configsrvgrp"); }
 &General::readhash("$configovpn", \%ovpnsettings);
 &General::readhasharray("$configipsec", \%ipsecconf);
 &General::readhash("$configipsecrw", \%ipsecsettings);
-
+&General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
 &Header::getcgihash(\%fwhostsettings);
 
 &Header::showhttpheaders();
@@ -1211,12 +1212,12 @@ sub addgrp
 			print<<END;
 		<table width='100%' border='0'>
 			<tr>
-				<td width='10%'>$Lang::tr{'fwhost addgrpname'}</td>
-				<td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='20'></td>
+				<td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+				<td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='30'></td>
 			</tr>
 			<tr>
-				<td width='10%'>$Lang::tr{'remark'}:</td>
-				<td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 98%;'></td>
+				<td>$Lang::tr{'remark'}:</td>
+				<td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 99%;'></td>
 			</tr>
 			<tr>
 				<td colspan='2'><br></td>
@@ -1225,16 +1226,16 @@ sub addgrp
 END
 		}else{
 			print<<END;
-			<table width='100%' border='0'><form method='post' style='display:inline'>
+			<table width='100%' border='0'><form method='post'>
 				<tr>
-					<td nowrap='nowrap' width='12%'>$Lang::tr{'fwhost addgrpname'}</td>
-					<td width='20%'><input type='TEXT' name='grp'  value='$fwhostsettings{'grp_name'}' ></td>
+					<td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td>
+					<td style='width:30%;'><input type='TEXT' name='grp'  value='$fwhostsettings{'grp_name'}' size='30'></td>
 					<td><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldgrpname' value='$fwhostsettings{'oldgrpname'}'><input type='hidden' name='ACTION' value='changegrpname'></td>
 					<td></td></form>
 				</tr>
 				<tr><form method='post' style='display:inline'>
 					<td>$Lang::tr{'remark'}:</td>
-					<td colspan='2'><input type='TEXT' name='newrem' size='45' value='$fwhostsettings{'remark'}' style='width:98%'></td>
+					<td colspan='2' style='width:98%;'><input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'></td>
 					<td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td>
 				</tr>
 			</table></form>
@@ -1246,8 +1247,16 @@ END
 			<form method='post'><input type='hidden' name='remark' value='$rem'><input type='hidden' name='grp_name' value='$grp'>
 			<table width='100%' border='0'>
 			<tr><td width=50% valign='top'>
-			<table width='100%' border='0'>
-			<tr><td width='1%'><input type='radio' name='grp2' value='std_net' id='DEFAULT_SRC_ADR' checked></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost stdnet'}</td><td><select name='DEFAULT_SRC_ADR' style='min-width:185px;'>
+			<table width='90%' border='0'>
+			<tr>
+				<td style='width:15em;'>
+					<label>
+						<input type='radio' name='grp2' value='std_net' id='DEFAULT_SRC_ADR' checked>
+						$Lang::tr{'fwhost stdnet'}
+					</label>
+				</td>
+				<td style='text-align:right;'>
+					<select name='DEFAULT_SRC_ADR' style='min-width:16em;'>
 END
 			foreach my $network (sort keys %defaultNetworks)
 			{
@@ -1267,14 +1276,34 @@ END
 			}
 			print"</select></td></tr>";
 			if (! -z $confignet){
-				print"<tr><td><input type='radio' name='grp2' id='CUST_SRC_NET' value='cust_net' $checked{'grp2'}{'cust_net'}></td><td>$Lang::tr{'fwhost cust net'}:</td><td><select name='CUST_SRC_NET' style='min-width:185px;'>";
+				print<<END;
+				<tr>
+					<td>
+						<label>
+							<input type='radio' name='grp2' id='CUST_SRC_NET' value='cust_net' $checked{'grp2'}{'cust_net'}>
+							$Lang::tr{'fwhost cust net'}:
+						</label>
+					</td>
+					<td style='text-align:right;'>
+						<select name='CUST_SRC_NET' style='min-width:16em;'>";
+END
 				foreach my $key (sort { ncmp($customnetwork{$a}[0],$customnetwork{$b}[0]) } keys  %customnetwork) {
 					print"<option>$customnetwork{$key}[0]</option>";
 				}
 				print"</select></td></tr>";
 			}
 			if (! -z $confighost){
-				print"<tr><td valign='top'><input type='radio' name='grp2' id='CUST_SRC_HOST' value='cust_host' $checked{'grp2'}{'cust_host'}></td><td valign='top'>$Lang::tr{'fwhost cust addr'}:</td><td><select name='CUST_SRC_HOST' style='min-width:185px;'>";
+				print<<END;
+				<tr>
+					<td valign='top'>
+						<label>
+							<input type='radio' name='grp2' id='CUST_SRC_HOST' value='cust_host' $checked{'grp2'}{'cust_host'}>
+							$Lang::tr{'fwhost cust addr'}:
+						</label>
+					</td>
+					<td style='text-align:right;'>
+						<select name='CUST_SRC_HOST' style='min-width:16em;'>";
+END
 				foreach my $key (sort { ncmp($customhost{$a}[0],$customhost{$b}[0]) } keys %customhost) {
 					print"<option>$customhost{$key}[0]</option>";
 				}
@@ -1282,10 +1311,19 @@ END
 			}
 			print"</table>";
 			#Inner table right
-			print"</td><td valign='top'><table width='100%' border='0'>";
+			print"</td><td align='right' style='vertical-align:top;'><table width='90%' border='0'>";
 			#OVPN networks
 			if (! -z $configccdnet){
-				print"<td width='1%'><input type='radio' name='grp2' id='OVPN_CCD_NET' value='ovpn_net'  $checked{'grp2'}{'ovpn_net'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_NET' style='min-width:185px;'>";
+				print<<END;
+				<td style='width:15em;'>
+					<label>
+						<input type='radio' name='grp2' id='OVPN_CCD_NET' value='ovpn_net'  $checked{'grp2'}{'ovpn_net'}>
+						$Lang::tr{'fwhost ccdnet'}
+					</label>
+				</td>
+				<td style='text-align:right;'>
+					<select name='OVPN_CCD_NET' style='min-width:16em;'>";
+END
 				foreach my $key (sort { ncmp($ccdnet{$a}[0],$ccdnet{$b}[0]) }  keys %ccdnet)
 				{
 					print"<option value='$ccdnet{$key}[0]'>$ccdnet{$key}[0]</option>";
@@ -1296,7 +1334,16 @@ END
 			foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost)
 			{
 				if ($ccdhost{$key}[33] ne ''){
-					print"<td width='1%'><input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdhost'}</td><td nowrap='nowrap' width='1%'><select name='OVPN_CCD_HOST' style='min-width:185px;'>" if ($show eq '');
+					print<<END;
+					<td style='width:15em;'>
+						<label>
+							<input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}>
+							$Lang::tr{'fwhost ccdhost'}
+						</label>
+					</td>
+					<td style='text-align:right;'>
+						<select name='OVPN_CCD_HOST' style='min-width:16em;'>" if ($show eq '');
+END
 					$show='1';
 					print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
 				}
@@ -1305,7 +1352,16 @@ END
 			#OVPN n2n networks
 			foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost) {
 				if($ccdhost{$key}[3] eq 'net'){
-					print"<td width='1%'><input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}></td><td valign='top'>$Lang::tr{'fwhost ovpn_n2n'}:</td><td colspan='3'><select name='OVPN_N2N' style='min-width:185px;'>" if ($show eq '');
+					print<<END;
+					<td style='width:15em;'>
+						<label>
+							<input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}>
+							$Lang::tr{'fwhost ovpn_n2n'}:
+						</label>
+					</td>
+					<td style='text-align:right;'>
+						<select name='OVPN_N2N' style='min-width:16em;'>"
+END
 					$show='1';
 					print"<option>$ccdhost{$key}[1]</option>";
 				}
@@ -1314,7 +1370,16 @@ END
 			#IPsec networks
 			foreach my $key (sort { ncmp($ipsecconf{$a}[0],$ipsecconf{$b}[0]) } keys %ipsecconf) {
 				if ($ipsecconf{$key}[3] eq 'net'){
-					print"<td valign='top'><input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}></td><td valign='top'>$Lang::tr{'fwhost ipsec net'}</td><td><select name='IPSEC_NET' style='min-width:185px;'>" if ($show eq '');
+					print<<END;
+					<td style='width:15em;'>
+						<label>
+							<input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}>
+							$Lang::tr{'fwhost ipsec net'}
+						</label>
+					</td>
+					<td style='text-align:right;'>
+					<select name='IPSEC_NET' style='min-width:16em;'>"
+END
 					$show='1';
 					print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
 				}
@@ -1325,7 +1390,7 @@ END
 			print"<br><br>";
 		}
 		print"<table width='100%'>";
-		print"<tr><td align='right'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
+		print"<tr><td style='text-align:right;'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value=\"$fwhostsettings{'update'}\"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>";
 	&Header::closebox();
 }
 sub addservice
@@ -1464,6 +1529,7 @@ sub viewtablenet
 		&General::readhasharray("$fwconfigfwd", \%fwfwd);
 		&General::readhasharray("$fwconfiginp", \%fwinp);
 		&General::readhasharray("$fwconfigout", \%fwout);
+
 		if (!keys %customnetwork) 
 		{ 
 			print "<center><b>$Lang::tr{'fwhost empty'}</b>"; 
@@ -1490,7 +1556,7 @@ END
 			}
 			my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
 			my $netcount=&getnetcount($customnetwork{$key}[0]);
-			print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&Header::colorize($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col>$netcount x</td>";
+			print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col>$netcount x</td>";
 			print<<END;
 			<td width='1%' $col><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
 			<input type='hidden' name='ACTION' value='editnet'>
@@ -1516,50 +1582,79 @@ END
 sub getcolor
 {
 		my $c=shift;
+		my $sip;
+		my $scidr;
+		#Check if MAC
+		if (&General::validmac($c)){ return $c;}
+
+		#Check if we got a full IP with subnet then split it
+		if($c =~ /^(.*?)\/(.*?)$/){
+			($sip,$scidr) = split ("/",$c);
+		}else{
+			$sip=$c;
+		}
+
+		#Now check if IP is part of ORANGE,BLUE or GREEN
+		if ( &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
+			$tdcolor="<font style='color: $Header::colourorange;'>$c</font>";
+			return $tdcolor;
+		}
+		if ( &General::IpInSubnet($sip,$netsettings{'GREEN_ADDRESS'},$netsettings{'GREEN_NETMASK'})){
+			$tdcolor="<font style='color: $Header::colourgreen;'>$c</font>";
+			return $tdcolor;
+		}
+		if ( &General::IpInSubnet($sip,$netsettings{'BLUE_ADDRESS'},$netsettings{'BLUE_NETMASK'})){
+			$tdcolor="<font style='color: $Header::colourblue;'>$c</font>";
+			return $tdcolor;
+		}
+
 		#Check if IP is part of OpenVPN N2N subnet
 		foreach my $key (sort keys %ccdhost){
 			if ($ccdhost{$key}[3] eq 'net'){
 				my ($a,$b) = split("/",$ccdhost{$key}[11]);
-				if (&General::IpInSubnet($c,$a,$b)){
-					$tdcolor="style='color:$Header::colourovpn ;'";
+				if (&General::IpInSubnet($sip,$a,$b)){
+					$tdcolor="<font style='color:$Header::colourovpn ;'>$c</font>";
 					return $tdcolor;
 				}
 			}
 		}
+
 		#Check if IP is part of OpenVPN dynamic subnet
 		my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
-		if (&General::IpInSubnet($c,$a,$b)){
-			$tdcolor="style='color: $Header::colourovpn;'";
+		if (&General::IpInSubnet($sip,$a,$b)){
+			$tdcolor="<font style='color: $Header::colourovpn;'>$c</font>";
 			return $tdcolor;
 		}
+
 		#Check if IP is part of OpenVPN static subnet
 		foreach my $key (sort keys %ccdnet){
 			my ($a,$b) = split("/",$ccdnet{$key}[1]);
 			$b =&General::iporsubtodec($b);
-			if (&General::IpInSubnet($c,$a,$b)){
-				$tdcolor="style='color: $Header::colourovpn;'";
+			if (&General::IpInSubnet($sip,$a,$b)){
+				$tdcolor="<font style='color: $Header::colourovpn;'>$c</font>";
 				return $tdcolor;
 			}
 		}
+
 		#Check if IP is part of IPsec RW network
 		if ($ipsecsettings{'RW_NET'} ne ''){
 			my ($a,$b) = split("/",$ipsecsettings{'RW_NET'});
 			$b=&General::iporsubtodec($b);
-			if (&General::IpInSubnet($c,$a,$b)){
-				$tdcolor="style='color: $Header::colourvpn;'";
+			if (&General::IpInSubnet($sip,$a,$b)){
+				$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
 				return $tdcolor;
 			}
 		}
+
 		#Check if IP is part of a IPsec N2N network
 		foreach my $key (sort keys %ipsecconf){
 			my ($a,$b) = split("/",$ipsecconf{$key}[11]);
-			if (&General::IpInSubnet($c,$a,$b)){
-				$tdcolor="style='color: $Header::colourvpn;'";
+			if (&General::IpInSubnet($sip,$a,$b)){
+				$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
 				return $tdcolor;
 			}
 		}
-		$tdcolor='';
-		return $tdcolor;
+		return "$c";
 }
 sub viewtablehost
 {
@@ -1598,7 +1693,7 @@ END
 			$customhost{$key}[4]=~s/\s+//g;
 			my $hostcount=0;
 			$hostcount=&gethostcount($customhost{$key}[0]);
-			print"<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col ".&getcolor($ip).">".&Header::colorize($ip)."</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col>$hostcount x</td>";
+			print"<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >".&getcolor($ip)."</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col>$hostcount x</td>";
 			print<<END;
 			<td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
 			<input type='hidden' name='ACTION' value='edithost' />
@@ -1709,7 +1804,7 @@ sub viewtablegrp
 			}else{
 				my ($colip,$colsub) = split("/",$ip);
 				$ip="$colip/".&General::subtocidr($colsub) if ($colsub);
-				print"<td align='center' $col ".&getcolor($colip).">".&Header::colorize($ip)."</td><td align='center' $col>$customgrp{$key}[3]</td><td width='1%' $col><form method='post'>";
+				print"<td align='center' $col>".&getcolor($ip)."</td><td align='center' $col>$customgrp{$key}[3]</td><td width='1%' $col><form method='post'>";
 			}
 			if ($delflag > 0 && $ip ne ''){
 				print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' />";
@@ -1920,7 +2015,7 @@ sub checkname
 }
 sub checkgroup
 {
-	&General::readhasharray("$configsrvgrp", \%customservicegrp );
+	&General::readhasharray("$configgrp", \%customgrp );
 	my $name=shift;
 	foreach my $key (keys %customservicegrp) {
 		if($customservicegrp{$key}[0] eq $name){

html/cgi-bin/gpl.cgi

@@ -29,28 +29,29 @@ require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 require "/opt/pakfire/lib/functions.pl";
 
+# If the license has already been accepted.
+if ( -e "/var/ipfire/main/gpl_accepted" ) {
+	&redirect();
+}
 
 my %cgiparams;
-my $refresh;
-
-if ( -e "/var/ipfire/main/gpl_accepted" ) {
-	print "Status: 302 Moved Temporarily\n";
-	print "Location: index.cgi\n\n";
-	exit (0);
-}
-&Header::showhttpheaders();
-
 $cgiparams{'ACTION'} = '';
+
 &Header::getcgihash(\%cgiparams);
 
-&Header::openpage($Lang::tr{'main page'}, 1, $refresh);
-&Header::openbigbox('', 'center');
+# Check if the license agreement has been accepted.
+if ($cgiparams{'ACTION'} eq "$Lang::tr{'yes'}" && $cgiparams{'gpl_accepted'} eq '1') {
+	open(FILE, ">/var/ipfire/main/gpl_accepted");
+	close(FILE);
 
-# licence agreement
-if ($cgiparams{'ACTION'} eq $Lang::tr{'yes'} && $cgiparams{'gpl_accepted'} eq '1') {
-	system('touch /var/ipfire/main/gpl_accepted');
+	&redirect();
 }
 
+&Header::showhttpheaders();
+
+&Header::openpage($Lang::tr{'main page'}, 1);
+&Header::openbigbox('', 'center');
+
 &Header::openbox('100%', 'left', $Lang::tr{'gpl license agreement'});
 print <<END;
 	$Lang::tr{'gpl please read carefully the general public license and accept it below'}.
@@ -80,3 +81,9 @@ END
 &Header::closebox();
 &Header::closebigbox();
 &Header::closepage();
+
+sub redirect {
+	print "Status: 302 Moved Temporarily\n";
+	print "Location: index.cgi\n\n";
+	exit (0);
+}

html/cgi-bin/index.cgi

@@ -358,7 +358,7 @@ if (($confighash{'ENABLED'} eq "on") ||
 	$ovpnip="$ovpnip/$sub";
 print <<END;
 	<tr>
-		<td style='width:25%; text-align:center; background-color:$Header::colourvpn;'>
+		<td style='width:25%; text-align:center; background-color:$Header::colourovpn;'>
 			<a href='/cgi-bin/ovpnmain.cgi' style='color:white'><b>OpenVPN</b></a>
 		</td>
 		<td style='width:30%; text-align:center;'>$ovpnip</td>
@@ -372,7 +372,7 @@ print"</table>";
 #Check if there are any vpns configured (ipsec and openvpn)
 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
 foreach my $key (sort { ncmp($vpnconfig{$a}[1],$vpnconfig{$b}[1]) } keys %vpnconfig) {
-	if ($vpnconfig{$key}[0] eq 'on'){
+	if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host'){
 		$showipsec=1;
 		$showbox=1;
 		last;
@@ -409,7 +409,7 @@ if ($showbox){
 		</tr>
 END
 		foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
-			if ($vpnconfig{$key}[0] eq 'on') {
+			if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
 				$count++;
 				my ($vpnip,$vpnsub) = split("/",$vpnconfig{$key}[11]);
 				$vpnsub=&General::iporsubtocidr($vpnsub);
@@ -420,8 +420,8 @@ END
 					$col = $color{'color20'};
 				}
 				print "<tr>";
-				print "<td style='text-align:left; color:white; background-color:$Header::colourovpn;'>$vpnconfig{$key}[1]</td>";
-				print "<td style='text-align:left; background-color:$col'>$vpnip</td>";
+				print "<td style='text-align:left; color:white; background-color:$Header::colourvpn;'>$vpnconfig{$key}[1]</td>";
+				print "<td style='text-align:center; background-color:$col'>$vpnip</td>";
 
 				my $activecolor = $Header::colourred;
 				my $activestatus = $Lang::tr{'capsclosed'};

html/cgi-bin/ovpnmain.cgi

@@ -2159,7 +2159,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
     }
-
+	&General::firewall_reload();
 
 ###
 ### Download PKCS12 file
@@ -3509,8 +3509,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 		  goto VPNCONF_ERROR;
-		}
-   
+	}
+	#Check if remote subnet is used elsewhere
+	my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
+	$warnmessage=&General::checksubnets('',$n2nip,'ovpn');
+	if ($warnmessage){
+		$warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+	}
 }
 
 #	if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
@@ -4569,6 +4574,16 @@ END
 	&Header::closebox();
     }
 
+	if ($warnmessage) {
+		&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
+		print "$warnmessage<br>";
+		print "$Lang::tr{'fwdfw warn1'}<br>";
+		&Header::closebox();
+		print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+		&Header::closepage();
+		exit 0;
+	}
+
     my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
     my $srunning = "no";
     my $activeonrun = "";

html/cgi-bin/vpnmain.cgi

@@ -1225,7 +1225,7 @@ END
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
     }
-
+	&General::firewall_reload();
 ###
 ### Choose between adding a host-net or net-net connection
 ###
@@ -1407,14 +1407,13 @@ END
 	    goto VPNCONF_ERROR;
 	}
 
-#temporary disabled (BUG 10294)
-#	if ($cgiparams{'TYPE'} eq 'net'){
-#		$errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
-#		if ($errormessage ne ''){
-#			goto VPNCONF_ERROR;
-#		}
-#		
-#	}
+	if ($cgiparams{'TYPE'} eq 'net'){
+		$warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec');
+		if ($warnmessage ne ''){
+			$warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
+		}
+	}
+
 	if ($cgiparams{'AUTH'} eq 'psk') {
 	    if (! length($cgiparams{'PSK'}) ) {
 		$errormessage = $Lang::tr{'pre-shared key is too short'};
@@ -2520,7 +2519,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		<td>
 			<label>
 				<input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
-				IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
+				IKE+ESP: $Lang::tr{'use only proposed settings'}
 			</label>
 		</td>
 	</tr>
@@ -2612,6 +2611,16 @@ EOF
 	&Header::closebox();
     }
 
+	if ($warnmessage) {
+		&Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
+		print "$warnmessage<br>";
+		print "$Lang::tr{'fwdfw warn1'}<br>";
+		&Header::closebox();
+		print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
+		&Header::closepage();
+		exit 0;
+	}
+
     &Header::openbox('100%', 'left', $Lang::tr{'global settings'});
     print <<END
     <form method='post' action='$ENV{'SCRIPT_NAME'}'>

html/html/themes/ipfire/include/functions.pl

@@ -110,7 +110,7 @@ sub openpage {
 	&genmenu();
 
 	my $headline = "IPFire";
-	if ($settings{'WINDOWWITHHOSTNAME'} eq 'on') {
+	if (($settings{'WINDOWWITHHOSTNAME'} eq 'on') || ($settings{'WINDOWWITHHOSTNAME'} eq '')) {
 		$headline =  "$settings{'HOSTNAME'}.$settings{'DOMAINNAME'}";
 	}
 

langs/de/cgi-bin/de.pl

@@ -481,8 +481,10 @@
 'ccd err iroute' => 'Netzadresse für Route ungültig.',
 'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
 'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
-'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
-'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
+'ccd err isipsecrw' => 'Diese Subnetzadresse wird bereits für das IPsec-RW Netz verwendet.',
+'ccd err isovpnn2n' => 'Die Subnetzadresse wird für bereits für eine OpenVPN Netz-zu-Netz-Verbindung verwendet.',
+'ccd err isovpnnet' => 'Die Subnetzadresse wird für bereits für den OpenVPN-Server verwendet.',
+'ccd err issubnet' => 'Die Subnetzadresse wird bereits verwendet.',
 'ccd err name' => 'Es muss ein Name angegeben werden.',
 'ccd err nameexist' => 'Name existiert bereits.',
 'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.',
@@ -818,6 +820,7 @@
 'enter ack class' => 'Legen Sie hier die ACK-Klasse fest <br /> und klicken Sie danach auf <i>Speichern</i>.',
 'enter data' => 'Geben Sie die Daten ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
 'entropy' => 'Entropie',
+'entropy graphs' => 'Entropiegraphen',
 'err bk 1' => 'Fehler beim Erzeugen des Archivs',
 'err bk 10 password' => 'Fehler beim Datensicherungs-Passwort',
 'err bk 2 key' => 'Fehler beim Erzeugen der Schlüsseldatei',
@@ -1011,6 +1014,7 @@
 'fwdfw use srcport' => 'Quellport:',
 'fwdfw use srv' => 'Zielport:',
 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
+'fwdfw warn1' => 'Dies kann dazu führen, dass Firewallregeln auf Netze angewendet werden, für die sie nicht gedacht sind.',
 'fwdfw wd_fri' => 'Fr',
 'fwdfw wd_mon' => 'Mo',
 'fwdfw wd_sat' => 'Sa',
@@ -1137,6 +1141,7 @@
 'harddisk temperature' => 'Festplattentemperatur',
 'harddisk temperature graphs' => 'HDD-Diagramme',
 'hardware graphs' => 'Hardware-Diagramme',
+'hardware support' => 'Hardware-Unterstützung',
 'hdd temperature in' => 'Festplattentemperatur in',
 'help' => 'Hilfe',
 'high' => 'Hoch',
@@ -1512,6 +1517,7 @@
 'no eciadsl synch.bin file' => 'Keine ECI ADSL Datei synch.bin vorhanden. Bitte hochladen.',
 'no filter pass' => 'Legen Sie hier die Standardklassen fest durch die nicht-gefilterte Pakete gehen.',
 'no fritzdsl driver' => 'Kein Fritz!DSL-Treiber vorhanden. Bitte hochladen.',
+'no hardware random number generator' => 'Dieses System hat keine Entropiequelle.',
 'no information available' => 'Keine Informationen verfügbar.',
 'no log selected' => 'kein Log ausgewählt',
 'no modem selected' => 'Kein Modem ausgewählt',
@@ -1982,6 +1988,8 @@
 'swap usage per' => 'Nutzung von Auslagerungsspeicher (Swap) pro',
 'system' => 'System',
 'system graphs' => 'System-Diagramme',
+'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
+'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
 'system information' => 'Systeminformationen',
 'system log viewer' => 'Betrachter der System-Logdateien',
 'system logs' => 'System-Logdateien',

langs/en/cgi-bin/en.pl

@@ -499,8 +499,10 @@
 'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
 'ccd err iroute' => 'Network address for route is invalid.',
 'ccd err irouteexist' => 'This route is already in use.',
-'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
-'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
+'ccd err isipsecnet' => 'The given subnet address is already used by an IPsec network.',
+'ccd err isipsecrw' => 'The given subnet address is already used by the IPsec rw network.',
+'ccd err isovpnn2n' => 'The subnet address is already in use for an OpenVPN net-to-net connection.',
+'ccd err isovpnnet' => 'The subnet address is already in use for the OpenVPN server.',
 'ccd err issubnet' => 'Subnet address already in use.',
 'ccd err name' => 'Please choose a name.',
 'ccd err nameexist' => 'Name already exists.',
@@ -844,6 +846,7 @@
 'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
 'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
 'entropy' => 'Entropy',
+'entropy graphs' => 'Entropy Graphs',
 'err bk 1' => 'Error creating archive',
 'err bk 10 password' => 'Error with backup password',
 'err bk 2 key' => 'Error creating key file',
@@ -1037,6 +1040,7 @@
 'fwdfw use srcport' => 'Source port:',
 'fwdfw use srv' => 'Destination port:',
 'fwdfw useless rule' => 'This rule is useless.',
+'fwdfw warn1' => 'This might lead to firewallrules which are applied to networks for which they are not intended to be.',
 'fwdfw wd_fri' => 'Fri',
 'fwdfw wd_mon' => 'Mon',
 'fwdfw wd_sat' => 'Sat',
@@ -1165,6 +1169,7 @@
 'harddisk temperature' => 'Harddisk Temperature',
 'harddisk temperature graphs' => 'HDD Graphs',
 'hardware graphs' => 'Hardware Graphs',
+'hardware support' => 'Hardware Support',
 'hdd temperature in' => 'Harddisk temperature in',
 'help' => 'Help',
 'high' => 'High',
@@ -1541,6 +1546,7 @@
 'no eciadsl synch.bin file' => 'No ECI ADSL synch.bin file. Please upload.',
 'no filter pass' => 'Enter the standard class for non-filtered packets.',
 'no fritzdsl driver' => 'No Fritz!DSL driver.  Please upload.',
+'no hardware random number generator' => 'This system has no source for entropy.',
 'no information available' => 'No information available.',
 'no log selected' => 'No log selected',
 'no modem selected' => 'No modem selected',
@@ -2017,6 +2023,8 @@
 'swap usage per' => 'Swap usage per',
 'system' => 'System',
 'system graphs' => 'System Graphs',
+'system has hwrng' => 'This system has got a hardware random number generator.',
+'system has rdrand' => 'This system has got support for Intel(R) RDRAND.',
 'system information' => 'System Information',
 'system log viewer' => 'System Log Viewer',
 'system logs' => 'System Logs',

lfs/apache2

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2012   IPFire Team  <info@ipfire.org>                    #
+# Copyright (C) 2007-2014   IPFire Team  <info@ipfire.org>                    #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 2.2.23
+VER        = 2.2.26
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
 
-$(DL_FILE)_MD5 = ca133de0e4b4b15316990a97186b9993
+$(DL_FILE)_MD5 = 254eda547f8d624604e4bf403241e617
 httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
 
 install : $(TARGET)

lfs/beep

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.2.2
+VER        = 1.3
 
 THISAPP    = beep-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = d541419fd7e5642952d7b48cbb40c712
+$(DL_FILE)_MD5 = 49c340ceb95dbda3f97b2daafac7892a
 
 install : $(TARGET)
 

lfs/linux

@@ -24,10 +24,10 @@
 
 include Config
 
-VER        = 3.10.32
+VER        = 3.10.33
 
 RPI_PATCHES = linux-3.10.27-grsec-943b563
-GRS_PATCHES = grsecurity-2.9.1-3.10.32-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.33-ipfire1.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -36,7 +36,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 37
+PAK_VER    = 38
 DEPS	   = ""
 
 VERSUFIX=ipfire$(KCFG)
@@ -74,9 +74,9 @@ $(DL_FILE)				= $(URL_IPFIRE)/$(DL_FILE)
 rpi-patches-$(RPI_PATCHES).patch.xz	= $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
 $(GRS_PATCHES)				= $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5				= 58bfaf95f4e23be2d658dab0a7fb9615
+$(DL_FILE)_MD5				= 01865f9c129f3c7eee51e25b3781a364
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5	= 8cf81f48408306d93ccee59b58af2e92
-$(GRS_PATCHES)_MD5			= b67dbf569e3f3657dad0e64ec951e1cc
+$(GRS_PATCHES)_MD5			= c99be0018e8bc55fb2e2b8f0ea9783d5
 
 install : $(TARGET)
 
@@ -127,9 +127,6 @@ ifneq "$(KCFG)" "-headers"
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
 endif
 
-	# Disable pcspeaker autoload
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
-
 	# Remove ACPI Blacklist message
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6-silence-acpi-blacklist.patch
 

lfs/samba

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.6.22
+VER        = 3.6.23
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 56
+PAK_VER    = 57
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 59add4bb178ebc188d857bc13a508c0b
+$(DL_FILE)_MD5 = 2f7aee1dc5d31aefcb364600915b31dc
 
 install : $(TARGET)
 

lfs/strongswan

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.1.2rc1
+VER        = 5.1.2
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = d0508e262f2ec45ab5428bb080bc1b31
+$(DL_FILE)_MD5 = d45a2e89c624bceaf2e53c9b9cdddf83
 
 install : $(TARGET)
 

lfs/vdr

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.0.3
+VER        = 2.0.5
 
 # VDRPLUGVER must match with APIVERSION in config.h
 # after change this update also all vdr plugins
@@ -37,7 +37,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = vdr
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = "vdr_streamdev"
 
@@ -63,9 +63,9 @@ MAKE_OPTIONS = \
 
 objects = $(DL_FILE)
 
-$(DL_FILE)  = $(DL_FROM)/$(DL_FILE)
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5  = dd8fb1642bdfa7feb0e9a8ae41e9ef2f
+$(DL_FILE)_MD5 = f58b9836a60440fde84480a2e37ee91d
 
 install : $(TARGET)
 

lfs/vdr_dvbapi

@@ -0,0 +1,121 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.0.6
+THISAPP    = vdr-plugin-dvbapi-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = vdr_dvbapi
+PAK_VER    = 1
+
+DEPS       = ""
+
+VDRPLUGVER = 2.0.0
+
+EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
+CFLAGS    += $(EXTRA_FLAGS)
+CXXFLAGS  += $(EXTRA_FLAGS)
+
+CSAFLAGS     =  -O3 -fexpensive-optimizations -funroll-loops
+CSAFLAGS-sse = $(CSAFLAGS) -mmmx -msse -msse2 -msse3
+PARALLEL     = PARALLEL_64_LONG
+PARALLEL-sse = PARALLEL_128_SSE2
+
+define BUILD
+	cp -a $(DIR_APP) $(DIR_APP)-build$(1)
+	cd $(DIR_APP)-build$(1) && make $(MAKE_TUNING) LIBDIR=. VDRDIR=/usr/lib/vdr \
+		CFLAGS="$(CFLAGS$(1))" CXXFLAGS="$(CXXFLAGS$(1))" \
+		CSAFLAGS="$(CSAFLAGS$(1))" PARALLEL="$(PARALLEL$(1))" \
+		LOCALEDIR=$$(pwd)/locale all
+
+	-mkdir -pv /etc/vdr/plugins/dvbapi
+	cd $(DIR_APP)-build$(1) && install -m 755 libvdr-dvbapi.so \
+		/usr/lib/vdr/libvdr-dvbapi.so.$(VDRPLUGVER)$(1)
+endef
+
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 6a8024b2970beba8eadc1acaa86805e7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download : $(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP)* && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+ifeq "$(MACHINE)" "i586"
+	# Build an SSE enabled version.
+	$(call BUILD,-sse)
+endif
+
+	# Build normal version.
+	$(call BUILD)
+
+	echo "#" > /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+	echo "# Command line parameters for vdr-plugin-dvbapi" >> /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+	echo "#" >> /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+	echo "# For more details see:" >> /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+	echo "#   - \`vdr --help -Pdvbapi\`" >> /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+	echo "PLUGIN_OPTIONS=\"\"" >> /etc/sysconfig/vdr-plugins.d/dvbapi.conf
+
+	@rm -rf $(DIR_APP)*
+	@$(POSTBUILD)

lfs/vdr_eepg

@@ -0,0 +1,99 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+GIT_VER    = 69b47ba4bf0195fd6820beb2cf4f7c7ea31f4011
+VER        = master
+THISAPP    = vdr-plugin-eepg-$(VER)
+DL_FILE    = vdr-plugin-eepg-$(GIT_VER).tar.bz2
+
+DL_FROM    = http://projects.vdr-developer.org/git/vdr-plugin-eepg.git/snapshot
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = vdr_eepg
+PAK_VER    = 1
+
+DEPS       = ""
+
+VDRPLUGVER = 2.0.0
+
+EXTRA_FLAGS= -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
+CFLAGS    += $(EXTRA_FLAGS)
+CXXFLAGS  += $(EXTRA_FLAGS)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE)  = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5  = 0d8049949263f9a2b8deb2ae9919bc49
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download : $(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_SRC) && mv vdr-plugin-eepg-$(GIT_VER) $(THISAPP)
+
+	cd $(DIR_APP) && make $(MAKE_TUNING) LIBDIR=. VDRDIR=/usr/lib/vdr \
+		CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" \
+		LOCALEDIR=$$(pwd)/locale all
+
+	mkdir -pv /etc/vdr/plugins/eepg
+	cd $(DIR_APP) && install -m 755 libvdr-eepg.so \
+		/usr/lib/vdr/libvdr-eepg.so.$(VDRPLUGVER)
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)

make.sh

@@ -25,7 +25,7 @@
 NAME="IPFire"							# Software name
 SNAME="ipfire"							# Short name
 VERSION="2.15"							# Version number
-CORE="76-beta2"							# Core Level (Filename)
+CORE="76-beta3"							# Core Level (Filename)
 PAKFIRE_CORE="76"						# Core Level (PAKFIRE)
 GIT_BRANCH=`git rev-parse --abbrev-ref HEAD`			# Git Branch
 SLOGAN="www.ipfire.org"						# Software slogan
@@ -681,6 +681,8 @@ buildipfire() {
   ipfiremake vdr_streamdev
   ipfiremake vdr_vnsiserver3
   ipfiremake vdr_epgsearch
+  ipfiremake vdr_dvbapi
+  ipfiremake vdr_eepg
   ipfiremake w_scan
   ipfiremake icecast
   ipfiremake icegenerator

src/initscripts/init.d/firewall

@@ -106,9 +106,10 @@ iptables_init() {
 
 	# Block OpenVPN transfer networks
 	iptables -N OVPNBLOCK
-	for i in INPUT FORWARD; do
-		iptables -A ${i} -j OVPNBLOCK
-	done
+	iptables -A INPUT   -i tun+ -j OVPNBLOCK
+	iptables -A OUTPUT  -o tun+ -j OVPNBLOCK
+	iptables -A FORWARD -i tun+ -j OVPNBLOCK
+	iptables -A FORWARD -o tun+ -j OVPNBLOCK
 
 	# OpenVPN transfer network translation
 	iptables -t nat -N OVPNNAT
@@ -188,16 +189,6 @@ iptables_init() {
 	iptables -t nat -N NAT_SOURCE
 	iptables -t nat -A POSTROUTING -j NAT_SOURCE
 
-	# RED chain, used for the red interface
-	iptables -N REDINPUT
-	iptables -A INPUT -j REDINPUT
-	iptables -N REDFORWARD
-	iptables -A FORWARD -j REDFORWARD
-	iptables -t nat -N REDNAT
-	iptables -t nat -A POSTROUTING -j REDNAT
-
-	iptables_red
-
 	# Custom prerouting chains (for transparent proxy)
 	iptables -t nat -N SQUID
 	iptables -t nat -A PREROUTING -j SQUID
@@ -206,12 +197,53 @@ iptables_init() {
 	iptables -t nat -N NAT_DESTINATION
 	iptables -t nat -A PREROUTING -j NAT_DESTINATION
 
+	iptables -t mangle -N NAT_DESTINATION
+	iptables -t mangle -A PREROUTING -j NAT_DESTINATION
+
+	iptables -t nat -N NAT_DESTINATION_FIX
+	iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
+
+	iptables -t nat -A NAT_DESTINATION_FIX \
+		-m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+
+	if [ -n "${BLUE_ADDRESS}" ]; then
+		iptables -t nat -A NAT_DESTINATION_FIX \
+			-m mark --mark 2 -j SNAT --to-source "${BLUE_ADDRESS}"
+	fi
+
+	if [ -n "${ORANGE_ADDRESS}" ]; then
+		iptables -t nat -A NAT_DESTINATION_FIX \
+			-m mark --mark 3 -j SNAT --to-source "${ORANGE_ADDRESS}"
+	fi
+
 	# upnp chain for our upnp daemon
 	iptables -t nat -N UPNPFW
 	iptables -t nat -A PREROUTING -j UPNPFW
 	iptables -N UPNPFW
 	iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
 
+	# RED chain, used for the red interface
+	iptables -N REDINPUT
+	iptables -A INPUT -j REDINPUT
+	iptables -N REDFORWARD
+	iptables -A FORWARD -j REDFORWARD
+	iptables -t nat -N REDNAT
+	iptables -t nat -A POSTROUTING -j REDNAT
+
+	# Filter logging of incoming broadcasts.
+	iptables -N BROADCAST_FILTER
+	iptables -A INPUT -j BROADCAST_FILTER
+
+	iptables -A BROADCAST_FILTER -i "${GREEN_DEV}" -d "${GREEN_BROADCAST}" -j DROP
+
+	if [ -n "${BLUE_DEV}" -a -n "${BLUE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${BLUE_DEV}" -d "${BLUE_BROADCAST}" -j DROP
+	fi
+
+	if [ -n "${ORANGE_DEV}" -a -n "${ORANGE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${ORANGE_DEV}" -d "${ORANGE_BROADCAST}" -j DROP
+	fi
+
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules
 
@@ -226,10 +258,11 @@ iptables_init() {
 	iptables -N POLICYOUT
 	iptables -A OUTPUT -j POLICYOUT
 
+	# Initialize firewall policies.
 	/usr/sbin/firewall-policy
 
-	# read new firewall
-	/usr/local/bin/firewallctrl
+	# Install firewall rules for the red interface.
+	iptables_red
 }
 
 iptables_red() {

src/initscripts/init.d/networking/red

@@ -175,6 +175,14 @@ case "${1}" in
 				boot_mesg "Createing ATM-Bridge as $PPP_NIC ..."
 				br2684ctl -c0 -e${ENCAP} -a0.${VPI}.${VCI} >/dev/null 2>&1 &
 				sleep 1
+
+				# use user-defined or green mac address for nas0
+				if [ -n "$MAC" ]; then
+					ip link set dev nas0 address ${MAC}
+				else
+					ip link set dev nas0 address $(cat /sys/class/net/green0/address)
+				fi
+
 				if [ "$TYPE" == "pppoeatm" ]; then
 					TYPE="pppoe"
 				fi

src/misc-progs/openvpnctrl.c

@@ -365,6 +365,7 @@ ERROR:
 }
 
 void setFirewallRules(void) {
+	char command[STRING_SIZE];
 	char protocol[STRING_SIZE] = "";
 	char dport[STRING_SIZE] = "";
 	char dovpnip[STRING_SIZE] = "";
@@ -405,11 +406,15 @@ void setFirewallRules(void) {
 	if (!strcmp(enableorange, "on") && strlen(orangeif))
 		addRule(OVPNINPUT, orangeif, protocol, dport);
 
+	/* Allow ICMP error messages to pass. */
+	snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -p icmp"
+		" -m conntrack --ctstate RELATED -j RETURN", OVPNBLOCK);
+	executeCommand(command);
+
 	// read connection configuration
 	connection *conn = getConnections();
 
 	// set firewall rules for n2n connections
-	char command[STRING_SIZE];
 	char *local_subnet_address = NULL;
 	char *transfer_subnet_address = NULL;
 	while (conn != NULL) {

src/patches/linux-2.6.30-no-pcspkr-modalias.patch

@@ -1,12 +0,0 @@
-diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
-index 34f4d2e..3e40c70 100644
---- a/drivers/input/misc/pcspkr.c
-+++ b/drivers/input/misc/pcspkr.c
-@@ -24,7 +24,6 @@
- MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
- MODULE_DESCRIPTION("PC Speaker beeper driver");
- MODULE_LICENSE("GPL");
--MODULE_ALIAS("platform:pcspkr");
- 
- static int pcspkr_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
- {

src/patches/strongswan-5.0.2_ipfire.patch

@@ -1,8 +1,6 @@
-diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
-index 3a40e21..d9f3ea0 100644
 --- a/src/_updown/_updown.in
 +++ b/src/_updown/_updown.in
-@@ -193,6 +193,29 @@ custom:*)		# custom parameters (see above CAUTION comment)
+@@ -178,6 +178,29 @@
  	;;
  esac
  
@@ -32,7 +30,7 @@ index 3a40e21..d9f3ea0 100644
  # utility functions for route manipulation
  # Meddling with this stuff should not be necessary and requires great care.
  uproute() {
-@@ -397,12 +420,12 @@ up-host:iptables)
+@@ -407,12 +430,12 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -46,9 +44,9 @@ index 3a40e21..d9f3ea0 100644
 -	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
  	#
- 	# log IPsec host connection setup
- 	if [ $VPN_LOGGING ]
-@@ -410,10 +433,10 @@ up-host:iptables)
+ 	# allow IPIP traffic because of the implicit SA created by the kernel if
+ 	# IPComp is used (for small inbound packets that are not compressed)
+@@ -428,10 +451,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -61,7 +59,7 @@ index 3a40e21..d9f3ea0 100644
  	  fi
  	fi
  	;;
-@@ -421,12 +444,12 @@ down-host:iptables)
+@@ -439,12 +462,12 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -75,9 +73,9 @@ index 3a40e21..d9f3ea0 100644
 -	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
  	#
- 	# log IPsec host connection teardown
- 	if [ $VPN_LOGGING ]
-@@ -434,10 +457,10 @@ down-host:iptables)
+ 	# IPIP exception teardown
+ 	if [ -n "$PLUTO_IPCOMP" ]
+@@ -459,10 +482,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -90,7 +88,7 @@ index 3a40e21..d9f3ea0 100644
  	  fi
  	fi
  	;;
-@@ -447,24 +470,24 @@ up-client:iptables)
+@@ -472,24 +495,24 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -113,16 +111,26 @@ index 3a40e21..d9f3ea0 100644
 -	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 +	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -	  iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
 +	  iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
  	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
 -	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 +	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
  	fi
  	#
- 	# log IPsec client connection setup
-@@ -473,12 +496,51 @@ up-client:iptables)
+ 	# allow IPIP traffic because of the implicit SA created by the kernel if
+@@ -497,7 +520,7 @@
+ 	# INPUT is correct here even for forwarded traffic.
+ 	if [ -n "$PLUTO_IPCOMP" ]
+ 	then
+-	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
++	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ 	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ 	fi
+ 	#
+@@ -507,12 +530,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -176,7 +184,7 @@ index 3a40e21..d9f3ea0 100644
  	;;
  down-client:iptables)
  	# connection to client subnet, with (left/right)firewall=yes, going down
-@@ -486,28 +548,28 @@ down-client:iptables)
+@@ -520,34 +582,34 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -202,8 +210,9 @@ index 3a40e21..d9f3ea0 100644
 +	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
- 	         $IPSEC_POLICY_IN -j ACCEPT
+-	         $IPSEC_POLICY_IN -j ACCEPT
 -	  iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	         $IPSEC_POLICY_IN -j RETURN
 +	  iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
  	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
  	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
@@ -211,8 +220,15 @@ index 3a40e21..d9f3ea0 100644
 +	         $IPSEC_POLICY_OUT -j MARK --set-mark 50
  	fi
  	#
- 	# log IPsec client connection teardown
-@@ -516,12 +578,51 @@ down-client:iptables)
+ 	# IPIP exception teardown
+ 	if [ -n "$PLUTO_IPCOMP" ]
+ 	then
+-	  iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
++	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \
+ 	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ 	fi
+ 	#
+@@ -557,12 +619,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -266,7 +282,7 @@ index 3a40e21..d9f3ea0 100644
  	;;
  #
  # IPv6
-@@ -556,10 +657,10 @@ up-host-v6:iptables)
+@@ -597,10 +698,10 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -279,7 +295,7 @@ index 3a40e21..d9f3ea0 100644
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -580,10 +681,10 @@ down-host-v6:iptables)
+@@ -621,10 +722,10 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -292,7 +308,7 @@ index 3a40e21..d9f3ea0 100644
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -606,10 +707,10 @@ up-client-v6:iptables)
+@@ -647,10 +748,10 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -305,7 +321,7 @@ index 3a40e21..d9f3ea0 100644
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
  	fi
-@@ -618,10 +719,10 @@ up-client-v6:iptables)
+@@ -659,10 +760,10 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then
@@ -318,7 +334,7 @@ index 3a40e21..d9f3ea0 100644
  	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
  	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
  	fi
-@@ -645,11 +746,11 @@ down-client-v6:iptables)
+@@ -686,11 +787,11 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -332,7 +348,7 @@ index 3a40e21..d9f3ea0 100644
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
  	         $IPSEC_POLICY_IN -j ACCEPT
-@@ -659,11 +760,11 @@ down-client-v6:iptables)
+@@ -700,11 +801,11 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then

src/scripts/setddns.pl

@@ -44,36 +44,14 @@ if (open(FILE, "$filename")) {
 # ignore monthly update if not in minimize update mode
 exit 0 if (($settings{'MINIMIZEUPDATES'} ne 'on') && ($ARGV[1] eq '-m'));
 
-my $ip;
-if (open(IP, "${General::swroot}/red/local-ipaddress")) {
-    $ip = <IP>;
-    close(IP);
-    chomp $ip;
-} else {
-    &General::log('Dynamic DNS failure : unable to open local-ipaddress file.');
-    exit 0;
+my $ip = &General::GetDyndnsRedIP();
+
+if ($ip eq "unavailable") {
+	&General::log("Dynamic DNS error: RED/Public IP is unavailable");
+	exit(0);
 }
 
-#If IP is reserved network, we are behind a router. May we ask for our real public IP ?
-if ( &General::IpInSubnet ($ip,'10.0.0.0','255.0.0.0') ||
-     &General::IpInSubnet ($ip,'172.16.0.0','255.240.0.0') ||
-     &General::IpInSubnet ($ip,'192.168.0.0','255.255.0.0')) {
-    # We can, but are we authorized by GUI ?
-    if ($settings{'BEHINDROUTER'} eq 'FETCH_IP') {
-	if ($ARGV[0] eq '-f'){
-	    $settings{'BEHINDROUTERWAITLOOP'} = -1; # When forced option, fectch PublicIP now
-	}
-
-	# Increment counter modulo 4. When it is zero, fetch ip else exit
-	# This divides by 4 the requests to the dyndns server.
-	$settings{'BEHINDROUTERWAITLOOP'} = ($settings{'BEHINDROUTERWAITLOOP'}+1) %4;
-	&General::writehash("${General::swroot}/ddns/settings", \%settings);
-	exit 0 if ( $settings{'BEHINDROUTERWAITLOOP'} ne 0 );
-	my $RealIP = &General::FetchPublicIp;
-	$ip = (&General::validip ($RealIP) ?  $RealIP : 'unavailable');
-	&General::log ("Dynamic DNS public router IP is:$ip");
-    }
-}
+&General::log("Dynamic DNS public router IP is: $ip");
 
 if ($ARGV[0] eq '-f') {
 	unlink ($cachefile);	# next regular calls will try again if this force update fails.