Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

2026-05-11 01:38:25 +02:00 · 2016-11-11 07:44:38 +01:00
parent f707295a85 c6bc0fb03e
commit 5f9fb7a8f6
9 changed files with 121 additions and 28 deletions
--- a/config/rootfiles/core/107/filelists/files
+++ b/config/rootfiles/core/107/filelists/files
@@ -1,5 +1,8 @@
 etc/system-release
 etc/issue
 etc/unbound/unbound.conf
 etc/rc.d/init.d/unbound
 etc/rc.d/init.d/ntp
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/traffic.cgi
 var/ipfire/langs
--- a/config/rootfiles/core/107/update.sh
+++ b/config/rootfiles/core/107/update.sh
@@ -138,6 +138,7 @@ esac
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
 # Remove some old files
 rm -f /etc/unbound/interfaces.conf
 # update linker config
 ldconfig
@@ -177,6 +178,9 @@ if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
 	/etc/init.d/ipsec start
 fi
 # Restart unbound to activate configuration changes
 /etc/init.d/unbound restart
 # Delete old QoS enabled indicator
 rm -f /var/ipfire/qos/enable
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -62,21 +62,15 @@ server:
 	use-caps-for-id: no
 	# Listen on all interfaces
 	interface-automatic: yes
 	interface: 0.0.0.0
-	# Deny access from everywhere
+	# Allow access from everywhere
-	access-control: 0.0.0.0/0 refuse
+	access-control: 0.0.0.0/0 allow
 	# Allow access from localhost
 	access-control: 127.0.0.0/8 allow
 	# Bootstrap root servers
 	root-hints: "/etc/unbound/root.hints"
 	# IPFire interface configuration
 	include: "/etc/unbound/interfaces.conf"
 	interface-automatic: no
 	# Include DHCP leases
 	include: "/etc/unbound/dhcp-leases.conf"
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = guardian
-PAK_VER    = 11
+PAK_VER    = 13
 DEPS       = "perl-inotify2 perl-Net-IP"
--- a/src/initscripts/init.d/ntp
+++ b/src/initscripts/init.d/ntp
@@ -27,6 +27,14 @@ case "$1" in
 			fi
 			if [ -e /var/ipfire/red/active ]; then
 				boot_mesg ""
 				host ping.ipfire.org > /dev/null 2>&1
 				if [ "${?}" != "0" ]; then
 					boot_mesg "DNS not work ... init with ntp.ipfire.org at 81.3.27.46 ..."
 					loadproc /usr/local/bin/settime 81.3.27.46
 					boot_mesg "Setting time on boot..."
 				fi
 				loadproc /usr/local/bin/settime $(cat /var/ipfire/time/settime.conf)
 			else
 				boot_mesg " ERROR! Not online!"
--- a/src/initscripts/init.d/unbound
+++ b/src/initscripts/init.d/unbound
@@ -12,6 +12,7 @@ TEST_DOMAIN="ipfire.org"
 # This domain will never validate
 TEST_DOMAIN_FAIL="dnssec-failed.org"
 INSECURE_ZONES=
 USE_FORWARDERS=1
 # Cache any local zones for 60 seconds
@@ -147,37 +148,38 @@ update_hosts() {
 	done < /var/ipfire/main/hosts
 }
 write_interfaces_conf() {
 	(
 		config_header
 		# 1.1.1.1 is reserved for unused green
 		if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then
 			echo "# allow access from GREEN"
 			echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
 		fi
 		if [ -n "${BLUE_ADDRESS}" ]; then
 			echo "# allow access from  BLUE"
 			echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
 		fi
 	) > /etc/unbound/interfaces.conf
 }
 write_forward_conf() {
 	(
 		config_header
 		local insecure_zones="${INSECURE_ZONES}"
 		local enabled zone server remark
 		while IFS="," read -r enabled zone server remark; do
 			# Line must be enabled.
 			[ "${enabled}" = "on" ] || continue
 			# Zones that end with .local are commonly used for internal
 			# zones and therefore not signed
 			case "${zone}" in
 				*.local)
 					insecure_zones="${insecure_zones} ${zone}"
 					;;
 			esac
 			echo "forward-zone:"
 			echo "	name: ${zone}"
 			echo "	forward-addr: ${server}"
 			echo
 		done < /var/ipfire/dnsforward/config
 		if [ -n "${insecure_zones}" ]; then
 			echo "server:"
 			for zone in ${insecure_zones}; do
 				echo "	domain-insecure: ${zone}"
 			done
 		fi
 	) > /etc/unbound/forward.conf
 }
@@ -333,7 +335,6 @@ case "$1" in
 		# Update configuration files
 		write_tuning_conf
 		write_interfaces_conf
 		write_forward_conf
 		boot_mesg "Starting Unbound DNS Proxy..."
--- a/src/paks/guardian/install.sh
+++ b/src/paks/guardian/install.sh
@@ -0,0 +1,28 @@
 #!/bin/bash
 ############################################################################
 #                                                                          #
 # This file is part of the IPFire Firewall.                                #
 #                                                                          #
 # IPFire is free software; you can redistribute it and/or modify           #
 # it under the terms of the GNU General Public License as published by     #
 # the Free Software Foundation; either version 2 of the License, or        #
 # (at your option) any later version.                                      #
 #                                                                          #
 # IPFire is distributed in the hope that it will be useful,                #
 # but WITHOUT ANY WARRANTY; without even the implied warranty of           #
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
 # GNU General Public License for more details.                             #
 #                                                                          #
 # You should have received a copy of the GNU General Public License        #
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
 # Copyright (C) 2007-2016 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
 extract_files
 /usr/local/bin/update-lang-cache
 restore_backup ${NAME}
 start_service --background ${NAME}
--- a/src/paks/guardian/uninstall.sh
+++ b/src/paks/guardian/uninstall.sh
@@ -0,0 +1,29 @@
 #!/bin/bash
 ############################################################################
 #                                                                          #
 # This file is part of the IPFire Firewall.                                #
 #                                                                          #
 # IPFire is free software; you can redistribute it and/or modify           #
 # it under the terms of the GNU General Public License as published by     #
 # the Free Software Foundation; either version 2 of the License, or        #
 # (at your option) any later version.                                      #
 #                                                                          #
 # IPFire is distributed in the hope that it will be useful,                #
 # but WITHOUT ANY WARRANTY; without even the implied warranty of           #
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
 # GNU General Public License for more details.                             #
 #                                                                          #
 # You should have received a copy of the GNU General Public License        #
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
 # Copyright (C) 2007-2016 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
 stop_service ${NAME}
 make_backup ${NAME}
 remove_files
 /usr/local/bin/update-lang-cache
 exit 0
--- a/src/paks/guardian/update.sh
+++ b/src/paks/guardian/update.sh
@@ -0,0 +1,26 @@
 #!/bin/bash
 ############################################################################
 #                                                                          #
 # This file is part of the IPFire Firewall.                                #
 #                                                                          #
 # IPFire is free software; you can redistribute it and/or modify           #
 # it under the terms of the GNU General Public License as published by     #
 # the Free Software Foundation; either version 2 of the License, or        #
 # (at your option) any later version.                                      #
 #                                                                          #
 # IPFire is distributed in the hope that it will be useful,                #
 # but WITHOUT ANY WARRANTY; without even the implied warranty of           #
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
 # GNU General Public License for more details.                             #
 #                                                                          #
 # You should have received a copy of the GNU General Public License        #
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
 # Copyright (C) 2007-2016 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
 ./uninstall.sh
 ./install.sh