Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

2026-05-11 01:38:25 +02:00 · 2014-03-18 00:22:24 +01:00
parent e583643a25 da7a2208d3
commit 607c9d3ae0
42 changed files with 784 additions and 589 deletions
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -506,24 +506,46 @@ sub validipandmask
 sub checksubnets
 {
-	my %ccdconfhash=();			
+	my %ccdconfhash=();
-	my @ccdconf=();				
+	my %ovpnconfhash=();
-	my $ccdname=$_[0];			
+	my %vpnconf=();
-	my $ccdnet=$_[1];			
+	my %ipsecconf=();
 	my %ownnet=();
 	my %ovpnconf=();
 	my @ccdconf=();
 	my $ccdname=$_[0];
 	my $ccdnet=$_[1];
 	my $ownnet=$_[2];
 	my $errormessage;
 	my ($ip,$cidr)=split(/\//,$ccdnet);
 	$cidr=&iporsubtocidr($cidr);
 	#get OVPN-Subnet (dynamic range)
 	my %ovpnconf=();
 	&readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
 	my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
 	$ovpncidr=&iporsubtocidr($ovpncidr);
 	#check if we try to use same network as ovpn server
 	if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
 			$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
 			return $errormessage;
 	}
-	#check if we use a network-name/subnet that already exists
+
 	#check if we try to use same network as another ovpn N2N
 	if($ownnet ne 'ovpn'){
 		&readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfhash);
 		foreach my $key (keys %ovpnconfhash) {
 			if ($ovpnconfhash{$key}[3] eq 'net'){
 				my @ovpnnet=split (/\//,$ovpnconfhash{$key}[11]);
 				if (&IpInSubnet($ip,$ovpnnet[0],&iporsubtodec($ovpnnet[1]))){
 					$errormessage=$errormessage.$Lang::tr{'ccd err isovpnn2n'}." $ovpnconfhash{$key}[1] <br>";
 					return $errormessage;
 				}
 			}
 		}
 	}
 	#check if we use a network-name/subnet (static-ovpn) that already exists
 	&readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
 	foreach my $key (keys %ccdconfhash) {
 		@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
@@ -535,32 +557,45 @@ sub checksubnets
 		my ($newip,$newsub) = split(/\//,$ccdnet);
 		if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) 
 		{
-			$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+			$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}." $ccdconfhash{$key}[0]<br>";
 			return $errormessage;
 		}
 	}
 	#check if we use a ipsec right network which is already defined
-	my %ipsecconf=();
+	if($ownnet ne 'ipsec'){
-	&General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+		&General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
-	foreach my $key (keys %ipsecconf){
+		foreach my $key (keys %ipsecconf){
-		if ($ipsecconf{$key}[11] ne ''){
+			if ($ipsecconf{$key}[11] ne ''){
-			my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+				my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
-			$ipsecsub=&iporsubtodec($ipsecsub);
+				$ipsecsub=&iporsubtodec($ipsecsub);
-			if($ipsecconf{$key}[1] ne $ccdname){
+				if($ipsecconf{$key}[1] ne $ccdname){
-				if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+					if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
-					$errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
+						$errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
-					return $errormessage;
+						return $errormessage;
 					}
 				}
 			}
 		}
 	}
 	#check if we use the ipsec RW Network (if defined)
 	&readhash("${General::swroot}/vpn/settings", \%vpnconf);
 	if ($vpnconf{'RW_NET'} ne ''){
 		my ($ipsecrwnet,$ipsecrwsub)=split (/\//, $vpnconf{'RW_NET'});
 		if (&IpInSubnet($ip,$ipsecrwnet,&iporsubtodec($ipsecrwsub)))
 		{
 			$errormessage=$errormessage.$Lang::tr{'ccd err isipsecrw'}."<br>";
 			return $errormessage;
 		}
 	}
 	#check if we use one of ipfire's networks (green,orange,blue)
 	my %ownnet=();
 	&readhash("${General::swroot}/ethernet/settings", \%ownnet);
-	if (($ownnet{'GREEN_NETADDRESS'}  	ne '' && $ownnet{'GREEN_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+	if (($ownnet{'GREEN_NETADDRESS'}  	ne '' && $ownnet{'GREEN_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'GREEN_NETADDRESS'},&iporsubtodec($ownnet{'GREEN_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
-	if (($ownnet{'ORANGE_NETADDRESS'}	ne '' && $ownnet{'ORANGE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+	if (($ownnet{'ORANGE_NETADDRESS'}	ne '' && $ownnet{'ORANGE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'ORANGE_NETADDRESS'},&iporsubtodec($ownnet{'ORANGE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
-	if (($ownnet{'BLUE_NETADDRESS'} 	ne '' && $ownnet{'BLUE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+	if (($ownnet{'BLUE_NETADDRESS'} 	ne '' && $ownnet{'BLUE_NETADDRESS'} 	ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'BLUE_NETADDRESS'},&iporsubtodec($ownnet{'BLUE_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
-	if (($ownnet{'RED_NETADDRESS'} 		ne '' && $ownnet{'RED_NETADDRESS'} 		ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+	if (($ownnet{'RED_NETADDRESS'} 		ne '' && $ownnet{'RED_NETADDRESS'} 		ne '0.0.0.0') && &IpInSubnet($ip,$ownnet{'RED_NETADDRESS'},&iporsubtodec($ownnet{'RED_NETMASK'}))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
 }
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -92,8 +92,8 @@ sub makegraphbox {
 	print "<a href='".$_[0]."?".$_[1]."?month' target='".$_[1]."box'><b>".$Lang::tr{'month'}."</b></a>";
 	print " - ";
 	print "<a href='".$_[0]."?".$_[1]."?year' target='".$_[1]."box'><b>".$Lang::tr{'year'}."</b></a>";
 	print "<iframe src='".$_[0]."?".$_[1]."?".$_[2]."' width='".$width."' height='".$height."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>";
 	print "</center>";
 	print "<iframe src='".$_[0]."?".$_[1]."?".$_[2]."' width='".$width."' height='".$height."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>";
 }
 # Generate the CPU Graph for the current period of time for values given by
@@ -1140,7 +1140,6 @@ sub updateentropygraph {
 		"-t $Lang::tr{'entropy'}",
 		"-v $Lang::tr{'bit'}",
 		"DEF:entropy=$mainsettings{'RRDLOG'}/collectd/localhost/entropy/entropy.rrd:entropy:AVERAGE",
 		"CDEF:entropytrend=entropy,43200,TREND",
 		"LINE3:entropy#ff0000:" . sprintf("%-15s", $Lang::tr{'entropy'}),
 		"VDEF:entrmin=entropy,MINIMUM",
 		"VDEF:entrmax=entropy,MAXIMUM",
@@ -1148,7 +1147,6 @@ sub updateentropygraph {
 		"GPRINT:entrmax:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'maximum'}),
 		"GPRINT:entrmin:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'minimum'}),
 		"GPRINT:entravg:" . sprintf("%12s\\: %%5.0lf", $Lang::tr{'average'}) . "\\n",
 		"LINE3:entropytrend#000000",
 	);
 	RRDs::graph (@command);
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -50,9 +50,6 @@ HOME=/
 %weekly  * 3-5   /var/ipfire/updatexlrator/autocheck/cron.weekly
 %monthly * 3-5 * /var/ipfire/updatexlrator/autocheck/cron.monthly
 # Reset Dialup Statistics
 &bootrun 0 0 1 * *	/usr/local/bin/dialctrl.pl reset
 # fireinfo
 %nightly,random * 23-4	/usr/bin/sendprofile >/dev/null 2>&1
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -52,10 +52,19 @@ case "${CONFIG_TYPE}" in
 		;;
 esac
 HAVE_IPSEC="true"
 HAVE_OPENVPN="true"
 # INPUT
 # IPsec INPUT
 case "${HAVE_IPSEC},${POLICY}" in
 	true,MODE1) ;;
 	true,*)
 		iptables -A POLICYIN -m policy --pol ipsec --dir in -j ACCEPT
 		;;
 esac
 # OpenVPN INPUT
 # Allow direct access to the internal IP addresses of the firewall
 # from remote subnets if forward policy is allowed.
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -39,6 +39,7 @@ my $CHAIN_NAT_SOURCE      = "NAT_SOURCE";
 my $CHAIN_NAT_DESTINATION = "NAT_DESTINATION";
 my $CHAIN_MANGLE_NAT_DESTINATION_FIX = "NAT_DESTINATION";
 my @VALID_CHAINS          = ($CHAIN_INPUT, $CHAIN_FORWARD, $CHAIN_OUTPUT);
 my @ANY_ADDRESSES         = ("0.0.0.0/0.0.0.0", "0.0.0.0/0", "0/0");
 my @PROTOCOLS = ("tcp", "udp", "icmp", "igmp", "ah", "esp", "gre", "ipv6", "ipip");
 my @PROTOCOLS_WITH_PORTS = ("tcp", "udp");
@@ -255,6 +256,16 @@ sub buildrules {
 					# Skip invalid rules.
 					next if (!$source || !$destination || ($destination eq "none"));
 					# Sanitize source.
 					if ($source ~~ @ANY_ADDRESSES) {
 						$source = "";
 					}
 					# Sanitize destination.
 					if ($destination ~~ @ANY_ADDRESSES) {
 						$destination = "";
 					}
 					# Array with iptables arguments.
 					my @options = ();
@@ -268,19 +279,27 @@ sub buildrules {
 					my @source_options = ();
 					if ($source =~ /mac/) {
 						push(@source_options, $source);
-					} else {
+					} elsif ($source) {
 						push(@source_options, ("-s", $source));
 					}
 					# Prepare destination options.
-					my @destination_options = ("-d", $destination);
+					my @destination_options = ();
 					if ($destination) {
 						push(@destination_options, ("-d", $destination));
 					}
 					# Add time constraint options.
 					push(@options, @time_options);
 					my $firewall_is_in_source_subnet = 0;
 					if ($source) {
 						$firewall_is_in_source_subnet = &firewall_is_in_subnet($source);
 					}
 					# Process NAT rules.
 					if ($NAT) {
-						my $nat_address = &get_nat_address($$hash{$key}[29]);
+						my $nat_address = &get_nat_address($$hash{$key}[29], $source);
 						# Skip NAT rules if the NAT address is unknown
 						# (i.e. no internet connection has been established, yet).
@@ -289,7 +308,10 @@ sub buildrules {
 						# Destination NAT
 						if ($NAT_MODE eq "DNAT") {
 							# Make port-forwardings useable from the internal networks.
-							&add_dnat_mangle_rules($nat_address, @options);
+							my @internal_addresses = &get_internal_firewall_ip_addresses(1);
 							unless ($nat_address ~~ @internal_addresses) {
 								&add_dnat_mangle_rules($nat_address, @options);
 							}
 							my @nat_options = @options;
 							push(@nat_options, @source_options);
@@ -326,6 +348,14 @@ sub buildrules {
 					}
 					push(@options, @source_options);
 					if ($firewall_is_in_source_subnet && ($fwdfwsettings{"POLICY"} eq "MODE1") && ($chain eq $CHAIN_FORWARD)) {
 						if ($LOG && !$NAT) {
 							run("$IPTABLES -A $CHAIN_INPUT @options @log_limit_options -j LOG --log-prefix '$CHAIN_INPUT '");
 						}
 						run("$IPTABLES -A $CHAIN_INPUT @options -j $target");
 					}
 					push(@options, @destination_options);
 					# Insert firewall rule.
@@ -367,12 +397,21 @@ sub get_alias {
 sub get_nat_address {
 	my $zone = shift;
 	my $source = shift;
 	# Any static address of any zone.
 	if ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
 		return $defaultNetworks{$zone . "_ADDRESS"};
 	} elsif ($zone eq "Default IP") {
 		if ($source) {
 			my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
 			if ($firewall_ip) {
 				return $firewall_ip;
 			}
 		}
 		return &get_external_address();
 	} else {
@@ -781,3 +820,53 @@ sub make_log_limit_options {
 	return @options;
 }
 sub get_internal_firewall_ip_addresses {
 	my $use_orange = shift;
 	my @zones = ("GREEN", "BLUE");
 	if ($use_orange) {
 		push(@zones, "ORANGE");
 	}
 	my @addresses = ();
 	for my $zone (@zones) {
 		next unless (exists $defaultNetworks{$zone . "_ADDRESS"});
 		my $zone_address = $defaultNetworks{$zone . "_ADDRESS"};
 		push(@addresses, $zone_address);
 	}
 	return @addresses;
 }
 sub get_internal_firewall_ip_address {
 	my $subnet = shift;
 	my $use_orange = shift;
 	my ($net_address, $net_mask) = split("/", $subnet);
 	if (!$net_mask) {
 		return;
 	}
 	my @addresses = &get_internal_firewall_ip_addresses($use_orange);
 	foreach my $zone_address (@addresses) {
 		if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) {
 			return $zone_address;
 		}
 	}
 }
 sub firewall_is_in_subnet {
 	my $subnet = shift;
 	# ORANGE is missing here, because nothing may ever access
 	# the firewall from this network.
 	my $address = &get_internal_firewall_ip_address($subnet, 0);
 	if ($address) {
 		return 1;
 	}
 	return 0;
 }
--- a/config/menu/20-status.menu
+++ b/config/menu/20-status.menu
@@ -46,6 +46,12 @@
 				'title' => "$Lang::tr{'hardware graphs'}",
 				'enabled' => 1,
 			  };
    $substatus->{'61.entropy'} = {
 				'caption' => "$Lang::tr{'entropy'}",
 				'uri' => '/cgi-bin/entropy.cgi',
 				'title' => "$Lang::tr{'entropy graphs'}",
 				'enabled' => 1,
 			  };
    $substatus->{'71.connections'} = {
 				'caption' => $Lang::tr{'connections'},
 				'uri' => '/cgi-bin/connections.cgi',
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -74,7 +74,6 @@ etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
@@ -89,7 +88,6 @@ etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
 etc/rc.d/init.d/networking/red.up/98-leds
 etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
 etc/rc.d/init.d/networking/red.up/99-fireinfo
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -76,7 +76,6 @@ etc/rc.d/init.d/networking/red.down/10-ipsec
 etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
@@ -91,7 +90,6 @@ etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
 etc/rc.d/init.d/networking/red.up/98-leds
 etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
 etc/rc.d/init.d/networking/red.up/99-fireinfo
 etc/rc.d/init.d/networking/red.up/99-pakfire-update
 etc/rc.d/init.d/networking/wpa_supplicant.exe
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -81,7 +81,6 @@ usr/local/bin/backupiso
 usr/local/bin/connscheduler
 usr/local/bin/consort.sh
 usr/local/bin/convert-ovpn
 usr/local/bin/dialctrl.pl
 usr/local/bin/hddshutdown
 usr/local/bin/httpscert
 usr/local/bin/makegraphs
--- a/config/rootfiles/common/sudo
+++ b/config/rootfiles/common/sudo
@@ -1,10 +1,77 @@
 etc/sudoers
 etc/sudoers.d
 usr/bin/sudo
 usr/bin/sudoedit
-usr/lib/sudo_noexec.la
+usr/bin/sudoreplay
-usr/lib/sudo_noexec.so
+#usr/include/sudo_plugin.h
-#usr/man/man5/sudoers.5
+usr/lib/sudo
-#usr/man/man8/sudo.8
+usr/lib/sudo/group_file.so
-#usr/man/man8/sudoedit.8
+usr/lib/sudo/sudo_noexec.so
-#usr/man/man8/visudo.8
+usr/lib/sudo/sudoers.so
 usr/lib/sudo/system_group.so
 usr/sbin/visudo
 #usr/share/doc/sudo
 #usr/share/doc/sudo/CONTRIBUTORS
 #usr/share/doc/sudo/ChangeLog
 #usr/share/doc/sudo/HISTORY
 #usr/share/doc/sudo/LICENSE
 #usr/share/doc/sudo/NEWS
 #usr/share/doc/sudo/README
 #usr/share/doc/sudo/TROUBLESHOOTING
 #usr/share/doc/sudo/UPGRADE
 #usr/share/doc/sudo/sample.pam
 #usr/share/doc/sudo/sample.sudo.conf
 #usr/share/doc/sudo/sample.sudoers
 #usr/share/doc/sudo/sample.syslog.conf
 #usr/share/locale/ca/LC_MESSAGES/sudo.mo
 #usr/share/locale/cs/LC_MESSAGES/sudo.mo
 #usr/share/locale/cs/LC_MESSAGES/sudoers.mo
 #usr/share/locale/da/LC_MESSAGES/sudo.mo
 #usr/share/locale/da/LC_MESSAGES/sudoers.mo
 #usr/share/locale/de/LC_MESSAGES/sudo.mo
 #usr/share/locale/de/LC_MESSAGES/sudoers.mo
 #usr/share/locale/eo/LC_MESSAGES/sudo.mo
 #usr/share/locale/eo/LC_MESSAGES/sudoers.mo
 #usr/share/locale/es/LC_MESSAGES/sudo.mo
 #usr/share/locale/eu/LC_MESSAGES/sudo.mo
 #usr/share/locale/eu/LC_MESSAGES/sudoers.mo
 #usr/share/locale/fi/LC_MESSAGES/sudo.mo
 #usr/share/locale/fi/LC_MESSAGES/sudoers.mo
 #usr/share/locale/fr/LC_MESSAGES/sudo.mo
 #usr/share/locale/gl/LC_MESSAGES/sudo.mo
 #usr/share/locale/hr/LC_MESSAGES/sudo.mo
 #usr/share/locale/hr/LC_MESSAGES/sudoers.mo
 #usr/share/locale/it/LC_MESSAGES/sudo.mo
 #usr/share/locale/it/LC_MESSAGES/sudoers.mo
 #usr/share/locale/ja/LC_MESSAGES/sudo.mo
 #usr/share/locale/ja/LC_MESSAGES/sudoers.mo
 #usr/share/locale/lt/LC_MESSAGES/sudoers.mo
 #usr/share/locale/nl/LC_MESSAGES/sudo.mo
 #usr/share/locale/nl/LC_MESSAGES/sudoers.mo
 #usr/share/locale/pl/LC_MESSAGES/sudo.mo
 #usr/share/locale/pl/LC_MESSAGES/sudoers.mo
 #usr/share/locale/pt_BR/LC_MESSAGES/sudo.mo
 #usr/share/locale/pt_BR/LC_MESSAGES/sudoers.mo
 #usr/share/locale/ru/LC_MESSAGES/sudo.mo
 #usr/share/locale/sl/LC_MESSAGES/sudo.mo
 #usr/share/locale/sl/LC_MESSAGES/sudoers.mo
 #usr/share/locale/sr/LC_MESSAGES/sudo.mo
 #usr/share/locale/sr/LC_MESSAGES/sudoers.mo
 #usr/share/locale/sv/LC_MESSAGES/sudo.mo
 #usr/share/locale/sv/LC_MESSAGES/sudoers.mo
 #usr/share/locale/tr/LC_MESSAGES/sudo.mo
 #usr/share/locale/tr/LC_MESSAGES/sudoers.mo
 #usr/share/locale/uk/LC_MESSAGES/sudo.mo
 #usr/share/locale/uk/LC_MESSAGES/sudoers.mo
 #usr/share/locale/vi/LC_MESSAGES/sudo.mo
 #usr/share/locale/vi/LC_MESSAGES/sudoers.mo
 #usr/share/locale/zh_CN/LC_MESSAGES/sudo.mo
 #usr/share/locale/zh_CN/LC_MESSAGES/sudoers.mo
 #usr/share/man/man5/sudo.conf.5
 #usr/share/man/man5/sudoers.5
 #usr/share/man/man8/sudo.8
 #usr/share/man/man8/sudo_plugin.8
 #usr/share/man/man8/sudoedit.8
 #usr/share/man/man8/sudoreplay.8
 #usr/share/man/man8/visudo.8
 var/lib/sudo
--- a/config/rootfiles/common/tzdata
+++ b/config/rootfiles/common/tzdata
@@ -281,6 +281,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/Asia/Kashgar
 #usr/share/zoneinfo/Asia/Kathmandu
 #usr/share/zoneinfo/Asia/Katmandu
 +usr/share/zoneinfo/Asia/Khandyga
 #usr/share/zoneinfo/Asia/Kolkata
 #usr/share/zoneinfo/Asia/Krasnoyarsk
 #usr/share/zoneinfo/Asia/Kuala_Lumpur
@@ -304,9 +305,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/Asia/Qyzylorda
 #usr/share/zoneinfo/Asia/Rangoon
 #usr/share/zoneinfo/Asia/Riyadh
 #usr/share/zoneinfo/Asia/Riyadh87
 #usr/share/zoneinfo/Asia/Riyadh88
 #usr/share/zoneinfo/Asia/Riyadh89
 #usr/share/zoneinfo/Asia/Saigon
 #usr/share/zoneinfo/Asia/Sakhalin
 #usr/share/zoneinfo/Asia/Samarkand
@@ -325,6 +323,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/Asia/Ulaanbaatar
 #usr/share/zoneinfo/Asia/Ulan_Bator
 #usr/share/zoneinfo/Asia/Urumqi
 +usr/share/zoneinfo/Asia/Ust-Nera
 #usr/share/zoneinfo/Asia/Vientiane
 #usr/share/zoneinfo/Asia/Vladivostok
 #usr/share/zoneinfo/Asia/Yakutsk
@@ -440,6 +439,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/Europe/Brussels
 #usr/share/zoneinfo/Europe/Bucharest
 #usr/share/zoneinfo/Europe/Budapest
 +usr/share/zoneinfo/Europe/Busingen
 #usr/share/zoneinfo/Europe/Chisinau
 #usr/share/zoneinfo/Europe/Copenhagen
 #usr/share/zoneinfo/Europe/Dublin
@@ -524,10 +524,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/Mexico/BajaNorte
 #usr/share/zoneinfo/Mexico/BajaSur
 #usr/share/zoneinfo/Mexico/General
 #usr/share/zoneinfo/Mideast
 #usr/share/zoneinfo/Mideast/Riyadh87
 #usr/share/zoneinfo/Mideast/Riyadh88
 #usr/share/zoneinfo/Mideast/Riyadh89
 #usr/share/zoneinfo/NZ
 #usr/share/zoneinfo/NZ-CHAT
 #usr/share/zoneinfo/Navajo
@@ -886,6 +882,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Asia/Kashgar
 #usr/share/zoneinfo/posix/Asia/Kathmandu
 #usr/share/zoneinfo/posix/Asia/Katmandu
 +usr/share/zoneinfo/posix/Asia/Khandyga
 #usr/share/zoneinfo/posix/Asia/Kolkata
 #usr/share/zoneinfo/posix/Asia/Krasnoyarsk
 #usr/share/zoneinfo/posix/Asia/Kuala_Lumpur
@@ -909,9 +906,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Asia/Qyzylorda
 #usr/share/zoneinfo/posix/Asia/Rangoon
 #usr/share/zoneinfo/posix/Asia/Riyadh
 #usr/share/zoneinfo/posix/Asia/Riyadh87
 #usr/share/zoneinfo/posix/Asia/Riyadh88
 #usr/share/zoneinfo/posix/Asia/Riyadh89
 #usr/share/zoneinfo/posix/Asia/Saigon
 #usr/share/zoneinfo/posix/Asia/Sakhalin
 #usr/share/zoneinfo/posix/Asia/Samarkand
@@ -930,6 +924,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Asia/Ulaanbaatar
 #usr/share/zoneinfo/posix/Asia/Ulan_Bator
 #usr/share/zoneinfo/posix/Asia/Urumqi
 +usr/share/zoneinfo/posix/Asia/Ust-Nera
 #usr/share/zoneinfo/posix/Asia/Vientiane
 #usr/share/zoneinfo/posix/Asia/Vladivostok
 #usr/share/zoneinfo/posix/Asia/Yakutsk
@@ -1045,6 +1040,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Europe/Brussels
 #usr/share/zoneinfo/posix/Europe/Bucharest
 #usr/share/zoneinfo/posix/Europe/Budapest
 +usr/share/zoneinfo/posix/Europe/Busingen
 #usr/share/zoneinfo/posix/Europe/Chisinau
 #usr/share/zoneinfo/posix/Europe/Copenhagen
 #usr/share/zoneinfo/posix/Europe/Dublin
@@ -1093,7 +1089,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Europe/Zagreb
 #usr/share/zoneinfo/posix/Europe/Zaporozhye
 #usr/share/zoneinfo/posix/Europe/Zurich
 #usr/share/zoneinfo/posix/Factory
 #usr/share/zoneinfo/posix/GB
 #usr/share/zoneinfo/posix/GB-Eire
 #usr/share/zoneinfo/posix/GMT
@@ -1129,10 +1124,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/posix/Mexico/BajaNorte
 #usr/share/zoneinfo/posix/Mexico/BajaSur
 #usr/share/zoneinfo/posix/Mexico/General
 #usr/share/zoneinfo/posix/Mideast
 #usr/share/zoneinfo/posix/Mideast/Riyadh87
 #usr/share/zoneinfo/posix/Mideast/Riyadh88
 #usr/share/zoneinfo/posix/Mideast/Riyadh89
 #usr/share/zoneinfo/posix/NZ
 #usr/share/zoneinfo/posix/NZ-CHAT
 #usr/share/zoneinfo/posix/Navajo
@@ -1491,6 +1482,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Asia/Kashgar
 #usr/share/zoneinfo/right/Asia/Kathmandu
 #usr/share/zoneinfo/right/Asia/Katmandu
 +usr/share/zoneinfo/right/Asia/Khandyga
 #usr/share/zoneinfo/right/Asia/Kolkata
 #usr/share/zoneinfo/right/Asia/Krasnoyarsk
 #usr/share/zoneinfo/right/Asia/Kuala_Lumpur
@@ -1514,9 +1506,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Asia/Qyzylorda
 #usr/share/zoneinfo/right/Asia/Rangoon
 #usr/share/zoneinfo/right/Asia/Riyadh
 #usr/share/zoneinfo/right/Asia/Riyadh87
 #usr/share/zoneinfo/right/Asia/Riyadh88
 #usr/share/zoneinfo/right/Asia/Riyadh89
 #usr/share/zoneinfo/right/Asia/Saigon
 #usr/share/zoneinfo/right/Asia/Sakhalin
 #usr/share/zoneinfo/right/Asia/Samarkand
@@ -1535,6 +1524,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Asia/Ulaanbaatar
 #usr/share/zoneinfo/right/Asia/Ulan_Bator
 #usr/share/zoneinfo/right/Asia/Urumqi
 +usr/share/zoneinfo/right/Asia/Ust-Nera
 #usr/share/zoneinfo/right/Asia/Vientiane
 #usr/share/zoneinfo/right/Asia/Vladivostok
 #usr/share/zoneinfo/right/Asia/Yakutsk
@@ -1650,6 +1640,7 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Europe/Brussels
 #usr/share/zoneinfo/right/Europe/Bucharest
 #usr/share/zoneinfo/right/Europe/Budapest
 +usr/share/zoneinfo/right/Europe/Busingen
 #usr/share/zoneinfo/right/Europe/Chisinau
 #usr/share/zoneinfo/right/Europe/Copenhagen
 #usr/share/zoneinfo/right/Europe/Dublin
@@ -1698,7 +1689,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Europe/Zagreb
 #usr/share/zoneinfo/right/Europe/Zaporozhye
 #usr/share/zoneinfo/right/Europe/Zurich
 #usr/share/zoneinfo/right/Factory
 #usr/share/zoneinfo/right/GB
 #usr/share/zoneinfo/right/GB-Eire
 #usr/share/zoneinfo/right/GMT
@@ -1734,10 +1724,6 @@ usr/share/zoneinfo
 #usr/share/zoneinfo/right/Mexico/BajaNorte
 #usr/share/zoneinfo/right/Mexico/BajaSur
 #usr/share/zoneinfo/right/Mexico/General
 #usr/share/zoneinfo/right/Mideast
 #usr/share/zoneinfo/right/Mideast/Riyadh87
 #usr/share/zoneinfo/right/Mideast/Riyadh88
 #usr/share/zoneinfo/right/Mideast/Riyadh89
 #usr/share/zoneinfo/right/NZ
 #usr/share/zoneinfo/right/NZ-CHAT
 #usr/share/zoneinfo/right/Navajo
--- a/config/rootfiles/core/76/exclude
+++ b/config/rootfiles/core/76/exclude
@@ -9,6 +9,7 @@ etc/shadow
 etc/ssh/ssh_config
 etc/ssh/sshd_config
 etc/ssl/openssl.cnf
 etc/sudoers
 etc/sysconfig/firewall.local
 etc/sysconfig/rc.local
 etc/udev/rules.d/30-persistent-network.rules
--- a/config/rootfiles/core/76/filelists/beep
+++ b/config/rootfiles/core/76/filelists/beep
@@ -0,0 +1 @@
 ../../../common/beep
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -110,6 +110,9 @@ add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
 add_to_backup etc/inittab
 add_to_backup etc/fstab
 add_to_backup usr/share/usb_modeswitch
 add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
 add_to_backup usr/local/bin/dialctrl.pl
 # Backup the files
 tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
@@ -141,6 +144,12 @@ rm -rf /lib/modules
 # Remove old usb_modeswitch_data
 rm -rf /usr/share/usb_modeswitch
 # Remove dialctrl.pl script
 rm -f \
 	/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
 	/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
 	/usr/local/bin/dialctrl.pl
 #
 # Remove old udev rules.
 #
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -206,6 +206,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
 WARNING: translation string unused: fwdfw err nosrcip
 WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -228,6 +228,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
 WARNING: translation string unused: fwdfw err nosrcip
 WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
 WARNING: untranslated string: ccd err isipsecrw
 WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
 WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
 WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
 WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -603,6 +603,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
 WARNING: untranslated string: ccd err isipsecrw
 WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -638,6 +640,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -648,6 +651,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -690,9 +694,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
 WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
 WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -738,6 +740,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
 WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -812,6 +815,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -825,6 +829,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: ntp common settings
 WARNING: untranslated string: ntp sync
@@ -868,6 +873,8 @@ WARNING: untranslated string: snort working
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -917,6 +924,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
 WARNING: untranslated string: upload new ruleset
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter file ext block
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -591,6 +591,8 @@ WARNING: untranslated string: advproxy errmsg proxy ports equal
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bit
 WARNING: untranslated string: bytes
 WARNING: untranslated string: ccd err isipsecrw
 WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd iroute2
 WARNING: untranslated string: dead peer detection
 WARNING: untranslated string: default ip
@@ -603,6 +605,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -612,6 +615,7 @@ WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: fw default drop
@@ -637,9 +641,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
 WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
 WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -685,6 +687,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
 WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -759,6 +762,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -771,6 +775,7 @@ WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn network
 WARNING: untranslated string: ovpn mgmt in root range
@@ -787,6 +792,8 @@ WARNING: untranslated string: routing table
 WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
@@ -835,6 +842,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: wlan client
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -593,6 +593,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
 WARNING: untranslated string: ccd err isipsecrw
 WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -627,6 +629,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -637,6 +640,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
 WARNING: untranslated string: fireinfo is enabled
@@ -679,9 +683,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
 WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
 WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -727,6 +729,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
 WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -801,6 +804,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -814,6 +818,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -860,6 +865,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: system information
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
@@ -909,6 +916,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -596,6 +596,8 @@ WARNING: untranslated string: ccd err invalidname
 WARNING: untranslated string: ccd err invalidnet
 WARNING: untranslated string: ccd err irouteexist
 WARNING: untranslated string: ccd err isipsecnet
 WARNING: untranslated string: ccd err isipsecrw
 WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: ccd err isovpnnet
 WARNING: untranslated string: ccd err issubnet
 WARNING: untranslated string: ccd err name
@@ -632,6 +634,7 @@ WARNING: untranslated string: dnsforward edit an entry
 WARNING: untranslated string: dnsforward entries
 WARNING: untranslated string: dnsforward forward_server
 WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: downlink
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
@@ -642,6 +645,7 @@ WARNING: untranslated string: drop outgoing
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
 WARNING: untranslated string: entropy graphs
 WARNING: untranslated string: extrahd because there is already a device mounted
 WARNING: untranslated string: extrahd cant umount
 WARNING: untranslated string: extrahd install or load driver
@@ -674,9 +678,7 @@ WARNING: untranslated string: fwdfw dnat porterr
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw edit
 WARNING: untranslated string: fwdfw err nosrc
 WARNING: untranslated string: fwdfw err nosrcip
 WARNING: untranslated string: fwdfw err notgt
 WARNING: untranslated string: fwdfw err notgtip
 WARNING: untranslated string: fwdfw err prot_port
 WARNING: untranslated string: fwdfw err remark
 WARNING: untranslated string: fwdfw err ruleexists
@@ -722,6 +724,7 @@ WARNING: untranslated string: fwdfw use nat
 WARNING: untranslated string: fwdfw use srcport
 WARNING: untranslated string: fwdfw use srv
 WARNING: untranslated string: fwdfw useless rule
 WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: fwdfw wd_fri
 WARNING: untranslated string: fwdfw wd_mon
 WARNING: untranslated string: fwdfw wd_sat
@@ -796,6 +799,7 @@ WARNING: untranslated string: fwhost type
 WARNING: untranslated string: fwhost used
 WARNING: untranslated string: fwhost welcome
 WARNING: untranslated string: grouptype
 WARNING: untranslated string: hardware support
 WARNING: untranslated string: incoming traffic in bytes per second
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
@@ -810,6 +814,7 @@ WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn default
 WARNING: untranslated string: openvpn destination port used
@@ -850,6 +855,8 @@ WARNING: untranslated string: snat new source ip address
 WARNING: untranslated string: ssh
 WARNING: untranslated string: static routes
 WARNING: untranslated string: support donation
 WARNING: untranslated string: system has hwrng
 WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: tor
 WARNING: untranslated string: tor accounting
 WARNING: untranslated string: tor accounting bytes
@@ -898,6 +905,7 @@ WARNING: untranslated string: tor traffic limit hard
 WARNING: untranslated string: tor traffic limit soft
 WARNING: untranslated string: tor traffic read written
 WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uplink
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: visit us at
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -214,6 +214,7 @@ WARNING: translation string unused: firewall log viewer
 WARNING: translation string unused: firmware
 WARNING: translation string unused: firmware upload
 WARNING: translation string unused: force update
 WARNING: translation string unused: forward firewall
 WARNING: translation string unused: forwarding rule added
 WARNING: translation string unused: forwarding rule removed
 WARNING: translation string unused: forwarding rule updated
@@ -228,6 +229,8 @@ WARNING: translation string unused: from warn email bad
 WARNING: translation string unused: fwdfw MODE1
 WARNING: translation string unused: fwdfw MODE2
 WARNING: translation string unused: fwdfw addrule
 WARNING: translation string unused: fwdfw err nosrcip
 WARNING: translation string unused: fwdfw err notgtip
 WARNING: translation string unused: fwdfw err prot_port1
 WARNING: translation string unused: fwdfw final_rule
 WARNING: translation string unused: fwdfw from
@@ -241,7 +244,6 @@ WARNING: translation string unused: fwdfw std network
 WARNING: translation string unused: fwdfw till
 WARNING: translation string unused: fwdfw time
 WARNING: translation string unused: fwdfw xt access
 WARNING: translation string unused: fwhost addrule
 WARNING: translation string unused: fwhost attention
 WARNING: translation string unused: fwhost blue
 WARNING: translation string unused: fwhost changeremark
@@ -301,6 +303,7 @@ WARNING: translation string unused: invalid upstream proxy username or password
 WARNING: translation string unused: invert
 WARNING: translation string unused: ip address in use
 WARNING: translation string unused: ipfire side
 WARNING: translation string unused: ipsec no connections
 WARNING: translation string unused: iptable rules
 WARNING: translation string unused: isdn
 WARNING: translation string unused: isdn settings
@@ -631,60 +634,19 @@ WARNING: translation string unused: xtaccess bad transfert
 WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
 WARNING: untranslated string: advproxy errmsg proxy ports equal
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bit
 WARNING: untranslated string: bytes
-WARNING: untranslated string: dead peer detection
+WARNING: untranslated string: ccd err isipsecrw
-WARNING: untranslated string: default ip
+WARNING: untranslated string: ccd err isovpnn2n
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dpd delay
 WARNING: untranslated string: dpd timeout
 WARNING: untranslated string: drop action
 WARNING: untranslated string: drop action1
 WARNING: untranslated string: drop action2
 WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
-WARNING: untranslated string: encryption
+WARNING: untranslated string: entropy graphs
-WARNING: untranslated string: entropy
+WARNING: untranslated string: fwdfw warn1
 WARNING: untranslated string: firewall rules
 WARNING: untranslated string: first
 WARNING: untranslated string: fwdfw dnat extport
 WARNING: untranslated string: fwdfw dnat nochoice
 WARNING: untranslated string: fwdfw dnat porterr2
 WARNING: untranslated string: fwdfw hint mac
 WARNING: untranslated string: fwhost err hostip
-WARNING: untranslated string: grouptype
+WARNING: untranslated string: hardware support
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
 WARNING: untranslated string: ipsec
 WARNING: untranslated string: ipsec network
 WARNING: untranslated string: last
-WARNING: untranslated string: least preferred
+WARNING: untranslated string: no hardware random number generator
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
 WARNING: untranslated string: minimum
 WARNING: untranslated string: most preferred
 WARNING: untranslated string: notice
 WARNING: untranslated string: openvpn network
 WARNING: untranslated string: ovpn mgmt in root range
 WARNING: untranslated string: ovpn no connections
 WARNING: untranslated string: ovpn port in root range
 WARNING: untranslated string: p2p block
 WARNING: untranslated string: p2p block save notice
 WARNING: untranslated string: red1
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
-WARNING: untranslated string: snat new source ip address
+WARNING: untranslated string: system has hwrng
-WARNING: untranslated string: ssh
+WARNING: untranslated string: system has rdrand
 WARNING: untranslated string: support donation
 WARNING: untranslated string: tor directory port
 WARNING: untranslated string: tor errmsg invalid directory port
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: wlan clients
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -39,6 +39,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
 < ccd err isipsecrw
 < ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -75,6 +77,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
 < downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -84,6 +87,7 @@
 < drop outgoing
 < encryption
 < entropy
 < entropy graphs
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
@@ -185,6 +189,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
 < fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -278,6 +283,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
 < hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -292,6 +298,7 @@
 < minimum
 < minute
 < most preferred
 < no hardware random number generator
 < notice
 < ntp common settings
 < ntp sync
@@ -333,6 +340,8 @@
 < ssh
 < static routes
 < support donation
 < system has hwrng
 < system has rdrand
 < system information
 < tor
 < tor 0 = disabled
@@ -389,6 +398,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
 < upload new ruleset
 < uptime
 < uptime load average
@@ -483,6 +493,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
 < ccd err isipsecrw
 < ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -518,6 +530,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
 < downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -527,6 +540,7 @@
 < drop outgoing
 < encryption
 < entropy
 < entropy graphs
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
@@ -628,6 +642,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
 < fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -721,6 +736,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
 < hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -735,6 +751,7 @@
 < minimum
 < minute
 < most preferred
 < no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -792,6 +809,8 @@
 < ssh
 < static routes
 < support donation
 < system has hwrng
 < system has rdrand
 < system information
 < tor
 < tor 0 = disabled
@@ -848,6 +867,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
 < uptime
 < uptime load average
 < urlfilter redirect template
@@ -918,6 +938,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
 < ccd err isipsecrw
 < ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -953,6 +975,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
 < downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -962,6 +985,7 @@
 < drop outgoing
 < encryption
 < entropy
 < entropy graphs
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < extrahd install or load driver
@@ -1055,6 +1079,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
 < fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -1148,6 +1173,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
 < hardware support
 < integrity
 < invalid input for dpd delay
 < invalid input for dpd timeout
@@ -1162,6 +1188,7 @@
 < minimum
 < minute
 < most preferred
 < no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -1204,6 +1231,8 @@
 < ssh
 < static routes
 < support donation
 < system has hwrng
 < system has rdrand
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1259,6 +1288,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
 < uptime
 < uptime load average
 < urlfilter redirect template
@@ -1330,6 +1360,8 @@
 < ccd err iroute
 < ccd err irouteexist
 < ccd err isipsecnet
 < ccd err isipsecrw
 < ccd err isovpnn2n
 < ccd err isovpnnet
 < ccd err issubnet
 < ccd err name
@@ -1367,6 +1399,7 @@
 < dnsforward forward_server
 < dnsforward zone
 < dns servers
 < downlink
 < dpd delay
 < dpd timeout
 < drop action
@@ -1377,6 +1410,7 @@
 < Edit an existing route
 < encryption
 < entropy
 < entropy graphs
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < extrahd install or load driver
@@ -1471,6 +1505,7 @@
 < fwdfw use nat
 < fwdfw use srcport
 < fwdfw use srv
 < fwdfw warn1
 < fwdfw wd_fri
 < fwdfw wd_mon
 < fwdfw wd_sat
@@ -1564,6 +1599,7 @@
 < fw settings remark
 < fw settings ruletable
 < grouptype
 < hardware support
 < hour-graph
 < incoming traffic in bytes per second
 < integrity
@@ -1581,6 +1617,7 @@
 < minute
 < month-graph
 < most preferred
 < no hardware random number generator
 < notice
 < openvpn default
 < openvpn destination port used
@@ -1620,6 +1657,8 @@
 < ssh
 < static routes
 < support donation
 < system has hwrng
 < system has rdrand
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -1675,6 +1714,7 @@
 < tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uplink
 < uptime
 < uptime load average
 < urlfilter redirect template
--- a/html/cgi-bin/entropy.cgi
+++ b/html/cgi-bin/entropy.cgi
@@ -48,6 +48,42 @@ if ( $querry[0] ne~ "") {
 	&Graphs::makegraphbox("entropy.cgi", "day", '', 350);
 	&Header::closebox();
 	# Check for hardware support.
 	my $message;
 	my $message_colour = $Header::colourred;
 	if (&has_hwrng()) {
 		$message = $Lang::tr{'system has hwrng'};
 		$message_colour = $Header::colourgreen;
 	} elsif (&has_rdrand()) {
 		$message = $Lang::tr{'system has rdrand'};
 		$message_colour = $Header::colourgreen;
 	} else {
 		$message = $Lang::tr{'no hardware random number generator'};
 	}
 	&Header::openbox('100%', 'center', $Lang::tr{'hardware support'});
 	print <<EOF;
 		<p style="color: $message_colour; text-align: center;">$message</p>
 EOF
 	&Header::closebox();
 	&Header::closebigbox();
 	&Header::closepage();
 }
 sub has_hwrng() {
 	return (-c "/dev/hwrng");
 }
 sub has_rdrand() {
 	open(FILE, "/proc/cpuinfo") or return 0;
 	my @cpuinfo = <FILE>;
 	close(FILE);
 	my @result = grep(/rdrand/, @cpuinfo);
 	if (@result) {
 		return 1;
 	}
 	return 0;
 }
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -2375,26 +2375,18 @@ END
 				if($$hash{$key}[3] eq  'ipsec_net_src'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_net_src'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_n2n_src'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[3] eq  'ovpn_host_src'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2402,26 +2394,18 @@ END
 				if($$hash{$key}[5] eq 'ipsec_net_tgt'){
 					if(&fwlib::get_ipsec_net_ip($host,11) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){
 					if(&fwlib::get_ovpn_net_ip($host,1) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){
 					if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
 						&disable_rule($key);
 						$$hash{$key}[2]='';
 					}
 				}
 			}
@@ -2429,15 +2413,11 @@ END
 			foreach my $netgroup (sort keys %customgrp){
 				if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){
 					$coloryellow='on';
 					&disable_rule($key);
 					$$hash{$key}[2]='';
 				}
 			}
 			foreach my $srvgroup (sort keys %customservicegrp){
 				if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){
 					$coloryellow='on';
 					&disable_rule($key);
 					$$hash{$key}[2]='';
 				}
 			}
 			$$hash{'ACTIVE'}=$$hash{$key}[2];
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -21,7 +21,8 @@
 use strict;
 # enable only the following on debugging purpose
-use warnings;
+#use warnings;
 use Sort::Naturally;
 use CGI::Carp 'fatalsToBrowser';
 no warnings 'uninitialized';
@@ -1235,7 +1236,7 @@ END
 				<tr><form method='post' style='display:inline'>
 					<td>$Lang::tr{'remark'}:</td>
 					<td colspan='2' style='width:98%;'><input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'></td>
-					<td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td>
+					<td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='grp' value='$fwhostsettings{'grp_name'}'><input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='ACTION' value='changegrpremark' ></td>
 				</tr>
 			</table></form>
 			<br><br>
@@ -1255,7 +1256,7 @@ END
 					</label>
 				</td>
 				<td style='text-align:right;'>
-					<select name='DEFAULT_SRC_ADR' style='min-width:16em;'>
+					<select name='DEFAULT_SRC_ADR' style='width:16em;'>
 END
 			foreach my $network (sort keys %defaultNetworks)
 			{
@@ -1284,7 +1285,7 @@ END
 						</label>
 					</td>
 					<td style='text-align:right;'>
-						<select name='CUST_SRC_NET' style='min-width:16em;'>";
+						<select name='CUST_SRC_NET' style='width:16em;'>";
 END
 				foreach my $key (sort { ncmp($customnetwork{$a}[0],$customnetwork{$b}[0]) } keys  %customnetwork) {
 					print"<option>$customnetwork{$key}[0]</option>";
@@ -1301,7 +1302,7 @@ END
 						</label>
 					</td>
 					<td style='text-align:right;'>
-						<select name='CUST_SRC_HOST' style='min-width:16em;'>";
+						<select name='CUST_SRC_HOST' style='width:16em;'>";
 END
 				foreach my $key (sort { ncmp($customhost{$a}[0],$customhost{$b}[0]) } keys %customhost) {
 					print"<option>$customhost{$key}[0]</option>";
@@ -1321,7 +1322,7 @@ END
 					</label>
 				</td>
 				<td style='text-align:right;'>
-					<select name='OVPN_CCD_NET' style='min-width:16em;'>";
+					<select name='OVPN_CCD_NET' style='width:16em;'>";
 END
 				foreach my $key (sort { ncmp($ccdnet{$a}[0],$ccdnet{$b}[0]) }  keys %ccdnet)
 				{
@@ -1330,10 +1331,17 @@ END
 				print"</select></td></tr>";
 			}
 			#OVPN clients
 			my @ovpn_clients=();
 			foreach my $key (sort { ncmp($ccdhost{$a}[0],$ccdhost{$b}[0]) } keys %ccdhost)
 			{
 				if ($ccdhost{$key}[33] ne ''){
-					print<<END;
+					$show='1';
 					push (@ovpn_clients,$ccdhost{$key}[1]);
 				}
 			}
 			if ($show eq '1'){
 				$show='';
 				print<<END;
 					<td style='width:15em;'>
 						<label>
 							<input type='radio' name='grp2' value='ovpn_host' $checked{'grp2'}{'ovpn_host'}>
@@ -1341,17 +1349,24 @@ END
 						</label>
 					</td>
 					<td style='text-align:right;'>
-						<select name='OVPN_CCD_HOST' style='min-width:16em;'>" if ($show eq '');
+						<select name='OVPN_CCD_HOST' style='width:16em;'>" if ($show eq '');
 END
-					$show='1';
+				foreach(@ovpn_clients){
-					print"<option value='$ccdhost{$key}[1]'>$ccdhost{$key}[1]</option>";
+					print"<option value='$_'>$_</option>";
 				}
 				print"</select></td></tr>";
 			}
 			if ($show eq '1'){$show='';print"</select></td></tr>";}
 			#OVPN n2n networks
 			my @OVPN_N2N=();
 			foreach my $key (sort { ncmp($ccdhost{$a}[1],$ccdhost{$b}[1]) } keys %ccdhost) {
 				if($ccdhost{$key}[3] eq 'net'){
-					print<<END;
+					$show='1';
 					push (@OVPN_N2N,$ccdhost{$key}[1]);
 				}
 			}
 			if ($show eq '1'){
 				$show='';
 				print<<END;
 					<td style='width:15em;'>
 						<label>
 							<input type='radio' name='grp2' id='OVPN_N2N' value='ovpn_n2n' $checked{'grp2'}{'ovpn_n2n'}>
@@ -1359,17 +1374,24 @@ END
 						</label>
 					</td>
 					<td style='text-align:right;'>
-						<select name='OVPN_N2N' style='min-width:16em;'>"
+						<select name='OVPN_N2N' style='width:16em;'>"
 END
-					$show='1';
+				foreach(@OVPN_N2N){
-					print"<option>$ccdhost{$key}[1]</option>";
+					print"<option>$_</option>";
 				}
 				print"</select></td></tr>";
 			}
 			if ($show eq '1'){$show='';print"</select></td></tr>";}
 			#IPsec networks
 			my @IPSEC_N2N=();
 			foreach my $key (sort { ncmp($ipsecconf{$a}[0],$ipsecconf{$b}[0]) } keys %ipsecconf) {
 				if ($ipsecconf{$key}[3] eq 'net'){
-					print<<END;
+					$show='1';
 					push (@IPSEC_N2N,$ipsecconf{$key}[1]);
 				}
 			}
 			if ($show eq '1'){
 				$show='';
 				print<<END;
 					<td style='width:15em;'>
 						<label>
 							<input type='radio' name='grp2' id='IPSEC_NET' value='ipsec_net' $checked{'grp2'}{'ipsec_net'}>
@@ -1377,13 +1399,13 @@ END
 						</label>
 					</td>
 					<td style='text-align:right;'>
-					<select name='IPSEC_NET' style='min-width:16em;'>"
+					<select name='IPSEC_NET' style='width:16em;'>"
 END
-					$show='1';
+				foreach(@IPSEC_N2N){
-					print"<option value='$ipsecconf{$key}[1]'>$ipsecconf{$key}[1]</option>";
+					print"<option value='$_'>$_</option>";
 				}
 			}
-			if ($show eq '1'){$show='';print"</select></td></tr>";}
+			print"</select></td></tr>";
 			print"</table>";
 			print"</td></tr></table>";
 			print"<br><br>";
@@ -1478,9 +1500,28 @@ END
 		print<<END;
 		<table width='100%'><form method='post' style='display:inline'>
 		<tr><td width='10%'>$Lang::tr{'fwhost addgrpname'}</td><td width='20%'><input type='text' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}' size='14'></td><td align='left'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldsrvgrpname' value='$fwhostsettings{'oldsrvgrpname'}'><input type='hidden' name='ACTION' value='changesrvgrpname'></td><td width='3%'></td></form></tr>
-		<tr><form method='post'><td width='10%'>$Lang::tr{'remark'}:</td><td colspan='2'><input type='text' name='newsrvrem'  value='$fwhostsettings{'SRVGRP_REMARK'}' style='width:98%;'></td><td align='right'><input type='submit' value='$Lang::tr{'fwhost change'}'><input type='hidden' name='oldsrvrem' value='$fwhostsettings{'oldsrvgrpremark'}'><input type='hidden' name='ACTION' value='changesrvgrpremark' ></td></tr>
+		<tr>
-		<tr><td colspan='4'><br></td></td></tr>
+			<form method='post'>
-		</table></form>
+				<td width='10%'>
 					$Lang::tr{'remark'}:
 				</td>
 				<td colspan='2'>
 					<input type='text' name='newsrvrem'  value='$fwhostsettings{'SRVGRP_REMARK'}' style='width:98%;'>
 				</td>
 				<td align='right'>
 					<input type='submit' value='$Lang::tr{'fwhost change'}'>
 					<input type='hidden' name='oldsrvrem' value='$fwhostsettings{'oldsrvgrpremark'}'>
 					<input type='hidden' name='srvgrp' value='$fwhostsettings{'SRVGRP_NAME'}'>
 					<input type='hidden' name='ACTION' value='changesrvgrpremark' >
 				</td>
 		</tr>
 		<tr>
 				<td colspan='4'>
 					<br>
 				</td>
 		</tr>
 		</table>
 			</form>
 END
 	}
 	if($fwhostsettings{'updatesrvgrp'} eq 'on'){
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -228,8 +228,6 @@ END
 #Dial profiles
 if ( $netsettings{'RED_TYPE'} ne "STATIC" && $netsettings{'RED_TYPE'} ne "DHCP" ){
 	# The dialctrl.pl script outputs html
 	print `/usr/local/bin/dialctrl.pl show`;
 	if ( ( $pppsettings{'VALID'} eq 'yes' ) || ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ ) ) {
 		print <<END;
 		<br/>
@@ -358,7 +356,7 @@ if (($confighash{'ENABLED'} eq "on") ||
 	$ovpnip="$ovpnip/$sub";
 print <<END;
 	<tr>
-		<td style='width:25%; text-align:center; background-color:$Header::colourvpn;'>
+		<td style='width:25%; text-align:center; background-color:$Header::colourovpn;'>
 			<a href='/cgi-bin/ovpnmain.cgi' style='color:white'><b>OpenVPN</b></a>
 		</td>
 		<td style='width:30%; text-align:center;'>$ovpnip</td>
@@ -372,7 +370,7 @@ print"</table>";
 #Check if there are any vpns configured (ipsec and openvpn)
 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
 foreach my $key (sort { ncmp($vpnconfig{$a}[1],$vpnconfig{$b}[1]) } keys %vpnconfig) {
-	if ($vpnconfig{$key}[0] eq 'on'){
+	if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host'){
 		$showipsec=1;
 		$showbox=1;
 		last;
@@ -409,7 +407,7 @@ if ($showbox){
 		</tr>
 END
 		foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
-			if ($vpnconfig{$key}[0] eq 'on') {
+			if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
 				$count++;
 				my ($vpnip,$vpnsub) = split("/",$vpnconfig{$key}[11]);
 				$vpnsub=&General::iporsubtocidr($vpnsub);
@@ -420,8 +418,8 @@ END
 					$col = $color{'color20'};
 				}
 				print "<tr>";
-				print "<td style='text-align:left; color:white; background-color:$Header::colourovpn;'>$vpnconfig{$key}[1]</td>";
+				print "<td style='text-align:left; color:white; background-color:$Header::colourvpn;'>$vpnconfig{$key}[1]</td>";
-				print "<td style='text-align:left; background-color:$col'>$vpnip</td>";
+				print "<td style='text-align:center; background-color:$col'>$vpnip</td>";
 				my $activecolor = $Header::colourred;
 				my $activestatus = $Lang::tr{'capsclosed'};
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2159,7 +2159,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
    } else {
 	$errormessage = $Lang::tr{'invalid key'};
    }
-
+	&General::firewall_reload();
 ###
 ### Download PKCS12 file
@@ -3509,8 +3509,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 		  goto VPNCONF_ERROR;
-		}
+	}
-   
+	#Check if remote subnet is used elsewhere
 	my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
 	$warnmessage=&General::checksubnets('',$n2nip,'ovpn');
 	if ($warnmessage){
 		$warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
 	}
 }
 #	if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
@@ -4569,6 +4574,16 @@ END
 	&Header::closebox();
    }
 	if ($warnmessage) {
 		&Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
 		print "$warnmessage<br>";
 		print "$Lang::tr{'fwdfw warn1'}<br>";
 		&Header::closebox();
 		print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
 		&Header::closepage();
 		exit 0;
 	}
    my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
    my $srunning = "no";
    my $activeonrun = "";
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1225,7 +1225,7 @@ END
    } else {
 	$errormessage = $Lang::tr{'invalid key'};
    }
-
+	&General::firewall_reload();
 ###
 ### Choose between adding a host-net or net-net connection
 ###
@@ -1407,14 +1407,13 @@ END
 	    goto VPNCONF_ERROR;
 	}
-#temporary disabled (BUG 10294)
+	if ($cgiparams{'TYPE'} eq 'net'){
-#	if ($cgiparams{'TYPE'} eq 'net'){
+		$warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec');
-#		$errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+		if ($warnmessage ne ''){
-#		if ($errormessage ne ''){
+			$warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
-#			goto VPNCONF_ERROR;
+		}
-#		}
+	}
-#		
+
 #	}
 	if ($cgiparams{'AUTH'} eq 'psk') {
 	    if (! length($cgiparams{'PSK'}) ) {
 		$errormessage = $Lang::tr{'pre-shared key is too short'};
@@ -2520,7 +2519,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 		<td>
 			<label>
 				<input type='checkbox' name='ONLY_PROPOSED' $checked{'ONLY_PROPOSED'} />
-				IKE+ESP: $Lang::tr{'use only proposed settings'}</td>
+				IKE+ESP: $Lang::tr{'use only proposed settings'}
 			</label>
 		</td>
 	</tr>
@@ -2612,6 +2611,16 @@ EOF
 	&Header::closebox();
    }
 	if ($warnmessage) {
 		&Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
 		print "$warnmessage<br>";
 		print "$Lang::tr{'fwdfw warn1'}<br>";
 		&Header::closebox();
 		print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
 		&Header::closepage();
 		exit 0;
 	}
    &Header::openbox('100%', 'left', $Lang::tr{'global settings'});
    print <<END
    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
--- a/html/html/themes/ipfire/include/functions.pl
+++ b/html/html/themes/ipfire/include/functions.pl
@@ -110,7 +110,7 @@ sub openpage {
 	&genmenu();
 	my $headline = "IPFire";
-	if ($settings{'WINDOWWITHHOSTNAME'} eq 'on') {
+	if (($settings{'WINDOWWITHHOSTNAME'} eq 'on') || ($settings{'WINDOWWITHHOSTNAME'} eq '')) {
 		$headline =  "$settings{'HOSTNAME'}.$settings{'DOMAINNAME'}";
 	}
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -481,8 +481,10 @@
 'ccd err iroute' => 'Netzadresse für Route ungültig.',
 'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
 'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
-'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
+'ccd err isipsecrw' => 'Diese Subnetzadresse wird bereits für das IPsec-RW Netz verwendet.',
-'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
+'ccd err isovpnn2n' => 'Die Subnetzadresse wird für bereits für eine OpenVPN Netz-zu-Netz-Verbindung verwendet.',
 'ccd err isovpnnet' => 'Die Subnetzadresse wird für bereits für den OpenVPN-Server verwendet.',
 'ccd err issubnet' => 'Die Subnetzadresse wird bereits verwendet.',
 'ccd err name' => 'Es muss ein Name angegeben werden.',
 'ccd err nameexist' => 'Name existiert bereits.',
 'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.',
@@ -813,6 +815,7 @@
 'enter ack class' => 'Legen Sie hier die ACK-Klasse fest <br /> und klicken Sie danach auf <i>Speichern</i>.',
 'enter data' => 'Geben Sie die Daten ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
 'entropy' => 'Entropie',
 'entropy graphs' => 'Entropiegraphen',
 'err bk 1' => 'Fehler beim Erzeugen des Archivs',
 'err bk 10 password' => 'Fehler beim Datensicherungs-Passwort',
 'err bk 2 key' => 'Fehler beim Erzeugen der Schlüsseldatei',
@@ -1005,6 +1008,7 @@
 'fwdfw use srcport' => 'Quellport:',
 'fwdfw use srv' => 'Zielport:',
 'fwdfw useless rule' => 'Diese Regel ist nicht sinnvoll.',
 'fwdfw warn1' => 'Dies kann dazu führen, dass Firewallregeln auf Netze angewendet werden, für die sie nicht gedacht sind.',
 'fwdfw wd_fri' => 'Fr',
 'fwdfw wd_mon' => 'Mo',
 'fwdfw wd_sat' => 'Sa',
@@ -1131,6 +1135,7 @@
 'harddisk temperature' => 'Festplattentemperatur',
 'harddisk temperature graphs' => 'HDD-Diagramme',
 'hardware graphs' => 'Hardware-Diagramme',
 'hardware support' => 'Hardware-Unterstützung',
 'hdd temperature in' => 'Festplattentemperatur in',
 'help' => 'Hilfe',
 'high' => 'Hoch',
@@ -1506,6 +1511,7 @@
 'no eciadsl synch.bin file' => 'Keine ECI ADSL Datei synch.bin vorhanden. Bitte hochladen.',
 'no filter pass' => 'Legen Sie hier die Standardklassen fest durch die nicht-gefilterte Pakete gehen.',
 'no fritzdsl driver' => 'Kein Fritz!DSL-Treiber vorhanden. Bitte hochladen.',
 'no hardware random number generator' => 'Dieses System hat keine Entropiequelle.',
 'no information available' => 'Keine Informationen verfügbar.',
 'no log selected' => 'kein Log ausgewählt',
 'no modem selected' => 'Kein Modem ausgewählt',
@@ -1976,6 +1982,8 @@
 'swap usage per' => 'Nutzung von Auslagerungsspeicher (Swap) pro',
 'system' => 'System',
 'system graphs' => 'System-Diagramme',
 'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
 'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
 'system information' => 'Systeminformationen',
 'system log viewer' => 'Betrachter der System-Logdateien',
 'system logs' => 'System-Logdateien',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -499,8 +499,10 @@
 'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
 'ccd err iroute' => 'Network address for route is invalid.',
 'ccd err irouteexist' => 'This route is already in use.',
-'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
+'ccd err isipsecnet' => 'The given subnet address is already used by an IPsec network.',
-'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
+'ccd err isipsecrw' => 'The given subnet address is already used by the IPsec rw network.',
 'ccd err isovpnn2n' => 'The subnet address is already in use for an OpenVPN net-to-net connection.',
 'ccd err isovpnnet' => 'The subnet address is already in use for the OpenVPN server.',
 'ccd err issubnet' => 'Subnet address already in use.',
 'ccd err name' => 'Please choose a name.',
 'ccd err nameexist' => 'Name already exists.',
@@ -839,6 +841,7 @@
 'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
 'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
 'entropy' => 'Entropy',
 'entropy graphs' => 'Entropy Graphs',
 'err bk 1' => 'Error creating archive',
 'err bk 10 password' => 'Error with backup password',
 'err bk 2 key' => 'Error creating key file',
@@ -1031,6 +1034,7 @@
 'fwdfw use srcport' => 'Source port:',
 'fwdfw use srv' => 'Destination port:',
 'fwdfw useless rule' => 'This rule is useless.',
 'fwdfw warn1' => 'This might lead to firewallrules which are applied to networks for which they are not intended to be.',
 'fwdfw wd_fri' => 'Fri',
 'fwdfw wd_mon' => 'Mon',
 'fwdfw wd_sat' => 'Sat',
@@ -1159,6 +1163,7 @@
 'harddisk temperature' => 'Harddisk Temperature',
 'harddisk temperature graphs' => 'HDD Graphs',
 'hardware graphs' => 'Hardware Graphs',
 'hardware support' => 'Hardware Support',
 'hdd temperature in' => 'Harddisk temperature in',
 'help' => 'Help',
 'high' => 'High',
@@ -1535,6 +1540,7 @@
 'no eciadsl synch.bin file' => 'No ECI ADSL synch.bin file. Please upload.',
 'no filter pass' => 'Enter the standard class for non-filtered packets.',
 'no fritzdsl driver' => 'No Fritz!DSL driver.  Please upload.',
 'no hardware random number generator' => 'This system has no source for entropy.',
 'no information available' => 'No information available.',
 'no log selected' => 'No log selected',
 'no modem selected' => 'No modem selected',
@@ -2011,6 +2017,8 @@
 'swap usage per' => 'Swap usage per',
 'system' => 'System',
 'system graphs' => 'System Graphs',
 'system has hwrng' => 'This system has got a hardware random number generator.',
 'system has rdrand' => 'This system has got support for Intel(R) RDRAND.',
 'system information' => 'System Information',
 'system log viewer' => 'System Log Viewer',
 'system logs' => 'System Logs',
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
--- a/lfs/beep
+++ b/lfs/beep
@@ -24,7 +24,7 @@
 include Config
-VER        = 1.2.2
+VER        = 1.3
 THISAPP    = beep-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d541419fd7e5642952d7b48cbb40c712
+$(DL_FILE)_MD5 = 49c340ceb95dbda3f97b2daafac7892a
 install : $(TARGET)
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -185,13 +185,9 @@ $(TARGET) :
 		/etc/rc.d/init.d/networking/red.up/23-RS-snort
 	ln -sf ../../../../../usr/local/bin/qosctrl \
 		/etc/rc.d/init.d/networking/red.up/24-RS-qos
 	ln -sf ../../../../../usr/local/bin/dialctrl.pl \
 		/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
 	ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
 	ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
 	ln -sf ../../firewall /etc/rc.d/init.d/networking/red.down/20-RL-firewall
 	ln -sf ../../../../../usr/local/bin/dialctrl.pl \
 		/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 	for i in green blue orange; do \
 		ln -sf any /etc/rc.d/init.d/networking/$$i; \
--- a/lfs/linux
+++ b/lfs/linux
@@ -127,9 +127,6 @@ ifneq "$(KCFG)" "-headers"
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
 endif
 	# Disable pcspeaker autoload
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
 	# Remove ACPI Blacklist message
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6-silence-acpi-blacklist.patch
--- a/lfs/samba
+++ b/lfs/samba
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 include Config
-VER        = 3.6.22
+VER        = 3.6.23
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 56
+PAK_VER    = 57
 DEPS       = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 59add4bb178ebc188d857bc13a508c0b
+$(DL_FILE)_MD5 = 2f7aee1dc5d31aefcb364600915b31dc
 install : $(TARGET)
--- a/lfs/sudo
+++ b/lfs/sudo
@@ -24,7 +24,7 @@
 include Config
-VER        = 1.6.8p12
+VER        = 1.8.10p1
 THISAPP    = sudo-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b29893c06192df6230dd5f340f3badf5
+$(DL_FILE)_MD5 = 1d9c2bc5aaf02608343d17b9a666e8e1
 install : $(TARGET)
@@ -70,10 +70,16 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-envvar_fix-1.patch
+	cd $(DIR_APP) && \
-	cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib \
+		./configure \
-			    --enable-noargs-shell --with-ignore-dot --with-all-insults \
+			--prefix=/usr \
-			    --enable-shell-sets-home && \
+			--libexecdir=/usr/lib \
 			--with-logging=syslog \
 			--with-logfac=authpriv \
 			--with-env-editor \
 			--with-ignore-dot \
 			--with-tty-tickets \
 			--with-passpromt="[sudo] password for %p: "
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	@rm -rf $(DIR_APP)
--- a/lfs/tzdata
+++ b/lfs/tzdata
@@ -24,15 +24,18 @@
 include Config
-VER        = 2012h
+VER        = 2014a
-TZDATA_VER = 2012h
+TZDATA_VER = $(VER)
-TZCODE_VER = 2012h
+TZCODE_VER = $(VER)
 THISAPP    = tzdata-$(VER)
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 FILES      = africa antarctica asia australasia europe \
 	northamerica southamerica pacificnew etcetera backward
 ###############################################################################
 # Top-level Rules
 ###############################################################################
@@ -42,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz
 tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
 tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_MD5 = b937335e087fb85b7f8e3ce33e69184b
+tzdata$(TZDATA_VER).tar.gz_MD5 = 423a11bcffc10dda578058cf1587d048
-tzcode$(TZCODE_VER).tar.gz_MD5 = 44b3b6c3e50240ac44f16437040a7ba2
+tzcode$(TZCODE_VER).tar.gz_MD5 = 77ccbb720f0f2076f12dff6ded70eb98
 install : $(TARGET)
@@ -77,16 +80,21 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	tar axf $(DIR_DL)/tzdata$(TZDATA_VER).tar.gz -C $(DIR_APP)
 	tar axf $(DIR_DL)/tzcode$(TZCODE_VER).tar.gz -C $(DIR_APP)
-	cd $(DIR_APP) && make TOPDIR=/usr ETCDIR=/tmp LIBDIR=/tmp MANDIR=/tmp \
+	cd $(DIR_APP) && mkdir -pv zoneinfo/{,posix,right}
-		TZDIR=/usr/share/zoneinfo all
+	cd $(DIR_APP) && zic -y ./yearistype -d zoneinfo \
-	cd $(DIR_APP) && make TOPDIR=/usr ETCDIR=/tmp LIBDIR=/tmp MANDIR=/tmp \
+		-L /dev/null -p GMT $(FILES)
-		TZDIR=/usr/share/zoneinfo install
+	cd $(DIR_APP) && zic -y ./yearistype -d zoneinfo/posix \
 		-L /dev/null $(FILES)
 	cd $(DIR_APP) && zic -y ./yearistype -d zoneinfo/right \
 		-L /dev/null $(FILES)
 	rm -rf /usr/share/zoneinfo
 	cd $(DIR_APP) && cp -prd zoneinfo /usr/share
 	cd $(DIR_APP) && install -p -m 644 zone.tab iso3166.tab \
 		/usr/share/zoneinfo
 	-mkdir -pv /usr/share/zoneinfo
 	mv -v /usr/share/zoneinfo-posix /usr/share/zoneinfo/posix
 	mv -v /usr/share/zoneinfo-leaps /usr/share/zoneinfo/right
 	rm -vf /usr/share/zoneinfo/localtime
 	cp -vf /usr/share/zoneinfo/GMT /etc/localtime
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
+++ b/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
@@ -1,12 +0,0 @@
 diff --git a/drivers/input/misc/pcspkr.c b/drivers/input/misc/pcspkr.c
 index 34f4d2e..3e40c70 100644
 --- a/drivers/input/misc/pcspkr.c
 +++ b/drivers/input/misc/pcspkr.c
@@ -24,7 +24,6 @@
 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
 MODULE_DESCRIPTION("PC Speaker beeper driver");
 MODULE_LICENSE("GPL");
 -MODULE_ALIAS("platform:pcspkr");
 static int pcspkr_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
 {
--- a/src/patches/strongswan-5.0.2_ipfire.patch
+++ b/src/patches/strongswan-5.0.2_ipfire.patch
@@ -1,8 +1,6 @@
 diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
 index 3a40e21..d9f3ea0 100644
 --- a/src/_updown/_updown.in
 +++ b/src/_updown/_updown.in
-@@ -193,6 +193,29 @@ custom:*)		# custom parameters (see above CAUTION comment)
+@@ -178,6 +178,29 @@
 	;;
 esac
@@ -32,7 +30,7 @@ index 3a40e21..d9f3ea0 100644
 # utility functions for route manipulation
 # Meddling with this stuff should not be necessary and requires great care.
 uproute() {
-@@ -397,12 +420,12 @@ up-host:iptables)
+@@ -407,12 +430,12 @@
 	# connection to me, with (left/right)firewall=yes, coming up
 	# This is used only by the default updown script, not by your custom
 	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -46,9 +44,9 @@ index 3a40e21..d9f3ea0 100644
 -	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
 	#
- 	# log IPsec host connection setup
+ 	# allow IPIP traffic because of the implicit SA created by the kernel if
- 	if [ $VPN_LOGGING ]
+ 	# IPComp is used (for small inbound packets that are not compressed)
-@@ -410,10 +433,10 @@ up-host:iptables)
+@@ -428,10 +451,10 @@
 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
 	  then
 	    logger -t $TAG -p $FAC_PRIO \
@@ -61,7 +59,7 @@ index 3a40e21..d9f3ea0 100644
 	  fi
 	fi
 	;;
-@@ -421,12 +444,12 @@ down-host:iptables)
+@@ -439,12 +462,12 @@
 	# connection to me, with (left/right)firewall=yes, going down
 	# This is used only by the default updown script, not by your custom
 	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -75,9 +73,9 @@ index 3a40e21..d9f3ea0 100644
 -	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 +	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50
 	#
- 	# log IPsec host connection teardown
+ 	# IPIP exception teardown
- 	if [ $VPN_LOGGING ]
+ 	if [ -n "$PLUTO_IPCOMP" ]
-@@ -434,10 +457,10 @@ down-host:iptables)
+@@ -459,10 +482,10 @@
 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
 	  then
 	    logger -t $TAG -p $FAC_PRIO -- \
@@ -90,7 +88,7 @@ index 3a40e21..d9f3ea0 100644
 	  fi
 	fi
 	;;
-@@ -447,24 +470,24 @@ up-client:iptables)
+@@ -472,24 +495,24 @@
 	# ones, so do not mess with it; see CAUTION comment up at top.
 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
 	then
@@ -113,16 +111,26 @@ index 3a40e21..d9f3ea0 100644
 -	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 +	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 -	  iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 +	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN
 +	  iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
 -	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 +	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50
 	fi
 	#
- 	# log IPsec client connection setup
+ 	# allow IPIP traffic because of the implicit SA created by the kernel if
-@@ -473,12 +496,51 @@ up-client:iptables)
+@@ -497,7 +520,7 @@
 	# INPUT is correct here even for forwarded traffic.
 	if [ -n "$PLUTO_IPCOMP" ]
 	then
 -	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
 +	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \
 	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
 	fi
 	#
@@ -507,12 +530,51 @@
 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
 	  then
 	    logger -t $TAG -p $FAC_PRIO \
@@ -176,7 +184,7 @@ index 3a40e21..d9f3ea0 100644
 	;;
 down-client:iptables)
 	# connection to client subnet, with (left/right)firewall=yes, going down
-@@ -486,28 +548,28 @@ down-client:iptables)
+@@ -520,34 +582,34 @@
 	# ones, so do not mess with it; see CAUTION comment up at top.
 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
 	then
@@ -202,8 +210,9 @@ index 3a40e21..d9f3ea0 100644
 +	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
- 	         $IPSEC_POLICY_IN -j ACCEPT
+-	         $IPSEC_POLICY_IN -j ACCEPT
 -	  iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 +	         $IPSEC_POLICY_IN -j RETURN
 +	  iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
@@ -211,8 +220,15 @@ index 3a40e21..d9f3ea0 100644
 +	         $IPSEC_POLICY_OUT -j MARK --set-mark 50
 	fi
 	#
- 	# log IPsec client connection teardown
+ 	# IPIP exception teardown
-@@ -516,12 +578,51 @@ down-client:iptables)
+ 	if [ -n "$PLUTO_IPCOMP" ]
 	then
 -	  iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
 +	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \
 	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
 	fi
 	#
@@ -557,12 +619,51 @@
 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
 	  then
 	    logger -t $TAG -p $FAC_PRIO -- \
@@ -266,7 +282,7 @@ index 3a40e21..d9f3ea0 100644
 	;;
 #
 # IPv6
-@@ -556,10 +657,10 @@ up-host-v6:iptables)
+@@ -597,10 +698,10 @@
 	# connection to me, with (left/right)firewall=yes, coming up
 	# This is used only by the default updown script, not by your custom
 	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -279,7 +295,7 @@ index 3a40e21..d9f3ea0 100644
 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 	#
-@@ -580,10 +681,10 @@ down-host-v6:iptables)
+@@ -621,10 +722,10 @@
 	# connection to me, with (left/right)firewall=yes, going down
 	# This is used only by the default updown script, not by your custom
 	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -292,7 +308,7 @@ index 3a40e21..d9f3ea0 100644
 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
 	#
-@@ -606,10 +707,10 @@ up-client-v6:iptables)
+@@ -647,10 +748,10 @@
 	# ones, so do not mess with it; see CAUTION comment up at top.
 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
 	then
@@ -305,7 +321,7 @@ index 3a40e21..d9f3ea0 100644
 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
 	fi
-@@ -618,10 +719,10 @@ up-client-v6:iptables)
+@@ -659,10 +760,10 @@
 	# or sometimes host access via the internal IP is needed
 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
 	then
@@ -318,7 +334,7 @@ index 3a40e21..d9f3ea0 100644
 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
 	fi
-@@ -645,11 +746,11 @@ down-client-v6:iptables)
+@@ -686,11 +787,11 @@
 	# ones, so do not mess with it; see CAUTION comment up at top.
 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
 	then
@@ -332,7 +348,7 @@ index 3a40e21..d9f3ea0 100644
 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
 	         $IPSEC_POLICY_IN -j ACCEPT
-@@ -659,11 +760,11 @@ down-client-v6:iptables)
+@@ -700,11 +801,11 @@
 	# or sometimes host access via the internal IP is needed
 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
 	then
--- a/src/scripts/dialctrl.pl
+++ b/src/scripts/dialctrl.pl
@@ -1,201 +0,0 @@
 #!/usr/bin/perl
 #
 # Dialup Statistics for IPFire
 # based on SilverStar's work on
 # http://goodymuc.go.funpic.de
 #
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$ydat,$isdst)=localtime();
             $jahr=$year;
             $monat=$mon+1;
             $tag=$mday;
             $jahr=$year;
 $jahr=$year +1900;
 if (length($monat) == 1)
 {
    $monat="0$monat";
 }
 if(length($tag) == 1)
 {
   $tag="0$tag";
 }
 if(length($hour) == 1)
 {
   $hour="0$hour";
 }
 if(length($min) == 1)
 {
   $min="0$min";
 }
 if(length($sec) == 1)
 {
   $sec="0$sec";
 }
 my $s_date = $tag."/".$monat."/".$jahr;
 my $s_time = $hour.":".$min.":".$sec;
 my $file_log = "/var/log/counter/dialup.log";
 my $file_connect = "/var/log/counter/connect";
 my $file_reset = "/var/log/counter/reset";
 if ($ARGV[0] eq 'up') {
 	if (! -e "$file_log") {
 		&new;
 	} else {
 		open(CONNECT,">$file_connect");
 		close(CONNECT);
 		open(COUNTER,"<$file_log");
 		$line = <COUNTER>;
 		($start,$update,$up,$down,$rec,$on,$bit) = split(/\|/,$line);
 		close(COUNTER);
 		$up++;
 		$update = $s_date." on ".$s_time;
 		open(COUNTER,">$file_log");
 		print COUNTER "$start\|$update\|$up\|$down\|$rec\|$on\|$bit";
 		close(COUNTER);
 	}
 }
 if ($ARGV[0] eq 'down') {
 	if (! -e "$file_log") {
 		&new;
 	} else {
 		open(COUNTER,"<$file_log");
 		$line = <COUNTER>;
 		($start,$update,$up,$down,$rec,$on,$bit) = split(/\|/,$line);
 		close(COUNTER);
 		$on =~ /(\d+)d\s+(\d+)h\s+(\d+)m\s+(\d+)s/;
 		$d1 = $1; $h1 = $2; $m1 = $3; $s1 = $4;
 		$con = &General::age("$file_connect");
 		$con =~ /(\d+)d\s+(\d+)h\s+(\d+)m\s+(\d+)s/;
 		$d2 = $1; $h2 = $2; $m2 = $3; $s2 = $4;
 		$sum_d = ($d1 + $d2) * 86400;
 		$sum_h = ($h1 + $h2) * 3600;
 		$sum_m = ($m1 + $m2) * 60;
 		$sum_s = ($s1 + $s2);
 		$sum_1 = $sum_d + $sum_h + $sum_m + $sum_s;
 		$d = int($sum_1 / 86400);
 		$totalhours = int($sum_1 / 3600);
 		$h = $totalhours % 24;
 		$totalmins = int($sum_1 / 60);
 		$m = $totalmins % 60;
 		$s = $sum_1 % 60;
 		$on = "${d}d ${h}h ${m}m ${s}s";
 		$down++;
 		$update = $s_date." on ".$s_time;
 		open(COUNTER,">$file_log");
 		print COUNTER "$start\|$update\|$up\|$down\|$rec\|$on\|$bit";
 		close(COUNTER);
 	}
 }
 if ($ARGV[0] eq 'rec') {
 	if (! -e "$file_log") {
 		&new;
 	} else {
 		open(COUNTER,"<$file_log");
 		$line = <COUNTER>;
 		($start,$update,$up,$down,$rec,$on,$bit) = split(/\|/,$line);
 		close(COUNTER);
 		$rec++;
 		$update = $s_date." on ".$s_time;
 		open(COUNTER,">$file_log");
 		print COUNTER "$start\|$update\|$up\|$down\|$rec\|$on\|$bit";
 		close(COUNTER);
 	}
 }
 elsif ($ARGV[0] eq 'show') {
 if (! -e "$file_log") {
 		&new;
 	}
 else {
 		open(COUNTER,"<$file_log");
 			$line = <COUNTER>;
 			($start,$update,$up,$down,$rec,$on,$bit) = split(/\|/,$line);
 			$on =~ /(\d+)d\s+(\d+)h\s+(\d+)m\s+(\d+)s/;
 			$d1 = $1; $h1 = $2; $m1 = $3; $s1 = $4;
 		close(COUNTER);
 		if ( ! -e "${General::swroot}/red/active") {
 			$timecon = "0d 0h 0m 0s";
 		} else {
 			$timecon = &General::age("$file_connect");
 		}
 		$timecon =~ /(\d+)d\s+(\d+)h\s+(\d+)m\s+(\d+)s/;
 		$d2 = $1; $h2 = $2; $m2 = $3; $s2 = $4;
 		$timeres = &General::age("$file_reset");
 		$timeres =~ /(\d+)d\s+(\d+)h\s+(\d+)m\s+(\d+)s/;
 		$d3 = $1; $h3 = $2; $m3 = $3; $s3 = $4;
 		$sum_d1 = ($d1 + $d2) * 86400;
 		$sum_h1 = ($h1 + $h2) * 3600;
 		$sum_m1 = ($m1 + $m2) * 60;
 		$sum_s1 = ($s1 + $s2);
 		$sum_1 = $sum_d1 + $sum_h1 + $sum_m1 + $sum_s1;
 		$sum_d2 = $d3 * 86400;
 		$sum_h2 = $h3 * 3600;
 		$sum_m2 = $m3 * 60;
 		$sum_s2 = $s3;
 		$sum_2 = $sum_d2 + $sum_h2 + $sum_m2 + $sum_s2;
 		$d = int($sum_1 / 86400);
 		$totalhours = int($sum_1 / 3600);
 		$h = $totalhours % 24;
 		$totalmins = int($sum_1 / 60);
 		$m = $totalmins % 60;
 		$s = $sum_1 % 60;
 		$current = "${d}d ${h}h ${m}m ${s}s";
 		$ontime = ( $sum_1 * 100 ) / $sum_2;
 		if ($ontime >= 99.95) {
 			$ontime = sprintf("%.0f", $ontime);
 		}
 		elsif ($ontime <= 0.05) {
 			$ontime = sprintf("%.0f", $ontime);
 		}
 		else {
 			$ontime = sprintf("%.1f", $ontime);
 		}
 print <<END
 <br />$Lang::tr{'since'} $update
 <table style='width:60%'>
 <tr><td>$Lang::tr{'connections'}: $up</td><td>$Lang::tr{'disconnects'}: $down</td><td>$Lang::tr{'attemps'}: $rec</td></tr>
 <tr><td><b>$Lang::tr{'total connection time'}:</b><td>$current</td><td> ~ $ontime%</td></tr>
 </table>
 END
 ;
 	}
 }
 elsif ($ARGV[0] eq 'reset') {
 	&new;
 }
 elsif ($ARGV[0] eq '') {
 	print "\nDont run on the console...\n\n";
 }
 exit 0;
 sub new {
  	open(COUNTER,">$file_log");
  	$start = $s_date." on ".$s_time;
  	$update = "&#8249;no action since clearing&#8250;";
  	$up = "0";
  	$down = "0";
  	$rec = "0";
  	$on = "0d 0h 0m";
  	$bit = "0";
  	print COUNTER "$start\|$update\|$up\|$down\|$rec\|$on\|$bit";
  	close(COUNTER);
  	open(CONNECT,">$file_connect");
 		print CONNECT "0";
 		close(CONNECT);
 		open(RESET,">$file_reset");
 		print RESET "0";
 		close(RESET);
 }