MoBlock hinzugefuegt (fuer Outgoing Firewall)

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@413 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/logwatch/dialup

@@ -0,0 +1,87 @@
+
+##########################################################################
+# $Id: dialup $
+##########################################################################
+
+use Logwatch ':all';
+
+$Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0);
+$Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0);
+
+# Avoid "Use of uninitialized value" warning messages.
+sub ValueOrDefault {
+         my ($value, $default) = @_;
+         return ($value ? $value : $default);
+}
+
+if ( $Debug >= 5 ) {
+	print STDERR "\n\nDEBUG: Inside DIALUP Filter \n\n";
+	$DebugCounter = 1;
+}
+
+while (defined($ThisLine = <STDIN>)) {
+   if ( $Debug >= 5 ) {
+      print STDERR "DEBUG($DebugCounter): $ThisLine";
+      $DebugCounter++;
+   }
+   chomp($ThisLine);
+   
+   if ( $ThisLine =~ /^pppd (\d+).(\d+).(\d+) started by root, uid (\d+)/ )
+   {
+      if ($Debug >= 5) 
+      {
+         print STDERR "DEBUG: Found PPP start\n";
+      }
+      $Starts++
+   }
+   elsif ( $ThisLine =~ /^Connection terminated./ )
+   {
+      if ($Debug >= 5) 
+      {
+         print STDERR "DEBUG: Found PPP down\n";
+      }
+      $Downs++
+   }
+   elsif ( $ThisLine =~ /^PPP session is (\d+)/ )
+   {
+      if ($Debug >= 5) 
+      {
+         print STDERR "DEBUG: Found PPP connect\n";
+      }
+      $Ups++
+   }
+   elsif ( $ThisLine =~ /^Connect time (\d+).(\d+) minutes./ )
+   {
+      if ($Debug >= 5) 
+      {
+         print STDERR "DEBUG: Found PPP connecttime $1\n";
+      }
+      $Uptime += $1 + ($2 / 10);
+   }
+}
+
+###########################################################
+
+if ( $Starts )
+{
+    print "PPP Dial attempts: " . $Starts . " Time(s)\n";
+}
+
+if ( $Ups )
+{
+  print "PPP Connected: " . $Ups . " Time(s)\n";
+}
+
+if ( $Downs )
+{
+  print "PPP Disconnected: " . $Downs . " Time(s)\n";
+}
+
+if ( $Uptime )
+{
+  print "Total connect time: " . $Uptime . " Minutes\n";
+}
+
+exit(0);
+
+# vi: shiftwidth=3 tabstop=3 syntax=perl et

config/logwatch/dialup.conf

@@ -0,0 +1,24 @@
+###########################################################################
+#
+###########################################################################
+
+# You can put comments anywhere you want to.  They are effective for the
+# rest of the line.
+
+# this is in the format of <name> = <value>.  Whitespace at the beginning
+# and end of the lines is removed.  Whitespace before and after the = sign
+# is removed.  Everything is case *insensitive*.
+
+# Yes = True  = On  = 1
+# No  = False = Off = 0
+
+Title = "Dialup"
+
+# Which logfile group...
+LogFile = messages
+
+# Only give lines pertaining to the ppp service...
+*OnlyService = pppd
+*RemoveHeaders
+
+# vi: shiftwidth=3 tabstop=3 et

config/rootfiles/common/iptables

@@ -60,3 +60,28 @@ sbin/iptables
 #usr/share/man/man8/iptables-restore.8
 #usr/share/man/man8/iptables-save.8
 #usr/share/man/man8/iptables.8
+#lib/iptables/libipt_IMQ.so
+#usr/include/libnetfilter_queue
+#usr/include/libnetfilter_queue/libipq.h
+#usr/include/libnetfilter_queue/libnetfilter_queue.h
+#usr/include/libnetfilter_queue/linux_nfnetlink_queue.h
+#usr/include/libnfnetlink
+#usr/include/libnfnetlink/libnfnetlink.h
+#usr/include/libnfnetlink/linux_nfnetlink.h
+#usr/lib/libnetfilter_queue.a
+#usr/lib/libnetfilter_queue.la
+usr/lib/libnetfilter_queue.so
+usr/lib/libnetfilter_queue.so.1
+usr/lib/libnetfilter_queue.so.1.1.0
+#usr/lib/libnetfilter_queue_libipq.a
+#usr/lib/libnetfilter_queue_libipq.la
+usr/lib/libnetfilter_queue_libipq.so
+usr/lib/libnetfilter_queue_libipq.so.1
+usr/lib/libnetfilter_queue_libipq.so.1.0.0
+#usr/lib/libnfnetlink.a
+#usr/lib/libnfnetlink.la
+usr/lib/libnfnetlink.so
+usr/lib/libnfnetlink.so.0
+usr/lib/libnfnetlink.so.0.2.0
+#usr/lib/pkgconfig/libnetfilter_queue.pc
+#usr/lib/pkgconfig/libnfnetlink.pc

config/rootfiles/common/logwatch

@@ -4,89 +4,14 @@
 #etc/log.d/conf/html/footer.html
 #etc/log.d/conf/html/header.html
 etc/log.d/conf/ignore.conf
-#etc/log.d/conf/logfiles
-etc/log.d/conf/logfiles/daemon.conf
-#etc/log.d/conf/logfiles/dnssec.conf
-#etc/log.d/conf/logfiles/fail2ban.conf
-etc/log.d/conf/logfiles/http.conf
-etc/log.d/conf/logfiles/iptables.conf
-etc/log.d/conf/logfiles/kernel.conf
-etc/log.d/conf/logfiles/messages.conf
-#etc/log.d/conf/logfiles/qmail-pop3d-current.conf
-#etc/log.d/conf/logfiles/qmail-pop3ds-current.conf
-#etc/log.d/conf/logfiles/qmail-send-current.conf
-#etc/log.d/conf/logfiles/qmail-smtpd-current.conf
-etc/log.d/conf/logfiles/resolver.conf
-etc/log.d/conf/logfiles/secure.conf
-etc/log.d/conf/logfiles/syslog.conf
-etc/log.d/conf/logfiles/windows.conf
+etc/log.d/conf/logfiles
 etc/log.d/conf/logwatch.conf
-#etc/log.d/conf/services
-etc/log.d/conf/services/dhcpd.conf
-#etc/log.d/conf/services/dnssec.conf
-#etc/log.d/conf/services/dovecot.conf
-#etc/log.d/conf/services/eximstats.conf
-#etc/log.d/conf/services/fail2ban.conf
-etc/log.d/conf/services/http.conf
-etc/log.d/conf/services/init.conf
-etc/log.d/conf/services/iptables.conf
-etc/log.d/conf/services/kernel.conf
-etc/log.d/conf/services/modprobe.conf
-etc/log.d/conf/services/openvpn.conf
-etc/log.d/conf/services/pam_unix.conf
-etc/log.d/conf/services/pluto.conf
-#etc/log.d/conf/services/qmail-pop3d.conf
-#etc/log.d/conf/services/qmail-pop3ds.conf
-#etc/log.d/conf/services/qmail-send.conf
-#etc/log.d/conf/services/qmail-smtpd.conf
-etc/log.d/conf/services/raid.conf
-etc/log.d/conf/services/resolver.conf
-etc/log.d/conf/services/scsi.conf
-#etc/log.d/conf/services/secure.conf
-#etc/log.d/conf/services/slon.conf
-etc/log.d/conf/services/sshd.conf
-etc/log.d/conf/services/sshd2.conf
-etc/log.d/conf/services/syslogd.conf
-etc/log.d/conf/services/windows.conf
-etc/log.d/conf/services/xntpd.conf
-etc/log.d/conf/services/zz-disk_space.conf
-etc/log.d/conf/services/zz-network.conf
-etc/log.d/conf/services/zz-sys.conf
+etc/log.d/conf/services
 #etc/log.d/lib
 etc/log.d/lib/Logwatch.pm
 #etc/log.d/scripts
 etc/log.d/scripts/logwatch.pl
-#etc/log.d/scripts/services
-etc/log.d/scripts/services/dhcpd
-#etc/log.d/scripts/services/dnssec
-#etc/log.d/scripts/services/dovecot
-#etc/log.d/scripts/services/eximstats
-#etc/log.d/scripts/services/fail2ban
-etc/log.d/scripts/services/http
-etc/log.d/scripts/services/init
-etc/log.d/scripts/services/iptables
-etc/log.d/scripts/services/kernel
-etc/log.d/scripts/services/modprobe
-etc/log.d/scripts/services/openvpn
-etc/log.d/scripts/services/pam_unix
-etc/log.d/scripts/services/pluto
-#etc/log.d/scripts/services/qmail-pop3d
-#etc/log.d/scripts/services/qmail-pop3ds
-#etc/log.d/scripts/services/qmail-send
-#etc/log.d/scripts/services/qmail-smtpd
-etc/log.d/scripts/services/raid
-etc/log.d/scripts/services/resolver
-etc/log.d/scripts/services/scsi
-#etc/log.d/scripts/services/secure
-#etc/log.d/scripts/services/slon
-etc/log.d/scripts/services/sshd
-etc/log.d/scripts/services/sshd2
-etc/log.d/scripts/services/syslogd
-etc/log.d/scripts/services/windows
-etc/log.d/scripts/services/xntpd
-etc/log.d/scripts/services/zz-disk_space
-etc/log.d/scripts/services/zz-network
-etc/log.d/scripts/services/zz-sys
+etc/log.d/scripts/services
 #etc/log.d/scripts/shared
 etc/log.d/scripts/shared/applybinddate
 etc/log.d/scripts/shared/applyeurodate

config/rootfiles/common/moblock

@@ -0,0 +1 @@
+usr/bin/moblock

doc/packages-list.txt

@@ -19,6 +19,7 @@
 * MIME-tools-5.420
 * Mail-SpamAssassin-3.1.3
 * MailTools-1.74
+* MoBlock-0.8
 * Net-DNS-0.47
 * Net-IPv4Addr-0.10
 * Net-Server-0.93
@@ -109,6 +110,7 @@
 * ipp2p-0.8.2-iptables
 * iproute2-2.6.16-060323
 * iptables-1.3.5
+* iptables-1.3.5_old1
 * iptraf-3.0.0
 * iptstate-2.1
 * iputils-ss020927
@@ -143,6 +145,7 @@
 * linuxigd-0.95
 * logrotate-3.7.1
 * logwatch_7.3.1
+* logwatch_7.3.1_old1
 * lynx2.8.5
 * lzo-2.02
 * m4-1.4.4

lfs/iptables

@@ -39,15 +39,21 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
 ###############################################################################
 objects = 	$(DL_FILE) \
 			iptables-1.3.0-imq1.diff \
-			netfilter-layer7-v2.1.tar.gz
+			netfilter-layer7-v2.1.tar.gz \
+			libnfnetlink-0.0.25.tar.bz2 \
+			libnetfilter_queue-0.0.13.tar.bz2
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 iptables-1.3.0-imq1.diff 		= http://www.linuximq.net/patchs/iptables-1.3.0-imq1.diff
 netfilter-layer7-v2.1.tar.gz 	= http://mesh.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.1.tar.gz
+libnfnetlink-0.0.25.tar.bz2		= $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
+libnetfilter_queue-0.0.13.tar.bz2	= $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
 
 $(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
 iptables-1.3.0-imq1.diff_MD5 = 9adae8be9562775a176fc1b275b3cb29
 netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1
+libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
+libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
 
 install : $(TARGET)
 
@@ -77,17 +83,29 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	# iptables-fixed.tar.gz is made in the linux kernel build process
-	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz
-	@rm -rf $(DIR_DL)/netfilter-layer7-v2.1 && cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.1.tar.gz
+	@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.1 $(DIR_SRC)/libnetfilter_queue-0.0.13
+
+	@cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz
+	@cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.1.tar.gz
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/iptables-layer7-2.6.patch
 
 	cd $(DIR_APP) && patch -Np1 < $(DIR_DL)/iptables-1.3.0-imq1.diff
 	chmod +x $(DIR_APP)/extensions/.IMQ-test*  $(DIR_APP)/extensions/.layer7-test*
-	
+
 	# hack to disable IPv6 compilation as the configuration variable does not work when ip6.h is present
 	cd $(DIR_APP) && sed -i -e 's/DO_IPV6:=1/DO_IPV6:=0/' Makefile
-
 	cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib $(MAKETUNING)
 	cd $(DIR_APP) && make BINDIR=/sbin MANDIR=/usr/share/man LIBDIR=/lib install
-	@rm -rf $(DIR_APP)
+
+	cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnfnetlink-0.0.25.tar.bz2
+	cd $(DIR_SRC)/libnfnetlink-0.0.25 && ./configure --prefix=/usr
+	cd $(DIR_SRC)/libnfnetlink-0.0.25 && make
+	cd $(DIR_SRC)/libnfnetlink-0.0.25 && make install
+
+	cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_queue-0.0.13.tar.bz2
+	cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && ./configure --prefix=/usr
+	cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make
+	cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install
+
+	@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.1 $(DIR_SRC)/libnetfilter_queue-0.0.13
 	@$(POSTBUILD)

lfs/logwatch

@@ -86,16 +86,18 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Strip out some filters for services we don't run - no point wasting log keeping them
 	# cron filter don't support fcron
 	# final selection for remaining files is in rootfile
-	UNNEEDED="afpd amavis arpwatch audit automount autorpm cisco clamav clamav-milter \
-	    clam-update courier cron emerge exim extreme-networks ftpd-messages ftpd-xferlog \
-	    imapd identd in.qpopper ipop3d maillog mailscanner mountd named netopia netscreen \
-	    oidentd pam pam_pwdb pop3 portsentry postfix pound proftpd-messages pureftp \
-	    pureftpd qmail rt314 saslauthd samba sendmail sendmail-largeboxes shaperd smartd \
-	    sonicwall stunnel sudo tac_acc up2date vpopmail vsftpd xferlog yum zz-fortune" && \
+	UNNEEDED="afpd amavis arpwatch audit automount autorpm cisco \
+	    courier emerge exim extreme-networks ftpd-messages ftpd-xferlog \
+	    identd in.qpopper ipop3d mountd named netopia netscreen \
+	    oidentd pam_pwdb portsentry pound pureftp \
+	    pureftpd qmail rt314 sendmail-largeboxes shaperd smartd \
+	    sonicwall stunnel tac_acc up2date vpopmail vsftpd windows xferlog yum zz-fortune" && \
 	  for i in $$UNNEEDED ; do \
 	    rm -f /etc/log.d/{conf,scripts}/services/$$i{,.conf} /etc/log.d/conf/logfiles/$$i.conf; \
 	  done
 	rm -rf /etc/log.d/scripts/logfiles
+	cp -f $(DIR_SRC)/config/logwatch/dialup /etc/log.d/scripts/services/dialup
+	cp -f $(DIR_SRC)/config/logwatch/dialup.conf /etc/log.d/conf/services/dialup.conf
 
 	sed -i 's/df -h/df -h -x rootfs/' /etc/log.d/scripts/services/zz-disk_space
 	for i in `find /etc/log.d -type f`; do \

make.sh

@@ -33,7 +33,7 @@ KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'`
 MACHINE=`uname -m`
 SVN_REVISION=`svn info | grep Revision | cut -c 11-`
 
-IPFVER="full devel"				# Which version should be compiled? (full|light|voice|devel)
+IPFVER="full devel"				# Which versions should be compiled? (full|light|voice|devel)
 
 # Set an information about the build number
 if [ -e ./.svn ]; then
@@ -392,6 +392,7 @@ buildipfire() {
   ipfiremake iptables
   ipfiremake libupnp
   ipfiremake ipp2p			IPT=1
+  ipfiremake moblock
   ipfiremake linux-igd
   ipfiremake ipac-ng
   ipfiremake ipaddr
@@ -577,7 +578,13 @@ buildpackages() {
   # Create images for install
   for i in $IPFVER
   do
-	ipfiremake cdrom ED=$i
+	if [ $i == "devel" ]; then
+		if [ ! -f ipfire-$VER.i586-devel.iso ]; then
+			ipfiremake cdrom ED=$i
+		fi
+	else
+		ipfiremake cdrom ED=$i
+	fi
   done
   ipfiremake pxe
   cp -f $LFS/install/images/{*.iso,*.tgz} $BASEDIR >> $LOGFILE 2>&1