webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 00:42:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'switch-to-libloc' into next-switch-to-libloc

Browse Source
This commit is contained in:
Stefan Schantl
2020-05-25 19:55:54 +02:00
parent 91b23ce05b 4e033257ef
commit 8b58dbf32a
35 changed files with 522 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
config/cfgroot/geoip-functions.pl
View File

@@ -23,24 +23,73 @@
package GeoIP;
use Geo::IP::PurePerl;
use Location;
use Locale::Codes::Country;
my $geoip_database_dir = "/var/lib/GeoIP";
my $location_database = "GeoLite2-Country-Locations-en.csv";
# Hash which contains country codes and their names which are special or not
# part of ISO 3166-1.
my %not_iso_3166_location = (
"a1" => "Anonymous Proxy",
"a2" => "Satellite Provider",
"a3" => "Worldwide Anycast Instance",
"an" => "Netherlands Antilles",
"ap" => "Asia/Pacific Region",
"eu" => "Europe",
"fx" => "France, Metropolitan",
"o1" => "Other Country",
"yu" => "Yugoslavia"
);
my $database;
# Directory where the libloc database and keyfile lives.
our $location_dir = "/var/lib/location/";
sub lookup($) {
my $address = shift;
# Libloc database file.
our $database = "$location_dir/database.db";
# Load the database into memory if not already done
if (!$database) {
$database = Geo::IP::PurePerl->new(GEOIP_MEMORY_CACHE);
# Libloc keyfile to verify the database.
our $keyfile = "$location_dir/signing-key.pem";
# Directory which contains the exported databases.
our $xt_geoip_db_directory = "/usr/share/xt_geoip/";
#
## Tiny function to init the location database.
#
sub init () {
# Init and open the database.
my $db = &Location::init($database);
# Return the database handle.
return $db;
}
#
## Function to verify the integrity of the location database.
#
sub verify ($) {
my ($db_handle) = @_;
# Verify the integrity of the database.
if(&Location::verify($db_handle, $keyfile)) {
# Success, return "1".
return 1;
}
# If we got here, return nothing.
return;
}
#
## Function to the the country code of a given address.
#
sub lookup_country_code($$) {
my ($db_handle, $address) = @_;
# Lookup the given address.
my $country_code = &Location::lookup_country_code($db_handle, $address);
# Return the name of the country
return $database->country_code_by_name($address);
return $country_code;
}
# Function to get the flag icon for a specified country code.
@@ -102,17 +151,15 @@ sub get_full_country_name($) {
# Remove whitespaces.
chomp($input);
# Convert input into lower case format.
my $code = lc($input);
# Handle country codes which are not in the list.
if ($code eq "a1") { $name = "Anonymous Proxy" }
elsif ($code eq "a2") { $name = "Satellite Provider" }
elsif ($code eq "o1") { $name = "Other Country" }
elsif ($code eq "ap") { $name = "Asia/Pacific Region" }
elsif ($code eq "eu") { $name = "Europe" }
elsif ($code eq "yu") { $name = "Yugoslavia" }
else {
if ($not_iso_3166_location{$code}) {
# Grab location name from hash.
$name = $not_iso_3166_location{$code};
} else {
# Use perl built-in module to get the country code.
$name = &Locale::Codes::Country::code2country($code);
}
@@ -124,27 +171,14 @@ sub get_full_country_name($) {
sub get_geoip_locations() {
my @locations = ();
# Open the location database.
open(LOCATION, "$geoip_database_dir/$location_database") or return @locations;
# Get listed country codes from ISO 3166-1.
@locations = &Locale::Codes::Country::all_country_codes();
# Loop through the file.
while(my $line = <LOCATION>) {
# Remove newlines.
chomp($line);
# Split the line content.
my ($geoname_id, $locale_code, $continent_code, $continent_name, $country_iso_code, $country_name, $is_in_european_union) = split(/\,/, $line);
# Check if the country_iso_code is upper case.
if($country_iso_code =~ /[A-Z]/) {
# Add the current ISO code.
push(@locations, $country_iso_code);
}
# Add locations from not_iso_3166_locations.
foreach my $location (keys %not_iso_3166_location) {
push(@locations, $location);
}
# Close filehandle.
close(LOCATION);
# Sort locations array in alphabetical order.
my @sorted_locations = sort(@locations);
@@ -152,5 +186,63 @@ sub get_geoip_locations() {
return @sorted_locations;
}
# Function to get the continent code of a given country code.
sub get_continent_code($$) {
my ($db_handle, $ccode) = @_;
# Omit the continent code.
my $continent_code = &Location::get_continent_code($db_handle, $ccode);
return $continent_code;
}
# Function to flush all exported GeoIP locations.
sub flush_exported_locations () {
# Check if the xt_geoip_db_directory exists.
if (-e $xt_geoip_db_directory) {
# Perform a direcory listing.
opendir (DIR, $xt_geoip_db_directory) or die "Could not open $xt_geoip_db_directory. $!\n";
# Loop through the files.
while (my $file = readdir(DIR)) {
# Check if the element is a file.
if (-f "$xt_geoip_db_directory/$file") {
# Delete it.
unlink("$xt_geoip_db_directory/$file");
}
}
}
}
# Function which calls location-exporter to export a given array
# of locations.
sub export_locations (\@) {
my @locations = @{ shift() };
# String to store the given locations and pass it to the exporter tool.
my $locations_string;
# Only export IPv4 addresses.
my $family = "--family=ipv4";
# Specify xt_geoip as output format.
my $format = "--format=xt_geoip";
# Location export command.
my @command = ("/usr/bin/location-exporter", "--directory=$xt_geoip_db_directory", "$format", "$family");
# Check if the export directory exists, otherwise create it.
unless (-d $xt_geoip_db_directory) { mkdir $xt_geoip_db_directory };
# Loop through the array of locations which needs to be exported.
foreach my $location (@locations) {
# Add location to the command array.
push(@command, $location);
}
# Execute location-exporter to export the requested country codes.
system(@command) == 0
or die "@command failed: $?";
}
1;

2
config/cron/crontab
View File

@@ -60,7 +60,7 @@ HOME=/
00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
# Update GeoIP database once a month.
%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
%hourly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-location-database >/dev/null 2>&1
# Retry sending spooled mails regularly
%hourly * /usr/sbin/dma -q

177
config/firewall/rules.pl
View File

@@ -24,6 +24,7 @@ use experimental 'smartmatch';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/geoip-functions.pl";
require "/usr/lib/firewall/firewall-lib.pl";
# Set to one to enable debugging mode.
@@ -55,6 +56,10 @@ my %customgrp=();
my %configinputfw=();
my %configoutgoingfw=();
my %confignatfw=();
my %geoipsettings = (
"GEOIPBLOCK_ENABLED" => "off"
);
my @p2ps=();
my $configfwdfw = "${General::swroot}/firewall/config";
@@ -73,6 +78,15 @@ my $netsettings = "${General::swroot}/ethernet/settings";
&General::readhasharray($configoutgoing, \%configoutgoingfw);
&General::readhasharray($configgrp, \%customgrp);
# Check if the geoip settings file exists
if (-e "$geoipfile") {
# Read settings file
&General::readhash("$geoipfile", \%geoipsettings);
}
# Get all GeoIP locations.
my @locations = &fwlib::get_geoip_locations();
my @log_limit_options = &make_log_limit_options();
my $POLICY_INPUT_ALLOWED = 0;
@@ -87,9 +101,21 @@ my $POLICY_OUTPUT_ACTION = $fwoptions{"FWPOLICY1"};
&main();
sub main {
# Gather locations which should be exported.
my @locations_to_export = &gather_locations_to_export();
# Flush all chains.
&flush();
# Flush exported locations.
&GeoIP::flush_exported_locations();
# Check if there are any locations to export.
if (@locations_to_export) {
# Export required locations.
&GeoIP::export_locations(\@locations_to_export);
}
# Prepare firewall rules.
if (! -z "${General::swroot}/firewall/input"){
&buildrules(\%configinputfw);
@@ -598,27 +624,15 @@ sub p2pblock {
}
sub geoipblock {
my %geoipsettings = ();
$geoipsettings{'GEOIPBLOCK_ENABLED'} = "off";
# Flush iptables chain.
run("$IPTABLES -F GEOIPBLOCK");
# Check if the geoip settings file exists
if (-e "$geoipfile") {
# Read settings file
&General::readhash("$geoipfile", \%geoipsettings);
}
# If geoip blocking is not enabled, we are finished here.
if ($geoipsettings{'GEOIPBLOCK_ENABLED'} ne "on") {
# Exit submodule. Process remaining script.
return;
}
# Get supported locations.
my @locations = &fwlib::get_geoip_locations();
# Loop through all supported geoip locations and
# create iptables rules, if blocking this country
# is enabled.
@@ -841,3 +855,142 @@ sub firewall_is_in_subnet {
return 0;
}
#
# Function to gather which locations needs to be exported.
#
sub gather_locations_to_export () {
my %geoipblock_exports = ();
# Array to store the final list of locations.
my @export_locations;
# Array to temporary store all used GeoIP groups.
my @used_GeoIP_groups;
# Check if GeoIP-block is enabled.
if($geoipsettings{"GEOIPBLOCK_ENABLED"} eq "on") {
# Loop through the array of supported locations.
foreach my $location (@locations) {
if ($geoipsettings{$location} eq "on") {
$geoipblock_exports{$location} = "1";
}
}
}
# Get the firewall locations of the input, forward and output
# firewall settings hashhes.
my %input_exports = &_grab_geoip_locations_from_fw_settings_hash(\%configinputfw);
my %forward_exports = &_grab_geoip_locations_from_fw_settings_hash(\%configfwdfw);
my %output_exports = &_grab_geoip_locations_from_fw_settings_hash(\%configoutgoingfw);
# Merge the hashes.
#
# If a location is part of multiple hashes, it results in only one entry in the final hash.
my %export_locations = ( %geoipblock_exports, %input_exports, %forward_exports, %output_exports );
# Loop through the hash of exported locations.
foreach my $location (keys %export_locations) {
# Convert location into upper-case format.
my $location_uc = uc($location);
# Add the location to the array.
push(@export_locations, $location_uc);
}
# Return the array.
return @export_locations;
}
#
# Function to gather the GeoIP locations from a given hash
# containing the firewall settings.
#
sub _grab_geoip_locations_from_fw_settings_hash (\%) {
my $hash = shift;
my %exports;
# Loop through the given firewall config hash.
foreach my $rule ( keys %$hash ) {
# Skip if the rule is disabled.
next unless($$hash{$rule}[2] eq "ON");
# Process rules with GeoIP as source.
if($$hash{$rule}[3] eq "cust_geoip_src") {
my $source = $$hash{$rule}[4];
# Check if the source is a group.
if($source =~ m/group/) {
my($group, $groupname) = split(":", $source);
# Get locations which are part of the group.
my @group_locations = &_grab_geoip_locations_from_group($groupname);
# Loop through the array.
foreach my $location (@group_locations) {
# Add location to the exports hash.
$exports{$location} = "1";
}
} else {
# Add location to the exports hash.
$exports{$source} = "1";
}
# Jump the next rule.
next;
}
# Process rules with GeoIP as target.
if($$hash{$rule}[5] eq "cust_geoip_tgt") {
my $destination = $$hash{$rule}[6];
# Check if the destination is a group.
if($destination =~ m/group/) {
my($group, $groupname) = split(":", $destination);
# Get locations which are part of the group.
my @group_locations = &_grab_geoip_locations_from_group($groupname);
# Loop through the array.
foreach my $location (@group_locations) {
# Add location to the exports hash.
$exports{$location} = "1";
}
} else {
# Add location to the exports hash.
$exports{$destination} = "1";
}
# Jump to next rule.
next;
}
}
# Return the array.
return %exports;
}
#
# Function to gather the GeoIP locations from a given group name.
#
sub _grab_geoip_locations_from_group($) {
my ($groupname) = @_;
my %geoipgroups = ();
my @group_locations;
# Get all configured GeoIP related groups.
&General::readhasharray("${General::swroot}/fwhosts/customgeoipgrp", \%geoipgroups);
# Loop through the hash of GeoIP groups.
foreach my $key (keys %geoipgroups) {
# Seach for members of the given group.
if($geoipgroups{$key}[0] eq "$groupname") {
# Add the location to the group_locations array.
push(@group_locations, $geoipgroups{$key}[2]);
}
}
# Return the array.
return @group_locations;
}

12
config/rootfiles/common/GeoIP
View File

@@ -1,12 +0,0 @@
#usr/bin/geoip-lookup
#usr/lib/perl5/site_perl/5.30.0/Geo
#usr/lib/perl5/site_perl/5.30.0/Geo/IP
usr/lib/perl5/site_perl/5.30.0/Geo/IP/PurePerl.pm
#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Geo
#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Geo/IP
#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Geo/IP/PurePerl
#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Geo/IP/PurePerl/.packlist
#usr/share/GeoIP
usr/share/GeoIP/GeoIP.dat
#usr/share/man/man1/geoip-lookup.1
#usr/share/man/man3/Geo::IP::PurePerl.3

96
config/rootfiles/common/Locale-Country
View File

@@ -1,61 +1,59 @@
#usr/lib/perl5/5.30.0/Locale/Codes
usr/lib/perl5/5.30.0/Locale/Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes.pod
usr/lib/perl5/5.30.0/Locale/Codes/API.pod
usr/lib/perl5/5.30.0/Locale/Codes/Changes.pod
usr/lib/perl5/5.30.0/Locale/Codes/Constants.pm
usr/lib/perl5/5.30.0/Locale/Codes/Constants.pod
usr/lib/perl5/5.30.0/Locale/Codes/Country.pm
usr/lib/perl5/5.30.0/Locale/Codes/Country.pod
usr/lib/perl5/5.30.0/Locale/Codes/Country_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/Country_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/Currency.pm
usr/lib/perl5/5.30.0/Locale/Codes/Currency.pod
usr/lib/perl5/5.30.0/Locale/Codes/Currency_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/Currency_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangExt.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangExt.pod
usr/lib/perl5/5.30.0/Locale/Codes/LangExt_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangExt_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangFam.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangFam.pod
usr/lib/perl5/5.30.0/Locale/Codes/LangFam_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangFam_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangVar.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangVar.pod
usr/lib/perl5/5.30.0/Locale/Codes/LangVar_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/LangVar_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/Language.pm
usr/lib/perl5/5.30.0/Locale/Codes/Language.pod
usr/lib/perl5/5.30.0/Locale/Codes/Language_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/Language_Retired.pm
usr/lib/perl5/5.30.0/Locale/Codes/Script.pm
usr/lib/perl5/5.30.0/Locale/Codes/Script.pod
usr/lib/perl5/5.30.0/Locale/Codes/Script_Codes.pm
usr/lib/perl5/5.30.0/Locale/Codes/Script_Retired.pm
usr/lib/perl5/5.30.0/Locale/Country.pm
#usr/lib/perl5/5.30.0/Locale/Country.pod
usr/lib/perl5/5.30.0/Locale/Currency.pm
#usr/lib/perl5/5.30.0/Locale/Currency.pod
usr/lib/perl5/5.30.0/Locale/Language.pm
#usr/lib/perl5/5.30.0/Locale/Language.pod
usr/lib/perl5/5.30.0/Locale/Script.pm
#usr/lib/perl5/5.30.0/Locale/Script.pod
#usr/lib/perl5/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Locale
#usr/lib/perl5/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Locale/Codes
#usr/lib/perl5/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Locale/Codes/.packlist
#usr/lib/perl5/site_perl/5.30.0/Locale
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes
usr/lib/perl5/site_perl/5.30.0/Locale/Codes.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes.pod
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Changes.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Constants.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Country.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Country.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Country_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Country_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Currency.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Currency.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Currency_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Currency_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangExt.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangExt.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangExt_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangExt_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangFam.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangFam.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangFam_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangFam_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangVar.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangVar.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangVar_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/LangVar_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Language.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Language.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Language_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Language_Retired.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Script.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Script.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Script_Codes.pm
usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Script_Retired.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Codes/Types.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Country.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Country.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Currency.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Currency.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Language.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Language.pod
usr/lib/perl5/site_perl/5.30.0/Locale/Script.pm
#usr/lib/perl5/site_perl/5.30.0/Locale/Script.pod
#usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Locale
#usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Locale/Codes
#usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Locale/Codes/.packlist
#usr/share/man/man3/Locale::Codes.3
#usr/share/man/man3/Locale::Codes::API.3
#usr/share/man/man3/Locale::Codes::Changes.3
#usr/share/man/man3/Locale::Codes::Constants.3
#usr/share/man/man3/Locale::Codes::Country.3
#usr/share/man/man3/Locale::Codes::Currency.3
#usr/share/man/man3/Locale::Codes::LangExt.3
#usr/share/man/man3/Locale::Codes::LangFam.3
#usr/share/man/man3/Locale::Codes::LangFam_Retired.3
#usr/share/man/man3/Locale::Codes::LangVar.3
#usr/share/man/man3/Locale::Codes::Language.3
#usr/share/man/man3/Locale::Codes::Script.3
#usr/share/man/man3/Locale::Codes::Types.3
#usr/share/man/man3/Locale::Country.3
#usr/share/man/man3/Locale::Currency.3
#usr/share/man/man3/Locale::Language.3

2
config/rootfiles/common/aarch64/initscripts
View File

@@ -65,7 +65,7 @@ etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-beep
etc/rc.d/init.d/networking/red.up/99-fireinfo
etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-location-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
etc/rc.d/init.d/ntp

3
config/rootfiles/common/aarch64/stage2
View File

@@ -107,8 +107,7 @@ usr/local/bin/settime
usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_update
usr/local/bin/update-location-database
#usr/local/include
#usr/local/lib
#usr/local/lib/sse2

2
config/rootfiles/common/armv5tel/initscripts
View File

@@ -65,7 +65,7 @@ etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-beep
etc/rc.d/init.d/networking/red.up/99-fireinfo
etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-location-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
etc/rc.d/init.d/ntp

16
config/rootfiles/common/geoip-generator
View File

@@ -1,16 +0,0 @@
#usr/bin/geoiplookup
#usr/bin/geoiplookup6
#usr/include/GeoIP.h
#usr/include/GeoIPCity.h
#usr/lib/libGeoIP.a
#usr/lib/libGeoIP.la
usr/lib/libGeoIP.so
usr/lib/libGeoIP.so.1
usr/lib/libGeoIP.so.1.6.12
#usr/lib/pkgconfig/geoip.pc
#usr/share/GeoIP/bin
usr/share/GeoIP/bin/countryInfo.txt
usr/share/GeoIP/bin/geoip-generator
usr/share/GeoIP/bin/geolite2-to-legacy-csv.sh
#usr/share/man/man1/geoiplookup.1
#usr/share/man/man1/geoiplookup6.1

2
config/rootfiles/common/i586/initscripts
View File

@@ -65,7 +65,7 @@ etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-beep
etc/rc.d/init.d/networking/red.up/99-fireinfo
etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-location-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
etc/rc.d/init.d/ntp

31
config/rootfiles/common/libloc Normal file
View File

@@ -0,0 +1,31 @@
usr/bin/location-downloader
usr/bin/location-exporter
usr/bin/location-query
#usr/include/libloc
#usr/include/libloc/as.h
#usr/include/libloc/compat.h
#usr/include/libloc/country.h
#usr/include/libloc/database.h
#usr/include/libloc/format.h
#usr/include/libloc/libloc.h
#usr/include/libloc/network.h
#usr/include/libloc/private.h
#usr/include/libloc/resolv.h
#usr/include/libloc/stringpool.h
#usr/include/libloc/writer.h
#usr/lib/libloc.la
#usr/lib/libloc.so
usr/lib/libloc.so.0
usr/lib/libloc.so.0.0.0
usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/Location.pm
#usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Location
#usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Location/.packlist
usr/lib/perl5/site_perl/5.30.0/MACHINE-linux-thread-multi/auto/Location/Location.so
#usr/lib/pkgconfig/libloc.pc
#usr/lib/python3.6/site-packages/location.la
usr/lib/python3.6/site-packages/location.so
#usr/share/locale/de/LC_MESSAGES/libloc.mo
#usr/share/man/man3/Location.3
var/lib/location
var/lib/location/signing-key.pem

3
config/rootfiles/common/stage2
View File

@@ -107,8 +107,7 @@ usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-lang-cache
usr/local/bin/update-ids-ruleset
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
usr/local/bin/update-location-database
#usr/local/include
#usr/local/lib
#usr/local/lib/sse2

2
config/rootfiles/common/x86_64/initscripts
View File

@@ -65,7 +65,7 @@ etc/rc.d/init.d/networking/red.up/50-ovpn
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/networking/red.up/99-beep
etc/rc.d/init.d/networking/red.up/99-fireinfo
etc/rc.d/init.d/networking/red.up/99-geoip-database
etc/rc.d/init.d/networking/red.up/99-location-database
etc/rc.d/init.d/networking/red.up/99-pakfire-update
etc/rc.d/init.d/networking/wpa_supplicant.exe
etc/rc.d/init.d/ntp

3
config/rootfiles/common/x86_64/stage2
View File

@@ -109,8 +109,7 @@ usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
usr/local/bin/update-location-database
#usr/local/include
#usr/local/lib
#usr/local/lib/sse2

5
config/rootfiles/common/xtables-addons
View File

@@ -23,9 +23,8 @@ lib/xtables/libxt_quota2.so
usr/lib/libxt_ACCOUNT_cl.so.0
usr/lib/libxt_ACCOUNT_cl.so.0.0.0
#usr/libexec/xtables-addons
usr/libexec/xtables-addons/xt_geoip_build
usr/libexec/xtables-addons/xt_geoip_dl
usr/local/bin/xt_geoip_build
#usr/libexec/xtables-addons/xt_geoip_build
#usr/libexec/xtables-addons/xt_geoip_dl
usr/sbin/iptaccount
#usr/share/man/man1/xt_geoip_build.1
#usr/share/man/man1/xt_geoip_dl.1

7
html/cgi-bin/connections.cgi
View File

@@ -86,6 +86,9 @@ if ( $debug ){
my @dummy = ( ${Header::table1colour} );
undef (@dummy);
# Init libloc database connection.
my $libloc_db_handle = &GeoIP::init();
# check sorting arguments
if ( $cgiin{'sort_field'} ~~ [ '1','2','3','4','5','6','7','8','9' ] ) {
$SORT_FIELD = $cgiin{'sort_field'};
@@ -551,9 +554,9 @@ foreach my $line (@conntrack) {
my $bytes_out = format_bytes($bytes[1]);
# enumerate GeoIP information
my $srcccode = &GeoIP::lookup($sip_ret);
my $srcccode = &GeoIP::lookup_country_code($libloc_db_handle, $sip_ret);
my $src_flag_icon = &GeoIP::get_flag_icon($srcccode);
my $dstccode = &GeoIP::lookup($dip_ret);
my $dstccode = &GeoIP::lookup_country_code($libloc_db_handle, $dip_ret);
my $dst_flag_icon = &GeoIP::get_flag_icon($dstccode);
# Format TTL

45
html/cgi-bin/ipinfo.cgi
View File

@@ -41,33 +41,54 @@ my %cgiparams=();
my @lines=();
my $extraquery='';
# Hash which contains the whois servers from
# the responisible RIR of the continent.
my %whois_servers_by_continent = (
"AF" => "whois.afrinic.net",
"AS" => "whois.apnic.net",
"EU" => "whois.ripe.net",
"NA" => "whois.arin.net",
"SA" => "whois.lacnic.net"
);
# Default whois server if no continent could be determined.
my $whois_server = "whois.arin.net";
my $addr = CGI::param("ip") || "";
if (&General::validip($addr)) {
$extraquery='';
@lines=();
my $whoisname = "whois.arin.net";
my $iaddr = inet_aton($addr);
my $hostname = gethostbyaddr($iaddr, AF_INET);
if (!$hostname) { $hostname = $Lang::tr{'lookup failed'}; }
# enumerate GeoIP information for IP address...
my $ccode = &GeoIP::lookup($addr);
my $db_handle = &GeoIP::init();
my $ccode = &GeoIP::lookup_country_code($db_handle, $addr);
# Try to get the continent of the country code.
my $continent = &GeoIP::get_continent_code($db_handle, $ccode);
# Check if a whois server for the continent is known.
if($whois_servers_by_continent{$continent}) {
# Use it.
$whois_server = $whois_servers_by_continent{$continent};
}
my $flag_icon = &GeoIP::get_flag_icon($ccode);
my $sock = new IO::Socket::INET ( PeerAddr => $whoisname, PeerPort => 43, Proto => 'tcp');
my $sock = new IO::Socket::INET ( PeerAddr => $whois_server, PeerPort => 43, Proto => 'tcp');
if ($sock)
{
print $sock "n $addr\n";
print $sock "$addr\n";
while (<$sock>) {
$extraquery = $1 if (/ReferralServer: whois:\/\/(\S+)\s+/);
$extraquery = $1 if (/ReferralServer: whois:\/\/(\S+)\s+/);
push(@lines,$_);
}
close($sock);
if ($extraquery) {
undef (@lines);
$whoisname = $extraquery;
my $sock = new IO::Socket::INET ( PeerAddr => $whoisname, PeerPort => 43, Proto => 'tcp');
$whois_server = $extraquery;
my $sock = new IO::Socket::INET ( PeerAddr => $whois_server, PeerPort => 43, Proto => 'tcp');
if ($sock)
{
print $sock "$addr\n";
@@ -77,16 +98,16 @@ if (&General::validip($addr)) {
}
else
{
@lines = ( "$Lang::tr{'unable to contact'} $whoisname" );
@lines = ( "$Lang::tr{'unable to contact'} $whois_server" );
}
}
}
else
{
@lines = ( "$Lang::tr{'unable to contact'} $whoisname" );
@lines = ( "$Lang::tr{'unable to contact'} $whois_server" );
}
&Header::openbox('100%', 'left', $addr . " <a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a> (" . $hostname . ') : '.$whoisname);
&Header::openbox('100%', 'left', $addr . " <a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a> (" . $hostname . ') : '.$whois_server);
print "<pre>\n";
foreach my $line (@lines) {
print &Header::cleanhtml($line,"y");

5
html/cgi-bin/logs.cgi/firewalllog.dat
View File

@@ -24,6 +24,9 @@ require "${General::swroot}/geoip-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -351,7 +354,7 @@ foreach $_ (@log)
$srcport=$1 if $packet =~ /SPT=(\d+)/;
$dstport=$1 if $packet =~ /DPT=(\d+)/;
my $ccode = &GeoIP::lookup($srcaddr);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, $srcaddr);
my $servi = uc(getservbyport($srcport, lc($proto)));
if ($servi ne '' && $srcport < 1024) {

5
html/cgi-bin/logs.cgi/firewalllogcountry.dat
View File

@@ -22,6 +22,9 @@ require "${General::swroot}/geoip-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
use POSIX();
my %cgiparams=();
@@ -308,7 +311,7 @@ foreach $_ (@log)
# Traffic from red
if($srcaddr ne '') {
# srcaddr is set
my $ccode = &GeoIP::lookup($srcaddr);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, $srcaddr);
if ($ccode eq '') {
$ccode = 'unknown';
}

5
html/cgi-bin/logs.cgi/firewalllogip.dat
View File

@@ -22,6 +22,9 @@ require "${General::swroot}/geoip-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
use POSIX();
my %cgiparams=();
@@ -435,7 +438,7 @@ for($s=0;$s<$lines;$s++)
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "<tr>";
my $ccode = &GeoIP::lookup($key[$s]);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, $key[$s]);
$color++;
print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>";

7
html/cgi-bin/logs.cgi/showrequestfromcountry.dat
View File

@@ -19,6 +19,9 @@ require "${General::swroot}/geoip-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
use POSIX();
#workaround to suppress a warning when a variable is used only once
@@ -178,7 +181,7 @@ if (!$skip)
}
elsif($srcaddr ne '') {
# or srcaddr matches country code
my $ccode = &GeoIP::lookup($srcaddr);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, $srcaddr);
if($ccode eq uc($country)){
$log[$lines] = $_;
$lines++;
@@ -349,7 +352,7 @@ foreach $_ (@slice)
if($iface eq $country || $srcaddr ne '') {
my $ccode='';
if($iface ne $country) {
$ccode = &GeoIP::lookup($srcaddr);
$ccode = &GeoIP::lookup_country_code($libloc_db_handle, $srcaddr);
}
if($iface eq $country || $ccode eq uc($country)) {
my $chain = '';

3
html/cgi-bin/netexternal.cgi
View File

@@ -34,6 +34,9 @@ require "${General::swroot}/header.pl";
require "${General::swroot}/geoip-functions.pl";
require "${General::swroot}/graphs.pl";
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
my %color = ();
my %mainsettings = ();
my %netsettings=();

5
html/cgi-bin/ovpnmain.cgi
View File

@@ -2994,6 +2994,9 @@ END
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
#
# <td><b>$Lang::tr{'protocol'}</b></td>
# protocol temp removed
@@ -3044,7 +3047,7 @@ END
$users[$uid]{'Proto'} = $proto;
# get country code for "RealAddress"...
my $ccode = &GeoIP::lookup((split ':', $users[$uid]{'RealAddress'})[0]);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, (split ':', $users[$uid]{'RealAddress'})[0]);
my $flag_icon = &GeoIP::get_flag_icon($ccode);
$users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
$uid++;

5
html/cgi-bin/remote.cgi
View File

@@ -278,6 +278,9 @@ sub printactivelogins()
} else {
# list active logins...
# Libloc database handle.
my $libloc_db_handle = &GeoIP::init();
foreach my $line (@output)
{
my @arry = split(/\ +/, $line);
@@ -288,7 +291,7 @@ sub printactivelogins()
$remoteip =~ s/[()]//g;
# display more information about that IP adress...
my $ccode = &GeoIP::lookup($remoteip);
my $ccode = &GeoIP::lookup_country_code($libloc_db_handle, $remoteip);
my $flag_icon = &GeoIP::get_flag_icon($ccode);
# get rDNS...

4
lfs/Locale-Country
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.33
VER = 3.62
THISAPP = Locale-Codes-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = bc7496f97889de8504e80addaa0ee40c
$(DL_FILE)_MD5 = d4ee6fb8b5483c54abde1aa2b94e555a
install : $(TARGET)

89
lfs/geoip-generator
View File

@@ -1,89 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.6.12
DVER = 1.6.12-3
THISAPP = geoip-api-c-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) geoip_$(DVER).debian.tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
geoip_$(DVER).debian.tar.xz = $(DL_FROM)/geoip_$(DVER).debian.tar.xz
$(DL_FILE)_MD5 = 727e5d6df9e9fc039dbc3a323cc56d2e
geoip_$(DVER).debian.tar.xz_MD5 = 64fb561362dc456b45b799da20d47dd4
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./bootstrap
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && tar axf $(DIR_DL)/geoip_$(DVER).debian.tar.xz
cd $(DIR_APP) && sed -i "s/use diagnostics;//g" debian/src/geolite2-to-legacy-csv.sh
cd $(DIR_APP) && g++ -std=gnu++11 -g debian/src/geoip-csv-to-dat.cpp \
-o geoip-generator -lGeoIP
-mkdir -p /usr/share/GeoIP/bin
cd $(DIR_APP) && install -m 755 geoip-generator /usr/share/GeoIP/bin
cd $(DIR_APP) && install -m 755 debian/src/geolite2-to-legacy-csv.sh /usr/share/GeoIP/bin
cd $(DIR_APP) && install -m 644 debian/src/countryInfo.txt /usr/share/GeoIP/bin
@rm -rf $(DIR_APP)
@$(POSTBUILD)

36
lfs/GeoIP → lfs/libloc
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,27 +24,24 @@
include Config
VER = 1.25
DATVER = 30062018
VER = 0.9.0
GIT_REV = cd022c
THISAPP = Geo-IP-PurePerl-$(VER)
DL_FILE = $(THISAPP).tar.gz
THISAPP = libloc-$(VER)-$(GIT_REV)
DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
DIR_APP = $(DIR_SRC)/libloc-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) GeoIP.dat-$(DATVER).gz
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
$(DL_FILE)_MD5 = a47a1b71f7cd7c46cca9efcc448e0726
GeoIP.dat-$(DATVER).gz_MD5 = d538e57ad9268fdc7955c6cf9a37c4a9
$(DL_FILE)_MD5 = a40fcbdd5585f720ca801166befeef85
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
@@ -53,6 +50,9 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
@@ -72,13 +72,13 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/geoip_1_25_change_database_path.patch
cd $(DIR_APP) && perl Makefile.PL
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xvf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--disable-manpages
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && mkdir -p /usr/share/GeoIP && \
zcat $(DIR_DL)/GeoIP.dat-$(DATVER).gz > /usr/share/GeoIP/GeoIP.dat
cd $(DIR_APP) && chmod 777 /srv/web/ipfire/html/images/flags
@rm -rf $(DIR_APP)
@$(POSTBUILD)

10
lfs/xtables-addons
View File

@@ -27,7 +27,7 @@ include Config
VERSUFIX = ipfire$(KCFG)
MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
VER = 3.2
VER = 3.7
THISAPP = xtables-addons-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 80ea89ba8d5a001a8d71c7f05b2f0141
$(DL_FILE)_MD5 = d81776d6320ebd741042bf8eb7e13d1d
install : $(TARGET)
@@ -82,8 +82,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/xtables-addons-3.2-fix-database-generation.patch
# Only build the specified modules.
cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
$(DIR_APP)/mconfig
@@ -96,10 +94,6 @@ ifeq "$(USPACE)" "1"
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Install xt_geoip_build.
cd $(DIR_APP) && install -m 755 geoip/xt_geoip_build \
/usr/local/bin/
else
cd $(DIR_APP) && ./configure \
--with-kbuild=/lib/modules/$$(uname -r)$(KCFG)/build

5
make.sh
View File

@@ -1355,8 +1355,6 @@ buildipfire() {
lfsmake2 python-daemon
lfsmake2 python-ipaddress
lfsmake2 glib
lfsmake2 GeoIP
lfsmake2 geoip-database
lfsmake2 ntp
lfsmake2 openssh
lfsmake2 fontconfig
@@ -1643,10 +1641,10 @@ buildipfire() {
lfsmake2 flashrom
lfsmake2 firmware-update
lfsmake2 tshark
lfsmake2 geoip-generator
lfsmake2 speedtest-cli
lfsmake2 rfkill
lfsmake2 amazon-ssm-agent
lfsmake2 libloc
}
buildinstaller() {
@@ -2002,3 +2000,4 @@ find-dependencies)
cat doc/make.sh-usage
;;
esac

20
src/initscripts/networking/red.up/99-geoip-database
View File

@@ -1,20 +0,0 @@
#!/bin/bash
# Get the GeoIP database if no one exists yet
database_exists() {
local file
for file in /usr/share/xt_geoip/*.iv4; do
[ -e "${file}" ] && return 0
done
# Does not exist
return 1
}
# Download ruleset if none has been found.
if ! database_exists; then
/usr/local/bin/xt_geoip_update >/dev/null 2>&1 &
fi
exit 0

6
src/initscripts/networking/red.up/99-location-database Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
# Download / Check for updates of the location database.
/usr/local/bin/update-location-database
exit 0

139
src/patches/geoip_1_25_change_database_path.patch
View File

@@ -1,139 +0,0 @@
--- lib/Geo/IP/PurePerl.pm Tue Mar 30 15:41:34 2010
+++ lib/Geo/IP/PurePerl.pm Mon Jan 09 18:58:11 2017
@@ -129,7 +129,7 @@
# --- unfortunately we do not know the path so we assume the
-# default path /usr/local/share/GeoIP
+# default path /usr/share/GeoIP
# if thats not true, you can set $Geo::IP::PurePerl::OPEN_TYPE_PATH
#
sub open_type {
@@ -210,7 +210,7 @@
# this will be less messy once deprecated new( $path, [$flags] )
# is no longer supported (that's what open() is for)
- my $def_db_file = '/usr/local/share/GeoIP/GeoIP.dat';
+ my $def_db_file = '/usr/share/GeoIP/GeoIP.dat';
if ($^O eq 'NetWare') {
$def_db_file = 'sys:/etc/GeoIP/GeoIP.dat';
} elsif ($^O eq 'MSWin32') {
@@ -758,7 +758,7 @@
=item $gi = Geo::IP->new( [$flags] );
Constructs a new Geo::IP object with the default database located inside your system's
-I<datadir>, typically I</usr/local/share/GeoIP/GeoIP.dat>.
+I<datadir>, typically I</usr/share/GeoIP/GeoIP.dat>.
Flags can be set to either GEOIP_STANDARD, or for faster performance
(at a cost of using more memory), GEOIP_MEMORY_CACHE.
--- t/1_lookup.t Tue Mar 30 15:13:37 2010
+++ t/1_lookup.t Mon Jan 09 18:58:13 2017
@@ -2,7 +2,7 @@
use vars qw($dat);
BEGIN {
- foreach my $file ("GeoIP.dat",'/usr/local/share/GeoIP/GeoIP.dat') {
+ foreach my $file ("GeoIP.dat",'/usr/share/GeoIP/GeoIP.dat') {
if (-f $file) {
$dat = $file;
last;
--- t/2_namelookup.t Tue Mar 30 15:21:37 2010
+++ t/2_namelookup.t Mon Jan 09 18:58:21 2017
@@ -2,7 +2,7 @@
use vars qw($dat);
BEGIN {
- foreach my $file ("GeoIP.dat",'/usr/local/share/GeoIP/GeoIP.dat') {
+ foreach my $file ("GeoIP.dat",'/usr/share/GeoIP/GeoIP.dat') {
if (-f $file) {
$dat = $file;
last;
--- Changes Tue Mar 30 15:26:38 2010
+++ Changes Mon Jan 09 18:57:37 2017
@@ -35,7 +35,7 @@
Country, City and Org requests benefit from GEOIP_MEMORY_CACHE and GEOIP_MMAP_CACHE
Add GEOIP_MMAP_CACHE support ( Peter Shipley )
Now works with new format of GeoIP ISP
- Corrected path to /usr/local/share/GeoIP/GeoIP.dat in geoip-lookup program.
+ Corrected path to /usr/share/GeoIP/GeoIP.dat in geoip-lookup program.
1.18 January 8th 2007
Replaced CS/Serbia and Montenegro with RS/Serbia, removed ZR/Zaire, added ME/Montenegro
--- geoip-lookup Tue Mar 30 15:13:36 2010
+++ geoip-lookup Mon Jan 09 18:57:44 2017
@@ -15,7 +15,7 @@
The I<geoip-lookup> program will return the country for the IP address or
hostname given as the first command line argument.
-It queries the GeoIP Country database in C</usr/local/share/GeoIP/GeoIP.dat>.
+It queries the GeoIP Country database in C</usr/share/GeoIP/GeoIP.dat>.
By default it prints the ISO 3166 country code. Use the C<-l> option
to print the country name.
--- geoip-lookup-city Tue Mar 30 15:13:36 2010
+++ geoip-lookup-city Mon Jan 09 18:57:48 2017
@@ -6,7 +6,7 @@
my $addr = shift;
-my $gi = Geo::IP::PurePerl->new( "/usr/local/share/GeoIP/GeoIPCity.dat",
+my $gi = Geo::IP::PurePerl->new( "/usr/share/GeoIP/GeoIPCity.dat",
GEOIP_STANDARD );
if ($addr) {
--- geoip-lookup-isp Tue Mar 30 15:13:36 2010
+++ geoip-lookup-isp Mon Jan 09 18:57:50 2017
@@ -7,7 +7,7 @@
my $addr = shift;
-my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIPISP.dat",GEOIP_STANDARD);
+my $gi = Geo::IP::PurePerl->new("/usr/share/GeoIP/GeoIPISP.dat",GEOIP_STANDARD);
my $isp = $gi->org_by_name($addr);
--- geoip-lookup-netspeed Tue Mar 30 15:13:36 2010
+++ geoip-lookup-netspeed Mon Jan 09 18:57:53 2017
@@ -6,7 +6,7 @@
my $addr = $ARGV[0];
-my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIPNetSpeed.dat",GEOIP_STANDARD);
+my $gi = Geo::IP::PurePerl->new("/usr/share/GeoIP/GeoIPNetSpeed.dat",GEOIP_STANDARD);
my $netspeed = $gi->id_by_addr($addr);
--- geoip-lookup-org Tue Mar 30 15:13:36 2010
+++ geoip-lookup-org Mon Jan 09 18:57:59 2017
@@ -7,7 +7,7 @@
my $addr = shift;
-my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIPOrg.dat",GEOIP_STANDARD);
+my $gi = Geo::IP::PurePerl->new("/usr/share/GeoIP/GeoIPOrg.dat",GEOIP_STANDARD);
my $org = $gi->org_by_name($addr);
--- geoip-lookup-region Tue Mar 30 15:13:36 2010
+++ geoip-lookup-region Mon Jan 09 18:58:01 2017
@@ -10,7 +10,7 @@
my $addr = $ARGV[0];
-my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIPRegion.dat",GEOIP_STANDARD);
+my $gi = Geo::IP::PurePerl->new("/usr/share/GeoIP/GeoIPRegion.dat",GEOIP_STANDARD);
my ($country,$region) = $gi->region_by_name($addr);
--- INSTALL Tue Mar 30 15:13:36 2010
+++ INSTALL Mon Jan 09 18:58:05 2017
@@ -3,7 +3,7 @@
# fetch latest GeoIP database, updated monthly
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
-mv GeoIP.dat /usr/local/share/GeoIP/GeoIP.dat
+mv GeoIP.dat /usr/share/GeoIP/GeoIP.dat
perl Makefile.PL
make

18
src/patches/xtables-addons-3.2-fix-database-generation.patch
View File

@@ -1,18 +0,0 @@
diff --git a/geoip/xt_geoip_build b/geoip/xt_geoip_build
index 3b15875..7bc42f3 100755
--- a/geoip/xt_geoip_build
+++ b/geoip/xt_geoip_build
@@ -259,7 +259,12 @@ sub writeCountry
my ($start, $end) = split('-', $range);
$start = inet_pton($family, $start);
$end = inet_pton($family, $end);
- print $fh $start, $end;
+
+ if ($family == AF_INET) {
+ print $fh substr($start, 0, 4), substr($end, 0, 4);
+ } else {
+ print $fh $start, $end;
+ }
}
close $fh;
}

46
src/scripts/update-location-database Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
# Proxy settings.
# Check if a proxy should be used.
if [[ $UPSTREAM_PROXY ]]; then
PROXYSETTINGS="https_proxy=http://"
# Check if authentication against the proxy is configured.
if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
fi
# Add proxy server.
PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
# Export proxy settings.
export HTTPS_PROXY="$PROXYSETTINGS"
fi
# Get the latest location database from server.
if /usr/bin/location-downloader update; then
# Call initscript to reload the firewall.
/etc/init.d/firewall reload
fi

138
src/scripts/xt_geoip_update
View File

@@ -1,138 +0,0 @@
#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
TMP_PATH=$(mktemp -dp /var/tmp)
TMP_FILE=$(mktemp -p $TMP_PATH)
SCRIPT_PATH=/usr/local/bin
DEST_PATH=/usr/share/xt_geoip
DB_PATH=/var/lib/GeoIP
DB1_PATH=/usr/share/GeoIP
DL_URL=https://geolite.maxmind.com/download/geoip/database
DL_FILE=GeoLite2-Country-CSV.zip
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
function download() {
echo "Downloading latest GeoIP ruleset..."
# Proxy settings.
# Check if a proxy should be used.
if [[ $UPSTREAM_PROXY ]]; then
PROXYSETTINGS="-e https_proxy=http://"
# Check if authentication against the proxy is configured.
if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
fi
# Add proxy server.
PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
fi
# Get the latest GeoIP database from server.
wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
# Extract files to database path.
unzip $TMP_FILE -d $TMP_PATH
return 0
}
function install() {
echo "Install CSV database..."
# Check if the database dir exists.
if [ ! -e "$DB_PATH" ]; then
mkdir -p $DB_PATH &>/dev/null
fi
# Check if the directory for binary databases exists.
if [ ! -e "$DEST_PATH" ]; then
mkdir -p $DEST_PATH &>/dev/null
fi
# Install CSV databases.
if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then
echo "Could not copy files. Aborting." >&2
return 1
fi
return 0
}
function build_legacy() {
echo "Convert database to legacy GeoIP.dat ..."
cat $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv | \
$DB1_PATH/bin/geolite2-to-legacy-csv.sh $DB1_PATH/bin/countryInfo.txt > \
$TMP_FILE
$DB1_PATH/bin/geoip-generator -v -4 --info="$(date -u +'GEO-106FREE %Y%m%d Build -IPFire-' \
-r $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv) $(<$DB_PATH/COPYRIGHT.txt)" -o \
$DB1_PATH/GeoIP.dat $TMP_FILE
return 0
}
function build() {
echo "Convert database..."
# Run script to convert the CSV file into several xtables
# compatible binary files.
if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then
echo "Could not convert ruleset. Aborting." >&2
return 1
fi
return 0
}
function cleanup() {
echo "Cleaning up temporary files..."
if ! rm -rf $TMP_PATH &>/dev/null; then
echo "Could not remove files. Aborting." >&2
return 1
fi
return 0
}
function main() {
local func
for func in download install build build_legacy; do
if ! ${func}; then
# Cleanup any temporary data
cleanup
return 1
fi
done
# Cleanup
cleanup || return $?
# All done
return 0
}
# Run the main function.
main || exit $?