Merge branch 'next' of ssh://arne_f@git.ipfire.org/pub/git/ipfire-2.x into next

Conflicts:
	doc/packages-list.txt

config/guardian/guardian.pl

@@ -50,6 +50,8 @@ print "My gatewayaddess is: $gatewayaddr\n";
 			# destination was found.
 	"$hostipaddr" => 1);
 
+&get_aliases;
+
 %sshhash = ();
 
 if ( -e $targetfile ) {
@@ -186,8 +188,8 @@ sub ipchain {
 	my ($source, $dest, $type) = @_;
 	&write_log ("$source\t$type\n");
 	if ($hash{$source} eq "") {
-		&write_log ("Running '$blockpath $source'\n");
-		system ("$blockpath $source");
+		&write_log ("Running '$blockpath $source $interface'\n");
+		system ("$blockpath $source $interface");
 		$hash{$source} = time() + $TimeLimit;
 	} else {
 # We have already blocked this one, but snort detected another attack. So
@@ -244,6 +246,9 @@ sub load_conf {
 		}
 		if (/Interface\s+(.*)/) {
 			$interface = $1;
+			if ( $interface eq "" ) {
+				$interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`;
+			}
 		}
 		if (/AlertFile\s+(.*)/) {
 			$alert_file = $1;
@@ -265,16 +270,13 @@ sub load_conf {
 		}
 	}
 
-	if ($interface eq "") {
-		die "Fatal! Interface is undefined.. Please define it in $opt_o with keyword Interface\n";
-	}
 	if ($alert_file eq "") {
 		print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
 		$alert_file="/var/log/snort.alert";
 	}
 	if ($hostipaddr eq "") {
 		print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
-		$hostipaddr = &get_ip($interface);
+		$hostipaddr = `cat /var/ipfire/red/local-ipaddress`;
 		print "Got it.. your HostIpAddr is $hostipaddr\n";
 	}
 	if ($ignorefile eq "") {
@@ -345,30 +347,9 @@ sub daemonize {
 	}
 }
 
-sub get_ip {
-	my ($interface) = $_[0];
-	my $ip;
-	open (IFCONFIG, "/bin/netstat -iee |grep $interface -A7 |");
-	while (<IFCONFIG>) {
-		if ($OS eq "FreeBSD") {
-			if (/inet (\d+\.\d+\.\d+\.\d+)/) {
-				$ip = $1;
-			}
-		}
-		if ($OS eq "Linux") {
-			if (/inet addr:(\d+\.\d+\.\d+\.\d+)/) {
-				$ip = $1;
-			}
-		}
-	}
-	close (IFCONFIG);
-
-	if ($ip eq "") { die "Couldn't figure out the ip address\n"; }
-		$ip;
-	}
-
 sub sig_handler_setup {
-	$SIG{TERM} = \&clean_up_and_exit; # kill
+	$SIG{INT} = \&clean_up_and_exit; # kill -2
+	$SIG{TERM} = \&clean_up_and_exit; # kill -9
 	$SIG{QUIT} = \&clean_up_and_exit; # kill -3
 #  $SIG{HUP} = \&flush_and_reload; # kill -1
 }
@@ -387,7 +368,7 @@ sub remove_blocks {
 sub call_unblock {
 	my ($source, $message) = @_;
 	&write_log ("$message");
-	system ("$unblockpath $source");
+	system ("$unblockpath $source $interface");
 }
 
 sub clean_up_and_exit {
@@ -412,3 +393,22 @@ sub load_targetfile {
 	close (TARG);
 	print "Loaded $count addresses from $targetfile\n";
 }
+
+sub get_aliases {
+	my $ip;
+	print "Scanning for aliases on $interface and add them to the target hash...";
+
+	open (IFCONFIG, "/sbin/ip addr show $interface |");
+	my @lines = <IFCONFIG>;
+	close(IFCONFIG);
+
+	foreach $line (@lines) {
+		if ( $line =~ /inet (\d+\.\d+\.\d+\.\d+)/) {
+			$ip = $1;
+			print " got $ip on $interface ... ";
+			$targethash{'$ip'} = "1";
+		}
+	}
+
+	print "done \n";
+}

config/guardian/guardian_block.sh

@@ -2,10 +2,11 @@
 
 # this is a sample block script for guardian. This should work with ipchains. 
 # This command gets called by guardian as such:
-#  guardian_block.sh <source_ip>
+#  guardian_block.sh <source_ip> <interface>
 # and the script will issue a command to block all traffic from that source ip
 # address. The logic of weither or not it is safe to block that address is
 # done inside guardian itself.
 source=$1
+interface=$2
 
-/sbin/iptables -I GUARDIANINPUT -s $source -j DROP
+/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP

config/guardian/guardian_unblock.sh

@@ -2,8 +2,9 @@
 
 # this is a sample unblock script for guardian. This should work with ipchains. 
 # This command gets called by guardian as such:
-#  unblock.sh <source_ip>
+#  unblock.sh <source_ip> <interface>
 # and the script will issue a command to remove the block that was created with # block.sh address. 
 source=$1
+interface=$2
 
-/sbin/iptables -D GUARDIANINPUT -s $source -j DROP
+/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP

doc/packages-list.txt

@@ -160,6 +160,7 @@
 * igb-2.3.4-kmod-2.6.32.24-ipfire-xen
 * igmpproxy-0.1
 * imspector-0.9
+* imspector-20101008
 * inetutils-1.4.2
 * ipaddr-1.2
 * iperf-2.0.4
@@ -316,6 +317,7 @@
 * rsync-3.0.7
 * rtorrent-0.8.6
 * samba-3.5.5
+* samba-3.5.6
 * sane-1.0.19
 * screen-4.0.3
 * sdparm-1.01
@@ -330,7 +332,7 @@
 * spandsp-0.0.6pre12
 * splix-2.0.0-rc2
 * sqlite-3.6.10
-* squid-2.7.STABLE9
+* squid-3.1.8
 * squidGuard-1.4.1
 * squidclamav-5.4
 * sshfs-fuse-2.2
@@ -373,6 +375,7 @@
 * vnstat-1.6
 * vnstati-beta3
 * vsftpd-2.1.2
+* vsftpd-2.2.2
 * w_scan-20080105
 * watchdog-5.9
 * wget-1.10.2

html/cgi-bin/outgoinggrp.cgi

@@ -137,7 +137,7 @@ $ipgroupcontent =~ s/\n/<br \/>/g;
 &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'});
 
 print <<END
-<a name="outgoing showipgroup"</a>
+<a name="outgoing showipgroup"></a>
 <br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
 <table width='95%' cellspacing='0'>
@@ -214,7 +214,7 @@ $macgroupcontent =~ s/\n/<br \/>/g;
 &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall mac groups'});
 
 print <<END
-<a name="outgoing showmacgroup"</a>
+<a name="outgoing showmacgroup"></a>
 <br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'>
 <table width='95%' cellspacing='0'>

html/cgi-bin/urlfilter.cgi

@@ -1213,6 +1213,10 @@ print <<END
 	<td colspan='2'>$Lang::tr{'urlfilter blocked domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td colspan='2'>$Lang::tr{'urlfilter blocked urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
 END
@@ -1252,6 +1256,10 @@ print <<END
 	<td colspan='2'>$Lang::tr{'urlfilter allowed domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td colspan='2'>$Lang::tr{'urlfilter allowed urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_WHITE_DOMAINS' cols='32' rows='6' wrap='off'>
 END

html/cgi-bin/vpnmain.cgi

@@ -1988,7 +1988,7 @@ END
 	print <<END
 	<table width='100%' cellpadding='0' cellspacing='5' border='0'>
 	<tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
-	    <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
+	    <td class='base' width='50%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
 	</tr>
 	</table>
 END
@@ -2006,7 +2006,7 @@ END
 	<table width='100%' cellpadding='0' cellspacing='5' border='0'>
 	<tr><td width='5%'><input type='radio' name='AUTH' value='psk' $checked{'AUTH'}{'psk'} $pskdisabled/></td>
 	    <td class='base' width='55%'>$Lang::tr{'use a pre-shared key'}</td>
-	    <td class='base' width='40%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
+	    <td class='base' width='40%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
 	<tr><td colspan='3' bgcolor='#000000'></td></tr>
 	<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
 	    <td class='base'><hr />$Lang::tr{'upload a certificate request'}</td>

langs/de/cgi-bin/de.pl

@@ -1886,6 +1886,8 @@
 'urlfilter enable log' => 'Aktiviere Protokoll',
 'urlfilter enable rewrite rules' => 'Aktiviere lokale Dateiumleitung',
 'urlfilter enabled' => 'Aktiviert:',
+'urlfilter example' => 'Beispiel: www.domain.com',
+'urlfilter example ads' => 'Beispiel: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Blacklist exportieren',
 'urlfilter export error' => 'Kann Exportdatei nicht erstellen',
 'urlfilter expressions' => 'Ausdrücke (einen pro Zeile)',

langs/en/cgi-bin/en.pl

@@ -1920,6 +1920,8 @@
 'urlfilter enable log' => 'Enable log',
 'urlfilter enable rewrite rules' => 'Enable local file redirection',
 'urlfilter enabled' => 'Enabled:',
+'urlfilter example' => 'Example: www.domain.com',
+'urlfilter example ads' => 'Example: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Export blacklist',
 'urlfilter export error' => 'Unable to create export file',
 'urlfilter expressions' => 'Expressions (one per line)',

langs/es/cgi-bin/es.pl

@@ -1907,6 +1907,8 @@
 'urlfilter enable log' => 'Activar registro',
 'urlfilter enable rewrite rules' => 'Activar redirección de archivos locales',
 'urlfilter enabled' => 'Activado:',
+'urlfilter example' => 'Ejemplo: www.domain.com',
+'urlfilter example ads' => 'Ejemplo: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Exportar lista negra',
 'urlfilter export error' => 'Imposible crear archivo de exportación',
 'urlfilter expressions' => 'Frases (una por línea)',

langs/fr/cgi-bin/fr.pl

@@ -1916,6 +1916,8 @@
 'urlfilter enable log' => 'Activer log',
 'urlfilter enable rewrite rules' => 'Activer fichier local de redirection',
 'urlfilter enabled' => 'Activé:',
+'urlfilter example' => 'Exemple: www.domain.com',
+'urlfilter example ads' => 'Exemple: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Exporter Blackliste',
 'urlfilter export error' => 'Impossible de créer fichier d\'exportation',
 'urlfilter expressions' => 'Expressions (une par ligne)',

lfs/guardian

@@ -30,7 +30,7 @@ THISAPP    = guardian-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = guardian
-PAK_VER    = 6
+PAK_VER    = 7
 
 DEPS       = ""
 

lfs/imspector

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.9
+VER        = 20101008
 
 THISAPP    = imspector-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = imspector
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 626abf7c2b8f15d56df679ad66624575
+$(DL_FILE)_MD5 = 032407bb13ccddb77328f83eded102ee
 
 install : $(TARGET)
 
@@ -77,9 +77,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && make install
+	cd $(DIR_SRC)/imspector && make install
 	-mv /usr/etc/imspector /etc/imspector
-	install -v -m 755  $(DIR_CONF)/imspector/imspector.conf /etc/imspector.conf
+	-mv /etc/imspector/imspector /etc/imspector
+	install -v -m 755 $(DIR_CONF)/imspector/imspector.conf /etc/imspector.conf
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/imspector /var/ipfire/backup/addons/includes/imspector
 	chmod 755 /srv/web/ipfire/cgi-bin/imspector.cgi
 	chown nobody:nobody -R /var/log/imspector

lfs/samba

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.5
+VER        = 3.5.6
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 30
+PAK_VER    = 31
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 278728aeeef9db7e27fa6a2ce5b43509
+$(DL_FILE)_MD5 = bf6c09ea497a166df8bd672db1d8da8f
 
 install : $(TARGET)
 

lfs/vsftpd

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.1.2
+VER        = 2.2.2
 
 THISAPP    = vsftpd-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = vsftpd
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6a8c8579d50adf0d0fc07226c03bfb52
+$(DL_FILE)_MD5 = 6d6bc136af14c23f8fef6f1a51f55418
 
 install : $(TARGET)
 

src/initscripts/init.d/firewall

@@ -140,8 +140,9 @@ case "$1" in
 	# CUSTOM chains, can be used by the users themselves
 	/sbin/iptables -N CUSTOMINPUT
 	/sbin/iptables -A INPUT -j CUSTOMINPUT
-	/sbin/iptables -N GUARDIANINPUT
-	/sbin/iptables -A INPUT -j GUARDIANINPUT
+	/sbin/iptables -N GUARDIAN
+	/sbin/iptables -A INPUT -j GUARDIAN
+	/sbin/iptables -A FORWARD -j GUARDIAN
 	/sbin/iptables -N CUSTOMFORWARD
 	/sbin/iptables -A FORWARD -j CUSTOMFORWARD
 	/sbin/iptables -N CUSTOMOUTPUT

src/initscripts/init.d/openvmtools

@@ -4,9 +4,9 @@
 #
 # Description : init-script for open-vm-tools
 #
-# Authors     : earl
+# Authors     : Jan Paul Tuecking (earl@ipfire.org)
 #
-# Version     : 00.01
+# Version     : 1.00
 #
 # Notes       :
 #

src/initscripts/init.d/vdradmin

@@ -8,7 +8,8 @@
 #
 # Version     : 01.00
 #
-# Notes       :
+# Notes       : Changes in 01.01
+#             : v.2.6.7 needs /var/run/vdradmin dir (earl@ipfire.org)
 #
 ########################################################################
 
@@ -18,6 +19,7 @@
 case "${1}" in
 	start)
 		boot_mesg "Starting VDR Webadministration Tool..."
+		mkdir /var/run/vdradmin -p
 		loadproc /usr/bin/vdradmind > /dev/null
 		evaluate_retval
 		;;