diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 535899611..daa95651b 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -580,17 +580,15 @@ sub p2pblock { sub geoipblock { my %geoipsettings = (); + $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off"; + + # Flush iptables chain. + run("$IPTABLES -F GEOIPBLOCK"); # Check if the geoip settings file exists if (-e "$geoipfile") { # Read settings file &General::readhash("$geoipfile", \%geoipsettings); - } else { - # Drop active rules. - run("$IPTABLES -F GEOIPBLOCK"); - - # Exit submodule, go on processing the remaining script - return; } # If geoip blocking is not enabled, we are finished here. @@ -602,9 +600,6 @@ sub geoipblock { # Get supported locations. my @locations = &fwlib::get_geoip_locations(); - # Flush iptables chain. - run("$IPTABLES -F GEOIPBLOCK"); - # Loop through all supported geoip locations and # create iptables rules, if blocking this country # is enabled. diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files index d346264d8..85d3de335 100644 --- a/config/rootfiles/core/90/filelists/files +++ b/config/rootfiles/core/90/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue etc/rc.d/init.d/firewall etc/rc.d/init.d/network-trigger +etc/rc.d/init.d/networking/functions.network etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/rcsysinit.d/S90network-trigger srv/web/ipfire/cgi-bin/firewall.cgi diff --git a/config/rootfiles/core/90/filelists/iptables b/config/rootfiles/core/90/filelists/iptables new file mode 120000 index 000000000..8caf12bcc --- /dev/null +++ b/config/rootfiles/core/90/filelists/iptables @@ -0,0 +1 @@ +../../../common/iptables \ No newline at end of file diff --git a/lfs/iptables b/lfs/iptables index d3c8402b0..ec65ae04a 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/ - # ipp2p 0.8.2-pomng - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch - # imq cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff diff --git a/lfs/linux b/lfs/linux index 300fd8703..8b4f94112 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,11 +24,11 @@ include Config -VER = 3.14.38 +VER = 3.14.39 -RPI_PATCHES = 3.14.38-grsec-ipfire1 -A7M_PATCHES = 3.14.38-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1-3.14.38-201504142259.patch.xz +RPI_PATCHES = 3.14.39-grsec-ipfire1 +A7M_PATCHES = 3.14.39-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1-3.14.39-201504190814.patch.xz THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES) -$(DL_FILE)_MD5 = c4d0154627e02dc43c67fa616ff1e569 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = e423c8b3a408f23b9a26f8f0f4384c50 +$(DL_FILE)_MD5 = 3581855d0dbfcbe1140dfcd1406d0a91 +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 5056304af0a199194abd0bcb00015f28 arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = a4a4103255e93bfcb02652212b0ae3fc -$(GRS_PATCHES)_MD5 = 6d6ed13c08ae96f6470c30c00e08b130 +$(GRS_PATCHES)_MD5 = 2121d0bf825da9ff6321e2940f247c5e install : $(TARGET) @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Linux Intermediate Queueing Device cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-imq.patch - # ipp2p 0.8.2-ipfire - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14-layer7-filter.patch diff --git a/src/initscripts/init.d/networking/functions.network b/src/initscripts/init.d/networking/functions.network index f459b7775..1af3482df 100644 --- a/src/initscripts/init.d/networking/functions.network +++ b/src/initscripts/init.d/networking/functions.network @@ -75,7 +75,7 @@ dhcpcd_start() { fi # Start dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_start}" >/dev/null 2>&1 + /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1 ret="$?" if [ "${ret}" -eq 0 ]; then @@ -124,7 +124,7 @@ dhcpcd_stop() { fi # Stop dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_stop}" &> /dev/null + /sbin/dhcpcd ${dhcp_stop} ${device} &> /dev/null ret="$?" # Wait until dhcpd has stopped.