From 2e28ecea3ef7b96ef55d9b3dc3ad67414c023853 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 20 Apr 2015 22:48:46 +0200 Subject: [PATCH 1/4] functions.network: update dhcp client commandline. this fix trailing space before hostname. --- config/rootfiles/core/90/filelists/files | 1 + src/initscripts/init.d/networking/functions.network | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files index d346264d8..85d3de335 100644 --- a/config/rootfiles/core/90/filelists/files +++ b/config/rootfiles/core/90/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue etc/rc.d/init.d/firewall etc/rc.d/init.d/network-trigger +etc/rc.d/init.d/networking/functions.network etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/rcsysinit.d/S90network-trigger srv/web/ipfire/cgi-bin/firewall.cgi diff --git a/src/initscripts/init.d/networking/functions.network b/src/initscripts/init.d/networking/functions.network index f459b7775..1af3482df 100644 --- a/src/initscripts/init.d/networking/functions.network +++ b/src/initscripts/init.d/networking/functions.network @@ -75,7 +75,7 @@ dhcpcd_start() { fi # Start dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_start}" >/dev/null 2>&1 + /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1 ret="$?" if [ "${ret}" -eq 0 ]; then @@ -124,7 +124,7 @@ dhcpcd_stop() { fi # Stop dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_stop}" &> /dev/null + /sbin/dhcpcd ${dhcp_stop} ${device} &> /dev/null ret="$?" # Wait until dhcpd has stopped. From 785c9195204b12f9391d3d13e56e7ec11576cfeb Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 20 Apr 2015 22:57:24 +0200 Subject: [PATCH 2/4] remove ipp2p patches. ipp2p is build by xtables addons now. --- config/rootfiles/core/90/filelists/iptables | 1 + lfs/iptables | 3 --- lfs/linux | 3 --- 3 files changed, 1 insertion(+), 6 deletions(-) create mode 120000 config/rootfiles/core/90/filelists/iptables diff --git a/config/rootfiles/core/90/filelists/iptables b/config/rootfiles/core/90/filelists/iptables new file mode 120000 index 000000000..8caf12bcc --- /dev/null +++ b/config/rootfiles/core/90/filelists/iptables @@ -0,0 +1 @@ +../../../common/iptables \ No newline at end of file diff --git a/lfs/iptables b/lfs/iptables index d3c8402b0..ec65ae04a 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/ - # ipp2p 0.8.2-pomng - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch - # imq cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff diff --git a/lfs/linux b/lfs/linux index 300fd8703..5675f95b1 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Linux Intermediate Queueing Device cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-imq.patch - # ipp2p 0.8.2-ipfire - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14-layer7-filter.patch From 0505af9dc07f3a2b46d15e726d40585e4ee20099 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 20 Apr 2015 23:14:11 +0200 Subject: [PATCH 3/4] rules.pl: fix geoip initialisation. --- config/firewall/rules.pl | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 535899611..daa95651b 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -580,17 +580,15 @@ sub p2pblock { sub geoipblock { my %geoipsettings = (); + $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off"; + + # Flush iptables chain. + run("$IPTABLES -F GEOIPBLOCK"); # Check if the geoip settings file exists if (-e "$geoipfile") { # Read settings file &General::readhash("$geoipfile", \%geoipsettings); - } else { - # Drop active rules. - run("$IPTABLES -F GEOIPBLOCK"); - - # Exit submodule, go on processing the remaining script - return; } # If geoip blocking is not enabled, we are finished here. @@ -602,9 +600,6 @@ sub geoipblock { # Get supported locations. my @locations = &fwlib::get_geoip_locations(); - # Flush iptables chain. - run("$IPTABLES -F GEOIPBLOCK"); - # Loop through all supported geoip locations and # create iptables rules, if blocking this country # is enabled. From 2b4830c5ab71ce04cc14979ec3ed9c91049c8d4c Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 21 Apr 2015 14:02:47 +0200 Subject: [PATCH 4/4] kernel: update to 3.14.39 --- lfs/linux | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lfs/linux b/lfs/linux index 5675f95b1..8b4f94112 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,11 +24,11 @@ include Config -VER = 3.14.38 +VER = 3.14.39 -RPI_PATCHES = 3.14.38-grsec-ipfire1 -A7M_PATCHES = 3.14.38-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1-3.14.38-201504142259.patch.xz +RPI_PATCHES = 3.14.39-grsec-ipfire1 +A7M_PATCHES = 3.14.39-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1-3.14.39-201504190814.patch.xz THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES) -$(DL_FILE)_MD5 = c4d0154627e02dc43c67fa616ff1e569 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = e423c8b3a408f23b9a26f8f0f4384c50 +$(DL_FILE)_MD5 = 3581855d0dbfcbe1140dfcd1406d0a91 +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 5056304af0a199194abd0bcb00015f28 arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = a4a4103255e93bfcb02652212b0ae3fc -$(GRS_PATCHES)_MD5 = 6d6ed13c08ae96f6470c30c00e08b130 +$(GRS_PATCHES)_MD5 = 2121d0bf825da9ff6321e2940f247c5e install : $(TARGET)