webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 04:05:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into next

Browse Source 
Conflicts:
	doc/language_issues.tr
This commit is contained in:
Michael Tremer
2014-04-11 15:18:50 +02:00
parent ae6ae33f84 21674d364b
commit b04a34188c
37 changed files with 12427 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/firewall/convert-portfw
View File

@@ -105,7 +105,7 @@ sub build_rules
}
#get ipfire ip
if($alias eq '0.0.0.0'){
$alias='ALL';
$alias='Default IP';
}else{
foreach my $ali (@alias){
my ($alias_ip,$alias_active,$alias_name) = split (",",$ali);

22
config/firewall/firewall-lib.pl
View File

@@ -64,6 +64,7 @@ my $netsettings = "${General::swroot}/ethernet/settings";
&General::readhasharray("$configipsec", \%ipsecconf);
&General::readhasharray("$configsrv", \%customservice);
&General::readhasharray("$configsrvgrp", \%customservicegrp);
&General::get_aliases(\%aliases);
sub get_srv_prot
{
@@ -388,9 +389,9 @@ sub get_address
# Aliases
} else {
my %alias = &get_alias($value);
if (%alias) {
push(@ret, $alias{"IPT"});
my $alias = &get_alias($value);
if ($alias) {
push(@ret, $alias);
}
}
@@ -423,12 +424,12 @@ sub get_alias
foreach my $alias (sort keys %aliases) {
if ($id eq $alias) {
return $aliases{$alias};
return $aliases{$alias}{"IPT"};
}
}
}
sub get_nat_address
{
sub get_nat_address {
my $zone = shift;
my $source = shift;
@@ -451,15 +452,20 @@ sub get_nat_address
} elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
return $netsettings{$zone . "_ADDRESS"};
} elsif ($zone eq "Default IP") {
} elsif ($zone ~~ ["Default IP", "ALL"]) {
return &get_external_address();
} else {
return &get_alias($zone);
my $alias = &get_alias($zone);
unless ($alias) {
$alias = &get_external_address();
}
return $alias;
}
print_error("Could not find NAT address");
}
sub get_internal_firewall_ip_addresses
{
my $use_orange = shift;

43
config/firewall/firewall-policy
View File

@@ -110,33 +110,34 @@ case "${POLICY}" in
;;
*)
# Access from GREEN is granted to everywhere
if [ "${IFACE}" = "${GREEN_DEV}" ]; then
# internet via green
# don't check source IP/NET if IFACE is GREEN
iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
else
iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
fi
# Grant access for IPsec VPN connections
iptables -A POLICYFWD -m policy --pol ipsec --dir in -j ACCEPT
# Grant access for OpenVPN connections
iptables -A POLICYFWD -i tun+ -j ACCEPT
if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${BLUE_DEV}" ! -o "${IFACE}" -j DROP
iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT
fi
if [ "${HAVE_ORANGE}" = "true" ] && [ -n "${ORANGE_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${ORANGE_DEV}" ! -o "${IFACE}" -j DROP
fi
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${IFACE}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${IFACE}" -j DROP
if [ "${IFACE}" != "${RED_DEV}" ]; then
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -i "${RED_DEV}" -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -i "${RED_DEV}" -j DROP
iptables -A POLICYFWD -i "${ORANGE_DEV}" -s "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" -o "${IFACE}" -j ACCEPT
fi
fi
iptables -A POLICYFWD -j ACCEPT
if [ "${DROPFORWARD}" = "on" ]; then
iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
iptables -A POLICYFWD -m comment --comment "DROP_FORWARD" -j DROP
;;
esac

79
config/firewall/rules.pl
View File

@@ -53,7 +53,6 @@ my %customgrp=();
my %configinputfw=();
my %configoutgoingfw=();
my %confignatfw=();
my %aliases=();
my @p2ps=();
my $configfwdfw = "${General::swroot}/firewall/config";
@@ -69,7 +68,6 @@ my $netsettings = "${General::swroot}/ethernet/settings";
&General::readhasharray($configinput, \%configinputfw);
&General::readhasharray($configoutgoing, \%configoutgoingfw);
&General::readhasharray($configgrp, \%customgrp);
&General::get_aliases(\%aliases);
my @log_limit_options = &make_log_limit_options();
@@ -254,17 +252,22 @@ sub buildrules {
# Check if this protocol knows ports.
my $protocol_has_ports = ($protocol ~~ @PROTOCOLS_WITH_PORTS);
foreach my $source (@sources) {
foreach my $destination (@destinations) {
# Skip invalid rules.
next if (!$source || !$destination || ($destination eq "none"));
foreach my $src (@sources) {
# Skip invalid source.
next unless ($src);
# Sanitize source.
if ($source ~~ @ANY_ADDRESSES) {
$source = "";
}
# Sanitize source.
my $source = $src;
if ($source ~~ @ANY_ADDRESSES) {
$source = "";
}
foreach my $dst (@destinations) {
# Skip invalid rules.
next if (!$dst || ($dst eq "none"));
# Sanitize destination.
my $destination = $dst;
if ($destination ~~ @ANY_ADDRESSES) {
$destination = "";
}
@@ -532,43 +535,45 @@ sub get_protocol_options {
push(@options, ("-p", $protocol));
}
# Process source ports.
my $use_src_ports = ($$hash{$key}[7] eq "ON");
my $src_ports = $$hash{$key}[10];
if ($protocol ~~ @PROTOCOLS_WITH_PORTS) {
# Process source ports.
my $use_src_ports = ($$hash{$key}[7] eq "ON");
my $src_ports = $$hash{$key}[10];
if ($use_src_ports && $src_ports) {
push(@options, &format_ports($src_ports, "src"));
}
if ($use_src_ports && $src_ports) {
push(@options, &format_ports($src_ports, "src"));
}
# Process destination ports.
my $use_dst_ports = ($$hash{$key}[11] eq "ON");
my $use_dnat = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
# Process destination ports.
my $use_dst_ports = ($$hash{$key}[11] eq "ON");
my $use_dnat = (($$hash{$key}[28] eq "ON") && ($$hash{$key}[31] eq "dnat"));
if ($use_dst_ports) {
my $dst_ports_mode = $$hash{$key}[14];
my $dst_ports = $$hash{$key}[15];
if ($use_dst_ports) {
my $dst_ports_mode = $$hash{$key}[14];
my $dst_ports = $$hash{$key}[15];
if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
$dst_ports = $$hash{$key}[30];
}
push(@options, &format_ports($dst_ports, "dst"));
} elsif ($dst_ports_mode eq "cust_srv") {
if ($protocol eq "ICMP") {
push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
} else {
$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
$dst_ports = $$hash{$key}[30];
}
push(@options, &format_ports($dst_ports, "dst"));
}
} elsif ($dst_ports_mode eq "cust_srvgrp") {
push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
} elsif ($dst_ports_mode eq "cust_srv") {
if ($protocol eq "ICMP") {
push(@options, ("--icmp-type", &fwlib::get_srv_port($dst_ports, 3, "ICMP")));
} else {
$dst_ports = &fwlib::get_srv_port($dst_ports, 1, uc($protocol));
push(@options, &format_ports($dst_ports, "dst"));
}
} elsif ($dst_ports_mode eq "cust_srvgrp") {
push(@options, &fwlib::get_srvgrp_port($dst_ports, uc($protocol)));
}
}
}
# Check if a single ICMP type is selected.
if (!$use_src_ports && !$use_dst_ports && $protocol eq "icmp") {
if ($protocol eq "icmp") {
my $icmp_type = $$hash{$key}[9];
if (($icmp_type ne "All ICMP-Types") && $icmp_type) {

4
config/kernel/kernel.config.i586-ipfire
View File

@@ -1420,8 +1420,8 @@ CONFIG_TI_ST=m
# Altera FPGA firmware download module
#
CONFIG_ALTERA_STAPL=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MEI_ME=m
# CONFIG_INTEL_MEI is not set
# CONFIG_INTEL_MEI_ME is not set
CONFIG_VMWARE_VMCI=m
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set

4
config/kernel/kernel.config.i586-ipfire-pae
View File

@@ -1433,8 +1433,8 @@ CONFIG_TI_ST=m
# Altera FPGA firmware download module
#
CONFIG_ALTERA_STAPL=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MEI_ME=m
# CONFIG_INTEL_MEI is not set
# CONFIG_INTEL_MEI_ME is not set
CONFIG_VMWARE_VMCI=m
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set

43
config/rootfiles/common/apache2
View File

@@ -323,14 +323,14 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/developer/debugging.html.en
#srv/web/ipfire/manual/developer/documenting.html
#srv/web/ipfire/manual/developer/documenting.html.en
#srv/web/ipfire/manual/developer/documenting.html.zh-cn
#srv/web/ipfire/manual/developer/documenting.html.zh-cn.utf8
#srv/web/ipfire/manual/developer/filters.html
#srv/web/ipfire/manual/developer/filters.html.en
#srv/web/ipfire/manual/developer/hooks.html
#srv/web/ipfire/manual/developer/hooks.html.en
#srv/web/ipfire/manual/developer/index.html
#srv/web/ipfire/manual/developer/index.html.en
#srv/web/ipfire/manual/developer/index.html.zh-cn
#srv/web/ipfire/manual/developer/index.html.zh-cn.utf8
#srv/web/ipfire/manual/developer/modules.html
#srv/web/ipfire/manual/developer/modules.html.en
#srv/web/ipfire/manual/developer/modules.html.ja.utf8
@@ -357,7 +357,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/faq/index.html
#srv/web/ipfire/manual/faq/index.html.en
#srv/web/ipfire/manual/faq/index.html.tr.utf8
#srv/web/ipfire/manual/faq/index.html.zh-cn
#srv/web/ipfire/manual/faq/index.html.zh-cn.utf8
#srv/web/ipfire/manual/filter.html
#srv/web/ipfire/manual/filter.html.en
#srv/web/ipfire/manual/filter.html.es
@@ -381,7 +381,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/handler.html.ko.euc-kr
#srv/web/ipfire/manual/handler.html.ru.koi8-r
#srv/web/ipfire/manual/handler.html.tr.utf8
#srv/web/ipfire/manual/handler.html.zh-cn
#srv/web/ipfire/manual/handler.html.zh-cn.utf8
#srv/web/ipfire/manual/howto
#srv/web/ipfire/manual/howto/access.html
#srv/web/ipfire/manual/howto/access.html.en
@@ -405,7 +405,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/howto/index.html.en
#srv/web/ipfire/manual/howto/index.html.ja.utf8
#srv/web/ipfire/manual/howto/index.html.ko.euc-kr
#srv/web/ipfire/manual/howto/index.html.zh-cn
#srv/web/ipfire/manual/howto/index.html.zh-cn.utf8
#srv/web/ipfire/manual/howto/public_html.html
#srv/web/ipfire/manual/howto/public_html.html.en
#srv/web/ipfire/manual/howto/public_html.html.ja.utf8
@@ -434,6 +434,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/images/mod_filter_new.png
#srv/web/ipfire/manual/images/mod_filter_new.tr.png
#srv/web/ipfire/manual/images/mod_filter_old.gif
#srv/web/ipfire/manual/images/mod_filter_old.png
#srv/web/ipfire/manual/images/mod_rewrite_fig1.gif
#srv/web/ipfire/manual/images/mod_rewrite_fig1.png
#srv/web/ipfire/manual/images/mod_rewrite_fig2.gif
@@ -461,7 +462,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/index.html.ko.euc-kr
#srv/web/ipfire/manual/index.html.pt-br
#srv/web/ipfire/manual/index.html.tr.utf8
#srv/web/ipfire/manual/index.html.zh-cn
#srv/web/ipfire/manual/index.html.zh-cn.utf8
#srv/web/ipfire/manual/install.html
#srv/web/ipfire/manual/install.html.de
#srv/web/ipfire/manual/install.html.en
@@ -492,7 +493,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/misc/index.html.en
#srv/web/ipfire/manual/misc/index.html.ko.euc-kr
#srv/web/ipfire/manual/misc/index.html.tr.utf8
#srv/web/ipfire/manual/misc/index.html.zh-cn
#srv/web/ipfire/manual/misc/index.html.zh-cn.utf8
#srv/web/ipfire/manual/misc/password_encryptions.html
#srv/web/ipfire/manual/misc/password_encryptions.html.en
#srv/web/ipfire/manual/misc/perf-tuning.html
@@ -534,7 +535,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/mod/directives.html.ko.euc-kr
#srv/web/ipfire/manual/mod/directives.html.ru.koi8-r
#srv/web/ipfire/manual/mod/directives.html.tr.utf8
#srv/web/ipfire/manual/mod/directives.html.zh-cn
#srv/web/ipfire/manual/mod/directives.html.zh-cn.utf8
#srv/web/ipfire/manual/mod/event.html
#srv/web/ipfire/manual/mod/event.html.en
#srv/web/ipfire/manual/mod/index.html
@@ -544,7 +545,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/mod/index.html.ja.utf8
#srv/web/ipfire/manual/mod/index.html.ko.euc-kr
#srv/web/ipfire/manual/mod/index.html.tr.utf8
#srv/web/ipfire/manual/mod/index.html.zh-cn
#srv/web/ipfire/manual/mod/index.html.zh-cn.utf8
#srv/web/ipfire/manual/mod/mod_actions.html
#srv/web/ipfire/manual/mod/mod_actions.html.de
#srv/web/ipfire/manual/mod/mod_actions.html.en
@@ -852,7 +853,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/mod/quickreference.html.ko.euc-kr
#srv/web/ipfire/manual/mod/quickreference.html.ru.koi8-r
#srv/web/ipfire/manual/mod/quickreference.html.tr.utf8
#srv/web/ipfire/manual/mod/quickreference.html.zh-cn
#srv/web/ipfire/manual/mod/quickreference.html.zh-cn.utf8
#srv/web/ipfire/manual/mod/worker.html
#srv/web/ipfire/manual/mod/worker.html.de
#srv/web/ipfire/manual/mod/worker.html.en
@@ -866,7 +867,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/mpm.html.ja.utf8
#srv/web/ipfire/manual/mpm.html.ko.euc-kr
#srv/web/ipfire/manual/mpm.html.tr.utf8
#srv/web/ipfire/manual/mpm.html.zh-cn
#srv/web/ipfire/manual/mpm.html.zh-cn.utf8
#srv/web/ipfire/manual/new_features_2_0.html
#srv/web/ipfire/manual/new_features_2_0.html.de
#srv/web/ipfire/manual/new_features_2_0.html.en
@@ -890,7 +891,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/platform/index.html
#srv/web/ipfire/manual/platform/index.html.en
#srv/web/ipfire/manual/platform/index.html.ko.euc-kr
#srv/web/ipfire/manual/platform/index.html.zh-cn
#srv/web/ipfire/manual/platform/index.html.zh-cn.utf8
#srv/web/ipfire/manual/platform/netware.html
#srv/web/ipfire/manual/platform/netware.html.en
#srv/web/ipfire/manual/platform/netware.html.ko.euc-kr
@@ -953,7 +954,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/programs/index.html.ko.euc-kr
#srv/web/ipfire/manual/programs/index.html.ru.koi8-r
#srv/web/ipfire/manual/programs/index.html.tr.utf8
#srv/web/ipfire/manual/programs/index.html.zh-cn
#srv/web/ipfire/manual/programs/index.html.zh-cn.utf8
#srv/web/ipfire/manual/programs/logresolve.html
#srv/web/ipfire/manual/programs/logresolve.html.en
#srv/web/ipfire/manual/programs/logresolve.html.ko.euc-kr
@@ -986,7 +987,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/rewrite/index.html.en
#srv/web/ipfire/manual/rewrite/index.html.fr
#srv/web/ipfire/manual/rewrite/index.html.tr.utf8
#srv/web/ipfire/manual/rewrite/index.html.zh-cn
#srv/web/ipfire/manual/rewrite/index.html.zh-cn.utf8
#srv/web/ipfire/manual/rewrite/intro.html
#srv/web/ipfire/manual/rewrite/intro.html.en
#srv/web/ipfire/manual/rewrite/intro.html.fr
@@ -1019,13 +1020,13 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/sitemap.html.ja.utf8
#srv/web/ipfire/manual/sitemap.html.ko.euc-kr
#srv/web/ipfire/manual/sitemap.html.tr.utf8
#srv/web/ipfire/manual/sitemap.html.zh-cn
#srv/web/ipfire/manual/sitemap.html.zh-cn.utf8
#srv/web/ipfire/manual/ssl
#srv/web/ipfire/manual/ssl/index.html
#srv/web/ipfire/manual/ssl/index.html.en
#srv/web/ipfire/manual/ssl/index.html.ja.utf8
#srv/web/ipfire/manual/ssl/index.html.tr.utf8
#srv/web/ipfire/manual/ssl/index.html.zh-cn
#srv/web/ipfire/manual/ssl/index.html.zh-cn.utf8
#srv/web/ipfire/manual/ssl/ssl_compat.html
#srv/web/ipfire/manual/ssl/ssl_compat.html.en
#srv/web/ipfire/manual/ssl/ssl_faq.html
@@ -1062,7 +1063,9 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/style/manualpage.dtd
#srv/web/ipfire/manual/style/modulesynopsis.dtd
#srv/web/ipfire/manual/style/scripts
#srv/web/ipfire/manual/style/scripts/MINIFY
#srv/web/ipfire/manual/style/scripts/prettify.js
#srv/web/ipfire/manual/style/scripts/prettify.min.js
#srv/web/ipfire/manual/style/sitemap.dtd
#srv/web/ipfire/manual/style/version.ent
#srv/web/ipfire/manual/style/xsl
@@ -1109,7 +1112,7 @@ etc/httpd/conf/mime.types
#srv/web/ipfire/manual/vhosts/index.html.ko.euc-kr
#srv/web/ipfire/manual/vhosts/index.html.ru.koi8-r
#srv/web/ipfire/manual/vhosts/index.html.tr.utf8
#srv/web/ipfire/manual/vhosts/index.html.zh-cn
#srv/web/ipfire/manual/vhosts/index.html.zh-cn.utf8
#srv/web/ipfire/manual/vhosts/ip-based.html
#srv/web/ipfire/manual/vhosts/ip-based.html.en
#srv/web/ipfire/manual/vhosts/ip-based.html.fr
@@ -1154,6 +1157,7 @@ etc/httpd/conf/mime.types
#usr/include/apache/apr_dso.h
#usr/include/apache/apr_env.h
#usr/include/apache/apr_errno.h
#usr/include/apache/apr_escape.h
#usr/include/apache/apr_file_info.h
#usr/include/apache/apr_file_io.h
#usr/include/apache/apr_fnmatch.h
@@ -1189,6 +1193,7 @@ etc/httpd/conf/mime.types
#usr/include/apache/apr_sha1.h
#usr/include/apache/apr_shm.h
#usr/include/apache/apr_signal.h
#usr/include/apache/apr_skiplist.h
#usr/include/apache/apr_strings.h
#usr/include/apache/apr_strmatch.h
#usr/include/apache/apr_support.h
@@ -1331,12 +1336,12 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so
#usr/lib/libapr-1.la
usr/lib/libapr-1.so
usr/lib/libapr-1.so.0
usr/lib/libapr-1.so.0.4.8
usr/lib/libapr-1.so.0.5.0
#usr/lib/libaprutil-1.a
#usr/lib/libaprutil-1.la
usr/lib/libaprutil-1.so
usr/lib/libaprutil-1.so.0
usr/lib/libaprutil-1.so.0.5.2
usr/lib/libaprutil-1.so.0.5.3
#usr/lib/pkgconfig/apr-1.pc
#usr/lib/pkgconfig/apr-util-1.pc
#usr/sbin/ab

5939
config/rootfiles/common/armv5tel/glibc
View File

File diff suppressed because it is too large Load Diff

1
config/rootfiles/common/armv5tel/linux-headers
View File

@@ -400,6 +400,7 @@
#usr/include/linux/netfilter/xt_helper.h
#usr/include/linux/netfilter/xt_iprange.h
#usr/include/linux/netfilter/xt_ipvs.h
#usr/include/linux/netfilter/xt_layer7.h
#usr/include/linux/netfilter/xt_length.h
#usr/include/linux/netfilter/xt_limit.h
#usr/include/linux/netfilter/xt_mac.h

5939
config/rootfiles/common/i586/glibc
View File

File diff suppressed because it is too large Load Diff

1
config/rootfiles/common/i586/linux-headers
View File

@@ -429,6 +429,7 @@
#usr/include/linux/netfilter/xt_helper.h
#usr/include/linux/netfilter/xt_iprange.h
#usr/include/linux/netfilter/xt_ipvs.h
#usr/include/linux/netfilter/xt_layer7.h
#usr/include/linux/netfilter/xt_length.h
#usr/include/linux/netfilter/xt_limit.h
#usr/include/linux/netfilter/xt_mac.h

1
config/rootfiles/core/76/filelists/files
View File

@@ -2,6 +2,7 @@ etc/system-release
etc/issue
etc/collectd.conf
etc/rc.d/init.d/network
etc/sysctl.conf
run
srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/gui.cgi

4
config/rootfiles/core/76/update.sh
View File

@@ -113,6 +113,7 @@ add_to_backup usr/share/usb_modeswitch
add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
add_to_backup usr/local/bin/dialctrl.pl
add_to_backup usr/lib/locale/locale-archive
# Backup the files
tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
@@ -146,6 +147,9 @@ rm -rf /usr/share/usb_modeswitch
# Remove old tzdata
rm -rf /usr/share/zoneinfo
# Remoce old locale-archive
rm -rf /usr/lib/locale/locale-archive
# Remove dialctrl.pl script
rm -f \
/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \

1
doc/language_issues.de
View File

@@ -377,7 +377,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group

1
doc/language_issues.en
View File

@@ -403,7 +403,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group

9
doc/language_issues.es
View File

@@ -359,7 +359,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
@@ -568,7 +567,12 @@ WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Async logging enabled
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: addons
@@ -665,6 +669,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -710,6 +715,7 @@ WARNING: untranslated string: fwdfw hint mac
WARNING: untranslated string: fwdfw iface
WARNING: untranslated string: fwdfw log
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -880,6 +886,7 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation

9
doc/language_issues.fr
View File

@@ -359,7 +359,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group
WARNING: translation string unused: outgoing firewall add mac group
@@ -579,7 +578,12 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: advproxy cache-digest
@@ -676,6 +680,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -721,6 +726,7 @@ WARNING: untranslated string: fwdfw hint mac
WARNING: untranslated string: fwdfw iface
WARNING: untranslated string: fwdfw log
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -888,6 +894,7 @@ WARNING: untranslated string: server restart
WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: snort working
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation

9
doc/language_issues.nl
View File

@@ -363,7 +363,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group
@@ -583,7 +582,12 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: advproxy cache-digest
@@ -623,6 +627,7 @@ WARNING: untranslated string: drop outgoing
WARNING: untranslated string: encryption
WARNING: untranslated string: entropy
WARNING: untranslated string: entropy graphs
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -668,6 +673,7 @@ WARNING: untranslated string: fwdfw hint mac
WARNING: untranslated string: fwdfw iface
WARNING: untranslated string: fwdfw log
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -808,6 +814,7 @@ WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: support donation
WARNING: untranslated string: system has hwrng

9
doc/language_issues.pl
View File

@@ -359,7 +359,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall mode0
WARNING: translation string unused: outgoing firewall mode1
@@ -568,7 +567,12 @@ WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Async logging enabled
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: MB read
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: addons
@@ -665,6 +669,7 @@ WARNING: untranslated string: fireinfo why descr2
WARNING: untranslated string: fireinfo why enable
WARNING: untranslated string: fireinfo why read more
WARNING: untranslated string: fireinfo your profile id
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -710,6 +715,7 @@ WARNING: untranslated string: fwdfw hint mac
WARNING: untranslated string: fwdfw iface
WARNING: untranslated string: fwdfw log
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -880,6 +886,7 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation

9
doc/language_issues.ru
View File

@@ -353,7 +353,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group
WARNING: translation string unused: outgoing firewall add mac group
@@ -571,8 +570,13 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Add a route
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: Edit an existing route
WARNING: untranslated string: MB read
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: addons
WARNING: untranslated string: advproxy cache-digest
@@ -660,6 +664,7 @@ WARNING: untranslated string: extrahd maybe the device is in use
WARNING: untranslated string: extrahd to
WARNING: untranslated string: extrahd to root
WARNING: untranslated string: extrahd you cant mount
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: firewall rules
WARNING: untranslated string: first
WARNING: untranslated string: flag
@@ -705,6 +710,7 @@ WARNING: untranslated string: fwdfw hint mac
WARNING: untranslated string: fwdfw iface
WARNING: untranslated string: fwdfw log
WARNING: untranslated string: fwdfw log rule
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwdfw menu
WARNING: untranslated string: fwdfw movedown
WARNING: untranslated string: fwdfw moveup
@@ -870,6 +876,7 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: show dh
WARNING: untranslated string: snat new source ip address
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation

28
doc/language_issues.tr
View File

@@ -4,6 +4,7 @@ WARNING: translation string unused: ConnSched select profile
WARNING: translation string unused: HDD temperature
WARNING: translation string unused: Level7 rule
WARNING: translation string unused: Local VPN IP
WARNING: translation string unused: MB written
WARNING: translation string unused: Ping
WARNING: translation string unused: Queuelenght
WARNING: translation string unused: Remote IP
@@ -169,7 +170,6 @@ WARNING: translation string unused: do not log this port list
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: dynamic dns client
@@ -403,7 +403,6 @@ WARNING: translation string unused: optionsfw portlist hint
WARNING: translation string unused: optionsfw warning
WARNING: translation string unused: or
WARNING: translation string unused: original
WARNING: translation string unused: other countries
WARNING: translation string unused: our donors
WARNING: translation string unused: out
WARNING: translation string unused: outgoing firewall add ip group
@@ -552,6 +551,7 @@ WARNING: translation string unused: to email adr
WARNING: translation string unused: to install an update
WARNING: translation string unused: to warn email bad
WARNING: translation string unused: too long 80 char max
WARNING: translation string unused: tor 0 = disabled
WARNING: translation string unused: tor accounting period daily
WARNING: translation string unused: tor accounting period monthly
WARNING: translation string unused: tor accounting period weekly
@@ -633,29 +633,22 @@ WARNING: translation string unused: xtaccess all error
WARNING: translation string unused: xtaccess bad transfert
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: MB read
WARNING: untranslated string: ConnSched dial
WARNING: untranslated string: ConnSched hangup
WARNING: untranslated string: ConnSched reboot
WARNING: untranslated string: ConnSched shutdown
WARNING: untranslated string: Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: ccd err isipsecrw
WARNING: untranslated string: ccd err isovpnn2n
WARNING: untranslated string: count
WARNING: untranslated string: countries
WARNING: untranslated string: country codes and flags
WARNING: untranslated string: countrycode
WARNING: untranslated string: details
WARNING: untranslated string: dh
WARNING: untranslated string: dh key warn
WARNING: untranslated string: dh name is invalid
WARNING: untranslated string: drop outgoing
WARNING: untranslated string: entropy graphs
WARNING: untranslated string: flag
WARNING: untranslated string: fwdfw warn1
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: fwdfw many
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
WARNING: untranslated string: hardware support
WARNING: untranslated string: last
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
@@ -668,6 +661,5 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: show dh
WARNING: untranslated string: system has hwrng
WARNING: untranslated string: system has rdrand
WARNING: untranslated string: source ip country
WARNING: untranslated string: upload dh key

32
doc/language_missings
View File

@@ -65,6 +65,10 @@
< ccd routes
< ccd subnet
< ccd used
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
< ConnSched shutdown
< count
< countries
< countrycode
@@ -111,6 +115,7 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
< firewall logs country
< firewall rules
< flag
< forward firewall
@@ -158,6 +163,7 @@
< fwdfw log
< fwdfw log rule
< fwdfw man port
< fwdfw many
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
@@ -313,6 +319,7 @@
< notice
< ntp common settings
< ntp sync
< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -357,6 +364,7 @@
< show dh
< snat new source ip address
< snort working
< source ip country
< ssh
< static routes
< support donation
@@ -539,6 +547,10 @@
< ccd routes
< ccd subnet
< ccd used
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
< ConnSched shutdown
< count
< countries
< countrycode
@@ -584,6 +596,7 @@
< fireinfo why enable
< fireinfo why read more
< fireinfo your profile id
< firewall logs country
< firewall rules
< flag
< forward firewall
@@ -631,6 +644,7 @@
< fwdfw log
< fwdfw log rule
< fwdfw man port
< fwdfw many
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
@@ -784,6 +798,7 @@
< no hardware random number generator
< not a valid dh key
< notice
< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -846,6 +861,7 @@
< Set time on boot
< show dh
< snat new source ip address
< source ip country
< ssh
< static routes
< support donation
@@ -1004,6 +1020,10 @@
< ccd routes
< ccd subnet
< ccd used
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
< ConnSched shutdown
< count
< countries
< countrycode
@@ -1041,6 +1061,7 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
< firewall logs country
< firewall rules
< flag
< forward firewall
@@ -1088,6 +1109,7 @@
< fwdfw log
< fwdfw log rule
< fwdfw man port
< fwdfw many
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
@@ -1241,6 +1263,7 @@
< no hardware random number generator
< not a valid dh key
< notice
< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -1288,6 +1311,7 @@
< server restart
< show dh
< snat new source ip address
< source ip country
< ssh
< static routes
< support donation
@@ -1446,6 +1470,10 @@
< ccd routes
< ccd subnet
< ccd used
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
< ConnSched shutdown
< count
< countries
< countrycode
@@ -1486,6 +1514,7 @@
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
< firewall logs country
< firewall rules
< flag
< forward firewall
@@ -1534,6 +1563,7 @@
< fwdfw log
< fwdfw log rule
< fwdfw man port
< fwdfw many
< fwdfw menu
< fwdfw MODE1
< fwdfw MODE2
@@ -1690,6 +1720,7 @@
< no hardware random number generator
< not a valid dh key
< notice
< Number of Countries for the pie chart
< openvpn default
< openvpn destination port used
< openvpn disabled
@@ -1734,6 +1765,7 @@
< server restart
< show dh
< snat new source ip address
< source ip country
< ssh
< static routes
< support donation

51
html/cgi-bin/aliases.cgi
View File

@@ -34,6 +34,13 @@ require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my $configfwdfw = "${General::swroot}/firewall/config";
my $configinput = "${General::swroot}/firewall/input";
my $configoutgoing = "${General::swroot}/firewall/outgoing";
my %input=();
my %forward=();
my %output=();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
@dummy = ( ${Header::table1colour} );
@@ -90,7 +97,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
#
#Validate static Settings1 here
#
unless ($errormessage) { # Everything is ok, save settings
#map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
#&General::writehash($setting, \%settings); # Save good settings
@@ -146,6 +152,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
$errormessage = $Lang::tr{'duplicate ip'} . ' (RED)';
$spacer=" & ";
}
#Check if we have an emtpy name
if (!$settings{'NAME'}){
$errormessage=$Lang::tr{'fwhost err name1'};
}elsif(! &General::validfqdn($settings{'NAME'}) && ! &General::validhostname($settings{'NAME'})){
$errormessage=$Lang::tr{'invalid hostname'};
}
my $idx=0;
foreach my $line (@current) {
chomp ($line);
@@ -162,6 +174,38 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
}
$idx++;
}
#Update firewallrules if aliasname is changed
if ($settings{'OLDNAME'} ne $settings {'NAME'}){
&General::readhasharray("$configfwdfw", \%forward);
&General::readhasharray("$configinput", \%input);
&General::readhasharray("$configoutgoing", \%output);
#Check FORWARD
foreach my $forwardkey (sort keys %forward){
if ($forward{$forwardkey}[29] eq $settings{'OLDNAME'}){
$forward{$forwardkey}[29] = $settings {'NAME'};
}
}
&General::writehasharray($configfwdfw, \%forward);
#Check INPUT
foreach my $inputkey (sort keys %input){
if ($input{$inputkey}[6] eq $settings{'OLDNAME'}){
$input{$inputkey}[6] = $settings {'NAME'};
}
}
&General::writehasharray($configinput, \%input);
#Check OUTPUT
foreach my $outputkey (sort keys %output){
if ($output{$outputkey}[4] eq $settings{'OLDNAME'}){
$output{$outputkey}[4] = $settings {'NAME'};
}
}
&General::writehasharray($configoutgoing, \%output);
&General::firewall_config_changed;
}
#If Alias IP has changed, set firewall_config_changed
if($settings{'OLDIP'} ne $settings{'IP'} && $settings{'OLDIP'}){
&General::firewall_config_changed;
}
unless ($errormessage) {
if ($settings{'KEY1'} eq '') { #add or edit ?
unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n");
@@ -275,9 +319,11 @@ if ($settings{'KEY1'} ne '') {
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
<input type='hidden' name='OLDNAME' value='$settings{'NAME'}' />
<input type='hidden' name='OLDIP' value='$settings{'IP'}' />
<table style='width:100%;'>
<tr>
<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td class='base' style='color:${Header::colourred};'>$Lang::tr{'name'}:</td>
<td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td>
<td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}:&nbsp;</td>
<td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td>
@@ -289,7 +335,6 @@ print <<END
<hr />
<table style='width:100%;'>
<tr>
<td><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td>
<td style='text-align:right;'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
</tr>
</table>

8
html/cgi-bin/connscheduler.cgi
View File

@@ -311,10 +311,10 @@ print <<END
<tr><td width='15%' class='base'>$Lang::tr{'ConnSched action'}</td><td>
<input type='radio' value='CONNECT' name='ACTION_ACTION' $checked_connect />&nbsp;<select name='ACTION_CONNECT'>
<option value='reconnect' $selected{'reconnect'}>$Lang::tr{'ConnSched reconnect'}</option>
<option value='dial' $selected{'dial'}>$Lang::tr{'dial'}</option>
<option value='hangup' $selected{'hangup'}>$Lang::tr{'hangup'}</option>
<option value='reboot' $selected{'reboot'}>$Lang::tr{'reboot'}</option>
<option value='shutdown' $selected{'shutdown'}>$Lang::tr{'shutdown'}</option>
<option value='dial' $selected{'dial'}>$Lang::tr{'ConnSched dial'}</option>
<option value='hangup' $selected{'hangup'}>$Lang::tr{'ConnSched hangup'}</option>
<option value='reboot' $selected{'reboot'}>$Lang::tr{'ConnSched reboot'}</option>
<option value='shutdown' $selected{'shutdown'}>$Lang::tr{'ConnSched shutdown'}</option>
<option value='ipsecstart' $selected{'ipsecstart'}>$Lang::tr{'ConnSched ipsecstart'}</option>
<option value='ipsecstop' $selected{'ipsecstop'}>$Lang::tr{'ConnSched ipsecstop'}</option>
</select></td></tr>

50
html/cgi-bin/firewall.cgi
View File

@@ -1260,10 +1260,8 @@ sub get_serviceports
my $name=shift;
&General::readhasharray("$configsrv", \%customservice);
&General::readhasharray("$configsrvgrp", \%customservicegrp);
my $tcp;
my $udp;
my $icmp;
@protocols=();
my @specprot=("IPIP","IPV6","IGMP","GRE","AH","ESP");
if($type eq 'service'){
foreach my $key (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key}[0] eq $name){
@@ -1273,33 +1271,19 @@ sub get_serviceports
}elsif($type eq 'group'){
foreach my $key (sort { ncmp($customservicegrp{$a}[0],$customservicegrp{$b}[0]) } keys %customservicegrp){
if ($customservicegrp{$key}[0] eq $name){
foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
if($customservice{$key1}[2] eq 'TCP'){
$tcp='TCP';
}elsif($customservice{$key1}[2] eq 'ICMP'){
$icmp='ICMP';
}elsif($customservice{$key1}[2] eq 'UDP'){
$udp='UDP';
if ($customservicegrp{$key}[2] ~~ @specprot){
push (@protocols," ".$customservicegrp{$key}[2]);
}else{
foreach my $key1 (sort { ncmp($customservice{$a}[0],$customservice{$b}[0]) } keys %customservice){
if ($customservice{$key1}[0] eq $customservicegrp{$key}[2]){
if (!grep(/$customservice{$key1}[2]/, @protocols)){
push (@protocols,$customservice{$key1}[2]);}
}
}
}
}
}
}
if($tcp && $udp && $icmp){
push (@protocols,"TCP,UDP, <br>ICMP");
return @protocols;
}
if($tcp){
push (@protocols,"TCP");
}
if($udp){
push (@protocols,"UDP");
}
if($icmp){
push (@protocols,"ICMP");
}
return @protocols;
}
sub getcolor
@@ -1401,11 +1385,13 @@ sub getcolor
}
#Check if IP is part of a IPsec N2N network
foreach my $key (sort keys %ipsecconf){
my ($a,$b) = split("/",$ipsecconf{$key}[11]);
$b=&General::iporsubtodec($b);
if (&General::IpInSubnet($c,$a,$b)){
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
if ($ipsecconf{$key}[11]){
my ($a,$b) = split("/",$ipsecconf{$key}[11]);
$b=&General::iporsubtodec($b);
if (&General::IpInSubnet($c,$a,$b)){
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
}
}
}
}
@@ -1611,7 +1597,7 @@ END
if (! -z "${General::swroot}/ethernet/aliases"){
foreach my $alias (sort keys %aliases)
{
print "<option value='$alias' $selected{'ipfire'}{$alias}>$alias</option>";
print "<option value='$alias' $selected{'ipfire_src'}{$alias}>$alias</option>";
}
}
print<<END;
@@ -2484,7 +2470,7 @@ END
push (@protocols,$Lang::tr{'all'});
}
my $protz=join(",",@protocols);
my $protz=join(", ",@protocols);
if($protz eq 'ICMP' && $$hash{$key}[9] ne 'All ICMP-Types' && $$hash{$key}[14] ne 'cust_srvgrp'){
&General::readhasharray("${General::swroot}/fwhosts/icmp-types", \%icmptypes);
foreach my $keyicmp (sort { ncmp($icmptypes{$a}[0],$icmptypes{$b}[0]) }keys %icmptypes){
@@ -2493,6 +2479,8 @@ END
last;
}
}
}elsif($#protocols gt '3'){
print"<td align='center'><span title='$protz'>$Lang::tr{'fwdfw many'}</span></td>";
}else{
print"<td align='center'>$protz</td>";
}

13
html/cgi-bin/fwhosts.cgi
View File

@@ -66,7 +66,6 @@ my $fwconfigfwd = "${General::swroot}/firewall/config";
my $fwconfiginp = "${General::swroot}/firewall/input";
my $fwconfigout = "${General::swroot}/firewall/outgoing";
my $configovpn = "${General::swroot}/ovpn/settings";
my $tdcolor='';
my $configipsecrw = "${General::swroot}/vpn/settings";
unless (-e $confignet) { system("touch $confignet"); }
@@ -1624,6 +1623,7 @@ sub getcolor
my $c=shift;
my $sip;
my $scidr;
my $tdcolor='';
#Check if MAC
if (&General::validmac($c)){ return $c;}
@@ -1688,10 +1688,13 @@ sub getcolor
#Check if IP is part of a IPsec N2N network
foreach my $key (sort keys %ipsecconf){
my ($a,$b) = split("/",$ipsecconf{$key}[11]);
if (&General::IpInSubnet($sip,$a,$b)){
$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
return $tdcolor;
if ($ipsecconf{$key}[11]){
my ($a,$b) = split("/",$ipsecconf{$key}[11]);
$b=&General::iporsubtodec($b);
if (&General::IpInSubnet($sip,$a,$b)){
$tdcolor="<font style='color: $Header::colourvpn;'>$c</font>";
return $tdcolor;
}
}
}
return "$c";

2
html/cgi-bin/media.cgi
View File

@@ -152,7 +152,7 @@ END
for(my $i = 1; $i <= $#iostat1; $i++){
if ( $i eq '1' ){
print "<tr><td align='center' class='boldbase'><b>$Lang::tr{'device'}</b></td><td align='center' class='boldbase'><b>$Lang::tr{'MB read'}</b></td><td align='center' class='boldbase'><b>$Lang::{'MB writen'}</b></td></tr>";
print "<tr><td align='center' class='boldbase'><b>$Lang::tr{'device'}</b></td><td align='center' class='boldbase'><b>$Lang::tr{'MB read'}</b></td><td align='center' class='boldbase'><b>$Lang::{'MB written'}</b></td></tr>";
}else{
print "<tr><td align='center'>$iostat1[$i]</td><td align='center'>$iostat2[$i]</td><td align='center'>$iostat3[$i]</td></tr>";
}

5
langs/de/cgi-bin/de.pl
View File

@@ -14,13 +14,17 @@
'ConnSched add action' => 'Aktion hinzufügen',
'ConnSched change profile title' => 'Wechsle zu Profil:',
'ConnSched days' => 'Tage:',
'ConnSched dial' => 'Verbinden',
'ConnSched down' => 'Runter',
'ConnSched hangup' => 'Trennen',
'ConnSched ipsecstart' => 'IPSec (neu)starten',
'ConnSched ipsecstop' => 'IPSec stop',
'ConnSched reboot' => 'Neustarten',
'ConnSched reconnect' => 'Neu verbinden',
'ConnSched scheduled actions' => 'Geplante Aktionen',
'ConnSched scheduler' => 'Scheduler',
'ConnSched select profile' => 'Wähle Profil',
'ConnSched shutdown' => 'Herunterfahren',
'ConnSched time' => 'Zeit:',
'ConnSched up' => 'Hoch',
'ConnSched weekdays' => 'Wochentage:',
@@ -983,6 +987,7 @@
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Logging aktivieren',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Diverse',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Herunter',
'fwdfw moveup' => 'Herauf',

7
langs/en/cgi-bin/en.pl
View File

@@ -14,13 +14,17 @@
'ConnSched add action' => 'Add action',
'ConnSched change profile title' => 'Change to profile:',
'ConnSched days' => 'Days:',
'ConnSched dial' => 'Connect',
'ConnSched down' => 'Down',
'ConnSched hangup' => 'Disconnect',
'ConnSched ipsecstart' => 'IPSec (re)start',
'ConnSched ipsecstop' => 'IPSec stop',
'ConnSched reboot' => 'Reboot',
'ConnSched reconnect' => 'Reconnect',
'ConnSched scheduled actions' => 'Scheduled actions',
'ConnSched scheduler' => 'Scheduler',
'ConnSched select profile' => 'Select profile',
'ConnSched shutdown' => 'Shutdown',
'ConnSched time' => 'Time:',
'ConnSched up' => 'Up',
'ConnSched weekdays' => 'Days of the week:',
@@ -925,9 +929,9 @@
'firewall log' => 'Firewall log',
'firewall log viewer' => 'Firewall Log Viewer',
'firewall logs' => 'Firewall Logs',
'firewall logs country' => 'Fw-Loggraphs (Country)',
'firewall logs ip' => 'Fw-Loggraphs (IP)',
'firewall logs port' => 'Fw-Loggraphs (Port)',
'firewall logs country' => 'Fw-Loggraphs (Country)',
'firewall rules' => 'Firewall Rules',
'firewallhits' => 'firewallhits',
'firmware' => 'Firmware',
@@ -1009,6 +1013,7 @@
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Log rule',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Many',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Move down',
'fwdfw moveup' => 'Move up',

133
langs/tr/cgi-bin/tr.pl
View File

@@ -6,7 +6,7 @@
'Add Port Rule' => 'Bağlantı noktası kuralı ekle',
'Add Rule' => 'Kural ekle',
'Add a route' => 'Yol ekle',
'Async logging enabled' => 'Syslog dosyanın eşzamansız yazmasını etkinleştirin',
'Async logging enabled' => 'Syslog dosyanın eşzamansız yazmasını aktifleştirin',
'Choose Rule' => 'Aşağıdaki kurallardan <u>birini</u> seçin.',
'Class' => 'Sınıf',
'Class was deleted' => 'with potential subclasses was deleted',
@@ -33,6 +33,8 @@
'Level7 Rule' => 'Seviye7-Kural',
'Level7 rule' => 'Seviye7 kuralı',
'Local VPN IP' => 'Dahili Ağ (YEŞİL):',
'MB read' => 'Okunan MB',
'MB written' => 'Yazılan MB',
'MTU' => 'MTU boyutu:',
'Number of IPs for the pie chart' => 'Pasta grafiği için IP numarası',
'Number of Ports for the pie chart' => 'Pasta grafiği için bağlantı noktası sayısı',
@@ -95,7 +97,7 @@
'administrator user password' => 'Admin kullanıcı parolası:',
'adsl settings' => 'ADSL ayarları',
'advanced' => 'Gelişmiş',
'advanced server' => 'Gelişmiş sunucu seçenekleri',
'advanced server' => 'Gelişmiş Sunucu Seçenekleri',
'advproxy AUTH always required' => 'Sınırsız kaynak adresleri için kimlik doğrulaması iste',
'advproxy AUTH auth cache TTL' => 'TTL kimlik doğrulama önbelleği (dakikada)',
'advproxy AUTH global settings' => 'Genel kimlik doğrulama ayarları',
@@ -191,7 +193,7 @@
'advproxy cache-digest' => 'Önbellek-özeti üretimini aktifleştir',
'advproxy chgwebpwd ERROR' => 'H A T A :',
'advproxy chgwebpwd SUCCESS' => 'S O N U Ç :',
'advproxy chgwebpwd change password' => 'Parolayı değiştir',
'advproxy chgwebpwd change password' => 'Parolayı Değiştir',
'advproxy chgwebpwd change web password' => 'W e b &nbsp; e r i ş i m &nbsp; p a r o l a s ı n ı &nbsp; d e ğ i ş t i r ',
'advproxy chgwebpwd new password' => 'Yeni parola',
'advproxy chgwebpwd new password confirm' => 'Yeni parola (tekrar)',
@@ -273,7 +275,7 @@
'advproxy network based access' => 'Ağ tabanlı erişim kontrolü',
'advproxy no cache sites' => 'Bu etki alanlarını önbelleğe ekleme (her satırda bir tane)',
'advproxy no clients defined' => 'Hiçbir istemci tanımlanmış',
'advproxy no connection auth' => 'Bağlantı yok yönelimli kimlik doğrulama yönlendirme',
'advproxy no connection auth' => 'Bağlantı yok yönelimli kimlik doğrulama yönlendirmesi',
'advproxy no cre groups' => 'Kullanılabilir bir erişim grubu yok',
'advproxy no internal proxy on blue' => 'Mavi arabirimden diğer alt ağlara, iç vekil sunucu erişimini engelle',
'advproxy no internal proxy on green' => 'Yeşil arabirimden diğer alt ağlara, iç vekil sunucu erişimini engelle',
@@ -289,7 +291,7 @@
'advproxy reset' => 'Yeniden Başlat',
'advproxy saturday' => 'Cmt',
'advproxy save and restart' => 'Kaydet ve Yeniden Başlat',
'advproxy squid version' => 'Squid önbellek sürümü',
'advproxy squid version' => 'Squid sürümü',
'advproxy squidclamav' => 'SquidClamav',
'advproxy ssadvanced proxy' => 'gelişmiş vekil sunucusu',
'advproxy ssl ports' => 'İzin verilen SSL bağlantı noktaları (her satırda bir tane)',
@@ -398,7 +400,7 @@
'backup protect key password' => 'Yedek parola anahtarı',
'backup sets' => 'Yedek ayarları',
'backup to floppy' => 'Diskete yedekle',
'backupaddon' => 'Eklenti Yedekleme',
'backupaddon' => 'Eklentiyi yedekle',
'backupprofile' => 'Yeniden bağlanma başarısız durumda. Profile geçin',
'backups' => 'Yedekler',
'backupwarning' => 'Eklenti yedeklemesi için lütfen önce geri yükleme yedeklemesi oluşturun. İndirme zamanı verilen orjinal dosya ile devam edin.',
@@ -478,7 +480,7 @@
'cannot specify secondary ntp without specifying primary' => 'Birincil NTP adresi belirtmeden İkincil olanı belirtemezsiniz.',
'cannot specify secondary wins without specifying primary' => 'Birincil WINS sunucusu atanmadan ikincil tanımlanamaz.',
'cant change certificates' => 'Sertikalar değiştirilemiyor.',
'cant enable xtaccess' => 'İlgili bağlantı noktası yönlendirme kuralı devre dışı, bu nedenle bu kural için harici erişimi etkinleştiremezsiniz.',
'cant enable xtaccess' => 'İlgili bağlantı noktası yönlendirme kuralı devre dışı, bu nedenle bu kural için harici erişimi aktifleştirmelisiniz.',
'cant start openssl' => 'OpenSSH başlatılamıyor',
'caps all' => 'TÜMÜ',
'capsclosed' => 'BAĞLANTI YOK',
@@ -500,6 +502,8 @@
'ccd err iroute' => 'Ağ adresi için geçersiz yol.',
'ccd err irouteexist' => 'Bu yol zaten kullanılıyor.',
'ccd err isipsecnet' => 'Verilen ağ adresi zaten bir IPsec ağ tarafından kullanılıyor.',
'ccd err isipsecrw' => 'Verilan ağ adresi zaten IPSec rw ağı tarafından kullanılıyor.',
'ccd err isovpnn2n' => 'Bu alt ağ adresi zaten OpenVPN ağdan ağa bağlantısı için kullanılıyor.',
'ccd err isovpnnet' => 'Bu adres zaten OpenVPN Sunucusu için kullanılan alt ağ adresidir.',
'ccd err issubnet' => 'Bu adres zaten kullanımda olan bir alt ağ adresidir.',
'ccd err name' => 'Lütfen bir ad seçin.',
@@ -517,7 +521,7 @@
'ccd iroutehint' => 'Dikkat! Bu ayarları değiştirirseniz, değişikliklerin etkili olduğu OpenVPN sunucusunu yeniden başlatmanız gerekir!',
'ccd modify' => 'Ağı değiştir',
'ccd name' => 'Ad',
'ccd net' => 'Statik ip adres havuzu',
'ccd net' => 'Statik Ip Adres Havuzu',
'ccd noaddnet' => 'OpenVPN sunucusu durdurulduğunda sadece yeni bir statik ağ ekleyebilirsiniz.',
'ccd none' => 'Yok',
'ccd routes' => 'Yönlendir:',
@@ -550,7 +554,7 @@
'comment' => 'Açıklama:',
'common name' => 'Ortak ad',
'community rules' => 'Snort/VRT GPLv2 Topluluk Kuralları',
'comp-lzo' => 'LZO-Sıkıştırması:',
'comp-lzo' => 'LZO sıkıştırması:',
'compression' => 'Sıkıştırma:',
'computer to modem rate' => 'Bilgisayarın modem hızı:',
'concentrator name' => 'Değiştirici adı:',
@@ -565,7 +569,7 @@
'connection debugging' => 'Hata ayıklama bağlantısı',
'connection status and controlc' => 'Bağlantı durumu ve kontrol:',
'connection tracking' => 'IPTablo bağlantı takibi',
'connection type' => 'Bağlantı Türü',
'connection type' => 'Bağlantı türü',
'connection type is invalid' => 'Geçersiz bağlantı türü.',
'connections' => 'Bağlantılar',
'connections are associated with this ca. deleting the ca will delete these connections as well.' => 'Bu bağlantılar CA ilişkilidir. CA silindiğinde bu bağlantılarda silinecektir.',
@@ -585,7 +589,10 @@
'could not open installed updates file' => 'Yüklü güncelleştirmeler dosya açılamadı',
'could not open update information file' => 'Güncelleştirme bilgileri dosyasıılamadı. Güncelleme dosyası bozuk.',
'could not retrieve common name from certificate' => 'Sertifikadan ortak ad alınamadı.',
'countries' => 'Ülkeler',
'country' => 'Ülke',
'country codes and flags' => 'Ülke kodları ve bayrakları:',
'countrycode' => 'Kod',
'cpu frequency per' => 'cpu başına frekans - ',
'cpu idle usage' => 'boş cpu kullanımı',
'cpu interrupt usage' => 'cpu kullanımını kesme',
@@ -666,6 +673,7 @@
'destination port numbers' => 'Hedef bağlantı noktası geçerli bir bağlantı noktası numarası ya da bağlantı noktası numarası aralığı olmalıdır.',
'destination port overlaps' => 'Hedef bağlantı noktası aralığı örtüşen mevcut bir bağlantı noktası numarası aralığıdır.',
'detail level' => 'Detay seviyesi',
'details' => 'Detaylar',
'device' => 'Aygıt',
'devices on blue' => 'MAVİ üzerindeki aygıt',
'dhcp advopt add' => 'DHCP seçeneği ekle',
@@ -709,7 +717,7 @@
'directory mask' => 'UNIX dizin hakları',
'directory writeable' => 'yazılabilir dizin',
'disabled' => 'devre dışı',
'disconnect' => 'OVPN Dur / Bağlantıyı kes',
'disconnect' => 'OVPN Durdur / Bağlantıyı kes',
'disconnects' => 'Bağlantıyı kes',
'disk access per' => 'erişim başına disk',
'disk usage' => 'Disk kullanımı',
@@ -786,14 +794,14 @@
'drop action1' => '"Engellenmiş" biçimdeki (giden) güvenlik duvarının varsayılan davranışı',
'drop action2' => 'Güvenlik duvarı (giriş) varsayılan davranışı',
'drop forward' => 'İletilen paket günlüklerini reddet',
'drop input' => 'Günlük giriş paketlerini reddet',
'drop input' => 'Günlük girdi paketlerini reddet',
'drop newnotsyn' => 'Sync paketleri olmayan yeni günlükleri reddet',
'drop output' => 'Günlük çıkış paketlerini reddet',
'drop outgoing' => 'Günlük çıkış paketlerini reddet',
'drop portscan' => 'Günlük portscan paketlerini reddet',
'drop proxy' => 'Vekil sunucudan yönlendirilmiş tüm paketleri reddet',
'drop samba' => 'Tüm Microsoft bağlantı noktalarını 135,137,138,139,445,1025 reddet',
'drop wirelessforward' => 'Kablosuz paket günlüklerini reddet',
'drop wirelessinput' => 'Kablosuz günlük giriş paketlerini reddet',
'drop wirelessinput' => 'Kablosuz günlük girdi paketlerini reddet',
'dst port' => 'Dst Bağlantı Nokatası',
'dstprt range overlaps' => 'Hedef bağlantı noktası aralığı ile örtüşen önceden tanımlanmış bağlantı noktası.',
'dstprt within existing' => 'Hedef bağlantı noktası zaten tanımlanmış bağlantı noktası aralığı içinde.',
@@ -838,7 +846,8 @@
'end address' => 'Bitiş adresi:',
'enter ack class' => 'ACK-Sınıfı girin <br />ve sonra <i>Kaydet</i> düğmesine basın.',
'enter data' => 'Ayarları girin <br />ve sonra <i>Kaydet</i> düğmesine basın.',
'entropy' => 'Entropy',
'entropy' => 'Entropi',
'entropy graphs' => 'Entropi grafikleri',
'err bk 1' => 'Arşiv oluşturma hatası',
'err bk 10 password' => 'Yedek parolası oluşturma hatası',
'err bk 2 key' => 'Anahtar dosyası oluşturulama hatası',
@@ -900,7 +909,7 @@
'fireinfo not submitted button' => 'Evet Profilimi Şimdi Gönder',
'fireinfo pakfire version' => 'Pakfire sürümü',
'fireinfo please enable' => 'Lütfen güvenlik duvarı bilgi hizmetini aktifleştirin.',
'fireinfo settings' => 'Güvenlik duvarı bilgi ayarları',
'fireinfo settings' => 'Güvenlik duvarı bilgisi ayarları',
'fireinfo system version' => 'Sistem sürümü',
'fireinfo why descr1' => 'Bu seçeneği aktifleştirmek IPFire gelişimi için çok önemlidir.',
'fireinfo why descr2' => 'Bunun ',
@@ -910,7 +919,7 @@
'firewall' => 'Güvenlik Duvarı',
'firewall graphs' => 'Güvenlik Duvarı Grafikleri',
'firewall hits' => 'Güvenlik duvarı için toplam kayıt:',
'firewall hits per' => 'firewallhits per',
'firewall hits per' => 'güvenlik duvarı başına tıklama',
'firewall log' => 'Güvenlik duvarı günlüğü',
'firewall log viewer' => 'Güvenlik Duvarı Günlük Görüntüleyicisi',
'firewall logs' => 'Güvenlik Duvarı Günlükleri',
@@ -924,6 +933,7 @@
'fixed ip lease added' => 'Sabit IP kirası eklendi',
'fixed ip lease modified' => 'Sabit IP kirası güncellendi',
'fixed ip lease removed' => 'Sabit IP kirası kaldırıldı',
'flag' => 'Bayrak',
'force update' => 'Zorla güncelleştir',
'force user' => 'kullanıcıya tüm yeni dosyaları zorla',
'forward firewall' => 'Güvenlik Duvarı',
@@ -1013,7 +1023,7 @@
'fwdfw red' => 'KIRMIZI',
'fwdfw reread' => 'Değişiklikleri Uygula',
'fwdfw rule action' => 'Eylem kuralı:',
'fwdfw rule activate' => 'Kuralı etkinleştir',
'fwdfw rule activate' => 'Kuralı aktifleştir',
'fwdfw rulepos' => 'Kural konumu',
'fwdfw rules' => 'Kurallar',
'fwdfw snat' => 'Kaynak NAT',
@@ -1025,12 +1035,13 @@
'fwdfw till' => 'Son zaman:',
'fwdfw time' => 'Zaman Kısıtlamaları',
'fwdfw timeframe' => 'Zaman kısıtlamalarını kullan',
'fwdfw toggle' => 'Etkinleştirin veya devre dışı bırakın',
'fwdfw togglelog' => 'Günlüğü etkinleştirin veya devre dışı bırakın',
'fwdfw toggle' => 'Aktifleştirin veya devre dışı bırakın',
'fwdfw togglelog' => 'Günlüğü aktifleştirin veya devre dışı bırakın',
'fwdfw use nat' => 'Ağ adres dönüştürücüsünü kullanın (NAT)',
'fwdfw use srcport' => 'Kaynak bağlantı noktası:',
'fwdfw use srv' => 'Hedef bağlantı noktası:',
'fwdfw useless rule' => 'Bu kural geçersiz.',
'fwdfw warn1' => 'Ağa uygulanan güvenlik duvarı kurallarına öncülük etmelidir.',
'fwdfw wd_fri' => 'Cum',
'fwdfw wd_mon' => 'Pzt',
'fwdfw wd_sat' => 'Cmt',
@@ -1053,9 +1064,9 @@
'fwhost ccdnet' => 'OpenVPN ağları:',
'fwhost change' => 'Değiştir',
'fwhost changeremark' => 'Sadece açıklamalar değiştirilmiş',
'fwhost cust addr' => 'Ana bilgisayarlar:',
'fwhost cust addr' => 'Ana bilgisayarlar',
'fwhost cust grp' => 'Ağ/Ana Bilgisayar Grupları:',
'fwhost cust net' => 'Ağlar:',
'fwhost cust net' => 'Ağlar',
'fwhost cust service' => 'Hizmetler:',
'fwhost cust srvgrp' => 'Hizmet grupları:',
'fwhost deleted' => 'Silindi',
@@ -1098,13 +1109,13 @@
'fwhost ipadr' => 'IP adresi:',
'fwhost ipsec host' => 'IPsec istemcileri:',
'fwhost ipsec net' => 'IPsec ağları:',
'fwhost menu' => 'Güvenlik Duvarı Gurupları',
'fwhost menu' => 'Güvenlik Duvarı Grupları',
'fwhost netaddress' => 'Ağ adresi',
'fwhost newgrp' => 'Ağ/Ana Bilgisayar Grupları',
'fwhost newhost' => 'Ana Bilgisayarlar',
'fwhost newnet' => 'Ağlar',
'fwhost newservice' => 'Hizmetler',
'fwhost newservicegrp' => 'Hizmet Gurupları',
'fwhost newservicegrp' => 'Hizmet Grupları',
'fwhost orange' => 'Turuncu',
'fwhost ovpn_n2n' => 'Ağdan-Ağa OpenVPN',
'fwhost port' => 'Bağlantı Noktası',
@@ -1143,7 +1154,7 @@
'graph per' => '-',
'green' => 'YEŞİL',
'green interface' => 'Yeşil Arabirim',
'grouptype' => 'Gurup türü:',
'grouptype' => 'Grup türü:',
'guaranteed bandwith' => 'Garantili bant genişliği',
'guardian alertfile' => 'Uyarı dosyası',
'guardian configuration' => 'Koruyucu Yapılandırması',
@@ -1159,6 +1170,7 @@
'harddisk temperature' => 'sabit disk sıcaklığı',
'harddisk temperature graphs' => 'hdd sıcaklık grafiği',
'hardware graphs' => 'Donanım Grafikleri',
'hardware support' => 'Donanım desteği',
'hdd temperature in' => 'Sabit disk sıcaklığı',
'help' => 'Yardım',
'high' => 'Yüksek',
@@ -1167,18 +1179,18 @@
'holdoff' => 'Kapalı tutulan zaman (saniye)',
'host' => 'Ana Bilgisayar',
'host allow' => 'izin verilen ana bilgisayarların listesi',
'host certificate' => 'Ana Bilgisayar Sertifikası',
'host certificate' => 'Ana bilgisayar sertifikası',
'host configuration' => 'Ana Bilgisayar Yapılandırması',
'host deny' => 'engellenen ana bilgisayarlar listesi',
'host ip' => 'Ana bilgisayar IP adresi',
'host to net vpn' => 'Sunucudan-Ağa Sanal Özel Ağ (RoadWarrior)',
'host to net vpn' => 'Sunucudan ağa sanal özel ağ (RoadWarrior)',
'hostname' => 'Ana bilgisayar adı',
'hostname and domain already in use' => 'Etki alanındaki bu ana bilgisayar adı zaten kullanılıyor.',
'hostname cant be empty' => 'Ana bilgisayar adı boş olamaz..',
'hostname not set' => 'Ana bilgisayar adı ayarlanmadı.',
'hosts config added' => 'Ana bilgisayar yapılandırması eklendi',
'hosts config changed' => 'Ana bilgisayar yapılandırması değiştirildi',
'hour' => 'saat',
'hour' => 'Saat',
'hour-graph' => 'saat',
'hours' => 'saat',
'hours2' => 'saat',
@@ -1226,9 +1238,9 @@
'interfaces' => 'Ara birim',
'internet' => 'İNTERNET',
'intrusion detection' => 'Saldırı Tespiti',
'intrusion detection system' => 'Saldırı tespit sistemi',
'intrusion detection system' => 'Saldırı Tespit Sistemi',
'intrusion detection system log viewer' => 'Saldırı Tespit Sistemi Günlük Görüntüleyicisi',
'intrusion detection system rules' => 'saldırı tespit sistemi kuralları',
'intrusion detection system rules' => 'Saldırı tespit sistemi kuralları',
'intrusion detection system2' => 'Saldırı Tespit Sistemi:',
'invalid broadcast ip' => 'Geçersiz yayın IP adresi',
'invalid cache size' => 'Geçersiz önbellek boyutu.',
@@ -1259,7 +1271,7 @@
'invalid input for keepalive 1:2' => '1:2 oranında, en az bir oranı canlı tutma kullanım için geçersiz giriş',
'invalid input for keepalive 2' => 'Ping komutunu yeniden başlatmada canlı tutmak için geçersiz giriş.',
'invalid input for max clients' => 'En fazla istemci için geçersiz giriş.',
'invalid input for name' => 'Kullanıc\'nın tam adı veya sistem ana bilgisayar adı için geçersiz giriş',
'invalid input for name' => 'Kullanıcının tam adı veya sistem ana bilgisayar adı için geçersiz giriş',
'invalid input for oink code' => 'Oink kodu için geçersiz giriş.',
'invalid input for organization' => 'Kuruluş için geçersiz giriş.',
'invalid input for remote host/ip' => 'Ana bilgisayar/ip uzak giriş için geçersiz giriş.',
@@ -1332,6 +1344,7 @@
'lan' => 'YEREL AĞ',
'lang' => 'tr',
'languagepurpose' => 'IPFire sistemini görüntülemek istediğiniz dili seçin:',
'last' => 'Son',
'last activity' => 'Son Etkinlik',
'lateprompting' => 'Geç istenen',
'lease expires' => 'Kiralama süresi',
@@ -1345,7 +1358,7 @@
'loaded modules' => 'Yüklü modüller:',
'local hard disk' => 'Sabit disk',
'local master' => 'Yerel Yönetici',
'local ntp server specified but not enabled' => 'Belirtilen yerel NTP sunucusu etkin değil',
'local ntp server specified but not enabled' => 'Belirtilen yerel NTP sunucusu aktif değil',
'local subnet' => 'Yerel Alt Ağ:',
'local subnet is invalid' => 'Geçersiz yerel alt ağ.',
'local vpn hostname/ip' => 'Yerel VPN ana bilgisayar adı/ip',
@@ -1493,7 +1506,7 @@
'name' => 'Ad',
'name is invalid' => 'Geçersiz ad',
'name must only contain characters' => 'Ad sadece karakter içermelidir.',
'name too long' => 'Kullanıcı\'nın tam adı veya sistem ana bilgisayar adı çok uzun',
'name too long' => 'Kullanıcının tam adı veya sistem ana bilgisayar adı çok uzun',
'nat-traversal' => 'Nat Geçişi:',
'needreboot' => 'Bir güncelleştirmeden sonra yeniden başlatmak gerekir',
'net' => 'Ağ',
@@ -1501,11 +1514,11 @@
'net config' => 'Ağ yapılandırma',
'net config type' => 'ağ yapılandırması türü',
'net config type help' => 'YEŞİL yerel ağ, KIRMIZI internet, MAVİ kablosuz ağ, TURUNCU açık bölge (dmz) ağıdır.',
'net to net vpn' => 'Ağdan-Ağa Sanal Özel Ağ',
'net to net vpn' => 'Ağdan ağa sanal özel ağ',
'net traffic newversion' => 'Yeni Ağ-Trafik sürümü var:',
'net-traffic configuration' => 'Ağ-Trafik Yapılandırması',
'netbios name' => 'Netbios adı',
'netmask' => 'Ağ Maskesi',
'netmask' => 'Ağ maskesi',
'network' => 'Ağ',
'network added' => 'Özel ağ eklendi',
'network configuration' => 'Ağ Yapılandırması',
@@ -1534,6 +1547,7 @@
'no eciadsl synch.bin file' => 'ECI ADSL synch.bin dosyası yok. Lütfen yükleyin.',
'no filter pass' => 'Olmayan filtre paketleri için standart sınıfı girin.',
'no fritzdsl driver' => 'Fritz!DSL sürücüsü yok. Lütfen yükleyin.',
'no hardware random number generator' => 'Bu sistemin entropi için kaynağı yok.',
'no information available' => 'Herhangi bir bilgi bulunmamaktadır.',
'no log selected' => 'Günlük seçilmedi',
'no modem selected' => 'Modem seçilmedi',
@@ -1552,7 +1566,7 @@
'november' => 'Kasım',
'ntp common settings' => 'Genel ayarlar',
'ntp configuration' => 'NTP yapılandırması',
'ntp must be enabled to have clients' => 'NTP istemciler için etkin olmalıdır.',
'ntp must be enabled to have clients' => 'NTP istemciler için aktif olmalıdır.',
'ntp server' => 'NTP Sunucusu',
'ntp sync' => 'Eşitleme',
'ntp syncro disabled' => 'NTP eşitlemesi devre dışı',
@@ -1595,7 +1609,7 @@
'optionsfw warning' => 'Bu seçenekleri değiştirmek güvenlik duvarının yeniden başlatılacağı anlamına gelir',
'or' => 'veya',
'orange' => 'TURUNCU',
'organization cant be empty' => 'Kuruluş boş olamaz.',
'organization cant be empty' => 'Kuruluş adı boş olamaz.',
'organization name' => 'Kuruluş adı',
'organization too long' => 'Kuruluş adı çok uzun. Kuruluş adı 60 karakterden çok olmamalıdır.',
'original' => 'Orijinal',
@@ -1608,7 +1622,7 @@
'our donors' => 'Destekçimiz',
'out' => 'Dışarı',
'outgoing' => 'giden',
'outgoing firewall' => 'Giden Güvenlik Duvarı',
'outgoing firewall' => 'Giden güvenlik duvarı',
'outgoing firewall add ip group' => 'IP Adres Grubu Ekle',
'outgoing firewall add mac group' => 'MAC Adres Grubu Ekle',
'outgoing firewall edit ip group' => 'IP Adres Grubunu Düzenle',
@@ -1693,7 +1707,7 @@
'pakfire last serverlist update' => 'Son sunucu listesi güncellemesi',
'pakfire last update' => 'Son güncelleme',
'pakfire possible dependency' => ' Yüklenemesi gereken paketlerin yüklenebilmesi için buradaki paketlere ihtiyaç duyulabilir.',
'pakfire register' => 'Pakfire-sunucusuna kayıt:',
'pakfire register' => 'Pakfire sunucusuna kayıt:',
'pakfire system state' => 'Sistem durumu',
'pakfire uninstall description' => 'Aşağıdaki listeden bir veya daha fazla öğeyi seçtikten sonra<br />kaldırmak için eksi simgesine tıklayınız.',
'pakfire uninstall package' => 'Aşağıdaki paketleri kaldırmak istiyorum: ',
@@ -1919,7 +1933,7 @@
'sitekey' => 'Site anahtarı',
'sitekeyfile' => 'Site anahtar dosyası',
'size' => 'Boyut',
'smart information' => 'S.M.A.R.T. bilgisi',
'smart information' => 'S.M.A.R.T. Bilgisi',
'smartwarn1' => 'Aygıt:',
'smartwarn2' => 'S.M.A.R.T. hata raporları',
'smbreload' => 'Samba\'yı yeniden yükle',
@@ -1957,7 +1971,7 @@
'srcprt within existing' => 'Kaynak bağlantı noktası önceden tanımlanmış bağlantı noktası aralığı içinde.',
'ssdmz pinholes' => 'Açık Bölge (DMZ)',
'ssh' => 'SSH',
'ssh access' => 'SSH erişimi',
'ssh access' => 'SSH Erişimi',
'ssh access tip' => 'IPFire SSH varsayılan bağlantı noktası olarak 222 kullanmıyor!',
'ssh fingerprint' => 'Parmak izi',
'ssh host keys' => 'SSH sunucu anahtarları',
@@ -1973,7 +1987,7 @@
'ssh tempstart15' => '15 dakika içinde geri planda SSH durudur',
'ssh tempstart30' => '30 dakika içinde geri planda SSH durudur',
'ssh1 disabled' => 'SSHv1 devre dışı, bir sürüm 2 istemcisi gerekecektir.',
'ssh1 enabled' => 'SSHv1 etkinleştirildiğinde, eski istemciler desteklenecektir.',
'ssh1 enabled' => 'SSHv1 aktifleştirildiğinde, eski istemciler desteklenecektir.',
'ssh1 support' => 'SSH kuralı sürüm 1 desteği (sadece eski istemciler için gerekli)',
'ssnetwork status' => 'Ağ Durumu',
'sspasswords' => 'Parola',
@@ -1986,14 +2000,14 @@
'start' => 'Başlat',
'start address' => 'Başlangıç adresi:',
'start ovpn server' => 'OpenVPN Sunucu Başlangıcı',
'state or province' => 'Bölge',
'state or province' => 'İlçe',
'static ip' => 'Statik IP',
'static routes' => 'Statik Yollar',
'status' => 'Durum',
'status information' => 'Durum bilgisi',
'status ovpn' => 'OpenVPN',
'std classes' => 'Standart sınıflar',
'stop' => 'Dur',
'stop' => 'Durdur',
'stop ovpn server' => 'OpenVPN Sunucusunu Durdur',
'stopped' => 'ÇALIŞMIYOR',
'subject' => 'Konu',
@@ -2010,6 +2024,8 @@
'swap usage per' => 'takas alanı kullanımı - ',
'system' => 'Sistem',
'system graphs' => 'Sistem Grafikleri',
'system has hwrng' => 'Bu sistem donanımsal rastgele sayı üreticisine sahiptir.',
'system has rdrand' => 'Bu sistemde Intel(R) RDRAND için destek vardır.',
'system information' => 'Sistem Bilgisi',
'system log viewer' => 'Sistem Günlük Görüntüleyicisi',
'system logs' => 'Sistem Günlükleri',
@@ -2049,6 +2065,7 @@
'tone dial' => 'Sesli çevirme:',
'too long 80 char max' => ' çok uzun, izin verilen en fazla 80 karakterdir',
'tor' => 'Tor',
'tor 0 = disabled' => '0 = kapalı',
'tor accounting' => 'Hesap',
'tor accounting bytes' => 'Trafik (okuma/yazma)',
'tor accounting bytes left' => 'left',
@@ -2064,7 +2081,7 @@
'tor bandwidth rate' => 'En büyük oran',
'tor bandwidth settings' => 'Bant genişliği ayarları',
'tor bandwidth unlimited' => 'sınırsız',
'tor bridge enabled' => 'Tor köprüsünü etkinleştir',
'tor bridge enabled' => 'Tor köprüsünü aktifleştir',
'tor common settings' => 'Genel ayarlar',
'tor configuration' => 'Tor yapılandırması',
'tor connected relays' => 'Bağlı aktarımlar',
@@ -2200,7 +2217,7 @@
'updxlrtr month' => 'bir ay',
'updxlrtr monthly' => 'aylık',
'updxlrtr not accessed' => 'tarihinden bu yana erişilemez',
'updxlrtr not enabled' => 'Güncelleme hızlandırıcı web vekil sunucusu sayfasında etkin değil',
'updxlrtr not enabled' => 'Güncelleme hızlandırıcı web vekil sunucusu sayfasında aktif değil',
'updxlrtr other' => 'Diğer',
'updxlrtr passive mode' => 'Pasif yöntemini aktifleştir',
'updxlrtr pending downloads' => 'Beklemedekileri indir',
@@ -2225,7 +2242,7 @@
'updxlrtr update information' => 'Yüklenebilir bir güncelleştirime sürümü var. Daha fazla bilgi için <a href="http://update-accelerator.advproxy.net" target="_blank">http://update-accelerator.advproxy.net</a> adresini ziyaret edin.',
'updxlrtr update notification' => 'Güncelleme bildirimi!',
'updxlrtr used by' => 'Kullanan',
'updxlrtr web proxy service required' => 'Web vekil sunucu hizmeti güncelleme hızlandırıcı kullanmak için etkin olmalıdır',
'updxlrtr web proxy service required' => 'Web vekil sunucu hizmeti güncelleme hızlandırıcı kullanmak için aktif olmalıdır',
'updxlrtr week' => 'Bir hafta',
'updxlrtr weekly' => 'haftalık',
'updxlrtr year' => 'Bir yıl',
@@ -2330,8 +2347,8 @@
'urlfilter enable log' => 'Günlükleri aktifleştir',
'urlfilter enable rewrite rules' => 'Yerel dosyaya yönlendirmeyi aktifleştir',
'urlfilter enabled' => 'Aktif:',
'urlfilter example' => 'Örneğin: www.etkialani.com',
'urlfilter example ads' => 'Örneğin: www.etkialani.com/reklam/',
'urlfilter example' => 'Örneğin: adres.com',
'urlfilter example ads' => 'Örneğin: adres.com/reklam/',
'urlfilter export blacklist' => 'Kara Listeyi Dışarı Aktar',
'urlfilter export error' => 'Dışarı aktarma dosyası dosyası oluşturulamıyor',
'urlfilter expressions' => 'İfadeler (her satırda bir tane)',
@@ -2383,7 +2400,7 @@
'urlfilter renewal period' => 'Yenileme süresi',
'urlfilter repository information' => 'Dosyalar indirilirken istekler orjinal kaynağından yerel dosya havuzuna yönlendirilir.',
'urlfilter reset' => 'Sıfırla',
'urlfilter restart' => 'URL filtreyi yeniden başlat',
'urlfilter restart' => 'URL Filtreyi Yeniden Başlat',
'urlfilter restart message' => 'Değişen URL filtre kurallarının aktifleştirilmesi için yeniden başlatılmalıdır',
'urlfilter restart notification' => 'Değişen kuralları aktifleştir',
'urlfilter restore' => 'Yedek Dosyasını İçeri Aktar',
@@ -2454,7 +2471,7 @@
'usb modem on acm2' => 'ACM2 üzerindeki USB Modem',
'usb modem on acm3' => 'ACM3 üzerindeki USB Modem',
'use' => 'Kullan',
'use a pre-shared key' => 'Ön-Paylaşımlı anahtar kullan:',
'use a pre-shared key' => 'Ön paylaşımlı anahtar kullan:',
'use dov' => 'Ses üzerinden veri kullan (DOV):',
'use ibod' => 'İhtiyaca bağlı bant genişliği kullan (iBOD):',
'use ipfire red ip' => 'IPFire tarafından bağlantı süresince kullanılan klasik KIRMIZI IP',
@@ -2467,9 +2484,9 @@
'user proxy logs' => 'kullanıcı vekil sunucu günlüğü',
'username' => 'Kullanıcı adı:',
'username not set' => 'Kullanıcı adı belirlenmemiş.',
'users department' => 'Kullanıcı\'nın birimi',
'users email' => 'Kullanıcı\'nın e-posta adresi',
'users fullname or system hostname' => 'Kullanıcı\'nın tam adı vaya sistemin ana bilgisayar adı',
'users department' => 'Kullanıcının birimi',
'users email' => 'Kullanıcının e-posta adresi',
'users fullname or system hostname' => 'Kullanıcının tam adı vaya sistemin ana bilgisayar adı',
'valid root certificate already exists' => 'Geçerli bir yönetici sertifikası zaten mevcut.',
'valid till' => 'Geçerlilik süresi',
'vci number' => 'VCI numarası:',
@@ -2486,7 +2503,7 @@
'vpn' => 'VPN',
'vpn aggrmode' => 'IKE agresif yöntemde izin verildi. Eğer mümkünse kullanmayın (öpaylaşımlı anahtar açık olarak iletiliyor)!',
'vpn altname syntax' => 'Konu Alternatif İsim virgülle ayrılmış e-posta,dns,uri,rid ve ip objeleridir.<br/>e-posta: e-posta adresidir. Kullanımı e-posta:copy e-posta adresini sertifikadan çıkartarak kullanır.<br/>DNS: geçerli alan adı sunucusu.<br/>URI: geçerli bir URI.<br/>RID: kayıtlı nesne tanımlayıcı.<br/>IP: bir IP adresi.<br/>Not: karakter setleri sınırlı ve büyük/küçük harf duyarlıdır.<br/>Örnek:<br/><b>email:</b>ipcop@foo.org<b>,email:</b>copy<b>,DNS:</b>www.ipcop.org<b>,IP:</b>127.0.0.1<b>,URI:</b>http://url/dizin/biryer',
'vpn auth-dn' => 'Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field',
'vpn auth-dn' => 'Eş uzak kimlik doğrulama alanında IPV4_ADDR, FQDN, USER_FQDN veya DER_ASN1_DN dizesi ile tanımla',
'vpn configuration main' => 'VPN yapılandırma - Ana',
'vpn delayed start' => 'VPN başlamadan önce bekle (saniye)',
'vpn delayed start help' => 'Eğer gerekirse, bu gecikme Dinamik DNS güncelleştirmelerini düzgün yayılmasına olanak sağlamak için kullanılabilir. 60, KIRMIZI dinamik IP için ortak bir değerdir.',
@@ -2516,7 +2533,7 @@
'webradio playlist' => 'Web Radyo Çalma Listesi',
'website' => 'Web sitesi',
'wednesday' => 'Çarşamba',
'week' => 'hafta',
'week' => 'Hafta',
'week-graph' => 'hafta',
'weekly firewallhits' => 'haftalık güvenlik duvarı kaydı',
'weeks' => 'hafta',
@@ -2568,7 +2585,7 @@
'wlanap interface' => 'Arabirimi Seç',
'wlanap invalid wpa' => 'WPA için geçersiz uzunlukta parola. Parola 8 ile 63 arasında ascii karakterleri olmalıdır.',
'wlanap link dhcp' => 'Kablosuz ağ lan DHCP yapılandırması',
'wlanap link wireless' => 'Kablosuz ağ LAN istemcileri etkinleştirin',
'wlanap link wireless' => 'Kablosuz ağ LAN istemcileri aktifleştirin',
'wlanap no interface' => 'Seçilen ara birim kablosuz ağ lan kartı değil!',
'wlanap none' => 'yok',
'wlanap notifications' => 'Bildirimler',
@@ -2584,7 +2601,7 @@
'written bytes' => 'yazılan bayt',
'xtaccess all error' => 'Bu bağlantı noktası yönlendirme kaydı yapıldığında tüm harici erişim ayarlanamaz.',
'xtaccess bad transfert' => 'Bir bağlantı noktası hedef aralığı belirtirseniz, kaynak aralığı ile aynı olmalıdır!',
'year' => 'yıl',
'year' => 'Yıl',
'year-graph' => 'yıl',
'yearly firewallhits' => 'yıllık güvenlik duvarı kaydı',
'yes' => 'Evet',

4
lfs/apache2
View File

@@ -25,7 +25,7 @@
include Config
VER = 2.2.26
VER = 2.2.27
THISAPP = httpd-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ objects = $(DL_FILE) \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
$(DL_FILE)_MD5 = 254eda547f8d624604e4bf403241e617
$(DL_FILE)_MD5 = 8faef0decf3fa7e69b2568eb2105a3d8
httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
install : $(TARGET)

3
lfs/glibc
View File

@@ -298,8 +298,7 @@ endif
ifeq "$(ROOT)" ""
# Creating the locales
mkdir -p /usr/lib/locale
cd $(DIR_SRC)/glibc-build && localedef -i en_US -f ISO-8859-1 en_US
cd $(DIR_SRC)/glibc-build && localedef -i en_US -f UTF-8 en_US.utf8
cd $(DIR_SRC)/glibc-build && make localedata/install-locales
# Timezone data will be shipped by tzdata.
rm -rfv /usr/share/zoneinfo

12
lfs/linux
View File

@@ -24,10 +24,10 @@
include Config
VER = 3.10.34
VER = 3.10.36
RPI_PATCHES = linux-3.10.34-grsec-dea8280
GRS_PATCHES = grsecurity-2.9.1-3.10.34-ipfire1.patch.xz
GRS_PATCHES = grsecurity-2.9.1-3.10.36-ipfire1.patch.xz
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
@@ -36,7 +36,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
PAK_VER = 39
PAK_VER = 41
DEPS = ""
VERSUFIX=ipfire$(KCFG)
@@ -74,9 +74,9 @@ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
$(DL_FILE)_MD5 = 30991b495a3d75196d5608072d2e62e6
$(DL_FILE)_MD5 = 721f76050755ec8ec88876ee350a2726
rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 522683db031f7033b1b5dfe1b1f30e67
$(GRS_PATCHES)_MD5 = b490f7f3bf48387ab2eb60212fcf0c11
$(GRS_PATCHES)_MD5 = 85717c4d6643ea52eef443ee7bc873e2
install : $(TARGET)
@@ -118,7 +118,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch
# Layer7-patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netfilter_layer7_2.22_kernel3.10-no_proc_interface.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-layer7-filter.patch
# Grsecurity-patches
ifneq "$(KCFG)" "-headers"

6
lfs/openssl
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 1.0.1f
VER = 1.0.1g
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = f26b09c028a0541cab33da697d522b25
$(DL_FILE)_MD5 = de62b43dfcd858e66a74bee1c834e959
install : $(TARGET)

6
src/initscripts/init.d/firewall
View File

@@ -196,6 +196,7 @@ iptables_init() {
# DNAT rules
iptables -t nat -N NAT_DESTINATION
iptables -t nat -A PREROUTING -j NAT_DESTINATION
iptables -t nat -A OUTPUT -j NAT_DESTINATION
iptables -t mangle -N NAT_DESTINATION
iptables -t mangle -A PREROUTING -j NAT_DESTINATION
@@ -311,7 +312,10 @@ iptables_red() {
# Outgoing masquerading (don't masqerade IPSEC (mark 50))
iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
if [ "$IFACE" != "$GREEN_DEV" ]; then
iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
fi

2
src/install+setup/install/main.c
View File

@@ -12,7 +12,7 @@
#include "install.h"
#define _GNU_SOURCE
#define INST_FILECOUNT 15000
#define INST_FILECOUNT 21000
#define UNATTENDED_CONF "/cdrom/boot/unattended.conf"
#define LICENSE_FILE "/cdrom/COPYING"

367
src/patches/netfilter_layer7_2.22_kernel3.10-no_proc_interface.patch → src/patches/linux-3.10-layer7-filter.patch
View File

@@ -1,7 +1,11 @@
diff -Naur linux-3.10.5.org/include/linux/netfilter/xt_layer7.h linux-3.10.5/include/linux/netfilter/xt_layer7.h
--- linux-3.10.5.org/include/linux/netfilter/xt_layer7.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/include/linux/netfilter/xt_layer7.h 2013-08-07 06:16:14.260806739 +0200
@@ -0,0 +1,13 @@
http://git.ipfire.org/?p=people/ms/linux.git;a=shortlog;h=refs/heads/linux-3.10.y-layer7
diff --git a/include/linux/netfilter/xt_layer7.h b/include/linux/netfilter/xt_layer7.h
new file mode 100644
index 0000000..c38d3c4
--- /dev/null
+++ b/include/linux/netfilter/xt_layer7.h
@@ -0,0 +1,14 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H
+
@@ -12,18 +16,20 @@ diff -Naur linux-3.10.5.org/include/linux/netfilter/xt_layer7.h linux-3.10.5/inc
+ char protocol[MAX_PROTOCOL_LEN];
+ char pattern[MAX_PATTERN_LEN];
+ u_int8_t invert;
+ u_int8_t pkt;
+};
+
+#endif /* _XT_LAYER7_H */
diff -Naur linux-3.10.5.org/include/net/netfilter/nf_conntrack.h linux-3.10.5/include/net/netfilter/nf_conntrack.h
--- linux-3.10.5.org/include/net/netfilter/nf_conntrack.h 2013-08-04 10:51:49.000000000 +0200
+++ linux-3.10.5/include/net/netfilter/nf_conntrack.h 2013-08-07 06:16:14.280806062 +0200
@@ -105,6 +105,22 @@
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 644d9c2..b226a8f 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -105,6 +105,22 @@ struct nf_conn {
struct net *ct_net;
#endif
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || \
+ defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+ defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+ struct {
+ /*
+ * e.g. "http". NULL before decision. "unknown" after decision
@@ -41,17 +47,31 @@ diff -Naur linux-3.10.5.org/include/net/netfilter/nf_conntrack.h linux-3.10.5/in
/* Storage reserved for other modules, must be the last member */
union nf_conntrack_proto proto;
};
diff -Naur linux-3.10.5.org/net/netfilter/Kconfig linux-3.10.5/net/netfilter/Kconfig
--- linux-3.10.5.org/net/netfilter/Kconfig 2013-08-04 10:51:49.000000000 +0200
+++ linux-3.10.5/net/netfilter/Kconfig 2013-08-07 06:16:14.310805048 +0200
@@ -1205,6 +1205,26 @@
diff --git a/include/uapi/linux/netfilter/Kbuild b/include/uapi/linux/netfilter/Kbuild
index 4111577..a95e6b5 100644
--- a/include/uapi/linux/netfilter/Kbuild
+++ b/include/uapi/linux/netfilter/Kbuild
@@ -53,6 +53,7 @@ header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
+header-y += xt_layer7.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 56d22ca..7827ba4 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -1011,6 +1011,26 @@ config NETFILTER_XT_MATCH_IPVS
To compile it as a module, choose M here. If unsure, say N.
If unsure, say N.
+config NETFILTER_XT_MATCH_LAYER7
+ tristate '"layer7" match support'
+ depends on NETFILTER_XTABLES
+ depends on IP_NF_CONNTRACK || NF_CONNTRACK
+ depends on NETFILTER_ADVANCED
+ depends on NF_CONNTRACK
+ help
+ Say Y if you want to be able to classify connections (and their
+ packets) based on regular expression matching of their application
@@ -62,19 +82,32 @@ diff -Naur linux-3.10.5.org/net/netfilter/Kconfig linux-3.10.5/net/netfilter/Kco
+ To compile it as a module, choose M here. If unsure, say N.
+
+config NETFILTER_XT_MATCH_LAYER7_DEBUG
+ bool 'Layer 7 debugging output'
+ depends on NETFILTER_XT_MATCH_LAYER7
+ help
+ Say Y to get lots of debugging output.
+ bool 'Layer 7 debugging output'
+ depends on NETFILTER_XT_MATCH_LAYER7
+ help
+ Say Y to get lots of debugging output.
+
config NETFILTER_XT_MATCH_LENGTH
tristate '"length" match support'
depends on NETFILTER_ADVANCED
@@ -1205,6 +1225,12 @@ config NETFILTER_XT_MATCH_STATE
To compile it as a module, choose M here. If unsure, say N.
+config NETFILTER_XT_MATCH_LAYER7_DEBUG
+ bool 'Layer 7 debugging output'
+ depends on NETFILTER_XT_MATCH_LAYER7
+ help
+ Say Y to get lots of debugging output.
+
config NETFILTER_XT_MATCH_STATISTIC
tristate '"statistic" match support'
depends on NETFILTER_ADVANCED
diff -Naur linux-3.10.5.org/net/netfilter/Makefile linux-3.10.5/net/netfilter/Makefile
--- linux-3.10.5.org/net/netfilter/Makefile 2013-08-04 10:51:49.000000000 +0200
+++ linux-3.10.5/net/netfilter/Makefile 2013-08-07 06:16:14.320804710 +0200
@@ -134,6 +134,7 @@
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index a1abf87..acec24e 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -134,6 +134,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT) += xt_recent.o
obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_SOCKET) += xt_socket.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o
@@ -82,34 +115,29 @@ diff -Naur linux-3.10.5.org/net/netfilter/Makefile linux-3.10.5/net/netfilter/Ma
obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
diff -Naur linux-3.10.5.org/net/netfilter/nf_conntrack_core.c linux-3.10.5/net/netfilter/nf_conntrack_core.c
--- linux-3.10.5.org/net/netfilter/nf_conntrack_core.c 2013-08-04 10:51:49.000000000 +0200
+++ linux-3.10.5/net/netfilter/nf_conntrack_core.c 2013-08-07 06:20:34.941991510 +0200
@@ -1,3 +1,6 @@
+
+
+
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
@@ -224,6 +227,13 @@
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0283bae..cae3790 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -224,6 +224,13 @@ destroy_conntrack(struct nf_conntrack *nfct)
* too. */
nf_ct_remove_expectations(ct);
+ #if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+ if(ct->layer7.app_proto)
+ kfree(ct->layer7.app_proto);
+ if(ct->layer7.app_data)
+ kfree(ct->layer7.app_data);
+ #endif
+ kfree(ct->layer7.app_data);
+#endif
+
/* We overload first tuple to link into unconfirmed or dying list.*/
BUG_ON(hlist_nulls_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode));
hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode);
diff -Naur linux-3.10.5.org/net/netfilter/nf_conntrack_standalone.c linux-3.10.5/net/netfilter/nf_conntrack_standalone.c
--- linux-3.10.5.org/net/netfilter/nf_conntrack_standalone.c 2013-08-04 10:51:49.000000000 +0200
+++ linux-3.10.5/net/netfilter/nf_conntrack_standalone.c 2013-08-07 06:16:14.380802681 +0200
@@ -240,6 +240,12 @@
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index bd700b4..5d045ca 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -240,6 +240,12 @@ static int ct_seq_show(struct seq_file *s, void *v)
if (ct_show_delta_time(s, ct))
goto release;
@@ -122,9 +150,11 @@ diff -Naur linux-3.10.5.org/net/netfilter/nf_conntrack_standalone.c linux-3.10.5
if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)))
goto release;
diff -Naur linux-3.10.5.org/net/netfilter/regexp/regexp.c linux-3.10.5/net/netfilter/regexp/regexp.c
--- linux-3.10.5.org/net/netfilter/regexp/regexp.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/net/netfilter/regexp/regexp.c 2013-08-07 06:16:14.410801666 +0200
diff --git a/net/netfilter/regexp/regexp.c b/net/netfilter/regexp/regexp.c
new file mode 100644
index 0000000..9006988
--- /dev/null
+++ b/net/netfilter/regexp/regexp.c
@@ -0,0 +1,1197 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
@@ -1323,9 +1353,11 @@ diff -Naur linux-3.10.5.org/net/netfilter/regexp/regexp.c linux-3.10.5/net/netfi
+#endif
+
+
diff -Naur linux-3.10.5.org/net/netfilter/regexp/regexp.h linux-3.10.5/net/netfilter/regexp/regexp.h
--- linux-3.10.5.org/net/netfilter/regexp/regexp.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/net/netfilter/regexp/regexp.h 2013-08-07 06:16:14.430800990 +0200
diff --git a/net/netfilter/regexp/regexp.h b/net/netfilter/regexp/regexp.h
new file mode 100644
index 0000000..a72eba7
--- /dev/null
+++ b/net/netfilter/regexp/regexp.h
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
@@ -1368,18 +1400,22 @@ diff -Naur linux-3.10.5.org/net/netfilter/regexp/regexp.h linux-3.10.5/net/netfi
+void regerror(char *s);
+
+#endif
diff -Naur linux-3.10.5.org/net/netfilter/regexp/regmagic.h linux-3.10.5/net/netfilter/regexp/regmagic.h
--- linux-3.10.5.org/net/netfilter/regexp/regmagic.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/net/netfilter/regexp/regmagic.h 2013-08-07 06:16:14.450800314 +0200
diff --git a/net/netfilter/regexp/regmagic.h b/net/netfilter/regexp/regmagic.h
new file mode 100644
index 0000000..5acf447
--- /dev/null
+++ b/net/netfilter/regexp/regmagic.h
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
diff -Naur linux-3.10.5.org/net/netfilter/regexp/regsub.c linux-3.10.5/net/netfilter/regexp/regsub.c
--- linux-3.10.5.org/net/netfilter/regexp/regsub.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/net/netfilter/regexp/regsub.c 2013-08-07 06:16:14.450800314 +0200
diff --git a/net/netfilter/regexp/regsub.c b/net/netfilter/regexp/regsub.c
new file mode 100644
index 0000000..339631f
--- /dev/null
+++ b/net/netfilter/regexp/regsub.c
@@ -0,0 +1,95 @@
+/*
+ * regsub
@@ -1476,10 +1512,12 @@ diff -Naur linux-3.10.5.org/net/netfilter/regexp/regsub.c linux-3.10.5/net/netfi
+ }
+ *dst++ = '\0';
+}
diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter/xt_layer7.c
--- linux-3.10.5.org/net/netfilter/xt_layer7.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-3.10.5/net/netfilter/xt_layer7.c 2013-08-07 06:16:14.490798961 +0200
@@ -0,0 +1,684 @@
diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
new file mode 100644
index 0000000..51bb747
--- /dev/null
+++ b/net/netfilter/xt_layer7.c
@@ -0,0 +1,625 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
+
@@ -1503,14 +1541,13 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+#include <net/ip.h>
+#include <net/tcp.h>
+#include <linux/module.h>
+#include <linux/seq_file.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
+#include <net/netfilter/nf_conntrack_extend.h>
+#include <net/netfilter/nf_conntrack_acct.h>
+#endif
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_layer7.h>
+#include <linux/ctype.h>
@@ -1522,7 +1559,7 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+MODULE_AUTHOR("Matthew Strait <quadong@users.sf.net>, Ethan Sommer <sommere@users.sf.net>");
+MODULE_DESCRIPTION("iptables application layer match module");
+MODULE_ALIAS("ipt_layer7");
+MODULE_VERSION("2.22ipfire");
+MODULE_VERSION("2.21");
+
+static int maxdatalen = 2048; // this is the default
+module_param(maxdatalen, int, 0444);
@@ -1547,18 +1584,13 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+
+static int total_acct_packets(struct nf_conn *ct)
+{
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 26)
+ BUG_ON(ct == NULL);
+ return (ct->counters[IP_CT_DIR_ORIGINAL].packets + ct->counters[IP_CT_DIR_REPLY].packets);
+#else
+ struct nf_conn_counter *acct;
+
+ BUG_ON(ct == NULL);
+ acct = nf_conn_acct_find(ct);
+ if (!acct)
+ return 0;
+ return ( atomic64_read(&acct[IP_CT_DIR_ORIGINAL].packets) + atomic64_read(&acct[IP_CT_DIR_REPLY].packets) );
+#endif
+ return (atomic64_read(&acct[IP_CT_DIR_ORIGINAL].packets) + atomic64_read(&acct[IP_CT_DIR_REPLY].packets));
+}
+
+#ifdef CONFIG_IP_NF_MATCH_LAYER7_DEBUG
@@ -1678,7 +1710,7 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+
+ /* copy the string and compile the regex */
+ len = strlen(regex_string);
+ DPRINTK("layer7: about to compile this: \"%s\"\n", regex_string);
+ DPRINTK("About to compile this: \"%s\"\n", regex_string);
+ node->pattern = regcomp((char *)regex_string, &len);
+ if ( !node->pattern ) {
+ if (net_ratelimit())
@@ -1796,33 +1828,35 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+}
+
+/* add the new app data to the conntrack. Return number of bytes added. */
+static int add_data(struct nf_conn * master_conntrack,
+ char * app_data, int appdatalen)
+static int add_datastr(char *target, int offset, char *app_data, int len)
+{
+ int length = 0, i;
+ int oldlength = master_conntrack->layer7.app_data_len;
+
+ /* This is a fix for a race condition by Deti Fliegl. However, I'm not
+ clear on whether the race condition exists or whether this really
+ fixes it. I might just be being dense... Anyway, if it's not really
+ a fix, all it does is waste a very small amount of time. */
+ if(!master_conntrack->layer7.app_data) return 0;
+ if (!target) return 0;
+
+ /* Strip nulls. Make everything lower case (our regex lib doesn't
+ do case insensitivity). Add it to the end of the current data. */
+ for(i = 0; i < maxdatalen-oldlength-1 &&
+ i < appdatalen; i++) {
+ for(i = 0; i < maxdatalen-offset-1 && i < len; i++) {
+ if(app_data[i] != '\0') {
+ /* the kernel version of tolower mungs 'upper ascii' */
+ master_conntrack->layer7.app_data[length+oldlength] =
+ target[length+offset] =
+ isascii(app_data[i])?
+ tolower(app_data[i]) : app_data[i];
+ length++;
+ }
+ }
+ target[length+offset] = '\0';
+
+ master_conntrack->layer7.app_data[length+oldlength] = '\0';
+ master_conntrack->layer7.app_data_len = length + oldlength;
+ return length;
+}
+
+/* add the new app data to the conntrack. Return number of bytes added. */
+static int add_data(struct nf_conn * master_conntrack,
+ char * app_data, int appdatalen)
+{
+ int length;
+
+ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen);
+ master_conntrack->layer7.app_data_len += length;
+
+ return length;
+}
@@ -1843,86 +1877,47 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+ }
+}
+
+/* write out num_packets to userland. */
+static int layer7_read_proc(char* page, char ** start, off_t off, int count,
+ int* eof, void * data)
+{
+ if(num_packets > 99 && net_ratelimit())
+ printk(KERN_ERR "layer7: NOT REACHED. num_packets too big\n");
+static int layer7_numpackets_proc_show(struct seq_file *s, void *p) {
+ seq_printf(s, "%d\n", num_packets);
+
+ page[0] = num_packets/10 + '0';
+ page[1] = num_packets%10 + '0';
+ page[2] = '\n';
+ page[3] = '\0';
+ return 0;
+}
+
+ *eof=1;
+
+ return 3;
+static int layer7_numpackets_proc_open(struct inode *inode, struct file *file) {
+ return single_open(file, layer7_numpackets_proc_show, NULL);
+}
+
+/* Read in num_packets from userland */
+static int layer7_write_proc(struct file* file, const char* buffer,
+ unsigned long count, void *data)
+{
+ char * foo = kmalloc(count, GFP_ATOMIC);
+static ssize_t layer7_numpackets_write_proc(struct file* file, const char __user *buffer,
+ size_t count, loff_t *data) {
+ char value[1024];
+ int new_num_packets;
+
+ if(!foo){
+ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory, bailing. "
+ "num_packets unchanged.\n");
+ return count;
+ }
+ if (copy_from_user(&value, buffer, sizeof(value)))
+ return -EFAULT;
+
+ if(copy_from_user(foo, buffer, count)) {
+ new_num_packets = my_atoi(value);
+
+ if ((new_num_packets < 1) || (new_num_packets > 99)) {
+ printk(KERN_WARNING "layer7: numpackets must be between 1 and 99\n");
+ return -EFAULT;
+ }
+
+
+ num_packets = my_atoi(foo);
+ kfree (foo);
+
+ /* This has an arbitrary limit to make the math easier. I'm lazy.
+ But anyway, 99 is a LOT! If you want more, you're doing it wrong! */
+ if(num_packets > 99) {
+ printk(KERN_WARNING "layer7: num_packets can't be > 99.\n");
+ num_packets = 99;
+ } else if(num_packets < 1) {
+ printk(KERN_WARNING "layer7: num_packets can't be < 1.\n");
+ num_packets = 1;
+ }
+ num_packets = new_num_packets;
+
+ return count;
+}
+
+static bool
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35)
+match(const struct sk_buff *skbin, struct xt_action_param *par)
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28)
+match(const struct sk_buff *skbin, const struct xt_match_param *par)
+#else
+match(const struct sk_buff *skbin,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
+#endif
+static bool match(const struct sk_buff *skbin, struct xt_action_param *par)
+{
+ /* sidestep const without getting a compiler warning... */
+ struct sk_buff * skb = (struct sk_buff *)skbin;
+
+ const struct xt_layer7_info * info =
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28)
+ par->matchinfo;
+ #else
+ matchinfo;
+ #endif
+ const struct xt_layer7_info * info = par->matchinfo;
+
+ enum ip_conntrack_info master_ctinfo, ctinfo;
+ struct nf_conn *master_conntrack, *conntrack;
+ unsigned char * app_data;
+ unsigned char *app_data, *tmp_data;
+ unsigned int pattern_result, appdatalen;
+ regexp * comppattern;
+
@@ -1950,8 +1945,8 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+ master_conntrack = master_ct(master_conntrack);
+
+ /* if we've classified it or seen too many packets */
+ if(total_acct_packets(master_conntrack) > num_packets ||
+ master_conntrack->layer7.app_proto) {
+ if(!info->pkt && (total_acct_packets(master_conntrack) > num_packets ||
+ master_conntrack->layer7.app_proto)) {
+
+ pattern_result = match_no_append(conntrack, master_conntrack,
+ ctinfo, master_ctinfo, info);
@@ -1984,6 +1979,25 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+ /* the return value gets checked later, when we're ready to use it */
+ comppattern = compile_and_cache(info->pattern, info->protocol);
+
+ if (info->pkt) {
+ tmp_data = kmalloc(maxdatalen, GFP_ATOMIC);
+ if(!tmp_data){
+ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in match, bailing.\n");
+ return info->invert;
+ }
+
+ tmp_data[0] = '\0';
+ add_datastr(tmp_data, 0, app_data, appdatalen);
+ pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0);
+
+ kfree(tmp_data);
+ tmp_data = NULL;
+ spin_unlock_bh(&l7_lock);
+
+ return (pattern_result ^ info->invert);
+ }
+
+ /* On the first packet of a connection, allocate space for app data */
+ if(total_acct_packets(master_conntrack) == 1 && !skb->cb[0] &&
+ !master_conntrack->layer7.app_data){
@@ -2060,49 +2074,21 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+}
+
+// load nf_conntrack_ipv4
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35)
+static int
+#else
+static bool
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28)
+check(const struct xt_mtchk_param *par)
+static int check(const struct xt_mtchk_param *par)
+{
+ if (nf_ct_l3proto_try_module_get(par->match->family) < 0) {
+ printk(KERN_WARNING "can't load conntrack support for "
+ "proto=%d\n", par->match->family);
+#else
+check(const char *tablename, const void *inf,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask)
+{
+ if (nf_ct_l3proto_try_module_get(match->family) < 0) {
+ printk(KERN_WARNING "can't load conntrack support for "
+ "proto=%d\n", match->family);
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35)
+ return -EINVAL;
+ }
+ return 0;
+#else
+ return 0;
+ }
+ return 1;
+#endif
+}
+
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28)
+ static void destroy(const struct xt_mtdtor_param *par)
+ {
+ nf_ct_l3proto_module_put(par->match->family);
+ }
+#else
+ static void destroy(const struct xt_match *match, void *matchinfo)
+ {
+ nf_ct_l3proto_module_put(match->family);
+ }
+#endif
+static void destroy(const struct xt_mtdtor_param *par)
+{
+ nf_ct_l3proto_module_put(par->match->family);
+}
+
+static struct xt_match xt_layer7_match[] __read_mostly = {
+{
@@ -2116,30 +2102,23 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+}
+};
+
+static void layer7_cleanup_proc(void)
+{
+// remove_proc_entry("layer7_numpackets", init_net.proc_net);
+}
+
+/* register the proc file */
+static void layer7_init_proc(void)
+{
+ struct proc_dir_entry* entry;
+// entry = create_proc_entry("layer7_numpackets", 0644, init_net.proc_net);
+// entry->read_proc = layer7_read_proc;
+// entry->write_proc = layer7_write_proc;
+}
+static const struct file_operations layer7_numpackets_proc_fops = {
+ .owner = THIS_MODULE,
+ .open = layer7_numpackets_proc_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = single_release,
+ .write = layer7_numpackets_write_proc,
+};
+
+static int __init xt_layer7_init(void)
+{
+ need_conntrack();
+
+ if (init_net.ct.sysctl_acct == 0) {
+ printk(KERN_WARNING "layer7: enabling nf_conntrack_acct\n");
+ init_net.ct.sysctl_acct = 1;
+ }
+ // Register proc interface
+ proc_create_data("layer7_numpackets", 0644,
+ init_net.proc_net, &layer7_numpackets_proc_fops, NULL);
+
+ layer7_init_proc();
+ if(maxdatalen < 1) {
+ printk(KERN_WARNING "layer7: maxdatalen can't be < 1, "
+ "using 1\n");
@@ -2158,7 +2137,7 @@ diff -Naur linux-3.10.5.org/net/netfilter/xt_layer7.c linux-3.10.5/net/netfilter
+
+static void __exit xt_layer7_fini(void)
+{
+ layer7_cleanup_proc();
+ remove_proc_entry("layer7_numpackets", init_net.proc_net);
+ xt_unregister_matches(xt_layer7_match, ARRAY_SIZE(xt_layer7_match));
+}
+