diff --git a/config/rootfiles/core/164/filelists/files b/config/rootfiles/core/164/filelists/files index e774b116b..278dc20a6 100644 --- a/config/rootfiles/core/164/filelists/files +++ b/config/rootfiles/core/164/filelists/files @@ -5,6 +5,7 @@ etc/rc.d/init.d/partresize etc/rc.d/init.d/squid etc/suricata/suricata.yaml etc/sysctl.conf +opt/pakfire/lib/functions.pl srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/optionsfw.cgi diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 161464d0d..27e61e9bb 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1019,7 +1019,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { &IDS::call_suricatactrl("stop"); } } - + # Undefine providers flag. undef($cgiparams{'PROVIDERS'}); @@ -1468,7 +1468,7 @@ print <

- +
END @@ -1522,7 +1522,7 @@ sub show_customize_ruleset() { print"var hide = \"$Lang::tr{'ids hide'}\"\;\n"; print <\n"; + print"
\n"; - # Output display table for rule files + # Output display table for rule files + print "
\n"; + + # Loop over each rule file + foreach my $rulefile (sort keys(%idsrules)) { + my $rulechecked = ''; + + # Check if rule file is enabled + if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') { + $rulechecked = 'CHECKED'; + } + + # Convert rulefile name into category name. + my $categoryname = &_rulefile_to_category($rulefile); + + # Table and rows for the rule files. + print"\n"; + print"\n"; + print"\n"; + print"\n"; + print"\n"; + + # Rows which will be hidden per default and will contain the single rules. + print"\n"; + print"
\n"; + print"\n"; + print"$rulefile\n"; + print"$Lang::tr{'ids show'}\n"; + print"
"; + } - print <"; + + print < @@ -1642,8 +1642,7 @@ END END ; - &Header::closebox(); - } + &Header::closebox(); } # @@ -1905,7 +1904,7 @@ sub show_additional_provider_actions() { - + END ; &Header::closebox(); diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index ebc8168ae..7d081bbc3 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -141,17 +141,15 @@ iptables_init() { # Log and drop any traffic from and to networks known as being hostile, posing # a technical threat to our users (i. e. listed at Spamhaus DROP et al.) + iptables -N HOSTILE if [ "$DROPHOSTILE" == "on" ]; then - iptables -N DROP_HOSTILE - iptables -A DROP_HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " - - iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE - iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE - iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE - iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE - - iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE" + iptables -A HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " + iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j HOSTILE + iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE + iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE + iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j HOSTILE fi + iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE" # P2PBLOCK iptables -N P2PBLOCK diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl index 2f34763d5..cb448a766 100644 --- a/src/pakfire/lib/functions.pl +++ b/src/pakfire/lib/functions.pl @@ -524,13 +524,13 @@ sub dblist { foreach $line (sort @db) { next unless ($line =~ /.*;.*;.*;/ ); $use_color = ""; - $count++; @templine = split(/\;/,$line); if ("$filter" eq "notinstalled") { next if ( -e "$Conf::dbdir/installed/meta-$templine[0]" ); } elsif ("$filter" eq "installed") { next unless ( -e "$Conf::dbdir/installed/meta-$templine[0]" ); } + $count++; if ("$forweb" eq "forweb") { if ("$filter" eq "notinstalled") {