webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

Browse Source
This commit is contained in:
ipfire
2006-02-15 21:15:54 +00:00
parent 6d63f4c4b3
commit cd1a292722
1206 changed files with 185026 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.cvsignore Normal file
View File

@@ -0,0 +1,8 @@
build
cache
ccache
log
*.img
*.iso
*.tgz
*.gpg

12
config/CVS/Entries Normal file
View File

@@ -0,0 +1,12 @@
D/aboot////
D/cdrom////
D/cfgroot////
D/cron////
D/etc////
D/grub////
D/httpd////
D/install////
D/ipac-ng////
D/kernel////
D/snort////
D/ssl////

1
config/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config

1
config/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

3
config/aboot/CVS/Entries Normal file
View File

@@ -0,0 +1,3 @@
/aboot.conf/1.1/Sun Feb 8 21:29:00 2004//TIPCOP_v1_4_0
/scsiaboot.conf/1.1/Sun Feb 8 21:29:00 2004//TIPCOP_v1_4_0
D

1
config/aboot/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/aboot

1
config/aboot/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/aboot/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

1
config/aboot/aboot.conf Normal file
View File

@@ -0,0 +1 @@
0:1/vmlinuz root=ROOT panic=10 ro

1
config/aboot/scsiaboot.conf Normal file
View File

@@ -0,0 +1 @@
0:1/vmlinuz root=ROOT panic=10 initrd=ipcoprd.img init=/linuxrc rw

2
config/cdrom/CVS/Entries Normal file
View File

@@ -0,0 +1,2 @@
/README.txt/1.3/Thu Jan 8 20:02:38 2004//TIPCOP_v1_4_0
D

1
config/cdrom/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/cdrom

1
config/cdrom/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/cdrom/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

42
config/cdrom/README.txt Normal file
View File

@@ -0,0 +1,42 @@
IPCop - The Bad Packets Stop Here (VERSION)
------------------------------------------
Installation
------------
Please read the IPCop Installation PDF before installing the firewall.
This document is located in the \doc directory on the cdrom. It will
guide you through the installation process and will help you make the
necessary decisions during the installation process.
DOS Image utility tools
-----------------------
The dosutils directory contains the following DOS and Windows applications,
please use with caution and please can we draw your attention to the
documentation on the IPCop CD or install image on your network drive.
We also draw your attention to the disclaimer of Warranty below.
rawrite.exe - rawrite executable
rawwritewin.exe - rawwrite for Windows
diskio.dll - this MUST be in the same directory as rawrite for Windows
copying.txt - text file
License
-------
Please read the file COPYING for more information on the license.
Disclaimer of Warranty
----------------------
Users of this software must accept this disclaimer of warranty: "This
software is supplied AS IS. IPCop disclaims all warranties, expressed
or implied, including, without limitation, the warranties of merchantability
and of fitness for any purpose. IPCop assumes no liability for
damages, direct or consequential, which may result from the use of this
software."

21
config/cfgroot/CVS/Entries Normal file
View File

@@ -0,0 +1,21 @@
/advoptions-list/1.1.2.3/Sat May 7 13:01:32 2005//TIPCOP_v1_4_0
/backup-exclude/1.3.2.6/Tue Nov 1 19:20:52 2005//TIPCOP_v1_4_0
/backup-exclude.hardware/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/backup-include/1.4.2.1/Sun Apr 25 06:57:03 2004//TIPCOP_v1_4_0
/countries.pl/1.2.2.1/Wed Jan 26 12:23:19 2005//TIPCOP_v1_4_0
/defaultservices/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/general-functions.pl/1.1.2.26/Wed Jan 4 16:33:55 2006//TIPCOP_v1_4_0
/header-menu.pl/1.1.2.2/Sat Nov 19 16:48:45 2005//TIPCOP_v1_4_0
/header.pl/1.34.2.67/Mon Oct 3 20:01:05 2005//TIPCOP_v1_4_0
/icmptypes/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/ipcop.gpg/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/lang.pl/1.1.2.11/Sat Sep 10 16:22:50 2005//TIPCOP_v1_4_0
/logging-settings/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/modem-defaults/1.1.1.1.8.1/Sun Jan 2 10:01:00 2005//TIPCOP_v1_4_0
/modem-settings/1.1.1.1.8.1/Sun Jan 2 10:01:01 2005//TIPCOP_v1_4_0
/oinkmaster.conf/1.1.2.2/Mon May 2 17:11:58 2005//TIPCOP_v1_4_0
/protocols.pl/1.2.2.1/Wed Jan 26 12:23:20 2005//TIPCOP_v1_4_0
/proxy-acl/1.2.2.4/Thu Dec 1 20:19:12 2005//TIPCOP_v1_4_0
/time-settings/1.2/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/xtaccess-config/1.2/Thu Dec 11 10:57:32 2003//TIPCOP_v1_4_0
D

1
config/cfgroot/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/cfgroot

1
config/cfgroot/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/cfgroot/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

56
config/cfgroot/advoptions-list Normal file
View File

@@ -0,0 +1,56 @@
option all-subnets-local flag;
option arp-cache-timeout uint32;
option bootfile-name string;
option boot-size uint16;
option broadcast-address ip-address;
option cookie-servers ip-address [, ip-address... ];
option default-ip-ttl uint8;
option default-tcp-ttl uint8;
option dhcp-client-identifier data-string;
option finger-server ip-address [, ip-address... ];
option font-servers ip-address [, ip-address... ];
option host-name string;
option ieee802-3-encapsulation flag;
option ien116-name-servers ip-address [, ip-address... ];
option impress-servers ip-address [, ip-address... ];
option interface-mtu uint16;
option ip-forwarding flag;
option irc-server ip-address [, ip-address... ];
option log-servers ip-address [, ip-address... ];
option lpr-servers ip-address [, ip-address... ];
option mask-supplier flag;
option max-dgram-reassembly uint16;
option merit-dump string;
option mobile-ip-home-agent ip-address [, ip-address... ];
option netbios-dd-server ip-address [, ip-address... ];
option netbios-node-type uint8;
option netbios-scope string;
option nis-domain string;
option nisplus-domain string;
option nisplus-servers ip-address [, ip-address... ];
option nis-servers ip-address [, ip-address... ];
option nntp-server ip-address [, ip-address... ];
option non-local-source-routing flag;
option ntp-servers ip-address [, ip-address... ];
option path-mtu-aging-timeout uint32;
option path-mtu-plateau-table uint16 [, uint16... ];
option perform-mask-discovery flag;
option policy-filter ip-address ip-address [, ip-address ip-address... ];
option pop-server ip-address [, ip-address... ];
option resource-location-servers ip-address [, ip-address... ];
option root-path string;
option router-discovery flag;
option router-solicitation-address ip-address;
option smtp-server ip-address [, ip-address... ];
option static-routes ip-address ip-address [, ip-address ip-address... ];
option streettalk-directory-assistance-server ip-address [, ip-address... ];
option streettalk-server ip-address [, ip-address... ];
option swap-server ip-address;
option tcp-keepalive-garbage flag;
option tcp-keepalive-interval uint32;
option tftp-server-name string;
option time-offset int32;
option time-servers ip-address [, ip-address... ];
option trailer-encapsulation flag;
option www-server ip-address [, ip-address... ];
option x-display-manager ip-address [, ip-address... ];

20
config/cfgroot/backup-exclude Normal file
View File

@@ -0,0 +1,20 @@
var/ipcop/backup/*.system
var/ipcop/backup/backup.key
var/ipcop/backup/sets
var/ipcop/countries.pl
var/ipcop/dhcpc
var/ipcop/eciadsl/modems.db
var/ipcop/eciadsl/firmware00.bin
var/ipcop/header.pl
var/ipcop/general-functions.pl
var/ipcop/lang.pl
var/ipcop/key
var/ipcop/langs
var/ipcop/patches
var/ipcop/ppp/fake-resolv.conf
var/ipcop/red
var/ipcop/time/counter
var/ipcop/firewall/protocols.pl
var/ipcop/firewall/defaultservices
var/ipcop/firewall/icmptypes
var/ipcop/addon-lang

1
config/cfgroot/backup-exclude.hardware Normal file
View File

@@ -0,0 +1 @@
var/ipcop/ethernet/settings

16
config/cfgroot/backup-include Normal file
View File

@@ -0,0 +1,16 @@
/etc/passwd
/etc/shadow
/etc/hosts
/etc/localtime
/etc/httpd/server.crt
/etc/httpd/server.csr
/etc/httpd/server.key
/etc/rc.d/rc.local
/etc/rc.d/rc.firewall.local
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/var/ipcop/

250
config/cfgroot/countries.pl Normal file
View File

@@ -0,0 +1,250 @@
package Countries;
%countries = (
'Afghanistan' => 'AF',
'Albania' => 'AL',
'Algeria' => 'DZ',
'American Samoa' => 'AS',
'Andorra' => 'AD',
'Angola' => 'AO',
'Anguilla' => 'AI',
'Antarctica' => 'AQ',
'Antigua and Barbuda' => 'AG',
'Argentina' => 'AR',
'Armenia' => 'AM',
'Aruba' => 'AW',
'Australia' => 'AU',
'Austria' => 'AT',
'Azerbaijan' => 'AZ',
'Bahamas' => 'BS',
'Bahrain' => 'BH',
'Bangladesh' => 'BD',
'Barbados' => 'BB',
'Belarus' => 'BY',
'Belgium' => 'BE',
'Belize' => 'BZ',
'Benin' => 'BJ',
'Bermuda' => 'BM',
'Bhutan' => 'BT',
'Bolivia' => 'BO',
'Bosnia and Herzegovina' => 'BA',
'Botswana' => 'BW',
'Bouvet Island' => 'BV',
'Brazil' => 'BR',
'British Indian Ocean Territory' => 'IO',
'Brunei Darussalam' => 'BN',
'Bulgaria' => 'BG',
'Burkina Faso' => 'BF',
'Burundi' => 'BI',
'Cambodia' => 'KH',
'Cameroon' => 'CM',
'Canada' => 'CA',
'Cape Verde' => 'CV',
'Cayman Islands' => 'KY',
'Central African Republic' => 'CF',
'Chad' => 'TD',
'Chile' => 'CL',
'China' => 'CN',
'Christmas Island' => 'CX',
'Cocos (Keeling) Islands' => 'CC',
'Colombia' => 'CO',
'Comoros' => 'KM',
'Congo' => 'CG',
'Cook Islands' => 'CK',
'Costa Rica' => 'CR',
'Cote D\'Ivoire (Ivory Coast)' => 'CI',
'Croatia (Hrvatska)' => 'HR',
'Cuba' => 'CU',
'Cyprus' => 'CY',
'Czech Republic' => 'CZ',
'Czechoslovakia (former)' => 'CS',
'Denmark' => 'DK',
'Djibouti' => 'DJ',
'Dominica' => 'DM',
'Dominican Republic' => 'DO',
'East Timor' => 'TP',
'Ecuador' => 'EC',
'Egypt' => 'EG',
'El Salvador' => 'SV',
'Equatorial Guinea' => 'GQ',
'Eritrea' => 'ER',
'Estonia' => 'EE',
'Ethiopia' => 'ET',
'Falkland Islands (Malvinas)' => 'FK',
'Faroe Islands' => 'FO',
'Fiji' => 'FJ',
'Finland' => 'FI',
'France' => 'FR',
'France, Metropolitan' => 'FX',
'French Guiana' => 'GF',
'French Polynesia' => 'PF',
'French Southern Territories' => 'TF',
'Gabon' => 'GA',
'Gambia' => 'GM',
'Georgia' => 'GE',
'Germany' => 'DE',
'Ghana' => 'GH',
'Gibraltar' => 'GI',
'Great Britain (UK)' => 'GB',
'Greece' => 'GR',
'Greenland' => 'GL',
'Grenada' => 'GD',
'Guadeloupe' => 'GP',
'Guam' => 'GU',
'Guatemala' => 'GT',
'Guinea' => 'GN',
'Guinea-Bissau' => 'GW',
'Guyana' => 'GY',
'Haiti' => 'HT',
'Heard and McDonald Islands' => 'HM',
'Honduras' => 'HN',
'Hong Kong' => 'HK',
'Hungary' => 'HU',
'Iceland' => 'IS',
'India' => 'IN',
'Indonesia' => 'ID',
'Iran' => 'IR',
'Iraq' => 'IQ',
'Ireland' => 'IE',
'Israel' => 'IL',
'Italy' => 'IT',
'Jamaica' => 'JM',
'Japan' => 'JP',
'Jordan' => 'JO',
'Kazakhstan' => 'KZ',
'Kenya' => 'KE',
'Kiribati' => 'KI',
'Korea (North)' => 'KP',
'Korea (South)' => 'KR',
'Kuwait' => 'KW',
'Kyrgyzstan' => 'KG',
'Laos' => 'LA',
'Latvia' => 'LV',
'Lebanon' => 'LB',
'Lesotho' => 'LS',
'Liberia' => 'LR',
'Libya' => 'LY',
'Liechtenstein' => 'LI',
'Lithuania' => 'LT',
'Luxembourg' => 'LU',
'Macau' => 'MO',
'Macedonia' => 'MK',
'Madagascar' => 'MG',
'Malawi' => 'MW',
'Malaysia' => 'MY',
'Maldives' => 'MV',
'Mali' => 'ML',
'Malta' => 'MT',
'Marshall Islands' => 'MH',
'Martinique' => 'MQ',
'Mauritania' => 'MR',
'Mauritius' => 'MU',
'Mayotte' => 'YT',
'Mexico' => 'MX',
'Micronesia' => 'FM',
'Moldova' => 'MD',
'Monaco' => 'MC',
'Mongolia' => 'MN',
'Montserrat' => 'MS',
'Morocco' => 'MA',
'Mozambique' => 'MZ',
'Myanmar' => 'MM',
'Namibia' => 'NA',
'Nauru' => 'NR',
'Nepal' => 'NP',
'Netherlands Antilles' => 'AN',
'Netherlands' => 'NL',
'Neutral Zone' => 'NT',
'New Caledonia' => 'NC',
'New Zealand (Aotearoa)' => 'NZ',
'Nicaragua' => 'NI',
'Niger' => 'NE',
'Nigeria' => 'NG',
'Niue' => 'NU',
'Norfolk Island' => 'NF',
'Northern Mariana Islands' => 'MP',
'Norway' => 'NO',
'Oman' => 'OM',
'Pakistan' => 'PK',
'Palau' => 'PW',
'Panama' => 'PA',
'Papua New Guinea' => 'PG',
'Paraguay' => 'PY',
'Peru' => 'PE',
'Philippines' => 'PH',
'Pitcairn' => 'PN',
'Poland' => 'PL',
'Portugal' => 'PT',
'Puerto Rico' => 'PR',
'Qatar' => 'QA',
'Reunion' => 'RE',
'Romania' => 'RO',
'Russian Federation' => 'RU',
'Rwanda' => 'RW',
'S. Georgia and S. Sandwich Isls.' => 'GS',
'Saint Kitts and Nevis' => 'KN',
'Saint Lucia' => 'LC',
'Saint Vincent and the Grenadines' => 'VC',
'Samoa' => 'WS',
'San Marino' => 'SM',
'Sao Tome and Principe' => 'ST',
'Saudi Arabia' => 'SA',
'Senegal' => 'SN',
'Seychelles' => 'SC',
'Sierra Leone' => 'SL',
'Singapore' => 'SG',
'Slovak Republic' => 'SK',
'Slovenia' => 'SI',
'Solomon Islands' => 'Sb',
'Somalia' => 'SO',
'South Africa' => 'ZA',
'Spain' => 'ES',
'Sri Lanka' => 'LK',
'St. Helena' => 'SH',
'St. Pierre and Miquelon' => 'PM',
'Sudan' => 'SD',
'Suriname' => 'SR',
'Svalbard and Jan Mayen Islands' => 'SJ',
'Swaziland' => 'SZ',
'Sweden' => 'SE',
'Switzerland' => 'CH',
'Syria' => 'SY',
'Taiwan' => 'TW',
'Tajikistan' => 'TJ',
'Tanzania' => 'TZ',
'Thailand' => 'TH',
'Togo' => 'TG',
'Tokelau' => 'TK',
'Tonga' => 'TO',
'Trinidad and Tobago' => 'TT',
'Tunisia' => 'TN',
'Turkey' => 'TR',
'Turkmenistan' => 'TM',
'Turks and Caicos Islands' => 'TC',
'Tuvalu' => 'TV',
'US Minor Outlying Islands' => 'UM',
'USSR (former)' => 'SU',
'Uganda' => 'UG',
'Ukraine' => 'UA',
'United Arab Emirates' => 'AE',
'United Kingdom' => 'UK',
'United States' => 'US',
'Uruguay' => 'UY',
'Uzbekistan' => 'UZ',
'Vanuatu' => 'VU',
'Vatican City State (Holy See)' => 'VA',
'Venezuela' => 'VE',
'Viet Nam' => 'VN',
'Virgin Islands (British)' => 'VG',
'Virgin Islands (U.S.)' => 'VI',
'Wallis and Futuna Islands' => 'WF',
'Western Sahara' => 'EH',
'Yemen' => 'YE',
'Yugoslavia' => 'YU',
'Zaire' => 'ZR',
'Zambia' => 'ZM',
'Zimbabwe' => 'ZW',
);
1;

249
config/cfgroot/defaultservices Normal file
View File

@@ -0,0 +1,249 @@
acap,674,tcpudp
afbackup,2988,tcpudp
afpovertcp,548,tcpudp
afs3-bos,7007,tcpudp
afs3-callback,7001,tcpudp
afs3-errors,7006,tcpudp
afs3-fileserver,7000,tcpudp
afs3-kaserver,7004,tcpudp
afs3-prserver,7002,tcpudp
afs3-rmtsys,7009,tcpudp
afs3-update,7008,tcpudp
afs3-vlserver,7003,tcpudp
afs3-volser,7005,tcpudp
amanda,10080,tcpudp
amandaidx,10082,tcp
amidxtape,10083,tcp
asp,27374,tcpudp
at-echo,204,tcpudp
at-nbp,202,tcpudp
at-rtmp,201,tcpudp
at-zis,206,tcpudp
auth,113,tcpudp
bgp,179,tcpudp
biff,512,udp
binkp,24554,tcpudp
bootpc,68,tcpudp
bootps,67,tcpudp
canna,5680,tcp
cfengine,5308,tcpudp
cfinger,2003,tcp
chargen,19,tcpudp
cmip-agent,164,tcpudp
cmip-man,163,tcpudp
codaauth2,370,tcpudp
codasrv,2432,tcpudp
codasrv-se,2433,tcpudp
conference,531,tcp
corbaloc,2809,tcp
courier,530,tcp
csnet-ns,105,tcpudp
cvspserver,2401,tcpudp
cvsup,5999,tcpudp
datametrics,1645,tcpudp
daytime,13,tcpudp
dhcpv6-client,546,tcpudp
dhcpv6-server,547,tcpudp
discard,9,tcpudp
domain,53,tcpudp
echo,4,ddp
echo,7,tcpudp
efs,520,tcp
eklogin,2105,tcp
exec,512,tcp
fax,4557,tcp
fido,60179,tcpudp
finger,79,tcpudp
fsp,21,udp
ftp,21,tcpudp
ftp-data,20,tcpudp
gdomap,538,tcpudp
gdp-port,1997,tcpudp
gii,616,tcp
gopher,70,tcpudp
gss-http,488,tcpudp
h323callsigalt,11720,tcpudp
h323gatedisc,1718,tcpudp
h323gatestat,1719,tcpudp
h323hostcall,1720,tcpudp
h323hostcallsc,1300,tcpudp
ha-cluster,694,tcpudp
hello,1789,tcpudp
hmmp-ind,612,tcpudp
hostmon,5355,tcpudp
hostname,101,tcpudp
hsrp,1985,tcpudp
http,80,tcpudp
http-alt,8008,tcpudp
https,443,tcpudp
hylafax,4559,tcp
ica,1494,tcpudp
icpv2,3130,tcpudp
iiop,535,tcpudp
imap,143,tcpudp
imap3,220,tcpudp
imaps,993,tcpudp
ingreslock,1524,tcpudp
ipx,213,tcpudp
irc,194,tcpudp
ircd,6667,tcpudp
ircs,994,tcpudp
isakmp,500,tcpudp
isdnlog,20011,tcpudp
iso-tsap,102,tcp
jetdirect,9100,tcp
kamanda,10081,tcpudp
kerberos,88,tcpudp
kerberos-adm,749,tcp
kerberos-iv,750,udptcp
kerberos_master,751,udptcp
kermit,1649,tcpudp
klogin,543,tcp
knetd,2053,tcp
kpasswd,464,tcpudp
kpop,1109,tcp
krb524,4444,tcpudp
krb5_prop,754,tcp
krbupdate,760,tcp
kshell,544,tcp
l2tp,1701,tcpudp
ldap,389,tcpudp
ldaps,636,tcpudp
licensedaemon,1986,tcpudp
link,245,tcpucp
linuxconf,98,tcp
login,513,tcp
mailq,174,tcpudp
mandelspawn,9359,udp
microsoft-ds,445,tcpudp
mobileip-agent,434,tcpudp
mobilip-mn,435,tcpudp
ms-sql-m,1434,tcpudp
ms-sql-s,1433,tcpudp
msp,18,tcpudp
mtp,1911,tcpudp
mysql,3306,tcpudp
nameserver,42,tcpudp
nbp,2,ddp
netbios-dgm,138,tcpudp
netbios-ns,137,tcpudp
netbios-ssn,139,tcpudp
netnews,532,tcp
netrjs-1,71,tcpudp
netrjs-2,72,tcpudp
netrjs-3,73,tcpudp
netrjs-4,74,tcpudp
netstat,15,tcp
netwall,533,udp
nextstep,178,tcpudp
nfs,2049,tcpudp
nicname,43,tcpudp
ninstall,2150,tcpudp
nntp,119,tcpudp
nntps,563,tcpudp
noclog,5354,tcpudp
npmp-gui,611,tcpudp
npmp-local,610,tcpudp
ntalk,518,udp
ntp,123,tcpudp
omirr,808,tcpudp
passwd_server,752,udp
pgpkeyserver,11371,tcpudp
phonebook,767,tcpudp
photuris,468,tcpudp
pim-rp-disc,496,tcpudp
pop2,109,tcpudp
pop3,110,tcpudp
pop3s,995,tcpudp
poppassd,106,tcpudp
postgres,5432,tcpudp
printer,515,tcpudp
prospero,191,tcpudp
prospero-np,1525,tcpudp
prsvp,3455,tcpudp
qmtp,209,tcpudp
qotd,17,tcpudp
quake,26000,tcpudp
radius,1812,tcpudp
radius-acct,1813,tcpudp
re-mail-ck,50,tcpudp
remotefs,556,tcp
rfe,5002,tcpudp
ripng,521,tcpudp
rje,5,tcpudp
rlp,39,tcpudp
rmtcfg,1236,tcp
rndc,953,tcpudp
router,520,udp
rpc2portmap,369,tcpudp
rsvp_tunnel,363,tcpudp
rsync,873,tcpudp
rtelnet,107,tcpudp
rtmp,1,ddp
rtsp,554,tcpudp
rwhois,4321,tcpudp
sa-msg-port,1646,tcpudp
saft,487,tcpudp
sd,9876,tcpudp
sftp,115,tcpudp
sgi-dgl,5232,tcpudp
shell,514,tcp
skkserv,1178,tcp
smtp,25,tcpudp
smtps,465,tcp
smux,199,tcpudp
snmp,161,tcpudp
snmptrap,162,udp
snpp,444,tcpudp
socks,1080,tcpudp
squid,3128,tcp
ssh,22,tcpudp
submission,587,tcpudp
sunrpc,111,tcpudp
supdup,95,tcpudp
supfiledbg,1127,tcp
supfilesrv,871,tcp
support,1529,tcp
svrloc,427,tcpudp
swat,901,tcp
syslog,514,udp
systat,11,tcpudp
tacacs,49,tcpudp
talk,517,udp
tcpmux,1,tcpudp
telnet,23,tcpudp
telnets,992,tcpudp
tempo,526,tcp
tfido,60177,tcpudp
tftp,69,tcpudp
tftp-mcast,1758,tcpudp
time,37,tcpudp
timed,525,tcpudp
tircproxy,7666,tcp
tproxy,8081,tcpudp
traceroute,33434,tcpudp
trnsprntproxy,3346,tcpudp
ulistproc,372,tcpudp
utime,519,tcpudp
uucp,540,tcp
uucp-path,117,tcpudp
vboxd,20012,tcpudp
venus,2430,tcpudp
venus-se,2431,tcpudp
webcache,8080,tcpudp
webster,765,tcpudp
who,513,udp
whoami,565,tcpudp
whois++,63,tcpudp
wins,1512,tcpudp
wnn6-ds,26208,tcpudp
x11,6000,tcp
x11-ssh-offset,6010,tcp
xdmcp,177,tcpudp
xfs,7100,tcp
xtel,1313,tcp
z39.50,210,tcpudp
zephyr-clt,2103,tcpudp
zephyr-hm,2104,tcpudp
zephyr-srv,2102,tcpudp
zip,6,ddp

554
config/cfgroot/general-functions.pl Normal file
View File

@@ -0,0 +1,554 @@
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The SmoothWall Team
# Copyright (C) 2002 Alex Hudson - getcgihash() rewrite
# Copyright (C) 2002 Bob Grant <bob@cache.ucr.edu> - validmac()
# Copyright (c) 2002/04/13 Steve Bootes - add alias section, helper functions
# Copyright (c) 2002/08/23 Mark Wormgoor <mark@wormgoor.com> validfqdn()
# Copyright (c) 2003/09/11 Darren Critchley <darrenc@telus.net> srtarray()
#
# $Id: general-functions.pl,v 1.1.2.26 2006/01/04 16:33:55 franck78 Exp $
#
package General;
use strict;
use Socket;
use IO::Socket;
$|=1; # line buffering
$General::version = 'VERSION';
$General::swroot = 'CONFIG_ROOT';
$General::noipprefix = 'noipg-';
$General::adminmanualurl = 'http://www.ipcop.org/1.4.0/en/admin/html';
sub log
{
my $logmessage = $_[0];
$logmessage =~ /([\w\W]*)/;
$logmessage = $1;
system('/usr/bin/logger', '-t', 'ipcop', $logmessage);
}
sub readhash
{
my $filename = $_[0];
my $hash = $_[1];
my ($var, $val);
# Some ipcop code expects that readhash 'complete' the hash if new entries
# are presents. Not clear it !!!
#%$hash = ();
open(FILE, $filename) or die "Unable to read file $filename";
while (<FILE>)
{
chop;
($var, $val) = split /=/, $_, 2;
if ($var)
{
$val =~ s/^\'//g;
$val =~ s/\'$//g;
# Untaint variables read from hash
$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
$val =~ /([\w\W]*)/; $val = $1;
$hash->{$var} = $val;
}
}
close FILE;
}
sub writehash
{
my $filename = $_[0];
my $hash = $_[1];
my ($var, $val);
# write cgi vars to the file.
open(FILE, ">${filename}") or die "Unable to write file $filename";
flock FILE, 2;
foreach $var (keys %$hash)
{
$val = $hash->{$var};
# Darren Critchley Jan 17, 2003 added the following because when submitting with a graphic, the x and y
# location of the mouse are submitted as well, this was being written to the settings file causing
# some serious grief! This skips the variable.x and variable.y
if (!($var =~ /(.x|.y)$/)) {
if ($val =~ / /) {
$val = "\'$val\'"; }
if (!($var =~ /^ACTION/)) {
print FILE "${var}=${val}\n"; }
}
}
close FILE;
}
sub age
{
my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
$atime, $mtime, $ctime, $blksize, $blocks) = stat $_[0];
my $now = time;
my $totalsecs = $now - $mtime;
my $days = int($totalsecs / 86400);
my $totalhours = int($totalsecs / 3600);
my $hours = $totalhours % 24;
my $totalmins = int($totalsecs / 60);
my $mins = $totalmins % 60;
my $secs = $totalsecs % 60;
return "${days}d ${hours}h ${mins}m ${secs}s";
}
sub validip
{
my $ip = $_[0];
if (!($ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/)) {
return 0; }
else
{
my @octets = ($1, $2, $3, $4);
foreach $_ (@octets)
{
if (/^0./) {
return 0; }
if ($_ < 0 || $_ > 255) {
return 0; }
}
return 1;
}
}
sub validmask
{
my $mask = $_[0];
# secord part an ip?
if (&validip($mask)) {
return 1; }
# second part a number?
if (/^0/) {
return 0; }
if (!($mask =~ /^\d+$/)) {
return 0; }
if ($mask >= 0 && $mask <= 32) {
return 1; }
return 0;
}
sub validipormask
{
my $ipormask = $_[0];
# see if it is a IP only.
if (&validip($ipormask)) {
return 1; }
# split it into number and mask.
if (!($ipormask =~ /^(.*?)\/(.*?)$/)) {
return 0; }
my $ip = $1;
my $mask = $2;
# first part not a ip?
if (!(&validip($ip))) {
return 0; }
return &validmask($mask);
}
sub validipandmask
{
my $ipandmask = $_[0];
# split it into number and mask.
if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) {
return 0; }
my $ip = $1;
my $mask = $2;
# first part not a ip?
if (!(&validip($ip))) {
return 0; }
return &validmask($mask);
}
sub validport
{
$_ = $_[0];
if (!/^\d+$/) {
return 0; }
if (/^0./) {
return 0; }
if ($_ >= 1 && $_ <= 65535) {
return 1; }
return 0;
}
sub validmac
{
my $checkmac = $_[0];
my $ot = '[0-9a-f]{2}'; # 2 Hex digits (one octet)
if ($checkmac !~ /^$ot:$ot:$ot:$ot:$ot:$ot$/i)
{
return 0;
}
return 1;
}
sub validhostname
{
# Checks a hostname against RFC1035
my $hostname = $_[0];
# Each part should be at least two characters in length
# but no more than 63 characters
if (length ($hostname) < 1 || length ($hostname) > 63) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
if ($hostname !~ /^[a-zA-Z0-9-]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
return 1;
}
sub validdomainname
{
my $part;
# Checks a domain name against RFC1035
my $domainname = $_[0];
my @parts = split (/\./, $domainname); # Split hostname at the '.'
foreach $part (@parts) {
# Each part should be at least two characters in length
# but no more than 63 characters
if (length ($part) < 2 || length ($part) > 63) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
if ($part !~ /^[a-zA-Z0-9-]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($part, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
}
return 1;
}
sub validfqdn
{
my $part;
# Checks a fully qualified domain name against RFC1035
my $fqdn = $_[0];
my @parts = split (/\./, $fqdn); # Split hostname at the '.'
if (scalar(@parts) < 2) { # At least two parts should
return 0;} # exist in a FQDN
# (i.e. hostname.domain)
foreach $part (@parts) {
# Each part should be at least one character in length
# but no more than 63 characters
if (length ($part) < 1 || length ($part) > 63) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
if ($part !~ /^[a-zA-Z0-9-]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($part, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
# Last character can only be a letter or a digit
if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}
}
return 1;
}
sub validportrange # used to check a port range
{
my $port = $_[0]; # port values
$port =~ tr/-/:/; # replace all - with colons just in case someone used -
my $srcdst = $_[1]; # is it a source or destination port
if (!($port =~ /^(\d+)\:(\d+)$/)) {
if (!(&validport($port))) {
if ($srcdst eq 'src'){
return $Lang::tr{'source port numbers'};
} else {
return $Lang::tr{'destination port numbers'};
}
}
}
else
{
my @ports = ($1, $2);
if ($1 >= $2){
if ($srcdst eq 'src'){
return $Lang::tr{'bad source range'};
} else {
return $Lang::tr{'bad destination range'};
}
}
foreach $_ (@ports)
{
if (!(&validport($_))) {
if ($srcdst eq 'src'){
return $Lang::tr{'source port numbers'};
} else {
return $Lang::tr{'destination port numbers'};
}
}
}
return;
}
}
# Test if IP is within a subnet
# Call: IpInSubnet (Addr, Subnet, Subnet Mask)
# Subnet can be an IP of the subnet: 10.0.0.0 or 10.0.0.1
# Everything in dottted notation
# Return: TRUE/FALSE
sub IpInSubnet
{
my $ip = unpack('N', &Socket::inet_aton(shift));
my $start = unpack('N', &Socket::inet_aton(shift));
my $mask = unpack('N', &Socket::inet_aton(shift));
$start &= $mask; # base of subnet...
my $end = $start + ~$mask;
return (($ip >= $start) && ($ip <= $end));
}
sub validemail {
my $mail = shift;
return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ );
return 0 if ( $mail =~ /^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/);
return 0 if ( $mail !~ /([0-9a-zA-Z]{1})\@./ );
return 0 if ( $mail !~ /.\@([0-9a-zA-Z]{1})/ );
return 0 if ( $mail =~ /.\.\-.|.\-\..|.\.\..|.\-\-./g );
return 0 if ( $mail =~ /.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./g );
return 0 if ( $mail !~ /\.([a-zA-Z]{2,4})$/ );
return 1;
}
sub readhasharray {
my ($filename, $hash) = @_;
%$hash = ();
open(FILE, $filename) or die "Unable to read file $filename";
while (<FILE>) {
my ($key, $rest, @temp);
chomp;
($key, $rest) = split (/,/, $_, 2);
if ($key =~ /^[0-9]+$/ && $rest) {
@temp = split (/,/, $rest);
$hash->{$key} = \@temp;
}
}
close FILE;
return;
}
sub writehasharray {
my ($filename, $hash) = @_;
my ($key, @temp, $i);
open(FILE, ">$filename") or die "Unable to write to file $filename";
foreach $key (keys %$hash) {
if ( $hash->{$key} ) {
print FILE "$key";
foreach $i (0 .. $#{$hash->{$key}}) {
print FILE ",$hash->{$key}[$i]";
}
}
print FILE "\n";
}
close FILE;
return;
}
sub findhasharraykey {
foreach my $i (1 .. 1000000) {
if ( ! exists $_[0]{$i}) {
return $i;
}
}
}
sub srtarray
# Darren Critchley - darrenc@telus.net - (c) 2003
# &srtarray(SortOrder, AlphaNumeric, SortDirection, ArrayToBeSorted)
# This subroutine will take the following parameters:
# ColumnNumber = the column which you want to sort on, starts at 1
# AlphaNumberic = a or n (lowercase) defines whether the sort should be alpha or numberic
# SortDirection = asc or dsc (lowercase) Ascending or Descending sort
# ArrayToBeSorted = the array that wants sorting
#
# Returns an array that is sorted to your specs
#
# If SortOrder is greater than the elements in array, then it defaults to the first element
#
{
my ($colno, $alpnum, $srtdir, @tobesorted) = @_;
my @tmparray;
my @srtedarray;
my $line;
my $newline;
my $ctr;
my $ttlitems = scalar @tobesorted; # want to know the number of rows in the passed array
if ($ttlitems < 1){ # if no items, don't waste our time lets leave
return (@tobesorted);
}
my @tmp = split(/\,/,$tobesorted[0]);
$ttlitems = scalar @tmp; # this should be the number of elements in each row of the passed in array
# Darren Critchley - validate parameters
if ($colno > $ttlitems){$colno = '1';}
$colno--; # remove one from colno to deal with arrays starting at 0
if($colno < 0){$colno = '0';}
if ($alpnum ne '') { $alpnum = lc($alpnum); } else { $alpnum = 'a'; }
if ($srtdir ne '') { $srtdir = lc($srtdir); } else { $srtdir = 'src'; }
foreach $line (@tobesorted)
{
chomp($line);
if ($line ne '') {
my @temp = split(/\,/,$line);
# Darren Critchley - juggle the fields so that the one we want to sort on is first
my $tmpholder = $temp[0];
$temp[0] = $temp[$colno];
$temp[$colno] = $tmpholder;
$newline = "";
for ($ctr=0; $ctr < $ttlitems ; $ctr++) {
$newline=$newline . $temp[$ctr] . ",";
}
chop($newline);
push(@tmparray,$newline);
}
}
if ($alpnum eq 'n') {
@tmparray = sort {$a <=> $b} @tmparray;
} else {
@tmparray = (sort @tmparray);
}
foreach $line (@tmparray)
{
chomp($line);
if ($line ne '') {
my @temp = split(/\,/,$line);
my $tmpholder = $temp[0];
$temp[0] = $temp[$colno];
$temp[$colno] = $tmpholder;
$newline = "";
for ($ctr=0; $ctr < $ttlitems ; $ctr++){
$newline=$newline . $temp[$ctr] . ",";
}
chop($newline);
push(@srtedarray,$newline);
}
}
if ($srtdir eq 'dsc') {
@tmparray = reverse(@srtedarray);
return (@tmparray);
} else {
return (@srtedarray);
}
}
sub FetchPublicIp {
my %proxysettings;
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
}
my ($out, $response) = Net::SSLeay::get_http( 'checkip.dyndns.org',
80,
"/",
Net::SSLeay::make_headers('User-Agent' => 'Ipcop' )
);
if ($response =~ m%HTTP/1\.. 200 OK%) {
$out =~ /Current IP Address: (\d+.\d+.\d+.\d+)/;
return $1;
}
return '';
}
#
# Check if hostname.domain provided have IP provided
# use gethostbyname to verify that
# Params:
# IP
# hostname
# domain
# Output
# 1 IP matches host.domain
# 0 not in sync
#
sub DyndnsServiceSync ($;$;$) {
my ($ip,$hostName,$domain) = @_;
my @addresses;
#fix me no ip GROUP, what is the name ?
$hostName =~ s/$General::noipprefix//;
if ($hostName) { #may be empty
$hostName = "$hostName.$domain";
@addresses = gethostbyname($hostName);
}
if ($addresses[0] eq '') { # nothing returned ?
$hostName = $domain; # try resolving with domain only
@addresses = gethostbyname($hostName);
}
if ($addresses[0] ne '') { # got something ?
#&General::log("name:$addresses[0], alias:$addresses[1]");
# Build clear text list of IP
@addresses = map ( &Socket::inet_ntoa($_), @addresses[4..$#addresses]);
if (grep (/$ip/, @addresses)) {
return 1;
}
}
return 0;
}
#
# This sub returns the red IP used to compare in DyndnsServiceSync
#
sub GetDyndnsRedIP {
my %settings;
&General::readhash("${General::swroot}/ddns/settings", \%settings);
open(IP, "${General::swroot}/red/local-ipaddress") or return 'unavailable';
my $ip = <IP>;
close(IP);
chomp $ip;
if (&General::IpInSubnet ($ip,'10.0.0.0','255.0.0.0') ||
&General::IpInSubnet ($ip,'172.16.0.0.','255.240.0.0') ||
&General::IpInSubnet ($ip,'192.168.0.0','255.255.0.0'))
{
if ($settings{'BEHINDROUTER'} eq 'FETCH_IP') {
my $RealIP = &General::FetchPublicIp;
$ip = (&General::validip ($RealIP) ? $RealIP : 'unavailable');
}
}
return $ip;
}
1;

24
config/cfgroot/header-menu.pl Normal file
View File

@@ -0,0 +1,24 @@
sub genmenu
{
... snip ...
if ( ! -e "${General::swroot}/proxy/enable" && ! -e "${General::swroot}/proxy/enable_blue" ) {
splice (@{$menu{'2.status'}{'subMenu'}}, 4, 1);
splice (@{$menu{'7.mainlogs'}{'subMenu'}}, 2, 1);
}
# Read additionnal menus entry
# this have to be hardened and accepted. To be extended.
opendir (DIR, "${General::swroot}/addon-menu");
while (my $menuitem = readdir (DIR)) {
if ( $menuitem =~ /^menu\.([1-6]\..*)\..*/) { #model is "menu.(N.submenu).filename"
my $submenu = $1;
open (FILE,"${General::swroot}/addon-menu/$menuitem") or die;
while (my $text = <FILE>) { # file may content many entry
splice (@{$menu{$submenu}{'subMenu'}} ,-1,0, [ eval($text) ] );
}
close (FILE);
}
}
closedir (DIR);
}

823
config/cfgroot/header.pl Normal file
View File

@@ -0,0 +1,823 @@
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The SmoothWall Team
# Copyright (C) 2002 Alex Hudson - getcgihash() rewrite
# Copyright (C) 2002 Bob Grant <bob@cache.ucr.edu> - validmac()
# Copyright (c) 2002/04/13 Steve Bootes - add alias section, helper functions
# Copyright (c) 2002/08/23 Mark Wormgoor <mark@wormgoor.com> validfqdn()
# Copyright (c) 2003/09/11 Darren Critchley <darrenc@telus.net> srtarray()
#
# $Id: header.pl,v 1.34.2.67 2005/10/03 20:01:05 gespinasse Exp $
#
package Header;
use strict;
use CGI();
use Time::Local;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
$Header::pagecolour = '#ffffff'; # never used, will be removed
$Header::tablecolour = '#FFFFFF'; # never used, will be removed
$Header::bigboxcolour = '#F6F4F4'; # never used, will be removed
$Header::boxcolour = '#EAE9EE'; # only header.pl, ? move in css ?
$Header::bordercolour = '#000000'; # never used, will be removed
$Header::table1colour = '#C0C0C0';
$Header::table2colour = '#F2F2F2';
$Header::colourred = '#993333';
$Header::colourorange = '#FF9933';
$Header::colouryellow = '#FFFF00';
$Header::colourgreen = '#339933';
$Header::colourblue = '#333399';
$Header::colourfw = '#000000'; # only connections.cgi
$Header::colourvpn = '#990099'; # only connections.cgi
$Header::colourerr = '#FF0000'; # only header.pl, many scripts use colourred for warnings messages
$Header::viewsize = 150;
my %menu = ();
my $hostnameintitle = 0;
our $javascript = 1;
### Initialize menu
sub genmenu
{
### Initialize environment
my %ethsettings = ();
&General::readhash("${General::swroot}/ethernet/settings", \%ethsettings);
%{$menu{'1.system'}}=(
'contents' => $Lang::tr{'alt system'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'alt system'}",
'subMenu' => [[ $Lang::tr{'alt home'} , '/cgi-bin/index.cgi', "IPCop $Lang::tr{'alt home'}" ],
[ $Lang::tr{'updates'} , '/cgi-bin/updates.cgi', "IPCop $Lang::tr{'updates'}" ],
[ $Lang::tr{'sspasswords'} , '/cgi-bin/changepw.cgi', "IPCop $Lang::tr{'sspasswords'}" ],
[ $Lang::tr{'ssh access'} , '/cgi-bin/remote.cgi', "IPCop $Lang::tr{'ssh access'}" ],
[ $Lang::tr{'gui settings'} , '/cgi-bin/gui.cgi', "IPCop $Lang::tr{'gui settings'}" ],
[ $Lang::tr{'backup'} , '/cgi-bin/backup.cgi', "IPCop $Lang::tr{'backup'} / $Lang::tr{'restore'}" ],
[ $Lang::tr{'shutdown'} , '/cgi-bin/shutdown.cgi', "IPCop $Lang::tr{'shutdown'} / $Lang::tr{'reboot'}" ],
[ $Lang::tr{'credits'} , '/cgi-bin/credits.cgi', "IPCop $Lang::tr{'credits'}" ]]
);
%{$menu{'2.status'}}=(
'contents' => $Lang::tr{'status'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'status information'}",
'subMenu' => [[ $Lang::tr{'sssystem status'} , '/cgi-bin/status.cgi', "IPCop $Lang::tr{'system status information'}" ],
[ $Lang::tr{'ssnetwork status'} , '/cgi-bin/netstatus.cgi', "IPCop $Lang::tr{'network status information'}" ],
[ $Lang::tr{'system graphs'} , '/cgi-bin/graphs.cgi', "IPCop $Lang::tr{'system graphs'}" ],
[ $Lang::tr{'sstraffic graphs'} , '/cgi-bin/graphs.cgi?graph=network', "IPCop $Lang::tr{'network traffic graphs'}" ],
[ $Lang::tr{'ssproxy graphs'} , '/cgi-bin/proxygraphs.cgi', "IPCop $Lang::tr{'proxy access graphs'}" ],
[ $Lang::tr{'connections'} , '/cgi-bin/connections.cgi', "IPCop $Lang::tr{'connections'}" ]]
);
%{$menu{'3.network'}}=(
'contents' => $Lang::tr{'network'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'network configuration'}",
'subMenu' => [[ $Lang::tr{'alt dialup'} , '/cgi-bin/pppsetup.cgi', "IPCop $Lang::tr{'dialup settings'}" ],
[ $Lang::tr{'upload'} , '/cgi-bin/upload.cgi', $Lang::tr{'firmware upload'} ],
[ $Lang::tr{'modem'} , '/cgi-bin/modem.cgi', "IPCop $Lang::tr{'modem configuration'}" ],
[ $Lang::tr{'aliases'} , '/cgi-bin/aliases.cgi', "IPCop $Lang::tr{'external aliases configuration'}" ]]
);
%{$menu{'4.services'}}=(
'contents' => $Lang::tr{'alt services'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'alt services'}",
'subMenu' => [[ $Lang::tr{'proxy'} , '/cgi-bin/proxy.cgi', "IPCop $Lang::tr{'web proxy configuration'}" ],
[ $Lang::tr{'dhcp server'} , '/cgi-bin/dhcp.cgi', "IPCop $Lang::tr{'dhcp configuration'}" ],
[ $Lang::tr{'dynamic dns'} , '/cgi-bin/ddns.cgi', "IPCop $Lang::tr{'dynamic dns client'}" ],
[ $Lang::tr{'edit hosts'} , '/cgi-bin/hosts.cgi', "IPCop $Lang::tr{'host configuration'}" ],
[ $Lang::tr{'time server'} , '/cgi-bin/time.cgi', "IPCop $Lang::tr{'time server'}" ],
[ $Lang::tr{'traffic shaping'} , '/cgi-bin/shaping.cgi', "IPCop $Lang::tr{'traffic shaping settings'}" ],
[ $Lang::tr{'intrusion detection'} , '/cgi-bin/ids.cgi', "IPCop $Lang::tr{'intrusion detection system'} (Snort)" ]]
);
%{$menu{'5.firewall'}}=(
'contents' => $Lang::tr{'firewall'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'firewall'}",
'subMenu' => [[ $Lang::tr{'ssport forwarding'} , '/cgi-bin/portfw.cgi', "IPCop $Lang::tr{'port forwarding configuration'}" ],
[ $Lang::tr{'external access'} , '/cgi-bin/xtaccess.cgi', "IPCop $Lang::tr{'external access configuration'}" ],
[ $Lang::tr{'ssdmz pinholes'} , '/cgi-bin/dmzholes.cgi', "IPCop $Lang::tr{'dmz pinhole configuration'}" ],
[ $Lang::tr{'blue access'} , '/cgi-bin/wireless.cgi', "IPCop $Lang::tr{'blue access'}" ]
,[ $Lang::tr{'options fw'} , '/cgi-bin/optionsfw.cgi', "IPCop $Lang::tr{'options fw'}" ]
]
);
%{$menu{'6.vpns'}}=(
'contents' => $Lang::tr{'alt vpn'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'virtual private networking'}",
'subMenu' => [[ $Lang::tr{'alt vpn'} , '/cgi-bin/vpnmain.cgi', "IPCop $Lang::tr{'virtual private networking'}"]]
);
%{$menu{'7.mainlogs'}}=(
'contents' => $Lang::tr{'alt logs'},
'uri' => '',
'statusText' => "IPCop $Lang::tr{'alt logs'}",
'subMenu' => [[ $Lang::tr{'log settings'} , '/cgi-bin/logs.cgi/config.dat', "IPCop $Lang::tr{'log settings'}" ],
[ $Lang::tr{'log summary'} , '/cgi-bin/logs.cgi/summary.dat', "IPCop $Lang::tr{'log summary'}" ],
[ $Lang::tr{'proxy logs'} , '/cgi-bin/logs.cgi/proxylog.dat', "IPCop $Lang::tr{'proxy log viewer'}" ],
[ $Lang::tr{'firewall logs'} , '/cgi-bin/logs.cgi/firewalllog.dat', "IPCop $Lang::tr{'firewall log viewer'}" ],
[ $Lang::tr{'ids logs'} , '/cgi-bin/logs.cgi/ids.dat', "IPCop $Lang::tr{'intrusion detection system log viewer'}" ],
[ $Lang::tr{'system logs'} , '/cgi-bin/logs.cgi/log.dat', "IPCop $Lang::tr{'system log viewer'}" ]]
);
if (! $ethsettings{'BLUE_DEV'}) {
splice (@{$menu{'5.firewall'}{'subMenu'}}, 3, 1);
}
if (! $ethsettings{'BLUE_DEV'} && ! $ethsettings{'ORANGE_DEV'}) {
splice (@{$menu{'5.firewall'}{'subMenu'}}, 2, 1);
}
unless ( $ethsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/ && $ethsettings{'RED_TYPE'} eq 'STATIC' ) {
splice (@{$menu{'3.network'}{'subMenu'}}, 3, 1);
}
if ( ! -e "${General::swroot}/snort/enable" && ! -e "${General::swroot}/snort/enable_blue" &&
! -e "${General::swroot}/snort/enable_green" && ! -e "${General::swroot}/snort/enable_orange") {
splice (@{$menu{'7.mainlogs'}{'subMenu'}}, 4, 1);
}
if ( ! -e "${General::swroot}/proxy/enable" && ! -e "${General::swroot}/proxy/enable_blue" ) {
splice (@{$menu{'2.status'}{'subMenu'}}, 4, 1);
splice (@{$menu{'7.mainlogs'}{'subMenu'}}, 2, 1);
}
}
sub showhttpheaders
{
### Make sure this is an SSL request
if ($ENV{'SERVER_ADDR'} && $ENV{'HTTPS'} ne 'on') {
print "Status: 302 Moved\r\n";
print "Location: https://$ENV{'SERVER_ADDR'}:445/$ENV{'PATH_INFO'}\r\n\r\n";
exit 0;
} else {
print "Pragma: no-cache\n";
print "Cache-control: no-cache\n";
print "Connection: close\n";
print "Content-type: text/html\n\n";
}
}
sub showjsmenu
{
my $c1 = 1;
print " <script type='text/javascript'>\n";
print " domMenu_data.setItem('domMenu_main', new domMenu_Hash(\n";
foreach my $k1 ( sort keys %menu ) {
my $c2 = 1;
if ($c1 > 1) {
print " ),\n";
}
print " $c1, new domMenu_Hash(\n";
print "\t'contents', '" . &cleanhtml($menu{$k1}{'contents'}) . "',\n";
print "\t'uri', '$menu{$k1}{'uri'}',\n";
$menu{$k1}{'statusText'} =~ s/'/\\\'/g;
print "\t'statusText', '$menu{$k1}{'statusText'}',\n";
foreach my $k2 ( @{$menu{$k1}{'subMenu'}} ) {
print "\t $c2, new domMenu_Hash(\n";
print "\t\t'contents', '" . &cleanhtml(@{$k2}[0]) . "',\n";
print "\t\t'uri', '@{$k2}[1]',\n";
@{$k2}[2] =~ s/'/\\\'/g;
print "\t\t'statusText', '@{$k2}[2]'\n";
if ( $c2 <= $#{$menu{$k1}{'subMenu'}} ) {
print "\t ),\n";
} else {
print "\t )\n";
}
$c2++;
}
$c1++;
}
print " )\n";
print " ));\n\n";
print <<EOF
domMenu_settings.setItem('domMenu_main', new domMenu_Hash(
'menuBarWidth', '0%',
'menuBarClass', 'ipcop_menuBar',
'menuElementClass', 'ipcop_menuElement',
'menuElementHoverClass', 'ipcop_menuElementHover',
'menuElementActiveClass', 'ipcop_menuElementHover',
'subMenuBarClass', 'ipcop_subMenuBar',
'subMenuElementClass', 'ipcop_subMenuElement',
'subMenuElementHoverClass', 'ipcop_subMenuElementHover',
'subMenuElementActiveClass', 'ipcop_subMenuElementHover',
'subMenuMinWidth', 'auto',
'distributeSpace', false,
'openMouseoverMenuDelay', 0,
'openMousedownMenuDelay', 0,
'closeClickMenuDelay', 0,
'closeMouseoutMenuDelay', -1
));
</script>
EOF
;
}
sub showmenu
{
if ($javascript) {print "<noscript>";}
print "<table cellpadding='0' cellspacing='0' border='0'>\n";
print "<tr>\n";
foreach my $k1 ( sort keys %menu ) {
print "<td class='ipcop_menuElementTD'><a href='" . @{@{$menu{$k1}{'subMenu'}}[0]}[1] . "' class='ipcop_menuElementNoJS'>";
print $menu{$k1}{'contents'} . "</a></td>\n";
}
print "</tr></table>\n";
if ($javascript) {print "</noscript>";}
}
sub showsubsection
{
my $location = $_[0];
my $c1 = 0;
if ($javascript) {print "<noscript>";}
print "<table width='100%' cellspacing='0' cellpadding='5' border='0'>\n";
print "<tr><td style='background-color: $Header::boxcolour;' width='53'><img src='/images/null.gif' width='43' height='1' alt='' /></td>\n";
print "<td style='background-color: $Header::boxcolour;' align='left' width='100%'>";
my @URI=split ('\?', $ENV{'REQUEST_URI'} );
foreach my $k1 ( keys %menu ) {
if ($menu{$k1}{'contents'} eq $location) {
foreach my $k2 ( @{$menu{$k1}{'subMenu'}} ) {
if ($c1 > 0) {
print " | ";
}
if (@{$k2}[1] eq "$URI[0]\?$URI[1]" || (@{$k2}[1] eq $URI[0] && length($URI[1]) == 0)) {
#if (@{$k2}[1] eq "$URI[0]") {
print "<b>@{$k2}[0]</b>";
} else {
print "<a href='@{$k2}[1]'>@{$k2}[0]</a>";
}
$c1++;
}
}
}
print "</td></tr></table>\n";
if ($javascript) { print "</noscript>";}
}
sub openpage
{
my $title = $_[0];
my $menu = $_[1];
my $extrahead = $_[2];
### Initialize environment
my %settings = ();
&General::readhash("${General::swroot}/main/settings", \%settings);
if ($settings{'JAVASCRIPT'} eq 'off') {
$javascript = 0;
} else {
$javascript = 1;
}
if ($settings{'WINDOWWITHHOSTNAME'} eq 'on') {
$hostnameintitle = 1;
} else {
$hostnameintitle = 0;
}
print <<END
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
END
;
print " <title>";
if ($hostnameintitle) {
print "$settings{'HOSTNAME'}.$settings{'DOMAINNAME'} - $title";
} else {
print "IPCop - $title";
}
print "</title>\n";
print <<END
$extrahead
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="shortcut icon" href="/favicon.ico" />
<style type="text/css">\@import url(/include/ipcop.css);</style>
END
;
if ($javascript) {
print "<script type='text/javascript' src='/include/domMenu.js'></script>\n";
&genmenu();
&showjsmenu();
} else {
&genmenu();
}
my $location = '';
my $sublocation = '';
my @URI=split ('\?', $ENV{'REQUEST_URI'} );
foreach my $k1 ( keys %menu ) {
my $temp = $menu{$k1}{'contents'};
foreach my $k2 ( @{$menu{$k1}{'subMenu'}} ) {
if ( @{$k2}[1] eq $URI[0] ) {
$location = $temp;
$sublocation = @{$k2}[0];
}
}
}
my @cgigraphs = split(/graph=/,$ENV{'QUERY_STRING'});
if (defined ($cgigraphs[1])){
if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|network)/) {
$location = $Lang::tr{'status'};
$sublocation = $Lang::tr{'sstraffic graphs'};
}
if ($cgigraphs[1] =~ /(cpu|memory|swap|disk)/) {
$location = $Lang::tr{'status'};
$sublocation = $Lang::tr{'system graphs'};
}
}
if ($ENV{'QUERY_STRING'} =~ /(ip)/) {
$location = $Lang::tr{'alt logs'};
$sublocation = "WHOIS";
}
if ($javascript) {
print <<END
<script type="text/javascript">
document.onmouseup = function()
{
domMenu_deactivate('domMenu_main');
}
</script>
</head>
<body onload="domMenu_activate('domMenu_main');">
END
;
} else {
print "</head>\n\n<body>\n";
}
print <<END
<!-- IPCOP HEADER -->
<table width='100%' cellpadding='0' cellspacing='0'>
<col width='53' />
<col />
<tr><td><img src='/images/null.gif' width='53' height='27' alt='' /></td>
<td valign='bottom'><table width='100%' cellspacing='0' border='0'>
<col width='5' />
<col width='175' />
<col />
<tr><td><img src='/images/null.gif' width='5' height='1' alt='' /></td>
<td class="ipcop_menuLocationMain" valign='bottom'>$location</td>
<td class="ipcop_menuLocationSub" valign='bottom'>$sublocation</td>
</tr></table>
</td></tr>
<tr><td valign='bottom' class='ipcop_Version'>
<img src='/images/null.gif' width='1' height='29' alt='' />${General::version}</td>
<td valign='bottom'>
END
;
if ($menu == 1) {
if ($javascript) {
print "<div id='domMenu_main'></div>\n";
}
&showmenu();
}
print " </td></tr></table>\n";
&showsubsection($location);
print "<!-- IPCOP CONTENT -->\n";
}
sub closepage
{
print <<END
<!-- IPCOP FOOTER -->
<table width='100%' border='0'>
<tr><td valign='bottom'><img src='/images/bounceback.png' width='248' height='80' alt='' /></td>
<td align='center' valign='bottom'>
END
;
my $status = &connectionstatus();
print "$status<br />\n";
print `/usr/bin/uptime`;
print <<END
</td>
<td valign='bottom'><a href='http://sf.net/projects/ipcop/' target='_blank'><img src='/images/sflogo.png' width='88' height='31' alt='Sourceforge logo' /></a></td>
</tr></table>
</body></html>
END
;
}
sub openbigbox
{
my $width = $_[0];
my $align = $_[1];
my $sideimg = $_[2];
my $errormessage = $_[3];
my $bgcolor;
if ($errormessage) {
$bgcolor = "style='background-color: $Header::colourerr;'";
} else {
$bgcolor = '';
}
print "<table width='100%' border='0'>\n";
if ($sideimg) {
print "<tr><td valign='top'><img src='/images/$sideimg' width='65' height='345' alt='' /></td>\n";
} else {
print "<tr>\n";
}
print "<td valign='top' align='center'><table width='$width' $bgcolor cellspacing='0' cellpadding='10' border='0'>\n";
print "<tr><td><img src='/images/null.gif' width='1' height='365' alt='' /></td>\n";
print "<td align='$align' valign='top'>\n";
}
sub closebigbox
{
print "</td></tr></table></td></tr></table>\n"
}
sub openbox
{
my $width = $_[0];
my $align = $_[1];
my $caption = $_[2];
print <<END
<table cellspacing="0" cellpadding="0" width="$width" border="0">
<col width='12' />
<col width='18' />
<col width='100%' />
<col width='152' />
<col width='11' />
<tr><td width='12' ><img src='/images/null.gif' width='12' height='1' alt='' /></td>
<td width='18' ><img src='/images/null.gif' width='18' height='1' alt='' /></td>
<td width='100%'><img src='/images/null.gif' width='400' height='1' alt='' /></td>
<td width='152' ><img src='/images/null.gif' width='152' height='1' alt='' /></td>
<td width='11' ><img src='/images/null.gif' width='11' height='1' alt='' /></td></tr>
<tr><td colspan='2' ><img src='/images/boxtop1.png' width='30' height='53' alt='' /></td>
<td style='background: url(/images/boxtop2.png);'>
END
;
if ($caption) { print "<b>$caption</b>\n"; } else { print "&nbsp;"; }
print <<END
</td>
<td colspan='2'><img src='/images/boxtop3.png' width='163' height='53' alt='' /></td></tr>
<tr><td style='background: url(/images/boxleft.png);'><img src='/images/null.gif' width='12' height='1' alt='' /></td>
<td colspan='3' style='background-color: $Header::boxcolour;'>
<table width='100%' cellpadding='5'><tr><td align="$align" valign='top'>
END
;
}
sub closebox
{
print <<END
</td></tr></table></td>
<td style='background: url(/images/boxright.png);'><img src='/images/null.gif' width='11' height='1' alt='' /></td></tr>
<tr><td style='background: url(/images/boxbottom1.png);background-repeat:no-repeat;'><img src='/images/null.gif' width='12' height='14' alt='' /></td>
<td style='background: url(/images/boxbottom2.png);background-repeat:repeat-x;' colspan='3'><img src='/images/null.gif' width='1' height='14' alt='' /></td>
<td style='background: url(/images/boxbottom3.png);background-repeat:no-repeat;'><img src='/images/null.gif' width='11' height='14' alt='' /></td></tr>
</table>
END
;
}
sub getcgihash {
my ($hash, $params) = @_;
my $cgi = CGI->new ();
return if ($ENV{'REQUEST_METHOD'} ne 'POST');
if (!$params->{'wantfile'}) {
$CGI::DISABLE_UPLOADS = 1;
$CGI::POST_MAX = 512 * 1024;
} else {
$CGI::POST_MAX = 10 * 1024 * 1024;
}
$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
my $referer = $1;
$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
my $servername = $1;
return if ($referer ne $servername);
### Modified for getting multi-vars, split by |
my %temp = $cgi->Vars();
foreach my $key (keys %temp) {
$hash->{$key} = $temp{$key};
$hash->{$key} =~ s/\0/|/g;
$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
}
if (($params->{'wantfile'})&&($params->{'filevar'})) {
$hash->{$params->{'filevar'}} = $cgi->upload
($params->{'filevar'});
}
return;
}
sub cleanhtml
{
my $outstring =$_[0];
$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
$outstring =~ s/&/&amp;/g;
$outstring =~ s/\'/&#039;/g;
$outstring =~ s/\"/&quot;/g;
$outstring =~ s/</&lt;/g;
$outstring =~ s/>/&gt;/g;
return $outstring;
}
sub connectionstatus
{
my %pppsettings = ();
my %netsettings = ();
my $iface='';
$pppsettings{'PROFILENAME'} = 'None';
&General::readhash("${General::swroot}/ppp/settings", \%pppsettings);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
my $profileused='';
if ( ! ( $netsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/ && $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ ) ) {
$profileused="- $pppsettings{'PROFILENAME'}";
}
if ( ( $pppsettings{'METHOD'} eq 'DHCP' && $netsettings{'RED_TYPE'} ne 'PPTP')
|| $netsettings{'RED_TYPE'} eq 'DHCP' ) {
if (open(IFACE, "${General::swroot}/red/iface")) {
$iface = <IFACE>;
close IFACE;
chomp ($iface);
$iface =~ /([a-zA-Z0-9]*)/; $iface = $1;
}
}
my ($timestr, $connstate);
if ($netsettings{'CONFIG_TYPE'} =~ /^(0|1|4|5)$/ && $pppsettings{'TYPE'} =~ /^isdn/) {
# Count ISDN channels
my ($idmap, $chmap, $drmap, $usage, $flags, $phone);
my @phonenumbers;
my $count=0;
open (FILE, "/dev/isdninfo");
$idmap = <FILE>; chop $idmap;
$chmap = <FILE>; chop $chmap;
$drmap = <FILE>; chop $drmap;
$usage = <FILE>; chop $usage;
$flags = <FILE>; chop $flags;
$phone = <FILE>; chop $phone;
$phone =~ s/^phone(\s*):(\s*)//;
@phonenumbers = split / /, $phone;
foreach (@phonenumbers) {
if ($_ ne '???') {
$count++;
}
}
close (FILE);
## Connection status
my $number;
if ($count == 0) {
$number = 'none!';
} elsif ($count == 1) {
$number = 'single';
} else {
$number = 'dual';
}
if (-e "${General::swroot}/red/active") {
$timestr = &General::age("${General::swroot}/red/active");
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connected'} - $number channel (<span class='ipcop_StatusBigRed'>$timestr</span>) $profileused</span>";
} else {
if ($count == 0) {
if (-e "${General::swroot}/red/dial-on-demand") {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'dod waiting'} $profileused</span>";
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'idle'} $profileused</span>";
}
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connecting'} $profileused</span>";
}
}
} elsif ($netsettings{'RED_TYPE'} eq "STATIC" || $pppsettings {'METHOD'} eq 'STATIC') {
if (-e "${General::swroot}/red/active") {
$timestr = &General::age("${General::swroot}/red/active");
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connected'} (<span class='ipcop_StatusBigRed'>$timestr</span>) $profileused</span>";
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'idle'} $profileused</span>";
}
} elsif ( ( (-e "${General::swroot}/dhcpc/dhcpcd-$iface.pid") && $netsettings{'RED_TYPE'} ne 'PPTP' ) ||
!system("/bin/ps -ef | /bin/grep -q '[p]ppd'") || !system("/bin/ps -ef | /bin/grep -q '[c]onnectioncheck'")) {
if (-e "${General::swroot}/red/active") {
$timestr = &General::age("${General::swroot}/red/active");
if ($pppsettings{'TYPE'} =~ /^(modem|bewanadsl|conexantpciadsl|eagleusbadsl)$/) {
my $speed;
if ($pppsettings{'TYPE'} eq 'modem') {
open(CONNECTLOG, "/var/log/connect.log");
while (<CONNECTLOG>) {
if (/CONNECT/) {
$speed = (split / /)[6];
}
}
close (CONNECTLOG);
} elsif ($pppsettings{'TYPE'} eq 'bewanadsl') {
$speed = `/usr/bin/unicorn_status | /bin/grep Rate | /usr/bin/cut -f2 -d ':'`;
} elsif ($pppsettings{'TYPE'} eq 'conexantpciadsl') {
$speed = `/bin/cat /proc/net/atm/CnxAdsl:* | /bin/grep 'Line Rates' | /bin/sed -e 's+Line Rates: Receive+Rx+' -e 's+Transmit+Tx+'`;
} elsif ($pppsettings{'TYPE'} eq 'eagleusbadsl') {
$speed = `/usr/sbin/eaglestat | /bin/grep Rate`;
}
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connected'} (<span class='ipcop_StatusBigRed'>$timestr</span>) $profileused (\@$speed)</span>";
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connected'} (<span class='ipcop_StatusBigRed'>$timestr</span>) $profileused</span>";
}
} else {
if (-e "${General::swroot}/red/dial-on-demand") {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'dod waiting'} $profileused</span>";
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'connecting'} $profileused</span>";
}
}
} else {
$connstate = "<span class='ipcop_StatusBig'>$Lang::tr{'idle'} $profileused</span>";
}
return $connstate;
}
sub speedtouchversion
{
my $speedtouch;
if (-f "/proc/bus/usb/devices")
{
$speedtouch=`/bin/cat /proc/bus/usb/devices | /bin/grep 'Vendor=06b9 ProdID=4061' | /usr/bin/cut -d ' ' -f6`;
if ($speedtouch eq '') {
$speedtouch= $Lang::tr{'connect the modem'};
}
} else {
$speedtouch='USB '.$Lang::tr{'not running'};
}
return $speedtouch
}
#Sorting of allocated leases
sub CheckSortOrder {
my %dhcpsettings = ();
&General::readhash("${General::swroot}/dhcp/settings", \%dhcpsettings);
if ($ENV{'QUERY_STRING'} =~ /^IPADDR|^ETHER|^HOSTNAME|^ENDTIME/ ) {
my $newsort=$ENV{'QUERY_STRING'};
my $act=$dhcpsettings{'SORT_LEASELIST'};
#Default sort if unspecified
$act='IPADDRRev' if !defined ($act);
#Reverse actual ?
if ($act =~ $newsort) {
my $Rev='';
if ($act !~ 'Rev') {$Rev='Rev'};
$newsort.=$Rev
};
$dhcpsettings{'SORT_LEASELIST'}=$newsort;
&General::writehash("${General::swroot}/dhcp/settings", \%dhcpsettings);
}
}
sub PrintActualLeases
{
our %dhcpsettings = ();
our %entries = ();
sub leasesort {
my $qs ='';
if (rindex ($dhcpsettings{'SORT_LEASELIST'},'Rev') != -1)
{
$qs=substr ($dhcpsettings{'SORT_LEASELIST'},0,length($dhcpsettings{'SORT_LEASELIST'})-3);
if ($qs eq 'IPADDR') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($b[0]<=>$a[0]) ||
($b[1]<=>$a[1]) ||
($b[2]<=>$a[2]) ||
($b[3]<=>$a[3]);
}else {
$entries{$b}->{$qs} cmp $entries{$a}->{$qs};
}
}
else #not reverse
{
$qs=$dhcpsettings{'SORT_LEASELIST'};
if ($qs eq 'IPADDR') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($a[0]<=>$b[0]) ||
($a[1]<=>$b[1]) ||
($a[2]<=>$b[2]) ||
($a[3]<=>$b[3]);
}else {
$entries{$a}->{$qs} cmp $entries{$b}->{$qs};
}
}
}
&Header::openbox('100%', 'left', $Lang::tr{'current dynamic leases'});
print <<END
<table width='100%'>
<tr>
<td width='25%' align='center'><a href='$ENV{'SCRIPT_NAME'}?IPADDR'><b>$Lang::tr{'ip address'}</b></a></td>
<td width='25%' align='center'><a href='$ENV{'SCRIPT_NAME'}?ETHER'><b>$Lang::tr{'mac address'}</b></a></td>
<td width='20%' align='center'><a href='$ENV{'SCRIPT_NAME'}?HOSTNAME'><b>$Lang::tr{'hostname'}</b></a></td>
<td width='30%' align='center'><a href='$ENV{'SCRIPT_NAME'}?ENDTIME'><b>$Lang::tr{'lease expires'} (local time d/m/y)</b></a></td>
</tr>
END
;
my ($ip, $endtime, $ether, $hostname, @record, $record);
open(LEASES,"/var/state/dhcp/dhcpd.leases") or die "Can't open dhcpd.leases";
while (my $line = <LEASES>) {
next if( $line =~ /^\s*#/ );
chomp($line);
my @temp = split (' ', $line);
if ($line =~ /^\s*lease/) {
$ip = $temp[1];
#All field are not necessarily read. Clear everything
$endtime = 0;
$ether = "";
$hostname = "";
} elsif ($line =~ /^\s*ends never;/) {
$endtime = 'never';
} elsif ($line =~ /^\s*ends/) {
$line =~ /(\d+)\/(\d+)\/(\d+) (\d+):(\d+):(\d+)/;
$endtime = timegm($6, $5, $4, $3, $2 - 1, $1 - 1900);
} elsif ($line =~ /^\s*hardware ethernet/) {
$ether = $temp[2];
$ether =~ s/;//g;
} elsif ($line =~ /^\s*client-hostname/) {
shift (@temp);
$hostname = join (' ',@temp);
$hostname =~ s/;//g;
$hostname =~ s/\"//g;
} elsif ($line eq "}") {
@record = ('IPADDR',$ip,'ENDTIME',$endtime,'ETHER',$ether,'HOSTNAME',$hostname);
$record = {}; # create a reference to empty hash
%{$record} = @record; # populate that hash with @record
$entries{$record->{'IPADDR'}} = $record; # add this to a hash of hashes
} #unknown format line...
}
close(LEASES);
#Get sort method
$dhcpsettings{'SORT_LEASELIST'}='IPADDR'; #default
&General::readhash("${General::swroot}/dhcp/settings", \%dhcpsettings); #or maybe saved !
my $id = 0;
foreach my $key (sort leasesort keys %entries) {
my $hostname = &Header::cleanhtml($entries{$key}->{HOSTNAME},"y");
if ($id % 2) {
print "<tr bgcolor='$Header::table1colour'>";
}
else {
print "<tr bgcolor='$Header::table2colour'>";
}
print <<END
<td align='center'>$entries{$key}->{IPADDR}</td>
<td align='center'>$entries{$key}->{ETHER}</td>
<td align='center'>&nbsp;$hostname </td>
<td align='center'>
END
;
if ($entries{$key}->{ENDTIME} eq 'never') {
print "$Lang::tr{'no time limit'}";
} else {
my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst);
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime ($entries{$key}->{ENDTIME});
my $enddate = sprintf ("%02d/%02d/%d %02d:%02d:%02d",$mday,$mon+1,$year+1900,$hour,$min,$sec);
if ($entries{$key}->{ENDTIME} < time() ){
print "<strike>$enddate</strike>";
} else {
print "$enddate";
}
}
print "</td></tr>";
$id++;
}
print "</table>";
&Header::closebox();
}
1;

61
config/cfgroot/icmptypes Normal file
View File

@@ -0,0 +1,61 @@
# ICMP Data File
#
# This file is part of the IPCop Firewall.
#
# IPCop is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# IPCop is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with IPCop; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# (c) The IPCop Team
#
# $Id: icmptypes,v 1.2 2003/12/11 11:15:33 riddles Exp $
#
# Valid ICMP types obtained through the following command
# iptables -p icmp -h
#
echo-reply (pong)
destination-unreachable
network-unreachable
host-unreachable
protocol-unreachable
port-unreachable
fragmentation-needed
source-route-failed
network-unknown
host-unknown
network-prohibited
host-prohibited
TOS-network-unreachable
TOS-host-unreachable
communication-prohibited
host-precedence-violation
precedence-cutoff
source-quench
redirect
network-redirect
host-redirect
TOS-network-redirect
TOS-host-redirect
echo-request (ping)
router-advertisement
router-solicitation
time-exceeded (ttl-exceeded)
ttl-zero-during-transit
ttl-zero-during-reassembly
parameter-problem
ip-header-bad
required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply

18
config/cfgroot/ipcop.gpg Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
mQGiBD99FiIRBADCqlOQU6VhBMHHpX9RRHF+yfAeMVtqlKryiPh/CaBwxMjZwfcD
1vKOZo0/PLsNyOO6EBTvPrAKQXKlkpl+qR2e72QhUySurVP4Ia8mvCGxIY20H73U
2X1Tu3iKs/QErtb85l3f10XVkNtdkFjJlilF1Tpen4ZWTG4Xph2Hw8pLJwCgtj1F
+Qw2oHtvgqMp3e6gtpPDNJUEAKuEQVqruNO1xoFDwvskOImBH2bLIPD+5Gw9JjGD
z/AI9h+BqNwmKrKqRH5m2QZVCPXBhA3zeCMYyMUr81jgSIbAxYz5uNKmJ+YjJ5n2
ykKX5v5OeyjC6sfH19hV3R/dTDymLeR/Wv4gH7/RcbileqbJMkzVpKZe3PY8sb3y
u8GbBACDj6bbgFJ5egNDtovU1UiMXyz9sX+/ZiyZeXsn5aH4Z/aBuucxKorPNUiz
NoHqMrfvi9EfObAY5YLzZPG47XRKIOh0Ss/qFpOXMI7y7+5sM9D74u7sUUpNSEAf
xY5GvTs0vAccNaqZ1dlhhzLpDuhAF9SWlWXaqfiKfP/tkOjk77RTSVBDb3AgRGV2
ZWxvcG1lbnQgR3JvdXAgKGh0dHA6Ly93d3cuaXBjb3Aub3JnLykgPGlwY29wLWRl
dmVsQGxpc3RzLnNvdXJjZWZvcmdlLm5ldD6IWQQTEQIAGQUCP30WIgQLBwMCAxUC
AwMWAgECHgECF4AACgkQWpntmEo7/Z6dAwCgqXmL3xxiA4J/AIvZDYy9Qx4V34kA
mgOLo6OaYw5vAlF5z6T3gNCpiAK7
=/LRw
-----END PGP PUBLIC KEY BLOCK-----

160
config/cfgroot/lang.pl Normal file
View File

@@ -0,0 +1,160 @@
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The SmoothWall Team
# Copyright (c) 2002/08/23 Mark Wormgoor <mark@wormgoor.com> Split from header.pl
#
# $Id: lang.pl,v 1.1.2.11 2005/09/10 16:22:50 eoberlander Exp $
#
package Lang;
require 'CONFIG_ROOT/general-functions.pl';
use strict;
### A cache file to avoid long recalculation
$Lang::CacheLang = '/var/run/cache-lang.pl';
# When you want to add your own language strings/entries to the ipcop language file,
# you should create a file with <PREFIX>.<LANG>.pl into CONFIG_ROOT/addon-lang dir
# <PREFIX> is free choosable but should be significant. An Example might be "myAddnName"
# <LANG> is a mnemonic of the used language like en, de, it, nl etc.
# You can find a detailed list of possible mnemonic's in the file CONFIG_ROOT/langs/list
# A file could be named "VirtualHttpd.en.pl" for example.
#
# The file content has to start with (of course without the leading #):
# --------- CODE ---------
#%tr = (%tr,
# 'key1' => 'value', # add all your entries key/values here
# 'key2' => 'value' # and end with (of course without the leading #):
#);
# --------- CODE END---------
#
# After you have copied all your files to CONFIG_ROOT/add-lang you have to run the
# script compilation:
# perl -e "require '/CONFIG_ROOT/lang.pl'; &Lang::BuildCacheLang"
### Initialize language
%Lang::tr = ();
my %settings = ();
&General::readhash("${General::swroot}/main/settings", \%settings);
reload($settings{'LANGUAGE'});
# language variable used by makegraphs script
our $language;
$language = $settings{'LANGUAGE'};
#
# Load requested language file from cachefile. If cachefile doesn't exist, build on the fly.
# (it is a developper options)
#
sub reload {
my ($LG) = @_;
%Lang::tr = (); # start with a clean array
# Use CacheLang if present & not empty.
if (-s "$Lang::CacheLang.$LG" ) {
##fix: need to put a lock_shared on it in case rebuild is active ?
do "$Lang::CacheLang.$LG";
#&General::log ("cachelang file used [$LG]");
return;
}
#&General::log("Building on the fly cachelang file for [$LG]");
do "${General::swroot}/langs/en.pl";
do "${General::swroot}/langs/$LG.pl" if ($LG ne 'en');
my $AddonDir = ${General::swroot}.'/addon-lang';
opendir (DIR, $AddonDir);
my @files = readdir (DIR);
closedir (DIR);
# default is to load english first
foreach my $file ( grep (/.*\.en.pl$/,@files)) {
do "$AddonDir/$file";
}
# read again, overwriting 'en' with choosed lang
if ($LG ne 'en') {
foreach my $file (grep (/.*\.$LG\.pl$/,@files) ) {
do "$AddonDir/$file";
}
}
}
#
# Assume this procedure is called with enough privileges.
# Merge ipcop langage file + all other extension found in addon-lang
# to build a 'cachefile' for selected language
#
sub BuildUniqueCacheLang {
my ($LG) = @_;
# Make CacheLang empty so that it won't be used by Lang::reload
open (FILE, ">$Lang::CacheLang.$LG") or return 1;
flock (FILE, 2) or return 1;
close (FILE);
# Load languages files
&Lang::reload ($LG);
# Write the unique %tr=('key'=>'value') array
open (FILE, ">$Lang::CacheLang.$LG") or return 1;
flock (FILE, 2) or return 1;
print FILE '%tr=(';
foreach my $k ( keys %Lang::tr ){
$Lang::tr{$k} =~ s/\'/\\\'/g; # quote ' => \'
print FILE "'$k' => '$Lang::tr{$k}',"; # key => value,
}
print FILE ');';
close (FILE);
# Make nobody:nobody file's owner
# Will work when called by root/rc.sysinit
chown (0,0,"$Lang::CacheLang.$LG");
chmod (0004,"$Lang::CacheLang.$LG");
return 0;
}
#
# Switch Ipcop Language for each lang then call build cachelang
#
sub BuildCacheLang {
my $AddonDir = ${General::swroot}.'/addon-lang';
# Correct permission in case addon-installer did not do it
opendir (DIR, $AddonDir);
my @files = readdir (DIR);
foreach my $file (@files) {
next if (($file eq '..') || ($file eq '.'));
chown (0,0,"$AddonDir/$file");
chmod (0004,"$AddonDir/$file");
}
closedir (DIR);
my $selected = '';;
my $missed = '';
my $error = 0;
open (LANGS, "${General::swroot}/langs/list");
while (<LANGS>) {
($selected) = split (':');
if (BuildUniqueCacheLang ($selected) == 1) {
$missed = $selected; # will try latter. Can only be the current cachelang file locked
};
}
close (LANGS);
if ($missed) { # collision with current cache lang being used ?
$error = &BuildUniqueCacheLang ($missed);
}
&General::log ("WARNING: cannot build cachelang file for [$missed].") if ($error);
return $error;
}
1;

5
config/cfgroot/logging-settings Normal file
View File

@@ -0,0 +1,5 @@
LOGVIEW_REVERSE=off
REMOTELOG_ADDR=
ENABLE_REMOTELOG=off
LOGWATCH_LEVEL=Low
LOGWATCH_KEEP=56

8
config/cfgroot/modem-defaults Normal file
View File

@@ -0,0 +1,8 @@
VALID=yes
PULSE_DIAL=ATDP
HANGUP=ATH0
INIT=+++ATZ
SPEAKER_OFF=ATM0
TIMEOUT=45
SPEAKER_ON=ATM1
TONE_DIAL=ATDT

8
config/cfgroot/modem-settings Normal file
View File

@@ -0,0 +1,8 @@
VALID=yes
PULSE_DIAL=ATDP
HANGUP=ATH0
INIT=+++ATZ
SPEAKER_OFF=ATM0
TIMEOUT=45
SPEAKER_ON=ATM1
TONE_DIAL=ATDT

292
config/cfgroot/oinkmaster.conf Normal file
View File

@@ -0,0 +1,292 @@
# $Id: oinkmaster.conf,v 1.1.2.2 2005/05/02 17:11:58 franck78 Exp $ #
# Oinkmaster is a tool to update snort rules, which allow to conserve
# a particular setting even after a rules update.
# This file is a customised version for IPCop.
# Disabling/enabling a particular rule should be made in this file.
# In case you want to use some of the rules files commented out in
# standard ipcop /etc/snort/snort.conf :
# -comment out the corresponding skipfile in this oinkmaster.conf
# -uncomment the corresponding include in /etc/snort.conf
# -save snort settings to restart snort
################################################
# General options you may want to change #
################################################
# The PATH to use during execution. If you prefer to use external
# binaries (i.e. use_external_bins=1, see below), tar and gzip must be
# found, and also wget if downloading via ftp, http or https. All with
# optional .exe suffix. If you're on Cygwin, make sure that the path
# contains the Cygwin binaries and not the native Win32 binaries or
# you will get problems.
# Assume UNIX style by default:
#path = /bin:/usr/bin:/usr/local/bin
path = /bin
# Files in the archive(s) matching this regular expression will be
# checked for changes, and then updated or added if needed.
# All other files will be ignored. You can then choose to skip
# individual files by specifying the "skipfile" keyword below.
# Normally you shouldn't need to change this one.
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
# Regexp of keywords that starts a snort rule.
# May be useful if you create your own ruletypes and want those
# lines to be regarded as rules as well.
# rule_actions = alert|drop|log|pass|reject|sdrop|activate|dynamic
#######################################################################
# Files to totally skip (i.e. never update or check for changes) #
# #
# Syntax: skipfile filename #
# or: skipfile filename1, filename2, filename3, ... #
#######################################################################
# Ignore local.rules from the rules archive by default since we might
# have put some local rules in our own local.rules and we don't want it
# to get overwritten by the empty one from the archive after each
# update.
skipfile local.rules
# The file deleted.rules contains rules that have been deleted from
# other files, so there is usually no point in updating it.
skipfile deleted.rules
# Also skip snort.conf by default since we don't want to overwrite our
# own snort.conf if we have it in the same directory as the rules. If
# you have your own production copy of snort.conf in another directory,
# it may be really nice to check for changes in this file though,
# especially since variables are sometimes added or modified and
# new/old files are included/excluded.
skipfile snort.conf
# You may want to consider ignoring threshold.conf for the same reasons
# as for snort.conf, i.e. if you customize it locally and don't want it
# to become overwritten by the default one. It may be better to put
# local thresholding/suppressing in some local file and still update
# and use the official one though, in case important stuff is added to
# it some day. We do update it by default, but it's your call.
# skipfile threshold.conf
# If you update from multiple URLs at the same time you must ignore
# the sid-msg.map (and generate it yourself if you need one) as it's
# usually included in each rules tarball. See the FAQ for more info.
# skipfile sid-msg.map
skipfile web-attacks.rules
skipfile backdoor.rules
skipfile shellcode.rules
skipfile policy.rules
skipfile porn.rules
skipfile info.rules
skipfile icmp-info.rules
skipfile virus.rules
skipfile chat.rules
skipfile multimedia.rules
skipfile p2p.rules
skipfile experimental.rules
##########################################################################
# SIDs to modify after each update (only for the skilled/stupid/brave). #
# Don't use it unless you have to. There is nothing that stops you from #
# modifying rules in such ways that they become invalid or generally #
# break things. You have been warned. #
# If you just want to disable SIDs, please skip this section and have a #
# look at the "disablesid" keyword below. #
# #
# You may specify multiple modifysid directives for the same SID (they #
# will be processed in order of appearance), and you may also specify a #
# list of SIDs on which the substitution should be applied. #
# If the argument is in the form something.something it is regarded #
# as a filename and the substitution will apply on all rules in that #
# file. The wildcard ("*") can be used to apply the substitution on all #
# rules regardless of the SID or file. Please avoid using #comments #
# at the end of modifysid lines, they may confuse the parser in some #
# situations. #
# #
# Syntax: #
# modifysid SID "replacethis" | "withthis" #
# or: #
# modifysid SID1, SID2, SID3, ... "replacethis" | "withthis" #
# or: #
# modifysid file "replacethis" | "withthis" #
# or: #
# modifysid * "replacethis" | "withthis" #
# #
# The strings within the quotes will simply be passed to a #
# s/replacethis/withthis/ statement in Perl, so they must be valid #
# regular expressions. The strings are case-sensitive and only the first #
# occurrence will be replaced. If there are multiple occurrences you #
# want to replace, simply repeat the same modifysid line. #
# #
# If you specify a modifysid statement for a multi-line rule, Oinkmaster #
# will first translate the rule into a single-line version and then #
# perform the substitution, so you don't have to care about the trailing #
# backslashes and newlines. #
# #
# If you use variables in the substitution expression, it is strongly #
# recommended to always specify them like ${varname} instead of #
# $varname (like ${1} instead of $1 for example) to avoid parsing #
# confusion in some situations. Note that modifysid statements #
# will process both active and inactive (disabled) rules. #
# #
# You may want to check out README.templates and template-examples.conf #
# to find how you can simplify the modifysid usage by using templates. #
##########################################################################
# Example to enable a rule (in this case SID 1325) that is disabled by
# default, by simply replacing leading "#alert" with "alert".
# (You should really use 'enablesid' for this though.)
# Oinkmaster removes whitespaces next to the leading "#" so you don't
# have to worry about that, but be careful about possible whitespace in
# other places when writing the regexps.
# modifysid 1325 "^#alert" | "alert"
# You could also do this to enable it no matter what type of rule it is
# (alert, log, pass, etc).
# modifysid 1325 "^#" | ""
# Example to add "tag" stuff to SID 1325.
# modifysid 1325 "sid:1325;" | "sid:1325; tag: host, src, 300, seconds;"
# Example to make SID 1378 a 'drop' rule (valid if you're running
# Snort_inline).
# modifysid 1378 "^alert" | "drop"
# Example to replace first occurrence of $EXTERNAL_NET with $HOME_NET
# in SID 302. Remember that the strings are regular expressions, so you
# must escape special characters like $.
# modifysid 302 "\$EXTERNAL_NET" | "\$HOME_NET"
# You can also specify that a substitution should apply on multiple SIDs.
# modifysid 302,429,1821 "\$EXTERNAL_NET" | "\$HOME_NET"
# You can take advantage of the fact that it's regular expressions and
# do more complex stuff. This example (for Snort_inline) adds a 'replace'
# statement to SID 1324 that replaces "/bin/sh" with "/foo/sh".
# modifysid 1324 "(content\s*:\s*"\/bin\/sh"\s*;)" | \
# "${1} replace:"\/foo\/sh";"
# If you for some reason would like to add a comment inside the actual
# rules file, like the reason why you disabled this rule, you can do
# like this (you would normally add such comments in oinkmaster.conf
# though).
# modifysid 1324 "(.+)" | "# 20020101: disabled this rule just for fun:\n#${1}"
# Here is an example that is actually useful. Let's say you don't care
# about incoming welchia pings (detected by SID 483 at the time of
# writing) but you want to know when infected hosts on your network
# scans hosts on the outside. (Remember that watching for outgoing
# malicious packets is often just as important as watching for incoming
# ones, especially in this case.) The rule currently looks like
# "alert icmp $EXTERNAL_NET any -> $HOME_NET any ..."
# but we want to switch that so it becomes
# "alert icmp $HOME_NET any -> $EXTERNAL_NET any ...".
# Here is how it could be done.
# modifysid 483 \
# "(.+) \$EXTERNAL_NET (.+) \$HOME_NET (.+)" | \
# "${1} \$HOME_NET ${2} \$EXTERNAL_NET ${3}"
# The wildcard (modifysid * ...) can be used to do all kinds of
# interesting things. The substitution expression will be applied on all
# matching rules. First, a silly example to replace "foo" with "bar" in
# all rules (that have the string "foo" in them, that is.)
# modifysid * "foo" | "bar"
# If you for some reason don't want to use the stream preprocessor to
# match established streams, you may want to replace the 'flow'
# statement with 'flags:A+;' in all those rules.
# modifysid * "flow:[a-z,_ ]+;" | "flags:A+;"
# Example to convert all rules of classtype attempted-admin to 'drop'
# rules (for Snort_inline only, obviously).
# modifysid * "^alert (.*classtype\s*:\s*attempted-admin)" | "drop ${1}"
# This one will append some text to the 'msg' string for all rules that
# have the 'tag' keyword in them.
# modifysid * "(.*msg:\s*".+?)"(\s*;.+;\s*tag:.*)" | \
# "${1}, going to tag this baby"${2}"
# There may be times when you want to replace multiple occurrences of a
# certain keyword/string in a rule and not just the first one. To
# replace the first two occurrences of "foo" with "bar" in SID 100,
# simply repeat the modifysid statement:
# modifysid 100 "foo" | "bar"
# modifysid 100 "foo" | "bar"
# Or you can even specify a SID list but repeat the same SID as many
# times as required, like:
# modifysid 100,100,100 "foo" | "bar"
# Enable all rules in the file exploit.rules.
# modifysid exploit.rules "^#" | ""
# Enable all rules in exploit.rules, icmp-info.rules and also SID 1171.
# modifysid exploit.rules, snmp.rules, 1171 "^#" | ""
########################################################################
# SIDs that we don't want to update. #
# If you for some reason don't want a specific rule to be updated #
# (e.g. you made local modifications to it and you never want to #
# update it and don't care about changes in the official version), you #
# can specify a "localsid" statement for it. This means that the old #
# version of the rule (i.e. the one in the rules file on your #
# harddrive) is always kept, regardless if the official version has #
# been updated. Please do not use this feature unless in special #
# cases as it's easy to end up with many signatures that aren't #
# maintained anymore. See the FAQ for details about this and hints #
# about better solutions regarding customization of rules. #
# #
# Syntax: localsid SID #
# or: localsid SID1, SID2, SID3, ... #
########################################################################
# Example to never update SID 1325.
# localsid 1325
########################################################################
# SIDs to enable after each update. #
# Will simply remove all the leading '#' for a specified SID (if it's #
# a multi-line rule, the leading '#' for all lines are removed.) #
# These will be processed after all the modifysid and disablesid #
# statements. Using 'enablesid' on a rule that is not disabled is a #
# NOOP. #
# #
# Syntax: enablesid SID #
# or: enablesid SID1, SID2, SID3, ... #
########################################################################
# Example to enable SID 1325.
# enablesid 1325
########################################################################
# SIDs to comment out, i.e. disable, after each update by placing a #
# '#' in front of the rule (if it's a multi-line rule, it will be put #
# in front of all lines). #
# #
# Syntax: disablesid SID #
# or: disablesid SID1, SID2, SID3, ... #
########################################################################
# You can specify one SID per line.
# disablesid 1
# disablesid 2
# disablesid 3
# And also as comma-separated lists.
# disablesid 4,5,6
# It's a good idea to also add comment about why you disable the sid:
# disablesid 1324 # 20020101: disabled this SID just because I can

162
config/cfgroot/protocols.pl Normal file
View File

@@ -0,0 +1,162 @@
# Protocols Data File
#
# This file is part of the IPCop Firewall.
#
# IPCop is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# IPCop is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with IPCop; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# (c) The IPCop Team
#
# $Id: protocols.pl,v 1.2.2.1 2005/01/26 12:23:20 riddles Exp $
#
# Generated from /etc/protocols using:
# cat /etc/protocols | grep -ve "^#" | grep -v "^$" | \
# awk '{ print "\"" $1 "\" => \"" $2 "\","}'
#
# Code supplied by Mark Wormgroor
#
package Protocols;
%protocols = (
"ip" => "0",
"icmp" => "1",
"igmp" => "2",
"ggp" => "3",
"ipencap" => "4",
"st" => "5",
"tcp" => "6",
"cbt" => "7",
"egp" => "8",
"igp" => "9",
"bbn-rcc" => "10",
"nvp" => "11",
"pup" => "12",
"argus" => "13",
"emcon" => "14",
"xnet" => "15",
"chaos" => "16",
"udp" => "17",
"mux" => "18",
"dcn" => "19",
"hmp" => "20",
"prm" => "21",
"xns-idp" => "22",
"trunk-1" => "23",
"trunk-2" => "24",
"leaf-1" => "25",
"leaf-2" => "26",
"rdp" => "27",
"irtp" => "28",
"iso-tp4" => "29",
"netblt" => "30",
"mfe-nsp" => "31",
"merit-inp" => "32",
"sep" => "33",
"3pc" => "34",
"idpr" => "35",
"xtp" => "36",
"ddp" => "37",
"idpr-cmtp" => "38",
"tp++" => "39",
"il" => "40",
"ipv6" => "41",
"sdrp" => "42",
"ipv6-route" => "43",
"ipv6-frag" => "44",
"idrp" => "45",
"rsvp" => "46",
"gre" => "47",
"mhrp" => "48",
"bna" => "49",
"ipv6-crypt" => "50",
"ipv6-auth" => "51",
"i-nlsp" => "52",
"swipe" => "53",
"narp" => "54",
"mobile" => "55",
"tlsp" => "56",
"skip" => "57",
"ipv6-icmp" => "58",
"ipv6-nonxt" => "59",
"ipv6-opts" => "60",
"cftp" => "62",
"sat-expak" => "64",
"kryptolan" => "65",
"rvd" => "66",
"ippc" => "67",
"sat-mon" => "69",
"visa" => "70",
"ipcv" => "71",
"cpnx" => "72",
"cphb" => "73",
"wsn" => "74",
"pvp" => "75",
"br-sat-mon" => "76",
"sun-nd" => "77",
"wb-mon" => "78",
"wb-expak" => "79",
"iso-ip" => "80",
"vmtp" => "81",
"secure-vmtp" => "82",
"vines" => "83",
"ttp" => "84",
"nsfnet-igp" => "85",
"dgp" => "86",
"tcf" => "87",
"eigrp" => "88",
"ospf" => "89",
"sprite-rpc" => "90",
"larp" => "91",
"mtp" => "92",
"ax.25" => "93",
"ipip" => "94",
"micp" => "95",
"scc-sp" => "96",
"etherip" => "97",
"encap" => "98",
"gmtp" => "100",
"ifmp" => "101",
"pnni" => "102",
"pim" => "103",
"aris" => "104",
"scps" => "105",
"qnx" => "106",
"a/n" => "107",
"ipcomp" => "108",
"snp" => "109",
"compaq-peer" => "110",
"ipx-in-ip" => "111",
"vrrp" => "112",
"pgm" => "113",
"l2tp" => "115",
"ddx" => "116",
"iatp" => "117",
"stp" => "118",
"srp" => "119",
"uti" => "120",
"smp" => "121",
"sm" => "122",
"ptp" => "123",
"isis" => "124",
"fire" => "125",
"crtp" => "126",
"crdup" => "127",
"sscopmce" => "128",
"iplt" => "129",
"sps" => "130",
"pipe" => "131",
"sctp" => "132",
"fc" => "133",
);

49
config/cfgroot/proxy-acl Normal file
View File

@@ -0,0 +1,49 @@
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then
# restart squid using the web interface. Changes made to the 'acl' file
# will propagate to the 'squid.conf' file at that time.
# [Scott Tregear, 22 Feb 2005]
# Uncomment the following line to enable logging of User-Agent header:
#useragent_log /var/log/squid/user_agent.log
# Uncomment the following line to enable logging of Referer header:
#referer_log /var/log/squid/referer.log
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port __PROXY_PORT__ # Squid port (for icons)
acl IPCop_http port 81
acl IPCop_https port 445
acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__
acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
acl CONNECT method CONNECT
##Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Finally allow IPCop_networks clients
http_access allow IPCop_networks
http_access deny all

7
config/cfgroot/time-settings Normal file
View File

@@ -0,0 +1,7 @@
NTP_ADDR_2=pool.ntp.org
UPDATE_PERIOD=daily
UPDATE_VALUE=1
UPDATE_METHOD=manually
ENABLENTP=off
NTP_ADDR_1=pool.ntp.org
VALID=yes

1
config/cfgroot/xtaccess-config Normal file
View File

@@ -0,0 +1 @@
tcp,0.0.0.0/0,113,on,0.0.0.0

2
config/cron/CVS/Entries Normal file
View File

@@ -0,0 +1,2 @@
/crontab/1.9.2.5/Tue Aug 16 05:39:23 2005//TIPCOP_v1_4_0
D

1
config/cron/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/cron

1
config/cron/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/cron/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

36
config/cron/crontab Normal file
View File

@@ -0,0 +1,36 @@
#
# $Id: crontab,v 1.9.2.5 2005/08/16 05:39:23 gespinasse Exp $
#
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# Log rotation
01 * * * * /usr/sbin/logrotate /etc/logrotate.conf
# Backup logs to flashdisk
01 * * * * [ -f "/etc/FLASH" ] && /etc/rc.d/rc.flash.down
# Set time
*/5 * * * * /usr/local/bin/timecheck > /dev/null 2>&1
# Summarize ip accounting info:
2 1 * * * /usr/sbin/ipacsum -r -H `/bin/hostname` -t "the day 2 days ago" >/dev/null
3 1 * * 0 /usr/sbin/ipacsum -r -H `/bin/hostname` -t "the week 4 weeks ago" >/dev/null
4 1 1 2 * /usr/sbin/ipacsum -r -H `/bin/hostname` -t "the year 2 years ago" >/dev/null
# Make some nice graphs
*/5 * * * * /usr/local/bin/makegraphs >/dev/null
# Force update the dynamic dns registration once a week
# Force update even if IP has not changed once a month if 'minimize update' selected in GUI
# to avoid account declared as dead
*/5 * * * * [ -f "/var/ipcop/red/active" ] && /usr/local/bin/setddns.pl
9 2 * * 0 [ -f "/var/ipcop/red/active" ] && /usr/local/bin/setddns.pl -f
3 2 1 * * [ -f "/var/ipcop/red/active" ] && /usr/local/bin/setddns.pl -f -m
# Logwatch
01 0 * * * /usr/local/bin/logwatch > /var/log/logwatch/`date -I -d yesterday`; \
LOGWATCH_KEEP=$(sed -ne 's/^LOGWATCH_KEEP=\([0-9]\+\)$/\1/p' /var/ipcop/logging/settings); \
find /var/log/logwatch/ -ctime +${LOGWATCH_KEEP=56} -exec rm -f '{}' ';'

18
config/etc/CVS/Entries Normal file
View File

@@ -0,0 +1,18 @@
/certparams/1.3/Thu Dec 11 11:15:33 2003//TIPCOP_v1_4_0
/fstab/1.4/Mon Mar 1 17:23:47 2004//TIPCOP_v1_4_0
/group/1.1.2.1/Sun Jun 20 14:57:21 2004//TIPCOP_v1_4_0
/host.conf/1.1/Thu Dec 11 11:15:34 2003//TIPCOP_v1_4_0
/inittab/1.6.2.1/Tue Jan 24 15:25:35 2006//TIPCOP_v1_4_0
/inputrc/1.1/Thu Dec 11 11:15:34 2003//TIPCOP_v1_4_0
/ld.so.conf/1.2/Sun Dec 28 19:54:21 2003//TIPCOP_v1_4_0
/logrotate.conf/1.4.2.4/Sun Oct 16 12:36:14 2005//TIPCOP_v1_4_0
/mime.types/1.1.1.1/Tue Nov 27 08:09:53 2001//TIPCOP_v1_4_0
/modules.conf/1.6.2.1/Fri Mar 19 07:34:38 2004//TIPCOP_v1_4_0
/nsswitch.conf/1.1/Thu Dec 11 11:15:34 2003//TIPCOP_v1_4_0
/passwd/1.3.2.1/Sun Jun 20 14:57:21 2004//TIPCOP_v1_4_0
/profile/1.3.2.1/Tue Mar 9 19:19:58 2004//TIPCOP_v1_4_0
/resolv.conf/1.1.1.1/Tue Nov 27 08:09:52 2001//TIPCOP_v1_4_0
/securetty/1.1.1.1/Tue Nov 27 08:09:52 2001//TIPCOP_v1_4_0
/sysctl.conf/1.2.2.1/Mon May 10 08:06:25 2004//TIPCOP_v1_4_0
/syslog.conf/1.3.2.2/Thu Aug 12 22:48:53 2004//TIPCOP_v1_4_0
D

1
config/etc/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/etc

1
config/etc/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/etc/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

9
config/etc/certparams Normal file
View File

@@ -0,0 +1,9 @@
.
.
.
.
.
HOSTNAME
.

8
config/etc/fstab Normal file
View File

@@ -0,0 +1,8 @@
#
# $Id: fstab,v 1.4 2006/02/11 15:42 ms Exp $
#
/dev/harddisk1 /boot ext3 nodev,nosuid,noatime,data=journal 1 2
/dev/harddisk2 /var/log ext3 nodev,nosuid,noatime,data=journal 1 2
/dev/harddisk4 / ext3 noatime 1 1
none /proc proc defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0

30
config/etc/group Normal file
View File

@@ -0,0 +1,30 @@
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
uucp:x:14:
dialout:x:16:
floppy:x:19:
tape:x:20:
utmp:x:22:
squid:x:23:
ntp:x:38:
dip:x:40:
lock:x:54:
sshd:x:74:
pcap:x:77:
nobody:x:99:
users:x:100:
snort:x:101:
logwatch:x:102:
dnsmasq:x:103:
cron:x:104:
syslogd:x:105:
klogd:x:106:

1
config/etc/host.conf Normal file
View File

@@ -0,0 +1 @@
order hosts,bind

23
config/etc/inittab Normal file
View File

@@ -0,0 +1,23 @@
#
# $Id: inittab,v 1.6.2.1 2006/01/24 15:25:35 franck78 Exp $
#
id:3:initdefault:
l0:0:wait:/etc/rc.d/rc.halt halt
l6:6:wait:/etc/rc.d/rc.halt reboot
si::sysinit:/etc/rc.d/rc.sysinit
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -r now
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
# Going single user mode for maintenance
xx:S1:respawn:/bin/bash

33
config/etc/inputrc Normal file
View File

@@ -0,0 +1,33 @@
# do not bell on tab-completion
#set bell-style none
set meta-flag on
set input-meta on
set convert-meta off
set output-meta on
$if mode=emacs
# for linux console and RH/Debian xterm
"\e[1~": beginning-of-line
"\e[4~": end-of-line
"\e[5~": beginning-of-history
"\e[6~": end-of-history
"\e[3~": delete-char
"\e[2~": quoted-insert
"\e[5C": forward-word
"\e[5D": backward-word
"\e\e[C": forward-word
"\e\e[D": backward-word
# for rxvt
"\e[8~": end-of-line
# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
"\eOH": beginning-of-line
"\eOF": end-of-line
# for freebsd console
"\e[H": beginning-of-line
"\e[F": end-of-line
$endif

3
config/etc/ld.so.conf Normal file
View File

@@ -0,0 +1,3 @@
# Begin /etc/ld.so.conf
# End /etc/ld.so.conf

75
config/etc/logrotate.conf Normal file
View File

@@ -0,0 +1,75 @@
# rotate log files weekly
weekly
# keep 52 weeks worth of backlogs
rotate 52
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# wtmp
/var/log/wtmp {
weekly
create 0664 root utmp
rotate 1
}
/var/log/httpd/access_log /var/log/httpd/error_log /var/log/httpd/ssl_request_log /var/log/httpd/ssl_engine_log {
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
/var/log/snort/alert {
weekly
copytruncate
compress
ifempty
missingok
postrotate
/usr/bin/find /var/log/snort -path '/var/log/snort/[0-9]*' -prune -exec /bin/rm -rf {} \;
/usr/bin/find /var/log/snort -name 'snort.log.*' -mtime +28 -exec /bin/rm -rf {} \;
/usr/local/bin/restartsnort
endscript
}
/var/log/squid/access.log /var/log/squid/user_agent.log /var/log/squid/referer.log {
weekly
copytruncate
ifempty
missingok
}
/var/log/squid/cache.log {
weekly
rotate 3
copytruncate
compress
missingok
}
/var/log/squid/store.log {
weekly
rotate 3
copytruncate
compress
missingok
postrotate
/bin/chmod -R ugo+rX /var/log/squid
/usr/sbin/squid -k rotate
endscript
}
/var/log/messages /var/log/boot.log /var/log/dhcpcd.log {
create 664 root syslogd
sharedscripts
ifempty
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

277
config/etc/mime.types Normal file
View File

@@ -0,0 +1,277 @@
# This is the default mime.types file from the Apache web server distribution
# This file controls what Internet media types are sent to the client for
# given file extension(s). Sending the correct media type to the client
# is important so they know how to handle the content of the file.
# Extra types can either be added here or by using an AddType directive
# in your config files. For more information about Internet media types,
# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type
# registry is at <ftp://ftp.iana.org/in-notes/iana/assignments/media-types/>.
# MIME type Extension
application/EDI-Consent
application/EDI-X12
application/EDIFACT
application/activemessage
application/andrew-inset ez
application/applefile
application/atomicmail
application/cals-1840
application/commonground
application/cybercash
application/dca-rft
application/dec-dx
application/eshop
application/hyperstudio
application/iges
application/mac-binhex40 hqx
application/mac-compactpro cpt
application/macwriteii
application/marc
application/mathematica
application/msword doc
application/news-message-id
application/news-transmission
application/octet-stream bin dms lha lzh exe class
application/oda oda
application/pdf pdf
application/pgp-encrypted
application/pgp-keys
application/pgp-signature
application/pkcs10
application/pkcs7-mime
application/pkcs7-signature
application/postscript ai eps ps
application/prs.alvestrand.titrax-sheet
application/prs.cww
application/prs.nprend
application/remote-printing
application/riscos
application/rtf rtf
application/set-payment
application/set-payment-initiation
application/set-registration
application/set-registration-initiation
application/sgml
application/sgml-open-catalog
application/slate
application/smil smi smil
application/vemmi
application/vnd.3M.Post-it-Notes
application/vnd.FloGraphIt
application/vnd.acucobol
application/vnd.anser-web-certificate-issue-initiation
application/vnd.anser-web-funds-transfer-initiation
application/vnd.audiograph
application/vnd.businessobjects
application/vnd.claymore
application/vnd.comsocaller
application/vnd.dna
application/vnd.dxr
application/vnd.ecdis-update
application/vnd.ecowin.chart
application/vnd.ecowin.filerequest
application/vnd.ecowin.fileupdate
application/vnd.ecowin.series
application/vnd.ecowin.seriesrequest
application/vnd.ecowin.seriesupdate
application/vnd.enliven
application/vnd.epson.salt
application/vnd.fdf
application/vnd.ffsns
application/vnd.framemaker
application/vnd.fujitsu.oasys
application/vnd.fujitsu.oasys2
application/vnd.fujitsu.oasys3
application/vnd.fujitsu.oasysgp
application/vnd.fujitsu.oasysprs
application/vnd.fujixerox.docuworks
application/vnd.hp-HPGL
application/vnd.hp-PCL
application/vnd.hp-PCLXL
application/vnd.hp-hps
application/vnd.ibm.MiniPay
application/vnd.ibm.modcap
application/vnd.intercon.formnet
application/vnd.intertrust.digibox
application/vnd.intertrust.nncp
application/vnd.is-xpr
application/vnd.japannet-directory-service
application/vnd.japannet-jpnstore-wakeup
application/vnd.japannet-payment-wakeup
application/vnd.japannet-registration
application/vnd.japannet-registration-wakeup
application/vnd.japannet-setstore-wakeup
application/vnd.japannet-verification
application/vnd.japannet-verification-wakeup
application/vnd.koan
application/vnd.lotus-1-2-3
application/vnd.lotus-approach
application/vnd.lotus-freelance
application/vnd.lotus-organizer
application/vnd.lotus-screencam
application/vnd.lotus-wordpro
application/vnd.meridian-slingshot
application/vnd.mif mif
application/vnd.minisoft-hp3000-save
application/vnd.mitsubishi.misty-guard.trustweb
application/vnd.ms-artgalry
application/vnd.ms-asf
application/vnd.ms-excel
application/vnd.ms-powerpoint ppt
application/vnd.ms-project
application/vnd.ms-tnef
application/vnd.ms-works
application/vnd.music-niff
application/vnd.musician
application/vnd.netfpx
application/vnd.noblenet-directory
application/vnd.noblenet-sealer
application/vnd.noblenet-web
application/vnd.novadigm.EDM
application/vnd.novadigm.EDX
application/vnd.novadigm.EXT
application/vnd.osa.netdeploy
application/vnd.powerbuilder6
application/vnd.powerbuilder6-s
application/vnd.rapid
application/vnd.seemail
application/vnd.shana.informed.formtemplate
application/vnd.shana.informed.interchange
application/vnd.shana.informed.package
application/vnd.street-stream
application/vnd.svd
application/vnd.swiftview-ics
application/vnd.truedoc
application/vnd.visio
application/vnd.webturbo
application/vnd.wrq-hp3000-labelled
application/vnd.wt.stf
application/vnd.xara
application/vnd.yellowriver-custom-menu
application/wita
application/wordperfect5.1
application/x-bcpio bcpio
application/x-bzip2 bz2
application/x-cdlink vcd
application/x-chess-pgn pgn
application/x-compress
application/x-cpio cpio
application/x-csh csh
application/x-director dcr dir dxr
application/x-dvi dvi
application/x-futuresplash spl
application/x-gtar gtar
application/x-gzip gz tgz
application/x-hdf hdf
application/x-javascript js
application/x-koan skp skd skt skm
application/x-latex latex
application/x-netcdf nc cdf
# The standard is that rpm is audio/x-pn-realaudio-plugin... oh well...
application/x-rpm rpm
application/x-sh sh
application/x-shar shar
application/x-shockwave-flash swf
application/x-stuffit sit
application/x-sv4cpio sv4cpio
application/x-sv4crc sv4crc
application/x-tar tar
application/x-tcl tcl
application/x-tex tex
application/x-texinfo texinfo texi
application/x-troff t tr roff
application/x-troff-man man
application/x-troff-me me
application/x-troff-ms ms
application/x-ustar ustar
application/x-wais-source src
application/x400-bp
application/xml
application/zip zip
audio/32kadpcm
audio/basic au snd
audio/midi mid midi kar
audio/mpeg mpga mp2 mp3
audio/vnd.qcelp
audio/x-aiff aif aiff aifc
audio/x-pn-realaudio ram rm
audio/x-realaudio ra
audio/x-wav wav
chemical/x-pdb pdb xyz
image/cgm
image/g3fax
image/gif gif
image/ief ief
image/jpeg jpeg jpg jpe
image/naplps
image/png png
image/prs.btif
image/tiff tiff tif
image/vnd.dwg
image/vnd.dxf
image/vnd.fpx
image/vnd.net-fpx
image/vnd.svf
image/vnd.xiff
image/x-cmu-raster ras
image/x-portable-anymap pnm
image/x-portable-bitmap pbm
image/x-portable-graymap pgm
image/x-portable-pixmap ppm
image/x-rgb rgb
image/x-xbitmap xbm
image/x-xpixmap xpm
image/x-xwindowdump xwd
message/delivery-status
message/disposition-notification
message/external-body
message/http
message/news
message/partial
message/rfc822
model/iges igs iges
model/mesh msh mesh silo
model/vnd.dwf
model/vrml wrl vrml
multipart/alternative
multipart/appledouble
multipart/byteranges
multipart/digest
multipart/encrypted
multipart/form-data
multipart/header-set
multipart/mixed
multipart/parallel
multipart/related
multipart/report
multipart/signed
multipart/voice-message
text/css css
text/directory
text/enriched
text/plain asc txt
text/prs.lines.tag
text/rfc822-headers
text/richtext rtx
text/rtf rtf
text/sgml sgml sgm
text/tab-separated-values tsv
text/uri-list
text/vnd.abc
text/vnd.flatland.3dml
text/vnd.fmi.flexstor
text/vnd.in3d.3dml
text/vnd.in3d.spot
text/vnd.latex-z
text/x-setext etx
text/xml xml
video/mpeg mpeg mpg mpe
video/quicktime qt mov
video/vnd.motorola.video
video/vnd.motorola.videop
video/vnd.vivo
video/x-msvideo avi
video/x-sgi-movie movie
x-conference/x-cooltalk ice
text/html html htm

24
config/etc/modules.conf Normal file
View File

@@ -0,0 +1,24 @@
# USB HID Settings
above hid keybdev
# ISDN Settings
alias char-major-43 hisax
alias char-major-44 hisax
alias char-major-45 hisax
alias ippp0 off
alias ippp1 off
# PPP Settings
alias char-major-108 ppp_generic
alias /dev/ppp ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-13 n_hdlc
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias net-pf-8 atm
alias net-pf-24 pppoe
alias char-major-144 pppox
alias char-major-166 acm

19
config/etc/nsswitch.conf Normal file
View File

@@ -0,0 +1,19 @@
# Begin /etc/nsswitch.conf
passwd: files
group: files
shadow: files
publickey: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: db files
# End /etc/nsswitch.conf

14
config/etc/passwd Normal file
View File

@@ -0,0 +1,14 @@
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
squid:x:23:23:ftp:/var/spool/squid:/bin/false
ntp:x:38:38::/etc/ntp:/bin/false
sshd:x:74:74:sshd:/var/empty:/bin/false
nobody:x:99:99:Nobody:/home/nobody:/bin/false
snort:x:100:101:ftp:/var/log/snort:/bin/false
logwatch:x:102:102::/var/log/logwatch:/bin/false
dnsmasq:x:103:103::/:/bin/false
cron:x:104:104::/:/bin/false
syslogd:x:105:105:/var/empty:/bin/false
klogd:x:106:106:/var/empty:/bin/false

47
config/etc/profile Normal file
View File

@@ -0,0 +1,47 @@
# /etc/bashrc
umask 022
unset i
# are we an interactive shell?
if [ "$PS1" ]; then
if [ -x /usr/bin/tput ]; then
if [ "x`tput kbs`" != "x" ]; then # We can't do this with "dumb" terminal
stty erase `tput kbs`
elif [ -x /usr/bin/wc ]; then
if [ "`tput kbs|wc -c `" -gt 0 ]; then # We can't do this with "dumb" terminal
stty erase `tput kbs`
fi
fi
fi
fi
# Path manipulation
PATH="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin"
# No core files by default
ulimit -S -c 0 > /dev/null 2>&1
USER=`id -un`
LOGNAME=$USER
HOSTNAME=`/bin/hostname`
HISTSIZE=250
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then
INPUTRC=/etc/inputrc
fi
export PATH USER LOGNAME HOSTNAME HISTSIZE INPUTRC
# LS Colors
alias dir='ls'
alias ll='ls -l --color=tty'
alias ls='ls --color=tty'
# IPCop language settings
LANG=en_US.utf8
PS1='\[\033[1;33m\]\u\[\033[1;37m\]@\[\033[1;32m\]\h\[\033[1;37m\]:\[\033[1;31m\]\w \[\033[1;36m\]\$ \[\033[0m\]'
echo -n -e '\033%G'
export LANG PS1

1
config/etc/resolv.conf Normal file
View File

@@ -0,0 +1 @@
nameserver 127.0.0.1

22
config/etc/securetty Normal file
View File

@@ -0,0 +1,22 @@
tty1
tty2
tty3
tty4
tty5
tty6
ttyp0
ttyp1
ttyp2
ttyp3
ttyp4
ttyp5
ttyp6
ttyp7
ttyp8
ttyp9
ttypa
ttypb
ttypc
ttypd
ttype
ttypf

24
config/etc/sysctl.conf Normal file
View File

@@ -0,0 +1,24 @@
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
kernel.printk = 1 4 1 7

20
config/etc/syslog.conf Normal file
View File

@@ -0,0 +1,20 @@
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# local0.* any dhcpcd log (even debug) in messages
daemon.*;local0.*;local2.*;*.info;mail.none;authpriv.*;cron.* /var/log/messages
# Everybody gets emergency messages
*.emerg *
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Display logs on tty12
*.* /dev/tty12
# Optionally log to a remote host
#*.* @hostname.domain

4
config/grub/CVS/Entries Normal file
View File

@@ -0,0 +1,4 @@
/grub.conf/1.5.2.5/Fri Aug 27 09:59:56 2004//TIPCOP_v1_4_0
/ipcop.xpm.gz/1.4/Fri Feb 6 20:58:18 2004//TIPCOP_v1_4_0
/scsigrub.conf/1.5.2.5/Fri Aug 27 09:59:56 2004//TIPCOP_v1_4_0
D

1
config/grub/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/grub

1
config/grub/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/grub/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

21
config/grub/grub.conf Normal file
View File

@@ -0,0 +1,21 @@
timeout 5
default saved
foreground = 16064e
background = ffffff
splashimage (hd0,0)/grub/ipcop.xpm.gz
title IPFire
root (hd0,0)
kernel /vmlinuz root=ROOT panic=10 acpi=off ro
savedefault
title IPFire SMP
root (hd0,0)
kernel /vmlinuz-smp root=ROOT panic=10 acpi=off ro
savedefault
title IPFire (ACPI enabled)
root (hd0,0)
kernel /vmlinuz root=ROOT panic=10 ro
savedefault
title IPFire SMP (ACPI HT enabled)
root (hd0,0)
kernel /vmlinuz-smp root=ROOT panic=10 acpi=ht ro
savedefault

BIN
config/grub/ipcop.xpm.gz Normal file
View File

Binary file not shown.

25
config/grub/scsigrub.conf Normal file
View File

@@ -0,0 +1,25 @@
timeout 5
default saved
foreground = 16064e
background = ffffff
splashimage (hd0,0)/grub/ipcop.xpm.gz
title IPCop
root (hd0,0)
kernel /vmlinuz root=ROOT panic=10 init=/linuxrc acpi=off rw
initrd /ipcoprd.img
savedefault
title IPCop SMP
root (hd0,0)
kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=off rw
initrd /ipcoprd-smp.img
savedefault
title IPCop (ACPI enabled)
root (hd0,0)
kernel /vmlinuz root=ROOT panic=10 init=/linuxrc rw
initrd /ipcoprd.img
savedefault
title IPCop SMP (ACPI HT enabled)
root (hd0,0)
kernel /vmlinuz-smp root=ROOT panic=10 init=/linuxrc acpi=ht rw
initrd /ipcoprd-smp.img
savedefault

2
config/httpd/CVS/Entries Normal file
View File

@@ -0,0 +1,2 @@
/httpd.conf/1.15.2.7/Sat Apr 16 11:40:15 2005//TIPCOP_v1_4_0
D

1
config/httpd/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/httpd

1
config/httpd/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/httpd/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

149
config/httpd/httpd.conf Normal file
View File

@@ -0,0 +1,149 @@
##
## httpd.conf -- Apache HTTP server configuration file
##
## $Id: httpd.conf,v 1.15.2.7 2005/04/16 11:40:15 rkerr Exp $
##
ServerType standalone
ServerRoot /etc/httpd
LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 445
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
<Directory />
Options None
AllowOverride None
</Directory>
<Directory /home/httpd/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
AuthName "Restricted"
AuthType Basic
AuthUserFile CONFIG_ROOT/auth/users
require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
AllowOverride None
Options None
AuthName "Restricted"
AuthType Basic
AuthUserFile CONFIG_ROOT/auth/users
Require user admin
<Files index.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
</Files>
<Files dial.cgi>
Require user admin dial
</Files>
</Directory>
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<IfModule mod_mime.c>
TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout 900
SSLMutex file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel info
<VirtualHost _default_:445>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
DocumentRoot /home/httpd/html
ServerAdmin root@localhost
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
<Files ~ "\.(cgi|shtml?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /home/httpd/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SetEnv HOME /home/nobody
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<Directory /home/httpd/html/backup>
Options None
AllowOverride None
AuthName "Restricted"
AuthType Basic
AuthUserFile /var/ipcop/auth/users
require user admin
</Directory>
include /etc/httpd/conf/hostname.conf

11
config/install/CVS/Entries Normal file
View File

@@ -0,0 +1,11 @@
/fstab/1.1.1.1/Tue Nov 27 08:09:57 2001//TIPCOP_v1_4_0
/group/1.1.1.1/Tue Nov 27 08:09:57 2001//TIPCOP_v1_4_0
/halt/1.2/Fri Dec 12 10:33:30 2003//TIPCOP_v1_4_0
/hosts/1.2/Fri Dec 12 10:33:30 2003//TIPCOP_v1_4_0
/inittab/1.3/Fri Dec 12 10:33:30 2003//TIPCOP_v1_4_0
/nsswitch.conf/1.1.1.1/Tue Nov 27 08:09:57 2001//TIPCOP_v1_4_0
/passwd/1.1.1.1/Tue Nov 27 08:09:57 2001//TIPCOP_v1_4_0
/profile/1.2/Fri Dec 12 10:33:30 2003//TIPCOP_v1_4_0
/rc/1.5.2.1/Tue Sep 14 21:42:47 2004//TIPCOP_v1_4_0
/shells/1.1.1.1/Tue Nov 27 08:09:57 2001//TIPCOP_v1_4_0
D

1
config/install/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/install

1
config/install/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/install/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

3
config/install/fstab Normal file
View File

@@ -0,0 +1,3 @@
/dev/ram0 / ext2
/dev/fd0 / ext2
/proc /proc proc

4
config/install/group Normal file
View File

@@ -0,0 +1,4 @@
root:x:0:root
tty:x:5:
disk:x:6:
uucp:x:14:

19
config/install/halt Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
echo "Shutting down..."
echo "Sending all processes the TERM signal..."
/sbin/killall5 -15
sleep 3
echo "Sending all processes the KILL signal..."
/sbin/killall5 -9
sleep 3
echo "Unmounting /cdrom, /harddisk/boot, /harddisk/var/log and /harddisk"
/sbin/umount /cdrom
/sbin/umount /harddisk/boot
/sbin/umount /harddisk/var/log
/sbin/umount /harddisk
echo "Unmounting /proc"
/sbin/umount /proc/bus/usb
/sbin/umount /proc
echo "Unmounting root"
/sbin/mount -n -o remount,ro /
/sbin/reboot -i -d -p

1
config/install/hosts Normal file
View File

@@ -0,0 +1 @@
localhost 127.0.0.1

10
config/install/inittab Normal file
View File

@@ -0,0 +1,10 @@
# System initialization.
::sysinit:/etc/rc
# Run gettys in standard runlevels
tty1::respawn:/bin/iowrap /dev/tty1 /bin/ash --login -c "/bin/install /dev/tty2"
tty3::respawn:/bin/iowrap /dev/tty3 /bin/ash --login
# Stuff to do before rebooting
::ctrlaltdel:/etc/halt
::shutdown:/etc/halt

15
config/install/nsswitch.conf Normal file
View File

@@ -0,0 +1,15 @@
passwd: files
shadow: files
group: files
hosts: files
services: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
automount: files
aliases: files
netgroup: files
publickey: files

1
config/install/passwd Normal file
View File

@@ -0,0 +1 @@
root::0:0:root:/:/bin/ash

7
config/install/profile Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/ash
TERM=linux
LANG=en_US.UTF-8
export TERM LANG
/bin/unicode_start lat0-16

12
config/install/rc Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/ash
echo "Mounting proc"
mount /proc
echo "Starting syslogd"
syslogd -L -O /dev/tty2
echo "Silencing kernel"
echo >/proc/sys/kernel/printk "1 4 1 7"
echo "Disabling screen blanking"
echo -n -e "\033[9;0]"

1
config/install/shells Normal file
View File

@@ -0,0 +1 @@
/bin/ash

3
config/ipac-ng/CVS/Entries Normal file
View File

@@ -0,0 +1,3 @@
/ipac.conf/1.2.2.1/Wed Jun 9 23:00:11 2004//TIPCOP_v1_4_0
/rules.conf/1.2.2.1/Wed Jun 9 23:00:11 2004//TIPCOP_v1_4_0
D

1
config/ipac-ng/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/ipac-ng

1
config/ipac-ng/CVS/Root Normal file
View File

@@ -0,0 +1 @@
:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ipcop

1
config/ipac-ng/CVS/Tag Normal file
View File

@@ -0,0 +1 @@
TIPCOP_v1_4_0

5
config/ipac-ng/ipac.conf Normal file
View File

@@ -0,0 +1,5 @@
access agent = files
account agent = iptables
storage = gdbm
rules file = /etc/ipac-ng/rules.conf
drop zero lines = yes

36
config/ipac-ng/rules.conf Normal file
View File

@@ -0,0 +1,36 @@
# Example config file with accounting rules
# Install as /etc/ipac-ng/rules.conf.iptables
#
# Format:
# Name of rule|direction|interface|protocol|source|destination
# WARNING!!!! spaces are not allowed before and after '|'.
#
# where
# Name of rule Any string to identify this rule
# direction ipac~fi - forward in
# ipac~fo - forward out
# ipac~i - outgoing from machine with ipac-ng to other host(/net)
# (or incoming to otherhost)
# ipac~o - incoming to machine with ipac-ng
# (or outgoing from otherhost)
#
# interface interface name, '+' means all interfaces (dont try to use ip numbers here!)
# protocol tcp | udp | icmp | all
# source \
# destination both as described in ipfwadm(8), or empty
#
# incoming:
# lets demonstrate this by following rules.
# Example 1:
# there are some hosts in out net 192.168.0.0/24
# our ipac-ng host has two interfaces - eth0 connected to local net
# and eth1 to internet
Incoming GREEN|ipac~i|eth0|all|||
Outgoing GREEN|ipac~o|eth0|all|||
Incoming RED (PPP)|ipac~i|ppp0|all|||
Outgoing RED (PPP)|ipac~o|ppp0|all|||
Incoming RED (ISDN PPP)|ipac~i|ippp0|all|||
Outgoing RED (ISDN PPP)|ipac~o|ippp0|all|||

8
config/kernel/CVS/Entries Normal file
View File

@@ -0,0 +1,8 @@
/aboot.conf/1.1/Thu Feb 19 15:19:54 2004//TIPCOP_v1_4_0
/install-message/1.3.2.1/Sat Feb 5 21:14:54 2005//TIPCOP_v1_4_0
/kernel.config.alpha/1.5.2.21/Sat Jan 14 16:35:15 2006//TIPCOP_v1_4_0
/kernel.config.i386/1.12.2.23/Sat Jan 14 16:35:15 2006//TIPCOP_v1_4_0
/kernel.config.i386.installer/1.1.2.13/Sat Jan 14 16:35:15 2006//TIPCOP_v1_4_0
/kernel.config.i386.smp/1.1.2.16/Sat Jan 14 16:35:15 2006//TIPCOP_v1_4_0
/syslinux.cfg/1.4.2.4/Sat Feb 5 21:14:54 2005//TIPCOP_v1_4_0
D

1
config/kernel/CVS/Repository Normal file
View File

@@ -0,0 +1 @@
ipcop/config/kernel

Some files were not shown because too many files have changed in this diff Show More