Merge branch 'master' into next

Conflicts:
	config/rootfiles/core/40/exclude
	config/rootfiles/core/40/filelists/files
	config/rootfiles/core/40/update.sh
	make.sh

config/outgoingfw/outgoingfw.pl

@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPTifre Team                                       #
+# Copyright (C) 2005-2010  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -94,7 +94,7 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 } elsif ( $outfwsettings{'POLICY'} eq 'MODE2' ) {
 	$outfwsettings{'STATE'} = "DENY";
 	$POLICY = "ACCEPT";
-	$DO = "DROP -m comment --comment 'DROP_OUTGOINGFW'";
+	$DO = "DROP -m comment --comment 'DROP_OUTGOINGFW '";
 }
 
 ### Initialize IPTables
@@ -102,15 +102,23 @@ system("/sbin/iptables --flush OUTGOINGFW >/dev/null 2>&1");
 system("/sbin/iptables --delete-chain OUTGOINGFW >/dev/null 2>&1");
 system("/sbin/iptables -N OUTGOINGFW >/dev/null 2>&1");
 
+system("/sbin/iptables --flush OUTGOINGFWMAC >/dev/null 2>&1");
+system("/sbin/iptables --delete-chain OUTGOINGFWMAC >/dev/null 2>&1");
+system("/sbin/iptables -N OUTGOINGFWMAC >/dev/null 2>&1");
+
 if ( $outfwsettings{'POLICY'} eq 'MODE0' ) {
 	exit 0
 }
 
 if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 	$CMD = "/sbin/iptables -A OUTGOINGFW -m state --state ESTABLISHED,RELATED -j ACCEPT";
+	if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
+	$CMD = "/sbin/iptables -A OUTGOINGFWMAC -m state --state ESTABLISHED,RELATED -j ACCEPT";
 	if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
 		$CMD = "/sbin/iptables -A OUTGOINGFW -p icmp -j ACCEPT";
 	if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
+		$CMD = "/sbin/iptables -A OUTGOINGFWMAC -p icmp -j ACCEPT";
+	if ($DEBUG) { print "$CMD\n"; } else { system("$CMD"); }
 }
 
 foreach $configentry (sort @configs)
@@ -148,16 +156,21 @@ foreach $configentry (sort @configs)
 		} elsif ($configline[2] eq 'all') {
 			@SOURCE = ("0/0");
 			$DEV = "";
+		} elsif ($configline[2] eq 'mac') {
+			@SOURCE = ("$configline[6]");
+			$DEV = "";
 		} else {
-			if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" )
-			{
+			if ( -e "/var/ipfire/outgoing/groups/ipgroups/$configline[2]" ) {
 				@SOURCE = `cat /var/ipfire/outgoing/groups/ipgroups/$configline[2]`;
+			} elsif ( -e "/var/ipfire/outgoing/groups/macgroups/$configline[2]" ) {
+				@SOURCE = `cat /var/ipfire/outgoing/groups/macgroups/$configline[2]`;
+				$configline[2] = "mac";
 			}
 			$DEV = "";
 		}
 
 		if ($configline[7]) { $DESTINATION = "$configline[7]"; } else { $DESTINATION = "0/0"; }
-		
+
 		if ($configline[3] eq 'tcp') {
 			@PROTO = ("tcp");
 		} elsif ($configline[3] eq 'udp') {
@@ -174,9 +187,14 @@ foreach $configentry (sort @configs)
 			foreach $SOURCE (@SOURCE) {
 				$SOURCE =~ s/\s//gi;
 
-				 if ( $SOURCE eq "" ){next;}
+				if ( $SOURCE eq "" ){next;}
 
-				$CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO";
+				if ( $configline[6] ne "" || $configline[2] eq 'mac' ){
+					$SOURCE =~ s/[^a-zA-Z0-9]/:/gi;
+					$CMD = "/sbin/iptables -A OUTGOINGFWMAC -m mac --mac-source $SOURCE -d $DESTINATION -p $PROTO";
+				} else {
+					$CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO";
+				}
 
 				 if ($configline[8] && ( $configline[3] ne 'esp' || $configline[3] ne 'gre') ) {
 					$DPORT = "$configline[8]";
@@ -187,11 +205,6 @@ foreach $configentry (sort @configs)
 					$CMD = "$CMD -i $DEV";
 				}
 
-				if ($configline[6]) {
-					$MAC = "$configline[6]";
-					$CMD = "$CMD -m mac --mac-source $MAC";
-				}
-
 				if ($configline[17] && $configline[18]) {
 					if ($configline[10]){$DAY = "Mon,"}
 					if ($configline[11]){$DAY .= "Tue,"}
@@ -263,10 +276,10 @@ if ( $outfwsettings{'POLICY'} eq 'MODE1' ) {
 		}
 	 }
 
-	$CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW'";
+	$CMD = "/sbin/iptables -A OUTGOINGFW -o $netsettings{'RED_DEV'} -j DROP -m comment --comment 'DROP_OUTGOINGFW '";
 	if ($DEBUG) {
 		print "$CMD\n";
 	} else {
 		system("$CMD");
 	}
-}
+}

config/rootfiles/common/configroot

@@ -102,7 +102,7 @@ var/ipfire/outgoing
 var/ipfire/outgoing/defaultservices
 #var/ipfire/outgoing/groups
 #var/ipfire/outgoing/groups/ipgroups
-#var/ipfire/outgoing/ipgroups
+#var/ipfire/outgoing/groups/macgroups
 #var/ipfire/outgoing/p2protocols
 #var/ipfire/outgoing/rules
 #var/ipfire/outgoing/settings

config/rootfiles/common/snort

@@ -52,7 +52,6 @@ usr/lib/snort_dynamicpreprocessor
 #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
 #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0
 #usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
-#usr/man/man8/snort.8
 usr/sbin/snort
 #usr/share/doc/snort
 #usr/share/doc/snort/AUTHORS
@@ -106,4 +105,5 @@ usr/sbin/snort
 #usr/share/doc/snort/USAGE
 #usr/share/doc/snort/WISHLIST
 #usr/share/doc/snort/generators
+#usr/share/man/man8/snort.8
 var/log/snort

config/rootfiles/common/strongswan

@@ -1,5 +1,4 @@
 etc/ipsec.conf
-etc/ipsec.user.conf
 #etc/ipsec.d
 etc/ipsec.d/aacerts
 etc/ipsec.d/acerts
@@ -10,7 +9,6 @@ etc/ipsec.d/ocspcerts
 etc/ipsec.d/private
 etc/ipsec.d/reqs
 etc/ipsec.secrets
-etc/ipsec.user.secrets
 etc/strongswan.conf
 #usr/lib/libcharon.a
 #usr/lib/libcharon.la
@@ -81,6 +79,9 @@ usr/libexec/ipsec/plugins/libstrongswan-random.so
 #usr/libexec/ipsec/plugins/libstrongswan-resolve.a
 #usr/libexec/ipsec/plugins/libstrongswan-resolve.la
 usr/libexec/ipsec/plugins/libstrongswan-resolve.so
+#usr/libexec/ipsec/plugins/libstrongswan-revocation.a
+#usr/libexec/ipsec/plugins/libstrongswan-revocation.la
+usr/libexec/ipsec/plugins/libstrongswan-revocation.so
 #usr/libexec/ipsec/plugins/libstrongswan-sha1.a
 #usr/libexec/ipsec/plugins/libstrongswan-sha1.la
 usr/libexec/ipsec/plugins/libstrongswan-sha1.so
@@ -99,6 +100,9 @@ usr/libexec/ipsec/plugins/libstrongswan-updown.so
 #usr/libexec/ipsec/plugins/libstrongswan-x509.a
 #usr/libexec/ipsec/plugins/libstrongswan-x509.la
 usr/libexec/ipsec/plugins/libstrongswan-x509.so
+#usr/libexec/ipsec/plugins/libstrongswan-xauth.a
+#usr/libexec/ipsec/plugins/libstrongswan-xauth.la
+usr/libexec/ipsec/plugins/libstrongswan-xauth.so
 #usr/libexec/ipsec/plugins/libstrongswan-xcbc.a
 #usr/libexec/ipsec/plugins/libstrongswan-xcbc.la
 usr/libexec/ipsec/plugins/libstrongswan-xcbc.so
@@ -136,3 +140,5 @@ usr/sbin/ipsec
 #usr/share/man/man8/pluto.8
 #usr/share/man/man8/scepclient.8
 #usr/share/man/man8/starter.8
+etc/ipsec.user.conf
+etc/ipsec.user.secrets