webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into strongswan-next

Browse Source
This commit is contained in:
Michael Tremer
2013-07-16 12:04:00 +02:00
parent 82efdd4f22 15f78770b1
commit f4dd02f2b6
49 changed files with 2173 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/cfgroot/general-functions.pl
View File

@@ -1030,4 +1030,27 @@ sub RedIsWireless() {
return 0;
}
# Function to read a file with UTF-8 charset.
sub read_file_utf8 ($) {
my ($file) = @_;
open my $in, '<:encoding(UTF-8)', $file or die "Could not open '$file' for reading $!";
local $/ = undef;
my $all = <$in>;
close $in;
return $all;
}
# Function to write a file with UTF-8 charset.
sub write_file_utf8 ($) {
my ($file, $content) = @_;
open my $out, '>:encoding(UTF-8)', $file or die "Could not open '$file' for writing $!";;
print $out $content;
close $out;
return;
}
1;

30
config/menu/30-network.menu
View File

@@ -35,37 +35,37 @@
'title' => "$Lang::tr{'edit hosts'}",
'enabled' => 1,
};
$subnetwork->{'51.routes'} = {
$subnetwork->{'51.dnsmenu'} = {
'caption' => $Lang::tr{'dns menu'},
'uri' => '/cgi-bin/dns.cgi',
'title' => "$Lang::tr{'dns menu'}",
'enabled' => `grep "RED_TYPE=DHCP" /var/ipfire/ethernet/settings`,
};
$subnetwork->{'52.dnsforward'} = {
'caption' => $Lang::tr{'dnsforward'},
'uri' => '/cgi-bin/dnsforward.cgi',
'title' => "$Lang::tr{'dnsforward'}",
'enabled' => 1
};
$subnetwork->{'60.routes'} = {
'caption' => $Lang::tr{'static routes'},
'uri' => '/cgi-bin/routing.cgi',
'title' => "$Lang::tr{'static routes'}",
'enabled' => 1,
};
$subnetwork->{'60.upload'} = {
'caption' => $Lang::tr{'upload'},
'uri' => '/cgi-bin/upload.cgi',
'title' => "$Lang::tr{'upload'}",
'enabled' => 0,
};
$subnetwork->{'70.aliases'} = {
'caption' => $Lang::tr{'aliases'},
'uri' => '/cgi-bin/aliases.cgi',
'title' => "$Lang::tr{'aliases'}",
'enabled' => `grep "RED_TYPE=STATIC" /var/ipfire/ethernet/settings`,
};
$subnetwork->{'80.dnsmenu'} = {
'caption' => $Lang::tr{'dns menu'},
'uri' => '/cgi-bin/dns.cgi',
'title' => "$Lang::tr{'dns menu'}",
'enabled' => `grep "RED_TYPE=DHCP" /var/ipfire/ethernet/settings`,
};
$subnetwork->{'90.macadressmenu'} = {
$subnetwork->{'80.macadressmenu'} = {
'caption' => $Lang::tr{'mac address menu'},
'uri' => '/cgi-bin/mac.cgi',
'title' => "$Lang::tr{'mac address menu'}",
'enabled' => 1,
};
$subnetwork->{'99.wakeonlan'} = {
$subnetwork->{'90.wakeonlan'} = {
'caption' => $Lang::tr{'WakeOnLan'},
'uri' => '/cgi-bin/wakeonlan.cgi',
'title' => "$Lang::tr{'WakeOnLan'}",

1
config/rootfiles/common/misc-progs
View File

@@ -3,6 +3,7 @@ usr/local/bin/addonctrl
usr/local/bin/backupctrl
#usr/local/bin/clamavctrl
usr/local/bin/dhcpctrl
usr/local/bin/dnsmasqctrl
usr/local/bin/extrahdctrl
usr/local/bin/fireinfoctrl
usr/local/bin/getconntracktable

2
config/rootfiles/common/snort
View File

@@ -3,6 +3,7 @@ etc/snort/rules
#etc/snort/rules/classification.config
#etc/snort/rules/reference.config
etc/snort/snort.conf
etc/snort/snort.conf.template
etc/snort/unicode.map
usr/bin/u2boat
usr/bin/u2spewfoo
@@ -179,7 +180,6 @@ usr/sbin/snort
#usr/share/doc/snort/README.dnp3
#usr/share/doc/snort/README.dns
#usr/share/doc/snort/README.event_queue
#usr/share/doc/snort/README.file
#usr/share/doc/snort/README.filters
#usr/share/doc/snort/README.flowbits
#usr/share/doc/snort/README.frag3

46
config/rootfiles/common/usb_modeswitch_data
View File

@@ -5,20 +5,24 @@ usr/share/usb_modeswitch/03f0:002a
usr/share/usb_modeswitch/0408:f000
usr/share/usb_modeswitch/0421:060c
usr/share/usb_modeswitch/0421:0610
usr/share/usb_modeswitch/0421:0618
usr/share/usb_modeswitch/0421:061d
usr/share/usb_modeswitch/0421:0622
usr/share/usb_modeswitch/0421:0627
usr/share/usb_modeswitch/0421:062c
usr/share/usb_modeswitch/0421:0632
usr/share/usb_modeswitch/0421:0637
usr/share/usb_modeswitch/0471:1210:uMa=Philips
usr/share/usb_modeswitch/0471:1210:uMa=Wisue
usr/share/usb_modeswitch/0471:1237
usr/share/usb_modeswitch/0482:024d
usr/share/usb_modeswitch/04bb:bccd
usr/share/usb_modeswitch/04cc:225c
usr/share/usb_modeswitch/04e8:680c
usr/share/usb_modeswitch/04e8:689a
usr/share/usb_modeswitch/04e8:f000:sMo=U209
usr/share/usb_modeswitch/057c:84ff
usr/share/usb_modeswitch/05c6:0010
usr/share/usb_modeswitch/05c6:1000:sVe=GT
usr/share/usb_modeswitch/05c6:1000:sVe=Option
usr/share/usb_modeswitch/05c6:1000:uMa=AnyDATA
@@ -27,6 +31,7 @@ usr/share/usb_modeswitch/05c6:1000:uMa=DGT
usr/share/usb_modeswitch/05c6:1000:uMa=Option
usr/share/usb_modeswitch/05c6:1000:uMa=SAMSUNG
usr/share/usb_modeswitch/05c6:1000:uMa=SSE
usr/share/usb_modeswitch/05c6:1000:uMa=StrongRising
usr/share/usb_modeswitch/05c6:1000:uMa=Vertex
usr/share/usb_modeswitch/05c6:2000
usr/share/usb_modeswitch/05c6:2001
@@ -83,6 +88,7 @@ usr/share/usb_modeswitch/0af0:8700
usr/share/usb_modeswitch/0af0:8800
usr/share/usb_modeswitch/0af0:8900
usr/share/usb_modeswitch/0af0:9000
usr/share/usb_modeswitch/0af0:9200
usr/share/usb_modeswitch/0af0:c031
usr/share/usb_modeswitch/0af0:c100
usr/share/usb_modeswitch/0af0:d001
@@ -104,7 +110,7 @@ usr/share/usb_modeswitch/0cf3:20ff
usr/share/usb_modeswitch/0d46:45a1
usr/share/usb_modeswitch/0d46:45a5
usr/share/usb_modeswitch/0df7:0800
usr/share/usb_modeswitch/0e8d:0002
usr/share/usb_modeswitch/0e8d:0002:uPr=MT
usr/share/usb_modeswitch/0e8d:7109
usr/share/usb_modeswitch/0fce:d0cf
usr/share/usb_modeswitch/0fce:d0e1
@@ -115,14 +121,19 @@ usr/share/usb_modeswitch/1004:607f
usr/share/usb_modeswitch/1004:613a
usr/share/usb_modeswitch/1004:613f
usr/share/usb_modeswitch/1004:614e
usr/share/usb_modeswitch/1004:6156
usr/share/usb_modeswitch/1004:6190
usr/share/usb_modeswitch/1004:61aa
usr/share/usb_modeswitch/1004:61dd
usr/share/usb_modeswitch/1004:61e7
usr/share/usb_modeswitch/1004:61eb
usr/share/usb_modeswitch/1004:6327
usr/share/usb_modeswitch/1033:0035
usr/share/usb_modeswitch/106c:3b03
usr/share/usb_modeswitch/106c:3b05
usr/share/usb_modeswitch/106c:3b06
usr/share/usb_modeswitch/106c:3b11
usr/share/usb_modeswitch/106c:3b14
usr/share/usb_modeswitch/1076:7f40
usr/share/usb_modeswitch/109b:f009
usr/share/usb_modeswitch/1199:0fff
@@ -139,6 +150,7 @@ usr/share/usb_modeswitch/12d1:1449
usr/share/usb_modeswitch/12d1:14ad
usr/share/usb_modeswitch/12d1:14b5
usr/share/usb_modeswitch/12d1:14b7
usr/share/usb_modeswitch/12d1:14ba
usr/share/usb_modeswitch/12d1:14c1
usr/share/usb_modeswitch/12d1:14c3
usr/share/usb_modeswitch/12d1:14c4
@@ -146,24 +158,33 @@ usr/share/usb_modeswitch/12d1:14c5
usr/share/usb_modeswitch/12d1:14d1
usr/share/usb_modeswitch/12d1:14fe
usr/share/usb_modeswitch/12d1:1505
usr/share/usb_modeswitch/12d1:151a
usr/share/usb_modeswitch/12d1:1520
usr/share/usb_modeswitch/12d1:1521
usr/share/usb_modeswitch/12d1:1523
usr/share/usb_modeswitch/12d1:1526
usr/share/usb_modeswitch/12d1:1553
usr/share/usb_modeswitch/12d1:1557
usr/share/usb_modeswitch/12d1:155b
usr/share/usb_modeswitch/12d1:1805
usr/share/usb_modeswitch/12d1:1c0b
usr/share/usb_modeswitch/12d1:1c1b
usr/share/usb_modeswitch/12d1:1c24
usr/share/usb_modeswitch/12d1:1d50
usr/share/usb_modeswitch/12d1:1da1
usr/share/usb_modeswitch/12d1:1f01
usr/share/usb_modeswitch/12d1:1f03
usr/share/usb_modeswitch/12d1:1f11
usr/share/usb_modeswitch/12d1:380b
usr/share/usb_modeswitch/1307:1169
usr/share/usb_modeswitch/1410:5010
usr/share/usb_modeswitch/1410:5020
usr/share/usb_modeswitch/1410:5023
usr/share/usb_modeswitch/1410:5030
usr/share/usb_modeswitch/1410:5031
usr/share/usb_modeswitch/1410:5041
usr/share/usb_modeswitch/1410:5059
usr/share/usb_modeswitch/1410:7001
usr/share/usb_modeswitch/148e:a000
usr/share/usb_modeswitch/148f:2578
usr/share/usb_modeswitch/15eb:7153
@@ -173,6 +194,7 @@ usr/share/usb_modeswitch/16d8:6804
usr/share/usb_modeswitch/16d8:700a
usr/share/usb_modeswitch/16d8:700b
usr/share/usb_modeswitch/16d8:f000
usr/share/usb_modeswitch/1726:f00e
usr/share/usb_modeswitch/198a:0003
usr/share/usb_modeswitch/198f:bccd
usr/share/usb_modeswitch/19d2:0003
@@ -181,16 +203,20 @@ usr/share/usb_modeswitch/19d2:0026
usr/share/usb_modeswitch/19d2:0031
usr/share/usb_modeswitch/19d2:0040
usr/share/usb_modeswitch/19d2:0053
usr/share/usb_modeswitch/19d2:0083
usr/share/usb_modeswitch/19d2:0083:uPr=WCDMA
usr/share/usb_modeswitch/19d2:0101
usr/share/usb_modeswitch/19d2:0103
usr/share/usb_modeswitch/19d2:0110
usr/share/usb_modeswitch/19d2:0115
usr/share/usb_modeswitch/19d2:0120
usr/share/usb_modeswitch/19d2:0146
usr/share/usb_modeswitch/19d2:0149
usr/share/usb_modeswitch/19d2:0150
usr/share/usb_modeswitch/19d2:0154
usr/share/usb_modeswitch/19d2:0166
usr/share/usb_modeswitch/19d2:0169
usr/share/usb_modeswitch/19d2:0266
usr/share/usb_modeswitch/19d2:0325
usr/share/usb_modeswitch/19d2:1001
usr/share/usb_modeswitch/19d2:1007
@@ -203,9 +229,13 @@ usr/share/usb_modeswitch/19d2:1179
usr/share/usb_modeswitch/19d2:1201
usr/share/usb_modeswitch/19d2:1216
usr/share/usb_modeswitch/19d2:1224
usr/share/usb_modeswitch/19d2:1227
usr/share/usb_modeswitch/19d2:1514
usr/share/usb_modeswitch/19d2:1517
usr/share/usb_modeswitch/19d2:1520
usr/share/usb_modeswitch/19d2:1523
usr/share/usb_modeswitch/19d2:1528
usr/share/usb_modeswitch/19d2:1542
usr/share/usb_modeswitch/19d2:2000
usr/share/usb_modeswitch/19d2:bccd
usr/share/usb_modeswitch/19d2:ffde
@@ -216,6 +246,7 @@ usr/share/usb_modeswitch/1a8d:1000
usr/share/usb_modeswitch/1a8d:2000
usr/share/usb_modeswitch/1ab7:5700
usr/share/usb_modeswitch/1b7d:0700
usr/share/usb_modeswitch/1bbb:000f
usr/share/usb_modeswitch/1bbb:00ca
usr/share/usb_modeswitch/1bbb:f000
usr/share/usb_modeswitch/1bbb:f017
@@ -226,6 +257,7 @@ usr/share/usb_modeswitch/1c9e:9200
usr/share/usb_modeswitch/1c9e:9800
usr/share/usb_modeswitch/1c9e:98ff
usr/share/usb_modeswitch/1c9e:9e00
usr/share/usb_modeswitch/1c9e:9e08
usr/share/usb_modeswitch/1c9e:f000
usr/share/usb_modeswitch/1da5:f000
usr/share/usb_modeswitch/1dd6:1000
@@ -237,16 +269,28 @@ usr/share/usb_modeswitch/1ee8:0009
usr/share/usb_modeswitch/1ee8:0013
usr/share/usb_modeswitch/1ee8:0040
usr/share/usb_modeswitch/1ee8:004a
usr/share/usb_modeswitch/1ee8:0054
usr/share/usb_modeswitch/1ee8:0060
usr/share/usb_modeswitch/1ee8:0063
usr/share/usb_modeswitch/1ee8:0068
usr/share/usb_modeswitch/1f28:0021
usr/share/usb_modeswitch/1fac:0032
usr/share/usb_modeswitch/1fac:0130
usr/share/usb_modeswitch/1fac:0150
usr/share/usb_modeswitch/1fac:0151
usr/share/usb_modeswitch/2001:a706
usr/share/usb_modeswitch/2001:a707
usr/share/usb_modeswitch/2001:a708
usr/share/usb_modeswitch/2001:a805
usr/share/usb_modeswitch/2001:a80b
usr/share/usb_modeswitch/201e:1023
usr/share/usb_modeswitch/201e:2009
usr/share/usb_modeswitch/2020:0002
usr/share/usb_modeswitch/2020:f00e
usr/share/usb_modeswitch/2077:1000
usr/share/usb_modeswitch/2077:f000
usr/share/usb_modeswitch/21f5:1000
usr/share/usb_modeswitch/22de:6801
usr/share/usb_modeswitch/22de:6803
usr/share/usb_modeswitch/22f4:0021
usr/share/usb_modeswitch/230d:0001

1
config/rootfiles/core/71/filelists/GeoIP Normal file
View File

@@ -0,0 +1 @@
usr/local/share/GeoIP/GeoIP.dat

6
config/rootfiles/core/71/filelists/files
View File

@@ -3,6 +3,7 @@ etc/issue
var/ipfire/general-functions.pl
var/ipfire/header.pl
var/ipfire/menu.d/10-system.menu
var/ipfire/menu.d/30-network.menu
etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/wlanclient
etc/rc.d/init.d/networking/functions.network
@@ -11,8 +12,13 @@ etc/rc.d/init.d/networking/red
etc/rc.d/rc0.d/K82wlanclient
etc/rc.d/rc3.d/S19wlanclient
etc/rc.d/rc6.d/K82wlanclient
usr/local/bin/dnsmasqctrl
usr/local/bin/wirelessclient
srv/web/ipfire/cgi-bin/dnsforward.cgi
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/pppsetup.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
var/ipfire/general-functions.pl
var/ipfire/langs
var/ipfire/backup/include

2
config/rootfiles/core/71/filelists/hwdata Normal file
View File

@@ -0,0 +1,2 @@
usr/share/hwdata/pci.ids
usr/share/hwdata/usb.ids

1
config/rootfiles/core/71/filelists/oinkmaster Symbolic link
View File

@@ -0,0 +1 @@
../../../common/oinkmaster

1
config/rootfiles/core/71/filelists/snort Symbolic link
View File

@@ -0,0 +1 @@
../../../common/snort

1
config/rootfiles/core/71/filelists/squid Symbolic link
View File

@@ -0,0 +1 @@
../../../common/squid

1
config/rootfiles/core/71/filelists/usb_modeswitch Symbolic link
View File

@@ -0,0 +1 @@
../../../common/usb_modeswitch

1
config/rootfiles/core/71/filelists/usb_modeswitch_data Symbolic link
View File

@@ -0,0 +1 @@
../../../common/usb_modeswitch_data

14
config/rootfiles/core/71/update.sh
View File

@@ -32,8 +32,17 @@ do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
#
# Backup snort.conf
cp -f /etc/snort/snort.conf /etc/snort/snort.conf.backup
#
#Stop services
/etc/init.d/snort stop
#
#Remove old usb-modeswitch file
rm /usr/share/usb_modeswitch/0e8d:0002
#
#Extract files
@@ -44,8 +53,13 @@ extract_files
touch /var/ipfire/ethernet/wireless
chown nobody:nobody /var/ipfire/ethernet/wireless
#
# Import active rules to new snort.conf
grep "^include $RULE_PATH" /etc/snort/snort.conf.backup >> /etc/snort/snort.conf
#
#Start services
/etc/init.d/snort start
#
#Update Language cache

42
config/snort/snort.conf
View File

@@ -3,7 +3,7 @@
#
# some parts of this file are changed/updated by the webif
###################################################
# VERSIONS : 2.9.1.1
# VERSIONS : 2.9.5.0
include /etc/snort/vars
@@ -42,7 +42,7 @@ ipvar FTP_SERVERS $HOME_NET
ipvar SIP_SERVERS $HOME_NET
# List of ports you run web servers on
portvar HTTP_PORTS [80,81,311,444,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,5250,7001,7777,7779,8000,8008,8028,8080,8088,8118,8123,8180,8181,8243,8280,8888,9090,9091,9443,9999,11371,50002,55555]
portvar HTTP_PORTS [80,81,82,83,84,85,86,87,88,89,311,383,444,591,593,631,901,1220,1414,1741,1830,2301,2381,2809,3037,3057,3128,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555]
# List of ports you want to look for SHELLCODE on.
portvar SHELLCODE_PORTS !80
@@ -75,6 +75,14 @@ var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
# If you are using reputation preprocessor set these
# Currently there is a bug with relative paths, they are relative to where snort is
# not relative to snort.conf like the above variables
# This is completely inconsistent with how other vars work, BUG 89986
# Set the absolute path appropriately
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
###################################################
# Step #2: Configure the decoder. For more information, see README.decode
@@ -161,7 +169,7 @@ config pcre_match_limit_recursion: 1500
config detection: search-method ac-split search-optimize max-pattern-len 20
# Configure the event queue. For more information, see README.event_queue
config event_queue: max_queue 8 log 3 order_events content_length
config event_queue: max_queue 8 log 5 order_events content_length
###################################################
## Configure GTP if it is to be used.
@@ -215,6 +223,7 @@ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
# path to dynamic rules libraries
# dynamicdetection directory /usr/local/lib/snort_dynamicrules
###################################################
# Step #5: Configure preprocessors
# For more information, see the Snort Manual, Configuring Snort - Preprocessors
@@ -245,12 +254,12 @@ preprocessor stream5_global: track_tcp yes, \
min_response_seconds 5
preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \
overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \
161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 6666 6667 6668 6669 \
ports client 21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 139 143 \
161 222 445 513 514 587 593 691 1433 1521 1741 2100 3306 6070 6665 6666 6667 6668 6669 \
7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \
ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 5250 7907 7001 7802 7777 7779 \
ports both 80 81 82 83 84 85 86 87 88 89 110 311 383 443 444 465 563 591 593 631 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 7779 \
7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \
7917 7918 7919 7920 8000 8008 8028 8080 8088 8118 8123 8180 8243 8280 8888 9090 9091 9443 9999 11371 50002 55555
7917 7918 7919 7920 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
preprocessor stream5_udp: timeout 180
# performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor
@@ -269,7 +278,7 @@ preprocessor http_inspect_server: server default \
max_headers 100 \
max_spaces 200 \
small_chunk_length { 10 5 } \
ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 50002 55555 } \
ports { 80 81 82 83 84 85 86 87 88 89 311 383 444 591 593 631 901 1220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 6080 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 } \
non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
enable_cookie \
extended_response_inspection \
@@ -286,7 +295,7 @@ preprocessor http_inspect_server: server default \
iis_delimiter no \
iis_unicode no \
multi_slash no \
utf_8 no \
utf_8 no \
u_encode yes \
webroot no
@@ -384,7 +393,7 @@ preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium
# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
# SSH anomaly detection. For more information, see README.ssh
preprocessor ssh: server_ports { 22,222 } \
preprocessor ssh: server_ports { 22 222 } \
autodetect \
max_client_bytes 19600 \
max_encrypted_packets 20 \
@@ -409,7 +418,7 @@ preprocessor ssl: ports { 443 444 465 563 636 989 992 993 994 995 7801 7802 7900
preprocessor sensitive_data: alert_threshold 25
# SIP Session Initiation Protocol preprocessor. For more information see README.sip
preprocessor sip: max_sessions 10000, \
preprocessor sip: max_sessions 40000, \
ports { 5060 5061 5600 }, \
methods { invite \
cancel \
@@ -439,7 +448,7 @@ preprocessor sip: max_sessions 10000, \
max_to_len 256, \
max_via_len 1024, \
max_contact_len 512, \
max_content_len 1024
max_content_len 2048
# IMAP preprocessor. For more information see README.imap
preprocessor imap: \
@@ -465,6 +474,15 @@ preprocessor dnp3: ports { 20000 } \
memcap 262144 \
check_crc
# Reputation preprocessor. For more information see README.reputation
#preprocessor reputation: \
# memcap 500, \
# priority whitelist, \
# nested_ip inner, \
# whitelist $WHITE_LIST_PATH/white_list.rules, \
# blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
# Step #6: Configure output plugins
# For more information, see Snort Manual, Configuring Snort - Output Modules

9
config/squidclamav/squidclamav.conf
View File

@@ -1,6 +1,5 @@
#squid_ip 127.0.0.1
#squid_port 3128
proxy none
squid_ip 127.0.0.1
squid_port 800
#
logfile /var/log/squid/squidclamav.log
redirect http://127.0.0.1:81/clwarn.cgi
@@ -15,7 +14,7 @@ clamd_local /var/run/clamav/clamd
maxsize 5000000
maxredir 30
timeout 60
#trust_cache 1
trust_cache 1
#
# Do not scan standard HTTP images
abort ^.*\.(ico|gif|png|jpg)$
@@ -37,4 +36,4 @@ abortcontent ^video\/x-flv$
abortcontent ^.*application\/x-mms-framed.*$
#
# White list some sites
whitelist .*\.clamav.net
whitelist .*\.clamav.net

3
doc/language_issues.de
View File

@@ -477,6 +477,8 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: emerging rules
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos add subclass
@@ -484,4 +486,3 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: wlanap country

4
doc/language_issues.es
View File

@@ -487,10 +487,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
<<<<<<< HEAD
WARNING: translation string unused: vpn incompatible use of defaultroute
=======
>>>>>>> 1b23ab3... Implement wireless client on RED.
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
@@ -552,6 +549,7 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled

1
doc/language_issues.fr
View File

@@ -549,6 +549,7 @@ WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled

31
doc/language_issues.nl
View File

@@ -460,7 +460,6 @@ WARNING: translation string unused: transparent on
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
WARNING: translation string unused: unencrypted
WARNING: translation string unused: unknown
WARNING: translation string unused: update transcript
WARNING: translation string unused: updates
WARNING: translation string unused: updates is old1
@@ -522,3 +521,33 @@ WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: uptime load average
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
WARNING: untranslated string: wlan client bssid
WARNING: untranslated string: wlan client ccmp
WARNING: untranslated string: wlan client configuration
WARNING: untranslated string: wlan client disconnected
WARNING: untranslated string: wlan client duplicate ssid
WARNING: untranslated string: wlan client edit entry
WARNING: untranslated string: wlan client encryption
WARNING: untranslated string: wlan client encryption none
WARNING: untranslated string: wlan client encryption wep
WARNING: untranslated string: wlan client encryption wpa
WARNING: untranslated string: wlan client encryption wpa2
WARNING: untranslated string: wlan client group cipher
WARNING: untranslated string: wlan client group key algorithm
WARNING: untranslated string: wlan client invalid key length
WARNING: untranslated string: wlan client new entry
WARNING: untranslated string: wlan client new network
WARNING: untranslated string: wlan client pairwise cipher
WARNING: untranslated string: wlan client pairwise key algorithm
WARNING: untranslated string: wlan client pairwise key group key
WARNING: untranslated string: wlan client psk
WARNING: untranslated string: wlan client ssid
WARNING: untranslated string: wlan client tkip
WARNING: untranslated string: wlan client wpa mode
WARNING: untranslated string: wlan client wpa mode all
WARNING: untranslated string: wlan client wpa mode ccmp ccmp
WARNING: untranslated string: wlan client wpa mode ccmp tkip
WARNING: untranslated string: wlan client wpa mode tkip tkip

4
doc/language_issues.pl
View File

@@ -487,10 +487,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
<<<<<<< HEAD
WARNING: translation string unused: vpn incompatible use of defaultroute
=======
>>>>>>> 1b23ab3... Implement wireless client on RED.
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
@@ -552,6 +549,7 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: fireinfo is enabled

5
doc/language_issues.ru
View File

@@ -480,10 +480,7 @@ WARNING: translation string unused: use dov
WARNING: translation string unused: use ibod
WARNING: translation string unused: view log
WARNING: translation string unused: vpn aggrmode
<<<<<<< HEAD
WARNING: translation string unused: vpn incompatible use of defaultroute
=======
>>>>>>> 1b23ab3... Implement wireless client on RED.
WARNING: translation string unused: vpn mtu invalid
WARNING: translation string unused: vpn on blue
WARNING: translation string unused: vpn on green
@@ -542,8 +539,10 @@ WARNING: untranslated string: ccd none
WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: community rules
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: disk access per
WARNING: untranslated string: emerging rules
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
WARNING: untranslated string: extrahd install or load driver

31
doc/language_issues.tr
View File

@@ -460,7 +460,6 @@ WARNING: translation string unused: transparent on
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
WARNING: translation string unused: unencrypted
WARNING: translation string unused: unknown
WARNING: translation string unused: update transcript
WARNING: translation string unused: updates
WARNING: translation string unused: updates is old1
@@ -517,3 +516,33 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
WARNING: untranslated string: wlan client bssid
WARNING: untranslated string: wlan client ccmp
WARNING: untranslated string: wlan client configuration
WARNING: untranslated string: wlan client disconnected
WARNING: untranslated string: wlan client duplicate ssid
WARNING: untranslated string: wlan client edit entry
WARNING: untranslated string: wlan client encryption
WARNING: untranslated string: wlan client encryption none
WARNING: untranslated string: wlan client encryption wep
WARNING: untranslated string: wlan client encryption wpa
WARNING: untranslated string: wlan client encryption wpa2
WARNING: untranslated string: wlan client group cipher
WARNING: untranslated string: wlan client group key algorithm
WARNING: untranslated string: wlan client invalid key length
WARNING: untranslated string: wlan client new entry
WARNING: untranslated string: wlan client new network
WARNING: untranslated string: wlan client pairwise cipher
WARNING: untranslated string: wlan client pairwise key algorithm
WARNING: untranslated string: wlan client pairwise key group key
WARNING: untranslated string: wlan client psk
WARNING: untranslated string: wlan client ssid
WARNING: untranslated string: wlan client tkip
WARNING: untranslated string: wlan client wpa mode
WARNING: untranslated string: wlan client wpa mode all
WARNING: untranslated string: wlan client wpa mode ccmp ccmp
WARNING: untranslated string: wlan client wpa mode ccmp tkip
WARNING: untranslated string: wlan client wpa mode tkip tkip

359
html/cgi-bin/dnsforward.cgi Normal file
View File

@@ -0,0 +1,359 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %cgiparams=();
my %checked=();
my %selected=();
my $errormessage = '';
my $filename = "${General::swroot}/dnsforward/config";
my $changed = 'no';
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
&Header::showhttpheaders();
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'ZONE'} = '';
$cgiparams{'FORWARD_SERVER'} = '';
$cgiparams{'REMARK'} ='';
&Header::getcgihash(\%cgiparams);
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
###
# Add / Edit entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
{
# Check if the entered domainname is valid.
unless (&General::validdomainname($cgiparams{'ZONE'})) {
$errormessage = $Lang::tr{'invalid domain name'};
}
# Check if the settings for the forward server are valid.
unless(&General::validip($cgiparams{'FORWARD_SERVER'})) {
$errormessage = $Lang::tr{'invalid ip'};
}
# Go further if there was no error.
if ( ! $errormessage)
{
# Check if a remark has been entered.
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
# Check if we want to edit an existing or add a new entry.
if($cgiparams{'EDITING'} eq 'no') {
open(FILE,">>$filename") or die 'Unable to open config file.';
flock FILE, 2;
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
} else {
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'EDITING'} eq $id) {
print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
} else { print FILE "$line"; }
}
}
close(FILE);
undef %cgiparams;
$changed = 'yes';
} else {
# stay on edit mode if an error occur
if ($cgiparams{'EDITING'} ne 'no')
{
$cgiparams{'ACTION'} = $Lang::tr{'edit'};
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Remove existing entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'remove'})
{
my $id = 0;
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Toggle Enable/Disable for entries.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'})
{
open(FILE, ">$filename") or die 'Unable to open config file.';
flock FILE, 2;
my $id = 0;
foreach my $line (@current)
{
$id++;
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
else
{
chomp($line);
my @temp = split(/\,/,$line);
print FILE "$cgiparams{'ENABLE'},$temp[1],$temp[2],$temp[3]\n";
}
}
close(FILE);
# Restart dnsmasq.
system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
}
###
# Read items for edit mode.
#
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
{
my $id = 0;
foreach my $line (@current)
{
$id++;
if ($cgiparams{'ID'} eq $id)
{
chomp($line);
my @temp = split(/\,/,$line);
$cgiparams{'ENABLED'} = $temp[0];
$cgiparams{'ZONE'} = $temp[1];
$cgiparams{'FORWARD_SERVER'} = $temp[2];
$cgiparams{'REMARK'} = $temp[3];
}
}
}
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
&Header::openpage($Lang::tr{'dnsforward configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
###
# Error messages layout.
#
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
print "&nbsp;</class>\n";
&Header::closebox();
}
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
my $buttontext = $Lang::tr{'add'};
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
$buttontext = $Lang::tr{'update'};
} else {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
}
###
# Content of the main page.
#
print <<END
<table width='100%'>
<tr>
<td width='20%' class='base'><font>$Lang::tr{'dnsforward zone'}:</font></td>
<td><input type='text' name='ZONE' value='$cgiparams{'ZONE'}' size='24' /></td>
<td width='30%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
</tr>
<tr>
<td width='20%' class='base'><font>$Lang::tr{'dnsforward forward_server'}:</font></td>
<td><input type='text' name='FORWARD_SERVER' value='$cgiparams{'FORWARD_SERVER'}' size='24' /></td>
</tr>
</table>
<table width='100%'>
<tr>
<td width ='20%' class='base'><font class='boldbase'>$Lang::tr{'remark'}:</font>&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
</tr>
</table>
<hr>
<table width='100%'>
<tr>
<td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font></td>
<td width='40%' align='center'>
<input type='hidden' name='ACTION' value='$Lang::tr{'add'}' />
<input type='submit' name='SUBMIT' value='$buttontext' />
</td>
</tr>
</table>
END
;
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
print "<input type='hidden' name='EDITING' value='$cgiparams{'ID'}' />\n";
} else {
print "<input type='hidden' name='EDITING' value='no' />\n";
}
&Header::closebox();
print "</form>\n";
###
# Existing rules.
#
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward entries'});
print <<END
<table width='100%'>
<tr>
<td width='35%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward zone'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward forward_server'}</b></td>
<td width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
<td width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
</tr>
END
;
# If something has happened re-read config
if($cgiparams{'ACTION'} ne '' or $changed ne 'no')
{
open(FILE, $filename) or die 'Unable to open config file.';
@current = <FILE>;
close(FILE);
}
###
# Re-read entries and highlight selected item for editing.
#
my $id = 0;
foreach my $line (@current)
{
$id++;
chomp($line);
my @temp = split(/\,/,$line);
my $toggle = '';
my $gif = '';
my $gdesc = '';
my $toggle = '';
if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
print "<tr bgcolor='${Header::colouryellow}'>\n"; }
elsif ($id % 2) {
print "<tr bgcolor='$color{'color22'}'>\n"; }
else {
print "<tr bgcolor='$color{'color20'}'>\n"; }
if ($temp[0] eq 'on') { $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};}
else { $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; }
###
# Display edit page.
#
print <<END
<td align='center'>$temp[1]</td>
<td align='center'>$temp[2]</td>
<td align='center'>$temp[3]</td>
<td align='center'>
<form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ENABLE' value='$toggle' />
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
</form>
</td>
<td align='center'>
<form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
<input type='hidden' name='ID' value='$id' />
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
</form>
</td>
</tr>
END
;
}
print "</table>\n";
###
# Print the legend at the bottom if there are any configured entries.
#
# Check if the file size is zero - no existing entries.
if ( ! -z "$filename") {
print <<END
<table>
<tr>
<td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
<td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
;
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();

13
html/cgi-bin/ids.cgi
View File

@@ -263,9 +263,11 @@ if (-e "/etc/snort/snort.conf") {
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2940.tar.gz/$snortsettings{'OINKCODE'}";
$url=" http://www.snort.org/sub-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/$snortsettings{'OINKCODE'}";
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz";
} else {
$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
}
@@ -274,8 +276,9 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
{
$errormessage = $Lang::tr{'invalid input for oink code'} unless (
($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/) ||
($snortsettings{'RULESTYPE'} eq 'nothing' ) ||
($snortsettings{'RULESTYPE'} eq 'community' ));
($snortsettings{'RULES'} eq 'nothing' ) ||
($snortsettings{'RULES'} eq 'emerging' ) ||
($snortsettings{'RULES'} eq 'community' ));
&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
if ($snortsettings{'ENABLE_SNORT'} eq 'on')
@@ -402,6 +405,7 @@ $checked{'ENABLE_GUARDIAN'}{'on'} = '';
$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
@@ -515,6 +519,7 @@ print <<END
<tr>
<td><select name='RULES'>
<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>

43
html/cgi-bin/proxy.cgi
View File

@@ -381,7 +381,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
}
}
if (!($proxysettings{'FILEDESCRIPTORS'} =~ /^\d+/) ||
($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 16384))
($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTORS'} > 65536))
{
$errormessage = $Lang::tr{'proxy errmsg filedescriptors'};
goto ERROR;
@@ -699,6 +699,16 @@ if (!$errormessage)
&read_acls;
}
# ------------------------------------------------------------------
# Hook to regenerate the configuration files, if cgi got called from command line.
if ($ENV{"REMOTE_ADDR"} eq "") {
writeconfig();
exit(0);
}
# -------------------------------------------------------------------
$checked{'ENABLE'}{'off'} = '';
$checked{'ENABLE'}{'on'} = '';
$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'";
@@ -3061,12 +3071,6 @@ icp_port 0
END
;
# Include file with user defined settings.
if (-e "/etc/squid/squid.conf.pre.local") {
print FILE "include /etc/squid/squid.conf.pre.local\n\n";
}
print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
@@ -3448,6 +3452,19 @@ END
close (ACL);
}
if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
# Check if squidclamav is enabled.
if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
print FILE "\n#Settings for squidclamav:\n";
print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n";
print FILE "acl to_localhost dst 127.0.0.0/8\n";
print FILE "acl purge method PURGE\n";
print FILE "http_access deny to_localhost\n";
print FILE "http_access allow localhost\n";
print FILE "http_access allow purge localhost\n";
print FILE "http_access deny purge\n";
print FILE "url_rewrite_access deny localhost\n";
}
print FILE <<END
#Access to squid:
@@ -3963,6 +3980,18 @@ END
print FILE "include /etc/squid/squid.conf.local\n";
}
close FILE;
# Proxy settings for squidclamav - if installed.
#
# Check if squidclamav is enabled.
if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
my $configfile='/etc/squidclamav.conf';
my $data = &General::read_file_utf8($configfile);
$data =~ s/squid_port [0-9]+/squid_port $proxysettings{'PROXY_PORT'}/g;
&General::write_file_utf8($configfile, $data);
}
}
# -------------------------------------------------------------------

8
langs/de/cgi-bin/de.pl
View File

@@ -526,7 +526,6 @@
'clock last synchronized at' => 'Die Uhr wurde zuletzt synchronisiert um',
'comment' => 'Kommentar',
'common name' => 'Gemeinsamer Name',
'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Kompression',
'compression' => 'Kompression:',
'computer to modem rate' => 'Übertragungsrate zwischen Computer und Modem:',
@@ -715,6 +714,13 @@
'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!',
'dns server' => 'DNS Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS-Weiterleitung',
'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen:',
'dnsforward configuration' => 'Einstellungen für DNS Weiterleitung',
'dnsforward edit an entry' => 'Existierenden Eintrag bearbeiten:',
'dnsforward entries' => 'Aktuelle Einträge:',
'dnsforward forward_server' => 'DNS-Server',
'dnsforward zone' => 'Zone',
'do not log this port list' => 'Verwerfe diese Port-Liste kurz bevor sie protokolliert werden (reduziert Protokollgröße)',
'dod' => 'Dial-on-Demand-Modus',
'dod for dns' => 'Dial-on-Demand für DNS:',

10
langs/en/cgi-bin/en.pl
View File

@@ -545,7 +545,7 @@
'clock last synchronized at' => 'Clock was last synchronized at',
'comment' => 'Description:',
'common name' => 'Common name',
'community rules' => 'Emergingthreats.net Community Rules',
'community rules' => 'Snort/VRT GPLv2 Community Rules',
'comp-lzo' => 'LZO-Compression:',
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
@@ -737,6 +737,13 @@
'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!',
'dns server' => 'DNS Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS forwarding',
'dnsforward add a new entry' => 'Add a new entry:',
'dnsforward configuration' => 'DNS forward configuration',
'dnsforward edit an entry' => 'Edit an existing entry:',
'dnsforward entries' => 'Current entries:',
'dnsforward forward_server' => 'Nameserver',
'dnsforward zone' => 'Zone',
'do not log this port list' => 'Drop this port list just before they are logged (reduces log size)',
'dod' => 'Dial on Demand',
'dod for dns' => 'Dial on Demand for DNS:',
@@ -801,6 +808,7 @@
'eg' => 'e.g.:',
'email server can not be empty' => 'E-mail server can not be empty',
'emailreportlevel' => 'E-mailreportlevel',
'emerging rules' => 'Emergingthreats.net Community Rules',
'empty' => 'This field may be left blank',
'empty profile' => 'empty',
'enable ignore filter' => 'Enable ignore filter',

3
langs/nl/cgi-bin/nl.pl
View File

@@ -538,7 +538,7 @@
'clock last synchronized at' => 'Klok was voor het laatst gesynchroniseerd om',
'comment' => 'Omschrijving:',
'common name' => 'Algemene naam',
'community rules' => 'Emergingthreats.net community regels',
'community rules' => 'Snort/VRT GPLv2 community regels',
'comp-lzo' => 'LZO-Compressie:',
'compression' => 'Compressie:',
'computer to modem rate' => 'Computer naar modem rato:',
@@ -794,6 +794,7 @@
'eg' => 'bijv.:',
'email server can not be empty' => 'E-mailserver mag niet leeg zijn',
'emailreportlevel' => 'E-mailrapport detailniveau',
'emerging rules' => 'Emergingthreats.net community regels',
'empty' => 'Dit veld mag niet leeg worden gelaten',
'empty profile' => 'leeg',
'enable ignore filter' => 'Inschakelen negeer-filter',

1
langs/pl/cgi-bin/pl.pl
View File

@@ -499,7 +499,6 @@
'clock last synchronized at' => 'Ostatnia synchronizacja zegara: ',
'comment' => 'Opis:',
'common name' => 'Common name',
'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'Kompresja LZO:',
'compression' => 'Kompresja:',
'computer to modem rate' => 'Szybkość połączenia z komputerem:',

1
langs/ru/cgi-bin/ru.pl
View File

@@ -497,7 +497,6 @@
'clock last synchronized at' => 'В последний раз время синхронизировалось в',
'comment' => 'Description:',
'common name' => 'Короткое имя',
'community rules' => 'Emergingthreats.net Community Rules',
'comp-lzo' => 'LZO-Сжатие:',
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',

3
langs/tr/cgi-bin/tr.pl
View File

@@ -545,7 +545,7 @@
'clock last synchronized at' => 'Saatin son olarak eşitlendiği zaman:',
'comment' => 'Açıklama:',
'common name' => 'Ortak ad',
'community rules' => 'Emergingthreats.net Topluluk Kuralları',
'community rules' => 'Snort/VRT GPLv2 Topluluk Kuralları',
'comp-lzo' => 'LZO-Sıkıştırması:',
'compression' => 'Sıkıştırma:',
'computer to modem rate' => 'Bilgisayarın modem hızı:',
@@ -801,6 +801,7 @@
'eg' => 'e.g.:',
'email server can not be empty' => 'E-posta sunucusu boş olamaz',
'emailreportlevel' => 'E-posta rapor seviyesi',
'emerging rules' => 'Emergingthreats.net Topluluk Kuralları',
'empty' => 'Bu alan boş bırakılabilir',
'empty profile' => 'boş',
'enable ignore filter' => 'Aktif filtreyi yoksay',

4
lfs/GeoIP
View File

@@ -25,7 +25,7 @@
include Config
VER = 1.17
DATVER = 07052013
DATVER = 02072013
THISAPP = Geo-IP-PurePerl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
$(DL_FILE)_MD5 = 42a6b9d4dd2563a20c8998556216e1de
GeoIP.dat-$(DATVER).gz_MD5 = 634d72f4ffbb2de57efa468add572d38
GeoIP.dat-$(DATVER).gz_MD5 = 25d59395b43d676fcbab05e7610a7b58
install : $(TARGET)

1
lfs/oinkmaster
View File

@@ -69,6 +69,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/oinkmaster-2.0-add_community_rules.patch
cd $(DIR_APP) && chown nobody:nobody oinkmaster.pl
cd $(DIR_APP) && cp -f oinkmaster.conf /var/ipfire/snort/
cd /var/ipfire/snort && patch -Np1 < $(DIR_SRC)/src/patches/oinkmaster-tmp.patch

7
lfs/snort
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2010 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 2.9.4
VER = 2.9.5
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = e79ee6b4fbb32edc5dfed2d7dfcc6813
$(DL_FILE)_MD5 = f5fc0e176afca5989d47509478758fc7
install : $(TARGET)
@@ -86,6 +86,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
etc/reference.config etc/classification.config /etc/snort/rules
cd $(DIR_APP) && install -m 0644 etc/unicode.map /etc/snort
install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort
cp /etc/snort/snort.conf /etc/snort/snort.conf.template
chown -R nobody:nobody /etc/snort
-mkdir -p /var/log/snort
chown -R snort:snort /var/log/snort

4
lfs/squid
View File

@@ -87,8 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-referer-log \
--enable-snmp \
--with-pthreads --with-dl \
--with-maxfd="16384" \
--with-filedescriptors=16384 \
--with-maxfd="65536" \
--with-filedescriptors=65536 \
--with-large-files \
--with-aio \
--enable-async-io=8 \

3
lfs/squidclamav
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = squidclamav
PAK_VER = 15
PAK_VER = 17
DEPS = "clamav"
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make install
install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf

6
lfs/usb_modeswitch
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 1.2.4
VER = 1.2.6
THISAPP = usb-modeswitch-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = dbd4ce7966d7b4a5a0604a8280f7164d
$(DL_FILE)_MD5 = 3cd804ad2dd4cb61fbd77a5cc033496c
install : $(TARGET)

6
lfs/usb_modeswitch_data
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 20120815
VER = 20130610
THISAPP = usb-modeswitch-data-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 12d7de3210e45ad6f48791d12bbdbf61
$(DL_FILE)_MD5 = 52dff3f54e0c01dad02639d642e089e0
install : $(TARGET)

4
make.sh
View File

@@ -17,7 +17,7 @@
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org>. #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org>. #
# #
############################################################################
#
@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
CORE="71" # Core Level (Filename)
PAKFIRE_CORE="70" # Core Level (PAKFIRE)
PAKFIRE_CORE="71" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir

1613
src/hwdata/pci.ids
View File

File diff suppressed because it is too large Load Diff

6
src/hwdata/usb.ids
View File

@@ -9,8 +9,8 @@
# The latest version can be obtained from
# http://www.linux-usb.org/usb.ids
#
# Version: 2013.03.25
# Date: 2013-03-25 20:34:03
# Version: 2013.05.24
# Date: 2013-05-24 20:34:03
#
# Vendors, devices and interfaces. Please keep sorted.
@@ -9812,6 +9812,8 @@
0955 NVidia Corp.
7030 Tegra 3 (recovery mode)
7100 Notion Ink Adam
b400 SHIELD (debug)
b401 SHIELD
0956 BSquare Corp.
0957 Agilent Technologies, Inc.
0200 E-Video DC-350 Camera

26
src/initscripts/init.d/dnsmasq
View File

@@ -22,6 +22,26 @@ fi
SHOW_SRV=1
function dns_forward_args() {
local file="${1}"
# Do nothing if file is empty.
[ -s "${file}" ] || return
local cmdline
local enabled zone server remark
while IFS="," read -r enabled zone server remark; do
# Line must be enabled.
[ "${enabled}" = "on" ] || continue
cmdline="${cmdline} --server=/${zone}/${server}"
done < ${file}
echo "${cmdline}"
}
case "${1}" in
start)
# kill already running copy of dnsmasq...
@@ -47,8 +67,12 @@ case "${1}" in
fi
fi
[ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf"
ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`"
# Add custom forward dns zones.
ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
ARGS="$ARGS $CUSTOM_ARGS"
loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS

5
src/misc-progs/Makefile
View File

@@ -33,7 +33,7 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable wirelessclient
getconntracktable wirelessclient dnsmasqctrl
SUID_UPDX = updxsetperms
install : all
@@ -161,3 +161,6 @@ getconntracktable: getconntracktable.c setuid.o ../install+setup/libsmooth/varva
wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o -o $@
dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@

34
src/misc-progs/dnsmasqctrl.c Normal file
View File

@@ -0,0 +1,34 @@
/* This file is part of the IPFire Firewall.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "setuid.h"
int main(int argc, char *argv[]) {
if (!(initsetuid()))
exit(1);
if (argc < 2) {
fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/dnsmasq restart");
} else {
fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n");
exit(1);
}
return 0;
}

2
src/pakfire/pakfire.conf
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #

10
src/paks/squidclamav/update.sh
View File

@@ -35,4 +35,14 @@ if [ "$VERSION" -lt "11" ]; then
sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
fi
if [ "$VERSION" -lt "16" ]; then
sed -e "s/proxy none//g" -i /etc/squidclamav.conf
sed -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
-e "s/^#squid_port 3128/squid_port 800/g" \
-e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf
# Regenerate configuration files.
perl /srv/web/ipfire/cgi-bin/proxy.cgi
fi
/etc/init.d/squid restart

14
src/patches/oinkmaster-2.0-add_community_rules.patch Normal file
View File

@@ -0,0 +1,14 @@
diff -Naur oinkmaster-2.0.org/oinkmaster.pl oinkmaster-2.0/oinkmaster.pl
--- oinkmaster-2.0.org/oinkmaster.pl 2007-04-20 05:20:32.000000000 +0200
+++ oinkmaster-2.0/oinkmaster.pl 2013-07-15 16:46:40.000000000 +0200
@@ -1159,6 +1159,10 @@
}
}
+ # hack for community-ruleset.
+ if (-d "$dir/community-rules") {
+ move("$dir/community-rules","$dir/$rules_dir");
+ }
# Make sure that non-empty rules directory existed in archive.
# We permit empty rules directory if min_files is set to 0 though.
clean_exit("$url: no \"$rules_dir\" directory found in tar file.")

13
src/patches/squidclamav-5.11-dont_use_ipv6.patch Normal file
View File

@@ -0,0 +1,13 @@
diff -Nur a/src/squidclamav.c b/src/squidclamav.c
--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100
+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200
@@ -413,6 +413,9 @@
/* Suppress error: SSL certificate problem, verify that the CA cert is OK */
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);
+
+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */
+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
}
}
/* create a squidguard child process and setup pipes */