dns.cgi: fix type error

replace '$' with '&' to call Header::escape, likely type error. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
unbound: upgrade to 1.22.0
2026-04-09 18:45:54 +02:00 · 2025-12-03 20:05:31 +00:00 · 2025-12-03 20:02:09 +00:00 · 2025-12-03 19:59:48 +00:00 · 2025-11-15 19:48:38 +00:00 · 2025-11-15 19:41:58 +00:00
134 changed files with 12491 additions and 15438 deletions
--- a/README.md
+++ b/README.md
@@ -1,24 +1,54 @@
-# BPFire - eBPF Network Firewall and Load Balancer
+# BPFire - eBPF Network Firewall OS (eBPF 网络防火墙）

 # What is BPFire?

-BPFire is fork of IPFire 2.x, a hardened, versatile, state-of-the-art Open Source firewall based on Linux. BPFire is an eBPF networking centric Linux OS distribution that is easy for users to install and use. Current supported eBPF network application features:
+BPFire is fork of [IPFire 2.x](https://github.com/ipfire/ipfire-2.x), a hardened, versatile, state-of-the-art Open Source firewall based on Linux. BPFire is to enable revolutionary [eBPF](https://ebpf.io/) technology for non-tech savvy users, make eBPF technology consumable to home users or any size of organizations to secure their network environment. Current supported eBPF network application features:
+
+BPFire 基于IPFire 2.x, 一个基于Linux的安全坚固、多功能、先进的开源防火墙. BPFire 为普罗大众带来革命创新性的eBPF技术，为家庭用户或任何大小组织企业的网络安全保驾护航. 当前支持的eBPF应用包括：

 1. XDP DDoS protection, See XDP SYNPROXY stops 10G DDoS SYN flood [here](https://www.youtube.com/watch?v=81Hgoy-x1A4)
-2. eBPF based LoxiLB load balancer, overall load balancer features located [here](https://loxilb-io.github.io/loxilbdocs/#overall-features-of-loxilb)
+2. XDP UDP DDoS online game protection
+3. XDP DNS domain blocklist, ratelimit protection
+4. XDP SSL/TLS server name indicator (SNI) blocklist
+5. XDP GeoIP/Country blocklist
+6. XDP multi attachment and capture mode for Intrusion Detection System Suricata in IPS mode
+7. eBPF based LoxiLB load balancer, Firewall, Proxy, see full features [LoxiLB](https://loxilb-io.github.io/loxilbdocs/#overall-features-of-loxilb)

-# Where can I get BPFire installation image?
+# Where can I get support?

-https://drive.google.com/drive/folders/1HPJTWP6wi5gPd5gyiiKvIhWipqguptzZ?usp=drive_link
+Open github issue or [discord](https://discord.gg/EakRJaU8NG)

-# How do I use this software?
+# Where can I get BPFire installation ISO or LoongFire flash image?

-BPFire XDP DDoS feature demo:
+中国大陆用户下载地址:

-[![Enable IPFire eBPF XDP DDoS from WebUI](http://img.youtube.com/vi/1pdNgoP-Kho/0.jpg)](https://www.youtube.com/watch?v=1pdNgoP-Kho "Enable IPFire eBPF XDP DDoS from WebUI")
+[bpfire](https://www.vcn.bc.ca/~vli/bpfire/)

-IPFire have a long and detailed wiki located [here](https://wiki.ipfire.org/) which
-should answers most of your questions for IPFire.
+[loongfire](https://www.vcn.bc.ca/~vli/loongfire/)
+
+Other download site:
+
+[bpfire.net](https://bpfire.net/download/)
+
+# What computer hardwares BPFire support?
+
+BPFire support commodity computer hardware, small or large, old or new, cheap or expensive.
+
+for example:
+
+[X86 mini PC](https://www.aliexpress.com/w/wholesale-home-firewall-router.html?spm=a2g0o.best.search.0)
+
+[LoongArch mini PC](https://www.aliexpress.us/item/3256807861547435.html?spm=a2g0o.order_list.order_list_main.5.6c6c1802f4v4tf&gatewayAdapt=glo2usa)
+
+# How do I install BPFire?
+
+flash the ISO to USB on Linux machine, /dev/sdc is your USB thrumb drive.
+
+`dd if=bpfire-2.29-core184-x86_64.iso of=/dev/sdc status=progress`
+
+BPFire installation on mini industrial PC:
+
+[![BPFire installation on mini industrial PC](http://img.youtube.com/vi/p9iHCe0hXPs/0.jpg)](https://www.youtube.com/watch?v=p9iHCe0hXPs "BPFire installation on mini industrial PC")

 # BPFire SYNPROXY throughput with and without XDP acceleration under 10Gbit DDoS SYN flood:

@@ -53,23 +83,27 @@ Microsoft Hyper-v screen shot:

 ![](./images/hyperv-2.png)

-# But I have some questions left. Where can I get support?
-
-You can ask your question by open github issue report or discussion or
-You can ask your question at ipfire community located [here](https://community.ipfire.org/) that is IPFire related.
-
 # How to build BPFire?

 Build Environment Setup https://www.ipfire.org/docs/devel/ipfire-2-x/build-initial

-git clone https://github.com/vincentmli/BPFire.git
+(It takes a few hours to build image for first build depending on build machine power)

-cd BPFire
+for example on Ubuntu 22.04 LTS:

-git checkout bpfire
+```
+apt install git-core g++ manpages-pl patch byacc make autoconf automake libltdl-dev

-get BPFire source tar balls https://drive.google.com/file/d/1YjTzik4xw0JxFDldLZdVw1GthXG5QrS_/view?usp=drive_link
+git clone https://github.com/vincentmli/bpfire.git

-tar xvf cache.tar
+cd bpfire
+
+wget --mirror --convert-links --adjust-extension --page-requisites --no-parent --cut-dirs=2 -nH --reject "index.html*" --reject "*.gif" https://www.bpfire.net/download/bpfire/cache/

 ./make.sh build
+
+```
+
+# How do I support BPFire development?
+
+Join or [Donate to BPFire paypal](https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD)
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -26,6 +26,7 @@ $General::swroot = 'CONFIG_ROOT';
 $General::noipprefix = 'noipg-';

 require "${General::swroot}/network-functions.pl";
+require "${General::swroot}/wireguard-functions.pl";

 # This function executes a shell command without forking a shell or do any other
 # Perl-voodoo before it. It deprecates the "system" command and is the only way
@@ -180,7 +181,26 @@ sub setup_default_networks
 			$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
 		}
 	}
+
+	# WireGuard
+	if ($Wireguard::settings{'CLIENT_POOL'}) {
+		my $name = $Lang::tr{'wg rw peers'};
+
+		$defaultNetworks->{$name}{'NAME'} = "WGRW";
+	}
 }
+
+sub set_defaults($$) {
+	my $hash = shift;
+	my $defaults = shift;
+
+	foreach my $key (keys %$defaults) {
+		unless (defined($hash->{$key})) {
+			$hash->{$key} = $defaults->{$key};
+		}
+	}
+}
+
 sub get_aliases
 {
 	
@@ -850,6 +870,14 @@ sub validportrange # used to check a port range
 	}
 }

+# Checks for a valid country code
+sub validcc($) {
+        my $cc = shift;
+
+        # Must contain of exactly two uppercase characters, or must be A1, A2, or A3
+        return ($cc =~ m/^([A-Z]{2}|A[123])$/);
+}
+
 sub IpInSubnet {
 	my $addr = shift;
 	my $network = shift;
--- a/config/cfgroot/haproxy-settings
+++ b/config/cfgroot/haproxy-settings
@@ -0,0 +1 @@
+ENABLE_HAPROXY=off
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -16,6 +16,7 @@ use File::Basename;
 use HTML::Entities();
 use Socket;
 use Time::Local;
+use Unicode::Normalize;

 our %color = ();
 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
@@ -35,6 +36,7 @@ $Header::colouryellow = '#FFFF00';
 $Header::colourgreen = '#339933';
 $Header::colourblue = '#333399';
 $Header::colourovpn = '#339999';
+$Header::colourwg = '#ff007f';
 $Header::colourfw = '#000000';
 $Header::colourvpn = '#990099';
 $Header::colourerr = '#FF0000';
@@ -362,6 +364,18 @@ sub escape($) {
 	return HTML::Entities::encode_entities($s);
 }

+sub normalize($) {
+	my $s = shift;
+
+	# Remove any special characters
+	$s = &Unicode::Normalize::NFKD($s);
+
+	# Remove any whitespace and replace with dash
+	$s =~ s/\s+/\-/g;
+
+	return $s;
+}
+
 sub cleanhtml {
 	my $outstring =$_[0];
 	$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
--- a/config/cfgroot/loxilb-FWconfig.txt
+++ b/config/cfgroot/loxilb-FWconfig.txt
@@ -1 +1 @@
-{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}
+{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"onDefault":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}
--- a/config/cfgroot/manualpages
+++ b/config/cfgroot/manualpages
@@ -48,6 +48,7 @@ wakeonlan.cgi=configuration/network/wake-on-lan

 #	Services menu
 vpnmain.cgi=configuration/services/ipsec
+wireguard.cgi=configuration/services/wireguard
 ovpnmain.cgi=configuration/services/openvpn
 ddns.cgi=configuration/services/dyndns
 time.cgi=configuration/services/ntp
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -291,6 +291,55 @@ sub get_broadcast($) {
 	return &bin2ip($network_bin ^ ~$netmask_bin);
 }

+sub get_prefix($) {
+        my $network = shift;
+
+        # Convert to binary
+        my ($network_bin, $netmask_bin) = &network2bin($network);
+
+        if (defined $netmask_bin) {
+                my $prefix = 0;
+
+                while (1) {
+                        # End the loop if we have consumed all ones
+                        last if ($netmask_bin == 0);
+
+                        # Increment prefix
+                        $prefix++;
+
+                        # Remove the most-significant one
+                        $netmask_bin <<= 1;
+                        $netmask_bin &= 0xffffffff;
+                }
+
+                return $prefix;
+        }
+
+        return undef;
+}
+
+sub get_netmask($) {
+        my $network = shift;
+
+        # Fetch the prefix
+        my $prefix = &get_prefix($network);
+
+        # Convert to netmask
+        return &convert_prefix2netmask($prefix);
+}
+
+sub normalize_network($) {
+	my $network = shift;
+	my $address = &get_netaddress($network);
+	my $prefix  = &get_prefix($network);
+
+	unless (defined $address && defined $prefix) {
+		return undef;
+	}
+
+	return "${address}/${prefix}";
+}
+
 # Returns True if $address is in $network.
 sub ip_address_in_network($$) {
 	my $address = shift;
--- a/config/cfgroot/wireguard-functions.pl
+++ b/config/cfgroot/wireguard-functions.pl
@@ -0,0 +1,675 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org>               #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+package Wireguard;
+
+use strict;
+use MIME::Base64;
+
+require "/var/ipfire/general-functions.pl";
+require "/var/ipfire/network-functions.pl";
+
+our @DEFAULT_PORTRANGE  = (60000, 62000);
+our $DEFAULT_PORT       = 51820;
+our $DEFAULT_KEEPALIVE  = 25;
+
+# Read the global configuration
+our %settings = ();
+
+if (-e "/var/ipfire/wireguard/settings") {
+	&General::readhash("/var/ipfire/wireguard/settings", \%settings);
+}
+
+# Read all peers
+our %peers = ();
+
+if (-e "/var/ipfire/wireguard/peers") {
+	&General::readhasharray("/var/ipfire/wireguard/peers", \%peers);
+}
+
+# Set any defaults
+&General::set_defaults(\%settings, {
+	"ENABLED"    => "off",
+	"PORT"       => $DEFAULT_PORT,
+	"CLIENT_DNS" => $Network::ethernet{'GREEN_ADDRESS'},
+});
+
+# Returns true if WireGuard is enabled
+sub is_enabled() {
+	return ($settings{'ENABLED'} eq "on");
+}
+
+# Returns the local endpoint
+sub get_endpoint() {
+	my $endpoint = $settings{'ENDPOINT'};
+
+	# If no endpoint is set, we fall back to the FQDN of the firewall
+	if ($endpoint eq "") {
+		$endpoint = $General::mainsettings{'HOSTNAME'} . "." . $General::mainsettings{'DOMAINNAME'};
+	}
+
+	return $endpoint;
+}
+
+# This function generates a set of keys for this host if none exist
+sub generate_keys($) {
+	my $force = shift || 0;
+
+	# Reset any previous keys if re-generation forced
+	if ($force) {
+		$settings{"PRIVATE_KEY"} = undef;
+		$settings{"PUBLIC_KEY"}  = undef;
+	}
+
+	# Return if we already have keys
+	return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"});
+
+	# Generate a new private key
+	unless (defined $settings{'PRIVATE_KEY'}) {
+		# Generate a new private key
+		$settings{"PRIVATE_KEY"} = &generate_private_key();
+
+		# Reset the public key
+		$settings{"PUBLIC_KEY"} = undef;
+	}
+
+	# Derive the public key
+	unless (defined $settings{"PUBLIC_KEY"}) {
+		# Derive the public key
+		$settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"});
+	}
+
+	# Store the configuration file
+	&General::writehash("/var/ipfire/wireguard/settings", \%settings);
+}
+
+# Generates a new private key
+sub generate_private_key() {
+	# Generate a new private key
+	my @output = &General::system_output("wg", "genkey");
+
+	# Store the key
+	foreach (@output) {
+		chomp;
+
+		return $_;
+	}
+
+	# Return undefined on error
+	return undef;
+}
+
+# Takes a private key and derives the public key
+sub derive_public_key($) {
+	my $private_key = shift;
+	my @output = ();
+
+	# Derive the public key
+	if (open(STDIN, "-|")) {
+		@output = &General::system_output("wg", "pubkey");
+	} else {
+		print $private_key . "\n";
+		exit (0);
+	}
+
+	# Return the first line
+	foreach (@output) {
+		chomp;
+
+		return $_;
+	}
+
+	# Return undefined on error
+	return undef;
+}
+
+sub dump($) {
+	my $intf = shift;
+
+	my %dump = ();
+	my $lineno = 0;
+
+	# Fetch the dump
+	my @output = &General::system_output("/usr/local/bin/wireguardctrl", "dump", $intf);
+
+	foreach my $line (@output) {
+		# Increment the line numbers
+		$lineno++;
+
+		# Skip the first line
+		next if ($lineno <= 1);
+
+		# Split the line into its fields
+		my @fields = split(/\t/, $line);
+
+		# Create a new hash indexed by the public key
+		$dump{$fields[0]} = {
+			"psk"                  => $fields[1],
+			"endpoint"             => $fields[2],
+			"allowed-ips"          => $fields[3],
+			"latest-handshake"     => $fields[4],
+			"transfer-rx"          => $fields[5],
+			"transfer-tx"          => $fields[6],
+			"persistent-keepalive" => $fields[7],
+		};
+	}
+
+	return %dump;
+}
+
+sub load_peer($) {
+	my $key = shift;
+
+	my $type = $peers{$key}[1];
+
+	my %peer = (
+		"ENABLED"               => $peers{$key}[0],
+		"TYPE"                  => $type,
+		"NAME"                  => $peers{$key}[2],
+		"PUBLIC_KEY"            => $peers{$key}[3],
+		"PRIVATE_KEY"           => $peers{$key}[4],
+		"PORT"                  => $peers{$key}[5],
+		"ENDPOINT_ADDR"         => $peers{$key}[6],
+		"ENDPOINT_PORT"         => $peers{$key}[7],
+		($type eq "host") ? "CLIENT_ADDRESS" : "REMOTE_SUBNETS"
+		                        => &decode_subnets($peers{$key}[8]),
+		"REMARKS"               => &decode_remarks($peers{$key}[9]),
+		"LOCAL_SUBNETS"         => &decode_subnets($peers{$key}[10]),
+		"PSK"                   => $peers{$key}[11],
+		"KEEPALIVE"             => $peers{$key}[12],
+		"LOCAL_ADDRESS"         => $peers{$key}[13],
+		"INTERFACE"				=> ($type eq "host") ? "wg0" : "wg${key}",
+	);
+
+	return \%peer;
+}
+
+sub get_peer_by_name($) {
+	my $name = shift;
+
+	foreach my $key (keys %peers) {
+		my $peer = &load_peer($key);
+
+		# Return the peer if the name matches
+		if ($peer->{"NAME"} eq $name) {
+			return $peer;
+		}
+	}
+
+	# Return undefined if nothing was found
+	return undef;
+}
+
+sub name_is_valid($) {
+	my $name = shift;
+
+	# The name must be between 1 and 63 characters
+	if (length ($name) < 1 || length ($name) > 63) {
+		return 0;
+	}
+
+	# Only valid characters are a-z, A-Z, 0-9, space and -
+	if ($name !~ /^[a-zA-Z0-9 -]*$/) {
+		return 0;
+	}
+
+	return 1;
+}
+
+sub name_is_free($) {
+	my $name = shift;
+	my $key  = shift || 0;
+
+	foreach my $i (keys %peers) {
+		# Skip the connection with ID
+		next if ($key eq $i);
+
+		# Return if we found a match
+		return 0 if ($peers{$i}[2] eq $name);
+	}
+
+	return 1;
+}
+
+sub key_is_valid($) {
+	my $key = shift;
+
+	# Try to decode the key
+	$key = &MIME::Base64::decode_base64($key);
+
+	# All keys must be 32 bytes long
+	return length($key) == 32;
+}
+
+sub keepalive_is_valid($) {
+	my $keepalive = shift;
+
+	# Must be a number
+	return 0 unless ($keepalive =~ m/^[0-9]+$/);
+
+	# Must be between 0 and 65535 (inclusive)
+	return 0 if ($keepalive lt 0);
+	return 0 if ($keepalive gt 65535);
+
+	return 1;
+}
+
+sub encode_remarks($) {
+	my $remarks = shift;
+
+	# Encode to Base64
+	$remarks = &MIME::Base64::encode_base64($remarks);
+
+	# Remove the trailing newline
+	chomp($remarks);
+
+	return $remarks;
+}
+
+sub decode_remarks($) {
+	my $remarks = shift;
+
+	# Decode from base64
+	return &MIME::Base64::decode_base64($remarks);
+}
+
+sub encode_subnets($) {
+	my @subnets = @_;
+
+	my @formatted = ();
+
+	# wg only handles the CIDR notation
+	foreach my $subnet (@subnets) {
+		my $netaddr = &Network::get_netaddress($subnet);
+		my $prefix  = &Network::get_prefix($subnet);
+
+		next unless (defined $netaddr && defined $prefix);
+
+		push(@formatted, "${netaddr}/${prefix}");
+	}
+
+	# Join subnets together separated by |
+	return join("|", @formatted);
+}
+
+sub decode_subnets($) {
+	my $subnets = shift;
+
+	# Split the string
+	my @subnets = split(/\|/, $subnets);
+
+	return \@subnets;
+}
+
+sub pool_is_in_use($) {
+	my $pool = shift;
+
+	foreach my $key (keys %peers) {
+		my $type    = $peers{$key}[1];
+		my $address = $peers{$key}[6];
+
+		# Check if a host is using an IP address from the pool
+		if ($type eq "host" && &Network::ip_address_in_network($address, $pool)) {
+			return 1;
+		}
+	}
+
+	# No match found
+	return 0;
+}
+
+# Takes the pool and an optional limit of up to how many addresses to return
+sub free_pool_addresses($$) {
+	my $pool = shift;
+	my $limit = shift || 0;
+
+	my @used_addresses = ();
+	my @free_addresses = ();
+
+	# wg0 IP is reserved so put in @used_addresses
+	push(@used_addresses, &Network::ip2bin($settings{'ADDRESS'}));
+
+	# Collect all used addresses
+	foreach my $key (keys %peers) {
+		my $peer = &load_peer($key);
+
+		# Only check hosts
+		next if ($peer->{"TYPE"} ne "host");
+
+		foreach my $address (@{ $peer->{"CLIENT_ADDRESS"} }) {
+			push(@used_addresses, &Network::ip2bin($address));
+		}
+	}
+
+	# Fetch the first address
+	my $address = &Network::get_netaddress($pool);
+
+	# Fetch the last address
+	my $broadcast = &Network::get_broadcast($pool);
+	$broadcast = &Network::ip2bin($broadcast);
+
+	# Walk through all addresses excluding the first and last address.
+	# No technical reason, we just don't want to confuse people.
+	OUTER: for (my $i = &Network::ip2bin($address) + 1; $i < $broadcast; $i++) {
+		# Skip any addresses that already in use
+		foreach my $used_address (@used_addresses) {
+			next OUTER if ($i == $used_address);
+		}
+
+		push(@free_addresses, &Network::bin2ip($i));
+
+		# Check limit
+		last if ($limit > 0 && scalar @free_addresses >= $limit);
+	}
+
+	return @free_addresses;
+}
+
+sub generate_peer_configuration($$) {
+	my $key = shift;
+	my $private_key = shift;
+
+	my @conf = ();
+
+	# Load the peer
+	my $peer = &load_peer($key);
+
+	# Return if we could not find the peer
+	return undef unless ($peer);
+
+	my @allowed_ips = ();
+
+	# Convert all subnets into CIDR notation
+	foreach my $subnet (@{ $peer->{'LOCAL_SUBNETS'} }) {
+		my $netaddress = &Network::get_netaddress($subnet);
+		my $prefix     = &Network::get_prefix($subnet);
+
+		# Skip invalid subnets
+		next if (!defined $netaddress || !defined $prefix);
+
+		push(@allowed_ips, "${netaddress}/${prefix}");
+	}
+
+	# Fetch the endpoint
+	my $endpoint = &get_endpoint();
+
+	# Net-2-Net
+	if ($peer->{'TYPE'} eq "net") {
+		# Derive our own public key
+		my $public_key = &derive_public_key($peer->{'PRIVATE_KEY'});
+
+		push(@conf,
+			"[Interface]",
+			"PrivateKey = $private_key",
+			"ListenPort = $peer->{'ENDPOINT_PORT'}",
+			"",
+			"[Peer]",
+			"Endpoint = ${endpoint}:$peer->{'PORT'}",
+			"PublicKey = $public_key",
+			"PresharedKey = $peer->{'PSK'}",
+			"AllowedIPs = " . join(", ", @allowed_ips),
+			"PersistentKeepalive = $peer->{'KEEPALIVE'}",
+		);
+
+	# Host-2-Net
+	} elsif ($peer->{'TYPE'} eq "host") {
+		# Fetch any DNS servers for hosts
+		my @dns = split(/\|/, $settings{'CLIENT_DNS'});
+
+		push(@conf,
+			"[Interface]",
+			"PrivateKey = $private_key",
+			"Address = @{ $peer->{'CLIENT_ADDRESS'} }/32",
+		);
+
+		# Optionally add DNS servers
+		if (scalar @dns) {
+			push(@conf, "DNS = " . join(", ", @dns));
+		}
+
+		# Finish the [Interface] section
+		push(@conf, "");
+
+		# Add peer configuration
+		push(@conf, (
+			"[Peer]",
+			"Endpoint = ${endpoint}:$settings{'PORT'}",
+			"PublicKey = $settings{'PUBLIC_KEY'}",
+			"PresharedKey = $peer->{'PSK'}",
+			"AllowedIPs = " . join(", ", @allowed_ips),
+			"PersistentKeepalive = $DEFAULT_KEEPALIVE",
+		));
+	}
+
+	return join("\n", @conf);
+}
+
+sub parse_configuration($$) {
+	my $name = shift;
+	my $fh = shift;
+
+	my %peer = (
+		"NAME" => $name,
+	);
+
+	# Collect any errors
+	my @errormessages = ();
+
+	my $section = undef;
+	my $key = undef;
+	my $val = undef;
+
+	# Check if the name is valid
+	unless (&Wireguard::name_is_valid($name)) {
+		push(@errormessages, $Lang::tr{'wg invalid name'});
+	}
+
+	# Check if the name is already taken
+	unless (&Wireguard::name_is_free($name)) {
+		push(@errormessages, $Lang::tr{'wg name is already used'});
+	}
+
+	while (<$fh>) {
+		# Remove line breaks
+		chomp;
+
+		# Remove any carriage returns
+		$_ =~ s/\r$//;
+
+		# Search for section headers
+		if ($_ =~ m/^\[(\w+)\]$/) {
+			$section = $1;
+			next;
+
+		# Search for key = value lines
+		} elsif ($_ =~ m/^(\w+)\s+=\s+(.*)$/) {
+			# Skip anything before the first section header
+			next unless (defined $section);
+
+			# Store keys and values
+			$key = $1;
+			$val = $2;
+
+		# Skip any unhandled lines
+		} else {
+			next;
+		}
+
+		# Interface section
+		if ($section eq "Interface") {
+			# Address
+			if ($key eq "Address") {
+				my $address = &Network::get_netaddress($val);
+				my $prefix  = &Network::get_prefix($val);
+
+				# There must be an address
+				unless ($address) {
+					push(@errormessages, $Lang::tr{'invalid ip address'});
+				}
+
+				# If there was a prefix it must be /32
+				if (defined $prefix) {
+					unless ($prefix == 32) {
+						push(@errormessages, $Lang::tr{'invalid ip address'});
+					}
+				}
+
+				# Store the address
+				$peer{'LOCAL_ADDRESS'} = ${address};
+
+			# ListenPort
+			} elsif ($key eq "ListenPort") {
+				if (&General::validport($val)) {
+					$peer{'PORT'} = $val;
+				} else {
+					push(@errormessages, $Lang::tr{'wg invalid endpoint port'});
+				}
+
+			# PrivateKey
+			} elsif ($key eq "PrivateKey") {
+				if (&key_is_valid($val)) {
+					$peer{'PRIVATE_KEY'} = $val;
+				} else {
+					push(@errormessages, $Lang::tr{'malformed private key'});
+				}
+			}
+
+		# Peer section
+		} elsif ($section eq "Peer") {
+			# PublicKey
+			if ($key eq "PublicKey") {
+				if (&key_is_valid($val)) {
+					$peer{'PUBLIC_KEY'} = $val;
+				} else {
+					push(@errormessages, $Lang::tr{'malformed public key'});
+				}
+
+			# PresharedKey
+			} elsif ($key eq "PresharedKey") {
+				if (&key_is_valid($val)) {
+					$peer{'PSK'} = $val;
+				} else {
+					push(@errormessages, $Lang::tr{'malformed preshared key'});
+				}
+
+			# AllowedIPs
+			} elsif ($key eq "AllowedIPs") {
+				my @networks = split(/,/, $val);
+
+				# Check if all networks are valid
+				foreach my $network (@networks) {
+					# Skip any IPv6 networks
+					next if ($network =~ m/:/);
+
+					unless (&Network::check_subnet($network)) {
+						push(@errormessages, $Lang::tr{'invalid network'} . " $network");
+					}
+				}
+
+				$peer{'REMOTE_SUBNETS'} = \@networks;
+			# Endpoint
+			} elsif ($key eq "Endpoint") {
+				my $address = $val;
+				my $port = $DEFAULT_PORT;
+
+				# Try to separate the port (if any)
+				if ($val =~ m/^(.*):(\d+)$/) {
+					$address = $1;
+					$port    = $2;
+				}
+
+				# Check if we have a valid IP address
+				if (&Network::check_ip_address($address)) {
+					# nothing
+
+				# Check if we have a valid FQDN
+				} elsif (&General::validfqdn($address)) {
+					# nothing
+
+				# Otherwise this fails
+				} else {
+					push(@errormessages, $Lang::tr{'invalid endpoint address'});
+					next;
+				}
+
+				# Store the values
+				$peer{'ENDPOINT_ADDRESS'} = $address;
+				$peer{'ENDPOINT_PORT'}    = $port;
+
+			# PersistentKeepalive
+			} elsif ($key eq "PersistentKeepalive") {
+				# Must be an integer
+				if ($val =~ m/^(\d+)$/) {
+					$peer{'KEEPALIVE'} = $1;
+				} else {
+					push(@errormessages, $Lang::tr{'invalid keepalive interval'});
+				}
+			}
+		}
+	}
+
+	# Check if we have all required properties
+	unless (exists $peer{"PRIVATE_KEY"}) {
+		push(@errormessages, $Lang::tr{'wg missing private key'});
+	}
+
+	unless (exists $peer{"PUBLIC_KEY"}) {
+		push(@errormessages, $Lang::tr{'wg missing public key'});
+	}
+
+	unless (exists $peer{"REMOTE_SUBNETS"}) {
+		push(@errormessages, $Lang::tr{'wg missing allowed ips'});
+	}
+
+	unless (exists $peer{"ENDPOINT_ADDRESS"}) {
+		push(@errormessages, $Lang::tr{'wg missing endpoint address'});
+	}
+
+	unless (exists $peer{"ENDPOINT_PORT"}) {
+		push(@errormessages, $Lang::tr{'wg missing endpoint port'});
+	}
+
+	return \%peer, @errormessages;
+}
+
+sub get_free_port() {
+	my @used_ports = ();
+
+	my $tries = 100;
+
+	# Collect all ports that are already in use
+	foreach my $key (keys %peers) {
+		push(@used_ports, $peers{$key}[5]);
+	}
+
+	my ($port_start, $port_end) = @DEFAULT_PORTRANGE;
+
+	while ($tries-- > 0) {
+		my $port = $port_start + int(rand($port_end - $port_start));
+
+		# Return the port unless it is already in use
+		return $port unless (grep { $port == $_ } @used_ports);
+	}
+
+	return undef;
+}
+
+1;
--- a/config/cfgroot/xdpdns-settings
+++ b/config/cfgroot/xdpdns-settings
@@ -0,0 +1 @@
+ENABLE_DNSBLOCK=on
--- a/config/cfgroot/xdpsni-settings
+++ b/config/cfgroot/xdpsni-settings
@@ -0,0 +1 @@
+ENABLE_SNIBLOCK=on
--- a/config/dnsdist/dnsdist-xsk.conf
+++ b/config/dnsdist/dnsdist-xsk.conf
@@ -0,0 +1,15 @@
+if not inConfigCheck() then
+  xsk = newXsk({ifName='green0', NIC_queue_id=0, frameNums=65536, xskMapPath='/sys/fs/bpf/dnsdist/xsk_map'})
+  addLocal("0.0.0.0:53", {xskSocket=xsk})
+else
+  addLocal("0.0.0.0:53")
+end
+
+newServer("8.8.8.8:53")
+newServer("1.1.1.1:53")
+
+---- newServer({address="8.8.8.8", healthCheckMode='lazy', checkInterval=1, lazyHealthCheckFailedInterval=30, rise=2, maxCheckFailures=3, lazyHealthCheckThreshold=30, lazyHealthCheckSampleSize=100,  lazyHealthCheckMinSampleCount=10, lazyHealthCheckMode='TimeoutOnly'})
+
+---- newServer({address="1.1.1.1", healthCheckMode='lazy', checkInterval=1, lazyHealthCheckFailedInterval=30, rise=2, maxCheckFailures=3, lazyHealthCheckThreshold=30, lazyHealthCheckSampleSize=100,  lazyHealthCheckMinSampleCount=10, lazyHealthCheckMode='TimeoutOnly'})
+
+
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -239,6 +239,8 @@ sub get_std_net_ip
 		return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
 	}elsif($val eq 'RED'){
 		return "0.0.0.0/0";
+	}elsif($val eq 'WGRW'){
+		return $Wireguard::settings{'CLIENT_POOL'};
 	}elsif($val =~ /OpenVPN/i){
 		return "$ovpnsettings{'DOVPN_SUBNET'}";
 	}elsif($val =~ /IPsec/i){
@@ -259,6 +261,10 @@ sub get_interface
 	if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
 		return "$netsettings{'BLUE_DEV'}";
 	}
+	# Wireguard
+	if ($net eq $Wireguard::settings{'CLIENT_POOL'}) {
+		return "wg0";
+	}
 	if($net eq "0.0.0.0/0") {
 		return &get_external_interface();
 	}
@@ -385,6 +391,25 @@ sub get_address
 			push(@ret, [$host_address, ""]);
 		}

+	# WireGuard Peers
+	} elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') {
+		my $peer = &Wireguard::get_peer_by_name($value);
+		if (defined $peer) {
+			my $remotes;
+
+			# Select the remote IP addresses
+			if ($peer->{'TYPE'} eq 'host') {
+				$remotes = $peer->{'CLIENT_ADDRESS'};
+			} elsif ($peer->{'TYPE'} eq 'net') {
+				$remotes = $peer->{'REMOTE_SUBNETS'};
+			}
+
+			# Add all remotes
+			foreach my $remote (@$remotes) {
+				push(@ret, [$remote, $peer->{'INTERFACE'}]);
+			}
+		}
+
 	# OpenVPN networks.
 	} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
 		my $network_address = &get_ovpn_net_ip($value, 1);
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -54,6 +54,7 @@ esac

 HAVE_IPSEC="true"
 HAVE_OPENVPN="true"
+HAVE_WG="true"

 # INPUT

@@ -97,6 +98,14 @@ case "${HAVE_OPENVPN},${POLICY}" in
 		;;
 esac

+# WireGuard INPUT
+case "${HAVE_WG},${POLICY}" in
+	true,MODE1) ;;
+	true,*)
+		iptables -A POLICYIN -i wg+ -j ACCEPT
+		;;
+esac
+
 case "${FWPOLICY2}" in
 	REJECT)
 		if [ "${DROPINPUT}" = "on" ]; then
@@ -149,6 +158,9 @@ case "${POLICY}" in
 		# Grant access for OpenVPN connections
 		iptables -A POLICYFWD -i tun+ -j ACCEPT

+		# Grant access for WireGuard
+		iptables -A POLICYFWD -i wg+ -j ACCEPT
+
 		if [ -n "${IFACE}" ]; then
 			if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
 				iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT
--- a/config/grub2/default
+++ b/config/grub2/default
@@ -1,6 +1,6 @@
 GRUB_TIMEOUT=5
 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
 GRUB_DEFAULT=saved
-GRUB_CMDLINE_LINUX="rd.auto panic=10"
+GRUB_CMDLINE_LINUX="rd.auto crashkernel=512M nmi_watchdog=1 softlockup_panic=1 panic=10"
 GRUB_DISABLE_RECOVERY="true"
 GRUB_BACKGROUND="/boot/grub/splash.png"
--- a/config/grub2/splash.png
+++ b/config/grub2/splash.png
--- a/config/kernel/bpfire-logo-ascii.ppm
+++ b/config/kernel/bpfire-logo-ascii.ppm
@@ -0,0 +1,883 @@
+P3
+63 80
+255
+161 18 12  165 19 14  170 20 15  171 21 16  170 20 15  171 21 16
+173 20 15  173 20 15  171 21 16  171 21 16  171 21 16  173 19 15
+173 20 15  173 19 15  176 18 12  173 19 15  173 20 15  173 20 15
+177 20 14  177 20 14  177 20 14  177 20 14  177 20 14  177 20 14
+177 20 14  177 20 14  177 20 14  176 18 12  174 18 12  176 17 11
+176 18 12  177 20 14  183 19 13  183 19 13  183 19 13  183 19 13
+183 19 13  183 19 13  183 19 13  183 19 13  183 19 13  177 20 14
+177 20 14  183 19 13  177 20 14  173 19 15  177 20 14  177 20 14
+177 20 14  173 19 15  177 20 14  177 20 14  177 20 14  177 20 14
+177 20 14  177 20 14  177 20 14  173 19 15  177 20 14  177 20 14
+177 20 14  168 18 14  164 16 11
+161 18 12  165 19 14  170 20 15  171 21 16  170 20 15  170 20 15
+171 21 16  171 21 16  169 21 14  171 21 16  170 20 15  170 20 15
+170 20 15  173 20 15  173 19 15  173 20 15  173 20 15  173 19 15
+173 19 15  173 19 15  177 20 14  176 18 12  176 18 12  176 18 12
+177 20 14  177 20 14  176 18 12  176 17 11  176 17 11  176 17 11
+176 17 11  176 18 12  177 20 14  177 20 14  177 20 14  177 20 14
+177 20 14  183 19 13  177 20 14  177 20 14  177 20 14  177 20 14
+177 20 14  176 18 12  173 19 15  173 19 15  173 19 15  177 20 14
+173 19 15  173 19 15  173 19 15  173 19 15  176 18 12  177 20 14
+177 20 14  177 20 14  177 20 14  173 19 15  173 20 15  173 20 15
+173 19 15  164 16 11  183 19 13
+160 19 13  168 22 16  168 22 16  171 21 16  168 22 16  168 22 16
+168 22 16  168 22 16  168 22 16  168 22 16  171 21 16  171 21 16
+168 22 16  171 21 16  171 21 16  171 21 16  173 20 15  173 20 15
+173 20 15  173 19 15  173 20 15  173 20 15  173 19 15  173 19 15
+173 19 15  173 19 15  176 18 12  173 19 15  174 18 12  176 17 11
+174 18 12  173 19 15  176 17 11  177 20 14  177 20 14  177 20 14
+177 20 14  177 20 14  177 20 14  177 20 14  177 20 14  173 20 15
+173 20 15  173 20 15  173 20 15  171 21 16  171 21 16  171 21 16
+171 21 16  170 20 15  173 20 15  173 20 15  173 20 15  173 20 15
+173 20 15  173 20 15  173 20 15  171 21 16  171 21 16  173 20 15
+156 15 13  183 19 13  183 19 13
+160 19 13  168 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  168 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  171 21 16  171 21 16  171 21 16  173 20 15  171 21 16
+173 20 15  173 20 15  173 20 15  173 20 15  173 19 15  173 19 15
+173 19 15  173 19 15  174 18 12  174 18 12  176 17 11  173 19 15
+174 18 12  173 19 15  176 24 12  173 19 15  176 18 12  177 20 14
+177 20 14  177 20 14  177 20 14  177 20 14  177 20 14  173 20 15
+173 20 15  173 20 15  173 20 15  171 21 16  173 20 15  173 20 15
+171 21 16  171 21 16  171 21 16  173 20 15  173 20 15  173 20 15
+171 21 16  173 20 15  173 20 15  171 21 16  177 20 14  157 19 14
+183 19 13  183 19 13  183 19 13
+156 15 13  162 20 14  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  171 21 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  171 21 16  171 21 16  173 20 15  173 20 15  171 21 16
+173 20 15  173 20 15  173 20 15  173 20 15  173 19 15  173 19 15
+173 19 15  168 18 14  168 18 14  176 17 11  167 52 24  176 17 11
+176 17 11  176 18 12  173 92 60  177 20 14  177 20 14  176 17 11
+177 20 14  177 20 14  177 20 14  177 20 14  177 20 14  173 20 15
+173 20 15  173 19 15  173 19 15  173 20 15  173 19 15  173 20 15
+171 21 16  171 21 16  171 21 16  173 20 15  171 21 16  171 21 16
+171 21 16  171 21 16  171 21 16  173 20 15  164 19 14  164 16 11
+183 19 13  183 19 13  183 19 13
+157 19 14  162 20 14  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  168 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  171 21 16  171 21 16  171 21 16  171 21 16  164 16 11
+173 20 15  173 19 15  171 21 16  173 19 15  173 19 15  173 19 15
+164 16 11  167 52 24  167 52 24  164 16 11  173 92 60  211 179 117
+176 17 11  176 18 12  164 16 11  167 52 24  175 97 50  176 17 11
+177 20 14  177 20 14  173 19 15  173 19 15  173 19 15  173 20 15
+176 17 11  176 17 11  173 20 15  173 19 15  173 20 15  171 21 16
+171 21 16  171 21 16  173 20 15  173 20 15  171 21 16  171 21 16
+171 21 16  170 20 15  171 21 16  168 22 16  152 14 13  183 19 13
+183 19 13  183 19 13  183 19 13
+156 20 14  162 20 14  168 22 16  168 22 16  160 22 16  160 22 16
+168 22 16  168 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  171 21 16  168 22 16  168 18 14  174 18 12  163 56 28
+173 19 15  168 18 14  176 17 11  183 19 13  164 16 11  168 18 14
+164 16 11  175 97 50  175 97 50  164 16 11  176 17 11  238 229 170
+215 186 121  183 19 13  176 17 11  167 52 24  213 153 88  176 17 11
+177 20 14  176 17 11  183 19 13  183 19 13  164 16 11  176 17 11
+167 52 24  176 24 12  176 17 11  173 20 15  173 20 15  171 21 16
+171 21 16  171 21 16  171 21 16  170 20 15  171 21 16  171 21 16
+171 21 16  168 22 16  168 22 16  151 18 14  183 19 13  183 19 13
+183 19 13  183 19 13  183 19 13
+152 20 15  160 22 16  160 22 16  160 22 16  168 22 16  162 20 14
+168 22 16  168 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+168 22 16  168 22 16  168 18 14  176 24 12  206 199 148  179 118 76
+164 16 11  176 24 12  191 130 98  162 137 108  191 130 98  164 16 11
+164 16 11  176 24 12  176 24 12  177 20 14  183 19 13  211 179 117
+254 255 240  175 96 57  176 17 11  183 19 13  167 52 24  176 17 11
+176 17 11  175 96 57  162 137 108  169 133 98  167 52 24  164 16 11
+167 52 24  206 199 148  167 52 24  176 17 11  173 20 15  173 20 15
+171 21 16  171 21 16  171 21 16  168 22 16  171 21 16  171 21 16
+168 22 16  168 22 16  152 20 15  176 17 11  183 19 13  183 19 13
+183 19 13  183 19 13  183 19 13
+151 18 14  159 21 16  160 22 16  160 22 16  160 22 16  168 22 16
+162 20 14  168 22 16  168 22 16  168 22 16  167 21 14  168 22 16
+168 22 16  168 22 16  164 16 11  191 130 98  243 238 185  176 17 11
+164 16 11  191 130 98  97 69 52  0 0 0  131 94 71  176 111 73
+154 14 11  168 18 14  176 17 11  176 111 73  183 19 13  215 186 121
+254 255 240  221 205 133  183 19 13  176 17 11  164 16 11  164 16 11
+183 19 13  158 125 90  0 0 0  0 0 0  162 137 108  183 19 13
+164 16 11  199 143 96  225 212 158  176 17 11  171 21 16  170 20 15
+171 21 16  171 21 16  170 20 15  171 21 16  171 21 16  168 22 16
+168 22 16  162 20 14  161 18 12  183 19 13  183 19 13  183 19 13
+183 19 13  183 19 13  128 8 8
+151 18 14  156 20 14  160 21 14  160 22 16  160 22 16  168 22 16
+160 22 16  160 22 16  168 22 16  168 22 16  168 22 16  168 22 16
+165 19 14  165 19 14  164 16 11  225 212 158  225 212 158  176 17 11
+183 19 13  131 94 71  91 31 21  243 238 185  91 31 21  162 137 108
+183 19 13  176 24 12  176 24 12  176 17 11  183 19 13  247 246 193
+254 255 233  238 229 170  183 19 13  167 52 24  176 24 12  176 17 11
+199 143 96  91 31 21  225 212 158  162 137 108  97 69 52  173 92 60
+176 17 11  199 143 96  243 238 185  183 19 13  173 20 15  170 20 15
+170 20 15  171 21 16  167 21 14  167 21 14  167 21 14  164 19 14
+168 22 16  150 16 12  183 19 13  183 19 13  183 19 13  183 19 13
+183 19 13  147 12 10  89 3 6
+151 18 14  152 20 15  159 21 16  162 20 14  164 19 14  160 22 16
+160 22 16  167 21 14  168 22 16  168 22 16  168 22 16  165 19 14
+164 19 14  164 19 14  164 16 11  199 163 109  249 249 214  183 19 13
+176 24 12  131 94 71  111 0 3  183 19 13  106 7 8  97 69 52
+199 163 109  211 179 117  183 19 13  183 19 13  211 179 117  254 255 233
+253 255 226  238 229 170  183 19 13  183 19 13  183 19 13  199 143 96
+97 69 52  77 0 3  183 19 13  171 21 16  97 69 52  173 92 60
+176 17 11  238 229 170  225 212 158  176 17 11  173 20 15  170 20 15
+170 20 15  171 21 16  168 18 14  165 19 14  164 19 14  168 18 14
+150 16 12  183 19 13  183 19 13  183 19 13  183 19 13  183 19 13
+164 16 11  109 5 7  77 0 3
+151 18 14  152 20 15  159 21 16  162 20 14  162 20 14  160 22 16
+160 22 16  167 21 14  165 19 14  167 21 14  164 19 14  161 18 12
+165 19 14  164 19 14  164 16 11  176 24 12  249 249 214  191 130 98
+154 14 11  162 137 108  0 0 0  107 0 4  0 0 0  77 0 3
+0 0 0  206 199 148  175 97 50  213 153 88  254 255 233  249 249 214
+254 255 233  215 186 121  193 134 84  167 52 24  191 130 98  91 31 21
+77 0 3  0 0 0  77 0 3  0 0 0  158 125 90  183 19 13
+175 96 57  254 255 210  167 52 24  176 17 11  170 20 15  168 18 14
+168 18 14  171 21 16  168 18 14  164 19 14  167 21 14  156 15 13
+174 18 12  183 19 13  183 19 13  183 19 13  183 19 13  183 19 13
+119 5 9  77 0 3  77 0 3
+151 18 14  156 20 14  159 21 16  160 19 13  162 20 14  162 20 14
+162 20 14  164 19 14  167 21 14  168 22 16  160 19 13  156 15 13
+164 19 14  161 18 12  156 15 13  133 0 5  176 111 73  243 238 185
+133 0 5  173 92 60  162 137 108  97 69 52  162 137 108  91 31 21
+77 0 3  0 0 0  202 183 123  254 255 223  250 251 219  249 249 214
+254 255 233  193 134 84  215 186 121  225 212 158  91 31 21  77 0 3
+78 2 7  158 125 90  97 69 52  131 94 71  173 92 60  154 14 11
+231 215 150  213 153 88  154 14 11  164 16 11  164 16 11  168 18 14
+168 18 14  168 18 14  164 16 11  167 21 14  162 20 14  156 15 13
+183 19 13  183 19 13  183 19 13  183 19 13  183 19 13  128 6 9
+78 2 7  77 0 3  78 2 7
+150 16 12  152 20 15  159 21 16  159 21 16  160 19 13  162 20 14
+160 22 16  160 22 16  165 19 14  168 22 16  164 16 11  156 15 13
+164 16 11  154 14 11  147 12 10  143 19 14  154 43 26  247 246 193
+150 53 31  107 0 4  173 92 60  199 163 109  147 67 48  202 183 123
+97 69 52  77 0 3  97 69 52  252 253 227  254 255 210  254 255 223
+238 229 170  183 19 13  232 217 158  131 94 71  77 0 3  78 2 7
+162 137 108  147 67 48  176 111 73  207 156 97  133 0 5  164 16 11
+238 229 170  173 92 60  147 12 10  154 14 11  167 52 24  174 18 12
+164 16 11  169 21 14  171 21 16  168 18 14  144 14 14  183 19 13
+183 19 13  183 19 13  183 19 13  183 19 13  147 12 10  93 4 6
+77 0 3  78 2 7  91 2 10
+150 16 12  152 20 15  157 23 16  159 21 16  159 21 16  162 20 14
+160 22 16  162 20 14  164 19 14  168 22 16  191 130 98  154 14 11
+163 56 28  199 163 109  133 0 5  151 28 16  173 92 60  254 255 210
+147 67 48  107 0 4  199 143 96  154 63 38  80 0 2  193 134 84
+237 235 180  78 2 7  77 0 3  162 137 108  253 255 226  253 254 208
+193 134 84  183 19 13  202 183 123  91 31 21  77 0 3  162 137 108
+193 134 84  92 0 2  102 0 4  211 179 117  167 52 24  164 16 11
+247 246 193  199 143 96  159 29 16  164 16 11  225 212 158  167 52 24
+164 16 11  199 143 96  167 52 24  147 12 10  183 19 13  183 19 13
+183 19 13  183 19 13  183 19 13  164 16 11  102 4 5  77 0 3
+78 2 7  91 2 10  99 1 11
+150 16 12  152 20 15  157 23 16  157 23 16  159 21 16  160 22 16
+159 21 16  160 21 14  161 18 12  168 22 16  249 249 214  173 92 60
+161 18 12  154 63 38  139 9 7  154 14 11  238 229 170  252 252 206
+139 27 18  131 14 12  247 246 193  150 53 31  116 3 5  211 173 103
+237 223 121  162 137 108  0 0 0  97 69 52  250 251 219  254 255 223
+193 134 84  183 19 13  158 125 90  77 0 3  97 69 52  224 209 127
+208 170 99  137 32 21  120 0 3  243 238 185  173 92 60  164 16 11
+238 229 170  247 246 193  171 21 16  176 17 11  167 52 24  176 17 11
+167 52 24  252 253 227  173 92 60  176 17 11  183 19 13  183 19 13
+183 19 13  183 19 13  183 19 13  114 7 7  77 0 3  78 2 7
+87 1 5  99 1 11  133 0 5
+150 16 12  151 18 14  159 21 16  156 20 14  159 21 16  162 20 14
+160 21 14  160 22 16  164 16 11  176 111 73  254 255 240  176 111 73
+154 14 11  164 16 11  167 52 24  238 229 170  254 255 233  206 199 148
+123 0 2  133 0 5  238 229 170  199 163 109  139 9 7  237 223 121
+213 153 88  221 205 133  91 31 21  77 0 3  206 199 148  206 199 148
+162 137 108  202 183 123  97 69 52  0 0 0  187 167 103  213 153 88
+237 223 121  163 56 28  176 111 73  254 255 233  176 24 12  154 14 11
+199 163 109  254 255 240  238 229 170  167 52 24  176 17 11  176 24 12
+173 92 60  254 255 240  215 186 121  183 19 13  183 19 13  183 19 13
+183 19 13  183 19 13  127 5 8  78 2 7  78 2 7  78 2 7
+99 1 11  128 6 9  122 7 7
+145 15 12  152 20 15  156 20 14  156 20 14  159 21 16  162 20 14
+160 19 13  160 22 16  164 16 11  215 186 121  254 255 240  163 56 28
+176 17 11  175 97 50  243 238 185  254 255 223  254 255 223  173 92 60
+139 9 7  154 43 26  163 56 28  247 246 193  167 52 24  219 195 113
+213 153 88  241 232 158  97 69 52  77 0 3  0 0 0  0 0 0
+0 0 0  0 0 0  0 0 0  91 31 21  225 212 158  213 153 88
+237 223 121  167 52 24  237 235 180  199 143 96  176 24 12  177 20 14
+167 52 24  249 249 214  253 255 226  243 238 185  167 52 24  183 19 13
+167 52 24  252 253 227  243 238 185  183 19 13  183 19 13  183 19 13
+183 19 13  147 12 10  87 1 5  78 2 7  78 2 7  99 1 11
+128 6 9  131 9 10  129 12 11
+145 15 12  151 18 14  156 20 14  159 21 16  159 21 16  162 20 14
+160 19 13  162 20 14  164 16 11  215 186 121  211 179 117  176 17 11
+183 19 13  215 186 121  253 255 226  254 255 210  238 229 170  164 16 11
+199 163 109  173 92 60  139 9 7  199 143 96  173 92 60  192 140 79
+237 223 121  97 69 52  0 0 0  91 31 21  173 92 60  211 179 117
+211 179 117  191 130 98  106 7 8  0 0 0  91 31 21  225 212 158
+237 223 121  175 96 57  225 212 158  176 17 11  163 56 28  206 199 148
+176 17 11  206 199 148  254 255 223  254 255 223  215 186 121  183 19 13
+176 24 12  213 153 88  232 217 158  183 19 13  183 19 13  183 19 13
+176 17 11  95 4 6  78 2 7  78 2 7  99 1 11  122 8 8
+131 9 10  125 8 10  131 9 10
+145 15 12  151 18 14  156 20 14  156 20 14  160 21 14  160 19 13
+164 19 14  156 15 13  147 12 10  164 16 11  164 16 11  183 19 13
+183 19 13  243 238 185  254 255 210  254 255 223  199 163 109  176 17 11
+249 249 214  167 52 24  139 9 7  199 143 96  193 134 84  213 153 88
+97 69 52  91 31 21  191 130 98  183 19 13  183 19 13  211 179 117
+249 249 214  173 92 60  183 19 13  173 92 60  97 69 52  0 0 0
+199 163 109  213 153 88  206 199 148  154 14 11  183 19 13  249 249 214
+167 52 24  193 134 84  254 255 223  252 252 206  252 252 206  175 97 50
+183 19 13  183 19 13  183 19 13  183 19 13  183 19 13  183 19 13
+122 8 8  78 2 7  78 2 7  95 4 6  119 5 9  137 11 10
+125 8 10  137 11 10  142 10 9
+145 15 12  151 18 14  152 20 15  156 20 14  160 21 14  168 22 16
+164 16 11  176 24 12  175 96 57  176 111 73  193 134 84  175 96 57
+175 96 57  249 249 214  252 252 206  254 255 223  199 143 96  183 19 13
+254 255 233  199 143 96  163 56 28  247 246 193  215 186 121  97 69 52
+91 31 21  213 153 88  183 19 13  173 92 60  207 156 97  225 212 158
+254 255 240  199 143 96  211 179 117  183 19 13  175 96 57  129 78 48
+91 31 21  221 205 133  249 249 214  175 96 57  191 130 98  254 255 240
+173 92 60  193 134 84  254 255 223  247 246 193  253 254 208  213 153 88
+175 97 50  213 153 88  213 153 88  213 153 88  175 97 50  161 18 12
+106 7 8  89 3 6  93 4 6  114 7 7  139 9 7  125 8 10
+138 12 11  142 10 9  164 16 11
+144 16 12  152 20 15  156 20 14  160 22 16  168 22 16  176 24 12
+175 96 57  162 137 108  97 69 52  97 69 52  97 69 52  131 94 71
+191 177 112  250 251 219  254 255 223  254 255 223  211 179 117  183 19 13
+243 238 185  253 254 208  254 255 223  235 226 137  182 147 96  0 0 0
+175 97 50  147 12 10  102 0 4  183 19 13  183 19 13  215 186 121
+249 249 214  173 92 60  183 19 13  139 9 7  99 0 3  173 92 60
+105 45 32  131 94 71  249 243 164  250 251 219  254 255 210  244 241 169
+183 19 13  211 173 103  254 255 210  252 252 206  254 255 210  206 199 148
+131 94 71  97 69 52  97 69 52  97 69 52  162 137 108  191 130 98
+114 7 7  111 14 13  111 14 13  137 11 10  128 8 8  137 13 11
+145 11 11  164 16 11  156 15 13
+143 19 14  152 20 15  157 23 16  168 22 16  176 24 12  167 52 24
+158 125 90  0 0 0  97 69 52  162 137 108  158 125 90  97 69 52
+0 0 0  91 31 21  191 177 112  254 255 223  252 252 206  183 19 13
+213 153 88  237 223 121  237 223 121  216 189 107  97 69 52  132 32 17
+78 2 7  91 31 21  162 137 108  91 31 21  183 19 13  173 92 60
+191 130 98  183 19 13  78 2 7  131 94 71  131 94 71  0 0 0
+141 65 38  91 31 21  219 195 113  237 223 121  237 223 121  213 153 88
+183 19 13  243 238 185  254 255 210  206 199 148  91 31 21  0 0 0
+97 69 52  131 94 71  162 137 108  131 94 71  0 0 0  97 69 52
+173 92 60  135 17 11  143 19 14  139 9 7  131 14 12  142 13 12
+164 16 11  164 16 11  156 15 13
+143 19 14  152 20 15  159 29 16  168 22 16  176 24 12  175 96 57
+131 94 71  206 199 148  249 249 214  254 255 240  254 255 240  254 255 233
+249 249 214  162 137 108  0 0 0  91 31 21  225 212 158  243 238 185
+213 153 88  213 153 88  213 153 88  208 170 99  91 31 21  106 7 8
+0 0 0  225 212 158  254 255 240  206 199 148  77 0 3  191 130 98
+215 186 121  133 0 5  131 94 71  254 255 240  254 255 240  97 69 52
+77 0 3  78 2 7  162 137 108  213 153 88  216 189 107  213 153 88
+232 217 158  237 235 180  97 69 52  0 0 0  158 125 90  243 238 185
+254 255 240  254 255 240  254 255 233  249 249 214  206 199 148  97 69 52
+176 111 73  152 17 12  150 16 12  125 8 10  144 14 14  156 15 13
+168 18 14  161 18 12  183 19 13
+143 19 14  157 23 16  159 29 16  168 22 16  174 18 12  175 96 57
+131 94 71  206 199 148  225 212 158  206 199 148  249 249 214  250 251 219
+254 255 223  254 255 233  249 249 214  131 94 71  0 0 0  162 137 108
+247 246 193  213 153 88  175 97 50  182 147 96  78 2 7  77 0 3
+0 0 0  237 235 180  254 255 240  237 235 180  0 0 0  183 19 13
+183 19 13  77 0 3  162 137 108  254 255 240  254 255 240  97 69 52
+0 0 0  77 0 3  131 94 71  213 153 88  213 153 88  237 223 121
+206 199 148  0 0 0  97 69 52  249 249 214  254 255 240  254 255 223
+250 251 219  249 249 214  206 199 148  206 199 148  206 199 148  97 69 52
+176 111 73  164 16 11  138 12 11  146 12 11  147 12 10  173 20 15
+156 15 13  183 19 13  150 16 12
+143 19 14  152 20 15  157 23 16  159 29 16  164 16 11  173 92 60
+131 94 71  162 137 108  237 235 180  206 199 148  206 199 148  254 255 223
+250 251 219  249 249 214  250 251 219  254 255 240  206 199 148  0 0 0
+131 94 71  213 153 88  213 153 88  162 137 108  77 0 3  0 0 0
+0 0 0  131 94 71  249 249 214  131 94 71  0 0 0  168 18 14
+183 19 13  0 0 0  0 0 0  237 235 180  206 199 148  91 31 21
+0 0 0  77 0 3  97 69 52  215 186 121  213 153 88  162 137 108
+0 0 0  162 137 108  254 255 240  254 255 223  249 249 214  249 249 214
+254 255 223  225 212 158  206 199 148  237 235 180  206 199 148  97 69 52
+175 96 57  133 0 5  156 15 13  147 12 10  168 18 14  160 19 13
+183 19 13  160 19 13  105 1 7
+144 16 12  152 20 15  152 20 15  157 23 16  154 14 11  176 108 61
+158 125 90  131 94 71  249 249 214  237 235 180  206 199 148  206 199 148
+253 255 226  254 255 223  250 251 219  249 249 214  254 255 233  249 249 214
+91 31 21  97 69 52  215 186 121  143 100 73  78 2 7  0 0 0
+162 137 108  0 0 0  0 0 0  131 94 71  97 69 52  123 0 2
+183 19 13  0 0 0  162 137 108  0 0 0  0 0 0  131 94 71
+97 69 52  0 0 0  97 69 52  231 215 150  131 94 71  0 0 0
+237 235 180  254 255 240  249 249 214  250 251 219  250 251 219  254 255 223
+237 235 180  206 199 148  237 235 180  249 249 214  162 137 108  97 69 52
+193 134 84  142 10 9  164 16 11  168 18 14  164 19 14  174 18 12
+176 24 12  109 5 7  119 5 9
+144 16 12  147 20 17  147 20 17  150 16 12  154 43 26  211 179 117
+179 118 76  97 69 52  206 199 148  206 199 148  237 235 180  206 199 148
+206 199 148  254 255 223  254 255 223  250 251 219  250 251 219  254 255 223
+206 199 148  91 31 21  97 69 52  206 199 148  0 0 0  91 31 21
+0 0 0  0 0 0  0 0 0  0 0 0  0 0 0  156 15 13
+183 19 13  0 0 0  0 0 0  0 0 0  0 0 0  0 0 0
+0 0 0  0 0 0  131 94 71  162 137 108  0 0 0  206 199 148
+250 251 219  254 255 223  254 255 223  254 255 223  254 255 223  237 235 180
+206 199 148  237 235 180  206 199 148  206 199 148  97 69 52  131 94 71
+199 163 109  173 92 60  164 16 11  173 20 15  164 16 11  183 19 13
+116 9 9  105 1 7  119 5 9
+141 15 12  143 19 14  147 20 17  139 9 7  173 92 60  219 202 125
+173 92 60  97 69 52  97 69 52  206 199 148  206 199 148  249 249 214
+237 235 180  206 199 148  237 235 180  253 255 226  249 249 214  206 199 148
+237 235 180  253 255 226  97 69 52  97 69 52  78 2 7  91 31 21
+97 69 52  0 0 0  0 0 0  0 0 0  0 0 0  183 19 13
+183 19 13  91 31 21  0 0 0  0 0 0  0 0 0  0 0 0
+97 69 52  77 0 3  91 31 21  91 31 21  243 238 185  249 249 214
+206 199 148  237 235 180  253 255 226  249 249 214  206 199 148  206 199 148
+249 249 214  206 199 148  206 199 148  162 137 108  97 69 52  173 92 60
+211 173 103  199 143 96  176 17 11  165 19 14  183 19 13  135 17 11
+99 1 11  119 5 9  117 6 7
+141 15 12  141 15 12  143 19 14  139 9 7  163 56 28  231 215 150
+124 14 13  153 103 68  0 0 0  162 137 108  206 199 148  206 199 148
+249 249 214  250 251 219  206 199 148  206 199 148  162 137 108  249 249 214
+253 255 226  250 251 219  252 253 227  97 69 52  0 0 0  78 2 7
+97 69 52  97 69 52  97 69 52  97 69 52  78 2 7  183 19 13
+183 19 13  145 11 11  97 69 52  97 69 52  97 69 52  97 69 52
+91 31 21  77 0 3  0 0 0  237 235 180  253 255 226  254 255 223
+249 249 214  206 199 148  162 137 108  206 199 148  252 253 227  250 251 219
+206 199 148  206 199 148  206 199 148  91 31 21  131 94 71  176 17 11
+215 186 121  175 96 57  164 16 11  183 19 13  159 29 16  93 4 6
+114 7 7  119 5 9  125 8 10
+137 13 11  138 15 12  141 15 12  143 13 11  147 12 10  154 63 38
+111 0 3  175 96 57  133 82 52  91 31 21  206 199 148  206 199 148
+206 199 148  237 235 180  206 199 148  206 199 148  206 199 148  206 199 148
+206 199 148  237 235 180  250 251 219  249 249 214  0 0 0  78 2 7
+78 2 7  97 69 52  97 69 52  0 0 0  183 19 13  183 19 13
+183 19 13  183 19 13  78 2 7  97 69 52  97 69 52  0 0 0
+91 2 10  0 0 0  206 199 148  254 255 233  237 235 180  206 199 148
+206 199 148  206 199 148  237 235 180  206 199 148  206 199 148  206 199 148
+206 199 148  206 199 148  97 69 52  97 69 52  192 140 79  164 16 11
+167 52 24  176 24 12  183 19 13  176 24 12  95 4 6  106 7 8
+117 6 7  125 8 10  134 12 11
+134 12 11  138 15 12  144 16 12  146 12 11  131 10 9  122 7 7
+128 8 8  192 140 79  216 189 107  91 31 21  97 69 52  206 199 148
+162 137 108  162 137 108  237 235 180  253 255 226  250 251 219  249 249 214
+225 212 158  206 199 148  206 199 148  237 235 180  162 137 108  0 0 0
+99 1 11  111 0 3  123 0 2  183 19 13  183 19 13  145 11 11
+91 2 10  183 19 13  183 19 13  111 0 3  92 0 2  111 14 13
+0 0 0  131 94 71  249 249 214  206 199 148  206 199 148  206 199 148
+249 249 214  250 251 219  254 255 223  249 249 214  162 137 108  162 137 108
+206 199 148  131 94 71  91 31 21  211 173 103  217 193 123  167 52 24
+147 12 10  174 18 12  183 19 13  111 14 13  102 4 5  114 7 7
+119 5 9  131 9 10  142 13 12
+131 14 12  138 15 12  152 14 13  139 9 7  131 14 12  131 10 9
+152 48 27  231 215 150  187 167 103  208 170 99  91 31 21  0 0 0
+162 137 108  206 199 148  206 199 148  206 199 148  237 235 180  237 235 180
+249 249 214  250 251 219  237 235 180  206 199 148  206 199 148  97 69 52
+0 0 0  111 14 13  183 19 13  183 19 13  183 19 13  78 2 7
+0 0 0  183 19 13  183 19 13  183 19 13  144 14 14  78 2 7
+0 0 0  162 137 108  206 199 148  237 235 180  252 253 227  254 255 233
+249 249 214  237 235 180  225 212 158  206 199 148  206 199 148  162 137 108
+0 0 0  91 31 21  211 179 117  208 170 99  243 238 185  173 92 60
+154 14 11  183 19 13  150 16 12  95 4 6  114 7 7  122 8 8
+131 10 10  138 12 11  142 13 12
+135 17 11  144 16 12  145 11 11  167 52 24  159 30 14  150 16 12
+175 97 50  243 238 185  217 193 123  192 140 79  203 150 89  97 69 52
+0 0 0  131 94 71  162 137 108  162 137 108  162 137 108  162 137 108
+162 137 108  97 69 52  97 69 52  97 69 52  97 69 52  91 31 21
+0 0 0  78 2 7  99 1 11  176 17 11  183 19 13  183 19 13
+176 17 11  183 19 13  183 19 13  125 8 10  78 2 7  0 0 0
+78 2 7  0 0 0  97 69 52  97 69 52  97 69 52  131 94 71
+162 137 108  162 137 108  162 137 108  162 137 108  131 94 71  0 0 0
+97 69 52  199 143 96  192 140 79  217 193 123  254 255 210  173 92 60
+183 19 13  176 24 12  114 7 7  117 6 7  119 5 9  131 9 10
+138 12 11  138 12 11  164 16 11
+138 15 12  147 12 10  137 11 10  213 153 88  167 52 24  176 24 12
+167 52 24  243 238 185  238 229 170  203 150 89  176 17 11  176 108 61
+162 115 76  91 31 21  0 0 0  97 69 52  162 137 108  97 69 52
+97 69 52  97 69 52  131 94 71  163 121 81  91 31 21  0 0 0
+183 19 13  77 0 3  0 0 0  78 2 7  119 5 9  168 18 14
+183 19 13  131 9 10  99 1 11  78 2 7  0 0 0  176 17 11
+111 14 13  0 0 0  147 67 48  151 106 70  131 94 71  97 69 52
+0 0 0  162 137 108  97 69 52  0 0 0  0 0 0  143 100 73
+213 153 88  176 24 12  179 118 76  238 229 170  252 252 206  175 97 50
+183 19 13  175 97 50  154 43 26  116 3 5  131 10 9  138 12 11
+138 12 11  156 15 13  176 17 11
+145 11 11  137 13 11  131 9 10  175 97 50  167 52 24  161 18 12
+176 24 12  231 215 150  249 249 214  219 195 113  183 19 13  167 52 24
+175 97 50  179 118 76  163 121 81  97 69 52  0 0 0  0 0 0
+191 130 98  193 134 84  167 52 24  171 21 16  77 0 3  138 37 20
+183 19 13  154 14 11  0 0 0  0 0 0  0 0 0  78 2 7
+78 2 7  0 0 0  0 0 0  0 0 0  120 0 3  183 19 13
+176 24 12  0 0 0  105 1 7  183 19 13  173 92 60  213 153 88
+78 2 7  0 0 0  97 69 52  158 125 90  191 130 98  175 97 50
+163 56 28  183 19 13  213 153 88  250 251 219  241 232 158  167 52 24
+154 14 11  213 153 88  167 52 24  127 5 8  141 14 11  139 13 11
+146 12 11  183 19 13  154 14 11
+137 13 11  131 14 12  131 12 12  159 30 14  174 18 12  167 21 14
+154 14 11  192 140 79  249 243 164  235 226 137  213 153 88  183 19 13
+167 21 14  92 0 2  179 118 76  162 137 108  91 31 21  104 58 46
+77 0 3  77 0 3  0 0 0  0 0 0  0 0 0  119 34 17
+175 97 50  183 19 13  176 17 11  109 5 7  0 0 0  0 0 0
+0 0 0  0 0 0  89 3 6  164 16 11  164 16 11  167 52 24
+138 37 20  0 0 0  0 0 0  0 0 0  0 0 0  0 0 0
+91 31 21  111 35 21  131 94 71  199 143 96  107 0 4  135 17 11
+183 19 13  183 19 13  216 189 107  249 243 164  213 153 88  147 12 10
+142 10 9  167 52 24  167 21 14  142 10 9  146 12 11  142 13 12
+176 17 11  164 16 11  164 16 11
+124 14 13  128 14 13  143 19 14  154 14 11  163 56 28  176 108 61
+147 12 10  151 28 16  216 189 107  237 223 121  213 153 88  183 19 13
+183 19 13  183 19 13  162 137 108  0 0 0  183 19 13  111 14 13
+91 31 21  158 125 90  131 94 71  97 69 52  0 0 0  78 2 7
+213 153 88  175 97 50  183 19 13  183 19 13  176 17 11  154 14 11
+154 14 11  176 17 11  183 19 13  176 17 11  175 97 50  213 153 88
+119 59 34  0 0 0  0 0 0  97 69 52  162 137 108  97 69 52
+78 2 7  183 19 13  77 0 3  158 125 90  173 92 60  176 17 11
+183 19 13  213 153 88  216 189 107  216 189 107  138 37 20  123 0 2
+176 108 61  167 52 24  142 10 9  150 16 12  144 14 14  164 16 11
+164 16 11  156 15 13  164 16 11
+124 14 13  128 14 13  157 23 16  154 14 11  199 143 96  232 217 158
+176 24 12  139 9 7  163 56 28  213 153 88  216 189 107  213 153 88
+183 19 13  199 143 96  0 0 0  183 19 13  176 17 11  0 0 0
+202 183 123  97 69 52  91 31 21  162 115 76  105 45 32  158 83 45
+213 153 88  192 140 79  175 97 50  175 97 50  183 19 13  183 19 13
+176 17 11  183 19 13  183 19 13  175 97 50  176 108 61  174 128 69
+175 97 50  77 0 3  163 56 28  97 69 52  0 0 0  202 183 123
+97 69 52  111 0 3  183 19 13  0 0 0  191 130 98  183 19 13
+183 19 13  213 153 88  213 153 88  163 56 28  102 0 4  154 63 38
+252 252 206  167 52 24  147 12 10  150 16 12  164 16 11  174 18 12
+152 14 13  161 18 12  156 15 13
+122 13 12  151 28 16  151 28 16  176 24 12  167 52 24  199 163 109
+167 52 24  159 30 14  123 0 2  135 17 11  175 97 50  213 153 88
+183 19 13  193 134 84  0 0 0  176 17 11  0 0 0  162 137 108
+97 69 52  131 94 71  213 153 88  171 21 16  0 0 0  91 31 21
+91 31 21  213 153 88  216 189 107  213 153 88  175 97 50  167 52 24
+167 52 24  175 97 50  213 153 88  213 153 88  237 223 121  129 78 48
+0 0 0  0 0 0  87 1 5  175 96 57  191 130 98  91 31 21
+162 137 108  0 0 0  154 14 11  87 1 5  131 94 71  183 19 13
+175 97 50  175 97 50  139 27 18  111 0 3  131 14 12  173 92 60
+199 143 96  161 18 12  147 12 10  154 14 11  176 17 11  154 14 11
+156 15 13  161 18 12  156 15 13
+139 27 18  138 37 20  154 43 26  169 21 14  159 30 14  159 30 14
+193 134 84  167 52 24  150 53 31  158 83 45  107 0 4  183 19 13
+183 19 13  179 118 76  0 0 0  0 0 0  97 69 52  191 177 112
+0 0 0  183 19 13  87 1 5  0 0 0  0 0 0  0 0 0
+91 31 21  216 189 107  146 87 48  237 223 121  213 153 88  213 153 88
+213 153 88  213 153 88  237 223 121  174 128 69  174 128 69  174 128 69
+0 0 0  0 0 0  0 0 0  0 0 0  183 19 13  78 2 7
+131 94 71  162 137 108  0 0 0  0 0 0  143 100 73  175 97 50
+183 19 13  123 0 2  150 53 31  150 53 31  150 53 31  191 130 98
+133 0 5  147 12 10  147 12 10  176 17 11  164 16 11  156 15 13
+164 16 11  161 18 12  156 15 13
+138 37 20  152 48 27  159 29 16  151 28 16  147 24 15  163 56 28
+215 186 121  175 96 57  164 16 11  199 143 96  173 92 60  164 16 11
+183 19 13  131 94 71  77 0 3  97 69 52  208 170 99  97 69 52
+106 0 7  0 0 0  97 69 52  162 137 108  0 0 0  0 0 0
+105 45 32  124 72 43  146 87 48  237 223 121  237 223 121  237 223 121
+216 189 107  237 223 121  237 223 121  216 189 107  97 69 52  146 87 48
+0 0 0  0 0 0  131 94 71  162 137 108  0 0 0  123 0 2
+78 2 7  206 199 148  131 94 71  77 0 3  97 69 52  175 96 57
+183 19 13  150 55 28  207 156 97  133 0 5  154 63 38  225 212 158
+133 0 5  141 15 12  176 17 11  176 17 11  156 15 13  164 16 11
+176 17 11  161 18 12  156 15 13
+123 39 27  154 43 26  151 28 16  135 17 11  150 55 28  159 30 14
+225 212 158  225 212 158  176 24 12  142 10 9  213 153 88  183 19 13
+183 19 13  97 69 52  78 2 7  151 106 70  162 115 76  91 31 21
+183 19 13  91 31 21  206 199 148  158 125 90  0 0 0  0 0 0
+0 0 0  0 0 0  91 31 21  129 78 48  213 153 88  216 189 107
+216 189 107  216 189 107  174 128 69  120 74 50  91 31 21  91 31 21
+0 0 0  0 0 0  0 0 0  243 238 185  97 69 52  176 17 11
+133 0 5  97 69 52  179 118 76  91 31 21  91 31 21  176 111 73
+183 19 13  213 153 88  167 52 24  159 29 16  225 212 158  225 212 158
+133 0 5  147 12 10  176 17 11  156 15 13  164 16 11  174 18 12
+183 19 13  164 16 11  144 14 14
+150 53 31  139 27 18  128 26 15  119 34 17  141 65 38  133 0 5
+199 163 109  254 255 240  247 246 193  191 130 98  167 52 24  213 153 88
+183 19 13  97 69 52  91 31 21  158 83 45  131 94 71  99 1 11
+111 0 3  97 69 52  158 125 90  97 69 52  0 0 0  0 0 0
+0 0 0  0 0 0  0 0 0  0 0 0  0 0 0  0 0 0
+91 31 21  0 0 0  0 0 0  0 0 0  131 94 71  91 31 21
+0 0 0  0 0 0  0 0 0  162 137 108  131 94 71  77 0 3
+120 0 3  97 69 52  163 56 28  91 31 21  91 31 21  173 92 60
+175 97 50  175 97 50  211 179 117  249 249 214  254 255 240  199 163 109
+139 9 7  164 16 11  164 16 11  164 16 11  174 18 12  183 19 13
+183 19 13  154 14 11  145 15 12
+139 27 18  137 32 21  125 28 16  158 83 45  127 13 12  119 9 8
+154 43 26  238 229 170  254 255 240  254 255 233  193 134 84  213 153 88
+213 153 88  131 94 71  97 69 52  193 134 84  182 147 96  0 0 0
+0 0 0  158 125 90  158 125 90  97 69 52  175 97 50  78 2 7
+0 0 0  0 0 0  97 69 52  97 69 52  91 31 21  91 31 21
+97 69 52  97 69 52  97 69 52  146 87 48  237 235 180  187 145 96
+78 2 7  158 83 45  116 46 29  131 94 71  131 94 71  97 69 52
+0 0 0  97 69 52  154 43 26  111 35 21  0 0 0  175 96 57
+213 153 88  213 153 88  254 255 233  254 255 233  238 229 170  151 28 16
+139 9 7  154 14 11  156 15 13  174 18 12  176 17 11  183 19 13
+176 17 11  142 13 12  152 14 13
+138 37 20  119 9 8  158 83 45  138 37 20  122 8 8  125 28 16
+151 28 16  159 30 14  225 212 158  254 255 233  244 241 169  182 147 96
+143 100 73  97 69 52  91 31 21  131 94 71  97 69 52  77 0 3
+78 2 7  158 125 90  131 94 71  0 0 0  119 59 34  97 69 52
+0 0 0  97 69 52  0 0 0  0 0 0  0 0 0  0 0 0
+0 0 0  0 0 0  78 2 7  199 143 96  254 255 240  225 212 158
+174 110 60  216 189 107  150 55 28  97 69 52  143 100 73  131 94 71
+77 0 3  97 69 52  213 153 88  124 72 43  97 69 52  175 97 50
+213 153 88  235 226 137  254 255 240  225 212 158  147 12 10  167 52 24
+147 20 17  147 12 10  164 16 11  168 18 14  183 19 13  176 17 11
+134 12 11  146 12 11  152 14 13
+122 13 12  150 55 28  154 63 38  139 9 7  128 8 8  158 83 45
+176 111 73  139 9 7  175 97 50  249 249 214  252 252 206  97 69 52
+0 0 0  119 59 34  119 59 34  119 59 34  119 59 34  91 31 21
+0 0 0  0 0 0  91 31 21  97 69 52  91 31 21  91 31 21
+0 0 0  0 0 0  97 69 52  249 249 214  249 249 214  237 235 180
+237 235 180  249 249 214  162 137 108  158 125 90  254 255 240  143 100 73
+119 59 34  175 97 50  114 7 7  97 69 52  187 167 103  97 69 52
+80 0 2  91 31 21  131 94 71  91 31 21  169 133 98  183 19 13
+213 153 88  249 243 164  253 255 226  154 63 38  154 14 11  176 111 73
+173 92 60  164 16 11  168 18 14  164 16 11  156 15 13  137 13 11
+144 14 14  145 15 12  150 16 12
+125 28 16  141 65 38  134 12 11  156 15 13  154 14 11  199 143 96
+199 143 96  176 24 12  167 52 24  238 229 170  247 246 193  97 69 52
+174 128 69  237 223 121  237 223 121  237 223 121  237 223 121  216 189 107
+78 2 7  129 78 48  237 223 121  237 223 121  237 223 121  237 223 121
+237 223 121  91 31 21  91 31 21  254 255 240  254 255 240  254 255 240
+254 255 240  254 255 240  206 199 148  0 0 0  131 94 71  0 0 0
+0 0 0  0 0 0  0 0 0  0 0 0  0 0 0  0 0 0
+0 0 0  0 0 0  91 31 21  0 0 0  97 69 52  213 153 88
+213 153 88  249 243 164  243 238 185  159 29 16  164 16 11  191 130 98
+199 163 109  164 16 11  167 21 14  161 18 12  150 16 12  150 16 12
+145 15 12  145 15 12  150 16 12
+158 83 45  122 13 12  139 9 7  164 16 11  161 18 12  202 183 123
+237 235 180  167 52 24  175 97 50  247 246 193  249 243 164  97 69 52
+175 97 50  216 189 107  174 128 69  174 110 60  213 153 88  216 189 107
+146 87 48  119 59 34  216 189 107  213 153 88  192 140 79  213 153 88
+237 223 121  192 140 79  97 69 52  254 255 240  237 235 180  97 69 52
+97 69 52  131 94 71  97 69 52  158 125 90  206 199 148  97 69 52
+162 137 108  254 255 233  97 69 52  162 137 108  254 255 233  0 0 0
+97 69 52  249 249 214  254 255 240  254 255 233  97 69 52  97 69 52
+237 223 121  249 243 164  252 252 206  163 56 28  147 12 10  225 212 158
+206 199 148  176 17 11  168 22 16  157 19 14  152 17 12  150 16 12
+145 15 12  144 14 14  144 14 14
+122 13 12  128 8 8  147 12 10  160 21 14  132 32 17  199 163 109
+254 255 240  231 215 150  232 217 158  250 251 219  249 243 164  97 69 52
+175 97 50  216 189 107  91 31 21  0 0 0  119 59 34  216 189 107
+146 87 48  119 59 34  216 189 107  175 97 50  0 0 0  0 0 0
+213 153 88  213 153 88  97 69 52  254 255 240  225 212 158  0 0 0
+0 0 0  0 0 0  0 0 0  206 199 148  254 255 240  97 69 52
+162 137 108  254 255 240  206 199 148  254 255 240  252 253 227  97 69 52
+249 249 214  254 255 240  243 238 185  254 255 240  254 255 240  97 69 52
+187 167 103  249 243 164  254 255 223  238 229 170  206 199 148  254 255 240
+211 179 117  176 17 11  168 22 16  156 15 13  152 17 12  150 16 12
+144 14 14  144 14 14  144 14 14
+114 7 7  137 11 10  156 15 13  125 28 16  138 37 20  193 134 84
+254 255 233  252 253 227  252 253 227  238 229 170  249 243 164  97 69 52
+158 83 45  213 153 88  146 87 48  105 45 32  174 128 69  213 153 88
+91 31 21  119 59 34  213 153 88  146 87 48  0 0 0  0 0 0
+213 153 88  213 153 88  97 69 52  254 255 240  249 249 214  206 199 148
+206 199 148  225 212 158  0 0 0  162 137 108  254 255 240  97 69 52
+162 137 108  254 255 240  254 255 240  162 137 108  97 69 52  162 137 108
+254 255 240  162 137 108  0 0 0  97 69 52  254 255 240  162 137 108
+97 69 52  252 252 206  238 229 170  254 255 223  254 255 233  254 255 233
+199 143 96  176 24 12  167 21 14  156 15 13  151 18 14  144 14 14
+144 14 14  144 14 14  144 14 14
+122 8 8  156 15 13  122 13 12  111 14 13  138 37 20  175 97 50
+249 249 214  254 255 223  247 246 193  219 195 113  249 243 164  97 69 52
+158 83 45  213 153 88  213 153 88  213 153 88  213 153 88  175 97 50
+0 0 0  119 59 34  213 153 88  175 97 50  119 59 34  175 97 50
+213 153 88  175 97 50  97 69 52  254 255 233  254 255 233  254 255 240
+254 255 240  254 255 240  91 31 21  162 137 108  254 255 240  97 69 52
+162 137 108  254 255 240  206 199 148  0 0 0  0 0 0  162 137 108
+254 255 240  191 177 112  131 94 71  162 137 108  254 255 233  206 199 148
+97 69 52  252 252 206  237 223 121  247 246 193  254 255 223  249 249 214
+167 52 24  176 24 12  162 20 14  152 14 13  145 15 12  145 15 12
+144 14 14  141 15 12  144 14 14
+152 14 13  137 11 10  89 3 6  106 7 8  138 37 20  152 17 12
+213 153 88  253 255 226  249 249 214  216 189 107  249 243 164  97 69 52
+163 56 28  213 153 88  175 97 50  141 65 38  175 97 50  213 153 88
+175 97 50  119 59 34  213 153 88  213 153 88  213 153 88  213 153 88
+213 153 88  91 31 21  91 31 21  254 255 240  249 249 214  162 137 108
+162 137 108  162 137 108  0 0 0  202 183 123  254 255 240  97 69 52
+162 137 108  254 255 240  131 94 71  146 87 48  133 82 52  162 137 108
+254 255 240  254 255 240  254 255 240  254 255 240  254 255 240  206 199 148
+97 69 52  249 243 164  216 189 107  250 251 219  254 255 233  207 156 97
+154 14 11  159 29 16  152 17 12  150 16 12  145 15 12  141 15 12
+141 15 12  141 15 12  142 13 12
+147 12 10  95 4 6  95 4 6  119 34 17  135 17 11  141 15 12
+119 34 17  216 189 107  252 252 206  216 189 107  237 223 121  97 69 52
+159 30 14  175 97 50  78 2 7  0 0 0  0 0 0  175 97 50
+167 52 24  150 55 28  175 97 50  167 52 24  138 37 20  132 32 17
+77 0 3  0 0 0  97 69 52  254 255 240  206 199 148  0 0 0
+91 31 21  0 0 0  0 0 0  162 137 108  254 255 240  97 69 52
+162 137 108  254 255 240  97 69 52  151 106 70  120 74 50  162 137 108
+254 255 240  162 137 108  0 0 0  0 0 0  91 31 21  0 0 0
+131 94 71  237 223 121  216 189 107  252 252 206  216 189 107  151 28 16
+144 16 12  151 18 14  150 16 12  145 15 12  144 16 12  141 15 12
+138 15 12  138 15 12  141 15 12
+106 7 8  93 4 6  111 35 21  132 32 17  154 14 11  119 34 17
+111 14 13  167 52 24  213 153 88  216 189 107  213 153 88  97 69 52
+154 14 11  183 19 13  114 7 7  78 2 7  128 14 13  183 19 13
+183 19 13  131 14 12  183 19 13  133 0 5  0 0 0  97 69 52
+131 94 71  158 125 90  97 69 52  249 249 214  191 177 112  97 69 52
+97 69 52  0 0 0  0 0 0  162 137 108  254 255 240  97 69 52
+162 137 108  252 253 227  97 69 52  120 74 50  131 94 71  97 69 52
+250 251 219  237 235 180  97 69 52  97 69 52  162 137 108  91 31 21
+133 82 52  213 153 88  216 189 107  213 153 88  138 37 20  116 3 5
+137 13 11  143 13 11  145 15 12  144 16 12  144 16 12  144 14 14
+138 15 12  138 15 12  138 15 12
+89 3 6  106 7 8  138 37 20  164 16 11  138 37 20  128 26 15
+159 30 14  139 9 7  167 52 24  175 97 50  213 153 88  97 69 52
+164 16 11  183 19 13  183 19 13  183 19 13  183 19 13  183 19 13
+152 17 12  106 7 8  183 19 13  139 9 7  131 94 71  175 96 57
+176 24 12  163 56 28  97 69 52  254 255 233  206 199 148  97 69 52
+213 153 88  213 153 88  119 59 34  162 137 108  254 255 240  97 69 52
+162 137 108  254 255 240  131 94 71  97 69 52  120 74 50  97 69 52
+162 137 108  254 255 240  252 253 227  250 251 219  254 255 240  162 137 108
+97 69 52  213 153 88  175 97 50  111 14 13  95 4 6  119 9 8
+131 10 9  142 13 12  144 14 14  144 14 14  144 14 14  141 15 12
+138 15 12  138 15 12  138 15 12
+93 4 6  123 39 27  164 16 11  167 52 24  138 37 20  176 24 12
+167 21 14  159 30 14  164 16 11  123 0 2  158 83 45  97 69 52
+123 0 2  183 19 13  183 19 13  183 19 13  183 19 13  133 0 5
+0 0 0  78 2 7  183 19 13  107 0 4  97 69 52  111 14 13
+183 19 13  175 97 50  97 69 52  206 199 148  131 94 71  97 69 52
+216 189 107  216 189 107  119 59 34  131 94 71  237 235 180  97 69 52
+162 137 108  225 212 158  97 69 52  97 69 52  93 4 6  158 125 90
+0 0 0  131 94 71  206 199 148  206 199 148  131 94 71  91 31 21
+143 100 73  128 26 15  111 14 13  99 0 3  137 32 21  122 8 8
+129 12 11  138 12 11  142 13 12  141 15 12  141 15 12  138 15 12
+138 15 12  138 15 12  138 15 12
+120 41 26  151 28 16  183 19 13  141 65 38  183 19 13  183 19 13
+183 19 13  193 134 84  154 63 38  77 0 3  169 133 98  131 94 71
+0 0 0  0 0 0  0 0 0  91 31 21  0 0 0  97 69 52
+162 137 108  91 31 21  91 31 21  91 31 21  162 137 108  0 0 0
+183 19 13  192 140 79  97 69 52  91 31 21  0 0 0  131 94 71
+213 153 88  213 153 88  146 87 48  0 0 0  91 31 21  91 31 21
+0 0 0  0 0 0  97 69 52  158 125 90  111 0 3  111 14 13
+193 134 84  97 69 52  0 0 0  0 0 0  91 31 21  174 128 69
+192 140 79  162 137 108  119 34 17  148 61 42  179 118 76  123 0 2
+131 14 12  137 13 11  138 15 12  138 15 12  138 15 12  138 15 12
+134 12 11  134 12 11  137 13 11
+124 33 21  176 17 11  141 65 38  167 52 24  183 19 13  183 19 13
+183 19 13  219 195 113  146 90 61  105 45 32  143 100 73  215 186 121
+211 179 117  193 134 84  179 118 76  193 134 84  169 133 98  146 90 61
+173 92 60  158 125 90  143 100 73  131 94 71  162 137 108  131 94 71
+77 0 3  167 52 24  176 108 61  175 97 50  175 97 50  175 97 50
+213 153 88  213 153 88  192 140 79  175 97 50  176 108 61  120 74 50
+91 31 21  162 137 108  131 94 71  141 65 38  133 0 5  164 16 11
+139 9 7  158 83 45  169 113 67  174 110 60  176 108 61  174 128 69
+221 205 133  169 133 98  137 32 21  191 130 98  211 173 103  123 0 2
+138 15 12  137 13 11  138 15 12  141 15 12  141 15 12  138 15 12
+131 14 12  131 14 12  134 12 11
+154 14 11  163 56 28  116 46 29  183 19 13  183 19 13  183 19 13
+183 19 13  216 189 107  150 55 28  129 68 42  202 183 123  199 163 109
+187 167 103  146 90 61  152 17 12  144 16 12  139 9 7  92 0 2
+92 0 2  99 0 3  93 4 6  0 0 0  0 0 0  162 137 108
+97 69 52  0 0 0  78 2 7  78 2 7  77 0 3  167 52 24
+213 153 88  213 153 88  175 97 50  127 5 8  0 0 0  0 0 0
+162 137 108  91 31 21  77 0 3  147 24 15  183 19 13  183 19 13
+154 14 11  152 17 12  164 16 11  154 14 11  158 83 45  191 177 112
+225 212 158  206 199 148  154 43 26  175 97 50  175 97 50  133 0 5
+137 13 11  138 15 12  138 15 12  138 15 12  138 15 12  138 15 12
+131 14 12  138 15 12  134 12 11
+176 24 12  123 39 27  183 19 13  183 19 13  183 19 13  183 19 13
+158 83 45  175 97 50  152 48 27  95 4 6  237 235 180  232 217 158
+199 163 109  182 147 96  174 128 69  175 97 50  175 97 50  167 52 24
+176 17 11  164 16 11  167 52 24  158 83 45  99 0 3  77 0 3
+162 137 108  131 94 71  0 0 0  0 0 0  0 0 0  111 35 21
+158 83 45  158 83 45  91 31 21  0 0 0  91 31 21  191 177 112
+91 31 21  77 0 3  151 28 16  213 153 88  183 19 13  183 19 13
+183 19 13  175 97 50  175 97 50  192 140 79  187 167 103  221 205 133
+254 255 210  237 235 180  139 9 7  176 24 12  183 19 13  137 11 10
+137 13 11  138 15 12  138 15 12  138 15 12  138 15 12  134 12 11
+131 14 12  134 12 11  131 12 12
+154 43 26  156 20 14  183 19 13  183 19 13  183 19 13  175 97 50
+78 2 7  119 9 8  224 209 127  136 76 50  140 85 58  249 249 214
+232 217 158  206 199 148  195 174 110  213 153 88  208 170 99  175 97 50
+183 19 13  183 19 13  183 19 13  213 153 88  127 5 8  116 3 5
+77 0 3  158 125 90  162 137 108  0 0 0  0 0 0  0 0 0
+0 0 0  0 0 0  0 0 0  131 94 71  162 137 108  91 31 21
+92 0 2  133 0 5  175 97 50  213 153 88  183 19 13  183 19 13
+183 19 13  213 153 88  216 189 107  216 189 107  221 205 133  247 246 193
+253 255 226  158 83 45  154 63 38  213 153 88  183 19 13  134 12 11
+137 13 11  137 13 11  138 15 12  138 15 12  138 15 12  131 14 12
+131 14 12  131 12 12  131 14 12
+128 26 15  183 19 13  183 19 13  183 19 13  175 97 50  104 58 46
+0 0 0  93 4 6  238 229 170  237 235 180  87 1 5  136 76 50
+202 183 123  202 183 123  225 212 158  232 217 158  235 226 137  213 153 88
+183 19 13  213 153 88  183 19 13  213 153 88  147 12 10  176 17 11
+135 17 11  77 0 3  104 58 46  202 183 123  91 31 21  0 0 0
+97 69 52  0 0 0  162 137 108  131 94 71  77 0 3  111 14 13
+169 21 14  133 0 5  175 97 50  175 97 50  175 97 50  175 97 50
+175 97 50  237 223 121  232 217 158  232 217 158  225 212 158  206 199 148
+158 83 45  120 0 3  232 217 158  237 223 121  139 9 7  134 12 11
+137 13 11  134 12 11  134 12 11  138 15 12  138 15 12  131 14 12
+131 14 12  131 14 12  128 14 13
+138 37 20  183 19 13  183 19 13  175 97 50  146 87 48  0 0 0
+78 2 7  77 0 3  136 76 50  225 212 158  119 34 17  123 0 2
+107 0 4  127 13 12  132 32 17  238 229 170  253 254 208  213 153 88
+213 153 88  213 153 88  183 19 13  175 97 50  183 19 13  183 19 13
+183 19 13  156 20 14  99 0 3  97 69 52  131 94 71  0 0 0
+97 69 52  97 69 52  131 94 71  77 0 3  127 13 12  183 19 13
+164 16 11  183 19 13  213 153 88  183 19 13  213 153 88  213 153 88
+213 153 88  241 232 158  252 252 206  175 96 57  135 17 11  122 7 7
+107 0 4  125 28 16  225 212 158  158 83 45  123 0 2  134 12 11
+137 13 11  137 13 11  134 12 11  138 15 12  131 14 12  128 14 13
+128 14 13  128 14 13  131 12 12
+167 52 24  183 19 13  183 19 13  175 97 50  0 0 0  77 0 3
+78 2 7  78 2 7  87 1 5  119 34 17  143 19 14  114 7 7
+109 5 7  143 80 49  107 0 4  199 143 96  254 255 240  237 223 121
+213 153 88  213 153 88  175 97 50  183 19 13  175 97 50  183 19 13
+183 19 13  175 97 50  176 17 11  109 5 7  162 137 108  97 69 52
+97 69 52  131 94 71  120 38 28  142 10 9  183 19 13  175 97 50
+183 19 13  183 19 13  175 97 50  167 52 24  213 153 88  213 153 88
+216 189 107  254 255 223  238 229 170  139 9 7  143 80 49  125 28 16
+102 4 5  116 9 9  128 26 15  116 3 5  122 13 12  131 12 12
+134 12 11  134 12 11  134 12 11  131 14 12  131 14 12  128 14 13
+128 14 13  128 14 13  128 14 13
+183 19 13  183 19 13  176 108 61  91 31 21  0 0 0  78 2 7
+78 2 7  89 3 6  78 2 7  131 10 9  106 7 8  102 4 5
+147 12 10  158 83 45  123 0 2  179 118 76  254 255 240  247 246 193
+216 189 107  216 189 107  213 153 88  213 153 88  213 153 88  183 19 13
+213 153 88  213 153 88  183 19 13  183 19 13  191 130 98  97 69 52
+0 0 0  169 133 98  183 19 13  183 19 13  175 97 50  213 153 88
+183 19 13  175 97 50  213 153 88  213 153 88  213 153 88  213 153 88
+235 226 137  254 255 233  206 199 148  128 8 8  147 67 48  122 13 12
+111 3 7  117 6 7  109 5 7  106 7 8  122 13 12  131 12 12
+131 14 12  131 14 12  131 14 12  131 14 12  131 14 12  128 14 13
+128 14 13  128 14 13  128 14 13
+183 19 13  175 97 50  119 70 46  0 0 0  77 0 3  78 2 7
+89 3 6  78 2 7  128 8 8  134 12 11  78 2 7  154 14 11
+135 17 11  176 111 73  123 0 2  148 61 42  254 255 223  252 253 227
+249 243 164  237 223 121  216 189 107  216 189 107  213 153 88  183 19 13
+216 189 107  213 153 88  183 19 13  183 19 13  183 19 13  131 94 71
+97 69 52  175 96 57  175 97 50  183 19 13  213 153 88  216 189 107
+183 19 13  175 97 50  216 189 107  213 153 88  216 189 107  237 223 121
+252 252 206  254 255 233  191 130 98  120 0 3  176 111 73  128 14 13
+111 3 7  119 9 8  116 9 9  116 9 9  122 13 12  131 12 12
+131 14 12  131 14 12  131 14 12  128 14 13  128 14 13  128 14 13
+128 14 13  128 14 13  128 14 13
+175 97 50  175 97 50  0 0 0  77 0 3  78 2 7  78 2 7
+89 3 6  114 7 7  183 19 13  78 2 7  154 14 11  160 21 14
+103 5 5  103 5 5  103 5 5  133 0 5  225 212 158  254 255 240
+249 249 214  244 241 169  237 223 121  249 243 164  193 134 84  175 97 50
+237 223 121  216 189 107  213 153 88  175 97 50  183 19 13  169 133 98
+162 137 108  183 19 13  213 153 88  175 97 50  213 153 88  237 223 121
+175 97 50  183 19 13  247 246 193  235 226 137  237 223 121  252 252 206
+254 255 223  250 251 219  163 56 28  116 3 5  116 3 5  118 7 7
+116 9 9  116 9 9  116 9 9  122 13 12  128 14 13  131 14 12
+131 14 12  131 14 12  128 14 13  128 14 13  128 14 13  128 14 13
+124 14 13  124 14 13  128 14 13
+176 108 61  78 2 7  77 0 3  77 0 3  78 2 7  89 3 6
+89 3 6  183 19 13  122 13 12  128 6 9  183 19 13  111 14 13
+111 14 13  106 7 8  117 6 7  139 9 7  175 97 50  249 249 214
+254 255 240  254 255 233  254 255 240  225 212 158  154 43 26  176 111 73
+211 179 117  254 255 210  237 223 121  213 153 88  183 19 13  213 153 88
+199 143 96  175 97 50  237 223 121  213 153 88  167 52 24  237 223 121
+237 223 121  159 30 14  191 130 98  254 255 240  254 255 240  254 255 240
+254 255 233  191 130 98  120 0 3  116 9 9  119 5 9  116 3 5
+116 3 5  116 3 5  119 5 9  125 8 10  125 8 10  127 13 12
+131 14 12  131 14 12  128 14 13  128 14 13  128 14 13  124 14 13
+124 14 13  128 14 13  128 14 13
+91 31 21  0 0 0  77 0 3  78 2 7  89 3 6  78 2 7
+174 18 12  174 18 12  106 7 8  183 19 13  151 28 16  111 14 13
+111 14 13  127 5 8  122 7 7  176 24 12  167 52 24  158 83 45
+191 130 98  202 183 123  179 118 76  122 13 12  120 0 3  191 130 98
+163 56 28  199 163 109  254 255 210  213 153 88  213 153 88  175 97 50
+175 97 50  213 153 88  249 243 164  237 223 121  176 17 11  167 52 24
+249 243 164  176 111 73  92 0 2  147 67 48  199 163 109  199 163 109
+147 67 48  107 0 4  106 7 8  114 7 7  137 32 21  124 33 21
+124 33 21  137 32 21  124 33 21  137 32 21  137 32 21  137 32 21
+131 14 12  131 14 12  128 14 13  128 14 13  127 13 12  124 14 13
+122 13 12  124 14 13  127 13 12
+0 0 0  77 0 3  77 0 3  78 2 7  78 2 7  131 14 12
+183 19 13  91 2 10  183 19 13  183 19 13  125 28 16  125 28 16
+131 9 10  116 3 5  152 17 12  176 24 12  167 52 24  111 14 13
+92 0 2  111 14 13  95 4 6  89 3 6  133 0 5  238 229 170
+191 130 98  139 9 7  249 249 214  211 179 117  175 97 50  213 153 88
+213 153 88  235 226 137  244 241 169  235 226 137  164 16 11  199 163 109
+254 255 240  176 111 73  80 0 2  89 3 6  87 1 5  80 0 2
+80 0 2  89 3 6  102 4 5  116 9 9  148 61 42  136 76 50
+147 67 48  147 67 48  118 44 32  147 67 48  147 67 48  150 53 31
+127 13 12  128 14 13  127 13 12  127 13 12  127 13 12  124 14 13
+124 14 13  122 13 12  122 13 12
+0 0 0  77 0 3  78 2 7  78 2 7  93 4 6  183 19 13
+106 7 8  154 14 11  183 19 13  132 32 17  132 32 17  138 15 12
+127 5 8  144 16 12  183 19 13  176 24 12  111 14 13  78 2 7
+91 31 21  91 31 21  78 2 7  123 0 2  154 43 26  252 253 227
+154 63 38  150 53 31  254 255 240  191 130 98  167 52 24  237 223 121
+235 226 137  247 246 193  254 255 210  215 186 121  158 83 45  254 255 240
+249 249 214  119 34 17  119 70 46  91 31 21  77 0 3  78 2 7
+78 2 7  87 1 5  102 4 5  116 9 9  123 39 27  148 61 42
+125 28 16  125 28 16  125 28 16  123 39 27  148 61 42  148 61 42
+122 13 12  122 13 12  128 14 13  127 13 12  124 14 13  122 13 12
+122 13 12  122 13 12  122 13 12
+0 0 0  77 0 3  78 2 7  78 2 7  183 19 13  143 19 14
+116 3 5  183 19 13  152 48 27  124 33 21  128 26 15  139 9 7
+135 17 11  183 19 13  183 19 13  151 28 16  77 0 3  91 31 21
+91 31 21  77 0 3  105 1 7  133 0 5  103 5 5  249 249 214
+191 130 98  176 111 73  206 199 148  147 12 10  158 83 45  249 243 164
+252 252 206  252 252 206  254 255 223  173 92 60  176 111 73  254 255 240
+173 92 60  92 0 2  78 2 7  77 0 3  77 0 3  77 0 3
+78 2 7  89 3 6  106 7 8  119 9 8  122 13 12  122 8 8
+119 5 9  119 9 8  119 9 8  119 9 8  122 13 12  128 14 13
+127 13 12  127 13 12  127 13 12  124 14 13  124 14 13  122 13 12
+122 13 12  122 13 12  122 13 12
+77 0 3  77 0 3  78 2 7  143 13 11  183 19 13  91 2 10
+183 19 13  167 52 24  119 34 17  125 28 16  145 11 11  122 13 12
+183 19 13  183 19 13  183 19 13  78 2 7  78 2 7  91 31 21
+77 0 3  78 2 7  127 5 8  89 3 6  80 0 2  153 103 68
+179 118 76  111 0 3  119 9 8  122 7 7  173 92 60  254 255 223
+249 249 214  254 255 223  221 205 133  123 0 2  140 85 58  249 249 214
+122 8 8  89 3 6  78 2 7  78 2 7  78 2 7  78 2 7
+87 1 5  95 4 6  114 7 7  122 13 12  125 8 10  122 13 12
+124 14 13  127 13 12  127 13 12  127 13 12  127 13 12  127 13 12
+127 13 12  124 14 13  124 14 13  124 14 13  122 13 12  122 13 12
+122 13 12  122 13 12  122 13 12
+77 0 3  77 0 3  95 4 6  183 19 13  103 5 5  164 16 11
+183 19 13  124 33 21  124 33 21  142 10 9  122 8 8  176 24 12
+183 19 13  183 19 13  128 14 13  78 2 7  105 45 32  78 2 7
+78 2 7  125 8 10  102 4 5  79 0 3  93 4 6  103 5 5
+111 14 13  111 14 13  111 14 13  114 7 7  176 111 73  253 255 226
+250 251 219  249 249 214  167 52 24  119 34 17  118 44 32  162 115 76
+111 14 13  87 1 5  93 4 6  93 4 6  93 4 6  93 4 6
+95 4 6  106 7 8  116 9 9  122 13 12  127 13 12  127 13 12
+128 14 13  128 14 13  127 13 12  128 14 13  128 14 13  128 14 13
+127 13 12  124 14 13  124 14 13  124 14 13  124 14 13  122 13 12
+122 13 12  122 13 12  116 9 9
+77 0 3  77 0 3  183 19 13  142 10 9  119 5 9  183 19 13
+138 37 20  124 33 21  135 17 11  139 9 7  147 24 15  183 19 13
+183 19 13  167 52 24  80 0 2  114 50 39  91 31 21  77 0 3
+131 9 10  128 6 9  87 1 5  93 4 6  95 4 6  103 5 5
+95 4 6  119 34 17  138 37 20  103 5 5  179 118 76  254 255 233
+254 255 233  199 163 109  138 37 20  91 31 21  91 31 21  80 0 2
+89 3 6  93 4 6  102 4 5  106 7 8  106 7 8  106 7 8
+106 7 8  106 7 8  116 9 9  124 14 13  127 13 12  127 13 12
+124 14 13  124 14 13  124 14 13  128 14 13  124 14 13  124 14 13
+124 14 13  124 14 13  124 14 13  122 13 12  122 13 12  122 13 12
+122 13 12  116 9 9  116 9 9
+77 0 3  154 14 11  176 17 11  89 3 6  183 19 13  167 52 24
+124 33 21  124 33 21  145 11 11  128 14 13  183 19 13  183 19 13
+167 52 24  99 0 3  111 35 21  105 45 32  77 0 3  116 9 9
+147 12 10  93 4 6  95 4 6  106 7 8  103 5 5  103 5 5
+92 0 2  119 59 34  148 61 42  106 7 8  179 118 76  254 255 240
+243 238 185  163 56 28  119 59 34  111 35 21  111 35 21  80 0 2
+89 3 6  102 4 5  106 7 8  114 7 7  114 7 7  106 7 8
+116 9 9  116 9 9  122 13 12  124 14 13  127 13 12  122 13 12
+122 13 12  122 13 12  124 14 13  124 14 13  124 14 13  122 13 12
+124 14 13  122 13 12  124 14 13  122 13 12  122 13 12  122 13 12
+122 13 12  122 13 12  122 13 12
+103 5 5  183 19 13  78 2 7  176 17 11  167 52 24  119 34 17
+124 33 21  137 11 10  125 8 10  176 24 12  183 19 13  183 19 13
+129 12 11  91 2 10  119 70 46  78 2 7  106 7 8  176 17 11
+111 1 9  95 4 6  106 7 8  106 7 8  106 7 8  103 5 5
+102 4 5  102 4 5  111 14 13  124 33 21  179 118 76  254 255 240
+176 111 73  119 9 8  95 4 6  141 65 38  141 65 38  80 0 2
+99 1 11  106 7 8  114 7 7  114 7 7  116 9 9  116 9 9
+116 9 9  116 9 9  122 13 12  122 13 12  124 14 13  124 14 13
+122 13 12  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+122 13 12  122 13 12  124 14 13  122 13 12  122 13 12  122 13 12
+116 9 9  116 9 9  116 9 9
+183 19 13  106 7 8  133 0 5  183 19 13  138 37 20  125 28 16
+128 14 13  127 5 8  157 23 16  183 19 13  183 19 13  176 24 12
+79 0 3  119 70 46  91 31 21  89 3 6  176 17 11  142 10 9
+91 2 10  114 7 7  114 7 7  114 7 7  109 5 7  106 7 8
+102 4 5  103 5 5  106 7 8  92 0 2  191 130 98  191 130 98
+119 9 8  111 14 13  106 7 8  103 5 5  102 4 5  95 4 6
+106 7 8  109 5 7  114 7 7  116 9 9  116 9 9  119 9 8
+119 9 8  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+124 14 13  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+122 13 12  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+116 9 9  116 9 9  119 9 8
+135 17 11  99 1 11  183 19 13  167 52 24  119 34 17  125 28 16
+147 12 10  131 14 12  183 19 13  183 19 13  183 19 13  87 1 5
+105 45 32  105 45 32  77 0 3  145 11 11  176 17 11  95 4 6
+106 7 8  116 9 9  119 9 8  119 9 8  116 9 9  109 5 7
+106 7 8  106 7 8  102 4 5  106 7 8  124 33 21  103 5 5
+93 4 6  93 4 6  106 7 8  106 7 8  102 4 5  106 7 8
+109 5 7  114 7 7  116 9 9  119 9 8  119 9 8  122 13 12
+122 13 12  119 9 8  119 9 8  119 9 8  122 13 12  122 13 12
+122 13 12  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+122 13 12  122 13 12  122 13 12  122 13 12  122 13 12  122 13 12
+116 9 9  116 9 9  119 9 8
--- a/config/kernel/ipfire_logo.ppm
+++ b/config/kernel/ipfire_logo.ppm
--- a/config/kernel/kernel.config.bpf
+++ b/config/kernel/kernel.config.bpf
@@ -6,3 +6,7 @@ CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_KPROBES=y
 CONFIG_KPROBE_EVENTS=y
 CONFIG_BPF_EVENTS=y
+CONFIG_UPROBES=y
+CONFIG_UPROBE_EVENTS=y
+CONFIG_DEBUG_FS=y
+CONFIG_MODULE_SIG_FORCE=n
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -7050,8 +7050,8 @@ CONFIG_NTFS3_FS_POSIX_ACL=y
 # Pseudo filesystems
 #
 CONFIG_PROC_FS=y
-# CONFIG_PROC_KCORE is not set
-# CONFIG_PROC_VMCORE is not set
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_VMCORE=y
 CONFIG_PROC_SYSCTL=y
 CONFIG_PROC_PAGE_MONITOR=y
 # CONFIG_PROC_CHILDREN is not set
@@ -7759,7 +7759,10 @@ CONFIG_OBJTOOL=y
 #
 # Generic Kernel Debugging Instruments
 #
-# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1
+CONFIG_MAGIC_SYSRQ_SERIAL=y
+CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
 # CONFIG_DEBUG_FS is not set
 CONFIG_HAVE_ARCH_KGDB=y
 # CONFIG_KGDB is not set
@@ -7834,7 +7837,7 @@ CONFIG_PANIC_ON_OOPS_VALUE=0
 CONFIG_PANIC_TIMEOUT=0
 CONFIG_LOCKUP_DETECTOR=y
 CONFIG_SOFTLOCKUP_DETECTOR=y
-# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
+CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
 CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
 CONFIG_HARDLOCKUP_DETECTOR=y
 # CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set
@@ -7843,8 +7846,8 @@ CONFIG_HARDLOCKUP_DETECTOR_PERF=y
 # CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set
 CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y
 CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
-# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
-# CONFIG_DETECT_HUNG_TASK is not set
+CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y
+CONFIG_DETECT_HUNG_TASK=y
 # CONFIG_WQ_WATCHDOG is not set
 # CONFIG_WQ_CPU_INTENSIVE_REPORT is not set
 # CONFIG_TEST_LOCKUP is not set
@@ -8032,3 +8035,16 @@ CONFIG_ARCH_USE_MEMTEST=y
 #
 # end of Rust hacking
 # end of Kernel hacking
+CONFIG_BPF_SYSCALL=y
+CONFIG_DEBUG_INFO=y
+CONFIG_DEBUG_INFO_BTF=y
+CONFIG_DEBUG_INFO_DWARF4=y
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
+CONFIG_KPROBES=y
+CONFIG_KPROBE_EVENTS=y
+CONFIG_BPF_EVENTS=y
+CONFIG_UPROBES=y
+CONFIG_UPROBE_EVENTS=y
+CONFIG_DEBUG_FS=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_FPROBE=y
--- a/config/menu/40-services.menu
+++ b/config/menu/40-services.menu
@@ -4,6 +4,12 @@
 			     	'title' => "$Lang::tr{'virtual private networking'}",
 			     	'enabled' => 1,
 			 	};
+    $subservices->{'15.wireguard'} = {
+                                'caption' => $Lang::tr{'wireguard'},
+                                'uri' => '/cgi-bin/wireguard.cgi',
+                                'title' => "$Lang::tr{'wireguard'}",
+                                'enabled' => 1,
+                                };
    $subservices->{'20.openvpn'} = {
 				'caption' => 'OpenVPN',
 			     	'uri' => '/cgi-bin/ovpnmain.cgi',
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -26,12 +26,6 @@
 				'title' => "$Lang::tr{'ipblocklist'}",
 				'enabled' => 1,
 				};
-    $subfirewall->{'60.locationblock'} = {
-				'caption' => $Lang::tr{'locationblock'},
-				'uri' => '/cgi-bin/location-block.cgi',
-				'title' => $Lang::tr{'locationblock'},
-				'enabled' => 1,
-				};
    $subfirewall->{'70.wireless'} = {
 				'caption' => $Lang::tr{'blue access'},
 				'uri' => '/cgi-bin/wireless.cgi',
--- a/config/menu/60-ipfire.menu
+++ b/config/menu/60-ipfire.menu
@@ -3,6 +3,22 @@
                                'title' => "$Lang::tr{'ebpf xdp ddos system'}",
                                'enabled' => 1,
                                };
+    $subipfire->{'15.xdpdns'} = {'caption' => $Lang::tr{'xdpdns domain'},
+                                'uri' => '/cgi-bin/xdpdns.cgi',
+                                'title' => "$Lang::tr{'xdpdns domain'}",
+                                'enabled' => 1,
+                                };
+    $subipfire->{'16.xdpsni'} = {'caption' => $Lang::tr{'xdpsni domain'},
+                                'uri' => '/cgi-bin/xdpsni.cgi',
+                                'title' => "$Lang::tr{'xdpsni domain'}",
+                                'enabled' => 1,
+                                };
+    $subipfire->{'17.locationblock'} = {
+                                'caption' => $Lang::tr{'locationblock'},
+                                'uri' => '/cgi-bin/location-block.cgi',
+                                'title' => $Lang::tr{'locationblock'},
+                                'enabled' => 1,
+                                };
    $subipfire->{'20.loxilb'} = {
                                 'caption' => $Lang::tr{'loxilb enable'},
                                 'uri' => '/cgi-bin/loxilb.cgi',
--- a/config/menu/70-log.menu
+++ b/config/menu/70-log.menu
@@ -8,6 +8,21 @@
 				 'title' => "$Lang::tr{'log settings'}",
 				 'enabled' => 1
 				 };
+    $sublogs->{'21.xdpdns'} = {'caption' => $Lang::tr{'xdpdns log'},
+				 'uri' => '/cgi-bin/logs.cgi/xdpdnslog.dat',
+				 'title' => "$Lang::tr{'xdpdns log'}",
+				 'enabled' => 1
+				 };
+    $sublogs->{'22.xdpsni'} = {'caption' => $Lang::tr{'xdpsni log'},
+				 'uri' => '/cgi-bin/logs.cgi/xdpsnilog.dat',
+				 'title' => "$Lang::tr{'xdpsni log'}",
+				 'enabled' => 1
+				 };
+    $sublogs->{'23.wireguard'} = {'caption' => $Lang::tr{'wg log'},
+				 'uri' => '/cgi-bin/logs.cgi/wireguardlog.dat',
+				 'title' => "$Lang::tr{'wg log'}",
+				 'enabled' => 1
+				 };
    $sublogs->{'30.proxy'} = {'caption' => $Lang::tr{'proxy logs'},
 				 'uri' => '/cgi-bin/logs.cgi/proxylog.dat',
 				 'title' => "$Lang::tr{'proxy logs'}",
--- a/config/rootfiles/common/arpwatch
+++ b/config/rootfiles/common/arpwatch
@@ -0,0 +1,8 @@
+etc/rc.d/init.d/arpwatch
+etc/sysconfig/arpwatch
+usr/sbin/arpsnmp
+usr/sbin/arpwatch
+#usr/share/man/man8/arpsnmp.8
+#usr/share/man/man8/arpwatch.8
+#var/lib/arpwatch
+var/lib/arpwatch/ethercodes.dat
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -197,8 +197,14 @@ var/ipfire/vpn
 #var/ipfire/vpn/settings
 var/ipfire/wakeonlan
 #var/ipfire/wakeonlan/clients.conf
+var/ipfire/wireguard
+#var/ipfire/wireguard/peers
+#var/ipfire/wireguard/settings
+var/ipfire/wireguard-functions.pl
 var/ipfire/wireless
 #var/ipfire/wireless/config
 #var/ipfire/wireless/settings
 var/ipfire/ddos
 var/ipfire/loxilb
+var/ipfire/xdpdns
+var/ipfire/xdpsni
--- a/config/rootfiles/packages/dnsdist
+++ b/config/rootfiles/packages/dnsdist
@@ -1,4 +1,5 @@
-#etc/dnsdist.conf-dist
+etc/dnsdist.conf-dist
+etc/dnsdist-xsk.conf
 etc/rc.d/init.d/dnsdist
 usr/bin/dnsdist
 #usr/share/man/man1/dnsdist.1
--- a/config/rootfiles/common/haproxy
+++ b/config/rootfiles/common/haproxy
@@ -0,0 +1,7 @@
+etc/logrotate.d/haproxy
+etc/rc.d/init.d/haproxy
+etc/rc.d/rc3.d/S35haproxy
+usr/sbin/haproxy
+var/ipfire/backup/addons/includes/haproxy
+var/lib/haproxy
+var/ipfire/haproxy
--- a/config/rootfiles/common/keepalived
+++ b/config/rootfiles/common/keepalived
@@ -1,5 +1,4 @@
 #etc/keepalived
-etc/keepalived/keepalived.conf.sample
 etc/keepalived/samples
 #etc/keepalived/samples/keepalived.conf.HTTP_GET.port
 #etc/keepalived/samples/keepalived.conf.IPv6
--- a/config/rootfiles/common/kexec-tools
+++ b/config/rootfiles/common/kexec-tools
@@ -0,0 +1,6 @@
+usr/lib/kexec-tools
+usr/lib/kexec-tools/kexec_test
+usr/sbin/kexec
+usr/sbin/vmcore-dmesg
+#usr/share/man/man8/kexec.8
+#usr/share/man/man8/vmcore-dmesg.8
--- a/config/rootfiles/common/libbpf
+++ b/config/rootfiles/common/libbpf
@@ -1,3 +1,4 @@
-usr/include/bpf/xsk.h
-usr/lib/libbpf.so.0
-usr/lib/libbpf.so.0.8.3
+usr/lib/libbpf.a
+usr/lib/libbpf.so
+usr/lib/libbpf.so.1
+usr/lib/libbpf.so.1.4.6
--- a/config/rootfiles/common/libbpf-bootstrap
+++ b/config/rootfiles/common/libbpf-bootstrap
@@ -0,0 +1,5 @@
+usr/bin/kprobe
+usr/bin/ksyscall
+usr/bin/profile
+usr/bin/netqtop
+usr/bin/wg_handshake
--- a/config/rootfiles/common/loxilb-tc
+++ b/config/rootfiles/common/loxilb-tc
@@ -1 +0,0 @@
-usr/bin/ntc
--- a/config/rootfiles/common/makedumpfile
+++ b/config/rootfiles/common/makedumpfile
@@ -0,0 +1 @@
+usr/sbin/makedumpfile
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -35,9 +35,13 @@ usr/local/bin/updxlratorctrl
 usr/local/bin/urlfilterctrl
 #usr/local/bin/wiohelper
 #usr/local/bin/wioscan
+usr/local/bin/wireguardctrl
 usr/local/bin/wirelessclient
 usr/local/bin/wirelessctrl
 #usr/local/bin/wlanapctrl
 usr/local/bin/ddosctrl
 usr/local/bin/loxilbctrl
 usr/local/bin/keepalivedctrl
+usr/local/bin/xdpdnsctrl
+usr/local/bin/xdpsnictrl
+usr/local/bin/xdpgeoipctrl
--- a/config/rootfiles/common/perl-Net-ISP-Balance
+++ b/config/rootfiles/common/perl-Net-ISP-Balance
@@ -0,0 +1,30 @@
+etc/balance
+etc/balance.conf
+etc/balance/firewall
+etc/balance/firewall/01.accept
+etc/balance/firewall/01.accept.pl
+etc/balance/firewall/02.forward.pl
+etc/balance/lsm
+etc/balance/lsm/balancer_event_script
+etc/balance/lsm/default_script
+etc/balance/post-run
+etc/balance/post-run/post-run-script.pl
+etc/balance/pre-run
+etc/balance/pre-run/pre-run-script.pl
+etc/balance/routes
+etc/balance/routes/01.local_routes
+etc/balance/routes/02.local_routes.pl
+etc/load_balance.pl
+usr/bin/foolsm
+usr/bin/load_balance.pl
+usr/lib/perl5/site_perl/5.36.0/Net/ISP
+usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance
+usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance.pm
+usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance/ConfigData.pm
+#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP
+#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP/Balance
+#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP/Balance/.packlist
+#usr/share/man/man1/load_balance.pl.1
+#usr/share/man/man3/Net::ISP::Balance.3
+#usr/share/man/man3/Net::ISP::Balance::ConfigData.3
+var/lib/foolsm
--- a/config/rootfiles/common/perl-Net-Netmask
+++ b/config/rootfiles/common/perl-Net-Netmask
@@ -0,0 +1,5 @@
+usr/lib/perl5/site_perl/5.36.0/Net/Netmask.pm
+#usr/lib/perl5/site_perl/5.36.0/Net/Netmask.pod
+#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/Netmask
+#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/Netmask/.packlist
+#usr/share/man/man3/Net::Netmask.3
--- a/config/rootfiles/common/pwru
+++ b/config/rootfiles/common/pwru
@@ -0,0 +1 @@
+usr/bin/pwru
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,8 +1,10 @@
 etc/suricata
 etc/suricata/suricata.yaml
+etc/suricata/suricata-xdp.yaml
 usr/bin/suricata
 #usr/include/suricata-plugin.h
 usr/sbin/convert-ids-backend-files
+usr/lib/bpf/xdp_filter.bpf
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
 #usr/share/doc/suricata/Basic_Setup.txt
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.24
+usr/lib/libunbound.so.8.1.30
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
@@ -19,6 +19,7 @@ usr/sbin/unbound-checkconf
 usr/sbin/unbound-control
 usr/sbin/unbound-control-setup
 usr/sbin/unbound-dhcp-leases-bridge
+usr/sbin/unbound-dhcp-leases-client
 usr/sbin/unbound-host
 #usr/share/man/man1/unbound-host.1
 #usr/share/man/man3/libunbound.3
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -86,6 +86,7 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi
 srv/web/ipfire/cgi-bin/webaccess.cgi
 #srv/web/ipfire/cgi-bin/wio.cgi
 #srv/web/ipfire/cgi-bin/wiographs.cgi
+srv/web/ipfire/cgi-bin/wireguard.cgi
 srv/web/ipfire/cgi-bin/wireless.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 srv/web/ipfire/cgi-bin/wlanap.cgi
@@ -95,6 +96,8 @@ srv/web/ipfire/cgi-bin/loxilb.cgi
 srv/web/ipfire/cgi-bin/loxilbconfig.cgi
 srv/web/ipfire/cgi-bin/loxilbfw.cgi
 srv/web/ipfire/cgi-bin/keepalived.cgi
+srv/web/ipfire/cgi-bin/xdpdns.cgi
+srv/web/ipfire/cgi-bin/xdpsni.cgi
 #srv/web/ipfire/html
 srv/web/ipfire/html/blob.gif
 #srv/web/ipfire/html/captive
--- a/config/rootfiles/common/wireguard-tools
+++ b/config/rootfiles/common/wireguard-tools
@@ -0,0 +1,4 @@
+etc/fcron.cyclic/wg-dynamic
+usr/bin/wg
+#usr/share/bash-completion/completions/wg
+#usr/share/man/man8/wg.8
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -10,6 +10,7 @@ etc/rc.d/helper/oci-setup
 #etc/rc.d/init.d
 etc/rc.d/init.d/acpid
 etc/rc.d/init.d/apache
+etc/rc.d/init.d/arpwatch
 etc/rc.d/init.d/beep
 etc/rc.d/init.d/checkfs
 etc/rc.d/init.d/cleanfs
@@ -90,20 +91,30 @@ etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/unbound
 etc/rc.d/init.d/vnstat
 etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
 etc/rc.d/init.d/wlanclient
 etc/rc.d/init.d/ddos
 etc/rc.d/init.d/loxilb
+etc/rc.d/init.d/xdpdns
+etc/rc.d/init.d/xdpsni
+etc/rc.d/init.d/xdpgeoip
+etc/rc.d/init.d/kdump-config
+etc/rc.d/init.d/kdump-init-functions
+etc/rc.d/init.d/kdump-tools
+etc/rc.d/init.d/kdump-vars.sh
 #etc/rc.d/rc0.d
 #etc/rc.d/rc0.d/K01imspetor
 #etc/rc.d/rc0.d/K01motion
 #etc/rc.d/rc0.d/K01vdradmin
 #etc/rc.d/rc0.d/K02sslh
 etc/rc.d/rc0.d/K08fcron
+etc/rc.d/rc0.d/K12arpwatch
 etc/rc.d/rc0.d/K28apache
 etc/rc.d/rc0.d/K30sshd
 etc/rc.d/rc0.d/K47setclock
 etc/rc.d/rc0.d/K49cyrus-sasl
 etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
 etc/rc.d/rc0.d/K77conntrackd
 etc/rc.d/rc0.d/K78suricata
 etc/rc.d/rc0.d/K79leds
@@ -135,6 +146,8 @@ etc/rc.d/rc3.d/S24cyrus-sasl
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
+etc/rc.d/rc3.d/S64arpwatch
 etc/rc.d/rc3.d/S98rc.local
 #etc/rc.d/rc3.d/S98sslh
 #etc/rc.d/rc3.d/S99imspetor
@@ -146,11 +159,13 @@ etc/rc.d/rc3.d/S98rc.local
 #etc/rc.d/rc6.d/K01vdradmin
 #etc/rc.d/rc6.d/K02sslh
 etc/rc.d/rc6.d/K08fcron
+etc/rc.d/rc6.d/K12arpwatch
 etc/rc.d/rc6.d/K28apache
 etc/rc.d/rc6.d/K30sshd
 etc/rc.d/rc6.d/K47setclock
 etc/rc.d/rc6.d/K49cyrus-sasl
 etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
 etc/rc.d/rc6.d/K77conntrackd
 etc/rc.d/rc6.d/K78suricata
 etc/rc.d/rc6.d/K79leds
@@ -194,3 +209,4 @@ etc/sysconfig/modules
 etc/sysconfig/ramdisk
 etc/sysconfig/rc
 etc/sysconfig/rc.local
+etc/sysconfig/arpwatch
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -23700,3 +23700,4 @@ lib/modules/KVER-ipfire/modules.symbols.bin
 #lib/modules/KVER-ipfire/source
 sbin/gen_init_cpio
 usr/sbin/bpftool
+usr/sbin/perf
--- a/config/rootfiles/common/xdp-tools
+++ b/config/rootfiles/common/xdp-tools
@@ -1,8 +1,23 @@
 usr/lib/bpf/xdp-dispatcher.o
 usr/lib/bpf/xdp_synproxy.bpf.o
+etc/rc.d/rc3.d/S105ddos
 usr/lib/bpf/xdp_dnsrrl.bpf.o
 usr/lib/bpf/xdp_udp.bpf.o
+usr/lib/bpf/xdp_dns.bpf.o
+usr/lib/bpf/xdp_sni.bpf.o
+usr/lib/bpf/xdp_geoip.bpf.o
+usr/lib/bpf/xdp_udpddos.bpf.o
+usr/lib/bpf/dnsdist_xdp.bpf.o
+usr/lib/bpf/class_filter.bpf.o
 usr/sbin/xdp-udp
+usr/sbin/xdp_dns
+etc/rc.d/rc3.d/S102xdpdns
+usr/sbin/xdp_dns_log
+usr/sbin/xdp_sni
+usr/sbin/xdp_sni_log
+etc/rc.d/rc3.d/S103xdpsni
+usr/sbin/xdp_geoip
+etc/rc.d/rc3.d/S104xdpgeoip
 usr/lib/bpf/xdpdump_bpf.o
 usr/lib/bpf/xdpdump_xdp.o
 usr/lib/bpf/xdpfilt_alw_all.o
@@ -20,15 +35,18 @@ usr/lib/bpf/xsk_def_xdp_prog_5.3.o
 usr/lib/libxdp.a
 usr/lib/libxdp.so
 usr/lib/libxdp.so.1
-usr/lib/libxdp.so.1.4.0
+usr/lib/libxdp.so.1.5.0
 usr/lib/pkgconfig/libxdp.pc
 usr/sbin/xdp-bench
 usr/sbin/xdp-filter
 usr/sbin/xdp-loader
+usr/sbin/tc-loader
+usr/lib/bpf/tc-dummy.bpf.o
 usr/sbin/xdp-monitor
 usr/sbin/xdp-trafficgen
 usr/sbin/xdp_synproxy
 usr/sbin/xdp-udp
 usr/sbin/xdpdump
+usr/sbin/class_filter
 usr/share/xdp-tools/xdp_drop.o
 usr/share/xdp-tools/xdp_pass.o
--- a/config/suricata/suricata-xdp.yaml
+++ b/config/suricata/suricata-xdp.yaml
--- a/config/unbound/unbound-dhcp-leases-client
+++ b/config/unbound/unbound-dhcp-leases-client
@@ -0,0 +1,75 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2016  Michael Tremer                                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+SOCKET="/var/run/unbound-dhcp-leases-bridge.sock"
+
+main() {
+	local event="${1}"
+	shift
+
+	# Check if we have received an event
+	if [ -z "${event}" ]; then
+		echo "${0}: Missing event" >&2
+		return 2
+	fi
+
+	# Check if the socket exists
+	if [ ! -S "${SOCKET}" ]; then
+		echo "${0}: ${SOCKET} does not exist" >&2
+		return 1
+	fi
+
+	# Connect to the socket
+	coproc NC { nc -U "${SOCKET}"; }
+
+	local arg
+	local response
+
+	# Send the message
+	{
+		# Send the event
+		echo "EVENT=${event}"
+
+		# Send all arguments
+		for arg in $@; do
+			echo "${arg}"
+		done
+	} >&"${NC[1]}"
+
+	# Close the input part of the connection
+	exec {NC[1]}>&-
+
+	# Capture the response
+	read response <&"${NC[0]}"
+
+	case "${response}" in
+		OK)
+			return 0
+			;;
+
+		*)
+			echo "${response}" >&2
+			return 1
+			;;
+	esac
+}
+
+main "$@" || exit $?
--- a/config/wireguard/wg-dynamic
+++ b/config/wireguard/wg-dynamic
@@ -0,0 +1,122 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org>               #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+#                                                                             #
+# This script tries to keep WireGuard connections with dynamic peers alive    #
+#                                                                             #
+# It resolves the endpoint if it is an FQDN, and if so, will check if the     #
+# currently connected endpoint matches any of the resolved IP addresses. If   #
+# not it will reload the WireGuard configuration in the hope that wg will     #
+# update the kernel with the new IP address and the connection comes back up  #
+# again.                                                                      #
+#                                                                             #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# Fetches the first endpoint that is currently active on the given interface
+current_endpoint() {
+	local intf="${1}"
+
+	local pubkey
+	local endpoint
+
+	# List the first endpoint (are there even more than one?)
+	wg show "${intf}" endpoints | while read -r pubkey endpoint; do
+		echo "${endpoint%:*}"
+		break
+	done
+
+	return 0
+}
+
+# Resolves a hostname
+resolve() {
+	local endpoint="${1}"
+
+	dig +short "A" "${endpoint}" 2>/dev/null
+}
+
+main() {
+	local -A settings=()
+
+	# Read WireGuard settings
+	readhash settings /var/ipfire/wireguard/settings
+
+	# Do nothing if WireGuard is not enabled
+	if [ "${settings[ENABLED]}" != "on" ]; then
+		return 0
+	fi
+
+	local line
+	while IFS=',' read -r -a line; do
+		local id="${line[0]}"
+		local enabled="${line[1]}"
+		local type="${line[2]}"
+		local name="${line[3]}"
+		local endpoint="${line[7]}"
+
+		# Only process enabled net-to-net connections
+		case "${enabled},${type}" in
+			on,net)
+				;;
+			*)
+				continue
+				;;
+		esac
+
+		# The endpoint must be an FQDN
+		case "${endpoint}" in
+			# Ignore IP addresses
+			[0-9]*.[0-9]*.[0-9]*.[0-9]*)
+				continue
+				;;
+
+			# Ignore if we don't know the endpoint
+			"")
+				continue
+				;;
+		esac
+
+		local address
+		local match=0
+
+		# Fetch the current endpoint address
+		local current_address="$(current_endpoint "wg${id}")"
+
+		# Walk through all IP addresses the FQDN resolves to
+		for address in $(resolve "${endpoint}"); do
+			if [ "${current_address}" = "${address}" ]; then
+				match=1
+				break
+			fi
+		done
+
+		# If there has been no match, we have to reload everything
+		if [ "${match}" -eq 0 ]; then
+			exec /etc/init.d/wireguard reload
+		fi
+	done < /var/ipfire/wireguard/peers
+
+	return 0
+}
+
+main "$@" || exit $?
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1559,6 +1559,7 @@ WARNING: untranslated string: proxy reports today = Today
 WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: ptr lookup failed = Reverse lookup failed
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: pulse = Pulse
 WARNING: untranslated string: pulse dial = Pulse dial:
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -20,10 +20,8 @@
 ###############################################################################

 use CGI qw(param);
-use Apache::Htpasswd;
-use Crypt::PasswdMD5;

-$swroot = "/var/ipfire";
+require '/var/ipfire/general-functions.pl';

 my %cgiparams;
 my %mainsettings;
@@ -32,8 +30,8 @@ my %proxysettings;
 $proxysettings{'NCSA_MIN_PASS_LEN'} = 6;

 ### Initialize environment
-&readhash("${swroot}/main/settings", \%mainsettings);
-&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
+&readhash("${General::swroot}/main/settings", \%mainsettings);
+&readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
 $language = $mainsettings{'LANGUAGE'};

 ### Initialize language
@@ -42,12 +40,12 @@ if ($language =~ /^(\w+)$/) {$language = $1;}
 # Uncomment this to force a certain language:
 # $language='en';
 #
-require "${swroot}/langs/en.pl";
-require "${swroot}/langs/${language}.pl";
+require "${General::swroot}/langs/en.pl";
+require "${General::swroot}/langs/${language}.pl";

-my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
+my $userdb = "$General::swroot/proxy/advanced/ncsa/passwd";

-&readhash("$swroot/ethernet/settings", \%netsettings);
+&readhash("$General::swroot/ethernet/settings", \%netsettings);

 my $success = 0;

@@ -76,20 +74,13 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
 		goto ERROR;
 	}

-	my $htpasswd = new Apache::Htpasswd("$userdb");
-
-	# Check if a user with this name exists
-	my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
-	if (!$old_password) {
-		$errormessage = $tr{'advproxy errmsg invalid user'};
-		goto ERROR;
-	}
-
-	# Reset password
-	if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
-			$cgiparams{'OLD_PASSWORD'})) {
-		$errormessage = $tr{'advproxy errmsg password incorrect'};
+	# If the htpasswd verification status is 0 then update the database
+	# otherwise respond with an error message.
+	if (&General::system("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}") != 0) {
+		$errormessage = $tr{'advproxy errmsg invalid user/password'};
 		goto ERROR;
+	} else {
+		&General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'NEW_PASSWORD_1'}");
 	}

 	$success = 1;
--- a/html/cgi-bin/credits.cgi
+++ b/html/cgi-bin/credits.cgi
@@ -38,11 +38,17 @@ require "${General::swroot}/header.pl";
 &Header::openbox('100%', 'left', $Lang::tr{'donation'});

 print <<END
-<p>$Lang::tr{'donation-text'}</p>
-
+<p>$Lang::tr{'donation-bpfire-text'}</p>
 <div align="center">
-	<a href="https://www.ipfire.org/donate">
-		<strong>$Lang::tr{'donation'}</strong>
+        <a href="https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD" target="_blank">
+                <strong>$Lang::tr{'donation-bpfire'}</strong>
+        </a>
+</div>
+<p>$Lang::tr{'donation-ipfire-text'}</p>
+<div align="center">
+
+	<a href="https://www.ipfire.org/donate" target="_blank">
+		<strong>$Lang::tr{'donation-ipfire'}</strong>
 	</a>
 </div>
 END
@@ -54,7 +60,7 @@ END
 print <<END
 <br>
 <center>
-	$Lang::tr{'visit us at'}: <b><a href='https://www.ipfire.org/' target="_blank">https://www.ipfire.org/</a></b>
+	$Lang::tr{'visit us at'}: <b><a href='http://www.bpfire.net/' target="_blank">https://www.bpfire.net/</a></b> <b><a href='https://www.ipfire.org/' target="_blank">https://www.ipfire.org/</a></b>
 </center>
 <br><br>

--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -523,17 +523,19 @@ print <<END
 		<td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>

 		<td class='username'>$Lang::tr{'username'}</td>
-		<td class='username'><input type='text' name='LOGIN' value='$settings{'LOGIN'}' /></td>
+		<td class='username'><input type='text' name='LOGIN'
+			value='@{[ &Header::escape($settings{'LOGIN'}) ]}' /></td>

 		<td class='token' style='display:none'>$Lang::tr{'token'}</td>
-		<td class='token' style='display:none'><input type='text' name='TOKEN' value='$settings{'TOKEN'}' /></td>
+		<td class='token' style='display:none'><input type='text' name='TOKEN'
+			value='@{[ &Header::escape($settings{'TOKEN'}) ]}' /></td>
 	</tr>

 	<tr class='password'>
 		<td class='base'></td>
 		<td></td>
 		<td class='base'>$Lang::tr{'password'}</td>
-		<td><input type='password' name='PASSWORD' value='$settings{'PASSWORD'}' /></td>
+		<td><input type='password' name='PASSWORD' value='@{[ &Header::escape($settings{'PASSWORD'}) ]}' /></td>
 	</tr>
 </table>
 <br>
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -127,18 +127,20 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
 		$errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
 	}

-	# Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
-	elsif($settings{'PROTO'} eq "TLS") {
-		unless($cgiparams{"TLS_HOSTNAME"}) {
-			$errormessage = "$Lang::tr{'dns no tls hostname given'}";
-		} else {
-			# Check if the provided domain is valid.
-			unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
-				$errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
-			}
+	# Check if the provided hostname is valid
+	if ($cgiparams{'TLS_HOSTNAME'} ne "") {
+		unless (&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
+			$errormessage = "$Lang::tr{'invalid ip or hostname'}: " . &Header::escape($cgiparams{'TLS_HOSTNAME'});
 		}
 	}

+        # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
+        if ($settings{'PROTO'} eq "TLS") {
+                unless ($cgiparams{"TLS_HOSTNAME"}) {
+                        $errormessage = "$Lang::tr{'dns no tls hostname given'}";
+                }
+        }
+
 	# Go further if there was no error.
 	if ( ! $errormessage) {
 		# Check if a remark has been entered.
@@ -773,9 +775,9 @@ sub show_add_edit_nameserver() {
 		# Check if an ID has been given.
 		if ($cgiparams{'ID'}) {
 			# Assign cgiparams values.
-			$cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
+			$cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
 			$cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
-			$cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
+			$cgiparams{'REMARK'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
 		}
 	} else {
 		&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -2,7 +2,8 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+# Copyright (C) 2013-2025  IPFire Team  <info@ipfire.org>		      #
+# Copyright (C) 2024-2025  BPFire Team  <vincent.mc.li@gmail.com>	      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -837,8 +838,9 @@ sub checkrule
 					$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
 				}
 		}else{
+
 			if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
-			$errormessage.=$Lang::tr{'fwdfw err samesub'};
+				$errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}};
 			}
 		}
 	}
@@ -1208,6 +1210,40 @@ END

 	#End left table. start right table (vpn)
 	print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
+
+	# WireGuard Peers
+	if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') {
+		print <<EOF;
+			<tr>
+				<td>
+					<input type='radio' name='$grp' id='wg_peer_$srctgt' value='wg_peer_$srctgt' $checked{$grp}{'wg_peer_'.$srctgt}>
+				</td>
+				<td nowrap='nowrap' width='16%'>
+					$Lang::tr{'fwhost wg peers'}
+				</td>
+				<td nowrap='nowrap' width='1%' align='right'>
+					<select name='wg_peer_$srctgt' style='width:200px;'>"
+EOF
+			# Sort peers by name
+			foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+				# Load the peer
+				my $peer = &Wireguard::load_peer($key);
+
+				# Is this peer selected?
+				my $selected = ($fwdfwsettings{$fwdfwsettings{$grp}} eq $peer->{'NAME'}) ? "selected" : "";
+
+				print <<EOF;
+					<option value="$peer->{'NAME'}" $selected>$peer->{'NAME'}</option>
+EOF
+			}
+
+			print <<EOF;
+					</select>
+				</td>
+			</tr>
+EOF
+	}
+
 	# CCD networks
 	if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
 		print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt'  $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
@@ -1291,19 +1327,22 @@ sub get_ip
 		if ($fwdfwsettings{$grp} eq $val.'_addr'){
 			($a,$b)   = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
 		}elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
-			if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+			if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){
 				$a=$netsettings{'GREEN_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){
 				$a=$netsettings{'ORANGE_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){
 				$a=$netsettings{'BLUE_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){
 				&General::readhash("$configovpn",\%ovpnsettings);
 				($a,$b)   = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
 				$b=&General::iporsubtocidr($b);
+			# WireGuard
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") {
+				return $Wireguard::settings{'CLIENT_POOL'};
 			}
 		}elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
 			&General::readhasharray("$confignet", \%customnetwork);
@@ -1454,6 +1493,9 @@ sub getcolor
 		}elsif ($val eq 'IPsec RW' ){
 			$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
 			return;
+		}elsif ($val eq "WGRW") {
+			$tdcolor="style='background-color: $Header::colourwg; color: white;'";
+			return;
 		}elsif($val =~ /^(.*?)\/(.*?)$/){
 			my ($sip,$scidr) = split ("/",$val);
 			if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
@@ -1520,8 +1562,19 @@ sub getcolor
 					}
 				}
 			}
+			# WireGuard Roadwarrior
+			if ($Wireguard::settings{'CLIENT_POOL'}) {
+				if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) {
+					$tdcolor="style='background-color: $Header::colourwg; color:white;'";
+					return;
+				}
+			}
 		}
 		#VPN networks
+		if ($nettype eq 'wg_peer_src' || $nettype eq 'wg_peer_tgt'){
+			$tdcolor="style='background-color: $Header::colourwg;color:white;'";
+			return;
+		}
 		if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
 			$tdcolor="style='background-color: $Header::colourovpn;color:white;'";
 			return;
@@ -2348,6 +2401,7 @@ sub saverule
 		$fwdfwsettings{'ruleremark'}=~ s/,/;/g;
 		utf8::decode($fwdfwsettings{'ruleremark'});
 		$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
+		$fwdfwsettings{'PROT'}=&Header::escape($fwdfwsettings{'PROT'});
 		if ($fwdfwsettings{'updatefwrule'} ne 'on'){
 			my $key = &General::findhasharraykey ($hash);
 			$$hash{$key}[0]  = $fwdfwsettings{'RULE_ACTION'};
@@ -2577,10 +2631,10 @@ END
 			@tmpsrc=();
 			@tmptgt=();
 			#check if vpn hosts/nets have been deleted
-			if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
+			if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /^wg_/ || $$hash{$key}[3] =~ /ovpn/i){
 				push (@tmpsrc,$$hash{$key}[4]);
 			}
-			if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
+			if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /^wg_/ || $$hash{$key}[5] =~ /ovpn/i){
 				push (@tmptgt,$$hash{$key}[6]);
 			}
 			foreach my $host (@tmpsrc){
@@ -2600,6 +2654,10 @@ END
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
 					}
+				}elsif($$hash{$key}[3] eq 'wg_peer_src') {
+					if (!defined &Wireguard::get_peer_by_name($host)) {
+						$coloryellow = 'on';
+					}
 				}
 			}
 			foreach my $host (@tmptgt){
@@ -2619,6 +2677,10 @@ END
 					if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
 						$coloryellow='on';
 					}
+				}elsif($$hash{$key}[5] eq 'wg_peer_tgt') {
+					if (!defined &Wireguard::get_peer_by_name($host)) {
+						$coloryellow = 'on';
+					}
 				}
 			}
 			#check if networkgroups or servicegroups are empty
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org>                        #
+# Copyright (C) 2013-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -582,6 +582,13 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
 			$fwhostsettings{'grp_name'}='';
 			$fwhostsettings{'remark'}='';
 		}
+		# Fetch the address from a WireGuard Peer
+		if ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} ne ''){
+			@target=$fwhostsettings{'WG_PEER'};
+			$type='wg_peer';
+		}elsif ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} eq ''){
+			$errormessage=$Lang::tr{'fwhost err groupempty'};
+		}
 		#get address from  ovpn ccd static net
 		if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
 			@target=$fwhostsettings{'OVPN_CCD_NET'};
@@ -696,6 +703,10 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp')
 	# Check name
 	if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}

+	unless (&General::validcc($fwhostsettings{'COUNTRY_CODE'})) {
+		$errormessage = $Lang::tr{'fwhost invalid country code'};
+	}
+
 	# Check for existing group name.
 	if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){
 		$errormessage = $Lang::tr{'fwhost err grpexist'};
@@ -707,7 +718,7 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp')
 	}

 	if ($fwhostsettings{'update'} eq 'on'){
-		@target=$fwhostsettings{'COUNTRY_CODE'};
+		@target = $fwhostsettings{'COUNTRY_CODE'};
 		$type='Location Group';

 		#check if host/net exists in grp
@@ -1320,10 +1331,29 @@ sub showmenu {
 	&Header::openbox('100%', 'left',);
 	print "$Lang::tr{'fwhost welcome'}";
 	print<<END;
-	<br><br><table border='0' width='100%'>
-	<tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newlocationgrp'}' ></form></td>
-	<td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
-	<tr><td colspan='6'></td></tr></table>
+	<br><br>
+	<table border='0' width='100%'>
+		<tr>
+			<td>
+			<form method='post'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newlocationgrp'}'>
+			</form>
+			</td>
+			<td align='right'>
+			<form method='post'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}'>
+			<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}'>
+			</form>
+			</td>
+		</tr>
+		<tr>
+			<td colspan='6'>
+			</td>
+		</tr>
+	</table>
 END
 	&Header::closebox();

@@ -1504,6 +1534,34 @@ END
 			print"</table>";
 			#Inner table right
 			print"</td><td align='right' style='vertical-align:top;'><table width='90%' border='0'>";
+			# WireGuard Peers
+			if (%Wireguard::peers) {
+				print <<EOF;
+					<tr>
+						<td style='width:15em;'>
+							<label>
+								<input type='radio' name='grp2' value='wg_peer' $checked{'grp2'}{'wg_peer'}>
+								$Lang::tr{'fwhost wg peers'}
+							</label>
+						</td>
+						<td style='text-align:right;'>
+							<select name='WG_PEER' style='width:16em;'>"
+EOF
+
+				foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+					my $peer = &Wireguard::load_peer($key);
+
+					print <<EOF;
+								<option value="$peer->{"NAME"}">$peer->{"NAME"}</option>
+EOF
+				}
+
+				print <<EOF;
+							</select>
+						</td>
+					</tr>
+EOF
+			}
 			#OVPN networks
 			if (! -z $configccdnet){
 				print<<END;
@@ -1725,7 +1783,7 @@ sub addservice
 	{
 		$fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
 		$fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
-		$fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
+		$fwhostsettings{'oldsrvprot'} = &Header::escape($fwhostsettings{'PROT'});
 		$fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'};
 	}
 	print<<END;
@@ -1898,7 +1956,8 @@ END
 			}
 			my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
 			my $netcount=&getnetcount($customnetwork{$key}[0]);
-			print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col>$netcount x</td>";
+			my $netusedin=&getusedin($customnetwork{$key}[0]);
+			print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col><span title='$netusedin'>$netcount x</span></td>";
 			print<<END;
 			<td width='1%' $col><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
 			<input type='hidden' name='ACTION' value='editnet'>
@@ -1954,6 +2013,14 @@ sub getcolor
 			$tdcolor="<font style='color: $Header::colourred;'>$c</font>";
 			return $tdcolor;
 		}
+
+		# WireGuard Roadwarrior
+		if ($Wireguard::settings{'CLIENT_POOL'}) {
+			if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) {
+				return "<font style='color: $Header::colourwg;'>$c</font>"
+			}
+		}
+
 		#Check if IP is part of OpenVPN N2N subnet
 		foreach my $key (sort keys %ccdhost){
 			if ($ccdhost{$key}[3] eq 'net'){
@@ -2044,8 +2111,10 @@ END
 			$customhost{$key}[4]=~s/\s+//g;
 			my $hostcount=0;
 			$hostcount=&gethostcount($customhost{$key}[0]);
-			print"<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >".&getcolor($ip)."</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col>$hostcount x</td>";
-			print<<END;
+			my $hostusedin=&getusedin($customhost{$key}[0]);
+			my $color = &getcolor($ip);
+			print <<END;
+			<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >$color</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col><span title="$hostusedin">$hostcount x</span></td>
 			<td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
 			<input type='hidden' name='ACTION' value='edithost' />
 			<input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
@@ -2120,7 +2189,8 @@ sub viewtablegrp
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp;";
 				print " <b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp " if ($remark ne '');
 				my $netgrpcount=&getnetcount($grpname);
-				print "<b>$Lang::tr{'used'}:</b> $netgrpcount x";
+				my $groupusedin=&getusedin($grpname);
+				print "<b>$Lang::tr{'used'}:</b> <span title='$groupusedin'>$netgrpcount x</span>";
 				if($netgrpcount == '0')
 				{
 					print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
@@ -2258,8 +2328,8 @@ sub viewtablelocationgrp

 			# Get group count.
 			my $locationgrpcount=&getlocationcount($grpname);
-			print "<b>$Lang::tr{'used'}:</b> $locationgrpcount x";
-
+			my $locationusedin=&getlocusedin($grpname);
+			print "<b>$Lang::tr{'used'}:</b> <span title='$locationusedin'>$locationgrpcount x</span>";
 			# Only display delete icon, if the group is not used by a firewall rule.
 			if($locationgrpcount == '0') {
 				print"<form method='post' style='display:inline'>\n";
@@ -2401,10 +2471,11 @@ END
 END
 			#Neuer count
 			$srvcount=&getsrvcount($customservice{$key}[0]);
+			my $serviceusedin=&getsrvusedin($customservice{$key}[0]);
 			if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
 			elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
 			print<<END;
-			</td><td align='center' $col>$srvcount x</td>
+			</td><td align='center' $col><span title='$serviceusedin'>$srvcount x</span></td>
 			<td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /><input type='hidden' name='ACTION' value='editservice' />
 			<input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
 			<input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
@@ -2476,7 +2547,8 @@ sub viewtableservicegrp
 				if($count >0){print"</table>";$count=1;}
 				print "<br><b><u>$grpname</u></b>&nbsp; &nbsp; ";
 				print "<b>$Lang::tr{'remark'}:</b>&nbsp; $remark " if ($remark ne '');
-				print "&nbsp; <b>$Lang::tr{'used'}:</b> $grpcount x";
+				my $srvgrpusedin=&getsrvusedin($customservicegrp{$key}[0]);
+				print "&nbsp; <b>$Lang::tr{'used'}:</b> <span title='$srvgrpusedin'>$grpcount x</span>";
 				if($grpcount == '0')
 				{
 					print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
@@ -2749,6 +2821,106 @@ sub getlocationcount
 	}
 	return $counter;
 }
+sub getlocusedin
+{
+	my $groupname=shift;
+	my $titletext="";
+
+	# Location groups are stored as "group:groupname" in the
+	# firewall settings files.
+	my $searchstring = join(':', "group",$groupname);
+
+	#Count services used in firewall - config
+	my $fwfwtext="";
+	# first set title if found
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[4] eq $searchstring){
+			$fwfwtext = "$Lang::tr{'firewall rules'}:";
+		}
+		if($fwfwd{$key1}[6] eq $searchstring){
+			$fwfwtext = "$Lang::tr{'firewall rules'}:";
+		}
+	}
+	# then add rule numbers
+	my @fwfwrules = ();
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[4] eq $searchstring){
+			push(@fwfwrules, $key1);
+		}
+		if($fwfwd{$key1}[6] eq $searchstring){
+			push(@fwfwrules, $key1);
+		}
+	}
+	my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
+	foreach my $rule (@fwfwarraysorted)
+	{
+    	$fwfwtext .= "&#010- $rule";
+	}
+	#Count services used in firewall - input
+	my $fwintext="";
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[4] eq $searchstring){
+			$fwintext = "$Lang::tr{'incoming firewall access'}:";
+		}
+		if($fwinp{$key2}[6] eq $searchstring){
+			$fwintext = "$Lang::tr{'incoming firewall access'}:";
+		}
+	}
+	my @fwinrules = ();
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[4] eq $searchstring){
+			push(@fwinrules, $key2);
+		}
+		if($fwinp{$key2}[6] eq $searchstring){
+			push(@fwinrules, $key2);
+		}
+	}
+	my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
+	foreach my $rule (@fwinarraysorted)
+	{
+    	$fwintext .= "&#010- $rule";
+	}
+	#Count services used in firewall - outgoing
+	my $fwouttext="";
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[4] eq $searchstring){
+			$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+		if($fwout{$key3}[6] eq $searchstring){
+			$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+	}
+	my @fwoutrules = ();
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[4] eq $searchstring){
+			push(@fwoutrules, $key3);
+		}
+		if($fwout{$key3}[6] eq $searchstring){
+			push(@fwoutrules, $key3);
+		}
+	}
+	my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
+	foreach my $rule (@fwoutarraysorted)
+	{
+    	$fwouttext .= "&#010- $rule";
+	}
+	if ($fwfwtext) {
+		$titletext .= "$fwfwtext"
+	}
+	if ($fwintext) {
+		if ($titletext) {
+			$titletext .= "&#010 "
+		}
+		$titletext .= "$fwintext"
+	}
+	if ($fwouttext) {
+		if ($titletext) {
+			$titletext .= "&#010 "
+		}
+		$titletext .= "$fwouttext"
+	}
+	return $titletext;
+}
 sub getnetcount
 {
 	my $searchstring=shift;
@@ -2788,6 +2960,122 @@ sub getnetcount
 	}
 	return $srvcounter;
 }
+sub getusedin
+{
+	my $searchstring=shift;
+	my $titletext="";
+	my $groups=();
+	my $rules=();
+
+	#Count services used in Network/Host group
+	my $servicegrouptext="";
+	foreach my $key (keys %customgrp) {
+		if($customgrp{$key}[2] eq $searchstring){
+			$servicegrouptext = "$Lang::tr{'fwhost cust grp'}:";
+		}
+	}
+	foreach my $key (keys %customgrp) {
+		if($customgrp{$key}[2] eq $searchstring){
+			$servicegrouptext .= "&#010- $customgrp{$key}[0]";
+		}
+	}
+	#Count services used in firewall - config
+	my $fwfwtext="";
+	# first set title if found
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[4] eq $searchstring){
+			$fwfwtext = "$Lang::tr{'firewall rules'}:";
+		}
+		if($fwfwd{$key1}[6] eq $searchstring){
+			$fwfwtext = "$Lang::tr{'firewall rules'}:";
+		}
+	}
+	# then add rule numbers
+	my @fwfwrules = ();
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[4] eq $searchstring){
+			push(@fwfwrules, $key1);
+		}
+		if($fwfwd{$key1}[6] eq $searchstring){
+			push(@fwfwrules, $key1);
+		}
+	}
+	my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
+	foreach my $rule (@fwfwarraysorted)
+	{
+    	$fwfwtext .= "&#010- $rule";
+	}
+	#Count services used in firewall - input
+	my $fwintext="";
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[4] eq $searchstring){
+			$fwintext = "$Lang::tr{'incoming firewall access'}:";
+		}
+		if($fwinp{$key2}[6] eq $searchstring){
+			$fwintext = "$Lang::tr{'incoming firewall access'}:";
+		}
+	}
+	my @fwinrules = ();
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[4] eq $searchstring){
+			push(@fwinrules, $key2);
+		}
+		if($fwinp{$key2}[6] eq $searchstring){
+			push(@fwinrules, $key2);
+		}
+	}
+	my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
+	foreach my $rule (@fwinarraysorted)
+	{
+    	$fwintext .= "&#010- $rule";
+	}
+	#Count services used in firewall - outgoing
+	my $fwouttext="";
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[4] eq $searchstring){
+			$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+		if($fwout{$key3}[6] eq $searchstring){
+			$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+	}
+	my @fwoutrules = ();
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[4] eq $searchstring){
+			push(@fwoutrules, $key3);
+		}
+		if($fwout{$key3}[6] eq $searchstring){
+			push(@fwoutrules, $key3);
+		}
+	}
+	my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
+	foreach my $rule (@fwoutarraysorted)
+	{
+    	$fwouttext .= "&#010- $rule";
+	}
+	if ($servicegrouptext) {
+		$titletext .= "$servicegrouptext"
+	}
+	if ($fwfwtext) {
+		if ($titletext) {
+			$titletext .= "&#010 "
+		}
+		$titletext .= "$fwfwtext"
+	}
+	if ($fwintext) {
+		if ($titletext) {
+			$titletext .= "&#010 "
+		}
+		$titletext .= "$fwintext"
+	}
+	if ($fwouttext) {
+		if ($titletext) {
+			$titletext .= "&#010 "
+		}
+		$titletext .= "$fwouttext"
+	}
+	return $titletext
+}
 sub getsrvcount
 {
 	my $searchstring=shift;
@@ -2818,6 +3106,100 @@ sub getsrvcount
 	}
 	return $srvcounter;
 }
+sub getsrvusedin
+{
+	my $searchstring=shift;
+	my $titletext="";
+	#Count services used in servicegroups
+	my $servicegrouptext="";
+	foreach my $key (keys %customservicegrp) {
+		if($customservicegrp{$key}[2] eq $searchstring){
+			$servicegrouptext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+	}
+	foreach my $key (keys %customservicegrp) {
+		if($customservicegrp{$key}[2] eq $searchstring){
+			$servicegrouptext .= "&#010- $customservicegrp{$key}[0]";
+		}
+	}
+	my $fwfwtext="";
+	# first set title if found
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[15] eq $searchstring){
+			$fwfwtext = "$Lang::tr{'firewall rules'}:";
+		}
+	}
+	# then add rule numbers
+	my @fwfwrules = ();
+	foreach my $key1 (keys %fwfwd) {
+		if($fwfwd{$key1}[15] eq $searchstring){
+			push(@fwfwrules, $key1);
+		}
+	}
+	my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
+	foreach my $rule (@fwfwarraysorted)
+	{
+    	$fwfwtext .= "&#010- $rule";
+	}
+	#Count services used in firewall - input
+	my $fwintext="";
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[15] eq $searchstring){
+			$fwintext = "$Lang::tr{'incoming firewall access'}:";
+		}
+	}
+	my @fwinrules = ();
+	foreach my $key2 (keys %fwinp) {
+		if($fwinp{$key2}[15] eq $searchstring){
+			push(@fwinrules, $key2);
+		}
+	}
+	my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
+	foreach my $rule (@fwinarraysorted)
+	{
+    	$fwintext .= "&#010- $rule";
+	}
+	#Count services used in firewall - outgoing
+	my $fwouttext="";
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[15] eq $searchstring){
+			$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
+		}
+	}
+	my @fwoutrules = ();
+	foreach my $key3 (keys %fwout) {
+		if($fwout{$key3}[15] eq $searchstring){
+			push(@fwoutrules, $key3);
+		}
+	}
+	my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
+	foreach my $rule (@fwoutarraysorted)
+	{
+    	$fwouttext .= "&#010- $rule";
+	}
+	if ($servicegrouptext ne '') {
+		$titletext .= "$servicegrouptext";
+	}
+	if ($fwfwtext ne '') {
+		if ($titletext) {
+			$titletext .= "&#010 ";
+		}
+		$titletext .= "$fwfwtext";
+	}
+	if ($fwintext ne '') {
+		if ($titletext) {
+			$titletext .= "&#010 ";
+		}
+		$titletext .= "$fwintext";
+	}
+	if ($fwouttext) {
+		if ($titletext ne '') {
+			$titletext .= "&#010 ";
+		}
+		$titletext .= "$fwouttext";
+	}
+	return $titletext
+}
 sub deletefromgrp
 {
 	my $target=shift;
@@ -2960,6 +3342,23 @@ sub getipforgroup
 		&deletefromgrp($name,$configgrp);
 	}

+	# WireGuard Peers
+	if ($type eq "wg_peer") {
+		my $peer = &Wireguard::get_peer_by_name($name);
+
+		if (defined $peer) {
+			my @addresses = ();
+
+			if ($peer->{"TYPE"} eq "host") {
+				push(@addresses, @{ $peer->{"CLIENT_ADDRESS"} });
+			} elsif ($peer->{"TYPE"} eq "net") {
+				push(@addresses, @{ $peer->{"REMOTE_SUBNETS"} });
+			}
+
+			return join(", ", @addresses);
+		}
+	}
+
 	#get address from ovpn ccd Net-2-Net
 	if ($type eq 'OpenVPN N-2-N'){
 		foreach my $key (keys %ccdhost) {
@@ -3036,6 +3435,9 @@ sub getipforgroup
 			&General::readhash("${General::swroot}/ethernet/settings",\%hash);
 			return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'};
 		}
+		if ($name eq "WGRW") {
+			return $Wireguard::settings{'CLIENT_POOL'};
+		}
 		if ($name eq 'ALL'){
 			return "0.0.0.0/0";
 		}
--- a/html/cgi-bin/haproxy.cgi
+++ b/html/cgi-bin/haproxy.cgi
@@ -0,0 +1,289 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024  BPFire  <vincent.mc.li@gmail.com>                       #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+use experimental 'smartmatch';
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+our %hasettings=();
+our %netsettings=();
+my %mainsettings=();
+my %timesettings=();
+my $setting = "${General::swroot}/haproxy/settings";
+my $configsetting = "${General::swroot}/haproxy/config";
+my $loxilbipfile = "${General::swroot}/loxilb/ipconfigfile";
+									# because we need commas in the some data
+my $errormessage = '';
+#remove 'ENABLE_HA' from '/var/ipfire/haproxy/settings' as it could affect haproxy running state
+my @nosaved=('ENABLE_HAPROXY');
+my %color = ();
+
+$hasettings{'ENABLE_HAPROXY'} = 'off';
+
+&Header::showhttpheaders();
+my @MODE= ('tcp', 'http');
+
+#Settings1 for the first screen box
+$hasettings{"mode"} = '';
+$hasettings{"bind"} = '';
+
+# Read Ipcop settings
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+#Get GUI values
+&Header::getcgihash(\%hasettings);
+
+if ($hasettings{'ACTION'} eq $Lang::tr{'enable'})
+{
+	#remove @nosaved from $hasettings before writehash to 'configsettings' file since 'configsetting' is only for haproxy running state
+	my @nosaved = ("mode", "bind", "ENABLE_HAPROXY");
+	map (delete ($hasettings{$_}) ,(@nosaved));
+        &General::writehash("$configsetting", \%hasettings);
+        if ($hasettings{'ENABLE_HAPROXY'} eq 'on') {
+                &General::system('/usr/bin/touch', "${General::swroot}/haproxy/enable_ha");
+                &General::system('/usr/local/bin/haproxyctrl', 'start');
+        } else {
+                &General::system('/usr/local/bin/haproxyctrl', 'stop');
+                unlink "${General::swroot}/haproxy/enable_ha";
+        }
+}
+
+# Check Settings1 first because they are needed by &buildconf
+if ($hasettings{'ACTION'} eq $Lang::tr{'save'}) {
+
+    if ($hasettings{"mode"} eq '') {
+	    $errormessage = "mode" .  " is $Lang::tr{'required field'}";
+	    goto ERROR;
+    }
+    if ($hasettings{"bind"} eq '') {
+	    $errormessage = "bind" . " is $Lang::tr{'required field'}";
+	    goto ERROR;
+    }
+
+    map (delete ($hasettings{$_}) ,@nosaved,'ACTION','KEY1','KEY2','q');	# Must not be saved
+    &General::writehash($setting, \%hasettings);		# Save good settings
+    $hasettings{'ACTION'} = $Lang::tr{'save'};		# create an 'ACTION'
+    map ($hasettings{$_} = '',@nosaved,'KEY1','KEY2');	# and reinit vars to empty
+    &buildconf;
+    ERROR:
+}
+
+if ($hasettings{'ACTION'} eq '' ) { # First launch from GUI
+
+    $hasettings{"mode"} = '';
+    $hasettings{"bind"} = '';
+}
+
+### START PAGE ###
+&Header::openpage($Lang::tr{'haproxy configuration'}, 1, $Header::extraHead);
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+    &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+    print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
+    &Header::closebox();
+}
+
+# Read configuration file.
+&General::readhash("$configsetting", \%hasettings);
+
+# Checkbox pre-selection.
+my $checked;
+if ($hasettings{'ENABLE_HA'} eq "on") {
+        $checked = "checked='checked'";
+}
+
+my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
+
+my @status = &General::system_output('/usr/local/bin/haproxyctrl', 'status');
+
+if (grep(/is running/, @status)){
+        $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
+}
+
+&Header::openbox('100%', 'center', $Lang::tr{'haproxy status'});
+
+print <<END;
+        <table width='100%'>
+        <form method='POST' action='$ENV{'SCRIPT_NAME'}'>
+        <td width='25%'>&nbsp;</td>
+        <td width='25%'>&nbsp;</td>
+        <td width='25%'>&nbsp;</td>
+        <tr><td class='boldbase'>$Lang::tr{'haproxy status'}</td>
+        <td align='left'>$sactive</td>
+        </tr>
+	<tr>
+		<td colspan='4'>&nbsp;</td>
+	</tr>
+        <tr>
+        <td width='100%' class='boldbase'>$Lang::tr{'enable'}
+        <td align='left'><input type='checkbox' name='ENABLE_HA' $checked></td>
+        <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'enable'}'></td>
+        </tr>
+END
+
+print "</form> </table>\n";
+
+&Header::closebox();
+#
+
+
+&General::readhash($setting, \%hasettings);   		# Get saved settings and reset to good if needed
+
+&Header::openbox('100%', 'left', $Lang::tr{'haproxy config'});
+print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
+
+my %checked = ();
+
+print <<END;
+
+<table width='100%'>
+<tr>
+    <td width='25%' class='base'>$Lang::tr{'haproxy mode'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+    <td width='25%'><input type='text' name='mode' value='$hasettings{"mode"}' /></td>
+</tr>
+<tr>
+    <td width='25%' class='base'>$Lang::tr{'haproxy bind'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+    <td width='25%'><input type='text' name='bind' value='$hasettings{"bind"}' /></td>
+</tr>
+
+</table>
+<hr />
+END
+
+print <<END;
+<table width='100%'>
+<tr>
+    <td class='base' width='25%'><img src='/blob.gif' align='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td>
+    <td width='40%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+</tr>
+</table>
+</form>
+END
+
+&Header::closebox();
+
+&Header::closebigbox();
+&Header::closepage();
+
+# Build the configuration file mixing  settings, fixed leases and advanced options
+sub buildconf {
+    open(FILE, ">/${General::swroot}/haproxy/haproxy.cfg") or die "Unable to write haproxy.cfg file";
+    flock(FILE, 2);
+
+    # Global settings
+    print FILE <<EOF;
+
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #    local2.*                       /var/log/haproxy.log
+    #
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        nobody
+    group       nobody
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+EOF
+
+    print FILE <<EOF;
+
+#---------------------------------------------------------------------
+# main frontend which proxys to the backends
+#---------------------------------------------------------------------
+frontend  main
+    bind *:5000
+    acl url_static       path_beg       -i /static /images /javascript /stylesheets
+    acl url_static       path_end       -i .jpg .gif .png .css .js
+
+    use_backend static          if url_static
+    default_backend             app
+
+#---------------------------------------------------------------------
+# static backend for serving up images, stylesheets and such
+#---------------------------------------------------------------------
+backend static
+    balance     roundrobin
+    server      static 127.0.0.1:4331 check
+
+#---------------------------------------------------------------------
+# round robin balancing between the various backends
+#---------------------------------------------------------------------
+backend app
+    balance     roundrobin
+    server  app1 127.0.0.1:5001 check
+    server  app2 127.0.0.1:5002 check
+    server  app3 127.0.0.1:5003 check
+    server  app4 127.0.0.1:5004 check
+
+EOF
+
+    close(FILE);
+
+    &General::system_background('/usr/local/bin/haproxyctrl', 'restart');
+}
+
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1404,7 +1404,10 @@ print <<END;
 					<td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>

 					<td width='30%'>$Lang::tr{'remark'}: </td>
-					<td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
+                                        <td>
+                                                <input type='text' name=IGNORE_ENTRY_REMARK
+                                                        value='@{[ &Header::escape($entry_remark) ]}' size='24' />
+                                        </td>
 					<td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
 				</tr>
 				</form>
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -30,6 +30,7 @@ use Sort::Naturally;
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
+require "${General::swroot}/wireguard-functions.pl";
 require "/opt/pakfire/lib/functions.pl";

 my %cgiparams=();
@@ -342,7 +343,7 @@ if (&Header::orange_used()) {
 				<a href='/cgi-bin/firewall.cgi' style='color:white'><b>$Lang::tr{'dmz'}</b></a>
 			</td>
 			<td style='width:30%; text-align:center;'>$netsettings{'ORANGE_ADDRESS'}/$sub</td>
-			<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
+			<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
 		</tr>
 END
 	}
@@ -354,7 +355,7 @@ print<<END;
 				<a href='/cgi-bin/vpnmain.cgi' style='color:white'><b>$Lang::tr{'ipsec'}</b></a>
 			</td>
 			<td style='width:30%; text-align:center;'></td>
-			<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
+			<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
 		</tr>
 END
 }
@@ -375,10 +376,26 @@ print <<END;
 			<a href='/cgi-bin/ovpnmain.cgi' style='color:white'><b>OpenVPN</b></a>
 		</td>
 		<td style='width:30%; text-align:center;'>$ovpnip</td>
-		<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
+		<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
 	</tr>
 END
-	}
+}
+
+# Show WireGuard status
+if (&Wireguard::is_enabled()) {
+	my $network = $Wireguard::settings{'CLIENT_POOL'};
+
+	print<<END;
+		<tr>
+			<td style='width:25%; text-align:center; background-color:$Header::colourwg;'>
+				<a href='/cgi-bin/wireguard.cgi' style='color:white'><b>$Lang::tr{'wireguard'}</b></a>
+			</td>
+			<td style='width:30%; text-align:center;'>$network</td>
+			<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
+		</tr>
+END
+}
+
 print"</table>";
 &Header::closebox();

@@ -536,11 +553,6 @@ END
 &Header::closebox();
 }

-# Fireinfo
-if ( ! -e "/var/ipfire/main/send_profile") {
-	$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
-}
-
 # EOL architecture
 my ($sysname, $nodename, $release, $version, $machine) = &POSIX::uname();
 if ($machine =~ m/^arm/) {
@@ -604,11 +616,6 @@ if ($warnmessage) {
 	&Header::closebox();
 }

-my %coredb = &Pakfire::coredbinfo();
-if (defined $coredb{'AvailableRelease'}) {
-	print "<br /><br /><br /><a href='pakfire.cgi'>$Lang::tr{'core notice 1'} $coredb{'Release'} $Lang::tr{'core notice 2'} $coredb{'AvailableRelease'} $Lang::tr{'core notice 3'}</a>";
-}
-
 if ( -e "/var/run/need_reboot" ) {
 	print "<div style='text-align:center; color:red;'>";
 	print "<br/><br/>$Lang::tr{'needreboot'}!";
--- a/html/cgi-bin/keepalived.cgi
+++ b/html/cgi-bin/keepalived.cgi
@@ -59,6 +59,7 @@ if (open(FILE, "$loxilbipfile")) {
 &Header::showhttpheaders();
 our @ITFs=('RED', 'GREEN');
 my @STATE= ('MASTER', 'BACKUP');
+my $DUMMY_IP = '192.0.2.1'; #for HA master/backup state tracking

 #Settings1 for the first screen box
 foreach my $itf (@ITFs) {
@@ -165,6 +166,14 @@ if ($hasettings{'ENABLE_HA'} eq "on") {
        $checked = "checked='checked'";
 }

+my $hastate = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'standby'}</font></b></td></tr></table>";
+
+my @ips = &General::get_ipaddresses_from_interface("green0");
+
+if (grep { $_ eq $DUMMY_IP } @ips) {
+        $hastate = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'active'}</font></b></td></tr></table>";
+}
+
 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";

 my @status = &General::system_output('/usr/local/bin/keepalivedctrl', 'status');
@@ -183,10 +192,17 @@ print <<END;
        <td width='25%'>&nbsp;</td>
        <tr><td class='boldbase'>$Lang::tr{'keepalived status'}</td>
        <td align='left'>$sactive</td>
+        <td align='center'>$hastate</td>
+	<td align='right'>
+		<input type='submit' value='Refresh'>
+	</td>
        </tr>
+	<tr>
+		<td colspan='4'>&nbsp;</td>
+	</tr>
        <tr>
-        <td width='50%' class='boldbase'>$Lang::tr{'enable'}
-        <td><input type='checkbox' name='ENABLE_HA' $checked></td>
+        <td width='100%' class='boldbase'>$Lang::tr{'enable'}
+        <td align='left'><input type='checkbox' name='ENABLE_HA' $checked></td>
        <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'enable'}'></td>
        </tr>
 END
@@ -337,6 +353,7 @@ sub buildconf {
 		print FILE "\t}" . "\n";
 		# virtual ipaddress
 		print FILE "\tvirtual_ipaddress {" . "\n";
+		print FILE "\t\t$DUMMY_IP" . "\n";
 		my @vips = split(/\|/, $hasettings{"virtual_ipaddress_${itf}"});
 		foreach my $ip (@vips) {
 			print FILE "\t\t$ip" . "\n";
--- a/html/cgi-bin/location-block.cgi
+++ b/html/cgi-bin/location-block.cgi
@@ -37,6 +37,7 @@ my %color = ();
 my %mainsettings = ();
 my %settings = ();
 my %cgiparams = ();
+my $errormessage='';

 # Read configuration file.
 &General::readhash("$settingsfile", \%settings);
@@ -63,30 +64,44 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	# Loop through our locations array to prevent from
 	# non existing countries or code.
 	foreach my $cn (@locations) {
-		# Check if blocking for this country should be enabled/disabled.
-		if (exists $cgiparams{$cn}) {
-			$settings{$cn} = "on";
-		} else {
-			$settings{$cn} = "off";
+		# Get the current setting for the country (on/off)
+		my $current_status = $settings{$cn};
+
+		# Determine if the country should be blocked based on CGI input
+		my $new_status = exists $cgiparams{$cn} ? "on" : "off";
+
+		# Update settings based on the user input
+		$settings{$cn} = $new_status;
+
+		# If the new status is "on" and the current status was "off", add the country's IPs
+		if ($new_status eq "on" && $current_status eq "off") {
+		# Call function to add IPs for this country to the eBPF map
+			&add_country_ips($cn);
+		} # If the new status is "off" and the current status was "on", remove the country's IPs
+		elsif ($new_status eq "off" && $current_status eq "on") {
+		# Call function to remove IPs for this country from the eBPF map
+			&remove_country_ips($cn);
 		}
 	}

 	&General::writehash("$settingsfile", \%settings);

-	# Mark the firewall config as changed.
-	&General::firewall_config_changed();
-
-	# Assign reload notice.
-	$notice = $Lang::tr{'fw rules reload notice'};
+	# Check if we want to disable locationblock.
+	if ( $settings{'LOCATIONBLOCK_ENABLED'} eq "on" ) {
+                &General::system('/usr/local/bin/xdpgeoipctrl', 'start');
+	} else {
+                &General::system('/usr/local/bin/xdpgeoipctrl', 'stop');
+	}
 }

 &Header::openpage($Lang::tr{'locationblock configuration'}, 1, '');

-# Print notice that a firewall reload is required.
-if ($notice) {
-	&Header::openbox('100%', 'left', $Lang::tr{'notice'});
-	print "<font class='base'>$notice</font>";
-	&Header::closebox();
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+        &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+        print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
+        &Header::closebox();
 }

 # Checkbox pre-selection.
@@ -269,3 +284,50 @@ print"</form>\n";

 &Header::closebigbox();
 &Header::closepage();
+
+sub add_country_ips {
+
+        my ($set) = @_;
+
+        # Libloc adds the IP type (v4 or v6) as part of the set and file name.
+        my $loc_set = "$set" . "v4";
+
+        # The bare filename equals the set name.
+        my $filename = $loc_set;
+
+        # Libloc uses "ipset" as file extension.
+        my $file_extension = "ipset";
+
+        # Generate full path and filename for the ipset db file.
+        my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension";
+
+        my @options;
+        my $command = 'xdp_geoip';
+        push(@options, "add", $db_file, $set);
+        &General::system_output($command, @options);
+        #my @output = &General::system_output($command, @options);
+        #$errormessage = join('', @output);
+}
+
+sub remove_country_ips {
+        my ($set) = @_;
+
+        # Libloc adds the IP type (v4 or v6) as part of the set and file name.
+        my $loc_set = "$set" . "v4";
+
+        # The bare filename equals the set name.
+        my $filename = $loc_set;
+
+        # Libloc uses "ipset" as file extension.
+        my $file_extension = "ipset";
+
+        # Generate full path and filename for the ipset db file.
+        my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension";
+
+        my @options;
+        my $command = 'xdp_geoip';
+        push(@options, "delete", $db_file, $set);
+        &General::system_output($command, @options);
+        #my @output = &General::system_output($command, @save_options);
+        #$errormessage = join('', @output);
+}
--- a/html/cgi-bin/logs.cgi/calamaris.dat
+++ b/html/cgi-bin/logs.cgi/calamaris.dat
@@ -170,6 +170,10 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'})

 	if ($reportsettings{'RUN_BACKGROUND'} eq 'on') { $commandline.=" &"; }

+	if (!($commandline =~ /^[a-zA-Z0-9-\s]+$/))
+	{
+		die "Invalid input in\"$commandline\"";
+	}
 	system("${General::swroot}/proxy/calamaris/bin/mkreport $commandline")
 }

--- a/html/cgi-bin/logs.cgi/config.dat
+++ b/html/cgi-bin/logs.cgi/config.dat
@@ -1,13 +1,23 @@
 #!/usr/bin/perl
-#
-# IPFire CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# (c) The IPFire Team
-#
-# $Id: config.dat,v 1.2.2.10 2005/06/14 12:32:07 eoberlander Exp $
-#
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################

 use strict;

@@ -143,6 +153,7 @@ END
 &Header::closebox();

 &Header::openbox('100%', 'left', $Lang::tr{'remote logging'});
+$logsettings{'REMOTELOG_ADDR'} = &Header::escape($logsettings{'REMOTELOG_ADDR'});
 print <<END
 <table width='100%'>
 <tr>
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -1,14 +1,23 @@
 #!/usr/bin/perl
-#
-# SmoothWall CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# JC HERITIER
-# page inspired from the initial firewalllog.dat
-#
-# Modified for IPFire by Christian Schmidt
-#			    and Michael Tremer (www.ipfire.org)
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################

 use strict;
 use Getopt::Std;
@@ -270,7 +279,8 @@ print <<END
 </tr>
 <tr>
 	<td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td>
-	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
+		value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
 	<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -1,14 +1,23 @@
 #!/usr/bin/perl
-#
-# SmoothWall CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# JC HERITIER
-# page inspired from the initial firewalllog.dat
-#
-# Modified for IPFire by Christian Schmidt
-#	                    and Michael Tremer (www.ipfire.org)
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################

 use strict;
 use Getopt::Std;
@@ -272,7 +281,8 @@ print <<END
 </tr>
 <tr>
 	<td colspan='3' align='left' valign="left">$Lang::tr{'Number of IPs for the pie chart'}:</td>
-	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
+		value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
 	<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
--- a/html/cgi-bin/logs.cgi/ovpnclients.dat
+++ b/html/cgi-bin/logs.cgi/ovpnclients.dat
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2020 IPFire Team  <info@ipfire.org>                           #
+# Copyright (C) 2020 - 2025 IPFire Team  <info@ipfire.org>                    #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -141,7 +141,7 @@ my $database_query = qq(
        ORDER BY common_name, duration DESC;
 );

-if ($cgiparams{'CONNECTION_NAME'}) {
+if (($cgiparams{'CONNECTION_NAME'}) && ($cgiparams{'CONNECTION_NAME'} =~ /^[a-zA-Z0-9]+$/)) {
 	$database_query = qq(
 		SELECT common_name, DATETIME(connected_at, 'localtime'), DATETIME(disconnected_at, 'localtime'), bytes_received, bytes_sent,
 			STRFTIME('%s', DATETIME(disconnected_at)) - STRFTIME('%s', DATETIME(connected_at)) AS duration FROM sessions
--- a/html/cgi-bin/logs.cgi/wireguardlog.dat
+++ b/html/cgi-bin/logs.cgi/wireguardlog.dat
@@ -0,0 +1,411 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2025  LoongFire Team                                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+use POSIX();
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::table2colour} );
+undef (@dummy);
+
+my %cgiparams=();
+my %logsettings=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+	'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+	$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+	$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+	$Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+$logsettings{'LOGVIEW_REVERSE'} = 'off';
+&General::readhash("${General::swroot}/logging/settings", \%logsettings);
+${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
+
+my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
+
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+	my @temp = split(',',$ENV{'QUERY_STRING'});
+	$start = $temp[0];
+	$cgiparams{'MONTH'} = $temp[1];
+	$cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+	!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+	$cgiparams{'DAY'} = $now[3];
+	$cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+		## Retrieve the same time on the next day +
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]+1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+		## Retrieve the same time on the next day -
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]-1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+
+# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
+my $gzindex;
+my $date = $cgiparams{'DAY'} == 0 ? '' :  $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+{
+	my $xday;
+
+	# Calculate time. If future date, calculate for past year !!!
+	if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+	( $cgiparams{'MONTH'}  > $now[4] ) ) {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
+	} else {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
+	}
+
+	# calculate end of active week (saturday 23H59)
+	my @then = ();
+	@then = localtime(time());
+	my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
+	$sunday += (6-$then[6]) * 86400;
+
+	# Convert delta in second to full weeks
+	$gzindex = int (($sunday-$xday)/604800 );
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $daystr =  $cgiparams{'DAY'} == 0 ?  '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+my $lines = 0;
+my @log=();
+
+my $loop = 1;
+my $filestr = 0;
+my $lastdatetime;	# for debug
+my $search_for_end = 0;
+
+while ($gzindex >=0 && $loop) {
+	# calculate file name
+	if ($gzindex == 0) {
+		$filestr = "/var/log/messages";
+	} else {
+		$filestr = "/var/log/messages.$gzindex";
+		$filestr = "$filestr.gz" if -f "$filestr.gz";
+	}
+	# now read file if existing
+	if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
+		#&General::log("reading $filestr");
+		READ:while (<FILE>) {
+			my $line = $_;
+			if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ wireguard-handshake\[\d+\]:.*$/) {
+				# when standart viewing, just keep in memory the correct slice
+				# it starts a '$start' and size is $viewport
+				# If export, then keep all lines...
+				if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
+					$log[$lines++] = "$line";
+				} else {
+					if ($lines++ < ($start + $Header::viewsize)) {
+						push(@log,"$line");
+						if (@log > $Header::viewsize) {
+							shift (@log);
+						}
+					#} else { dont do this optimisation, need to count lines !
+					#	$datetime = $maxtime; # we have read viewsize lines, stop main loop
+					#	last READ;	   # exit read file
+					}
+				}
+				$search_for_end = 1;	# we find the start of slice, can look for end now
+			} else {
+				if ($search_for_end == 1) {
+					#finish read files when date is over (test month equality only)
+					$line =~ /^(...) (..) ..:..:..*$/;
+					$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
+				}
+			}
+		}
+		close (FILE);
+	}
+	$gzindex--;     # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
+			# for a long time
+}# while
+
+#  $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
+{
+	print "Content-type: text/plain\n\n";
+	print "Wireguard handshake log\r\n";
+	print "$Lang::{'date'}: $date\r\n\r\n";
+
+	if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+
+	foreach $_ (@log)
+	{
+		/^... (..) (..:..:..) [\w\-]+ wireguard-handshake\[\d+\]: .*?\((\d+\.\d+\.\d+\.\d+:\d+)\)$/;
+		my $day =  $1;
+		$day =~ tr / /0/;
+		my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		my $peer = $3;
+		print "$time $peer\r\n";
+
+	}
+	exit 0;
+}
+
+&Header::showhttpheaders();
+
+&Header::openpage($Lang::tr{'wg log'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base'>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+	<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+	<td width='10%'>
+	<select name='MONTH'>
+END
+;
+for (my $month = 0; $month < 12; $month++)
+{
+	print "\t<option ";
+	if ($month == $cgiparams{'MONTH'}) {
+		print "selected='selected' ";
+	}
+	print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+	</select>
+	</td>
+	<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+	<td width='40%'>
+	<select name='DAY'>
+END
+;
+print "<option value='0'>$Lang::tr{'all'}</option>\n";
+for (my $day = 1; $day <= 31; $day++)
+{
+	print "\t<option ";
+	if ($day == $cgiparams{'DAY'}) {
+		print "selected='selected' ";
+	}
+	print "value='$day'>$day</option>\n";
+}
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'log'});
+print "<p><b>$Lang::tr{'wg hits'} $date: $lines</b></p>";
+
+my $lastPageIndex = $lines - ${Header::viewsize};
+$start = $lastPageIndex if ($start >= $lastPageIndex);
+$start = 0 if ($start < 0);
+
+my $prev;
+if ($start == 0) {
+	$prev = -1;
+} else {
+	$prev = $start - ${Header::viewsize};
+	$prev = 0 if ( $prev < 0);
+}
+
+my $next;
+if ($start == $lastPageIndex) {
+	$next = -1;
+} else {
+	$next = $start + ${Header::viewsize};
+	$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
+}
+
+if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+if ($lines != 0) { &oldernewer(); }
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+	<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
+	<th align='center' class='boldbase'><b>$Lang::tr{'wg peer'}</b></th>
+</tr>
+END
+;
+
+
+$lines = 0;
+foreach $_ (@log)
+{
+	my ($day, $time, $srcaddr);
+	if ($_ =~ /^... (..) (..:..:..) [\w\-]+ wireguard-handshake\[\d+\]: .*?\((\d+\.\d+\.\d+\.\d+:\d+)\)$/) {
+		$day =  $1;
+		$day =~ tr / /0/;
+		$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		$srcaddr = $3;
+
+	}
+
+	my $col="";
+	if ($lines % 2) {
+		print "<tr>";
+		$col="bgcolor='$color{'color20'}'";
+	}
+	else {
+		print "<tr>";
+		$col="bgcolor='$color{'color22'}'";
+	}
+	print <<END
+
+	<td align='center' $col>$time</td>
+	<td align='center' $col>$srcaddr</td>
+END
+	;
+	print <<END
+	</tr>
+END
+	;
+	$lines++;
+}
+
+print "</table>";
+
+&oldernewer();
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub oldernewer
+{
+	print <<END
+	<table width='100%'>
+	<tr>
+END
+	;
+
+	print "<td align='center' width='50%'>";
+	if ($prev != -1) {
+		print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
+	}
+	else {
+		print "$Lang::tr{'first'} $Lang::tr{'older'}";
+	}
+	print "</td>\n";
+
+	print "<td align='center' width='50%'>";
+	if ($next >= 0) {
+		print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
+	}
+	else {
+		print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
+	}
+	print "</td>\n";
+
+	print <<END
+	</tr>
+	</table>
+END
+	;
+}
+
--- a/html/cgi-bin/logs.cgi/xdpdnslog.dat
+++ b/html/cgi-bin/logs.cgi/xdpdnslog.dat
@@ -0,0 +1,414 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024  BPFire Team                                             #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+use POSIX();
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::table2colour} );
+undef (@dummy);
+
+my %cgiparams=();
+my %logsettings=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+	'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+	$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+	$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+	$Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+$logsettings{'LOGVIEW_REVERSE'} = 'off';
+&General::readhash("${General::swroot}/logging/settings", \%logsettings);
+${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
+
+my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
+
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+	my @temp = split(',',$ENV{'QUERY_STRING'});
+	$start = $temp[0];
+	$cgiparams{'MONTH'} = $temp[1];
+	$cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+	!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+	$cgiparams{'DAY'} = $now[3];
+	$cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+		## Retrieve the same time on the next day +
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]+1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+		## Retrieve the same time on the next day -
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]-1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+
+# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
+my $gzindex;
+my $date = $cgiparams{'DAY'} == 0 ? '' :  $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+{
+	my $xday;
+
+	# Calculate time. If future date, calculate for past year !!!
+	if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+	( $cgiparams{'MONTH'}  > $now[4] ) ) {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
+	} else {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
+	}
+
+	# calculate end of active week (saturday 23H59)
+	my @then = ();
+	@then = localtime(time());
+	my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
+	$sunday += (6-$then[6]) * 86400;
+
+	# Convert delta in second to full weeks
+	$gzindex = int (($sunday-$xday)/604800 );
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $daystr =  $cgiparams{'DAY'} == 0 ?  '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+my $lines = 0;
+my @log=();
+
+my $loop = 1;
+my $filestr = 0;
+my $lastdatetime;	# for debug
+my $search_for_end = 0;
+
+while ($gzindex >=0 && $loop) {
+	# calculate file name
+	if ($gzindex == 0) {
+		$filestr = "/var/log/messages";
+	} else {
+		$filestr = "/var/log/messages.$gzindex";
+		$filestr = "$filestr.gz" if -f "$filestr.gz";
+	}
+	# now read file if existing
+	if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
+		#&General::log("reading $filestr");
+		READ:while (<FILE>) {
+			my $line = $_;
+			if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ qname_logger\[\d+\]:.*$/) {
+				# when standart viewing, just keep in memory the correct slice
+				# it starts a '$start' and size is $viewport
+				# If export, then keep all lines...
+				if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
+					$log[$lines++] = "$line";
+				} else {
+					if ($lines++ < ($start + $Header::viewsize)) {
+						push(@log,"$line");
+						if (@log > $Header::viewsize) {
+							shift (@log);
+						}
+					#} else { dont do this optimisation, need to count lines !
+					#	$datetime = $maxtime; # we have read viewsize lines, stop main loop
+					#	last READ;	   # exit read file
+					}
+				}
+				$search_for_end = 1;	# we find the start of slice, can look for end now
+			} else {
+				if ($search_for_end == 1) {
+					#finish read files when date is over (test month equality only)
+					$line =~ /^(...) (..) ..:..:..*$/;
+					$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
+				}
+			}
+		}
+		close (FILE);
+	}
+	$gzindex--;     # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
+			# for a long time
+}# while
+
+#  $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
+{
+	print "Content-type: text/plain\n\n";
+	print "BPFire XDP DNS log\r\n";
+	print "$Lang::{'date'}: $date\r\n\r\n";
+
+	if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+
+	foreach $_ (@log)
+	{
+		/^... (..) (..:..:..) [\w\-]+ qname_logger\[\d+\]: Received qname: (.*) from source IP: (.*)$/;
+		my $day =  $1;
+		$day =~ tr / /0/;
+		my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		my $domain = $3;
+		print "$time $domain $4\r\n";
+
+	}
+	exit 0;
+}
+
+&Header::showhttpheaders();
+
+&Header::openpage($Lang::tr{'xdpdns log'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base'>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+	<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+	<td width='10%'>
+	<select name='MONTH'>
+END
+;
+for (my $month = 0; $month < 12; $month++)
+{
+	print "\t<option ";
+	if ($month == $cgiparams{'MONTH'}) {
+		print "selected='selected' ";
+	}
+	print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+	</select>
+	</td>
+	<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+	<td width='40%'>
+	<select name='DAY'>
+END
+;
+print "<option value='0'>$Lang::tr{'all'}</option>\n";
+for (my $day = 1; $day <= 31; $day++)
+{
+	print "\t<option ";
+	if ($day == $cgiparams{'DAY'}) {
+		print "selected='selected' ";
+	}
+	print "value='$day'>$day</option>\n";
+}
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'log'});
+print "<p><b>$Lang::tr{'xdpdns hits'} $date: $lines</b></p>";
+
+my $lastPageIndex = $lines - ${Header::viewsize};
+$start = $lastPageIndex if ($start >= $lastPageIndex);
+$start = 0 if ($start < 0);
+
+my $prev;
+if ($start == 0) {
+	$prev = -1;
+} else {
+	$prev = $start - ${Header::viewsize};
+	$prev = 0 if ( $prev < 0);
+}
+
+my $next;
+if ($start == $lastPageIndex) {
+	$next = -1;
+} else {
+	$next = $start + ${Header::viewsize};
+	$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
+}
+
+if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+if ($lines != 0) { &oldernewer(); }
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+	<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
+	<th align='center' class='boldbase'><b>$Lang::tr{'domain name'}</b></th>
+	<th align='center' class='boldbase'><b>$Lang::tr{'source'}</b></th>
+</tr>
+END
+;
+
+
+$lines = 0;
+foreach $_ (@log)
+{
+	my ($day, $time, $domain, $srcaddr);
+	if ($_ =~ /^... (..) (..:..:..) [\w\-]+ qname_logger\[\d+\]: Received qname: (.*) from source IP: (.*)$/) {
+		$day =  $1;
+		$day =~ tr / /0/;
+		$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		$domain = $3;
+		$srcaddr = $4;
+
+	}
+
+	my $col="";
+	if ($lines % 2) {
+		print "<tr>";
+		$col="bgcolor='$color{'color20'}'";
+	}
+	else {
+		print "<tr>";
+		$col="bgcolor='$color{'color22'}'";
+	}
+	print <<END
+
+	<td align='center' $col>$time</td>
+	<td align='center' $col>$domain</td>
+	<td align='center' $col>$srcaddr</td>
+END
+	;
+	print <<END
+	</tr>
+END
+	;
+	$lines++;
+}
+
+print "</table>";
+
+&oldernewer();
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub oldernewer
+{
+	print <<END
+	<table width='100%'>
+	<tr>
+END
+	;
+
+	print "<td align='center' width='50%'>";
+	if ($prev != -1) {
+		print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
+	}
+	else {
+		print "$Lang::tr{'first'} $Lang::tr{'older'}";
+	}
+	print "</td>\n";
+
+	print "<td align='center' width='50%'>";
+	if ($next >= 0) {
+		print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
+	}
+	else {
+		print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
+	}
+	print "</td>\n";
+
+	print <<END
+	</tr>
+	</table>
+END
+	;
+}
+
--- a/html/cgi-bin/logs.cgi/xdpsnilog.dat
+++ b/html/cgi-bin/logs.cgi/xdpsnilog.dat
@@ -0,0 +1,414 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024  BPFire Team                                             #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+use Getopt::Std;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+use POSIX();
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::table2colour} );
+undef (@dummy);
+
+my %cgiparams=();
+my %logsettings=();
+my $errormessage = '';
+
+my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
+	'Sep', 'Oct', 'Nov', 'Dec' );
+my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
+	$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
+	$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
+	$Lang::tr{'december'} );
+
+my @now = localtime();
+my $dow = $now[6];
+my $doy = $now[7];
+my $tdoy = $now[7];
+my $year = $now[5]+1900;
+
+$cgiparams{'DAY'} = $now[3];
+$cgiparams{'MONTH'} = $now[4];
+$cgiparams{'ACTION'} = '';
+
+&Header::getcgihash(\%cgiparams);
+$logsettings{'LOGVIEW_REVERSE'} = 'off';
+&General::readhash("${General::swroot}/logging/settings", \%logsettings);
+${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
+
+my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
+
+if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
+{
+	my @temp = split(',',$ENV{'QUERY_STRING'});
+	$start = $temp[0];
+	$cgiparams{'MONTH'} = $temp[1];
+	$cgiparams{'DAY'} = $temp[2];
+}
+
+if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
+	!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
+{
+	$cgiparams{'DAY'} = $now[3];
+	$cgiparams{'MONTH'} = $now[4];
+}
+elsif($cgiparams{'ACTION'} eq '>>')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
+		## Retrieve the same time on the next day +
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]+1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+elsif($cgiparams{'ACTION'} eq '<<')
+{
+	my @temp_then=();
+	my @temp_now = localtime(time);
+	$temp_now[4] = $cgiparams{'MONTH'};
+	$temp_now[3] = $cgiparams{'DAY'};
+	if ($cgiparams{'DAY'}) {
+		@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
+		## Retrieve the same time on the next day -
+		## 86400 seconds in a day
+	} else {
+		$temp_now[3] = 1;
+		$temp_now[4] = ($temp_now[4]-1) %12;
+		@temp_then = localtime(POSIX::mktime(@temp_now) );
+		$temp_then[3] = 0;
+	}
+	$cgiparams{'MONTH'} = $temp_then[4];
+	$cgiparams{'DAY'} = $temp_then[3];
+}
+
+# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
+my $gzindex;
+my $date = $cgiparams{'DAY'} == 0 ? '' :  $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+{
+	my $xday;
+
+	# Calculate time. If future date, calculate for past year !!!
+	if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
+	( $cgiparams{'MONTH'}  > $now[4] ) ) {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
+	} else {
+		$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
+		$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
+	}
+
+	# calculate end of active week (saturday 23H59)
+	my @then = ();
+	@then = localtime(time());
+	my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
+	$sunday += (6-$then[6]) * 86400;
+
+	# Convert delta in second to full weeks
+	$gzindex = int (($sunday-$xday)/604800 );
+}
+
+my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
+my $daystr =  $cgiparams{'DAY'} == 0 ?  '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
+
+my $lines = 0;
+my @log=();
+
+my $loop = 1;
+my $filestr = 0;
+my $lastdatetime;	# for debug
+my $search_for_end = 0;
+
+while ($gzindex >=0 && $loop) {
+	# calculate file name
+	if ($gzindex == 0) {
+		$filestr = "/var/log/messages";
+	} else {
+		$filestr = "/var/log/messages.$gzindex";
+		$filestr = "$filestr.gz" if -f "$filestr.gz";
+	}
+	# now read file if existing
+	if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
+		#&General::log("reading $filestr");
+		READ:while (<FILE>) {
+			my $line = $_;
+			if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ sni_logger\[\d+\]:.*$/) {
+				# when standart viewing, just keep in memory the correct slice
+				# it starts a '$start' and size is $viewport
+				# If export, then keep all lines...
+				if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
+					$log[$lines++] = "$line";
+				} else {
+					if ($lines++ < ($start + $Header::viewsize)) {
+						push(@log,"$line");
+						if (@log > $Header::viewsize) {
+							shift (@log);
+						}
+					#} else { dont do this optimisation, need to count lines !
+					#	$datetime = $maxtime; # we have read viewsize lines, stop main loop
+					#	last READ;	   # exit read file
+					}
+				}
+				$search_for_end = 1;	# we find the start of slice, can look for end now
+			} else {
+				if ($search_for_end == 1) {
+					#finish read files when date is over (test month equality only)
+					$line =~ /^(...) (..) ..:..:..*$/;
+					$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
+				}
+			}
+		}
+		close (FILE);
+	}
+	$gzindex--;     # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
+			# for a long time
+}# while
+
+#  $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
+{
+	print "Content-type: text/plain\n\n";
+	print "BPFire XDP TLS/SSL Web Access log\r\n";
+	print "$Lang::{'date'}: $date\r\n\r\n";
+
+	if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+
+	foreach $_ (@log)
+	{
+		/^... (..) (..:..:..) [\w\-]+ sni_logger\[\d+\]: Received SNI: (.*) from source IP: (.*)$/;
+		my $day =  $1;
+		$day =~ tr / /0/;
+		my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		my $domain = $3;
+		print "$time $domain $4\r\n";
+
+	}
+	exit 0;
+}
+
+&Header::showhttpheaders();
+
+&Header::openpage($Lang::tr{'xdpsni log'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base'>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='100%'>
+<tr>
+	<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
+	<td width='10%'>
+	<select name='MONTH'>
+END
+;
+for (my $month = 0; $month < 12; $month++)
+{
+	print "\t<option ";
+	if ($month == $cgiparams{'MONTH'}) {
+		print "selected='selected' ";
+	}
+	print "value='$month'>$longmonths[$month]</option>\n";
+}
+print <<END
+	</select>
+	</td>
+	<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
+	<td width='40%'>
+	<select name='DAY'>
+END
+;
+print "<option value='0'>$Lang::tr{'all'}</option>\n";
+for (my $day = 1; $day <= 31; $day++)
+{
+	print "\t<option ";
+	if ($day == $cgiparams{'DAY'}) {
+		print "selected='selected' ";
+	}
+	print "value='$day'>$day</option>\n";
+}
+print <<END
+</select>
+</td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
+<td width='5%'  align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
+<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
+</tr>
+</table>
+</form>
+END
+;
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'log'});
+print "<p><b>$Lang::tr{'xdpsni hits'} $date: $lines</b></p>";
+
+my $lastPageIndex = $lines - ${Header::viewsize};
+$start = $lastPageIndex if ($start >= $lastPageIndex);
+$start = 0 if ($start < 0);
+
+my $prev;
+if ($start == 0) {
+	$prev = -1;
+} else {
+	$prev = $start - ${Header::viewsize};
+	$prev = 0 if ( $prev < 0);
+}
+
+my $next;
+if ($start == $lastPageIndex) {
+	$next = -1;
+} else {
+	$next = $start + ${Header::viewsize};
+	$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
+}
+
+if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
+if ($lines != 0) { &oldernewer(); }
+
+print <<END
+<table width='100%' class='tbl'>
+<tr>
+	<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
+	<th align='center' class='boldbase'><b>$Lang::tr{'domain name'}</b></th>
+	<th align='center' class='boldbase'><b>$Lang::tr{'source'}</b></th>
+</tr>
+END
+;
+
+
+$lines = 0;
+foreach $_ (@log)
+{
+	my ($day, $time, $domain, $srcaddr);
+	if ($_ =~ /^... (..) (..:..:..) [\w\-]+ sni_logger\[\d+\]: Received SNI: (.*) from source IP: (.*)$/) {
+		$day =  $1;
+		$day =~ tr / /0/;
+		$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+		$domain = $3;
+		$srcaddr = $4;
+
+	}
+
+	my $col="";
+	if ($lines % 2) {
+		print "<tr>";
+		$col="bgcolor='$color{'color20'}'";
+	}
+	else {
+		print "<tr>";
+		$col="bgcolor='$color{'color22'}'";
+	}
+	print <<END
+
+	<td align='center' $col>$time</td>
+	<td align='center' $col>$domain</td>
+	<td align='center' $col>$srcaddr</td>
+END
+	;
+	print <<END
+	</tr>
+END
+	;
+	$lines++;
+}
+
+print "</table>";
+
+&oldernewer();
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub oldernewer
+{
+	print <<END
+	<table width='100%'>
+	<tr>
+END
+	;
+
+	print "<td align='center' width='50%'>";
+	if ($prev != -1) {
+		print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
+	}
+	else {
+		print "$Lang::tr{'first'} $Lang::tr{'older'}";
+	}
+	print "</td>\n";
+
+	print "<td align='center' width='50%'>";
+	if ($next >= 0) {
+		print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
+		print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
+	}
+	else {
+		print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
+	}
+	print "</td>\n";
+
+	print <<END
+	</tr>
+	</table>
+END
+	;
+}
+
--- a/html/cgi-bin/loxilb.cgi
+++ b/html/cgi-bin/loxilb.cgi
@@ -457,13 +457,24 @@ sub manageIP {

 }

+sub SaveIP {
+    my @save_options;
+    my $command = 'loxicmd';
+    my $dir="/var/ipfire/loxilb/";
+    push(@save_options, "save", "--ip", "-c", $dir);
+    &General::system_output($command, @save_options);
+    #my @output = &General::system_output($command, @save_options);
+    #$errormessage = join('', @output);
+}
+
 sub CreateIP {
    my (%settings) = @_;
    manageIP("create", %settings);
+    &SaveIP;
 }

 sub DeleteIP {
    my (%settings) = @_;
    manageIP("delete", %settings);
+    &SaveIP;
 }
-
--- a/html/cgi-bin/loxilbconfig.cgi
+++ b/html/cgi-bin/loxilbconfig.cgi
@@ -650,6 +650,16 @@ sub SortDataFile
    close (FILE);
 }

+sub SaveLB {
+    my @save_options;
+    my $command = 'loxicmd';
+    my $dir="/var/ipfire/loxilb/";
+    push(@save_options, "save", "--lb", "-c", $dir);
+    &General::system_output($command, @save_options);
+    #my @output = &General::system_output($command, @save_options);
+    #$errormessage = join('', @output);
+}
+
 #
 # Build the configuration file
 #
@@ -686,6 +696,7 @@ sub CreateLB {
 		push(@loxicmd_options, "--monitor");
 	}
 	&General::system($command, @loxicmd_options);
+	&SaveLB;
 }

 sub DeleteLB {
@@ -696,4 +707,5 @@ sub DeleteLB {
 	push(@loxicmd_options, "delete", "lb");
 	push(@loxicmd_options, "$name");
 	&General::system($command, @loxicmd_options);
+	&SaveLB;
 }
--- a/html/cgi-bin/loxilbfw.cgi
+++ b/html/cgi-bin/loxilbfw.cgi
@@ -630,13 +630,24 @@ sub manageFW {
    }
 }

+sub SaveFW {
+    my @save_options;
+    my $command = 'loxicmd';
+    my $dir="/var/ipfire/loxilb/";
+    push(@save_options, "save", "--firewall", "-c", $dir);
+    &General::system_output($command, @save_options);
+    #my @output = &General::system_output($command, @save_options);
+    #$errormessage = join('', @output);
+}
+
 sub CreateFW {
    my (%settings) = @_;
    manageFW("create", %settings);
+    &SaveFW;
 }

 sub DeleteFW {
    my (%settings) = @_;
    manageFW("delete", %settings);
+    &SaveFW;
 }
- 
--- a/html/cgi-bin/mail.cgi
+++ b/html/cgi-bin/mail.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -218,11 +218,13 @@ END
 		</tr>
 		<tr>
 			<td>$Lang::tr{'email mailuser'}</td>
-			<td><input type='text' name='txt_mailuser' value='$auth{'AUTHNAME'}' style='width:22em;'></td>
+			<td><input type='text' name='txt_mailuser'
+				value='@{[ &Header::escape($auth{'AUTHNAME'}) ]}' style='width:22em;'></td>
 		</tr>
 		<tr>
 			<td>$Lang::tr{'email mailpass'}</td>
-			<td><input type='password' name='txt_mailpass' value='$auth{'AUTHPASS'}' style='width:22em;' ></td>
+			<td><input type='password' name='txt_mailpass'
+				value='@{[ &Header::escape($auth{'AUTHPASS'}) ]}' style='width:22em;' ></td>
 		</tr>
 		<tr>
 			<td>$Lang::tr{'email tls'}</td>
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -20,7 +20,6 @@
 ###############################################################################

 use strict;
-use Apache::Htpasswd;
 use Scalar::Util qw(looks_like_number);

 # enable only the following on debugging purpose
@@ -956,7 +955,8 @@ if ($netsettings{'BLUE_DEV'}) {
 }
 print <<END
 	<td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
-	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
+	<td><input type='text' name='VISIBLE_HOSTNAME'
+		value='@{[ &Header::escape($proxysettings{'VISIBLE_HOSTNAME'}) ]}' /></td>
 </tr>
 <tr>
 END
@@ -1075,13 +1075,15 @@ print <<END
 	<td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
 	<td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
 	<td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
-	<td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
+	<td><input type='text' name='ADMIN_MAIL_ADDRESS'
+		value='@{[ &Header::escape($proxysettings{'ADMIN_MAIL_ADDRESS'}) ]}' /></td>
 </tr>
 <tr>
 	<td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
 	<td class='base'>$Lang::tr{'proxy admin password'}:</td>
-	<td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
+	<td><input type='text' name='ADMIN_PASSWORD'
+		value='@{[ &Header::escape($proxysettings{'ADMIN_PASSWORD'}) ]}' /></td>
 </tr>
 <tr>
 	<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
@@ -3977,8 +3979,14 @@ END
 		print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
 	}

-	if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
-	if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
+	if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq ''))
+		{
+			print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n";
+		}
+	if (!($proxysettings{'ADMIN_PASSWORD'} eq ''))
+		{
+			print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n";
+		}
 	print FILE "\n";

 	print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
@@ -3994,8 +4002,13 @@ END
 		# login=*:password      ($proxysettings{'FORWARD_USERNAME'} eq 'on')
 		if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
 		{
+			$proxysettings{'UPSTREAM_USER'} = &Header::escape($proxysettings{'UPSTREAM_USER'});
 			print FILE " login=$proxysettings{'UPSTREAM_USER'}";
-			if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
+			if ($proxy1 eq 'YES')
+			{
+				$proxysettings{'UPSTREAM_PASSWORD'} = &Header::escape($proxysettings{'UPSTREAM_PASSWORD'});
+				print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}";
+			}
 		}
 		elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }

@@ -4050,15 +4063,7 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-
-		my %htpasswd_options = (
-			passwdFile => "$userdb",
-			UseMD5 => 1,
-		);
-
-		my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
-
-		$htpasswd->htpasswd($str_user, $str_pass);
+		&General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$str_user", "$str_pass");
 	}

 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
--- a/html/cgi-bin/qos.cgi
+++ b/html/cgi-bin/qos.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -652,7 +652,7 @@ if ($errormessage) {

 print <<END
  <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-	<table width='66%'>
+	<table width='100%'>
 END
 ;
 	if ( $message ne "" ) {
@@ -671,9 +671,11 @@ END
 END
 ;
 	if (($qossettings{'OUT_SPD'} ne '') && ($qossettings{'INC_SPD'} ne '')) {
+		$qossettings{'OUT_SPD'} = &Header::escape($qossettings{'OUT_SPD'});
+		$qossettings{'INC_SPD'} = &Header::escape($qossettings{'INC_SPD'});
 		print <<END
    <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-	  <table width='66%'>
+	  <table width='100%'>
 		<tr><td colspan='3'>&nbsp;
 		<tr><td width='50%' align='right'>$Lang::tr{'downlink speed'}: 	<td width='30%' align='left'>$qossettings{'INC_SPD'}
 		    <td width='20%' rowspan='2' align='center' valign='middle'><input type='submit' name='ACTIONBW' value='$Lang::tr{'modify'}' />
@@ -683,9 +685,11 @@ END
 ;
 	}
 	if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')) {
+		$qossettings{'DEFCLASS_OUT'} = &Header::escape($qossettings{'DEFCLASS_OUT'});
+		$qossettings{'DEFCLASS_INC'} = &Header::escape($qossettings{'DEFCLASS_INC'});
 		print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 		<tr><td colspan='3'><hr />
 		<tr><td width='50%' align='right'>$Lang::tr{'downlink std class'}: 	<td width='30%' align='left'>$qossettings{'DEFCLASS_INC'}
 		    <td width='20%' rowspan='3' align='center' valign='middle'><input type='submit' name='ACTIONDEF' value='$Lang::tr{'modify'}' />
@@ -695,7 +699,7 @@ END
 		</table>
 		</form>
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%' border='0'>
+		<table width='100%' border='0'>
 			<tr><td width='100%' align='center'>
 			     <input type='submit' name='ACTION' value='$Lang::tr{'parentclass add'}' />
 			     <input type='submit' name='ACTION' value='$Lang::tr{'status'}' />
@@ -740,7 +744,7 @@ sub changedefclasses {
 	&Header::openbox('100%', 'center', $Lang::tr{'std classes'});
 	print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 		<tr><td width='100%' colspan='3'>$Lang::tr{'no filter pass'}
 		<tr><td width='33%' align='right'>$Lang::tr{'download'}:<td width='33%' align='left'><select name='DEFCLASS_INC'>
 END
@@ -781,7 +785,7 @@ sub changebandwidth {
 		print <<END;
 			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 				<input type='hidden' name='DEF_OUT_SPD' value='' /><input type='hidden' name='DEF_INC_SPD' value='' />
-				<table width='66%'>
+				<table width='100%'>
 					<tr>
 						<td width='100%' colspan='2'>$Lang::tr{'down and up speed'}</td>
 					</tr>
@@ -843,7 +847,7 @@ sub parentclass {
 	&Header::openbox('100%', 'center', $Lang::tr{'parentclass'});
 	print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 END
 ;
 	if ( $message ne "" ) {
@@ -936,7 +940,7 @@ sub level7rule {
 	&Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'});
 	print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 END
 ;
 	if ( $message ne "" ) {
@@ -982,7 +986,7 @@ sub portrule {
 	&Header::openbox('100%', 'center', $Lang::tr{'Add Port Rule'});
 	print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 		<tr><td width='100%' colspan='3'>$Lang::tr{'enter data'}
 		<tr><td width='33%' align='right'>$Lang::tr{'protocol'}:
 		    <td width='33%' align='left'><select name='PPROT'>
@@ -1028,7 +1032,7 @@ sub tosrule {
 	}
 	print <<END
 		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-		<table width='66%'>
+		<table width='100%'>
 END
 ;
 	if ( $message ne "" ) {
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2010  IPFire Team                                             #
+# Copyright (C) 2010-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -78,6 +78,7 @@ if ($timesettings{'ACTION'} eq $Lang::tr{'save'})
 	if (!($timesettings{'UPDATE_VALUE'} =~ /^\d+$/) || $timesettings{'UPDATE_VALUE'} <= 0)
 	{
 		$errormessage = $Lang::tr{'invalid time period'};
+		$timesettings{'UPDATE_VALUE'} = 0;
 		goto ERROR;
 	}

@@ -287,6 +288,10 @@ print <<END
 </table>
 END
 ;
+
+my $now = strftime($Lang::tr{'timeformat'}, localtime);
+print "<hr>$Lang::tr{'system time'}: $now";
+
 &Header::closebox();
 &Header::openbox('100%',1,$Lang::tr{'ntp sync'});
 print <<END
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2010  IPFire Team                                        #
+# Copyright (C) 2005-2025  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -576,7 +576,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{

 	$_  = $uqsettings{'QUOTA_USERS'};
 	chomp; s/\n/|/g;
-	my $quota_users = $_;
+	my $quota_users = &Header::escape($_);

 	if ($uqsettings{'QUOTA_USERS'} =~ /\\/)
 	{
@@ -936,6 +936,11 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
 		close FILE;

 		# XXX uses globbing
+		if(!($besettings{'BE_NAME'} =~ /^[a-zA-Z0-9-_]+$/))
+		{
+			$errormessage = 'Invalid blacklist name (use only alphanumeric characters plus hyphens or underscores)';
+			goto ERROR;
+		}
 		system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
 		&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
 		# XXX uses globbing
@@ -2047,6 +2052,10 @@ foreach $line (@tclist)
 	if ($temp[7] eq 'on') { $time.=$Lang::tr{'urlfilter sun'}; } else { $time.='='; }
 	$time=$time.' &nbsp; '.$temp[8].':'.$temp[9].' to '.$temp[10].':'.$temp[11];

+	$temp[12] = &Header::escape($temp[12]);
+	$temp[13] = &Header::escape($temp[13]);
+	$temp[16] = &Header::escape($temp[16]);
+
 print <<END
 		<td align='center'>$temp[0]</td>
 		<td align='center' nowrap>$time</td>
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
--- a/html/cgi-bin/xdpdns.cgi
+++ b/html/cgi-bin/xdpdns.cgi
@@ -0,0 +1,432 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024  BPFire <vincent.mc.li@gmail.com>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+use IO::Socket;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+my %color = ();
+my %mainsettings = ();
+my %settings=();
+my %checked=();
+my $errormessage='';
+my $setting = "${General::swroot}/main/settings";
+my $xdpdnssettingfile = "${General::swroot}/xdpdns/settings";
+my $xdpdnsdomainfile = "${General::swroot}/xdpdns/domainfile";
+
+# Read configuration file.
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+
+$settings{'ENABLE_DNSBLOCK'} = 'off';
+$settings{'ACTION'} = '';
+
+$settings{'KEY1'} = '';                 # point record for ACTION
+$settings{'domainName'} = '';
+my @nosaved=('domainName', 'KEY1', 'SORT_domainNameLIST');
+
+#Define each field that can be used to sort columns
+my $sortstring='^domainName';
+$settings{'SORT_domainNameLIST'} = 'domainName';
+
+# Load multiline data
+our @current = ();
+if (open(FILE, "$xdpdnsdomainfile")) {
+    @current = <FILE>;
+    close (FILE);
+}
+
+&Header::getcgihash(\%settings);
+
+if ($settings{'ACTION'} eq $Lang::tr{'save'})
+{
+
+	map (delete ($settings{$_}) ,(@nosaved));
+	&General::writehash("$xdpdnssettingfile", \%settings);
+
+	if ($settings{'ENABLE_DNSBLOCK'} eq 'on') {
+		&General::system('/usr/bin/touch', "${General::swroot}/xdpdns/enablexdpdns");
+		&General::system('/usr/local/bin/xdpdnsctrl', 'start');
+	} else {
+		&General::system('/usr/local/bin/xdpdnsctrl', 'stop');
+		unlink "${General::swroot}/xdpdns/enablexdpdns";
+	}
+
+}
+
+if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
+
+        #Check for already existing routing entry
+        foreach my $line (@current) {
+                chomp($line);                           # remove newline
+                #Same domain already used?
+                if($line eq $settings{'domainName'} && $settings{'KEY1'} eq ''){
+                        $errormessage = $Lang::tr{'ccd err loxilbconfigeexist'};
+                        last;
+                }
+        }
+
+    unless ($errormessage) {
+        if ($settings{'KEY1'} eq '') { #add or edit ?
+            unshift (@current, "$settings{'domainName'}\n");
+            &General::log($Lang::tr{'xdpdns domain added'});
+        } else {
+            @current[$settings{'KEY1'}] = "$settings{'domainName'}\n";
+            $settings{'KEY1'} = '';       # End edit mode
+            &General::log($Lang::tr{'xdpdns domain changed'});
+        }
+
+        &CreateDomain(%settings);
+
+        # Write changes to config file.
+        &SortDataFile;                          # sort newly added/modified entry
+
+        #map ($settings{$_}='' ,@nosaved);      # Clear fields
+    }
+}
+
+if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
+
+    my $line = @current[$settings{'KEY1'}];     # KEY1 is the index in current
+    chomp($line);
+    $settings{'domainName'}=$line;
+
+    &DeleteDomain(%settings);
+
+    splice (@current,$settings{'KEY1'},1);              # Delete line
+    open(FILE, ">$xdpdnsdomainfile") or die "$xdpdnsdomainfile open error";
+    print FILE @current;
+    close(FILE);
+    $settings{'KEY1'} = '';                             # End remove mode
+}
+
+##  Check if sorting is asked
+# If same column clicked, reverse the sort.
+if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
+    my $newsort=$ENV{'QUERY_STRING'};
+    my $actual=$settings{'SORT_domainNameLIST'};
+    #Reverse actual sort ?
+    if ($actual =~ $newsort) {
+        my $Rev='';
+        if ($actual !~ 'Rev') {
+            $Rev='Rev';
+        }
+        $newsort.=$Rev;
+    }
+    $settings{'SORT_domainNameLIST'}=$newsort;
+    map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
+    &General::writehash($setting, \%settings);
+    &SortDataFile;
+    $settings{'ACTION'} = 'SORT';                       # Create an 'ACTION'
+    map ($settings{$_} = '' ,@nosaved,'KEY1');          # and reinit vars to empty
+}
+
+if ($settings{'ACTION'} eq '' ) { # First launch from GUI
+    # Place here default value when nothing is initialized
+    $settings{'domainName'} = '';
+}
+
+&Header::openpage($Lang::tr{'xdpdns'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+# Read configuration file.
+&General::readhash("$xdpdnssettingfile", \%settings);
+
+# Checkbox pre-selection.
+my $checked;
+if ($settings{'ENABLE_DNSBLOCK'} eq "on") {
+        $checked = "checked='checked'";
+}
+
+my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
+
+my @status = &General::system_output('/usr/local/bin/xdpdnsctrl', 'status');
+
+if (grep(/is attached/, @status)){
+        $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
+}
+
+&Header::openbox('100%', 'center', $Lang::tr{'xdpdns status'});
+
+print <<END;
+        <table width='100%'>
+	<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
+	<td width='25%'>&nbsp;</td>
+	<td width='25%'>&nbsp;</td>
+	<td width='25%'>&nbsp;</td>
+	<tr><td class='boldbase'>$Lang::tr{'xdpdns status'}</td>
+	<td align='left'>$sactive</td>
+	</tr>
+	<tr>
+	<td width='50%' class='boldbase'>$Lang::tr{'xdpdns enable'}
+	<td><input type='checkbox' name='ENABLE_DNSBLOCK' $checked></td>
+	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+	</tr>
+END
+
+print "</form> </table>\n";
+
+&Header::closebox();
+#
+
+my $buttontext = $Lang::tr{'add'};
+if ($settings{'KEY1'} ne '') {
+    $buttontext = $Lang::tr{'update'};
+    &Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain edit'});
+} else {
+    &Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain add'});
+}
+
+my @INTERFACES = ("red0", "green0");
+
+#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
+print <<END;
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
+<table width='100%'>
+<tr>
+    <td class='base'>$Lang::tr{'xdpdns domain name'}:&nbsp;</td>
+    <td><input type='text' name='domainName' value='$settings{'domainName'}' size='25'/></td>
+</tr>
+
+</table>
+<br>
+<table width='100%'>
+<tr>
+    <td width='50%' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
+</tr>
+</table>
+</form>
+END
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain entries'});
+
+print <<END;
+
+<table width='100%' class='tbl'>
+<tr>
+    <th width='10%' align='center'><a href='$ENV{'SCRIPT_NAME'}?domainName'><b>$Lang::tr{'xdpdns domain name'}</b></a></th>
+    <th width='10%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th>
+</tr>
+END
+
+#
+# Print each line of @current list
+#
+
+my $key = 0;
+my $col="";
+foreach my $line (@current) {
+    chomp($line);                               # remove newline
+
+    #Choose icon for checkbox
+    my $gif = '';
+    my $gdesc = '';
+    if ($line ne '' ) {
+        $gif = 'on.gif';
+        $gdesc = $Lang::tr{'click to disable'};
+    } else {
+        $gif = 'off.gif';
+        $gdesc = $Lang::tr{'click to enable'};
+    }
+
+    #Colorize each line
+    if ($settings{'KEY1'} eq $key) {
+        print "<tr bgcolor='${Header::colouryellow}'>";
+    } elsif ($key % 2) {
+        print "<tr>";
+        $col="bgcolor='$color{'color20'}'";
+    } else {
+        print "<tr>";
+        $col="bgcolor='$color{'color22'}'";
+    }
+    print <<END;
+<td align='center' $col>$line</td>
+<td align='center' $col>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
+<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
+<input type='hidden' name='KEY1' value='$key' />
+</form>
+</td>
+
+<td align='center' $col>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
+<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
+<input type='hidden' name='KEY1' value='$key' />
+</form>
+</td>
+</tr>
+END
+
+    $key++;
+}
+print "</table>";
+
+# If table contains entries, print 'Key to action icons'
+if ($key) {
+print <<END;
+<table>
+<tr>
+    <td class='boldbase'>&nbsp;<b>$Lang::tr{'legend'}:&nbsp;</b></td>
+    <td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+    <td class='base'>$Lang::tr{'click to disable'}</td>
+    <td>&nbsp;&nbsp;</td>
+    <td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
+    <td class='base'>$Lang::tr{'click to enable'}</td>
+    <td>&nbsp;&nbsp;</td>
+    <td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
+    <td class='base'>$Lang::tr{'remove'}</td>
+</tr>
+</table>
+END
+}
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+
+## Ouf it's the end !
+
+# Sort the "current" array according to choices
+sub SortDataFile
+{
+    our %entries = ();
+
+    # Sort pair of record received in $a $b special vars.
+    # When IP is specified use numeric sort else alpha.
+    # If sortname ends with 'Rev', do reverse sort.
+    #
+    sub fixedleasesort {
+        my $qs='';             # The sort field specified minus 'Rev'
+        if (rindex ($settings{'SORT_domainNameLIST'},'Rev') != -1) {
+            $qs=substr ($settings{'SORT_domainNameLIST'},0,length($settings{'SORT_domainNameLIST'})-3);
+            if ($qs eq 'domainName') {
+                my @a = split(/\./,$entries{$a}->{$qs});
+                my @b = split(/\./,$entries{$b}->{$qs});
+                ($b[0]<=>$a[0]) ||
+                ($b[1]<=>$a[1]) ||
+                ($b[2]<=>$a[2]) ||
+                ($b[3]<=>$a[3]);
+            } else {
+                $entries{$b}->{$qs} cmp $entries{$a}->{$qs};
+            }
+        } else { #not reverse
+            $qs=$settings{'SORT_domainNameLIST'};
+            if ($qs eq 'domainName') {
+                my @a = split(/\./,$entries{$a}->{$qs});
+                my @b = split(/\./,$entries{$b}->{$qs});
+                ($a[0]<=>$b[0]) ||
+                ($a[1]<=>$b[1]) ||
+                ($a[2]<=>$b[2]) ||
+                ($a[3]<=>$b[3]);
+            } else {
+                $entries{$a}->{$qs} cmp $entries{$b}->{$qs};
+            }
+        }
+    }
+
+    #Use an associative array (%entries)
+    my $key = 0;
+    foreach my $line (@current) {
+        chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
+
+        # Build a pair 'Field Name',value for each of the data dataline.
+        # Each SORTABLE field must have is pair.
+        # Other data fields (non sortable) can be grouped in one
+
+        my @record = ('KEY',$key++,'domainName',$line);
+        my $record = {};                                # create a reference to empty hash
+        %{$record} = @record;                           # populate that hash with @record
+        $entries{$record->{KEY}} = $record;             # add this to a hash of hashes
+    }
+
+    open(FILE, ">$xdpdnsdomainfile") or die "$xdpdnsdomainfile open error";
+
+    # Each field value is printed , with the newline ! Don't forget separator and order of them.
+    foreach my $entry (sort fixedleasesort keys %entries) {
+        print FILE "$entries{$entry}->{domainName}\n";
+    }
+
+    close(FILE);
+    # Reload sorted  @current
+    open (FILE, "$xdpdnsdomainfile");
+    @current = <FILE>;
+    close (FILE);
+}
+
+sub manageDomain {
+    my ($action, %settings) = @_;
+
+    # Initialize variables
+    my @xdpdns_options;
+    my $command = 'xdp_dns';
+
+    my $domain = $settings{'domainName'};
+
+    push(@xdpdns_options, $action, $domain);
+
+    #debug and display output in UI
+    #my @output  = &General::system_output($command, @xdpdns_options);
+    #$errormessage = join('', @output);
+    &General::system($command, @xdpdns_options);
+
+}
+
+sub CreateDomain {
+    my (%settings) = @_;
+    manageDomain("add", %settings);
+}
+
+sub DeleteDomain {
+    my (%settings) = @_;
+    manageDomain("delete", %settings);
+}
--- a/html/cgi-bin/xdpsni.cgi
+++ b/html/cgi-bin/xdpsni.cgi
@@ -0,0 +1,432 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024  BPFire <vincent.mc.li@gmail.com>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+use IO::Socket;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/location-functions.pl";
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+my %color = ();
+my %mainsettings = ();
+my %settings=();
+my %checked=();
+my $errormessage='';
+my $setting = "${General::swroot}/main/settings";
+my $xdpsnisettingfile = "${General::swroot}/xdpsni/settings";
+my $xdpsnidomainfile = "${General::swroot}/xdpsni/domainfile";
+
+# Read configuration file.
+
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+
+&Header::showhttpheaders();
+
+$settings{'ENABLE_SNIBLOCK'} = 'off';
+$settings{'ACTION'} = '';
+
+$settings{'KEY1'} = '';                 # point record for ACTION
+$settings{'domainName'} = '';
+my @nosaved=('domainName', 'KEY1', 'SORT_domainNameLIST');
+
+#Define each field that can be used to sort columns
+my $sortstring='^domainName';
+$settings{'SORT_domainNameLIST'} = 'domainName';
+
+# Load multiline data
+our @current = ();
+if (open(FILE, "$xdpsnidomainfile")) {
+    @current = <FILE>;
+    close (FILE);
+}
+
+&Header::getcgihash(\%settings);
+
+if ($settings{'ACTION'} eq $Lang::tr{'save'})
+{
+
+	map (delete ($settings{$_}) ,(@nosaved));
+	&General::writehash("$xdpsnisettingfile", \%settings);
+
+	if ($settings{'ENABLE_SNIBLOCK'} eq 'on') {
+		&General::system('/usr/bin/touch', "${General::swroot}/xdpsni/enablexdpsni");
+		&General::system('/usr/local/bin/xdpsnictrl', 'start');
+	} else {
+		&General::system('/usr/local/bin/xdpsnictrl', 'stop');
+		unlink "${General::swroot}/xdpsni/enablexdpsni";
+	}
+
+}
+
+if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
+
+        #Check for already existing routing entry
+        foreach my $line (@current) {
+                chomp($line);                           # remove newline
+                #Same domain already used?
+                if($line eq $settings{'domainName'} && $settings{'KEY1'} eq ''){
+                        $errormessage = $Lang::tr{'ccd err loxilbconfigeexist'};
+                        last;
+                }
+        }
+
+    unless ($errormessage) {
+        if ($settings{'KEY1'} eq '') { #add or edit ?
+            unshift (@current, "$settings{'domainName'}\n");
+            &General::log($Lang::tr{'xdpsni domain added'});
+        } else {
+            @current[$settings{'KEY1'}] = "$settings{'domainName'}\n";
+            $settings{'KEY1'} = '';       # End edit mode
+            &General::log($Lang::tr{'xdpsni domain changed'});
+        }
+
+        &CreateDomain(%settings);
+
+        # Write changes to config file.
+        &SortDataFile;                          # sort newly added/modified entry
+
+        #map ($settings{$_}='' ,@nosaved);      # Clear fields
+    }
+}
+
+if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
+
+    my $line = @current[$settings{'KEY1'}];     # KEY1 is the index in current
+    chomp($line);
+    $settings{'domainName'}=$line;
+
+    &DeleteDomain(%settings);
+
+    splice (@current,$settings{'KEY1'},1);              # Delete line
+    open(FILE, ">$xdpsnidomainfile") or die "$xdpsnidomainfile open error";
+    print FILE @current;
+    close(FILE);
+    $settings{'KEY1'} = '';                             # End remove mode
+}
+
+##  Check if sorting is asked
+# If same column clicked, reverse the sort.
+if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
+    my $newsort=$ENV{'QUERY_STRING'};
+    my $actual=$settings{'SORT_domainNameLIST'};
+    #Reverse actual sort ?
+    if ($actual =~ $newsort) {
+        my $Rev='';
+        if ($actual !~ 'Rev') {
+            $Rev='Rev';
+        }
+        $newsort.=$Rev;
+    }
+    $settings{'SORT_domainNameLIST'}=$newsort;
+    map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
+    &General::writehash($setting, \%settings);
+    &SortDataFile;
+    $settings{'ACTION'} = 'SORT';                       # Create an 'ACTION'
+    map ($settings{$_} = '' ,@nosaved,'KEY1');          # and reinit vars to empty
+}
+
+if ($settings{'ACTION'} eq '' ) { # First launch from GUI
+    # Place here default value when nothing is initialized
+    $settings{'domainName'} = '';
+}
+
+&Header::openpage($Lang::tr{'xdpsni'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+	print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
+	&Header::closebox();
+}
+
+# Read configuration file.
+&General::readhash("$xdpsnisettingfile", \%settings);
+
+# Checkbox pre-selection.
+my $checked;
+if ($settings{'ENABLE_SNIBLOCK'} eq "on") {
+        $checked = "checked='checked'";
+}
+
+my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
+
+my @status = &General::system_output('/usr/local/bin/xdpsnictrl', 'status');
+
+if (grep(/is attached/, @status)){
+        $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
+}
+
+&Header::openbox('100%', 'center', $Lang::tr{'xdpsni status'});
+
+print <<END;
+        <table width='100%'>
+	<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
+	<td width='25%'>&nbsp;</td>
+	<td width='25%'>&nbsp;</td>
+	<td width='25%'>&nbsp;</td>
+	<tr><td class='boldbase'>$Lang::tr{'xdpsni status'}</td>
+	<td align='left'>$sactive</td>
+	</tr>
+	<tr>
+	<td width='50%' class='boldbase'>$Lang::tr{'xdpsni enable'}
+	<td><input type='checkbox' name='ENABLE_SNIBLOCK' $checked></td>
+	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+	</tr>
+END
+
+print "</form> </table>\n";
+
+&Header::closebox();
+#
+
+my $buttontext = $Lang::tr{'add'};
+if ($settings{'KEY1'} ne '') {
+    $buttontext = $Lang::tr{'update'};
+    &Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain edit'});
+} else {
+    &Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain add'});
+}
+
+my @INTERFACES = ("red0", "green0");
+
+#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
+print <<END;
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
+<table width='100%'>
+<tr>
+    <td class='base'>$Lang::tr{'xdpsni domain name'}:&nbsp;</td>
+    <td><input type='text' name='domainName' value='$settings{'domainName'}' size='25'/></td>
+</tr>
+
+</table>
+<br>
+<table width='100%'>
+<tr>
+    <td width='50%' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
+</tr>
+</table>
+</form>
+END
+
+&Header::closebox();
+
+&Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain entries'});
+
+print <<END;
+
+<table width='100%' class='tbl'>
+<tr>
+    <th width='10%' align='center'><a href='$ENV{'SCRIPT_NAME'}?domainName'><b>$Lang::tr{'xdpsni domain name'}</b></a></th>
+    <th width='10%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th>
+</tr>
+END
+
+#
+# Print each line of @current list
+#
+
+my $key = 0;
+my $col="";
+foreach my $line (@current) {
+    chomp($line);                               # remove newline
+
+    #Choose icon for checkbox
+    my $gif = '';
+    my $gdesc = '';
+    if ($line ne '' ) {
+        $gif = 'on.gif';
+        $gdesc = $Lang::tr{'click to disable'};
+    } else {
+        $gif = 'off.gif';
+        $gdesc = $Lang::tr{'click to enable'};
+    }
+
+    #Colorize each line
+    if ($settings{'KEY1'} eq $key) {
+        print "<tr bgcolor='${Header::colouryellow}'>";
+    } elsif ($key % 2) {
+        print "<tr>";
+        $col="bgcolor='$color{'color20'}'";
+    } else {
+        print "<tr>";
+        $col="bgcolor='$color{'color22'}'";
+    }
+    print <<END;
+<td align='center' $col>$line</td>
+<td align='center' $col>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
+<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
+<input type='hidden' name='KEY1' value='$key' />
+</form>
+</td>
+
+<td align='center' $col>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
+<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
+<input type='hidden' name='KEY1' value='$key' />
+</form>
+</td>
+</tr>
+END
+
+    $key++;
+}
+print "</table>";
+
+# If table contains entries, print 'Key to action icons'
+if ($key) {
+print <<END;
+<table>
+<tr>
+    <td class='boldbase'>&nbsp;<b>$Lang::tr{'legend'}:&nbsp;</b></td>
+    <td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+    <td class='base'>$Lang::tr{'click to disable'}</td>
+    <td>&nbsp;&nbsp;</td>
+    <td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
+    <td class='base'>$Lang::tr{'click to enable'}</td>
+    <td>&nbsp;&nbsp;</td>
+    <td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
+    <td class='base'>$Lang::tr{'remove'}</td>
+</tr>
+</table>
+END
+}
+
+&Header::closebox();
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+
+## Ouf it's the end !
+
+# Sort the "current" array according to choices
+sub SortDataFile
+{
+    our %entries = ();
+
+    # Sort pair of record received in $a $b special vars.
+    # When IP is specified use numeric sort else alpha.
+    # If sortname ends with 'Rev', do reverse sort.
+    #
+    sub fixedleasesort {
+        my $qs='';             # The sort field specified minus 'Rev'
+        if (rindex ($settings{'SORT_domainNameLIST'},'Rev') != -1) {
+            $qs=substr ($settings{'SORT_domainNameLIST'},0,length($settings{'SORT_domainNameLIST'})-3);
+            if ($qs eq 'domainName') {
+                my @a = split(/\./,$entries{$a}->{$qs});
+                my @b = split(/\./,$entries{$b}->{$qs});
+                ($b[0]<=>$a[0]) ||
+                ($b[1]<=>$a[1]) ||
+                ($b[2]<=>$a[2]) ||
+                ($b[3]<=>$a[3]);
+            } else {
+                $entries{$b}->{$qs} cmp $entries{$a}->{$qs};
+            }
+        } else { #not reverse
+            $qs=$settings{'SORT_domainNameLIST'};
+            if ($qs eq 'domainName') {
+                my @a = split(/\./,$entries{$a}->{$qs});
+                my @b = split(/\./,$entries{$b}->{$qs});
+                ($a[0]<=>$b[0]) ||
+                ($a[1]<=>$b[1]) ||
+                ($a[2]<=>$b[2]) ||
+                ($a[3]<=>$b[3]);
+            } else {
+                $entries{$a}->{$qs} cmp $entries{$b}->{$qs};
+            }
+        }
+    }
+
+    #Use an associative array (%entries)
+    my $key = 0;
+    foreach my $line (@current) {
+        chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
+
+        # Build a pair 'Field Name',value for each of the data dataline.
+        # Each SORTABLE field must have is pair.
+        # Other data fields (non sortable) can be grouped in one
+
+        my @record = ('KEY',$key++,'domainName',$line);
+        my $record = {};                                # create a reference to empty hash
+        %{$record} = @record;                           # populate that hash with @record
+        $entries{$record->{KEY}} = $record;             # add this to a hash of hashes
+    }
+
+    open(FILE, ">$xdpsnidomainfile") or die "$xdpsnidomainfile open error";
+
+    # Each field value is printed , with the newline ! Don't forget separator and order of them.
+    foreach my $entry (sort fixedleasesort keys %entries) {
+        print FILE "$entries{$entry}->{domainName}\n";
+    }
+
+    close(FILE);
+    # Reload sorted  @current
+    open (FILE, "$xdpsnidomainfile");
+    @current = <FILE>;
+    close (FILE);
+}
+
+sub manageDomain {
+    my ($action, %settings) = @_;
+
+    # Initialize variables
+    my @xdpsni_options;
+    my $command = 'xdp_sni';
+
+    my $domain = $settings{'domainName'};
+
+    push(@xdpsni_options, $action, $domain);
+
+    #debug and display output in UI
+    #my @output  = &General::system_output($command, @xdpsni_options);
+    #$errormessage = join('', @output);
+    &General::system($command, @xdpsni_options);
+
+}
+
+sub CreateDomain {
+    my (%settings) = @_;
+    manageDomain("add", %settings);
+}
+
+sub DeleteDomain {
+    my (%settings) = @_;
+    manageDomain("delete", %settings);
+}
--- a/html/html/themes/ipfire/include/css/style.css
+++ b/html/html/themes/ipfire/include/css/style.css
@@ -1,3 +1,23 @@
+:root {
+        --color-green          : #339933;
+        --color-green-invert   : #ffffff;
+        --color-red            : #993333;
+        --color-red-invert     : #ffffff;
+        --color-blue           : #333399;
+        --color-blue-invert    : #ffffff;
+        --color-orange         : #ff9933;
+        --color-orange-invert  : #ffffff;
+        --color-yellow         : #ffbe00;
+        --color-yellow-invert  : #ffffff;
+        --color-black          : #363636;
+        --color-black-invert   : #ffffff;
+        --color-grey           : #d6d6d6;
+        --color-light-grey     : #f0f0f0;
+
+        --color-primary        : #ff2e52;
+        --color-primary-invert : #ffffff;
+        --color-text           : #363636;
+}

 /* This controls the width of the fixed width layouts */

@@ -118,6 +138,29 @@ iframe {
 	float: right !important;
 }

+/*
+	Text Alignment
+*/
+
+.text-left {
+	text-align: left;
+}
+
+.text-center {
+	text-align: center;
+}
+
+.text-right {
+	text-align: right;
+}
+
+/*
+	Text Colors
+*/
+.text-error {
+	color: var(--color-red);
+}
+
 /* Header */

 #header {
@@ -337,6 +380,21 @@ table {
 	border-bottom: 1px solid #363636;
 }

+.tbl .status {
+	text-align: center;
+	font-weight: bold;
+}
+
+.tbl .status.is-running, .tbl .status.is-connected {
+	background-color: var(--color-green);
+	color: var(--color-green-invert);
+}
+
+.tbl .status.is-stopped, .tbl .status.is-disconnected {
+	background-color: var(--color-red);
+	color: var(--color-red-invert);
+}
+
 table.fw-nat tbody tr td {
 	height: 2.25em;
 }
--- a/html/html/themes/ipfire/include/functions.pl
+++ b/html/html/themes/ipfire/include/functions.pl
@@ -212,8 +212,8 @@ print <<END;

 	<div id="footer" class='bigbox fixed'>
 		<span class="pull-right">
-			<a href="https://www.ipfire.org/" target="_blank"><strong>IPFire.org</strong></a> &bull;
-			<a href="https://www.ipfire.org/donate" target="_blank">$Lang::tr{'support donation'}</a>
+			<a href="http://www.bpfire.net/" target="_blank"><strong>BPFire.net</strong></a> &bull;
+			<a href="https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD" target="_blank">$Lang::tr{'support donation'}</a>
 		</span>

 		<strong>$system_release</strong>
@@ -265,3 +265,41 @@ sub openbox {
 sub closebox {
 	print "</div>";
 }
+
+sub errorbox($) {
+        my @errors = grep { $_ ne "" } @_;
+
+        # Do nothing if there are no errors
+        return unless (@errors);
+
+        # Open a new box
+        &openbox('100%', 'left', "Oops something went wrong");
+
+        # Print all error messages
+        print "<ul>\n";
+        foreach my $error (@errors) {
+                print "<li>$error</li>\n";
+        }
+        print "</ul>\n";
+
+        # Close the box again
+        &closebox();
+}
+
+# Sections
+
+sub opensection($) {
+        my $title = shift;
+
+        # Open the section
+        print "<section class=\"section\">";
+
+        # Show the title if set
+        if ($title) {
+                print " <h2 class=\"title\">${title}</h2>\n";
+        }
+}
+
+sub closesection() {
+        print "</section>";
+}
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -141,6 +141,7 @@
 'activate' => 'Activate',
 'activate user' => 'Activate user',
 'active' => 'Active',
+'standby' => 'Standby',
 'add' => 'Add',
 'add a host' => 'Add a host',
 'add a new rule' => 'Add a new rule:',
@@ -303,7 +304,7 @@
 'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
 'advproxy errmsg invalid url' => 'Invalid URL',
-'advproxy errmsg invalid user' => 'Username does not exist',
+'advproxy errmsg invalid user/password' => 'Error in Username and/or Password',
 'advproxy errmsg ldap base dn' => 'LDAP base DN required',
 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
 'advproxy errmsg ldap port' => 'Invalid LDAP port number',
@@ -433,6 +434,7 @@
 'all services' => 'All Services',
 'all updates installed' => 'All updates installed',
 'allmsg' => 'show all',
+'allowed subnets' => 'Allowed Subnets',
 'alt dialup' => 'Dialup',
 'alt home' => 'Home',
 'alt information' => 'Information',
@@ -670,6 +672,7 @@
 'compression' => 'Compression:',
 'computer to modem rate' => 'Computer to modem rate:',
 'concentrator name' => 'Concentrator name:',
+'configuration file' => 'Configuration File',
 'confirmation' => 'confirmation',
 'connect' => 'OVPN Start / Connect',
 'connect the modem' => 'Connect the modem',
@@ -926,10 +929,12 @@
 'domain name' => 'Domain name',
 'domain name suffix' => 'Domain name suffix:',
 'domain not set' => 'Domain not set.',
-'donation' => 'Donation',
+'donation-ipfire' => 'IPFire Donation',
+'donation-bpfire' => 'BPFire Donation',
 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
-'donation-text' => '<strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.',
-'done' => 'Do it',
+'donation-ipfire-text' => '<strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.',
+'donation-bpfire-text' => '<strong>BPFire</strong> is to enable revolutionary eBPF technology for non-tech savvy users, make eBPF technology available to home users or any size of organizations to secure their network environment, It is driven and maintained by Vincent Li in his free time. To keep this project running costs incurred, if you like to support him he would be pleased by a small donation.',
+'done' => 'Done',
 'dos charset' => 'DOS Charset',
 'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
 'downfall gather data sampling' => 'Downfall/Gather Data Sampling',
@@ -1034,6 +1039,9 @@
 'encrypted' => 'Encrypted',
 'encryption' => 'Encryption:',
 'end address' => 'End address:',
+'endpoint' => 'Endpoint',
+'endpoint address' => 'Endpoint Address',
+'endpoint port' => 'Endpoint Port',
 'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
 'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
 'entropy' => 'Entropy',
@@ -1335,6 +1343,7 @@
 'fwhost hint' => 'Note',
 'fwhost hosts' => 'Firewall Hosts',
 'fwhost icmptype' => 'ICMP type:',
+'fwhost invalid country code' => 'Invalid Country Code',
 'fwhost ip_mac' => 'IP/MAC address',
 'fwhost ipadr' => 'IP address:',
 'fwhost ipsec host' => 'IPsec clients:',
@@ -1359,6 +1368,7 @@
 'fwhost type' => 'Type',
 'fwhost used' => 'Used',
 'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
 'fwhost wo subnet' => '(without subnet)',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',
@@ -1481,6 +1491,7 @@
 'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
 'imei' => 'IMEI',
 'import' => 'Import',
+'import connection' => 'Import a Connection',
 'importkey' => 'Import PSK',
 'imsi' => 'IMSI',
 'in' => 'In',
@@ -1539,6 +1550,8 @@
 'invalid domain name' => 'Invalid domain name.',
 'invalid downlink speed' => 'Invalid downlink speed.',
 'invalid end address' => 'Invalid end address.',
+'invalid endpoint' => 'Invalid Endpoint',
+'invalid endpoint address' => 'Invalid Endpoint Address',
 'invalid fixed ip address' => 'Invalid fixed IP address',
 'invalid fixed mac address' => 'Invalid fixed MAC address',
 'invalid hostname' => 'Invalid hostname.',
@@ -1573,8 +1586,10 @@
 'invalid input for subscription code' => 'Invalid input for subscription code',
 'invalid input for valid till days' => 'Invalid input for Valid till (days).',
 'invalid ip' => 'Invalid IP Address',
+'invalid ip address' => 'Invalid IP Address',
 'invalid ip or hostname' => 'Invalid IP Address or Hostname',
 'invalid keep time' => 'Keep time must be a valid number',
+'invalid keepalive interval' => 'Invalid Keepalive Interval',
 'invalid key' => 'Invalid key.',
 'invalid loaded file' => 'Invalid loaded file',
 'invalid local-remote id' => 'local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.',
@@ -1589,6 +1604,7 @@
 'invalid minimum object size' => 'Invalid minimum object size.',
 'invalid mtu input' => 'Invalid MTU',
 'invalid netmask' => 'Invalid netmask',
+'invalid network' => 'Invalid Network',
 'invalid port' => 'Invalid port. Must be a valid port number.',
 'invalid port list' => 'Port list syntax is: port[,port]... where port is in /etc/services or number',
 'invalid primary dns' => 'Invalid primary DNS.',
@@ -1694,20 +1710,22 @@
 'local ip address' => 'Local IP Address',
 'local master' => 'Local Master',
 'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
+'local port' => 'Local Port',
 'local subnet' => 'Local subnet:',
 'local subnet is invalid' => 'Local subnet is invalid.',
+'local subnets' => 'Local Subnets',
 'local vpn hostname/ip' => 'Local VPN Hostname/IP',
 'localkey' => 'Localkey',
 'localkeyfile' => 'Localkeyfile',
 'location' => 'Location',
-'locationblock' => 'Location Block',
-'locationblock block countries' => 'Block countries',
-'locationblock configuration' => 'Location Configuration',
+'locationblock' => 'XDP Location Block',
+'locationblock block countries' => 'Block countries/regions',
+'locationblock configuration' => 'XDP Location Configuration',
 'locationblock country code' => 'Country Code',
 'locationblock country is allowed' => 'Incoming traffic from this country is allowed',
 'locationblock country is blocked' => 'Incoming traffic from this country will be blocked',
 'locationblock country name' => 'Country Name',
-'locationblock enable feature' => 'Enable Location based blocking:',
+'locationblock enable feature' => 'Enable XDP Location based blocking:',
 'locationblock flag' => 'Flag',
 'log' => 'Log',
 'log drop hostile in' => 'Log dropped packets FROM hostile networks',
@@ -1765,6 +1783,9 @@
 'mailmethod' => 'Mailmethod',
 'mailprogramm' => 'Mailprogramm',
 'main page' => 'Main page',
+'malformed preshared key' => 'Malformed Pre-Shared Key',
+'malformed private key' => 'Malformed Private Key',
+'malformed public key' => 'Malformed Public Key',
 'manage ovpn' => '5. Tunnel Management:',
 'manage printers' => 'manage printers',
 'manage shares' => 'Manage Shares',
@@ -1965,6 +1986,7 @@
 'one month' => 'One Month',
 'one week' => 'One Week',
 'one year' => 'One Year',
+'online' => 'Online',
 'online help en' => 'Online help (in english)',
 'only digits allowed in holdoff field' => 'Only digits allowed in holdoff field',
 'only digits allowed in max retries field' => 'Only digits allowed in max retries field.',
@@ -2202,12 +2224,14 @@
 'psk' => 'PSK',
 'ptr' => 'PTR',
 'ptr lookup failed' => 'Reverse lookup failed',
+'public key' => 'Public Key',
 'pulse' => 'Pulse',
 'pulse dial' => 'Pulse dial:',
 'qos add subclass' => 'Add subclass',
 'qos enter bandwidths' => 'You will need to enter your downstream and upstream bandwidth!',
 'qos graphs' => 'Qos Graphs',
 'qos warning' => 'The rule <strong>must</strong> be saved, otherwise it will be discarded!',
+'qr code' => 'QR Code',
 'quick control' => 'Quick Control',
 'quick playlist' => 'Quick Playlist',
 'ram' => 'RAM',
@@ -2243,6 +2267,7 @@
 'reload' => 'reload',
 'remark' => 'Remark',
 'remark title' => 'Remark:',
+'remarks' => 'Remarks',
 'remote access' => 'Remote access',
 'remote announce' => 'Remote Announce',
 'remote browse sync' => 'Remote Browse Sync',
@@ -2250,6 +2275,7 @@
 'remote logging' => 'Remote logging',
 'remote subnet' => 'Remote subnet:',
 'remote subnet is invalid' => 'Remote subnet is invalid.',
+'remote subnets' => 'Remote Subnets',
 'removable device advice' => 'Plug in a device, refresh, select and mount before usage. Umount before removal.',
 'remove' => 'Remove',
 'remove ca certificate' => 'Remove CA certificate',
@@ -2283,6 +2309,7 @@
 'root user password' => 'Root password',
 'route subnet is invalid' => 'Additional push route subnet is invalid',
 'router ip' => 'Router IP address:',
+'routing' => 'Routing',
 'routing table entries' => 'Routing Table Entries',
 'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:',
 'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:',
@@ -2506,6 +2533,24 @@
 'keepalived auth pass' => 'Auth Pass',
 'keepalived unicast peer' => 'Unicast Peer',
 'keepalived virtual address' => 'Virtual Address',
+'xdpdns status' => 'Status',
+'xdpdns enable' => 'Enable XDP DNS Deny',
+'xdpdns domain' => 'XDP DNS Blocklist',
+'xdpdns domain edit' => 'Edit Domain',
+'xdpdns domain add' => 'Add Domain',
+'xdpdns domain name' => 'Domain Name',
+'xdpdns domain entries' => 'Domain Blocklist Entries',
+'xdpdns log' => 'DNS Query Log from XDP',
+'xdpdns hits' => 'Total number of DNS query log from XDP',
+'xdpsni status' => 'Status',
+'xdpsni enable' => 'Enable XDP TLS/SSL Web Blocklist',
+'xdpsni domain' => 'XDP TLS/SSL Web Blocklist',
+'xdpsni domain edit' => 'Edit Web',
+'xdpsni domain add' => 'Add Web',
+'xdpsni domain name' => 'Web Name',
+'xdpsni domain entries' => 'Web Blocklist Entries',
+'xdpsni log' => 'TLS/SSL Web Access Log from XDP',
+'xdpsni hits' => 'Total number of TLS/SSL Web Access Log from XDP',
 'status' => 'Status',
 'status information' => 'Status information',
 'status ovpn' => 'OpenVPN',
@@ -2525,7 +2570,7 @@
 'successfully refreshed updates list' => 'Successfully refreshed updates list.',
 'summaries kept' => 'Keep summaries for',
 'sunday' => 'Sunday',
-'support donation' => 'Support the IPFire project with your donation',
+'support donation' => 'Support the BPFire project with your donation',
 'swap' => 'Swap',
 'swap usage per' => 'Swap usage per',
 'system' => 'System',
@@ -2535,6 +2580,7 @@
 'system log viewer' => 'System Log Viewer',
 'system logs' => 'System Logs',
 'system status information' => 'System Status Information',
+'system time' => 'System time (as of last page load)',
 'ta key' => 'TLS-Authentification-Key',
 'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
 'tcp more reliable' => 'TCP (more reliable)',
@@ -2563,6 +2609,7 @@
 'time' => 'Time',
 'time date manually reset' => 'Time/Date manually reset.',
 'time server' => 'Time Server',
+'timeformat' => '%Y-%m-%d at %H:%M:%S %Z',
 'timeout must be a number' => 'Timeout must be a number.',
 'title' => 'Title',
 'to' => 'To',
@@ -3081,11 +3128,61 @@
 'week-graph' => 'Week',
 'weekly firewallhits' => 'weekly firewallhits',
 'weeks' => 'Weeks',
+'wg' => 'WireGuard',
+'wg address' => 'Address',
+'wg client configuration file' => 'WireGuard Client Configuration File',
+'wg client pool' => 'Client Pool',
+'wg create host-to-net peer' => 'Create A New Host-To-Net Peer',
+'wg create net-to-net peer' => 'Create A New Net-To-Net Peer',
+'wg create peer' => 'Create A New Peer',
+'wg dns' => 'DNS',
+'wg download configuration' => 'Download Configuration',
+'wg download configuration file' => 'Download the configuration file',
+'wg edit host-to-net peer' => 'Edit Host-To-Net Peer',
+'wg edit net-to-net peer' => 'Edit Net-To-Net Peer',
+'wg edit peer' => 'Edit Peer',
+'wg endpoint' => 'Endpoint',
+'wg host to net client settings' => 'Host-To-Net Client Settings',
+'wg hits' => 'Total number of Wireguard handshake',
+'wg import peer' => 'Import Peer',
+'wg invalid client dns' => 'Invalid client DNS address',
+'wg invalid client pool' => 'Invalid client pool',
+'wg invalid endpoint address' => 'Invalid endpoint address',
+'wg invalid endpoint port' => 'Invalid endpoint port',
+'wg invalid keepalive interval' => 'Invalid Keepalive Interval (Must be between 0 and 65535)',
+'wg invalid local subnet' => 'Invalid local subnet',
+'wg invalid name' => 'Invalid name (Only letters, numbers, space and hyphen are allowed)',
+'wg invalid psk' => 'Invalid pre-shared key',
+'wg invalid public key' => 'Invalid public key',
+'wg invalid remote subnet' => 'Invalid remote subnet',
+'wg invalid wg0 address' => 'Invalid wg0 IP',
+'wg keepalive interval' => 'Keepalive Interval',
+'wg leave empty to automatically select' => 'Leave empty to automatically select',
+'wg log' => 'Wireguard handshake log',
+'wg missing allowed ips' => 'Missing AllowedIPs',
+'wg missing endpoint address' => 'Missing Endpoint Address',
+'wg missing endpoint port' => 'Missing Endpoint Port',
+'wg missing port' => 'Missing Port',
+'wg missing private key' => 'Missing Private Key',
+'wg missing public key' => 'Missing Public Key',
+'wg name is already used' => 'The name is already in use',
+'wg no local subnets' => 'No local subnets given',
+'wg no more free addresses in pool' => 'No more free addresses in pool',
+'wg no remote subnets' => 'No remote subnets given',
+'wg peer' => 'Wireguard Peer',
+'wg peer configuration' => 'Peer Configuration',
+'wg peer does not exist' => 'Peer does not exist',
+'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)',
+'wg rw peers' => 'WireGuard Roadwarrior Peers',
+'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.',
+'wg show configuration qrcode' => 'Show Configuration QR Code',
+'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.',
 'whois results from' => 'WHOIS results from',
 'wildcards' => 'Wildcards',
 'winbind daemon' => 'Winbind Daemon',
 'wins server' => 'Wins Server',
 'wins support' => 'Wins Support',
+'wireguard' => 'WireGuard',
 'wireless' => 'Wireless',
 'wireless config added' => 'Wireless config added',
 'wireless config changed' => 'Wireless config changed',
--- a/langs/zh/cgi-bin/zh.pl
+++ b/langs/zh/cgi-bin/zh.pl
@@ -138,6 +138,7 @@
 'activate' => '激活',
 'activate user' => '激活用户',
 'active' => 'Active',
+'standby' => 'Standby',
 'add' => '添加',
 'add a host' => '添加主机',
 'add a new rule' => '添加规则:',
@@ -298,7 +299,7 @@
 'advproxy errmsg invalid proxy port' => '无效的代理端口',
 'advproxy errmsg invalid upstream proxy' => '无效的上游代理IP/主机名',
 'advproxy errmsg invalid upstream proxy username or password setting' => '无效的上游代理用户名或密码设置',
-'advproxy errmsg invalid user' => '用户名不存在',
+'advproxy errmsg invalid user/password' => '无效用户名或密码',
 'advproxy errmsg ldap base dn' => '需要LDAP基本DN',
 'advproxy errmsg ldap bind dn' => '需要LDAP绑定DN用户名和密码',
 'advproxy errmsg ldap port' => '无效的LDAP端口号',
@@ -428,6 +429,7 @@
 'all services' => '所有服务',
 'all updates installed' => '已安装所有更新',
 'allmsg' => '显示所有',
+'allowed subnets' => '允许网段',
 'alt dialup' => 'PPP设置',
 'alt home' => '网络概括',
 'alt information' => '信息',
@@ -664,6 +666,7 @@
 'compression' => '压缩:',
 'computer to modem rate' => '计算机到modem的速率:',
 'concentrator name' => '集中器名称:',
+'configuration file' => '配置文件',
 'confirmation' => '确认',
 'connect' => 'OVPN 启动/连接',
 'connect the modem' => '连接调制解调器',
@@ -697,7 +700,7 @@
 'could not retrieve common name from certificate' => '无法从证书中检索通用名称。',
 'count' => '计数',
 'countries' => '国别',
-'country' => '国家',
+'country' => '国家/地区',
 'country codes and flags' => '国家代码和国旗:',
 'countrycode' => '代码',
 'cpu frequency' => 'CPU frequency',
@@ -923,10 +926,12 @@
 'domain name' => '域名',
 'domain name suffix' => '域名后缀:',
 'domain not set' => '未设置域。',
-'donation' => '捐款',
+'donation-ipfire' => 'IPFire 捐款',
+'donation-bpfire' => 'BPFire 捐款',
 'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
-'donation-text' => '<strong>IPFire</strong>由志愿者在空闲时间进行维护。为了保持该项目的运行成本，如果您愿意支持我们，请您为我们提供一小笔捐款。',
-'done' => '做吧',
+'donation-ipfire-text' => '<strong>IPFire</strong>由志愿者在空闲时间进行维护。为了保持该项目的运行成本，如果您愿意支持我们，请您为我们提供一小笔捐款。',
+'donation-bpfire-text' => '<strong>BPFire</strong>为普罗大众带来革命创新性的eBPF技术，为家庭用户或任何大小组织企业的网络安全保驾护航. 由Vincent Li在空闲时间进行维护。为了保持该项目的运行成本，如果您愿意支持他，请您为他提供一小笔捐款。',
+'done' => '完成',
 'dos charset' => 'DOS字符集',
 'down and up speed' => '输入您的下行和上行速度<br /> 然后点击<i>保存</i>。',
 'downlink' => '下行链接',
@@ -1326,6 +1331,7 @@
 'fwhost hint' => '注意',
 'fwhost hosts' => '防火墙主机',
 'fwhost icmptype' => 'ICMP类型:',
+'fwhost invalid country code' => '无效国家地代码',
 'fwhost ip_mac' => 'IP/MAC地址',
 'fwhost ipadr' => 'IP地址:',
 'fwhost ipsec host' => 'IPsec客户端:',
@@ -1472,6 +1478,7 @@
 'ike lifetime should be between 1 and 24 hours' => 'IKE的有效期应在1到24小时之间。',
 'imei' => 'IMEI',
 'import' => '导入',
+'import connection' => '导入节点',
 'importkey' => '导入PSK',
 'imsi' => 'IMSI',
 'in' => '进',
@@ -1667,18 +1674,19 @@
 'local ntp server specified but not enabled' => '已指定但未启用本地NTP服务器',
 'local subnet' => '本地子网:',
 'local subnet is invalid' => '本地子网无效。',
+'local subnets' => '本地子网',
 'local vpn hostname/ip' => '本地VPN主机/IP',
 'localkey' => '本地密钥',
 'localkeyfile' => '本地密钥文件',
 'location' => '地区',
-'locationblock' => '地区阻止',
+'locationblock' => 'XDP加速地区阻止',
 'locationblock block countries' => '阻止条目',
 'locationblock configuration' => '地区配置',
 'locationblock country code' => '国家代码',
 'locationblock country is allowed' => '允许来自该国家/地区的入站流量',
 'locationblock country is blocked' => '阻止该国家/地区的入站流量',
 'locationblock country name' => '国家名称',
-'locationblock enable feature' => '启用基于位置的阻止：:',
+'locationblock enable feature' => '启用基于XDP加速器位置的阻止：:',
 'locationblock flag' => 'Flag',
 'log' => '日志',
 'log dropped conntrack invalids' => '记录被连接跟踪分类为无效的丢弃数据包',
@@ -1935,6 +1943,7 @@
 'one month' => '1个月',
 'one week' => '1周',
 'one year' => '1年',
+'online' => '在线',
 'online help en' => '在线帮助（英语）',
 'only digits allowed in holdoff field' => '拖延字段中仅允许数字',
 'only digits allowed in max retries field' => '“最大重试次数”字段中仅允许数字。',
@@ -2210,6 +2219,7 @@
 'released' => '已发行',
 'reload' => '重新加载',
 'remark' => '备注',
+'remarks' => '备注',
 'remark title' => '备注:',
 'remote access' => '远程访问',
 'remote announce' => '远程通知',
@@ -2250,6 +2260,7 @@
 'root user password' => 'Root密码',
 'route subnet is invalid' => '其他推送路由子网无效',
 'router ip' => '路由IP地址:',
+'routing' => '路由',
 'routing table entries' => '路由表条目',
 'rsvd dst port overlap' => '目标端口范围与为IPFire保留的端口重叠:',
 'rsvd src port overlap' => '源端口范围与为IPFire保留的端口重叠:',
@@ -2434,12 +2445,12 @@
 'loxilb lb add' => '添加负载均衡配置',
 'loxilb lb name' => '名字',
 'loxilb lb extip' => 'IP地址',
-'loxilb lb port' => '后端端口',
+'loxilb lb port' => '前端端口',
 'loxilb lb proto' => '协议',
 'loxilb lb sel' => '负载算法',
 'loxilb lb mode' => '模式',
 'loxilb lb endpoints' => '后端服务器',
-'loxilb lb eport' => '前端端口',
+'loxilb lb eport' => '后端端口',
 'loxilb lb monitor' => '后端服务监控',
 'loxilb fw' => 'eBPF LoxiLB 防火墙配置',
 'loxilb fw changed' => '防火墙配置被修改',
@@ -2471,6 +2482,24 @@
 'keepalived auth pass' => '认证密码',
 'keepalived unicast peer' => '单播同伴设备',
 'keepalived virtual address' => '虚拟 IP地址',
+'xdpdns status' => '运行状态',
+'xdpdns enable' => '启动',
+'xdpdns domain' => 'eBPF XDP 域名过滤服务',
+'xdpdns domain edit' => '编辑域名',
+'xdpdns domain add' => '添加域名',
+'xdpdns domain name' => '域名',
+'xdpdns domain entries' => '域名过滤列表',
+'xdpdns log' => 'XDP记录的域名解析日志',
+'xdpdns hits' => '域名解析日志总数',
+'xdpsni status' => '运行状态',
+'xdpsni enable' => '启动',
+'xdpsni domain' => 'XDP 加密网站过滤服务',
+'xdpsni domain edit' => '编辑加密网站域名',
+'xdpsni domain add' => '添加加密网站域名',
+'xdpsni domain name' => '加密网站域名',
+'xdpsni domain entries' => '加密网站域名过滤列表',
+'xdpsni log' => 'XDP记录的加密网站访问日志',
+'xdpsni hits' => '加密网站访问日志总数',
 'status' => '状态',
 'status information' => '状态信息',
 'status ovpn' => 'OpenVPN',
@@ -2490,7 +2519,7 @@
 'successfully refreshed updates list' => '成功刷新更新列表。.',
 'summaries kept' => '保留摘要',
 'sunday' => '星期日',
-'support donation' => '通过捐款支持IPFire项目',
+'support donation' => '通过捐款支持BPFire项目',
 'swap' => '交换',
 'swap usage per' => 'Swap usage per',
 'system' => '系统状态',
@@ -2500,6 +2529,7 @@
 'system log viewer' => '系统日志查看器',
 'system logs' => '系统日志',
 'system status information' => '系统状态信息',
+'system time' => '系统时间(自上次页面刷新)',
 'ta key' => 'TLS认证密钥',
 'taa zombieload2' => 'TSX Async中上/ZombieLoad v2',
 'tcp more reliable' => 'TCP(更可靠)',
@@ -2528,6 +2558,7 @@
 'time' => '时间',
 'time date manually reset' => '时间/日期手动重置。',
 'time server' => 'NTP服务',
+'timeformat' => '%Y-%m-%d at %H:%M:%S %Z',
 'timeout must be a number' => '超时必须为数字。',
 'title' => '标题',
 'to' => '到',
@@ -3043,6 +3074,55 @@
 'week-graph' => 'Week',
 'weekly firewallhits' => '防火墙命中(每周)',
 'weeks' => '周',
+'wg' => 'WireGuard',
+'wg address' => 'IP地址',
+'wg client configuration file' => 'WireGuard客户端配置文件',
+'wg client pool' => '客户端地址池',
+'wg create host-to-net peer' => '创建新的主机对网络节点',
+'wg create net-to-net peer' => '创建新的网络对网络节点',
+'wg create peer' => '创建新节点',
+'wg dns' => 'DNS',
+'wg download configuration' => '下载配置',
+'wg download configuration file' => '下载配置文件',
+'wg edit host-to-net peer' => '编辑主机对网络节点',
+'wg edit net-to-net peer' => '编辑网络对网络节点',
+'wg edit peer' => '编辑节点',
+'wg endpoint' => '服务器节点',
+'wg host to net client settings' => '主机对网络客户端设置',
+'wg hits' => 'Wireguard 握手全日志',
+'wg import peer' => '导入节点',
+'wg invalid client dns' => '无效的客户端DNS地址',
+'wg invalid client pool' => '无效的客户端地址池',
+'wg invalid endpoint address' => '无效的端点地址',
+'wg invalid endpoint port' => '无效的端点端口',
+'wg invalid keepalive interval' => '无效的Keepalive间隔（必须介于0到65535之间）',
+'wg invalid local subnet' => '无效的本地子网',
+'wg invalid name' => '无效的名称（仅允许字母、数字、空格和连字符）',
+'wg invalid psk' => '无效的预共享密钥',
+'wg invalid public key' => '无效的公钥',
+'wg invalid remote subnet' => '无效的远程子网',
+'wg invalid wg0 address' => '无效的 wg0 IP 地址',
+'wg keepalive interval' => 'Keepalive间隔',
+'wg leave empty to automatically select' => '留空以自动选择',
+'wg log' => 'Wireguard 握手日志',
+'wg missing allowed ips' => '缺少AllowedIPs',
+'wg missing endpoint address' => '缺少端点地址',
+'wg missing endpoint port' => '缺少端点端口',
+'wg missing port' => '缺少端口',
+'wg missing private key' => '缺少私钥',
+'wg missing public key' => '缺少公钥',
+'wg name is already used' => '该名称已被使用',
+'wg no local subnets' => '未指定本地子网',
+'wg no more free addresses in pool' => '地址池中没有可用地址',
+'wg no remote subnets' => '未指定远程子网',
+'wg peer' => 'Wireguard 节点',
+'wg peer configuration' => '节点配置',
+'wg peer does not exist' => '节点不存在',
+'wg pre-shared key (optional)' => '预共享密钥（可选）',
+'wg rw peers' => 'WireGuard移动办公节点',
+'wg scan the qr code' => '扫描二维码将WireGuard配置导入移动客户端',
+'wg show configuration qrcode' => '显示配置二维码',
+'wg warning configuration only shown once' => '警告：此WireGuard配置文件仅显示一次，因其包含未存储在IPFire上的私钥材料',
 'whois results from' => 'WHOIS结果来自',
 'wildcards' => 'Wildcards',
 'winbind daemon' => 'Winbind进程',
--- a/lfs/arpwatch
+++ b/lfs/arpwatch
@@ -0,0 +1,120 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+SUMMARY    = Monitoring tool for ARP traffic on a network
+
+VER        = 3.8
+ETHERCODES_DATE = 20200628
+
+# From: https://ee.lbl.gov/downloads/arpwatch/
+
+THISAPP    = arpwatch-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = arpwatch
+PAK_VER    = 2
+
+DEPS       =
+
+SERVICES   = arpwatch
+
+# Enable debugging code
+CFLAGS += -DDEBUG=1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE) ethercodes.dat-$(ETHERCODES_DATE).xz
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+ethercodes.dat-$(ETHERCODES_DATE).xz = $(DL_FROM)/ethercodes.dat-$(ETHERCODES_DATE).xz
+
+$(DL_FILE)_BLAKE2 = a43a2ad007da266f58b5c5fd617c8955940cffc88233c16455b553aea4c9ddad8cf744996b342f156c879aab29ce6c5ae85b93abdb0fbf5dd674d39e851de273
+ethercodes.dat-$(ETHERCODES_DATE).xz_BLAKE2 = e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+	@$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+	# Fix compilation issues
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arpwatch/53_stop-using-_getshort.patch
+	cd $(DIR_APP) && sed -i '1i#include <time.h>' report.c
+
+	# Don't install the initscript
+	cd $(DIR_APP) && sed -i '/@HAVE_FREEBSD_TRUE@/d' Makefile.in
+
+	# Fix the envelope sender
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arpwatch/fix-envelope-sender.patch
+
+	# Build!
+	cd $(DIR_APP) && ./configure --prefix=/usr
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+
+	# Install initscripts
+	# $(call INSTALL_INITSCRIPTS,$(SERVICES))
+
+	# Install the data directory
+	-mkdir -pv /var/lib/arpwatch
+
+	# Install ethercodes.dat
+	xz -dvv \
+		< $(DIR_DL)/ethercodes.dat-$(ETHERCODES_DATE).xz \
+		> /var/lib/arpwatch/ethercodes.dat
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -54,9 +54,9 @@ $(TARGET) :
 			ethernet extrahd/bin fwlogs fwhosts firewall ipblocklist key langs logging mac main \
 			menu.d modem optionsfw \
 			ovpn patches pakfire portfw ppp private proxy/advanced/cre \
-			proxy/calamaris/bin qos/bin red remote ddos loxilb keepalived sensors suricata time \
+			proxy/calamaris/bin qos/bin red remote ddos loxilb keepalived haproxy xdpdns xdpsni sensors suricata time \
 			updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
-			wakeonlan wireless ; do \
+			wakeonlan wireguard wireless ; do \
 	        mkdir -p $(CONFIG_ROOT)/$$i; \
 	done

@@ -68,9 +68,9 @@ $(TARGET) :
 	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
 	    ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
 	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
-	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings keepalived/keepalived.conf keepalived/runsettings keepalived/settings keepalived/configvs keepalived/configrs qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
+	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings xdpdns/settings xdpdns/domainfile xdpsni/settings xdpsni/domainfile keepalived/keepalived.conf keepalived/runsettings keepalived/settings keepalived/configvs keepalived/configrs haproxy/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
 	    qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
-	    vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
+	    vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireguard/peers wireguard/settings wireless/config wireless/settings; do \
 	    touch $(CONFIG_ROOT)/$$i; \
 	done

@@ -81,6 +81,7 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/location-functions.pl	$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/ipblocklist-functions.pl	$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/ids-functions.pl		$(CONFIG_ROOT)/
+	cp $(DIR_SRC)/config/cfgroot/wireguard-functions.pl     $(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/lang.pl			$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/countries.pl		$(CONFIG_ROOT)/
 	cp $(DIR_SRC)/config/cfgroot/graphs.pl			$(CONFIG_ROOT)/
@@ -105,6 +106,9 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/dns-ddos-settings		$(CONFIG_ROOT)/ddos/dns-ddos-settings
 	cp $(DIR_SRC)/config/cfgroot/loxilb-settings		$(CONFIG_ROOT)/loxilb/settings
 	cp $(DIR_SRC)/config/cfgroot/loxilb-FWconfig.txt	$(CONFIG_ROOT)/loxilb/FWconfig.txt
+	cp $(DIR_SRC)/config/cfgroot/xdpdns-settings		$(CONFIG_ROOT)/xdpdns/settings
+	cp $(DIR_SRC)/config/cfgroot/xdpsni-settings		$(CONFIG_ROOT)/xdpsni/settings
+	cp $(DIR_SRC)/config/cfgroot/haproxy-settings		$(CONFIG_ROOT)/haproxy/settings
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings		$(CONFIG_ROOT)/logging/settings
 	cp $(DIR_SRC)/config/cfgroot/ethernet-vlans		$(CONFIG_ROOT)/ethernet/vlans
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -26,7 +26,7 @@ include Config

 SUMMARY    = A highly DNS-, DoS- and abuse-aware loadbalancer

-VER        = 1.8.0
+VER        = 1.9.10

 THISAPP    = dnsdist-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -52,7 +52,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 47cfcfe3756cdc4520c1ba1e11b7d60191125ef900ba829ff7437ac2041352b845ab5f7183f53fea9b3aa6f44c5745de3878c2b72f2be048fa57d2c2e9325c0c
+$(DL_FILE)_BLAKE2 = 4490a6faf11b6b7e48fc821be37d0cee1ad93455ec09dadc61e236704bb743d8e5189d085352c775d19933934230e1c5b68ed233b7de7c5cb196f7da4dc16719

 install : $(TARGET)

@@ -92,6 +92,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--disable-gnutls \
 		--enable-dns-over-tls \
 		--with-lua \
+		--with-ebpf \
+		--with-xsk \
 		--without-net-snmp

 	cd $(DIR_APP) && make $(MAKETUNING)
@@ -103,6 +105,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/dnsdist \
 		 /var/ipfire/backup/addons/includes/dnsdist

+	# Install xsk AF_XDP configuration
+	install -v -m 644 $(DIR_SRC)/config/dnsdist/dnsdist-xsk.conf \
+		/etc/dnsdist-xsk.conf
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -40,6 +40,7 @@ IMAGE_FILE = /install/images/$(SNAME)-$(VERSION)-core$(CORE)-$(BUILD_ARCH).img.x

 FSTAB_FMT = UUID=%s %-8s %-4s %-10s %d %d\n
 BPFFS_FMT = %s %-8s %-4s %-10s %d %d\n
+DEBUGFS_FMT = %s %-8s %-4s %-10s %d %d\n

 ###############################################################################
 # Top-level Rules
@@ -169,6 +170,8 @@ endif

 	printf "$(BPFFS_FMT)" "bpffs" "/sys/fs/bpf" \
 		"bpf" "defaults" 0 0 >> $(MNThdd)/etc/fstab
+	printf "$(DEBUGFS_FMT)" "debugfs" "/sys/kernel/debug" \
+		"debugfs" "defaults" 0 0 >> $(MNThdd)/etc/fstab

 ifeq "$(BOOTLOADER)" "grub"
 	# backup defaults file
@@ -177,6 +180,7 @@ ifeq "$(BOOTLOADER)" "grub"
 	# Enable also serial console on GRUB
 	echo "GRUB_TERMINAL=\"serial console\"" >> $(MNThdd)/etc/default/grub
 	echo "GRUB_SERIAL_COMMAND=\"serial --unit=0 --speed=115200\"" >> $(MNThdd)/etc/default/grub
+	echo "GRUB_CMDLINE_LINUX=\"console=tty1 console=ttyS0,115200 rd.auto panic=10\"" >> $(MNThdd)/etc/default/grub

 	# Add additional entry for Serial console
 	cp $(DIR_SRC)/config/flash-images/grub/11_linux_scon \
--- a/lfs/go
+++ b/lfs/go
@@ -24,7 +24,7 @@

 include Config

-VER        = 1.22.0
+VER        = 1.24.4

 THISAPP    = go-$(VER)
 DL_FILE    = go$(VER).$(GOOS)-$(GOARCH).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

 go$(VER).$(GOOS)-arm64.tar.gz_BLAKE2 = 330336e36ebc7cb8666159256ff6dce965465195db84e29467fe0ffa79b1fa1b698d8751df73bec1cd7d04b528d9d6a9cad259f6ad5036eb89212ebc3e91b686
-go$(VER).$(GOOS)-amd64.tar.gz_BLAKE2 = 018b9dd68d12ed0f2859993b6496d95bec946031353da022eb7fff2337c6082aadabbb4f858987d854599c1c2491e7ca404a7273bde01d61a2491097b24ce1b6
+go$(VER).$(GOOS)-amd64.tar.gz_BLAKE2 = 17d2f502e57d1c94bc63712d4ec1ada4bfff281d9d387257c3f7f15f71040af7baf515d665b255c66581405b2e840d9bcbe850f275d30cb8fec21ecce8d14325

 install : $(TARGET)

--- a/lfs/haproxy
+++ b/lfs/haproxy
@@ -96,7 +96,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

 	-mkdir -pv /etc/haproxy /var/lib/haproxy
 	install -v -m 644 $(DIR_SRC)/config/haproxy/haproxy.cfg \
-		/etc/haproxy/haproxy.cfg
+		/var/ipfire/haproxy/haproxy.cfg

 	install -v -m 644 $(DIR_SRC)/config/backup/includes/haproxy \
 		/var/ipfire/backup/addons/includes/haproxy
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -96,11 +96,13 @@ $(TARGET) :
 	ln -sf ../init.d/vdradmin		/etc/rc.d/rc0.d/K01vdradmin
 	ln -sf ../init.d/sslh			/etc/rc.d/rc0.d/K02sslh
 	ln -sf ../init.d/fcron			/etc/rc.d/rc0.d/K08fcron
+	ln -sf ../init.d/arpwatch               /etc/rc.d/rc0.d/K12arpwatch
 	ln -sf ../init.d/apache			/etc/rc.d/rc0.d/K28apache
 	ln -sf ../init.d/sshd			/etc/rc.d/rc0.d/K30sshd
 	ln -sf ../init.d/setclock		/etc/rc.d/rc0.d/K47setclock
 	ln -sf  ../init.d/cyrus-sasl		/etc/rc.d/rc0.d/K49cyrus-sasl
 	ln -sf ../init.d/vnstat			/etc/rc.d/rc0.d/K51vnstat
+	ln -sf ../init.d/wireguard              /etc/rc.d/rc0.d/K70wireguard
 	ln -sf ../init.d/conntrackd		/etc/rc.d/rc0.d/K77conntrackd
 	ln -sf ../init.d/suricata		/etc/rc.d/rc0.d/K78suricata
 	ln -sf ../init.d/leds			/etc/rc.d/rc0.d/K79leds
@@ -129,7 +131,10 @@ $(TARGET) :
 	ln -sf  ../init.d/cyrus-sasl		/etc/rc.d/rc3.d/S24cyrus-sasl
 	ln -sf ../init.d/sshd			/etc/rc.d/rc3.d/S30sshd
 	ln -sf ../init.d/apache			/etc/rc.d/rc3.d/S32apache
+	ln -sf ../init.d/haproxy		/etc/rc.d/rc3.d/S35haproxy
 	ln -sf ../init.d/fcron			/etc/rc.d/rc3.d/S40fcron
+	ln -sf ../init.d/wireguard              /etc/rc.d/rc3.d/S50wireguard
+	ln -sf ../init.d/arpwatch               /etc/rc.d/rc3.d/S64arpwatch
 	ln -sf ../../sysconfig/rc.local		/etc/rc.d/rc3.d/S98rc.local
 	ln -sf ../init.d/sslh			/etc/rc.d/rc3.d/S98sslh
 	ln -sf ../init.d/imspetor		/etc/rc.d/rc3.d/S99imspetor
@@ -137,17 +142,23 @@ $(TARGET) :
 	ln -sf ../init.d/vdradmin		/etc/rc.d/rc3.d/S99vdradmin
 	ln -sf ../init.d/loxilb			/etc/rc.d/rc3.d/S100loxilb
 	ln -sf ../init.d/keepalived		/etc/rc.d/rc3.d/S101keepalived
+	ln -sf ../init.d/xdpdns			/etc/rc.d/rc3.d/S102xdpdns
+	ln -sf ../init.d/xdpsni			/etc/rc.d/rc3.d/S103xdpsni
+	ln -sf ../init.d/xdpgeoip		/etc/rc.d/rc3.d/S104xdpgeoip
+	ln -sf ../init.d/ddos			/etc/rc.d/rc3.d/S105ddos

 	ln -sf ../init.d/imspetor		/etc/rc.d/rc6.d/K01imspetor
 	ln -sf ../init.d/motion			/etc/rc.d/rc6.d/K01motion
 	ln -sf ../init.d/vdradmin		/etc/rc.d/rc6.d/K01vdradmin
 	ln -sf ../init.d/sslh			/etc/rc.d/rc6.d/K02sslh
 	ln -sf ../init.d/fcron			/etc/rc.d/rc6.d/K08fcron
+	ln -sf ../init.d/arpwatch               /etc/rc.d/rc6.d/K12arpwatch
 	ln -sf ../init.d/apache			/etc/rc.d/rc6.d/K28apache
 	ln -sf ../init.d/sshd			/etc/rc.d/rc6.d/K30sshd
 	ln -sf ../init.d/setclock		/etc/rc.d/rc6.d/K47setclock
 	ln -sf  ../init.d/cyrus-sasl		/etc/rc.d/rc6.d/K49cyrus-sasl
 	ln -sf ../init.d/vnstat			/etc/rc.d/rc6.d/K51vnstat
+	ln -sf ../init.d/wireguard              /etc/rc.d/rc6.d/K70wireguard
 	ln -sf ../init.d/conntrackd		/etc/rc.d/rc6.d/K77conntrackd
 	ln -sf ../init.d/suricata		/etc/rc.d/rc6.d/K78suricata
 	ln -sf ../init.d/leds			/etc/rc.d/rc6.d/K79leds
--- a/lfs/iproute2
+++ b/lfs/iproute2
@@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

 	# Add table for static routing
 	echo "200	static" >> /etc/iproute2/rt_tables
+	echo "201	wg" >> /etc/iproute2/rt_tables

 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/lfs/kexec-tools
+++ b/lfs/kexec-tools
@@ -0,0 +1,78 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024-2025 BPFire <vincent.mc.li@gmail.com>                    #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 2.0.31
+
+THISAPP    = kexec-tools-$(VER)
+DL_FILE    = $(THISAPP).tar.xz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 075f1457dce9d4d6f0a3fa3cb9ed4cebfc51324fe0f3859b0cb009e1ebdb10d5df83c17d35ec55c479f1416f0836bf263d6ed814732037af6189565685f81afe
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+	@$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP) && ./configure --prefix=/usr
+	cd $(DIR_APP) && make && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/lfs/knot
+++ b/lfs/knot
@@ -24,7 +24,7 @@

 include Config

-VER        = 3.2.4
+VER        = 3.4.7

 THISAPP    = knot-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1
+$(DL_FILE)_BLAKE2 = 31e0d939847a1fb7538eed371b4e9a4d8dcfb45b9df996fa13b083a6ec32550fc5d90fc528eb43b20a4effbed06353abd0238da3a04fdf48f5139a22d1eced35

 install : $(TARGET)

@@ -76,14 +76,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
 		--enable-static=no \
+		--enable-xdp=yes \
 		--disable-fastparser \
 		--disable-daemon \
 		--disable-modules \
 		--enable-maxminddb=no \
 		--disable-documentation

-	cd $(DIR_APP)/src && make $(MAKETUNING) kdig
-	cd $(DIR_APP)/src/.libs && cp -av kdig /usr/bin
+	cd $(DIR_APP)/src && make $(MAKETUNING) kdig kxdpgun
+	cd $(DIR_APP)/src/.libs && cp -av kdig kxdpgun /usr/bin
 	cd $(DIR_APP)/src/.libs && cp -av lib* /usr/lib

 	@rm -rf $(DIR_APP)
--- a/lfs/libbpf
+++ b/lfs/libbpf
@@ -24,7 +24,7 @@

 include Config

-VER        = 0.8.3
+VER        = 1.4.6

 THISAPP    = libbpf-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = abee71b4ae0d3a7d0cdf4c108091821d915d4712820dae3debe84b897e7fb84a2c763df508eb539bb74e7461ca2b6836325b7a3c08c6bc8aafe1ac4097614f31
+$(DL_FILE)_BLAKE2 = 590eb2f8f5a8caa24c94a8c3e0eddb0c8685051ea08967b4307fc8e6df41b81237637fe70f946f2579520948b56dd08fb0b6f4db9218e561930c9636f84d97ca

 install : $(TARGET)

--- a/lfs/libbpf-bootstrap
+++ b/lfs/libbpf-bootstrap
@@ -0,0 +1,78 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2025  BPFire Team  <vincent.mc.li@gmail.com>                  #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.3.1
+
+THISAPP    = libbpf-bootstrap-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = e5ce5b8bead58a9e777b78c39964aa0a817ed4c6fc835d3be1a0a884238e698b3bef313fd7de035f56a30c316c511a8acd2353c5ac3d44e98f0ed498d4e63c8a
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+	@$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP)/examples/c && make $(MAKETUNING)
+	cd $(DIR_APP)/examples/c && cp -vf kprobe ksyscall profile netqtop wg_handshake /usr/bin/
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,7 +24,7 @@

 include Config

-VER         = 6.6.15
+VER         = 6.15.6

 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -72,7 +72,7 @@ objects = \

 $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7
+$(DL_FILE)_BLAKE2 = 34301ec451141cab53c6017445fb78c6a681095604387b20060e8b2102d9677cf25a3af9f3db56a0b88772434179f730842bce67b718cd28998e5c56178c748a

 install : $(TARGET)

@@ -116,7 +116,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

 	# Wlan Patches
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
+	#cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch

 	# Fix igb and e1000e crash
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch
@@ -130,9 +130,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Patch performance monitoring restrictions to allow further hardening
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch

-	# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
-
 	# Fix external module compile
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch

@@ -152,14 +149,12 @@ ifeq "$(KCFG)" "-headers"
 else

 	# Install ipfire logo
-	cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \
+	cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/bpfire-logo-ascii.ppm \
 		drivers/video/logo/logo_linux_clut224.ppm

 	# Cleanup kernel source
 	cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config
-	cp $(DIR_SRC)/config/kernel/kernel.config.bpf $(DIR_APP)/bpf-config
 	cd $(DIR_APP) && make oldconfig
-	cd $(DIR_APP) && ./scripts/kconfig/merge_config.sh .config bpf-config
 	cd $(DIR_APP) && make clean
 	cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile

@@ -176,6 +171,9 @@ else
 	cd $(DIR_APP)/tools/bpf/bpftool && sed -i -e 's/^prefix ?= \/usr\/local/prefix ?= \/usr/' Makefile
 	cd $(DIR_APP)/tools/bpf/bpftool && make $(MAKETUNING)

+	# Build perf tool
+	cd $(DIR_APP)/tools/perf && NO_JEVENTS=1 NO_LIBTRACEEVENT=1 make $(MAKETUNING)
+
 	# Install the kernel
 	cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX)
 	cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX)
@@ -185,6 +183,9 @@ else
 	# Install bpftool
 	cd $(DIR_APP)/tools/bpf/bpftool && make install

+	# Install perf tool
+	cd $(DIR_APP)/tools/perf && install -m 755 perf /usr/sbin/
+
 ifneq "$(BUILD_PLATFORM)" "x86"
 	cd $(DIR_APP) && make $(MAKETUNING) dtbs
 	mkdir -p /boot/dtb-$(VER)-$(VERSUFIX)
@@ -220,7 +221,7 @@ endif
 	# Install objtool
 	cd $(DIR_APP) && cp -a tools/objtool/objtool \
 		/lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || :
-	cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \
+	cd $(DIR_APP) && cp -a --parents tools/build/{Build.include,fixdep.c} \
 		tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build

 	# Make sure we can build external modules
--- a/lfs/llvm-project
+++ b/lfs/llvm-project
@@ -24,7 +24,7 @@

 include Config

-VER        = 17.0.6
+VER        = 19.1.7

 THISAPP    = llvm-project-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 779a428c86b5e797a1f2264e33268d69799cf7d9eb9776c38af5efca2b5b6f94248bb48409306fbd61f0d4775ee7ada3cac5490b0bd55d8f56133af1df814b07
+$(DL_FILE)_BLAKE2 = b435361eb3ca1d548a8b79a475150cf717be1474443005de62b58c1b0c145818dc289c6b4252cfc0e5ff3a4d106f99506dce2fbf6100182b180a5cd23a792fb1

 install : $(TARGET)

--- a/lfs/loxicmd
+++ b/lfs/loxicmd
@@ -2,7 +2,7 @@
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
 # Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
-# Copyright (C) 2024 BPFire
+# Copyright (C) 2024-2025 BPFire
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@

 include Config

-VER        = 0.9.5
+VER        = 0.9.8

 THISAPP    = loxicmd-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 76e9315ddd791a1bbaf4cd2fbf5a646e93eca3963f46a78efe21d93a31906d01cf318e0aa930d3b4623eec786d83b4a6c7860ee21d65e5f66eb274e107b363b9
+$(DL_FILE)_BLAKE2 = c4ea521c25ca8e49f9831d7d942ad7552249f84114b4b32f364d8e4023ada781f5aa6e8e7378ba5c9df43fd648a40213441f353405cd6ffd4eebe3097d824b18

 install : $(TARGET)

--- a/lfs/loxilb
+++ b/lfs/loxilb
@@ -2,7 +2,7 @@
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
 # Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
-# Copyright (C) 2024 BPFire
+# Copyright (C) 2024-2025 BPFire
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@

 include Config

-VER        = 0.9.5
+VER        = 0.9.8.3

 THISAPP    = loxilb-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = b1c6b3d25543b5a4c1516e1dc35dbe393c1bd10d8b83307a857713e8ee3553690ce64ffb9d611452c68745564afc775363c90d96b53607902afe24a7d72bdcf7
+$(DL_FILE)_BLAKE2 = e59c11a6a401fe63cd6b57974a48c181c1a36ca2374252393dc8b2146d18c90da95fa1a319011e274e2469f16437b1d590257700f4244b614f9b46692cec3c97

 install : $(TARGET)

@@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@rm -rf /opt/loxilb 

 	cd $(DIR_APP) && mkdir -p /opt/loxilb/dp 
+	cd $(DIR_APP) && go clean -cache
 	cd $(DIR_APP) && make
 	cd $(DIR_APP)/loxilb-ebpf/kernel && cp -f *.o /opt/loxilb/
 	cd $(DIR_APP) && cp -f loxilb /usr/bin/loxilb
--- a/lfs/loxilb-tc
+++ b/lfs/loxilb-tc
@@ -25,9 +25,9 @@

 include Config

-VER        = 5.11.0
+VER        = 5.3.2

-THISAPP    = loxilb-tc-$(VER)
+THISAPP    = lunatik-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 07ff73f6ee40ad8f4d8e74fcd42dc9adf5b1b6ed145ff0c505524913f6362d6a39510c30f9b22b2e8c7ed9a0e14875b2417068edb379c2af1feb9639edd0dd11
+$(DL_FILE)_BLAKE2 = f95268c97523003ec618374e74b7d6fda9970e21bc4778d5789b83ff2d7fa67896695067ffcf6efa7959454a7752b89f75b21c9293b4e5ba40feaebf703c6dbb

 install : $(TARGET)

@@ -71,10 +71,13 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP)/libbpf/src/ && mkdir build && DESTDIR=build OBJDIR=build make install
-	cd $(DIR_APP) && export PKG_CONFIG_PATH=$(DIR_APP)/libbpf/src/ && \
-           LIBBPF_FORCE=on LIBBPF_DIR=$(DIR_APP)/libbpf/src/build ./configure --prefix=/usr
-	cd $(DIR_APP) && make $(MAKETUNING)
-	cd $(DIR_APP) && cp -f tc/tc /usr/bin/ntc
+
+	#generate lunatik symbols before build
+	cd $(DIR_APP) && ./gensymbols.sh lua/lua.h lua/lauxlib.h lua/lualib.h > lunatik_sym.h
+	cd $(DIR_APP) && make
+	cd $(DIR_APP) && make install
+	cd $(DIR_APP)/examples/filter && make
+	cd $(DIR_APP) && make examples_install
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/lfs/makedumpfile
+++ b/lfs/makedumpfile
@@ -0,0 +1,77 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2024-2025 BPFire <vincent.mc.li@gmail.com>                    #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.7.7
+
+THISAPP    = makedumpfile-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 7d61bfabd90e74f1a84c93bfe231f5acb0cb6b3a7029eebbccaaf45e1ba3da83eae11dfe8379442d470ef78606a51878a9d42610c65e87c052c56bcaebc0867c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+	@$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP) && make LINKTYPE=dynamic && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/Show More
+++ b/Show More