webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: webadmin:main
Branches Tags
webadmin:main webadmin:loongfire
webadmin:0.9.0
..
compare: webadmin:0.9.0
Branches Tags
webadmin:main webadmin:loongfire
webadmin:0.9.0

1 Commits
main ... 0.9.0

Author SHA1 Message Date
Vincent Li
996b80701e keepalived UI: add dummy ip for HA state tracking 
add dummy ip 192.0.2.1 in virutal_ipaddress from (TEST-NET-1)
according to https://www.rfc-editor.org/rfc/rfc5737#section-3
for keepalived HA state tracking, the Master will always
have the dummy ip assigned to green0.

add refresh button for HA state refresh

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-07-10 23:25:40 +00:00
134 changed files with 15439 additions and 12471 deletions
Expand all files Collapse all files

74
README.md
View File

@@ -1,54 +1,24 @@
# BPFire - eBPF Network Firewall OS (eBPF 网络防火墙)
# BPFire - eBPF Network Firewall and Load Balancer
# What is BPFire?
BPFire is fork of [IPFire 2.x](https://github.com/ipfire/ipfire-2.x), a hardened, versatile, state-of-the-art Open Source firewall based on Linux. BPFire is to enable revolutionary [eBPF](https://ebpf.io/) technology for non-tech savvy users, make eBPF technology consumable to home users or any size of organizations to secure their network environment. Current supported eBPF network application features:
BPFire 基于IPFire 2.x, 一个基于Linux的安全坚固、多功能、先进的开源防火墙. BPFire 为普罗大众带来革命创新性的eBPF技术为家庭用户或任何大小组织企业的网络安全保驾护航. 当前支持的eBPF应用包括
BPFire is fork of IPFire 2.x, a hardened, versatile, state-of-the-art Open Source firewall based on Linux. BPFire is an eBPF networking centric Linux OS distribution that is easy for users to install and use. Current supported eBPF network application features:
1. XDP DDoS protection, See XDP SYNPROXY stops 10G DDoS SYN flood [here](https://www.youtube.com/watch?v=81Hgoy-x1A4)
2. XDP UDP DDoS online game protection
3. XDP DNS domain blocklist, ratelimit protection
4. XDP SSL/TLS server name indicator (SNI) blocklist
5. XDP GeoIP/Country blocklist
6. XDP multi attachment and capture mode for Intrusion Detection System Suricata in IPS mode
7. eBPF based LoxiLB load balancer, Firewall, Proxy, see full features [LoxiLB](https://loxilb-io.github.io/loxilbdocs/#overall-features-of-loxilb)
2. eBPF based LoxiLB load balancer, overall load balancer features located [here](https://loxilb-io.github.io/loxilbdocs/#overall-features-of-loxilb)
# Where can I get support?
# Where can I get BPFire installation image?
Open github issue or [discord](https://discord.gg/EakRJaU8NG)
https://drive.google.com/drive/folders/1HPJTWP6wi5gPd5gyiiKvIhWipqguptzZ?usp=drive_link
# Where can I get BPFire installation ISO or LoongFire flash image?
# How do I use this software?
中国大陆用户下载地址:
BPFire XDP DDoS feature demo:
[bpfire](https://www.vcn.bc.ca/~vli/bpfire/)
[![Enable IPFire eBPF XDP DDoS from WebUI](http://img.youtube.com/vi/1pdNgoP-Kho/0.jpg)](https://www.youtube.com/watch?v=1pdNgoP-Kho "Enable IPFire eBPF XDP DDoS from WebUI")
[loongfire](https://www.vcn.bc.ca/~vli/loongfire/)
Other download site:
[bpfire.net](https://bpfire.net/download/)
# What computer hardwares BPFire support?
BPFire support commodity computer hardware, small or large, old or new, cheap or expensive.
for example:
[X86 mini PC](https://www.aliexpress.com/w/wholesale-home-firewall-router.html?spm=a2g0o.best.search.0)
[LoongArch mini PC](https://www.aliexpress.us/item/3256807861547435.html?spm=a2g0o.order_list.order_list_main.5.6c6c1802f4v4tf&gatewayAdapt=glo2usa)
# How do I install BPFire?
flash the ISO to USB on Linux machine, /dev/sdc is your USB thrumb drive.
`dd if=bpfire-2.29-core184-x86_64.iso of=/dev/sdc status=progress`
BPFire installation on mini industrial PC:
[![BPFire installation on mini industrial PC](http://img.youtube.com/vi/p9iHCe0hXPs/0.jpg)](https://www.youtube.com/watch?v=p9iHCe0hXPs "BPFire installation on mini industrial PC")
IPFire have a long and detailed wiki located [here](https://wiki.ipfire.org/) which
should answers most of your questions for IPFire.
# BPFire SYNPROXY throughput with and without XDP acceleration under 10Gbit DDoS SYN flood:
@@ -83,27 +53,23 @@ Microsoft Hyper-v screen shot:
![](./images/hyperv-2.png)
# But I have some questions left. Where can I get support?
You can ask your question by open github issue report or discussion or
You can ask your question at ipfire community located [here](https://community.ipfire.org/) that is IPFire related.
# How to build BPFire?
Build Environment Setup https://www.ipfire.org/docs/devel/ipfire-2-x/build-initial
(It takes a few hours to build image for first build depending on build machine power)
git clone https://github.com/vincentmli/BPFire.git
for example on Ubuntu 22.04 LTS:
cd BPFire
```
apt install git-core g++ manpages-pl patch byacc make autoconf automake libltdl-dev
git checkout bpfire
git clone https://github.com/vincentmli/bpfire.git
get BPFire source tar balls https://drive.google.com/file/d/1YjTzik4xw0JxFDldLZdVw1GthXG5QrS_/view?usp=drive_link
cd bpfire
wget --mirror --convert-links --adjust-extension --page-requisites --no-parent --cut-dirs=2 -nH --reject "index.html*" --reject "*.gif" https://www.bpfire.net/download/bpfire/cache/
tar xvf cache.tar
./make.sh build
```
# How do I support BPFire development?
Join or [Donate to BPFire paypal](https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD)

28
config/cfgroot/general-functions.pl
View File

@@ -26,7 +26,6 @@ $General::swroot = 'CONFIG_ROOT';
$General::noipprefix = 'noipg-';
require "${General::swroot}/network-functions.pl";
require "${General::swroot}/wireguard-functions.pl";
# This function executes a shell command without forking a shell or do any other
# Perl-voodoo before it. It deprecates the "system" command and is the only way
@@ -181,26 +180,7 @@ sub setup_default_networks
$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
}
}
# WireGuard
if ($Wireguard::settings{'CLIENT_POOL'}) {
my $name = $Lang::tr{'wg rw peers'};
$defaultNetworks->{$name}{'NAME'} = "WGRW";
}
}
sub set_defaults($$) {
my $hash = shift;
my $defaults = shift;
foreach my $key (keys %$defaults) {
unless (defined($hash->{$key})) {
$hash->{$key} = $defaults->{$key};
}
}
}
sub get_aliases
{
@@ -870,14 +850,6 @@ sub validportrange # used to check a port range
}
}
# Checks for a valid country code
sub validcc($) {
my $cc = shift;
# Must contain of exactly two uppercase characters, or must be A1, A2, or A3
return ($cc =~ m/^([A-Z]{2}|A[123])$/);
}
sub IpInSubnet {
my $addr = shift;
my $network = shift;

1
config/cfgroot/haproxy-settings
View File

@@ -1 +0,0 @@
ENABLE_HAPROXY=off

14
config/cfgroot/header.pl
View File

@@ -16,7 +16,6 @@ use File::Basename;
use HTML::Entities();
use Socket;
use Time::Local;
use Unicode::Normalize;
our %color = ();
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
@@ -36,7 +35,6 @@ $Header::colouryellow = '#FFFF00';
$Header::colourgreen = '#339933';
$Header::colourblue = '#333399';
$Header::colourovpn = '#339999';
$Header::colourwg = '#ff007f';
$Header::colourfw = '#000000';
$Header::colourvpn = '#990099';
$Header::colourerr = '#FF0000';
@@ -364,18 +362,6 @@ sub escape($) {
return HTML::Entities::encode_entities($s);
}
sub normalize($) {
my $s = shift;
# Remove any special characters
$s = &Unicode::Normalize::NFKD($s);
# Remove any whitespace and replace with dash
$s =~ s/\s+/\-/g;
return $s;
}
sub cleanhtml {
my $outstring =$_[0];
$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';

2
config/cfgroot/loxilb-FWconfig.txt
View File

@@ -1 +1 @@
{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"onDefault":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}
{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}

1
config/cfgroot/manualpages
View File

@@ -48,7 +48,6 @@ wakeonlan.cgi=configuration/network/wake-on-lan
# Services menu
vpnmain.cgi=configuration/services/ipsec
wireguard.cgi=configuration/services/wireguard
ovpnmain.cgi=configuration/services/openvpn
ddns.cgi=configuration/services/dyndns
time.cgi=configuration/services/ntp

49
config/cfgroot/network-functions.pl
View File

@@ -291,55 +291,6 @@ sub get_broadcast($) {
return &bin2ip($network_bin ^ ~$netmask_bin);
}
sub get_prefix($) {
my $network = shift;
# Convert to binary
my ($network_bin, $netmask_bin) = &network2bin($network);
if (defined $netmask_bin) {
my $prefix = 0;
while (1) {
# End the loop if we have consumed all ones
last if ($netmask_bin == 0);
# Increment prefix
$prefix++;
# Remove the most-significant one
$netmask_bin <<= 1;
$netmask_bin &= 0xffffffff;
}
return $prefix;
}
return undef;
}
sub get_netmask($) {
my $network = shift;
# Fetch the prefix
my $prefix = &get_prefix($network);
# Convert to netmask
return &convert_prefix2netmask($prefix);
}
sub normalize_network($) {
my $network = shift;
my $address = &get_netaddress($network);
my $prefix = &get_prefix($network);
unless (defined $address && defined $prefix) {
return undef;
}
return "${address}/${prefix}";
}
# Returns True if $address is in $network.
sub ip_address_in_network($$) {
my $address = shift;

675
config/cfgroot/wireguard-functions.pl
View File

@@ -1,675 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
package Wireguard;
use strict;
use MIME::Base64;
require "/var/ipfire/general-functions.pl";
require "/var/ipfire/network-functions.pl";
our @DEFAULT_PORTRANGE = (60000, 62000);
our $DEFAULT_PORT = 51820;
our $DEFAULT_KEEPALIVE = 25;
# Read the global configuration
our %settings = ();
if (-e "/var/ipfire/wireguard/settings") {
&General::readhash("/var/ipfire/wireguard/settings", \%settings);
}
# Read all peers
our %peers = ();
if (-e "/var/ipfire/wireguard/peers") {
&General::readhasharray("/var/ipfire/wireguard/peers", \%peers);
}
# Set any defaults
&General::set_defaults(\%settings, {
"ENABLED" => "off",
"PORT" => $DEFAULT_PORT,
"CLIENT_DNS" => $Network::ethernet{'GREEN_ADDRESS'},
});
# Returns true if WireGuard is enabled
sub is_enabled() {
return ($settings{'ENABLED'} eq "on");
}
# Returns the local endpoint
sub get_endpoint() {
my $endpoint = $settings{'ENDPOINT'};
# If no endpoint is set, we fall back to the FQDN of the firewall
if ($endpoint eq "") {
$endpoint = $General::mainsettings{'HOSTNAME'} . "." . $General::mainsettings{'DOMAINNAME'};
}
return $endpoint;
}
# This function generates a set of keys for this host if none exist
sub generate_keys($) {
my $force = shift || 0;
# Reset any previous keys if re-generation forced
if ($force) {
$settings{"PRIVATE_KEY"} = undef;
$settings{"PUBLIC_KEY"} = undef;
}
# Return if we already have keys
return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"});
# Generate a new private key
unless (defined $settings{'PRIVATE_KEY'}) {
# Generate a new private key
$settings{"PRIVATE_KEY"} = &generate_private_key();
# Reset the public key
$settings{"PUBLIC_KEY"} = undef;
}
# Derive the public key
unless (defined $settings{"PUBLIC_KEY"}) {
# Derive the public key
$settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"});
}
# Store the configuration file
&General::writehash("/var/ipfire/wireguard/settings", \%settings);
}
# Generates a new private key
sub generate_private_key() {
# Generate a new private key
my @output = &General::system_output("wg", "genkey");
# Store the key
foreach (@output) {
chomp;
return $_;
}
# Return undefined on error
return undef;
}
# Takes a private key and derives the public key
sub derive_public_key($) {
my $private_key = shift;
my @output = ();
# Derive the public key
if (open(STDIN, "-|")) {
@output = &General::system_output("wg", "pubkey");
} else {
print $private_key . "\n";
exit (0);
}
# Return the first line
foreach (@output) {
chomp;
return $_;
}
# Return undefined on error
return undef;
}
sub dump($) {
my $intf = shift;
my %dump = ();
my $lineno = 0;
# Fetch the dump
my @output = &General::system_output("/usr/local/bin/wireguardctrl", "dump", $intf);
foreach my $line (@output) {
# Increment the line numbers
$lineno++;
# Skip the first line
next if ($lineno <= 1);
# Split the line into its fields
my @fields = split(/\t/, $line);
# Create a new hash indexed by the public key
$dump{$fields[0]} = {
"psk" => $fields[1],
"endpoint" => $fields[2],
"allowed-ips" => $fields[3],
"latest-handshake" => $fields[4],
"transfer-rx" => $fields[5],
"transfer-tx" => $fields[6],
"persistent-keepalive" => $fields[7],
};
}
return %dump;
}
sub load_peer($) {
my $key = shift;
my $type = $peers{$key}[1];
my %peer = (
"ENABLED" => $peers{$key}[0],
"TYPE" => $type,
"NAME" => $peers{$key}[2],
"PUBLIC_KEY" => $peers{$key}[3],
"PRIVATE_KEY" => $peers{$key}[4],
"PORT" => $peers{$key}[5],
"ENDPOINT_ADDR" => $peers{$key}[6],
"ENDPOINT_PORT" => $peers{$key}[7],
($type eq "host") ? "CLIENT_ADDRESS" : "REMOTE_SUBNETS"
=> &decode_subnets($peers{$key}[8]),
"REMARKS" => &decode_remarks($peers{$key}[9]),
"LOCAL_SUBNETS" => &decode_subnets($peers{$key}[10]),
"PSK" => $peers{$key}[11],
"KEEPALIVE" => $peers{$key}[12],
"LOCAL_ADDRESS" => $peers{$key}[13],
"INTERFACE" => ($type eq "host") ? "wg0" : "wg${key}",
);
return \%peer;
}
sub get_peer_by_name($) {
my $name = shift;
foreach my $key (keys %peers) {
my $peer = &load_peer($key);
# Return the peer if the name matches
if ($peer->{"NAME"} eq $name) {
return $peer;
}
}
# Return undefined if nothing was found
return undef;
}
sub name_is_valid($) {
my $name = shift;
# The name must be between 1 and 63 characters
if (length ($name) < 1 || length ($name) > 63) {
return 0;
}
# Only valid characters are a-z, A-Z, 0-9, space and -
if ($name !~ /^[a-zA-Z0-9 -]*$/) {
return 0;
}
return 1;
}
sub name_is_free($) {
my $name = shift;
my $key = shift || 0;
foreach my $i (keys %peers) {
# Skip the connection with ID
next if ($key eq $i);
# Return if we found a match
return 0 if ($peers{$i}[2] eq $name);
}
return 1;
}
sub key_is_valid($) {
my $key = shift;
# Try to decode the key
$key = &MIME::Base64::decode_base64($key);
# All keys must be 32 bytes long
return length($key) == 32;
}
sub keepalive_is_valid($) {
my $keepalive = shift;
# Must be a number
return 0 unless ($keepalive =~ m/^[0-9]+$/);
# Must be between 0 and 65535 (inclusive)
return 0 if ($keepalive lt 0);
return 0 if ($keepalive gt 65535);
return 1;
}
sub encode_remarks($) {
my $remarks = shift;
# Encode to Base64
$remarks = &MIME::Base64::encode_base64($remarks);
# Remove the trailing newline
chomp($remarks);
return $remarks;
}
sub decode_remarks($) {
my $remarks = shift;
# Decode from base64
return &MIME::Base64::decode_base64($remarks);
}
sub encode_subnets($) {
my @subnets = @_;
my @formatted = ();
# wg only handles the CIDR notation
foreach my $subnet (@subnets) {
my $netaddr = &Network::get_netaddress($subnet);
my $prefix = &Network::get_prefix($subnet);
next unless (defined $netaddr && defined $prefix);
push(@formatted, "${netaddr}/${prefix}");
}
# Join subnets together separated by |
return join("|", @formatted);
}
sub decode_subnets($) {
my $subnets = shift;
# Split the string
my @subnets = split(/\|/, $subnets);
return \@subnets;
}
sub pool_is_in_use($) {
my $pool = shift;
foreach my $key (keys %peers) {
my $type = $peers{$key}[1];
my $address = $peers{$key}[6];
# Check if a host is using an IP address from the pool
if ($type eq "host" && &Network::ip_address_in_network($address, $pool)) {
return 1;
}
}
# No match found
return 0;
}
# Takes the pool and an optional limit of up to how many addresses to return
sub free_pool_addresses($$) {
my $pool = shift;
my $limit = shift || 0;
my @used_addresses = ();
my @free_addresses = ();
# wg0 IP is reserved so put in @used_addresses
push(@used_addresses, &Network::ip2bin($settings{'ADDRESS'}));
# Collect all used addresses
foreach my $key (keys %peers) {
my $peer = &load_peer($key);
# Only check hosts
next if ($peer->{"TYPE"} ne "host");
foreach my $address (@{ $peer->{"CLIENT_ADDRESS"} }) {
push(@used_addresses, &Network::ip2bin($address));
}
}
# Fetch the first address
my $address = &Network::get_netaddress($pool);
# Fetch the last address
my $broadcast = &Network::get_broadcast($pool);
$broadcast = &Network::ip2bin($broadcast);
# Walk through all addresses excluding the first and last address.
# No technical reason, we just don't want to confuse people.
OUTER: for (my $i = &Network::ip2bin($address) + 1; $i < $broadcast; $i++) {
# Skip any addresses that already in use
foreach my $used_address (@used_addresses) {
next OUTER if ($i == $used_address);
}
push(@free_addresses, &Network::bin2ip($i));
# Check limit
last if ($limit > 0 && scalar @free_addresses >= $limit);
}
return @free_addresses;
}
sub generate_peer_configuration($$) {
my $key = shift;
my $private_key = shift;
my @conf = ();
# Load the peer
my $peer = &load_peer($key);
# Return if we could not find the peer
return undef unless ($peer);
my @allowed_ips = ();
# Convert all subnets into CIDR notation
foreach my $subnet (@{ $peer->{'LOCAL_SUBNETS'} }) {
my $netaddress = &Network::get_netaddress($subnet);
my $prefix = &Network::get_prefix($subnet);
# Skip invalid subnets
next if (!defined $netaddress || !defined $prefix);
push(@allowed_ips, "${netaddress}/${prefix}");
}
# Fetch the endpoint
my $endpoint = &get_endpoint();
# Net-2-Net
if ($peer->{'TYPE'} eq "net") {
# Derive our own public key
my $public_key = &derive_public_key($peer->{'PRIVATE_KEY'});
push(@conf,
"[Interface]",
"PrivateKey = $private_key",
"ListenPort = $peer->{'ENDPOINT_PORT'}",
"",
"[Peer]",
"Endpoint = ${endpoint}:$peer->{'PORT'}",
"PublicKey = $public_key",
"PresharedKey = $peer->{'PSK'}",
"AllowedIPs = " . join(", ", @allowed_ips),
"PersistentKeepalive = $peer->{'KEEPALIVE'}",
);
# Host-2-Net
} elsif ($peer->{'TYPE'} eq "host") {
# Fetch any DNS servers for hosts
my @dns = split(/\|/, $settings{'CLIENT_DNS'});
push(@conf,
"[Interface]",
"PrivateKey = $private_key",
"Address = @{ $peer->{'CLIENT_ADDRESS'} }/32",
);
# Optionally add DNS servers
if (scalar @dns) {
push(@conf, "DNS = " . join(", ", @dns));
}
# Finish the [Interface] section
push(@conf, "");
# Add peer configuration
push(@conf, (
"[Peer]",
"Endpoint = ${endpoint}:$settings{'PORT'}",
"PublicKey = $settings{'PUBLIC_KEY'}",
"PresharedKey = $peer->{'PSK'}",
"AllowedIPs = " . join(", ", @allowed_ips),
"PersistentKeepalive = $DEFAULT_KEEPALIVE",
));
}
return join("\n", @conf);
}
sub parse_configuration($$) {
my $name = shift;
my $fh = shift;
my %peer = (
"NAME" => $name,
);
# Collect any errors
my @errormessages = ();
my $section = undef;
my $key = undef;
my $val = undef;
# Check if the name is valid
unless (&Wireguard::name_is_valid($name)) {
push(@errormessages, $Lang::tr{'wg invalid name'});
}
# Check if the name is already taken
unless (&Wireguard::name_is_free($name)) {
push(@errormessages, $Lang::tr{'wg name is already used'});
}
while (<$fh>) {
# Remove line breaks
chomp;
# Remove any carriage returns
$_ =~ s/\r$//;
# Search for section headers
if ($_ =~ m/^\[(\w+)\]$/) {
$section = $1;
next;
# Search for key = value lines
} elsif ($_ =~ m/^(\w+)\s+=\s+(.*)$/) {
# Skip anything before the first section header
next unless (defined $section);
# Store keys and values
$key = $1;
$val = $2;
# Skip any unhandled lines
} else {
next;
}
# Interface section
if ($section eq "Interface") {
# Address
if ($key eq "Address") {
my $address = &Network::get_netaddress($val);
my $prefix = &Network::get_prefix($val);
# There must be an address
unless ($address) {
push(@errormessages, $Lang::tr{'invalid ip address'});
}
# If there was a prefix it must be /32
if (defined $prefix) {
unless ($prefix == 32) {
push(@errormessages, $Lang::tr{'invalid ip address'});
}
}
# Store the address
$peer{'LOCAL_ADDRESS'} = ${address};
# ListenPort
} elsif ($key eq "ListenPort") {
if (&General::validport($val)) {
$peer{'PORT'} = $val;
} else {
push(@errormessages, $Lang::tr{'wg invalid endpoint port'});
}
# PrivateKey
} elsif ($key eq "PrivateKey") {
if (&key_is_valid($val)) {
$peer{'PRIVATE_KEY'} = $val;
} else {
push(@errormessages, $Lang::tr{'malformed private key'});
}
}
# Peer section
} elsif ($section eq "Peer") {
# PublicKey
if ($key eq "PublicKey") {
if (&key_is_valid($val)) {
$peer{'PUBLIC_KEY'} = $val;
} else {
push(@errormessages, $Lang::tr{'malformed public key'});
}
# PresharedKey
} elsif ($key eq "PresharedKey") {
if (&key_is_valid($val)) {
$peer{'PSK'} = $val;
} else {
push(@errormessages, $Lang::tr{'malformed preshared key'});
}
# AllowedIPs
} elsif ($key eq "AllowedIPs") {
my @networks = split(/,/, $val);
# Check if all networks are valid
foreach my $network (@networks) {
# Skip any IPv6 networks
next if ($network =~ m/:/);
unless (&Network::check_subnet($network)) {
push(@errormessages, $Lang::tr{'invalid network'} . " $network");
}
}
$peer{'REMOTE_SUBNETS'} = \@networks;
# Endpoint
} elsif ($key eq "Endpoint") {
my $address = $val;
my $port = $DEFAULT_PORT;
# Try to separate the port (if any)
if ($val =~ m/^(.*):(\d+)$/) {
$address = $1;
$port = $2;
}
# Check if we have a valid IP address
if (&Network::check_ip_address($address)) {
# nothing
# Check if we have a valid FQDN
} elsif (&General::validfqdn($address)) {
# nothing
# Otherwise this fails
} else {
push(@errormessages, $Lang::tr{'invalid endpoint address'});
next;
}
# Store the values
$peer{'ENDPOINT_ADDRESS'} = $address;
$peer{'ENDPOINT_PORT'} = $port;
# PersistentKeepalive
} elsif ($key eq "PersistentKeepalive") {
# Must be an integer
if ($val =~ m/^(\d+)$/) {
$peer{'KEEPALIVE'} = $1;
} else {
push(@errormessages, $Lang::tr{'invalid keepalive interval'});
}
}
}
}
# Check if we have all required properties
unless (exists $peer{"PRIVATE_KEY"}) {
push(@errormessages, $Lang::tr{'wg missing private key'});
}
unless (exists $peer{"PUBLIC_KEY"}) {
push(@errormessages, $Lang::tr{'wg missing public key'});
}
unless (exists $peer{"REMOTE_SUBNETS"}) {
push(@errormessages, $Lang::tr{'wg missing allowed ips'});
}
unless (exists $peer{"ENDPOINT_ADDRESS"}) {
push(@errormessages, $Lang::tr{'wg missing endpoint address'});
}
unless (exists $peer{"ENDPOINT_PORT"}) {
push(@errormessages, $Lang::tr{'wg missing endpoint port'});
}
return \%peer, @errormessages;
}
sub get_free_port() {
my @used_ports = ();
my $tries = 100;
# Collect all ports that are already in use
foreach my $key (keys %peers) {
push(@used_ports, $peers{$key}[5]);
}
my ($port_start, $port_end) = @DEFAULT_PORTRANGE;
while ($tries-- > 0) {
my $port = $port_start + int(rand($port_end - $port_start));
# Return the port unless it is already in use
return $port unless (grep { $port == $_ } @used_ports);
}
return undef;
}
1;

1
config/cfgroot/xdpdns-settings
View File

@@ -1 +0,0 @@
ENABLE_DNSBLOCK=on

1
config/cfgroot/xdpsni-settings
View File

@@ -1 +0,0 @@
ENABLE_SNIBLOCK=on

15
config/dnsdist/dnsdist-xsk.conf
View File

@@ -1,15 +0,0 @@
if not inConfigCheck() then
xsk = newXsk({ifName='green0', NIC_queue_id=0, frameNums=65536, xskMapPath='/sys/fs/bpf/dnsdist/xsk_map'})
addLocal("0.0.0.0:53", {xskSocket=xsk})
else
addLocal("0.0.0.0:53")
end
newServer("8.8.8.8:53")
newServer("1.1.1.1:53")
---- newServer({address="8.8.8.8", healthCheckMode='lazy', checkInterval=1, lazyHealthCheckFailedInterval=30, rise=2, maxCheckFailures=3, lazyHealthCheckThreshold=30, lazyHealthCheckSampleSize=100, lazyHealthCheckMinSampleCount=10, lazyHealthCheckMode='TimeoutOnly'})
---- newServer({address="1.1.1.1", healthCheckMode='lazy', checkInterval=1, lazyHealthCheckFailedInterval=30, rise=2, maxCheckFailures=3, lazyHealthCheckThreshold=30, lazyHealthCheckSampleSize=100, lazyHealthCheckMinSampleCount=10, lazyHealthCheckMode='TimeoutOnly'})

25
config/firewall/firewall-lib.pl
View File

@@ -239,8 +239,6 @@ sub get_std_net_ip
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
return "0.0.0.0/0";
}elsif($val eq 'WGRW'){
return $Wireguard::settings{'CLIENT_POOL'};
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
@@ -261,10 +259,6 @@ sub get_interface
if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
return "$netsettings{'BLUE_DEV'}";
}
# Wireguard
if ($net eq $Wireguard::settings{'CLIENT_POOL'}) {
return "wg0";
}
if($net eq "0.0.0.0/0") {
return &get_external_interface();
}
@@ -391,25 +385,6 @@ sub get_address
push(@ret, [$host_address, ""]);
}
# WireGuard Peers
} elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') {
my $peer = &Wireguard::get_peer_by_name($value);
if (defined $peer) {
my $remotes;
# Select the remote IP addresses
if ($peer->{'TYPE'} eq 'host') {
$remotes = $peer->{'CLIENT_ADDRESS'};
} elsif ($peer->{'TYPE'} eq 'net') {
$remotes = $peer->{'REMOTE_SUBNETS'};
}
# Add all remotes
foreach my $remote (@$remotes) {
push(@ret, [$remote, $peer->{'INTERFACE'}]);
}
}
# OpenVPN networks.
} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
my $network_address = &get_ovpn_net_ip($value, 1);

12
config/firewall/firewall-policy
View File

@@ -54,7 +54,6 @@ esac
HAVE_IPSEC="true"
HAVE_OPENVPN="true"
HAVE_WG="true"
# INPUT
@@ -98,14 +97,6 @@ case "${HAVE_OPENVPN},${POLICY}" in
;;
esac
# WireGuard INPUT
case "${HAVE_WG},${POLICY}" in
true,MODE1) ;;
true,*)
iptables -A POLICYIN -i wg+ -j ACCEPT
;;
esac
case "${FWPOLICY2}" in
REJECT)
if [ "${DROPINPUT}" = "on" ]; then
@@ -158,9 +149,6 @@ case "${POLICY}" in
# Grant access for OpenVPN connections
iptables -A POLICYFWD -i tun+ -j ACCEPT
# Grant access for WireGuard
iptables -A POLICYFWD -i wg+ -j ACCEPT
if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT

2
config/grub2/default
View File

@@ -1,6 +1,6 @@
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_CMDLINE_LINUX="rd.auto crashkernel=512M nmi_watchdog=1 softlockup_panic=1 panic=10"
GRUB_CMDLINE_LINUX="rd.auto panic=10"
GRUB_DISABLE_RECOVERY="true"
GRUB_BACKGROUND="/boot/grub/splash.png"

BIN
config/grub2/splash.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 436 KiB

After

Width:  |  Height:  |  Size: 140 KiB

883
config/kernel/bpfire-logo-ascii.ppm
View File

@@ -1,883 +0,0 @@
P3
63 80
255
161 18 12 165 19 14 170 20 15 171 21 16 170 20 15 171 21 16
173 20 15 173 20 15 171 21 16 171 21 16 171 21 16 173 19 15
173 20 15 173 19 15 176 18 12 173 19 15 173 20 15 173 20 15
177 20 14 177 20 14 177 20 14 177 20 14 177 20 14 177 20 14
177 20 14 177 20 14 177 20 14 176 18 12 174 18 12 176 17 11
176 18 12 177 20 14 183 19 13 183 19 13 183 19 13 183 19 13
183 19 13 183 19 13 183 19 13 183 19 13 183 19 13 177 20 14
177 20 14 183 19 13 177 20 14 173 19 15 177 20 14 177 20 14
177 20 14 173 19 15 177 20 14 177 20 14 177 20 14 177 20 14
177 20 14 177 20 14 177 20 14 173 19 15 177 20 14 177 20 14
177 20 14 168 18 14 164 16 11
161 18 12 165 19 14 170 20 15 171 21 16 170 20 15 170 20 15
171 21 16 171 21 16 169 21 14 171 21 16 170 20 15 170 20 15
170 20 15 173 20 15 173 19 15 173 20 15 173 20 15 173 19 15
173 19 15 173 19 15 177 20 14 176 18 12 176 18 12 176 18 12
177 20 14 177 20 14 176 18 12 176 17 11 176 17 11 176 17 11
176 17 11 176 18 12 177 20 14 177 20 14 177 20 14 177 20 14
177 20 14 183 19 13 177 20 14 177 20 14 177 20 14 177 20 14
177 20 14 176 18 12 173 19 15 173 19 15 173 19 15 177 20 14
173 19 15 173 19 15 173 19 15 173 19 15 176 18 12 177 20 14
177 20 14 177 20 14 177 20 14 173 19 15 173 20 15 173 20 15
173 19 15 164 16 11 183 19 13
160 19 13 168 22 16 168 22 16 171 21 16 168 22 16 168 22 16
168 22 16 168 22 16 168 22 16 168 22 16 171 21 16 171 21 16
168 22 16 171 21 16 171 21 16 171 21 16 173 20 15 173 20 15
173 20 15 173 19 15 173 20 15 173 20 15 173 19 15 173 19 15
173 19 15 173 19 15 176 18 12 173 19 15 174 18 12 176 17 11
174 18 12 173 19 15 176 17 11 177 20 14 177 20 14 177 20 14
177 20 14 177 20 14 177 20 14 177 20 14 177 20 14 173 20 15
173 20 15 173 20 15 173 20 15 171 21 16 171 21 16 171 21 16
171 21 16 170 20 15 173 20 15 173 20 15 173 20 15 173 20 15
173 20 15 173 20 15 173 20 15 171 21 16 171 21 16 173 20 15
156 15 13 183 19 13 183 19 13
160 19 13 168 22 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 168 22 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 171 21 16 171 21 16 171 21 16 173 20 15 171 21 16
173 20 15 173 20 15 173 20 15 173 20 15 173 19 15 173 19 15
173 19 15 173 19 15 174 18 12 174 18 12 176 17 11 173 19 15
174 18 12 173 19 15 176 24 12 173 19 15 176 18 12 177 20 14
177 20 14 177 20 14 177 20 14 177 20 14 177 20 14 173 20 15
173 20 15 173 20 15 173 20 15 171 21 16 173 20 15 173 20 15
171 21 16 171 21 16 171 21 16 173 20 15 173 20 15 173 20 15
171 21 16 173 20 15 173 20 15 171 21 16 177 20 14 157 19 14
183 19 13 183 19 13 183 19 13
156 15 13 162 20 14 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 171 21 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 171 21 16 171 21 16 173 20 15 173 20 15 171 21 16
173 20 15 173 20 15 173 20 15 173 20 15 173 19 15 173 19 15
173 19 15 168 18 14 168 18 14 176 17 11 167 52 24 176 17 11
176 17 11 176 18 12 173 92 60 177 20 14 177 20 14 176 17 11
177 20 14 177 20 14 177 20 14 177 20 14 177 20 14 173 20 15
173 20 15 173 19 15 173 19 15 173 20 15 173 19 15 173 20 15
171 21 16 171 21 16 171 21 16 173 20 15 171 21 16 171 21 16
171 21 16 171 21 16 171 21 16 173 20 15 164 19 14 164 16 11
183 19 13 183 19 13 183 19 13
157 19 14 162 20 14 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 168 22 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 171 21 16 171 21 16 171 21 16 171 21 16 164 16 11
173 20 15 173 19 15 171 21 16 173 19 15 173 19 15 173 19 15
164 16 11 167 52 24 167 52 24 164 16 11 173 92 60 211 179 117
176 17 11 176 18 12 164 16 11 167 52 24 175 97 50 176 17 11
177 20 14 177 20 14 173 19 15 173 19 15 173 19 15 173 20 15
176 17 11 176 17 11 173 20 15 173 19 15 173 20 15 171 21 16
171 21 16 171 21 16 173 20 15 173 20 15 171 21 16 171 21 16
171 21 16 170 20 15 171 21 16 168 22 16 152 14 13 183 19 13
183 19 13 183 19 13 183 19 13
156 20 14 162 20 14 168 22 16 168 22 16 160 22 16 160 22 16
168 22 16 168 22 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 171 21 16 168 22 16 168 18 14 174 18 12 163 56 28
173 19 15 168 18 14 176 17 11 183 19 13 164 16 11 168 18 14
164 16 11 175 97 50 175 97 50 164 16 11 176 17 11 238 229 170
215 186 121 183 19 13 176 17 11 167 52 24 213 153 88 176 17 11
177 20 14 176 17 11 183 19 13 183 19 13 164 16 11 176 17 11
167 52 24 176 24 12 176 17 11 173 20 15 173 20 15 171 21 16
171 21 16 171 21 16 171 21 16 170 20 15 171 21 16 171 21 16
171 21 16 168 22 16 168 22 16 151 18 14 183 19 13 183 19 13
183 19 13 183 19 13 183 19 13
152 20 15 160 22 16 160 22 16 160 22 16 168 22 16 162 20 14
168 22 16 168 22 16 168 22 16 168 22 16 168 22 16 168 22 16
168 22 16 168 22 16 168 18 14 176 24 12 206 199 148 179 118 76
164 16 11 176 24 12 191 130 98 162 137 108 191 130 98 164 16 11
164 16 11 176 24 12 176 24 12 177 20 14 183 19 13 211 179 117
254 255 240 175 96 57 176 17 11 183 19 13 167 52 24 176 17 11
176 17 11 175 96 57 162 137 108 169 133 98 167 52 24 164 16 11
167 52 24 206 199 148 167 52 24 176 17 11 173 20 15 173 20 15
171 21 16 171 21 16 171 21 16 168 22 16 171 21 16 171 21 16
168 22 16 168 22 16 152 20 15 176 17 11 183 19 13 183 19 13
183 19 13 183 19 13 183 19 13
151 18 14 159 21 16 160 22 16 160 22 16 160 22 16 168 22 16
162 20 14 168 22 16 168 22 16 168 22 16 167 21 14 168 22 16
168 22 16 168 22 16 164 16 11 191 130 98 243 238 185 176 17 11
164 16 11 191 130 98 97 69 52 0 0 0 131 94 71 176 111 73
154 14 11 168 18 14 176 17 11 176 111 73 183 19 13 215 186 121
254 255 240 221 205 133 183 19 13 176 17 11 164 16 11 164 16 11
183 19 13 158 125 90 0 0 0 0 0 0 162 137 108 183 19 13
164 16 11 199 143 96 225 212 158 176 17 11 171 21 16 170 20 15
171 21 16 171 21 16 170 20 15 171 21 16 171 21 16 168 22 16
168 22 16 162 20 14 161 18 12 183 19 13 183 19 13 183 19 13
183 19 13 183 19 13 128 8 8
151 18 14 156 20 14 160 21 14 160 22 16 160 22 16 168 22 16
160 22 16 160 22 16 168 22 16 168 22 16 168 22 16 168 22 16
165 19 14 165 19 14 164 16 11 225 212 158 225 212 158 176 17 11
183 19 13 131 94 71 91 31 21 243 238 185 91 31 21 162 137 108
183 19 13 176 24 12 176 24 12 176 17 11 183 19 13 247 246 193
254 255 233 238 229 170 183 19 13 167 52 24 176 24 12 176 17 11
199 143 96 91 31 21 225 212 158 162 137 108 97 69 52 173 92 60
176 17 11 199 143 96 243 238 185 183 19 13 173 20 15 170 20 15
170 20 15 171 21 16 167 21 14 167 21 14 167 21 14 164 19 14
168 22 16 150 16 12 183 19 13 183 19 13 183 19 13 183 19 13
183 19 13 147 12 10 89 3 6
151 18 14 152 20 15 159 21 16 162 20 14 164 19 14 160 22 16
160 22 16 167 21 14 168 22 16 168 22 16 168 22 16 165 19 14
164 19 14 164 19 14 164 16 11 199 163 109 249 249 214 183 19 13
176 24 12 131 94 71 111 0 3 183 19 13 106 7 8 97 69 52
199 163 109 211 179 117 183 19 13 183 19 13 211 179 117 254 255 233
253 255 226 238 229 170 183 19 13 183 19 13 183 19 13 199 143 96
97 69 52 77 0 3 183 19 13 171 21 16 97 69 52 173 92 60
176 17 11 238 229 170 225 212 158 176 17 11 173 20 15 170 20 15
170 20 15 171 21 16 168 18 14 165 19 14 164 19 14 168 18 14
150 16 12 183 19 13 183 19 13 183 19 13 183 19 13 183 19 13
164 16 11 109 5 7 77 0 3
151 18 14 152 20 15 159 21 16 162 20 14 162 20 14 160 22 16
160 22 16 167 21 14 165 19 14 167 21 14 164 19 14 161 18 12
165 19 14 164 19 14 164 16 11 176 24 12 249 249 214 191 130 98
154 14 11 162 137 108 0 0 0 107 0 4 0 0 0 77 0 3
0 0 0 206 199 148 175 97 50 213 153 88 254 255 233 249 249 214
254 255 233 215 186 121 193 134 84 167 52 24 191 130 98 91 31 21
77 0 3 0 0 0 77 0 3 0 0 0 158 125 90 183 19 13
175 96 57 254 255 210 167 52 24 176 17 11 170 20 15 168 18 14
168 18 14 171 21 16 168 18 14 164 19 14 167 21 14 156 15 13
174 18 12 183 19 13 183 19 13 183 19 13 183 19 13 183 19 13
119 5 9 77 0 3 77 0 3
151 18 14 156 20 14 159 21 16 160 19 13 162 20 14 162 20 14
162 20 14 164 19 14 167 21 14 168 22 16 160 19 13 156 15 13
164 19 14 161 18 12 156 15 13 133 0 5 176 111 73 243 238 185
133 0 5 173 92 60 162 137 108 97 69 52 162 137 108 91 31 21
77 0 3 0 0 0 202 183 123 254 255 223 250 251 219 249 249 214
254 255 233 193 134 84 215 186 121 225 212 158 91 31 21 77 0 3
78 2 7 158 125 90 97 69 52 131 94 71 173 92 60 154 14 11
231 215 150 213 153 88 154 14 11 164 16 11 164 16 11 168 18 14
168 18 14 168 18 14 164 16 11 167 21 14 162 20 14 156 15 13
183 19 13 183 19 13 183 19 13 183 19 13 183 19 13 128 6 9
78 2 7 77 0 3 78 2 7
150 16 12 152 20 15 159 21 16 159 21 16 160 19 13 162 20 14
160 22 16 160 22 16 165 19 14 168 22 16 164 16 11 156 15 13
164 16 11 154 14 11 147 12 10 143 19 14 154 43 26 247 246 193
150 53 31 107 0 4 173 92 60 199 163 109 147 67 48 202 183 123
97 69 52 77 0 3 97 69 52 252 253 227 254 255 210 254 255 223
238 229 170 183 19 13 232 217 158 131 94 71 77 0 3 78 2 7
162 137 108 147 67 48 176 111 73 207 156 97 133 0 5 164 16 11
238 229 170 173 92 60 147 12 10 154 14 11 167 52 24 174 18 12
164 16 11 169 21 14 171 21 16 168 18 14 144 14 14 183 19 13
183 19 13 183 19 13 183 19 13 183 19 13 147 12 10 93 4 6
77 0 3 78 2 7 91 2 10
150 16 12 152 20 15 157 23 16 159 21 16 159 21 16 162 20 14
160 22 16 162 20 14 164 19 14 168 22 16 191 130 98 154 14 11
163 56 28 199 163 109 133 0 5 151 28 16 173 92 60 254 255 210
147 67 48 107 0 4 199 143 96 154 63 38 80 0 2 193 134 84
237 235 180 78 2 7 77 0 3 162 137 108 253 255 226 253 254 208
193 134 84 183 19 13 202 183 123 91 31 21 77 0 3 162 137 108
193 134 84 92 0 2 102 0 4 211 179 117 167 52 24 164 16 11
247 246 193 199 143 96 159 29 16 164 16 11 225 212 158 167 52 24
164 16 11 199 143 96 167 52 24 147 12 10 183 19 13 183 19 13
183 19 13 183 19 13 183 19 13 164 16 11 102 4 5 77 0 3
78 2 7 91 2 10 99 1 11
150 16 12 152 20 15 157 23 16 157 23 16 159 21 16 160 22 16
159 21 16 160 21 14 161 18 12 168 22 16 249 249 214 173 92 60
161 18 12 154 63 38 139 9 7 154 14 11 238 229 170 252 252 206
139 27 18 131 14 12 247 246 193 150 53 31 116 3 5 211 173 103
237 223 121 162 137 108 0 0 0 97 69 52 250 251 219 254 255 223
193 134 84 183 19 13 158 125 90 77 0 3 97 69 52 224 209 127
208 170 99 137 32 21 120 0 3 243 238 185 173 92 60 164 16 11
238 229 170 247 246 193 171 21 16 176 17 11 167 52 24 176 17 11
167 52 24 252 253 227 173 92 60 176 17 11 183 19 13 183 19 13
183 19 13 183 19 13 183 19 13 114 7 7 77 0 3 78 2 7
87 1 5 99 1 11 133 0 5
150 16 12 151 18 14 159 21 16 156 20 14 159 21 16 162 20 14
160 21 14 160 22 16 164 16 11 176 111 73 254 255 240 176 111 73
154 14 11 164 16 11 167 52 24 238 229 170 254 255 233 206 199 148
123 0 2 133 0 5 238 229 170 199 163 109 139 9 7 237 223 121
213 153 88 221 205 133 91 31 21 77 0 3 206 199 148 206 199 148
162 137 108 202 183 123 97 69 52 0 0 0 187 167 103 213 153 88
237 223 121 163 56 28 176 111 73 254 255 233 176 24 12 154 14 11
199 163 109 254 255 240 238 229 170 167 52 24 176 17 11 176 24 12
173 92 60 254 255 240 215 186 121 183 19 13 183 19 13 183 19 13
183 19 13 183 19 13 127 5 8 78 2 7 78 2 7 78 2 7
99 1 11 128 6 9 122 7 7
145 15 12 152 20 15 156 20 14 156 20 14 159 21 16 162 20 14
160 19 13 160 22 16 164 16 11 215 186 121 254 255 240 163 56 28
176 17 11 175 97 50 243 238 185 254 255 223 254 255 223 173 92 60
139 9 7 154 43 26 163 56 28 247 246 193 167 52 24 219 195 113
213 153 88 241 232 158 97 69 52 77 0 3 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 91 31 21 225 212 158 213 153 88
237 223 121 167 52 24 237 235 180 199 143 96 176 24 12 177 20 14
167 52 24 249 249 214 253 255 226 243 238 185 167 52 24 183 19 13
167 52 24 252 253 227 243 238 185 183 19 13 183 19 13 183 19 13
183 19 13 147 12 10 87 1 5 78 2 7 78 2 7 99 1 11
128 6 9 131 9 10 129 12 11
145 15 12 151 18 14 156 20 14 159 21 16 159 21 16 162 20 14
160 19 13 162 20 14 164 16 11 215 186 121 211 179 117 176 17 11
183 19 13 215 186 121 253 255 226 254 255 210 238 229 170 164 16 11
199 163 109 173 92 60 139 9 7 199 143 96 173 92 60 192 140 79
237 223 121 97 69 52 0 0 0 91 31 21 173 92 60 211 179 117
211 179 117 191 130 98 106 7 8 0 0 0 91 31 21 225 212 158
237 223 121 175 96 57 225 212 158 176 17 11 163 56 28 206 199 148
176 17 11 206 199 148 254 255 223 254 255 223 215 186 121 183 19 13
176 24 12 213 153 88 232 217 158 183 19 13 183 19 13 183 19 13
176 17 11 95 4 6 78 2 7 78 2 7 99 1 11 122 8 8
131 9 10 125 8 10 131 9 10
145 15 12 151 18 14 156 20 14 156 20 14 160 21 14 160 19 13
164 19 14 156 15 13 147 12 10 164 16 11 164 16 11 183 19 13
183 19 13 243 238 185 254 255 210 254 255 223 199 163 109 176 17 11
249 249 214 167 52 24 139 9 7 199 143 96 193 134 84 213 153 88
97 69 52 91 31 21 191 130 98 183 19 13 183 19 13 211 179 117
249 249 214 173 92 60 183 19 13 173 92 60 97 69 52 0 0 0
199 163 109 213 153 88 206 199 148 154 14 11 183 19 13 249 249 214
167 52 24 193 134 84 254 255 223 252 252 206 252 252 206 175 97 50
183 19 13 183 19 13 183 19 13 183 19 13 183 19 13 183 19 13
122 8 8 78 2 7 78 2 7 95 4 6 119 5 9 137 11 10
125 8 10 137 11 10 142 10 9
145 15 12 151 18 14 152 20 15 156 20 14 160 21 14 168 22 16
164 16 11 176 24 12 175 96 57 176 111 73 193 134 84 175 96 57
175 96 57 249 249 214 252 252 206 254 255 223 199 143 96 183 19 13
254 255 233 199 143 96 163 56 28 247 246 193 215 186 121 97 69 52
91 31 21 213 153 88 183 19 13 173 92 60 207 156 97 225 212 158
254 255 240 199 143 96 211 179 117 183 19 13 175 96 57 129 78 48
91 31 21 221 205 133 249 249 214 175 96 57 191 130 98 254 255 240
173 92 60 193 134 84 254 255 223 247 246 193 253 254 208 213 153 88
175 97 50 213 153 88 213 153 88 213 153 88 175 97 50 161 18 12
106 7 8 89 3 6 93 4 6 114 7 7 139 9 7 125 8 10
138 12 11 142 10 9 164 16 11
144 16 12 152 20 15 156 20 14 160 22 16 168 22 16 176 24 12
175 96 57 162 137 108 97 69 52 97 69 52 97 69 52 131 94 71
191 177 112 250 251 219 254 255 223 254 255 223 211 179 117 183 19 13
243 238 185 253 254 208 254 255 223 235 226 137 182 147 96 0 0 0
175 97 50 147 12 10 102 0 4 183 19 13 183 19 13 215 186 121
249 249 214 173 92 60 183 19 13 139 9 7 99 0 3 173 92 60
105 45 32 131 94 71 249 243 164 250 251 219 254 255 210 244 241 169
183 19 13 211 173 103 254 255 210 252 252 206 254 255 210 206 199 148
131 94 71 97 69 52 97 69 52 97 69 52 162 137 108 191 130 98
114 7 7 111 14 13 111 14 13 137 11 10 128 8 8 137 13 11
145 11 11 164 16 11 156 15 13
143 19 14 152 20 15 157 23 16 168 22 16 176 24 12 167 52 24
158 125 90 0 0 0 97 69 52 162 137 108 158 125 90 97 69 52
0 0 0 91 31 21 191 177 112 254 255 223 252 252 206 183 19 13
213 153 88 237 223 121 237 223 121 216 189 107 97 69 52 132 32 17
78 2 7 91 31 21 162 137 108 91 31 21 183 19 13 173 92 60
191 130 98 183 19 13 78 2 7 131 94 71 131 94 71 0 0 0
141 65 38 91 31 21 219 195 113 237 223 121 237 223 121 213 153 88
183 19 13 243 238 185 254 255 210 206 199 148 91 31 21 0 0 0
97 69 52 131 94 71 162 137 108 131 94 71 0 0 0 97 69 52
173 92 60 135 17 11 143 19 14 139 9 7 131 14 12 142 13 12
164 16 11 164 16 11 156 15 13
143 19 14 152 20 15 159 29 16 168 22 16 176 24 12 175 96 57
131 94 71 206 199 148 249 249 214 254 255 240 254 255 240 254 255 233
249 249 214 162 137 108 0 0 0 91 31 21 225 212 158 243 238 185
213 153 88 213 153 88 213 153 88 208 170 99 91 31 21 106 7 8
0 0 0 225 212 158 254 255 240 206 199 148 77 0 3 191 130 98
215 186 121 133 0 5 131 94 71 254 255 240 254 255 240 97 69 52
77 0 3 78 2 7 162 137 108 213 153 88 216 189 107 213 153 88
232 217 158 237 235 180 97 69 52 0 0 0 158 125 90 243 238 185
254 255 240 254 255 240 254 255 233 249 249 214 206 199 148 97 69 52
176 111 73 152 17 12 150 16 12 125 8 10 144 14 14 156 15 13
168 18 14 161 18 12 183 19 13
143 19 14 157 23 16 159 29 16 168 22 16 174 18 12 175 96 57
131 94 71 206 199 148 225 212 158 206 199 148 249 249 214 250 251 219
254 255 223 254 255 233 249 249 214 131 94 71 0 0 0 162 137 108
247 246 193 213 153 88 175 97 50 182 147 96 78 2 7 77 0 3
0 0 0 237 235 180 254 255 240 237 235 180 0 0 0 183 19 13
183 19 13 77 0 3 162 137 108 254 255 240 254 255 240 97 69 52
0 0 0 77 0 3 131 94 71 213 153 88 213 153 88 237 223 121
206 199 148 0 0 0 97 69 52 249 249 214 254 255 240 254 255 223
250 251 219 249 249 214 206 199 148 206 199 148 206 199 148 97 69 52
176 111 73 164 16 11 138 12 11 146 12 11 147 12 10 173 20 15
156 15 13 183 19 13 150 16 12
143 19 14 152 20 15 157 23 16 159 29 16 164 16 11 173 92 60
131 94 71 162 137 108 237 235 180 206 199 148 206 199 148 254 255 223
250 251 219 249 249 214 250 251 219 254 255 240 206 199 148 0 0 0
131 94 71 213 153 88 213 153 88 162 137 108 77 0 3 0 0 0
0 0 0 131 94 71 249 249 214 131 94 71 0 0 0 168 18 14
183 19 13 0 0 0 0 0 0 237 235 180 206 199 148 91 31 21
0 0 0 77 0 3 97 69 52 215 186 121 213 153 88 162 137 108
0 0 0 162 137 108 254 255 240 254 255 223 249 249 214 249 249 214
254 255 223 225 212 158 206 199 148 237 235 180 206 199 148 97 69 52
175 96 57 133 0 5 156 15 13 147 12 10 168 18 14 160 19 13
183 19 13 160 19 13 105 1 7
144 16 12 152 20 15 152 20 15 157 23 16 154 14 11 176 108 61
158 125 90 131 94 71 249 249 214 237 235 180 206 199 148 206 199 148
253 255 226 254 255 223 250 251 219 249 249 214 254 255 233 249 249 214
91 31 21 97 69 52 215 186 121 143 100 73 78 2 7 0 0 0
162 137 108 0 0 0 0 0 0 131 94 71 97 69 52 123 0 2
183 19 13 0 0 0 162 137 108 0 0 0 0 0 0 131 94 71
97 69 52 0 0 0 97 69 52 231 215 150 131 94 71 0 0 0
237 235 180 254 255 240 249 249 214 250 251 219 250 251 219 254 255 223
237 235 180 206 199 148 237 235 180 249 249 214 162 137 108 97 69 52
193 134 84 142 10 9 164 16 11 168 18 14 164 19 14 174 18 12
176 24 12 109 5 7 119 5 9
144 16 12 147 20 17 147 20 17 150 16 12 154 43 26 211 179 117
179 118 76 97 69 52 206 199 148 206 199 148 237 235 180 206 199 148
206 199 148 254 255 223 254 255 223 250 251 219 250 251 219 254 255 223
206 199 148 91 31 21 97 69 52 206 199 148 0 0 0 91 31 21
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 156 15 13
183 19 13 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 131 94 71 162 137 108 0 0 0 206 199 148
250 251 219 254 255 223 254 255 223 254 255 223 254 255 223 237 235 180
206 199 148 237 235 180 206 199 148 206 199 148 97 69 52 131 94 71
199 163 109 173 92 60 164 16 11 173 20 15 164 16 11 183 19 13
116 9 9 105 1 7 119 5 9
141 15 12 143 19 14 147 20 17 139 9 7 173 92 60 219 202 125
173 92 60 97 69 52 97 69 52 206 199 148 206 199 148 249 249 214
237 235 180 206 199 148 237 235 180 253 255 226 249 249 214 206 199 148
237 235 180 253 255 226 97 69 52 97 69 52 78 2 7 91 31 21
97 69 52 0 0 0 0 0 0 0 0 0 0 0 0 183 19 13
183 19 13 91 31 21 0 0 0 0 0 0 0 0 0 0 0 0
97 69 52 77 0 3 91 31 21 91 31 21 243 238 185 249 249 214
206 199 148 237 235 180 253 255 226 249 249 214 206 199 148 206 199 148
249 249 214 206 199 148 206 199 148 162 137 108 97 69 52 173 92 60
211 173 103 199 143 96 176 17 11 165 19 14 183 19 13 135 17 11
99 1 11 119 5 9 117 6 7
141 15 12 141 15 12 143 19 14 139 9 7 163 56 28 231 215 150
124 14 13 153 103 68 0 0 0 162 137 108 206 199 148 206 199 148
249 249 214 250 251 219 206 199 148 206 199 148 162 137 108 249 249 214
253 255 226 250 251 219 252 253 227 97 69 52 0 0 0 78 2 7
97 69 52 97 69 52 97 69 52 97 69 52 78 2 7 183 19 13
183 19 13 145 11 11 97 69 52 97 69 52 97 69 52 97 69 52
91 31 21 77 0 3 0 0 0 237 235 180 253 255 226 254 255 223
249 249 214 206 199 148 162 137 108 206 199 148 252 253 227 250 251 219
206 199 148 206 199 148 206 199 148 91 31 21 131 94 71 176 17 11
215 186 121 175 96 57 164 16 11 183 19 13 159 29 16 93 4 6
114 7 7 119 5 9 125 8 10
137 13 11 138 15 12 141 15 12 143 13 11 147 12 10 154 63 38
111 0 3 175 96 57 133 82 52 91 31 21 206 199 148 206 199 148
206 199 148 237 235 180 206 199 148 206 199 148 206 199 148 206 199 148
206 199 148 237 235 180 250 251 219 249 249 214 0 0 0 78 2 7
78 2 7 97 69 52 97 69 52 0 0 0 183 19 13 183 19 13
183 19 13 183 19 13 78 2 7 97 69 52 97 69 52 0 0 0
91 2 10 0 0 0 206 199 148 254 255 233 237 235 180 206 199 148
206 199 148 206 199 148 237 235 180 206 199 148 206 199 148 206 199 148
206 199 148 206 199 148 97 69 52 97 69 52 192 140 79 164 16 11
167 52 24 176 24 12 183 19 13 176 24 12 95 4 6 106 7 8
117 6 7 125 8 10 134 12 11
134 12 11 138 15 12 144 16 12 146 12 11 131 10 9 122 7 7
128 8 8 192 140 79 216 189 107 91 31 21 97 69 52 206 199 148
162 137 108 162 137 108 237 235 180 253 255 226 250 251 219 249 249 214
225 212 158 206 199 148 206 199 148 237 235 180 162 137 108 0 0 0
99 1 11 111 0 3 123 0 2 183 19 13 183 19 13 145 11 11
91 2 10 183 19 13 183 19 13 111 0 3 92 0 2 111 14 13
0 0 0 131 94 71 249 249 214 206 199 148 206 199 148 206 199 148
249 249 214 250 251 219 254 255 223 249 249 214 162 137 108 162 137 108
206 199 148 131 94 71 91 31 21 211 173 103 217 193 123 167 52 24
147 12 10 174 18 12 183 19 13 111 14 13 102 4 5 114 7 7
119 5 9 131 9 10 142 13 12
131 14 12 138 15 12 152 14 13 139 9 7 131 14 12 131 10 9
152 48 27 231 215 150 187 167 103 208 170 99 91 31 21 0 0 0
162 137 108 206 199 148 206 199 148 206 199 148 237 235 180 237 235 180
249 249 214 250 251 219 237 235 180 206 199 148 206 199 148 97 69 52
0 0 0 111 14 13 183 19 13 183 19 13 183 19 13 78 2 7
0 0 0 183 19 13 183 19 13 183 19 13 144 14 14 78 2 7
0 0 0 162 137 108 206 199 148 237 235 180 252 253 227 254 255 233
249 249 214 237 235 180 225 212 158 206 199 148 206 199 148 162 137 108
0 0 0 91 31 21 211 179 117 208 170 99 243 238 185 173 92 60
154 14 11 183 19 13 150 16 12 95 4 6 114 7 7 122 8 8
131 10 10 138 12 11 142 13 12
135 17 11 144 16 12 145 11 11 167 52 24 159 30 14 150 16 12
175 97 50 243 238 185 217 193 123 192 140 79 203 150 89 97 69 52
0 0 0 131 94 71 162 137 108 162 137 108 162 137 108 162 137 108
162 137 108 97 69 52 97 69 52 97 69 52 97 69 52 91 31 21
0 0 0 78 2 7 99 1 11 176 17 11 183 19 13 183 19 13
176 17 11 183 19 13 183 19 13 125 8 10 78 2 7 0 0 0
78 2 7 0 0 0 97 69 52 97 69 52 97 69 52 131 94 71
162 137 108 162 137 108 162 137 108 162 137 108 131 94 71 0 0 0
97 69 52 199 143 96 192 140 79 217 193 123 254 255 210 173 92 60
183 19 13 176 24 12 114 7 7 117 6 7 119 5 9 131 9 10
138 12 11 138 12 11 164 16 11
138 15 12 147 12 10 137 11 10 213 153 88 167 52 24 176 24 12
167 52 24 243 238 185 238 229 170 203 150 89 176 17 11 176 108 61
162 115 76 91 31 21 0 0 0 97 69 52 162 137 108 97 69 52
97 69 52 97 69 52 131 94 71 163 121 81 91 31 21 0 0 0
183 19 13 77 0 3 0 0 0 78 2 7 119 5 9 168 18 14
183 19 13 131 9 10 99 1 11 78 2 7 0 0 0 176 17 11
111 14 13 0 0 0 147 67 48 151 106 70 131 94 71 97 69 52
0 0 0 162 137 108 97 69 52 0 0 0 0 0 0 143 100 73
213 153 88 176 24 12 179 118 76 238 229 170 252 252 206 175 97 50
183 19 13 175 97 50 154 43 26 116 3 5 131 10 9 138 12 11
138 12 11 156 15 13 176 17 11
145 11 11 137 13 11 131 9 10 175 97 50 167 52 24 161 18 12
176 24 12 231 215 150 249 249 214 219 195 113 183 19 13 167 52 24
175 97 50 179 118 76 163 121 81 97 69 52 0 0 0 0 0 0
191 130 98 193 134 84 167 52 24 171 21 16 77 0 3 138 37 20
183 19 13 154 14 11 0 0 0 0 0 0 0 0 0 78 2 7
78 2 7 0 0 0 0 0 0 0 0 0 120 0 3 183 19 13
176 24 12 0 0 0 105 1 7 183 19 13 173 92 60 213 153 88
78 2 7 0 0 0 97 69 52 158 125 90 191 130 98 175 97 50
163 56 28 183 19 13 213 153 88 250 251 219 241 232 158 167 52 24
154 14 11 213 153 88 167 52 24 127 5 8 141 14 11 139 13 11
146 12 11 183 19 13 154 14 11
137 13 11 131 14 12 131 12 12 159 30 14 174 18 12 167 21 14
154 14 11 192 140 79 249 243 164 235 226 137 213 153 88 183 19 13
167 21 14 92 0 2 179 118 76 162 137 108 91 31 21 104 58 46
77 0 3 77 0 3 0 0 0 0 0 0 0 0 0 119 34 17
175 97 50 183 19 13 176 17 11 109 5 7 0 0 0 0 0 0
0 0 0 0 0 0 89 3 6 164 16 11 164 16 11 167 52 24
138 37 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
91 31 21 111 35 21 131 94 71 199 143 96 107 0 4 135 17 11
183 19 13 183 19 13 216 189 107 249 243 164 213 153 88 147 12 10
142 10 9 167 52 24 167 21 14 142 10 9 146 12 11 142 13 12
176 17 11 164 16 11 164 16 11
124 14 13 128 14 13 143 19 14 154 14 11 163 56 28 176 108 61
147 12 10 151 28 16 216 189 107 237 223 121 213 153 88 183 19 13
183 19 13 183 19 13 162 137 108 0 0 0 183 19 13 111 14 13
91 31 21 158 125 90 131 94 71 97 69 52 0 0 0 78 2 7
213 153 88 175 97 50 183 19 13 183 19 13 176 17 11 154 14 11
154 14 11 176 17 11 183 19 13 176 17 11 175 97 50 213 153 88
119 59 34 0 0 0 0 0 0 97 69 52 162 137 108 97 69 52
78 2 7 183 19 13 77 0 3 158 125 90 173 92 60 176 17 11
183 19 13 213 153 88 216 189 107 216 189 107 138 37 20 123 0 2
176 108 61 167 52 24 142 10 9 150 16 12 144 14 14 164 16 11
164 16 11 156 15 13 164 16 11
124 14 13 128 14 13 157 23 16 154 14 11 199 143 96 232 217 158
176 24 12 139 9 7 163 56 28 213 153 88 216 189 107 213 153 88
183 19 13 199 143 96 0 0 0 183 19 13 176 17 11 0 0 0
202 183 123 97 69 52 91 31 21 162 115 76 105 45 32 158 83 45
213 153 88 192 140 79 175 97 50 175 97 50 183 19 13 183 19 13
176 17 11 183 19 13 183 19 13 175 97 50 176 108 61 174 128 69
175 97 50 77 0 3 163 56 28 97 69 52 0 0 0 202 183 123
97 69 52 111 0 3 183 19 13 0 0 0 191 130 98 183 19 13
183 19 13 213 153 88 213 153 88 163 56 28 102 0 4 154 63 38
252 252 206 167 52 24 147 12 10 150 16 12 164 16 11 174 18 12
152 14 13 161 18 12 156 15 13
122 13 12 151 28 16 151 28 16 176 24 12 167 52 24 199 163 109
167 52 24 159 30 14 123 0 2 135 17 11 175 97 50 213 153 88
183 19 13 193 134 84 0 0 0 176 17 11 0 0 0 162 137 108
97 69 52 131 94 71 213 153 88 171 21 16 0 0 0 91 31 21
91 31 21 213 153 88 216 189 107 213 153 88 175 97 50 167 52 24
167 52 24 175 97 50 213 153 88 213 153 88 237 223 121 129 78 48
0 0 0 0 0 0 87 1 5 175 96 57 191 130 98 91 31 21
162 137 108 0 0 0 154 14 11 87 1 5 131 94 71 183 19 13
175 97 50 175 97 50 139 27 18 111 0 3 131 14 12 173 92 60
199 143 96 161 18 12 147 12 10 154 14 11 176 17 11 154 14 11
156 15 13 161 18 12 156 15 13
139 27 18 138 37 20 154 43 26 169 21 14 159 30 14 159 30 14
193 134 84 167 52 24 150 53 31 158 83 45 107 0 4 183 19 13
183 19 13 179 118 76 0 0 0 0 0 0 97 69 52 191 177 112
0 0 0 183 19 13 87 1 5 0 0 0 0 0 0 0 0 0
91 31 21 216 189 107 146 87 48 237 223 121 213 153 88 213 153 88
213 153 88 213 153 88 237 223 121 174 128 69 174 128 69 174 128 69
0 0 0 0 0 0 0 0 0 0 0 0 183 19 13 78 2 7
131 94 71 162 137 108 0 0 0 0 0 0 143 100 73 175 97 50
183 19 13 123 0 2 150 53 31 150 53 31 150 53 31 191 130 98
133 0 5 147 12 10 147 12 10 176 17 11 164 16 11 156 15 13
164 16 11 161 18 12 156 15 13
138 37 20 152 48 27 159 29 16 151 28 16 147 24 15 163 56 28
215 186 121 175 96 57 164 16 11 199 143 96 173 92 60 164 16 11
183 19 13 131 94 71 77 0 3 97 69 52 208 170 99 97 69 52
106 0 7 0 0 0 97 69 52 162 137 108 0 0 0 0 0 0
105 45 32 124 72 43 146 87 48 237 223 121 237 223 121 237 223 121
216 189 107 237 223 121 237 223 121 216 189 107 97 69 52 146 87 48
0 0 0 0 0 0 131 94 71 162 137 108 0 0 0 123 0 2
78 2 7 206 199 148 131 94 71 77 0 3 97 69 52 175 96 57
183 19 13 150 55 28 207 156 97 133 0 5 154 63 38 225 212 158
133 0 5 141 15 12 176 17 11 176 17 11 156 15 13 164 16 11
176 17 11 161 18 12 156 15 13
123 39 27 154 43 26 151 28 16 135 17 11 150 55 28 159 30 14
225 212 158 225 212 158 176 24 12 142 10 9 213 153 88 183 19 13
183 19 13 97 69 52 78 2 7 151 106 70 162 115 76 91 31 21
183 19 13 91 31 21 206 199 148 158 125 90 0 0 0 0 0 0
0 0 0 0 0 0 91 31 21 129 78 48 213 153 88 216 189 107
216 189 107 216 189 107 174 128 69 120 74 50 91 31 21 91 31 21
0 0 0 0 0 0 0 0 0 243 238 185 97 69 52 176 17 11
133 0 5 97 69 52 179 118 76 91 31 21 91 31 21 176 111 73
183 19 13 213 153 88 167 52 24 159 29 16 225 212 158 225 212 158
133 0 5 147 12 10 176 17 11 156 15 13 164 16 11 174 18 12
183 19 13 164 16 11 144 14 14
150 53 31 139 27 18 128 26 15 119 34 17 141 65 38 133 0 5
199 163 109 254 255 240 247 246 193 191 130 98 167 52 24 213 153 88
183 19 13 97 69 52 91 31 21 158 83 45 131 94 71 99 1 11
111 0 3 97 69 52 158 125 90 97 69 52 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
91 31 21 0 0 0 0 0 0 0 0 0 131 94 71 91 31 21
0 0 0 0 0 0 0 0 0 162 137 108 131 94 71 77 0 3
120 0 3 97 69 52 163 56 28 91 31 21 91 31 21 173 92 60
175 97 50 175 97 50 211 179 117 249 249 214 254 255 240 199 163 109
139 9 7 164 16 11 164 16 11 164 16 11 174 18 12 183 19 13
183 19 13 154 14 11 145 15 12
139 27 18 137 32 21 125 28 16 158 83 45 127 13 12 119 9 8
154 43 26 238 229 170 254 255 240 254 255 233 193 134 84 213 153 88
213 153 88 131 94 71 97 69 52 193 134 84 182 147 96 0 0 0
0 0 0 158 125 90 158 125 90 97 69 52 175 97 50 78 2 7
0 0 0 0 0 0 97 69 52 97 69 52 91 31 21 91 31 21
97 69 52 97 69 52 97 69 52 146 87 48 237 235 180 187 145 96
78 2 7 158 83 45 116 46 29 131 94 71 131 94 71 97 69 52
0 0 0 97 69 52 154 43 26 111 35 21 0 0 0 175 96 57
213 153 88 213 153 88 254 255 233 254 255 233 238 229 170 151 28 16
139 9 7 154 14 11 156 15 13 174 18 12 176 17 11 183 19 13
176 17 11 142 13 12 152 14 13
138 37 20 119 9 8 158 83 45 138 37 20 122 8 8 125 28 16
151 28 16 159 30 14 225 212 158 254 255 233 244 241 169 182 147 96
143 100 73 97 69 52 91 31 21 131 94 71 97 69 52 77 0 3
78 2 7 158 125 90 131 94 71 0 0 0 119 59 34 97 69 52
0 0 0 97 69 52 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 78 2 7 199 143 96 254 255 240 225 212 158
174 110 60 216 189 107 150 55 28 97 69 52 143 100 73 131 94 71
77 0 3 97 69 52 213 153 88 124 72 43 97 69 52 175 97 50
213 153 88 235 226 137 254 255 240 225 212 158 147 12 10 167 52 24
147 20 17 147 12 10 164 16 11 168 18 14 183 19 13 176 17 11
134 12 11 146 12 11 152 14 13
122 13 12 150 55 28 154 63 38 139 9 7 128 8 8 158 83 45
176 111 73 139 9 7 175 97 50 249 249 214 252 252 206 97 69 52
0 0 0 119 59 34 119 59 34 119 59 34 119 59 34 91 31 21
0 0 0 0 0 0 91 31 21 97 69 52 91 31 21 91 31 21
0 0 0 0 0 0 97 69 52 249 249 214 249 249 214 237 235 180
237 235 180 249 249 214 162 137 108 158 125 90 254 255 240 143 100 73
119 59 34 175 97 50 114 7 7 97 69 52 187 167 103 97 69 52
80 0 2 91 31 21 131 94 71 91 31 21 169 133 98 183 19 13
213 153 88 249 243 164 253 255 226 154 63 38 154 14 11 176 111 73
173 92 60 164 16 11 168 18 14 164 16 11 156 15 13 137 13 11
144 14 14 145 15 12 150 16 12
125 28 16 141 65 38 134 12 11 156 15 13 154 14 11 199 143 96
199 143 96 176 24 12 167 52 24 238 229 170 247 246 193 97 69 52
174 128 69 237 223 121 237 223 121 237 223 121 237 223 121 216 189 107
78 2 7 129 78 48 237 223 121 237 223 121 237 223 121 237 223 121
237 223 121 91 31 21 91 31 21 254 255 240 254 255 240 254 255 240
254 255 240 254 255 240 206 199 148 0 0 0 131 94 71 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 91 31 21 0 0 0 97 69 52 213 153 88
213 153 88 249 243 164 243 238 185 159 29 16 164 16 11 191 130 98
199 163 109 164 16 11 167 21 14 161 18 12 150 16 12 150 16 12
145 15 12 145 15 12 150 16 12
158 83 45 122 13 12 139 9 7 164 16 11 161 18 12 202 183 123
237 235 180 167 52 24 175 97 50 247 246 193 249 243 164 97 69 52
175 97 50 216 189 107 174 128 69 174 110 60 213 153 88 216 189 107
146 87 48 119 59 34 216 189 107 213 153 88 192 140 79 213 153 88
237 223 121 192 140 79 97 69 52 254 255 240 237 235 180 97 69 52
97 69 52 131 94 71 97 69 52 158 125 90 206 199 148 97 69 52
162 137 108 254 255 233 97 69 52 162 137 108 254 255 233 0 0 0
97 69 52 249 249 214 254 255 240 254 255 233 97 69 52 97 69 52
237 223 121 249 243 164 252 252 206 163 56 28 147 12 10 225 212 158
206 199 148 176 17 11 168 22 16 157 19 14 152 17 12 150 16 12
145 15 12 144 14 14 144 14 14
122 13 12 128 8 8 147 12 10 160 21 14 132 32 17 199 163 109
254 255 240 231 215 150 232 217 158 250 251 219 249 243 164 97 69 52
175 97 50 216 189 107 91 31 21 0 0 0 119 59 34 216 189 107
146 87 48 119 59 34 216 189 107 175 97 50 0 0 0 0 0 0
213 153 88 213 153 88 97 69 52 254 255 240 225 212 158 0 0 0
0 0 0 0 0 0 0 0 0 206 199 148 254 255 240 97 69 52
162 137 108 254 255 240 206 199 148 254 255 240 252 253 227 97 69 52
249 249 214 254 255 240 243 238 185 254 255 240 254 255 240 97 69 52
187 167 103 249 243 164 254 255 223 238 229 170 206 199 148 254 255 240
211 179 117 176 17 11 168 22 16 156 15 13 152 17 12 150 16 12
144 14 14 144 14 14 144 14 14
114 7 7 137 11 10 156 15 13 125 28 16 138 37 20 193 134 84
254 255 233 252 253 227 252 253 227 238 229 170 249 243 164 97 69 52
158 83 45 213 153 88 146 87 48 105 45 32 174 128 69 213 153 88
91 31 21 119 59 34 213 153 88 146 87 48 0 0 0 0 0 0
213 153 88 213 153 88 97 69 52 254 255 240 249 249 214 206 199 148
206 199 148 225 212 158 0 0 0 162 137 108 254 255 240 97 69 52
162 137 108 254 255 240 254 255 240 162 137 108 97 69 52 162 137 108
254 255 240 162 137 108 0 0 0 97 69 52 254 255 240 162 137 108
97 69 52 252 252 206 238 229 170 254 255 223 254 255 233 254 255 233
199 143 96 176 24 12 167 21 14 156 15 13 151 18 14 144 14 14
144 14 14 144 14 14 144 14 14
122 8 8 156 15 13 122 13 12 111 14 13 138 37 20 175 97 50
249 249 214 254 255 223 247 246 193 219 195 113 249 243 164 97 69 52
158 83 45 213 153 88 213 153 88 213 153 88 213 153 88 175 97 50
0 0 0 119 59 34 213 153 88 175 97 50 119 59 34 175 97 50
213 153 88 175 97 50 97 69 52 254 255 233 254 255 233 254 255 240
254 255 240 254 255 240 91 31 21 162 137 108 254 255 240 97 69 52
162 137 108 254 255 240 206 199 148 0 0 0 0 0 0 162 137 108
254 255 240 191 177 112 131 94 71 162 137 108 254 255 233 206 199 148
97 69 52 252 252 206 237 223 121 247 246 193 254 255 223 249 249 214
167 52 24 176 24 12 162 20 14 152 14 13 145 15 12 145 15 12
144 14 14 141 15 12 144 14 14
152 14 13 137 11 10 89 3 6 106 7 8 138 37 20 152 17 12
213 153 88 253 255 226 249 249 214 216 189 107 249 243 164 97 69 52
163 56 28 213 153 88 175 97 50 141 65 38 175 97 50 213 153 88
175 97 50 119 59 34 213 153 88 213 153 88 213 153 88 213 153 88
213 153 88 91 31 21 91 31 21 254 255 240 249 249 214 162 137 108
162 137 108 162 137 108 0 0 0 202 183 123 254 255 240 97 69 52
162 137 108 254 255 240 131 94 71 146 87 48 133 82 52 162 137 108
254 255 240 254 255 240 254 255 240 254 255 240 254 255 240 206 199 148
97 69 52 249 243 164 216 189 107 250 251 219 254 255 233 207 156 97
154 14 11 159 29 16 152 17 12 150 16 12 145 15 12 141 15 12
141 15 12 141 15 12 142 13 12
147 12 10 95 4 6 95 4 6 119 34 17 135 17 11 141 15 12
119 34 17 216 189 107 252 252 206 216 189 107 237 223 121 97 69 52
159 30 14 175 97 50 78 2 7 0 0 0 0 0 0 175 97 50
167 52 24 150 55 28 175 97 50 167 52 24 138 37 20 132 32 17
77 0 3 0 0 0 97 69 52 254 255 240 206 199 148 0 0 0
91 31 21 0 0 0 0 0 0 162 137 108 254 255 240 97 69 52
162 137 108 254 255 240 97 69 52 151 106 70 120 74 50 162 137 108
254 255 240 162 137 108 0 0 0 0 0 0 91 31 21 0 0 0
131 94 71 237 223 121 216 189 107 252 252 206 216 189 107 151 28 16
144 16 12 151 18 14 150 16 12 145 15 12 144 16 12 141 15 12
138 15 12 138 15 12 141 15 12
106 7 8 93 4 6 111 35 21 132 32 17 154 14 11 119 34 17
111 14 13 167 52 24 213 153 88 216 189 107 213 153 88 97 69 52
154 14 11 183 19 13 114 7 7 78 2 7 128 14 13 183 19 13
183 19 13 131 14 12 183 19 13 133 0 5 0 0 0 97 69 52
131 94 71 158 125 90 97 69 52 249 249 214 191 177 112 97 69 52
97 69 52 0 0 0 0 0 0 162 137 108 254 255 240 97 69 52
162 137 108 252 253 227 97 69 52 120 74 50 131 94 71 97 69 52
250 251 219 237 235 180 97 69 52 97 69 52 162 137 108 91 31 21
133 82 52 213 153 88 216 189 107 213 153 88 138 37 20 116 3 5
137 13 11 143 13 11 145 15 12 144 16 12 144 16 12 144 14 14
138 15 12 138 15 12 138 15 12
89 3 6 106 7 8 138 37 20 164 16 11 138 37 20 128 26 15
159 30 14 139 9 7 167 52 24 175 97 50 213 153 88 97 69 52
164 16 11 183 19 13 183 19 13 183 19 13 183 19 13 183 19 13
152 17 12 106 7 8 183 19 13 139 9 7 131 94 71 175 96 57
176 24 12 163 56 28 97 69 52 254 255 233 206 199 148 97 69 52
213 153 88 213 153 88 119 59 34 162 137 108 254 255 240 97 69 52
162 137 108 254 255 240 131 94 71 97 69 52 120 74 50 97 69 52
162 137 108 254 255 240 252 253 227 250 251 219 254 255 240 162 137 108
97 69 52 213 153 88 175 97 50 111 14 13 95 4 6 119 9 8
131 10 9 142 13 12 144 14 14 144 14 14 144 14 14 141 15 12
138 15 12 138 15 12 138 15 12
93 4 6 123 39 27 164 16 11 167 52 24 138 37 20 176 24 12
167 21 14 159 30 14 164 16 11 123 0 2 158 83 45 97 69 52
123 0 2 183 19 13 183 19 13 183 19 13 183 19 13 133 0 5
0 0 0 78 2 7 183 19 13 107 0 4 97 69 52 111 14 13
183 19 13 175 97 50 97 69 52 206 199 148 131 94 71 97 69 52
216 189 107 216 189 107 119 59 34 131 94 71 237 235 180 97 69 52
162 137 108 225 212 158 97 69 52 97 69 52 93 4 6 158 125 90
0 0 0 131 94 71 206 199 148 206 199 148 131 94 71 91 31 21
143 100 73 128 26 15 111 14 13 99 0 3 137 32 21 122 8 8
129 12 11 138 12 11 142 13 12 141 15 12 141 15 12 138 15 12
138 15 12 138 15 12 138 15 12
120 41 26 151 28 16 183 19 13 141 65 38 183 19 13 183 19 13
183 19 13 193 134 84 154 63 38 77 0 3 169 133 98 131 94 71
0 0 0 0 0 0 0 0 0 91 31 21 0 0 0 97 69 52
162 137 108 91 31 21 91 31 21 91 31 21 162 137 108 0 0 0
183 19 13 192 140 79 97 69 52 91 31 21 0 0 0 131 94 71
213 153 88 213 153 88 146 87 48 0 0 0 91 31 21 91 31 21
0 0 0 0 0 0 97 69 52 158 125 90 111 0 3 111 14 13
193 134 84 97 69 52 0 0 0 0 0 0 91 31 21 174 128 69
192 140 79 162 137 108 119 34 17 148 61 42 179 118 76 123 0 2
131 14 12 137 13 11 138 15 12 138 15 12 138 15 12 138 15 12
134 12 11 134 12 11 137 13 11
124 33 21 176 17 11 141 65 38 167 52 24 183 19 13 183 19 13
183 19 13 219 195 113 146 90 61 105 45 32 143 100 73 215 186 121
211 179 117 193 134 84 179 118 76 193 134 84 169 133 98 146 90 61
173 92 60 158 125 90 143 100 73 131 94 71 162 137 108 131 94 71
77 0 3 167 52 24 176 108 61 175 97 50 175 97 50 175 97 50
213 153 88 213 153 88 192 140 79 175 97 50 176 108 61 120 74 50
91 31 21 162 137 108 131 94 71 141 65 38 133 0 5 164 16 11
139 9 7 158 83 45 169 113 67 174 110 60 176 108 61 174 128 69
221 205 133 169 133 98 137 32 21 191 130 98 211 173 103 123 0 2
138 15 12 137 13 11 138 15 12 141 15 12 141 15 12 138 15 12
131 14 12 131 14 12 134 12 11
154 14 11 163 56 28 116 46 29 183 19 13 183 19 13 183 19 13
183 19 13 216 189 107 150 55 28 129 68 42 202 183 123 199 163 109
187 167 103 146 90 61 152 17 12 144 16 12 139 9 7 92 0 2
92 0 2 99 0 3 93 4 6 0 0 0 0 0 0 162 137 108
97 69 52 0 0 0 78 2 7 78 2 7 77 0 3 167 52 24
213 153 88 213 153 88 175 97 50 127 5 8 0 0 0 0 0 0
162 137 108 91 31 21 77 0 3 147 24 15 183 19 13 183 19 13
154 14 11 152 17 12 164 16 11 154 14 11 158 83 45 191 177 112
225 212 158 206 199 148 154 43 26 175 97 50 175 97 50 133 0 5
137 13 11 138 15 12 138 15 12 138 15 12 138 15 12 138 15 12
131 14 12 138 15 12 134 12 11
176 24 12 123 39 27 183 19 13 183 19 13 183 19 13 183 19 13
158 83 45 175 97 50 152 48 27 95 4 6 237 235 180 232 217 158
199 163 109 182 147 96 174 128 69 175 97 50 175 97 50 167 52 24
176 17 11 164 16 11 167 52 24 158 83 45 99 0 3 77 0 3
162 137 108 131 94 71 0 0 0 0 0 0 0 0 0 111 35 21
158 83 45 158 83 45 91 31 21 0 0 0 91 31 21 191 177 112
91 31 21 77 0 3 151 28 16 213 153 88 183 19 13 183 19 13
183 19 13 175 97 50 175 97 50 192 140 79 187 167 103 221 205 133
254 255 210 237 235 180 139 9 7 176 24 12 183 19 13 137 11 10
137 13 11 138 15 12 138 15 12 138 15 12 138 15 12 134 12 11
131 14 12 134 12 11 131 12 12
154 43 26 156 20 14 183 19 13 183 19 13 183 19 13 175 97 50
78 2 7 119 9 8 224 209 127 136 76 50 140 85 58 249 249 214
232 217 158 206 199 148 195 174 110 213 153 88 208 170 99 175 97 50
183 19 13 183 19 13 183 19 13 213 153 88 127 5 8 116 3 5
77 0 3 158 125 90 162 137 108 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 131 94 71 162 137 108 91 31 21
92 0 2 133 0 5 175 97 50 213 153 88 183 19 13 183 19 13
183 19 13 213 153 88 216 189 107 216 189 107 221 205 133 247 246 193
253 255 226 158 83 45 154 63 38 213 153 88 183 19 13 134 12 11
137 13 11 137 13 11 138 15 12 138 15 12 138 15 12 131 14 12
131 14 12 131 12 12 131 14 12
128 26 15 183 19 13 183 19 13 183 19 13 175 97 50 104 58 46
0 0 0 93 4 6 238 229 170 237 235 180 87 1 5 136 76 50
202 183 123 202 183 123 225 212 158 232 217 158 235 226 137 213 153 88
183 19 13 213 153 88 183 19 13 213 153 88 147 12 10 176 17 11
135 17 11 77 0 3 104 58 46 202 183 123 91 31 21 0 0 0
97 69 52 0 0 0 162 137 108 131 94 71 77 0 3 111 14 13
169 21 14 133 0 5 175 97 50 175 97 50 175 97 50 175 97 50
175 97 50 237 223 121 232 217 158 232 217 158 225 212 158 206 199 148
158 83 45 120 0 3 232 217 158 237 223 121 139 9 7 134 12 11
137 13 11 134 12 11 134 12 11 138 15 12 138 15 12 131 14 12
131 14 12 131 14 12 128 14 13
138 37 20 183 19 13 183 19 13 175 97 50 146 87 48 0 0 0
78 2 7 77 0 3 136 76 50 225 212 158 119 34 17 123 0 2
107 0 4 127 13 12 132 32 17 238 229 170 253 254 208 213 153 88
213 153 88 213 153 88 183 19 13 175 97 50 183 19 13 183 19 13
183 19 13 156 20 14 99 0 3 97 69 52 131 94 71 0 0 0
97 69 52 97 69 52 131 94 71 77 0 3 127 13 12 183 19 13
164 16 11 183 19 13 213 153 88 183 19 13 213 153 88 213 153 88
213 153 88 241 232 158 252 252 206 175 96 57 135 17 11 122 7 7
107 0 4 125 28 16 225 212 158 158 83 45 123 0 2 134 12 11
137 13 11 137 13 11 134 12 11 138 15 12 131 14 12 128 14 13
128 14 13 128 14 13 131 12 12
167 52 24 183 19 13 183 19 13 175 97 50 0 0 0 77 0 3
78 2 7 78 2 7 87 1 5 119 34 17 143 19 14 114 7 7
109 5 7 143 80 49 107 0 4 199 143 96 254 255 240 237 223 121
213 153 88 213 153 88 175 97 50 183 19 13 175 97 50 183 19 13
183 19 13 175 97 50 176 17 11 109 5 7 162 137 108 97 69 52
97 69 52 131 94 71 120 38 28 142 10 9 183 19 13 175 97 50
183 19 13 183 19 13 175 97 50 167 52 24 213 153 88 213 153 88
216 189 107 254 255 223 238 229 170 139 9 7 143 80 49 125 28 16
102 4 5 116 9 9 128 26 15 116 3 5 122 13 12 131 12 12
134 12 11 134 12 11 134 12 11 131 14 12 131 14 12 128 14 13
128 14 13 128 14 13 128 14 13
183 19 13 183 19 13 176 108 61 91 31 21 0 0 0 78 2 7
78 2 7 89 3 6 78 2 7 131 10 9 106 7 8 102 4 5
147 12 10 158 83 45 123 0 2 179 118 76 254 255 240 247 246 193
216 189 107 216 189 107 213 153 88 213 153 88 213 153 88 183 19 13
213 153 88 213 153 88 183 19 13 183 19 13 191 130 98 97 69 52
0 0 0 169 133 98 183 19 13 183 19 13 175 97 50 213 153 88
183 19 13 175 97 50 213 153 88 213 153 88 213 153 88 213 153 88
235 226 137 254 255 233 206 199 148 128 8 8 147 67 48 122 13 12
111 3 7 117 6 7 109 5 7 106 7 8 122 13 12 131 12 12
131 14 12 131 14 12 131 14 12 131 14 12 131 14 12 128 14 13
128 14 13 128 14 13 128 14 13
183 19 13 175 97 50 119 70 46 0 0 0 77 0 3 78 2 7
89 3 6 78 2 7 128 8 8 134 12 11 78 2 7 154 14 11
135 17 11 176 111 73 123 0 2 148 61 42 254 255 223 252 253 227
249 243 164 237 223 121 216 189 107 216 189 107 213 153 88 183 19 13
216 189 107 213 153 88 183 19 13 183 19 13 183 19 13 131 94 71
97 69 52 175 96 57 175 97 50 183 19 13 213 153 88 216 189 107
183 19 13 175 97 50 216 189 107 213 153 88 216 189 107 237 223 121
252 252 206 254 255 233 191 130 98 120 0 3 176 111 73 128 14 13
111 3 7 119 9 8 116 9 9 116 9 9 122 13 12 131 12 12
131 14 12 131 14 12 131 14 12 128 14 13 128 14 13 128 14 13
128 14 13 128 14 13 128 14 13
175 97 50 175 97 50 0 0 0 77 0 3 78 2 7 78 2 7
89 3 6 114 7 7 183 19 13 78 2 7 154 14 11 160 21 14
103 5 5 103 5 5 103 5 5 133 0 5 225 212 158 254 255 240
249 249 214 244 241 169 237 223 121 249 243 164 193 134 84 175 97 50
237 223 121 216 189 107 213 153 88 175 97 50 183 19 13 169 133 98
162 137 108 183 19 13 213 153 88 175 97 50 213 153 88 237 223 121
175 97 50 183 19 13 247 246 193 235 226 137 237 223 121 252 252 206
254 255 223 250 251 219 163 56 28 116 3 5 116 3 5 118 7 7
116 9 9 116 9 9 116 9 9 122 13 12 128 14 13 131 14 12
131 14 12 131 14 12 128 14 13 128 14 13 128 14 13 128 14 13
124 14 13 124 14 13 128 14 13
176 108 61 78 2 7 77 0 3 77 0 3 78 2 7 89 3 6
89 3 6 183 19 13 122 13 12 128 6 9 183 19 13 111 14 13
111 14 13 106 7 8 117 6 7 139 9 7 175 97 50 249 249 214
254 255 240 254 255 233 254 255 240 225 212 158 154 43 26 176 111 73
211 179 117 254 255 210 237 223 121 213 153 88 183 19 13 213 153 88
199 143 96 175 97 50 237 223 121 213 153 88 167 52 24 237 223 121
237 223 121 159 30 14 191 130 98 254 255 240 254 255 240 254 255 240
254 255 233 191 130 98 120 0 3 116 9 9 119 5 9 116 3 5
116 3 5 116 3 5 119 5 9 125 8 10 125 8 10 127 13 12
131 14 12 131 14 12 128 14 13 128 14 13 128 14 13 124 14 13
124 14 13 128 14 13 128 14 13
91 31 21 0 0 0 77 0 3 78 2 7 89 3 6 78 2 7
174 18 12 174 18 12 106 7 8 183 19 13 151 28 16 111 14 13
111 14 13 127 5 8 122 7 7 176 24 12 167 52 24 158 83 45
191 130 98 202 183 123 179 118 76 122 13 12 120 0 3 191 130 98
163 56 28 199 163 109 254 255 210 213 153 88 213 153 88 175 97 50
175 97 50 213 153 88 249 243 164 237 223 121 176 17 11 167 52 24
249 243 164 176 111 73 92 0 2 147 67 48 199 163 109 199 163 109
147 67 48 107 0 4 106 7 8 114 7 7 137 32 21 124 33 21
124 33 21 137 32 21 124 33 21 137 32 21 137 32 21 137 32 21
131 14 12 131 14 12 128 14 13 128 14 13 127 13 12 124 14 13
122 13 12 124 14 13 127 13 12
0 0 0 77 0 3 77 0 3 78 2 7 78 2 7 131 14 12
183 19 13 91 2 10 183 19 13 183 19 13 125 28 16 125 28 16
131 9 10 116 3 5 152 17 12 176 24 12 167 52 24 111 14 13
92 0 2 111 14 13 95 4 6 89 3 6 133 0 5 238 229 170
191 130 98 139 9 7 249 249 214 211 179 117 175 97 50 213 153 88
213 153 88 235 226 137 244 241 169 235 226 137 164 16 11 199 163 109
254 255 240 176 111 73 80 0 2 89 3 6 87 1 5 80 0 2
80 0 2 89 3 6 102 4 5 116 9 9 148 61 42 136 76 50
147 67 48 147 67 48 118 44 32 147 67 48 147 67 48 150 53 31
127 13 12 128 14 13 127 13 12 127 13 12 127 13 12 124 14 13
124 14 13 122 13 12 122 13 12
0 0 0 77 0 3 78 2 7 78 2 7 93 4 6 183 19 13
106 7 8 154 14 11 183 19 13 132 32 17 132 32 17 138 15 12
127 5 8 144 16 12 183 19 13 176 24 12 111 14 13 78 2 7
91 31 21 91 31 21 78 2 7 123 0 2 154 43 26 252 253 227
154 63 38 150 53 31 254 255 240 191 130 98 167 52 24 237 223 121
235 226 137 247 246 193 254 255 210 215 186 121 158 83 45 254 255 240
249 249 214 119 34 17 119 70 46 91 31 21 77 0 3 78 2 7
78 2 7 87 1 5 102 4 5 116 9 9 123 39 27 148 61 42
125 28 16 125 28 16 125 28 16 123 39 27 148 61 42 148 61 42
122 13 12 122 13 12 128 14 13 127 13 12 124 14 13 122 13 12
122 13 12 122 13 12 122 13 12
0 0 0 77 0 3 78 2 7 78 2 7 183 19 13 143 19 14
116 3 5 183 19 13 152 48 27 124 33 21 128 26 15 139 9 7
135 17 11 183 19 13 183 19 13 151 28 16 77 0 3 91 31 21
91 31 21 77 0 3 105 1 7 133 0 5 103 5 5 249 249 214
191 130 98 176 111 73 206 199 148 147 12 10 158 83 45 249 243 164
252 252 206 252 252 206 254 255 223 173 92 60 176 111 73 254 255 240
173 92 60 92 0 2 78 2 7 77 0 3 77 0 3 77 0 3
78 2 7 89 3 6 106 7 8 119 9 8 122 13 12 122 8 8
119 5 9 119 9 8 119 9 8 119 9 8 122 13 12 128 14 13
127 13 12 127 13 12 127 13 12 124 14 13 124 14 13 122 13 12
122 13 12 122 13 12 122 13 12
77 0 3 77 0 3 78 2 7 143 13 11 183 19 13 91 2 10
183 19 13 167 52 24 119 34 17 125 28 16 145 11 11 122 13 12
183 19 13 183 19 13 183 19 13 78 2 7 78 2 7 91 31 21
77 0 3 78 2 7 127 5 8 89 3 6 80 0 2 153 103 68
179 118 76 111 0 3 119 9 8 122 7 7 173 92 60 254 255 223
249 249 214 254 255 223 221 205 133 123 0 2 140 85 58 249 249 214
122 8 8 89 3 6 78 2 7 78 2 7 78 2 7 78 2 7
87 1 5 95 4 6 114 7 7 122 13 12 125 8 10 122 13 12
124 14 13 127 13 12 127 13 12 127 13 12 127 13 12 127 13 12
127 13 12 124 14 13 124 14 13 124 14 13 122 13 12 122 13 12
122 13 12 122 13 12 122 13 12
77 0 3 77 0 3 95 4 6 183 19 13 103 5 5 164 16 11
183 19 13 124 33 21 124 33 21 142 10 9 122 8 8 176 24 12
183 19 13 183 19 13 128 14 13 78 2 7 105 45 32 78 2 7
78 2 7 125 8 10 102 4 5 79 0 3 93 4 6 103 5 5
111 14 13 111 14 13 111 14 13 114 7 7 176 111 73 253 255 226
250 251 219 249 249 214 167 52 24 119 34 17 118 44 32 162 115 76
111 14 13 87 1 5 93 4 6 93 4 6 93 4 6 93 4 6
95 4 6 106 7 8 116 9 9 122 13 12 127 13 12 127 13 12
128 14 13 128 14 13 127 13 12 128 14 13 128 14 13 128 14 13
127 13 12 124 14 13 124 14 13 124 14 13 124 14 13 122 13 12
122 13 12 122 13 12 116 9 9
77 0 3 77 0 3 183 19 13 142 10 9 119 5 9 183 19 13
138 37 20 124 33 21 135 17 11 139 9 7 147 24 15 183 19 13
183 19 13 167 52 24 80 0 2 114 50 39 91 31 21 77 0 3
131 9 10 128 6 9 87 1 5 93 4 6 95 4 6 103 5 5
95 4 6 119 34 17 138 37 20 103 5 5 179 118 76 254 255 233
254 255 233 199 163 109 138 37 20 91 31 21 91 31 21 80 0 2
89 3 6 93 4 6 102 4 5 106 7 8 106 7 8 106 7 8
106 7 8 106 7 8 116 9 9 124 14 13 127 13 12 127 13 12
124 14 13 124 14 13 124 14 13 128 14 13 124 14 13 124 14 13
124 14 13 124 14 13 124 14 13 122 13 12 122 13 12 122 13 12
122 13 12 116 9 9 116 9 9
77 0 3 154 14 11 176 17 11 89 3 6 183 19 13 167 52 24
124 33 21 124 33 21 145 11 11 128 14 13 183 19 13 183 19 13
167 52 24 99 0 3 111 35 21 105 45 32 77 0 3 116 9 9
147 12 10 93 4 6 95 4 6 106 7 8 103 5 5 103 5 5
92 0 2 119 59 34 148 61 42 106 7 8 179 118 76 254 255 240
243 238 185 163 56 28 119 59 34 111 35 21 111 35 21 80 0 2
89 3 6 102 4 5 106 7 8 114 7 7 114 7 7 106 7 8
116 9 9 116 9 9 122 13 12 124 14 13 127 13 12 122 13 12
122 13 12 122 13 12 124 14 13 124 14 13 124 14 13 122 13 12
124 14 13 122 13 12 124 14 13 122 13 12 122 13 12 122 13 12
122 13 12 122 13 12 122 13 12
103 5 5 183 19 13 78 2 7 176 17 11 167 52 24 119 34 17
124 33 21 137 11 10 125 8 10 176 24 12 183 19 13 183 19 13
129 12 11 91 2 10 119 70 46 78 2 7 106 7 8 176 17 11
111 1 9 95 4 6 106 7 8 106 7 8 106 7 8 103 5 5
102 4 5 102 4 5 111 14 13 124 33 21 179 118 76 254 255 240
176 111 73 119 9 8 95 4 6 141 65 38 141 65 38 80 0 2
99 1 11 106 7 8 114 7 7 114 7 7 116 9 9 116 9 9
116 9 9 116 9 9 122 13 12 122 13 12 124 14 13 124 14 13
122 13 12 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
122 13 12 122 13 12 124 14 13 122 13 12 122 13 12 122 13 12
116 9 9 116 9 9 116 9 9
183 19 13 106 7 8 133 0 5 183 19 13 138 37 20 125 28 16
128 14 13 127 5 8 157 23 16 183 19 13 183 19 13 176 24 12
79 0 3 119 70 46 91 31 21 89 3 6 176 17 11 142 10 9
91 2 10 114 7 7 114 7 7 114 7 7 109 5 7 106 7 8
102 4 5 103 5 5 106 7 8 92 0 2 191 130 98 191 130 98
119 9 8 111 14 13 106 7 8 103 5 5 102 4 5 95 4 6
106 7 8 109 5 7 114 7 7 116 9 9 116 9 9 119 9 8
119 9 8 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
124 14 13 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
122 13 12 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
116 9 9 116 9 9 119 9 8
135 17 11 99 1 11 183 19 13 167 52 24 119 34 17 125 28 16
147 12 10 131 14 12 183 19 13 183 19 13 183 19 13 87 1 5
105 45 32 105 45 32 77 0 3 145 11 11 176 17 11 95 4 6
106 7 8 116 9 9 119 9 8 119 9 8 116 9 9 109 5 7
106 7 8 106 7 8 102 4 5 106 7 8 124 33 21 103 5 5
93 4 6 93 4 6 106 7 8 106 7 8 102 4 5 106 7 8
109 5 7 114 7 7 116 9 9 119 9 8 119 9 8 122 13 12
122 13 12 119 9 8 119 9 8 119 9 8 122 13 12 122 13 12
122 13 12 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
122 13 12 122 13 12 122 13 12 122 13 12 122 13 12 122 13 12
116 9 9 116 9 9 119 9 8

15124
config/kernel/ipfire_logo.ppm Normal file
View File

File diff suppressed because it is too large Load Diff

4
config/kernel/kernel.config.bpf
View File

@@ -6,7 +6,3 @@ CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
CONFIG_KPROBES=y
CONFIG_KPROBE_EVENTS=y
CONFIG_BPF_EVENTS=y
CONFIG_UPROBES=y
CONFIG_UPROBE_EVENTS=y
CONFIG_DEBUG_FS=y
CONFIG_MODULE_SIG_FORCE=n

28
config/kernel/kernel.config.x86_64-ipfire
View File

@@ -7050,8 +7050,8 @@ CONFIG_NTFS3_FS_POSIX_ACL=y
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_VMCORE=y
# CONFIG_PROC_KCORE is not set
# CONFIG_PROC_VMCORE is not set
CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y
# CONFIG_PROC_CHILDREN is not set
@@ -7759,10 +7759,7 @@ CONFIG_OBJTOOL=y
#
# Generic Kernel Debugging Instruments
#
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1
CONFIG_MAGIC_SYSRQ_SERIAL=y
CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
# CONFIG_MAGIC_SYSRQ is not set
# CONFIG_DEBUG_FS is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
@@ -7837,7 +7834,7 @@ CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_PANIC_TIMEOUT=0
CONFIG_LOCKUP_DETECTOR=y
CONFIG_SOFTLOCKUP_DETECTOR=y
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
CONFIG_HARDLOCKUP_DETECTOR=y
# CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set
@@ -7846,8 +7843,8 @@ CONFIG_HARDLOCKUP_DETECTOR_PERF=y
# CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set
CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y
CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
# CONFIG_DETECT_HUNG_TASK is not set
# CONFIG_WQ_WATCHDOG is not set
# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set
# CONFIG_TEST_LOCKUP is not set
@@ -8035,16 +8032,3 @@ CONFIG_ARCH_USE_MEMTEST=y
#
# end of Rust hacking
# end of Kernel hacking
CONFIG_BPF_SYSCALL=y
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_BTF=y
CONFIG_DEBUG_INFO_DWARF4=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
CONFIG_KPROBES=y
CONFIG_KPROBE_EVENTS=y
CONFIG_BPF_EVENTS=y
CONFIG_UPROBES=y
CONFIG_UPROBE_EVENTS=y
CONFIG_DEBUG_FS=y
CONFIG_MODULE_SIG_FORCE=y
CONFIG_FPROBE=y

6
config/menu/40-services.menu
View File

@@ -4,12 +4,6 @@
'title' => "$Lang::tr{'virtual private networking'}",
'enabled' => 1,
};
$subservices->{'15.wireguard'} = {
'caption' => $Lang::tr{'wireguard'},
'uri' => '/cgi-bin/wireguard.cgi',
'title' => "$Lang::tr{'wireguard'}",
'enabled' => 1,
};
$subservices->{'20.openvpn'} = {
'caption' => 'OpenVPN',
'uri' => '/cgi-bin/ovpnmain.cgi',

6
config/menu/50-firewall.menu
View File

@@ -26,6 +26,12 @@
'title' => "$Lang::tr{'ipblocklist'}",
'enabled' => 1,
};
$subfirewall->{'60.locationblock'} = {
'caption' => $Lang::tr{'locationblock'},
'uri' => '/cgi-bin/location-block.cgi',
'title' => $Lang::tr{'locationblock'},
'enabled' => 1,
};
$subfirewall->{'70.wireless'} = {
'caption' => $Lang::tr{'blue access'},
'uri' => '/cgi-bin/wireless.cgi',

16
config/menu/60-ipfire.menu
View File

@@ -3,22 +3,6 @@
'title' => "$Lang::tr{'ebpf xdp ddos system'}",
'enabled' => 1,
};
$subipfire->{'15.xdpdns'} = {'caption' => $Lang::tr{'xdpdns domain'},
'uri' => '/cgi-bin/xdpdns.cgi',
'title' => "$Lang::tr{'xdpdns domain'}",
'enabled' => 1,
};
$subipfire->{'16.xdpsni'} = {'caption' => $Lang::tr{'xdpsni domain'},
'uri' => '/cgi-bin/xdpsni.cgi',
'title' => "$Lang::tr{'xdpsni domain'}",
'enabled' => 1,
};
$subipfire->{'17.locationblock'} = {
'caption' => $Lang::tr{'locationblock'},
'uri' => '/cgi-bin/location-block.cgi',
'title' => $Lang::tr{'locationblock'},
'enabled' => 1,
};
$subipfire->{'20.loxilb'} = {
'caption' => $Lang::tr{'loxilb enable'},
'uri' => '/cgi-bin/loxilb.cgi',

15
config/menu/70-log.menu
View File

@@ -8,21 +8,6 @@
'title' => "$Lang::tr{'log settings'}",
'enabled' => 1
};
$sublogs->{'21.xdpdns'} = {'caption' => $Lang::tr{'xdpdns log'},
'uri' => '/cgi-bin/logs.cgi/xdpdnslog.dat',
'title' => "$Lang::tr{'xdpdns log'}",
'enabled' => 1
};
$sublogs->{'22.xdpsni'} = {'caption' => $Lang::tr{'xdpsni log'},
'uri' => '/cgi-bin/logs.cgi/xdpsnilog.dat',
'title' => "$Lang::tr{'xdpsni log'}",
'enabled' => 1
};
$sublogs->{'23.wireguard'} = {'caption' => $Lang::tr{'wg log'},
'uri' => '/cgi-bin/logs.cgi/wireguardlog.dat',
'title' => "$Lang::tr{'wg log'}",
'enabled' => 1
};
$sublogs->{'30.proxy'} = {'caption' => $Lang::tr{'proxy logs'},
'uri' => '/cgi-bin/logs.cgi/proxylog.dat',
'title' => "$Lang::tr{'proxy logs'}",

8
config/rootfiles/common/arpwatch
View File

@@ -1,8 +0,0 @@
etc/rc.d/init.d/arpwatch
etc/sysconfig/arpwatch
usr/sbin/arpsnmp
usr/sbin/arpwatch
#usr/share/man/man8/arpsnmp.8
#usr/share/man/man8/arpwatch.8
#var/lib/arpwatch
var/lib/arpwatch/ethercodes.dat

6
config/rootfiles/common/configroot
View File

@@ -197,14 +197,8 @@ var/ipfire/vpn
#var/ipfire/vpn/settings
var/ipfire/wakeonlan
#var/ipfire/wakeonlan/clients.conf
var/ipfire/wireguard
#var/ipfire/wireguard/peers
#var/ipfire/wireguard/settings
var/ipfire/wireguard-functions.pl
var/ipfire/wireless
#var/ipfire/wireless/config
#var/ipfire/wireless/settings
var/ipfire/ddos
var/ipfire/loxilb
var/ipfire/xdpdns
var/ipfire/xdpsni

7
config/rootfiles/common/haproxy
View File

@@ -1,7 +0,0 @@
etc/logrotate.d/haproxy
etc/rc.d/init.d/haproxy
etc/rc.d/rc3.d/S35haproxy
usr/sbin/haproxy
var/ipfire/backup/addons/includes/haproxy
var/lib/haproxy
var/ipfire/haproxy

1
config/rootfiles/common/keepalived
View File

@@ -1,4 +1,5 @@
#etc/keepalived
etc/keepalived/keepalived.conf.sample
etc/keepalived/samples
#etc/keepalived/samples/keepalived.conf.HTTP_GET.port
#etc/keepalived/samples/keepalived.conf.IPv6

6
config/rootfiles/common/kexec-tools
View File

@@ -1,6 +0,0 @@
usr/lib/kexec-tools
usr/lib/kexec-tools/kexec_test
usr/sbin/kexec
usr/sbin/vmcore-dmesg
#usr/share/man/man8/kexec.8
#usr/share/man/man8/vmcore-dmesg.8

7
config/rootfiles/common/libbpf
View File

@@ -1,4 +1,3 @@
usr/lib/libbpf.a
usr/lib/libbpf.so
usr/lib/libbpf.so.1
usr/lib/libbpf.so.1.4.6
usr/include/bpf/xsk.h
usr/lib/libbpf.so.0
usr/lib/libbpf.so.0.8.3

5
config/rootfiles/common/libbpf-bootstrap
View File

@@ -1,5 +0,0 @@
usr/bin/kprobe
usr/bin/ksyscall
usr/bin/profile
usr/bin/netqtop
usr/bin/wg_handshake

1
config/rootfiles/common/loxilb-tc Normal file
View File

@@ -0,0 +1 @@
usr/bin/ntc

1
config/rootfiles/common/makedumpfile
View File

@@ -1 +0,0 @@
usr/sbin/makedumpfile

4
config/rootfiles/common/misc-progs
View File

@@ -35,13 +35,9 @@ usr/local/bin/updxlratorctrl
usr/local/bin/urlfilterctrl
#usr/local/bin/wiohelper
#usr/local/bin/wioscan
usr/local/bin/wireguardctrl
usr/local/bin/wirelessclient
usr/local/bin/wirelessctrl
#usr/local/bin/wlanapctrl
usr/local/bin/ddosctrl
usr/local/bin/loxilbctrl
usr/local/bin/keepalivedctrl
usr/local/bin/xdpdnsctrl
usr/local/bin/xdpsnictrl
usr/local/bin/xdpgeoipctrl

30
config/rootfiles/common/perl-Net-ISP-Balance
View File

@@ -1,30 +0,0 @@
etc/balance
etc/balance.conf
etc/balance/firewall
etc/balance/firewall/01.accept
etc/balance/firewall/01.accept.pl
etc/balance/firewall/02.forward.pl
etc/balance/lsm
etc/balance/lsm/balancer_event_script
etc/balance/lsm/default_script
etc/balance/post-run
etc/balance/post-run/post-run-script.pl
etc/balance/pre-run
etc/balance/pre-run/pre-run-script.pl
etc/balance/routes
etc/balance/routes/01.local_routes
etc/balance/routes/02.local_routes.pl
etc/load_balance.pl
usr/bin/foolsm
usr/bin/load_balance.pl
usr/lib/perl5/site_perl/5.36.0/Net/ISP
usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance
usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance.pm
usr/lib/perl5/site_perl/5.36.0/Net/ISP/Balance/ConfigData.pm
#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP
#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP/Balance
#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/ISP/Balance/.packlist
#usr/share/man/man1/load_balance.pl.1
#usr/share/man/man3/Net::ISP::Balance.3
#usr/share/man/man3/Net::ISP::Balance::ConfigData.3
var/lib/foolsm

5
config/rootfiles/common/perl-Net-Netmask
View File

@@ -1,5 +0,0 @@
usr/lib/perl5/site_perl/5.36.0/Net/Netmask.pm
#usr/lib/perl5/site_perl/5.36.0/Net/Netmask.pod
#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/Netmask
#usr/lib/perl5/site_perl/5.36.0/x86_64-linux-thread-multi/auto/Net/Netmask/.packlist
#usr/share/man/man3/Net::Netmask.3

1
config/rootfiles/common/pwru
View File

@@ -1 +0,0 @@
usr/bin/pwru

2
config/rootfiles/common/suricata
View File

@@ -1,10 +1,8 @@
etc/suricata
etc/suricata/suricata.yaml
etc/suricata/suricata-xdp.yaml
usr/bin/suricata
#usr/include/suricata-plugin.h
usr/sbin/convert-ids-backend-files
usr/lib/bpf/xdp_filter.bpf
#usr/share/doc/suricata
#usr/share/doc/suricata/AUTHORS
#usr/share/doc/suricata/Basic_Setup.txt

3
config/rootfiles/common/unbound
View File

@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
usr/lib/libunbound.so.8.1.30
usr/lib/libunbound.so.8.1.24
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
@@ -19,7 +19,6 @@ usr/sbin/unbound-checkconf
usr/sbin/unbound-control
usr/sbin/unbound-control-setup
usr/sbin/unbound-dhcp-leases-bridge
usr/sbin/unbound-dhcp-leases-client
usr/sbin/unbound-host
#usr/share/man/man1/unbound-host.1
#usr/share/man/man3/libunbound.3

3
config/rootfiles/common/web-user-interface
View File

@@ -86,7 +86,6 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi
srv/web/ipfire/cgi-bin/webaccess.cgi
#srv/web/ipfire/cgi-bin/wio.cgi
#srv/web/ipfire/cgi-bin/wiographs.cgi
srv/web/ipfire/cgi-bin/wireguard.cgi
srv/web/ipfire/cgi-bin/wireless.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
srv/web/ipfire/cgi-bin/wlanap.cgi
@@ -96,8 +95,6 @@ srv/web/ipfire/cgi-bin/loxilb.cgi
srv/web/ipfire/cgi-bin/loxilbconfig.cgi
srv/web/ipfire/cgi-bin/loxilbfw.cgi
srv/web/ipfire/cgi-bin/keepalived.cgi
srv/web/ipfire/cgi-bin/xdpdns.cgi
srv/web/ipfire/cgi-bin/xdpsni.cgi
#srv/web/ipfire/html
srv/web/ipfire/html/blob.gif
#srv/web/ipfire/html/captive

4
config/rootfiles/common/wireguard-tools
View File

@@ -1,4 +0,0 @@
etc/fcron.cyclic/wg-dynamic
usr/bin/wg
#usr/share/bash-completion/completions/wg
#usr/share/man/man8/wg.8

16
config/rootfiles/common/x86_64/initscripts
View File

@@ -10,7 +10,6 @@ etc/rc.d/helper/oci-setup
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
etc/rc.d/init.d/arpwatch
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
@@ -91,30 +90,20 @@ etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
etc/rc.d/init.d/ddos
etc/rc.d/init.d/loxilb
etc/rc.d/init.d/xdpdns
etc/rc.d/init.d/xdpsni
etc/rc.d/init.d/xdpgeoip
etc/rc.d/init.d/kdump-config
etc/rc.d/init.d/kdump-init-functions
etc/rc.d/init.d/kdump-tools
etc/rc.d/init.d/kdump-vars.sh
#etc/rc.d/rc0.d
#etc/rc.d/rc0.d/K01imspetor
#etc/rc.d/rc0.d/K01motion
#etc/rc.d/rc0.d/K01vdradmin
#etc/rc.d/rc0.d/K02sslh
etc/rc.d/rc0.d/K08fcron
etc/rc.d/rc0.d/K12arpwatch
etc/rc.d/rc0.d/K28apache
etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
@@ -146,8 +135,6 @@ etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S64arpwatch
etc/rc.d/rc3.d/S98rc.local
#etc/rc.d/rc3.d/S98sslh
#etc/rc.d/rc3.d/S99imspetor
@@ -159,13 +146,11 @@ etc/rc.d/rc3.d/S98rc.local
#etc/rc.d/rc6.d/K01vdradmin
#etc/rc.d/rc6.d/K02sslh
etc/rc.d/rc6.d/K08fcron
etc/rc.d/rc6.d/K12arpwatch
etc/rc.d/rc6.d/K28apache
etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
@@ -209,4 +194,3 @@ etc/sysconfig/modules
etc/sysconfig/ramdisk
etc/sysconfig/rc
etc/sysconfig/rc.local
etc/sysconfig/arpwatch

1
config/rootfiles/common/x86_64/linux
View File

@@ -23700,4 +23700,3 @@ lib/modules/KVER-ipfire/modules.symbols.bin
#lib/modules/KVER-ipfire/source
sbin/gen_init_cpio
usr/sbin/bpftool
usr/sbin/perf

20
config/rootfiles/common/xdp-tools
View File

@@ -1,23 +1,8 @@
usr/lib/bpf/xdp-dispatcher.o
usr/lib/bpf/xdp_synproxy.bpf.o
etc/rc.d/rc3.d/S105ddos
usr/lib/bpf/xdp_dnsrrl.bpf.o
usr/lib/bpf/xdp_udp.bpf.o
usr/lib/bpf/xdp_dns.bpf.o
usr/lib/bpf/xdp_sni.bpf.o
usr/lib/bpf/xdp_geoip.bpf.o
usr/lib/bpf/xdp_udpddos.bpf.o
usr/lib/bpf/dnsdist_xdp.bpf.o
usr/lib/bpf/class_filter.bpf.o
usr/sbin/xdp-udp
usr/sbin/xdp_dns
etc/rc.d/rc3.d/S102xdpdns
usr/sbin/xdp_dns_log
usr/sbin/xdp_sni
usr/sbin/xdp_sni_log
etc/rc.d/rc3.d/S103xdpsni
usr/sbin/xdp_geoip
etc/rc.d/rc3.d/S104xdpgeoip
usr/lib/bpf/xdpdump_bpf.o
usr/lib/bpf/xdpdump_xdp.o
usr/lib/bpf/xdpfilt_alw_all.o
@@ -35,18 +20,15 @@ usr/lib/bpf/xsk_def_xdp_prog_5.3.o
usr/lib/libxdp.a
usr/lib/libxdp.so
usr/lib/libxdp.so.1
usr/lib/libxdp.so.1.5.0
usr/lib/libxdp.so.1.4.0
usr/lib/pkgconfig/libxdp.pc
usr/sbin/xdp-bench
usr/sbin/xdp-filter
usr/sbin/xdp-loader
usr/sbin/tc-loader
usr/lib/bpf/tc-dummy.bpf.o
usr/sbin/xdp-monitor
usr/sbin/xdp-trafficgen
usr/sbin/xdp_synproxy
usr/sbin/xdp-udp
usr/sbin/xdpdump
usr/sbin/class_filter
usr/share/xdp-tools/xdp_drop.o
usr/share/xdp-tools/xdp_pass.o

3
config/rootfiles/common/dnsdist → config/rootfiles/packages/dnsdist
View File

@@ -1,5 +1,4 @@
etc/dnsdist.conf-dist
etc/dnsdist-xsk.conf
#etc/dnsdist.conf-dist
etc/rc.d/init.d/dnsdist
usr/bin/dnsdist
#usr/share/man/man1/dnsdist.1

1055
config/suricata/suricata-xdp.yaml
View File

File diff suppressed because it is too large Load Diff

75
config/unbound/unbound-dhcp-leases-client
View File

@@ -1,75 +0,0 @@
#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2016 Michael Tremer #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
SOCKET="/var/run/unbound-dhcp-leases-bridge.sock"
main() {
local event="${1}"
shift
# Check if we have received an event
if [ -z "${event}" ]; then
echo "${0}: Missing event" >&2
return 2
fi
# Check if the socket exists
if [ ! -S "${SOCKET}" ]; then
echo "${0}: ${SOCKET} does not exist" >&2
return 1
fi
# Connect to the socket
coproc NC { nc -U "${SOCKET}"; }
local arg
local response
# Send the message
{
# Send the event
echo "EVENT=${event}"
# Send all arguments
for arg in $@; do
echo "${arg}"
done
} >&"${NC[1]}"
# Close the input part of the connection
exec {NC[1]}>&-
# Capture the response
read response <&"${NC[0]}"
case "${response}" in
OK)
return 0
;;
*)
echo "${response}" >&2
return 1
;;
esac
}
main "$@" || exit $?

122
config/wireguard/wg-dynamic
View File

@@ -1,122 +0,0 @@
#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# #
# This script tries to keep WireGuard connections with dynamic peers alive #
# #
# It resolves the endpoint if it is an FQDN, and if so, will check if the #
# currently connected endpoint matches any of the resolved IP addresses. If #
# not it will reload the WireGuard configuration in the hope that wg will #
# update the kernel with the new IP address and the connection comes back up #
# again. #
# #
###############################################################################
. /etc/sysconfig/rc
. ${rc_functions}
# Fetches the first endpoint that is currently active on the given interface
current_endpoint() {
local intf="${1}"
local pubkey
local endpoint
# List the first endpoint (are there even more than one?)
wg show "${intf}" endpoints | while read -r pubkey endpoint; do
echo "${endpoint%:*}"
break
done
return 0
}
# Resolves a hostname
resolve() {
local endpoint="${1}"
dig +short "A" "${endpoint}" 2>/dev/null
}
main() {
local -A settings=()
# Read WireGuard settings
readhash settings /var/ipfire/wireguard/settings
# Do nothing if WireGuard is not enabled
if [ "${settings[ENABLED]}" != "on" ]; then
return 0
fi
local line
while IFS=',' read -r -a line; do
local id="${line[0]}"
local enabled="${line[1]}"
local type="${line[2]}"
local name="${line[3]}"
local endpoint="${line[7]}"
# Only process enabled net-to-net connections
case "${enabled},${type}" in
on,net)
;;
*)
continue
;;
esac
# The endpoint must be an FQDN
case "${endpoint}" in
# Ignore IP addresses
[0-9]*.[0-9]*.[0-9]*.[0-9]*)
continue
;;
# Ignore if we don't know the endpoint
"")
continue
;;
esac
local address
local match=0
# Fetch the current endpoint address
local current_address="$(current_endpoint "wg${id}")"
# Walk through all IP addresses the FQDN resolves to
for address in $(resolve "${endpoint}"); do
if [ "${current_address}" = "${address}" ]; then
match=1
break
fi
done
# If there has been no match, we have to reload everything
if [ "${match}" -eq 0 ]; then
exec /etc/init.d/wireguard reload
fi
done < /var/ipfire/wireguard/peers
return 0
}
main "$@" || exit $?

1
doc/language_issues.en
View File

@@ -1559,7 +1559,6 @@ WARNING: untranslated string: proxy reports today = Today
WARNING: untranslated string: proxy reports weekly = Weekly reports
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: ptr lookup failed = Reverse lookup failed
WARNING: untranslated string: public key = unknown string
WARNING: untranslated string: pulse = Pulse
WARNING: untranslated string: pulse dial = Pulse dial:
WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!

37
html/cgi-bin/chpasswd.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -20,8 +20,10 @@
###############################################################################
use CGI qw(param);
use Apache::Htpasswd;
use Crypt::PasswdMD5;
require '/var/ipfire/general-functions.pl';
$swroot = "/var/ipfire";
my %cgiparams;
my %mainsettings;
@@ -30,8 +32,8 @@ my %proxysettings;
$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
### Initialize environment
&readhash("${General::swroot}/main/settings", \%mainsettings);
&readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};
### Initialize language
@@ -40,12 +42,12 @@ if ($language =~ /^(\w+)$/) {$language = $1;}
# Uncomment this to force a certain language:
# $language='en';
#
require "${General::swroot}/langs/en.pl";
require "${General::swroot}/langs/${language}.pl";
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";
my $userdb = "$General::swroot/proxy/advanced/ncsa/passwd";
my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
&readhash("$General::swroot/ethernet/settings", \%netsettings);
&readhash("$swroot/ethernet/settings", \%netsettings);
my $success = 0;
@@ -74,13 +76,20 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
goto ERROR;
}
# If the htpasswd verification status is 0 then update the database
# otherwise respond with an error message.
if (&General::system("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}") != 0) {
$errormessage = $tr{'advproxy errmsg invalid user/password'};
my $htpasswd = new Apache::Htpasswd("$userdb");
# Check if a user with this name exists
my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
if (!$old_password) {
$errormessage = $tr{'advproxy errmsg invalid user'};
goto ERROR;
}
# Reset password
if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
$cgiparams{'OLD_PASSWORD'})) {
$errormessage = $tr{'advproxy errmsg password incorrect'};
goto ERROR;
} else {
&General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'NEW_PASSWORD_1'}");
}
$success = 1;

16
html/cgi-bin/credits.cgi
View File

@@ -38,17 +38,11 @@ require "${General::swroot}/header.pl";
&Header::openbox('100%', 'left', $Lang::tr{'donation'});
print <<END
<p>$Lang::tr{'donation-bpfire-text'}</p>
<div align="center">
<a href="https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD" target="_blank">
<strong>$Lang::tr{'donation-bpfire'}</strong>
</a>
</div>
<p>$Lang::tr{'donation-ipfire-text'}</p>
<div align="center">
<p>$Lang::tr{'donation-text'}</p>
<a href="https://www.ipfire.org/donate" target="_blank">
<strong>$Lang::tr{'donation-ipfire'}</strong>
<div align="center">
<a href="https://www.ipfire.org/donate">
<strong>$Lang::tr{'donation'}</strong>
</a>
</div>
END
@@ -60,7 +54,7 @@ END
print <<END
<br>
<center>
$Lang::tr{'visit us at'}: <b><a href='http://www.bpfire.net/' target="_blank">https://www.bpfire.net/</a></b> <b><a href='https://www.ipfire.org/' target="_blank">https://www.ipfire.org/</a></b>
$Lang::tr{'visit us at'}: <b><a href='https://www.ipfire.org/' target="_blank">https://www.ipfire.org/</a></b>
</center>
<br><br>

8
html/cgi-bin/ddns.cgi
View File

@@ -523,19 +523,17 @@ print <<END
<td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
<td class='username'>$Lang::tr{'username'}</td>
<td class='username'><input type='text' name='LOGIN'
value='@{[ &Header::escape($settings{'LOGIN'}) ]}' /></td>
<td class='username'><input type='text' name='LOGIN' value='$settings{'LOGIN'}' /></td>
<td class='token' style='display:none'>$Lang::tr{'token'}</td>
<td class='token' style='display:none'><input type='text' name='TOKEN'
value='@{[ &Header::escape($settings{'TOKEN'}) ]}' /></td>
<td class='token' style='display:none'><input type='text' name='TOKEN' value='$settings{'TOKEN'}' /></td>
</tr>
<tr class='password'>
<td class='base'></td>
<td></td>
<td class='base'>$Lang::tr{'password'}</td>
<td><input type='password' name='PASSWORD' value='@{[ &Header::escape($settings{'PASSWORD'}) ]}' /></td>
<td><input type='password' name='PASSWORD' value='$settings{'PASSWORD'}' /></td>
</tr>
</table>
<br>

24
html/cgi-bin/dns.cgi
View File

@@ -127,20 +127,18 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
$errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
}
# Check if the provided hostname is valid
if ($cgiparams{'TLS_HOSTNAME'} ne "") {
unless (&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
$errormessage = "$Lang::tr{'invalid ip or hostname'}: " . &Header::escape($cgiparams{'TLS_HOSTNAME'});
# Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
elsif($settings{'PROTO'} eq "TLS") {
unless($cgiparams{"TLS_HOSTNAME"}) {
$errormessage = "$Lang::tr{'dns no tls hostname given'}";
} else {
# Check if the provided domain is valid.
unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
$errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
}
}
}
# Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
if ($settings{'PROTO'} eq "TLS") {
unless ($cgiparams{"TLS_HOSTNAME"}) {
$errormessage = "$Lang::tr{'dns no tls hostname given'}";
}
}
# Go further if there was no error.
if ( ! $errormessage) {
# Check if a remark has been entered.
@@ -775,9 +773,9 @@ sub show_add_edit_nameserver() {
# Check if an ID has been given.
if ($cgiparams{'ID'}) {
# Assign cgiparams values.
$cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
$cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
$cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
$cgiparams{'REMARK'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
$cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
}
} else {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});

78
html/cgi-bin/firewall.cgi
View File

@@ -2,8 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024-2025 BPFire Team <vincent.mc.li@gmail.com> #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -838,9 +837,8 @@ sub checkrule
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
}
}else{
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
$errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}};
$errormessage.=$Lang::tr{'fwdfw err samesub'};
}
}
}
@@ -1210,40 +1208,6 @@ END
#End left table. start right table (vpn)
print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
# WireGuard Peers
if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') {
print <<EOF;
<tr>
<td>
<input type='radio' name='$grp' id='wg_peer_$srctgt' value='wg_peer_$srctgt' $checked{$grp}{'wg_peer_'.$srctgt}>
</td>
<td nowrap='nowrap' width='16%'>
$Lang::tr{'fwhost wg peers'}
</td>
<td nowrap='nowrap' width='1%' align='right'>
<select name='wg_peer_$srctgt' style='width:200px;'>"
EOF
# Sort peers by name
foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
# Load the peer
my $peer = &Wireguard::load_peer($key);
# Is this peer selected?
my $selected = ($fwdfwsettings{$fwdfwsettings{$grp}} eq $peer->{'NAME'}) ? "selected" : "";
print <<EOF;
<option value="$peer->{'NAME'}" $selected>$peer->{'NAME'}</option>
EOF
}
print <<EOF;
</select>
</td>
</tr>
EOF
}
# CCD networks
if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt' $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
@@ -1327,22 +1291,19 @@ sub get_ip
if ($fwdfwsettings{$grp} eq $val.'_addr'){
($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
}elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){
if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
$a=$netsettings{'GREEN_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
$a=$netsettings{'ORANGE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
$a=$netsettings{'BLUE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
&General::readhash("$configovpn",\%ovpnsettings);
($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
$b=&General::iporsubtocidr($b);
# WireGuard
}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") {
return $Wireguard::settings{'CLIENT_POOL'};
}
}elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
&General::readhasharray("$confignet", \%customnetwork);
@@ -1493,9 +1454,6 @@ sub getcolor
}elsif ($val eq 'IPsec RW' ){
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
}elsif ($val eq "WGRW") {
$tdcolor="style='background-color: $Header::colourwg; color: white;'";
return;
}elsif($val =~ /^(.*?)\/(.*?)$/){
my ($sip,$scidr) = split ("/",$val);
if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
@@ -1562,19 +1520,8 @@ sub getcolor
}
}
}
# WireGuard Roadwarrior
if ($Wireguard::settings{'CLIENT_POOL'}) {
if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) {
$tdcolor="style='background-color: $Header::colourwg; color:white;'";
return;
}
}
}
#VPN networks
if ($nettype eq 'wg_peer_src' || $nettype eq 'wg_peer_tgt'){
$tdcolor="style='background-color: $Header::colourwg;color:white;'";
return;
}
if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
$tdcolor="style='background-color: $Header::colourovpn;color:white;'";
return;
@@ -2401,7 +2348,6 @@ sub saverule
$fwdfwsettings{'ruleremark'}=~ s/,/;/g;
utf8::decode($fwdfwsettings{'ruleremark'});
$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
$fwdfwsettings{'PROT'}=&Header::escape($fwdfwsettings{'PROT'});
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
@@ -2631,10 +2577,10 @@ END
@tmpsrc=();
@tmptgt=();
#check if vpn hosts/nets have been deleted
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /^wg_/ || $$hash{$key}[3] =~ /ovpn/i){
if($$hash{$key}[3] =~ /ipsec/i || $$hash{$key}[3] =~ /ovpn/i){
push (@tmpsrc,$$hash{$key}[4]);
}
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /^wg_/ || $$hash{$key}[5] =~ /ovpn/i){
if($$hash{$key}[5] =~ /ipsec/i || $$hash{$key}[5] =~ /ovpn/i){
push (@tmptgt,$$hash{$key}[6]);
}
foreach my $host (@tmpsrc){
@@ -2654,10 +2600,6 @@ END
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
}
}elsif($$hash{$key}[3] eq 'wg_peer_src') {
if (!defined &Wireguard::get_peer_by_name($host)) {
$coloryellow = 'on';
}
}
}
foreach my $host (@tmptgt){
@@ -2677,10 +2619,6 @@ END
if(&fwlib::get_ovpn_host_ip($host,33) eq ''){
$coloryellow='on';
}
}elsif($$hash{$key}[5] eq 'wg_peer_tgt') {
if (!defined &Wireguard::get_peer_by_name($host)) {
$coloryellow = 'on';
}
}
}
#check if networkgroups or servicegroups are empty

432
html/cgi-bin/fwhosts.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -582,13 +582,6 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp')
$fwhostsettings{'grp_name'}='';
$fwhostsettings{'remark'}='';
}
# Fetch the address from a WireGuard Peer
if ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} ne ''){
@target=$fwhostsettings{'WG_PEER'};
$type='wg_peer';
}elsif ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} eq ''){
$errormessage=$Lang::tr{'fwhost err groupempty'};
}
#get address from ovpn ccd static net
if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){
@target=$fwhostsettings{'OVPN_CCD_NET'};
@@ -703,10 +696,6 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp')
# Check name
if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};}
unless (&General::validcc($fwhostsettings{'COUNTRY_CODE'})) {
$errormessage = $Lang::tr{'fwhost invalid country code'};
}
# Check for existing group name.
if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){
$errormessage = $Lang::tr{'fwhost err grpexist'};
@@ -718,7 +707,7 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp')
}
if ($fwhostsettings{'update'} eq 'on'){
@target = $fwhostsettings{'COUNTRY_CODE'};
@target=$fwhostsettings{'COUNTRY_CODE'};
$type='Location Group';
#check if host/net exists in grp
@@ -1331,29 +1320,10 @@ sub showmenu {
&Header::openbox('100%', 'left',);
print "$Lang::tr{'fwhost welcome'}";
print<<END;
<br><br>
<table border='0' width='100%'>
<tr>
<td>
<form method='post'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newlocationgrp'}'>
</form>
</td>
<td align='right'>
<form method='post'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}'>
<input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}'>
</form>
</td>
</tr>
<tr>
<td colspan='6'>
</td>
</tr>
</table>
<br><br><table border='0' width='100%'>
<tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newlocationgrp'}' ></form></td>
<td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr>
<tr><td colspan='6'></td></tr></table>
END
&Header::closebox();
@@ -1534,34 +1504,6 @@ END
print"</table>";
#Inner table right
print"</td><td align='right' style='vertical-align:top;'><table width='90%' border='0'>";
# WireGuard Peers
if (%Wireguard::peers) {
print <<EOF;
<tr>
<td style='width:15em;'>
<label>
<input type='radio' name='grp2' value='wg_peer' $checked{'grp2'}{'wg_peer'}>
$Lang::tr{'fwhost wg peers'}
</label>
</td>
<td style='text-align:right;'>
<select name='WG_PEER' style='width:16em;'>"
EOF
foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
my $peer = &Wireguard::load_peer($key);
print <<EOF;
<option value="$peer->{"NAME"}">$peer->{"NAME"}</option>
EOF
}
print <<EOF;
</select>
</td>
</tr>
EOF
}
#OVPN networks
if (! -z $configccdnet){
print<<END;
@@ -1783,7 +1725,7 @@ sub addservice
{
$fwhostsettings{'oldsrvname'} = $fwhostsettings{'SRV_NAME'};
$fwhostsettings{'oldsrvport'} = $fwhostsettings{'SRV_PORT'};
$fwhostsettings{'oldsrvprot'} = &Header::escape($fwhostsettings{'PROT'});
$fwhostsettings{'oldsrvprot'} = $fwhostsettings{'PROT'};
$fwhostsettings{'oldsrvicmp'} = $fwhostsettings{'ICMP'};
}
print<<END;
@@ -1956,8 +1898,7 @@ END
}
my $colnet="$customnetwork{$key}[1]/".&General::subtocidr($customnetwork{$key}[2]);
my $netcount=&getnetcount($customnetwork{$key}[0]);
my $netusedin=&getusedin($customnetwork{$key}[0]);
print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col><span title='$netusedin'>$netcount x</span></td>";
print"<td width='20%' $col><form method='post'>$customnetwork{$key}[0]</td><td width='15%' align='center' $col>".&getcolor($colnet)."</td><td width='40%' $col>$customnetwork{$key}[3]</td><td align='center' $col>$netcount x</td>";
print<<END;
<td width='1%' $col><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='editnet'>
@@ -2013,14 +1954,6 @@ sub getcolor
$tdcolor="<font style='color: $Header::colourred;'>$c</font>";
return $tdcolor;
}
# WireGuard Roadwarrior
if ($Wireguard::settings{'CLIENT_POOL'}) {
if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) {
return "<font style='color: $Header::colourwg;'>$c</font>"
}
}
#Check if IP is part of OpenVPN N2N subnet
foreach my $key (sort keys %ccdhost){
if ($ccdhost{$key}[3] eq 'net'){
@@ -2111,10 +2044,8 @@ END
$customhost{$key}[4]=~s/\s+//g;
my $hostcount=0;
$hostcount=&gethostcount($customhost{$key}[0]);
my $hostusedin=&getusedin($customhost{$key}[0]);
my $color = &getcolor($ip);
print <<END;
<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >$color</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col><span title="$hostusedin">$hostcount x</span></td>
print"<td width='20%' $col>$customhost{$key}[0]</td><td width='20%' align='center' $col >".&getcolor($ip)."</td><td width='50%' align='left' $col>$customhost{$key}[3]</td><td align='center' $col>$hostcount x</td>";
print<<END;
<td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
<input type='hidden' name='ACTION' value='edithost' />
<input type='hidden' name='HOSTNAME' value='$customhost{$key}[0]' />
@@ -2189,8 +2120,7 @@ sub viewtablegrp
print "<br><b><u>$grpname</u></b>&nbsp; &nbsp;";
print " <b>$Lang::tr{'remark'}:</b>&nbsp $remark &nbsp " if ($remark ne '');
my $netgrpcount=&getnetcount($grpname);
my $groupusedin=&getusedin($grpname);
print "<b>$Lang::tr{'used'}:</b> <span title='$groupusedin'>$netgrpcount x</span>";
print "<b>$Lang::tr{'used'}:</b> $netgrpcount x";
if($netgrpcount == '0')
{
print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='grp_name' value='$grpname' ><input type='hidden' name='ACTION' value='delgrp'></form>";
@@ -2328,8 +2258,8 @@ sub viewtablelocationgrp
# Get group count.
my $locationgrpcount=&getlocationcount($grpname);
my $locationusedin=&getlocusedin($grpname);
print "<b>$Lang::tr{'used'}:</b> <span title='$locationusedin'>$locationgrpcount x</span>";
print "<b>$Lang::tr{'used'}:</b> $locationgrpcount x";
# Only display delete icon, if the group is not used by a firewall rule.
if($locationgrpcount == '0') {
print"<form method='post' style='display:inline'>\n";
@@ -2471,11 +2401,10 @@ END
END
#Neuer count
$srvcount=&getsrvcount($customservice{$key}[0]);
my $serviceusedin=&getsrvusedin($customservice{$key}[0]);
if($customservice{$key}[3] eq 'All ICMP-Types'){print $Lang::tr{'fwdfw all icmp'};}
elsif($customservice{$key}[3] ne 'BLANK'){print $customservice{$key}[3];}
print<<END;
</td><td align='center' $col><span title='$serviceusedin'>$srvcount x</span></td>
</td><td align='center' $col>$srvcount x</td>
<td width='1%' $col><form method='post'><input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /><input type='hidden' name='ACTION' value='editservice' />
<input type='hidden' name='SRV_NAME' value='$customservice{$key}[0]' />
<input type='hidden' name='SRV_PORT' value='$customservice{$key}[1]' />
@@ -2547,8 +2476,7 @@ sub viewtableservicegrp
if($count >0){print"</table>";$count=1;}
print "<br><b><u>$grpname</u></b>&nbsp; &nbsp; ";
print "<b>$Lang::tr{'remark'}:</b>&nbsp; $remark " if ($remark ne '');
my $srvgrpusedin=&getsrvusedin($customservicegrp{$key}[0]);
print "&nbsp; <b>$Lang::tr{'used'}:</b> <span title='$srvgrpusedin'>$grpcount x</span>";
print "&nbsp; <b>$Lang::tr{'used'}:</b> $grpcount x";
if($grpcount == '0')
{
print"<form method='post' style='display:inline'><input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' /><input type='hidden' name='SRVGRP_NAME' value='$grpname' ><input type='hidden' name='ACTION' value='delservicegrp'></form>";
@@ -2821,106 +2749,6 @@ sub getlocationcount
}
return $counter;
}
sub getlocusedin
{
my $groupname=shift;
my $titletext="";
# Location groups are stored as "group:groupname" in the
# firewall settings files.
my $searchstring = join(':', "group",$groupname);
#Count services used in firewall - config
my $fwfwtext="";
# first set title if found
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[4] eq $searchstring){
$fwfwtext = "$Lang::tr{'firewall rules'}:";
}
if($fwfwd{$key1}[6] eq $searchstring){
$fwfwtext = "$Lang::tr{'firewall rules'}:";
}
}
# then add rule numbers
my @fwfwrules = ();
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[4] eq $searchstring){
push(@fwfwrules, $key1);
}
if($fwfwd{$key1}[6] eq $searchstring){
push(@fwfwrules, $key1);
}
}
my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
foreach my $rule (@fwfwarraysorted)
{
$fwfwtext .= "&#010- $rule";
}
#Count services used in firewall - input
my $fwintext="";
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[4] eq $searchstring){
$fwintext = "$Lang::tr{'incoming firewall access'}:";
}
if($fwinp{$key2}[6] eq $searchstring){
$fwintext = "$Lang::tr{'incoming firewall access'}:";
}
}
my @fwinrules = ();
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[4] eq $searchstring){
push(@fwinrules, $key2);
}
if($fwinp{$key2}[6] eq $searchstring){
push(@fwinrules, $key2);
}
}
my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
foreach my $rule (@fwinarraysorted)
{
$fwintext .= "&#010- $rule";
}
#Count services used in firewall - outgoing
my $fwouttext="";
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[4] eq $searchstring){
$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
}
if($fwout{$key3}[6] eq $searchstring){
$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
}
}
my @fwoutrules = ();
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[4] eq $searchstring){
push(@fwoutrules, $key3);
}
if($fwout{$key3}[6] eq $searchstring){
push(@fwoutrules, $key3);
}
}
my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
foreach my $rule (@fwoutarraysorted)
{
$fwouttext .= "&#010- $rule";
}
if ($fwfwtext) {
$titletext .= "$fwfwtext"
}
if ($fwintext) {
if ($titletext) {
$titletext .= "&#010 "
}
$titletext .= "$fwintext"
}
if ($fwouttext) {
if ($titletext) {
$titletext .= "&#010 "
}
$titletext .= "$fwouttext"
}
return $titletext;
}
sub getnetcount
{
my $searchstring=shift;
@@ -2960,122 +2788,6 @@ sub getnetcount
}
return $srvcounter;
}
sub getusedin
{
my $searchstring=shift;
my $titletext="";
my $groups=();
my $rules=();
#Count services used in Network/Host group
my $servicegrouptext="";
foreach my $key (keys %customgrp) {
if($customgrp{$key}[2] eq $searchstring){
$servicegrouptext = "$Lang::tr{'fwhost cust grp'}:";
}
}
foreach my $key (keys %customgrp) {
if($customgrp{$key}[2] eq $searchstring){
$servicegrouptext .= "&#010- $customgrp{$key}[0]";
}
}
#Count services used in firewall - config
my $fwfwtext="";
# first set title if found
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[4] eq $searchstring){
$fwfwtext = "$Lang::tr{'firewall rules'}:";
}
if($fwfwd{$key1}[6] eq $searchstring){
$fwfwtext = "$Lang::tr{'firewall rules'}:";
}
}
# then add rule numbers
my @fwfwrules = ();
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[4] eq $searchstring){
push(@fwfwrules, $key1);
}
if($fwfwd{$key1}[6] eq $searchstring){
push(@fwfwrules, $key1);
}
}
my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
foreach my $rule (@fwfwarraysorted)
{
$fwfwtext .= "&#010- $rule";
}
#Count services used in firewall - input
my $fwintext="";
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[4] eq $searchstring){
$fwintext = "$Lang::tr{'incoming firewall access'}:";
}
if($fwinp{$key2}[6] eq $searchstring){
$fwintext = "$Lang::tr{'incoming firewall access'}:";
}
}
my @fwinrules = ();
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[4] eq $searchstring){
push(@fwinrules, $key2);
}
if($fwinp{$key2}[6] eq $searchstring){
push(@fwinrules, $key2);
}
}
my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
foreach my $rule (@fwinarraysorted)
{
$fwintext .= "&#010- $rule";
}
#Count services used in firewall - outgoing
my $fwouttext="";
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[4] eq $searchstring){
$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
}
if($fwout{$key3}[6] eq $searchstring){
$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
}
}
my @fwoutrules = ();
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[4] eq $searchstring){
push(@fwoutrules, $key3);
}
if($fwout{$key3}[6] eq $searchstring){
push(@fwoutrules, $key3);
}
}
my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
foreach my $rule (@fwoutarraysorted)
{
$fwouttext .= "&#010- $rule";
}
if ($servicegrouptext) {
$titletext .= "$servicegrouptext"
}
if ($fwfwtext) {
if ($titletext) {
$titletext .= "&#010 "
}
$titletext .= "$fwfwtext"
}
if ($fwintext) {
if ($titletext) {
$titletext .= "&#010 "
}
$titletext .= "$fwintext"
}
if ($fwouttext) {
if ($titletext) {
$titletext .= "&#010 "
}
$titletext .= "$fwouttext"
}
return $titletext
}
sub getsrvcount
{
my $searchstring=shift;
@@ -3106,100 +2818,6 @@ sub getsrvcount
}
return $srvcounter;
}
sub getsrvusedin
{
my $searchstring=shift;
my $titletext="";
#Count services used in servicegroups
my $servicegrouptext="";
foreach my $key (keys %customservicegrp) {
if($customservicegrp{$key}[2] eq $searchstring){
$servicegrouptext = "$Lang::tr{'outgoing firewall access'}:";
}
}
foreach my $key (keys %customservicegrp) {
if($customservicegrp{$key}[2] eq $searchstring){
$servicegrouptext .= "&#010- $customservicegrp{$key}[0]";
}
}
my $fwfwtext="";
# first set title if found
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[15] eq $searchstring){
$fwfwtext = "$Lang::tr{'firewall rules'}:";
}
}
# then add rule numbers
my @fwfwrules = ();
foreach my $key1 (keys %fwfwd) {
if($fwfwd{$key1}[15] eq $searchstring){
push(@fwfwrules, $key1);
}
}
my @fwfwarraysorted = sort { $a <=> $b } @fwfwrules;
foreach my $rule (@fwfwarraysorted)
{
$fwfwtext .= "&#010- $rule";
}
#Count services used in firewall - input
my $fwintext="";
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[15] eq $searchstring){
$fwintext = "$Lang::tr{'incoming firewall access'}:";
}
}
my @fwinrules = ();
foreach my $key2 (keys %fwinp) {
if($fwinp{$key2}[15] eq $searchstring){
push(@fwinrules, $key2);
}
}
my @fwinarraysorted = sort { $a <=> $b } @fwinrules;
foreach my $rule (@fwinarraysorted)
{
$fwintext .= "&#010- $rule";
}
#Count services used in firewall - outgoing
my $fwouttext="";
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[15] eq $searchstring){
$fwouttext = "$Lang::tr{'outgoing firewall access'}:";
}
}
my @fwoutrules = ();
foreach my $key3 (keys %fwout) {
if($fwout{$key3}[15] eq $searchstring){
push(@fwoutrules, $key3);
}
}
my @fwoutarraysorted = sort { $a <=> $b } @fwoutrules;
foreach my $rule (@fwoutarraysorted)
{
$fwouttext .= "&#010- $rule";
}
if ($servicegrouptext ne '') {
$titletext .= "$servicegrouptext";
}
if ($fwfwtext ne '') {
if ($titletext) {
$titletext .= "&#010 ";
}
$titletext .= "$fwfwtext";
}
if ($fwintext ne '') {
if ($titletext) {
$titletext .= "&#010 ";
}
$titletext .= "$fwintext";
}
if ($fwouttext) {
if ($titletext ne '') {
$titletext .= "&#010 ";
}
$titletext .= "$fwouttext";
}
return $titletext
}
sub deletefromgrp
{
my $target=shift;
@@ -3342,23 +2960,6 @@ sub getipforgroup
&deletefromgrp($name,$configgrp);
}
# WireGuard Peers
if ($type eq "wg_peer") {
my $peer = &Wireguard::get_peer_by_name($name);
if (defined $peer) {
my @addresses = ();
if ($peer->{"TYPE"} eq "host") {
push(@addresses, @{ $peer->{"CLIENT_ADDRESS"} });
} elsif ($peer->{"TYPE"} eq "net") {
push(@addresses, @{ $peer->{"REMOTE_SUBNETS"} });
}
return join(", ", @addresses);
}
}
#get address from ovpn ccd Net-2-Net
if ($type eq 'OpenVPN N-2-N'){
foreach my $key (keys %ccdhost) {
@@ -3435,9 +3036,6 @@ sub getipforgroup
&General::readhash("${General::swroot}/ethernet/settings",\%hash);
return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'};
}
if ($name eq "WGRW") {
return $Wireguard::settings{'CLIENT_POOL'};
}
if ($name eq 'ALL'){
return "0.0.0.0/0";
}

289
html/cgi-bin/haproxy.cgi
View File

@@ -1,289 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use experimental 'smartmatch';
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
our %hasettings=();
our %netsettings=();
my %mainsettings=();
my %timesettings=();
my $setting = "${General::swroot}/haproxy/settings";
my $configsetting = "${General::swroot}/haproxy/config";
my $loxilbipfile = "${General::swroot}/loxilb/ipconfigfile";
# because we need commas in the some data
my $errormessage = '';
#remove 'ENABLE_HA' from '/var/ipfire/haproxy/settings' as it could affect haproxy running state
my @nosaved=('ENABLE_HAPROXY');
my %color = ();
$hasettings{'ENABLE_HAPROXY'} = 'off';
&Header::showhttpheaders();
my @MODE= ('tcp', 'http');
#Settings1 for the first screen box
$hasettings{"mode"} = '';
$hasettings{"bind"} = '';
# Read Ipcop settings
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
#Get GUI values
&Header::getcgihash(\%hasettings);
if ($hasettings{'ACTION'} eq $Lang::tr{'enable'})
{
#remove @nosaved from $hasettings before writehash to 'configsettings' file since 'configsetting' is only for haproxy running state
my @nosaved = ("mode", "bind", "ENABLE_HAPROXY");
map (delete ($hasettings{$_}) ,(@nosaved));
&General::writehash("$configsetting", \%hasettings);
if ($hasettings{'ENABLE_HAPROXY'} eq 'on') {
&General::system('/usr/bin/touch', "${General::swroot}/haproxy/enable_ha");
&General::system('/usr/local/bin/haproxyctrl', 'start');
} else {
&General::system('/usr/local/bin/haproxyctrl', 'stop');
unlink "${General::swroot}/haproxy/enable_ha";
}
}
# Check Settings1 first because they are needed by &buildconf
if ($hasettings{'ACTION'} eq $Lang::tr{'save'}) {
if ($hasettings{"mode"} eq '') {
$errormessage = "mode" . " is $Lang::tr{'required field'}";
goto ERROR;
}
if ($hasettings{"bind"} eq '') {
$errormessage = "bind" . " is $Lang::tr{'required field'}";
goto ERROR;
}
map (delete ($hasettings{$_}) ,@nosaved,'ACTION','KEY1','KEY2','q'); # Must not be saved
&General::writehash($setting, \%hasettings); # Save good settings
$hasettings{'ACTION'} = $Lang::tr{'save'}; # create an 'ACTION'
map ($hasettings{$_} = '',@nosaved,'KEY1','KEY2'); # and reinit vars to empty
&buildconf;
ERROR:
}
if ($hasettings{'ACTION'} eq '' ) { # First launch from GUI
$hasettings{"mode"} = '';
$hasettings{"bind"} = '';
}
### START PAGE ###
&Header::openpage($Lang::tr{'haproxy configuration'}, 1, $Header::extraHead);
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
# Read configuration file.
&General::readhash("$configsetting", \%hasettings);
# Checkbox pre-selection.
my $checked;
if ($hasettings{'ENABLE_HA'} eq "on") {
$checked = "checked='checked'";
}
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my @status = &General::system_output('/usr/local/bin/haproxyctrl', 'status');
if (grep(/is running/, @status)){
$sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
}
&Header::openbox('100%', 'center', $Lang::tr{'haproxy status'});
print <<END;
<table width='100%'>
<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<tr><td class='boldbase'>$Lang::tr{'haproxy status'}</td>
<td align='left'>$sactive</td>
</tr>
<tr>
<td colspan='4'>&nbsp;</td>
</tr>
<tr>
<td width='100%' class='boldbase'>$Lang::tr{'enable'}
<td align='left'><input type='checkbox' name='ENABLE_HA' $checked></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'enable'}'></td>
</tr>
END
print "</form> </table>\n";
&Header::closebox();
#
&General::readhash($setting, \%hasettings); # Get saved settings and reset to good if needed
&Header::openbox('100%', 'left', $Lang::tr{'haproxy config'});
print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
my %checked = ();
print <<END;
<table width='100%'>
<tr>
<td width='25%' class='base'>$Lang::tr{'haproxy mode'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='mode' value='$hasettings{"mode"}' /></td>
</tr>
<tr>
<td width='25%' class='base'>$Lang::tr{'haproxy bind'}&nbsp;<img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='bind' value='$hasettings{"bind"}' /></td>
</tr>
</table>
<hr />
END
print <<END;
<table width='100%'>
<tr>
<td class='base' width='25%'><img src='/blob.gif' align='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td>
<td width='40%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
</form>
END
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
# Build the configuration file mixing settings, fixed leases and advanced options
sub buildconf {
open(FILE, ">/${General::swroot}/haproxy/haproxy.cfg") or die "Unable to write haproxy.cfg file";
flock(FILE, 2);
# Global settings
print FILE <<EOF;
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user nobody
group nobody
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
EOF
print FILE <<EOF;
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
EOF
close(FILE);
&General::system_background('/usr/local/bin/haproxyctrl', 'restart');
}

5
html/cgi-bin/ids.cgi
View File

@@ -1404,10 +1404,7 @@ print <<END;
<td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
<td width='30%'>$Lang::tr{'remark'}: </td>
<td>
<input type='text' name=IGNORE_ENTRY_REMARK
value='@{[ &Header::escape($entry_remark) ]}' size='24' />
</td>
<td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
<td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
</tr>
</form>

35
html/cgi-bin/index.cgi
View File

@@ -30,7 +30,6 @@ use Sort::Naturally;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/wireguard-functions.pl";
require "/opt/pakfire/lib/functions.pl";
my %cgiparams=();
@@ -343,7 +342,7 @@ if (&Header::orange_used()) {
<a href='/cgi-bin/firewall.cgi' style='color:white'><b>$Lang::tr{'dmz'}</b></a>
</td>
<td style='width:30%; text-align:center;'>$netsettings{'ORANGE_ADDRESS'}/$sub</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
</tr>
END
}
@@ -355,7 +354,7 @@ print<<END;
<a href='/cgi-bin/vpnmain.cgi' style='color:white'><b>$Lang::tr{'ipsec'}</b></a>
</td>
<td style='width:30%; text-align:center;'></td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
</tr>
END
}
@@ -376,26 +375,10 @@ print <<END;
<a href='/cgi-bin/ovpnmain.cgi' style='color:white'><b>OpenVPN</b></a>
</td>
<td style='width:30%; text-align:center;'>$ovpnip</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>Online</td>
</tr>
END
}
# Show WireGuard status
if (&Wireguard::is_enabled()) {
my $network = $Wireguard::settings{'CLIENT_POOL'};
print<<END;
<tr>
<td style='width:25%; text-align:center; background-color:$Header::colourwg;'>
<a href='/cgi-bin/wireguard.cgi' style='color:white'><b>$Lang::tr{'wireguard'}</b></a>
</td>
<td style='width:30%; text-align:center;'>$network</td>
<td style='width:45%; text-align:center; color:$Header::colourgreen;'>$Lang::tr{'online'}</td>
</tr>
END
}
}
print"</table>";
&Header::closebox();
@@ -553,6 +536,11 @@ END
&Header::closebox();
}
# Fireinfo
if ( ! -e "/var/ipfire/main/send_profile") {
$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
}
# EOL architecture
my ($sysname, $nodename, $release, $version, $machine) = &POSIX::uname();
if ($machine =~ m/^arm/) {
@@ -616,6 +604,11 @@ if ($warnmessage) {
&Header::closebox();
}
my %coredb = &Pakfire::coredbinfo();
if (defined $coredb{'AvailableRelease'}) {
print "<br /><br /><br /><a href='pakfire.cgi'>$Lang::tr{'core notice 1'} $coredb{'Release'} $Lang::tr{'core notice 2'} $coredb{'AvailableRelease'} $Lang::tr{'core notice 3'}</a>";
}
if ( -e "/var/run/need_reboot" ) {
print "<div style='text-align:center; color:red;'>";
print "<br/><br/>$Lang::tr{'needreboot'}!";

4
html/cgi-bin/keepalived.cgi
View File

@@ -194,7 +194,9 @@ print <<END;
<td align='left'>$sactive</td>
<td align='center'>$hastate</td>
<td align='right'>
<input type='submit' value='Refresh'>
<form method='GET' action='$ENV{'SCRIPT_NAME'}'>
<input type='submit' value='Refresh'>
</form>
</td>
</tr>
<tr>

92
html/cgi-bin/location-block.cgi
View File

@@ -37,7 +37,6 @@ my %color = ();
my %mainsettings = ();
my %settings = ();
my %cgiparams = ();
my $errormessage='';
# Read configuration file.
&General::readhash("$settingsfile", \%settings);
@@ -64,44 +63,30 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
# Loop through our locations array to prevent from
# non existing countries or code.
foreach my $cn (@locations) {
# Get the current setting for the country (on/off)
my $current_status = $settings{$cn};
# Determine if the country should be blocked based on CGI input
my $new_status = exists $cgiparams{$cn} ? "on" : "off";
# Update settings based on the user input
$settings{$cn} = $new_status;
# If the new status is "on" and the current status was "off", add the country's IPs
if ($new_status eq "on" && $current_status eq "off") {
# Call function to add IPs for this country to the eBPF map
&add_country_ips($cn);
} # If the new status is "off" and the current status was "on", remove the country's IPs
elsif ($new_status eq "off" && $current_status eq "on") {
# Call function to remove IPs for this country from the eBPF map
&remove_country_ips($cn);
# Check if blocking for this country should be enabled/disabled.
if (exists $cgiparams{$cn}) {
$settings{$cn} = "on";
} else {
$settings{$cn} = "off";
}
}
&General::writehash("$settingsfile", \%settings);
# Check if we want to disable locationblock.
if ( $settings{'LOCATIONBLOCK_ENABLED'} eq "on" ) {
&General::system('/usr/local/bin/xdpgeoipctrl', 'start');
} else {
&General::system('/usr/local/bin/xdpgeoipctrl', 'stop');
}
# Mark the firewall config as changed.
&General::firewall_config_changed();
# Assign reload notice.
$notice = $Lang::tr{'fw rules reload notice'};
}
&Header::openpage($Lang::tr{'locationblock configuration'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
&Header::closebox();
# Print notice that a firewall reload is required.
if ($notice) {
&Header::openbox('100%', 'left', $Lang::tr{'notice'});
print "<font class='base'>$notice</font>";
&Header::closebox();
}
# Checkbox pre-selection.
@@ -284,50 +269,3 @@ print"</form>\n";
&Header::closebigbox();
&Header::closepage();
sub add_country_ips {
my ($set) = @_;
# Libloc adds the IP type (v4 or v6) as part of the set and file name.
my $loc_set = "$set" . "v4";
# The bare filename equals the set name.
my $filename = $loc_set;
# Libloc uses "ipset" as file extension.
my $file_extension = "ipset";
# Generate full path and filename for the ipset db file.
my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension";
my @options;
my $command = 'xdp_geoip';
push(@options, "add", $db_file, $set);
&General::system_output($command, @options);
#my @output = &General::system_output($command, @options);
#$errormessage = join('', @output);
}
sub remove_country_ips {
my ($set) = @_;
# Libloc adds the IP type (v4 or v6) as part of the set and file name.
my $loc_set = "$set" . "v4";
# The bare filename equals the set name.
my $filename = $loc_set;
# Libloc uses "ipset" as file extension.
my $file_extension = "ipset";
# Generate full path and filename for the ipset db file.
my $db_file = "$Location::Functions::ipset_db_directory/$filename.$file_extension";
my @options;
my $command = 'xdp_geoip';
push(@options, "delete", $db_file, $set);
&General::system_output($command, @options);
#my @output = &General::system_output($command, @save_options);
#$errormessage = join('', @output);
}

4
html/cgi-bin/logs.cgi/calamaris.dat
View File

@@ -170,10 +170,6 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'})
if ($reportsettings{'RUN_BACKGROUND'} eq 'on') { $commandline.=" &"; }
if (!($commandline =~ /^[a-zA-Z0-9-\s]+$/))
{
die "Invalid input in\"$commandline\"";
}
system("${General::swroot}/proxy/calamaris/bin/mkreport $commandline")
}

29
html/cgi-bin/logs.cgi/config.dat
View File

@@ -1,23 +1,13 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
#
# IPFire CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The IPFire Team
#
# $Id: config.dat,v 1.2.2.10 2005/06/14 12:32:07 eoberlander Exp $
#
use strict;
@@ -153,7 +143,6 @@ END
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'remote logging'});
$logsettings{'REMOTELOG_ADDR'} = &Header::escape($logsettings{'REMOTELOG_ADDR'});
print <<END
<table width='100%'>
<tr>

32
html/cgi-bin/logs.cgi/firewalllogcountry.dat
View File

@@ -1,23 +1,14 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
#
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# JC HERITIER
# page inspired from the initial firewalllog.dat
#
# Modified for IPFire by Christian Schmidt
# and Michael Tremer (www.ipfire.org)
use strict;
use Getopt::Std;
@@ -279,8 +270,7 @@ print <<END
</tr>
<tr>
<td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td>
<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>

32
html/cgi-bin/logs.cgi/firewalllogip.dat
View File

@@ -1,23 +1,14 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
#
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# JC HERITIER
# page inspired from the initial firewalllog.dat
#
# Modified for IPFire by Christian Schmidt
# and Michael Tremer (www.ipfire.org)
use strict;
use Getopt::Std;
@@ -281,8 +272,7 @@ print <<END
</tr>
<tr>
<td colspan='3' align='left' valign="left">$Lang::tr{'Number of IPs for the pie chart'}:</td>
<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>

4
html/cgi-bin/logs.cgi/ovpnclients.dat
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2020 - 2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -141,7 +141,7 @@ my $database_query = qq(
ORDER BY common_name, duration DESC;
);
if (($cgiparams{'CONNECTION_NAME'}) && ($cgiparams{'CONNECTION_NAME'} =~ /^[a-zA-Z0-9]+$/)) {
if ($cgiparams{'CONNECTION_NAME'}) {
$database_query = qq(
SELECT common_name, DATETIME(connected_at, 'localtime'), DATETIME(disconnected_at, 'localtime'), bytes_received, bytes_sent,
STRFTIME('%s', DATETIME(disconnected_at)) - STRFTIME('%s', DATETIME(connected_at)) AS duration FROM sessions

411
html/cgi-bin/logs.cgi/wireguardlog.dat
View File

@@ -1,411 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2025 LoongFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use Getopt::Std;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
use POSIX();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table2colour} );
undef (@dummy);
my %cgiparams=();
my %logsettings=();
my $errormessage = '';
my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
'Sep', 'Oct', 'Nov', 'Dec' );
my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
$Lang::tr{'december'} );
my @now = localtime();
my $dow = $now[6];
my $doy = $now[7];
my $tdoy = $now[7];
my $year = $now[5]+1900;
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
$cgiparams{'ACTION'} = '';
&Header::getcgihash(\%cgiparams);
$logsettings{'LOGVIEW_REVERSE'} = 'off';
&General::readhash("${General::swroot}/logging/settings", \%logsettings);
${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
{
my @temp = split(',',$ENV{'QUERY_STRING'});
$start = $temp[0];
$cgiparams{'MONTH'} = $temp[1];
$cgiparams{'DAY'} = $temp[2];
}
if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
{
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
}
elsif($cgiparams{'ACTION'} eq '>>')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
## Retrieve the same time on the next day +
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]+1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
elsif($cgiparams{'ACTION'} eq '<<')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
## Retrieve the same time on the next day -
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]-1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
my $gzindex;
my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
{
my $xday;
# Calculate time. If future date, calculate for past year !!!
if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
( $cgiparams{'MONTH'} > $now[4] ) ) {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
} else {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
}
# calculate end of active week (saturday 23H59)
my @then = ();
@then = localtime(time());
my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
$sunday += (6-$then[6]) * 86400;
# Convert delta in second to full weeks
$gzindex = int (($sunday-$xday)/604800 );
}
my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
my $lines = 0;
my @log=();
my $loop = 1;
my $filestr = 0;
my $lastdatetime; # for debug
my $search_for_end = 0;
while ($gzindex >=0 && $loop) {
# calculate file name
if ($gzindex == 0) {
$filestr = "/var/log/messages";
} else {
$filestr = "/var/log/messages.$gzindex";
$filestr = "$filestr.gz" if -f "$filestr.gz";
}
# now read file if existing
if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
#&General::log("reading $filestr");
READ:while (<FILE>) {
my $line = $_;
if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ wireguard-handshake\[\d+\]:.*$/) {
# when standart viewing, just keep in memory the correct slice
# it starts a '$start' and size is $viewport
# If export, then keep all lines...
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
$log[$lines++] = "$line";
} else {
if ($lines++ < ($start + $Header::viewsize)) {
push(@log,"$line");
if (@log > $Header::viewsize) {
shift (@log);
}
#} else { dont do this optimisation, need to count lines !
# $datetime = $maxtime; # we have read viewsize lines, stop main loop
# last READ; # exit read file
}
}
$search_for_end = 1; # we find the start of slice, can look for end now
} else {
if ($search_for_end == 1) {
#finish read files when date is over (test month equality only)
$line =~ /^(...) (..) ..:..:..*$/;
$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
}
}
}
close (FILE);
}
$gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
# for a long time
}# while
# $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
{
print "Content-type: text/plain\n\n";
print "Wireguard handshake log\r\n";
print "$Lang::{'date'}: $date\r\n\r\n";
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
foreach $_ (@log)
{
/^... (..) (..:..:..) [\w\-]+ wireguard-handshake\[\d+\]: .*?\((\d+\.\d+\.\d+\.\d+:\d+)\)$/;
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
my $peer = $3;
print "$time $peer\r\n";
}
exit 0;
}
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'wg log'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base'>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
<td width='10%'>
<select name='MONTH'>
END
;
for (my $month = 0; $month < 12; $month++)
{
print "\t<option ";
if ($month == $cgiparams{'MONTH'}) {
print "selected='selected' ";
}
print "value='$month'>$longmonths[$month]</option>\n";
}
print <<END
</select>
</td>
<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
<td width='40%'>
<select name='DAY'>
END
;
print "<option value='0'>$Lang::tr{'all'}</option>\n";
for (my $day = 1; $day <= 31; $day++)
{
print "\t<option ";
if ($day == $cgiparams{'DAY'}) {
print "selected='selected' ";
}
print "value='$day'>$day</option>\n";
}
print <<END
</select>
</td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
</tr>
</table>
</form>
END
;
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'log'});
print "<p><b>$Lang::tr{'wg hits'} $date: $lines</b></p>";
my $lastPageIndex = $lines - ${Header::viewsize};
$start = $lastPageIndex if ($start >= $lastPageIndex);
$start = 0 if ($start < 0);
my $prev;
if ($start == 0) {
$prev = -1;
} else {
$prev = $start - ${Header::viewsize};
$prev = 0 if ( $prev < 0);
}
my $next;
if ($start == $lastPageIndex) {
$next = -1;
} else {
$next = $start + ${Header::viewsize};
$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
}
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
if ($lines != 0) { &oldernewer(); }
print <<END
<table width='100%' class='tbl'>
<tr>
<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
<th align='center' class='boldbase'><b>$Lang::tr{'wg peer'}</b></th>
</tr>
END
;
$lines = 0;
foreach $_ (@log)
{
my ($day, $time, $srcaddr);
if ($_ =~ /^... (..) (..:..:..) [\w\-]+ wireguard-handshake\[\d+\]: .*?\((\d+\.\d+\.\d+\.\d+:\d+)\)$/) {
$day = $1;
$day =~ tr / /0/;
$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
$srcaddr = $3;
}
my $col="";
if ($lines % 2) {
print "<tr>";
$col="bgcolor='$color{'color20'}'";
}
else {
print "<tr>";
$col="bgcolor='$color{'color22'}'";
}
print <<END
<td align='center' $col>$time</td>
<td align='center' $col>$srcaddr</td>
END
;
print <<END
</tr>
END
;
$lines++;
}
print "</table>";
&oldernewer();
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
sub oldernewer
{
print <<END
<table width='100%'>
<tr>
END
;
print "<td align='center' width='50%'>";
if ($prev != -1) {
print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
}
else {
print "$Lang::tr{'first'} $Lang::tr{'older'}";
}
print "</td>\n";
print "<td align='center' width='50%'>";
if ($next >= 0) {
print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
print "<a href='/cgi-bin/logs.cgi/wireguardlog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
}
else {
print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
}
print "</td>\n";
print <<END
</tr>
</table>
END
;
}

414
html/cgi-bin/logs.cgi/xdpdnslog.dat
View File

@@ -1,414 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use Getopt::Std;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
use POSIX();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table2colour} );
undef (@dummy);
my %cgiparams=();
my %logsettings=();
my $errormessage = '';
my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
'Sep', 'Oct', 'Nov', 'Dec' );
my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
$Lang::tr{'december'} );
my @now = localtime();
my $dow = $now[6];
my $doy = $now[7];
my $tdoy = $now[7];
my $year = $now[5]+1900;
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
$cgiparams{'ACTION'} = '';
&Header::getcgihash(\%cgiparams);
$logsettings{'LOGVIEW_REVERSE'} = 'off';
&General::readhash("${General::swroot}/logging/settings", \%logsettings);
${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
{
my @temp = split(',',$ENV{'QUERY_STRING'});
$start = $temp[0];
$cgiparams{'MONTH'} = $temp[1];
$cgiparams{'DAY'} = $temp[2];
}
if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
{
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
}
elsif($cgiparams{'ACTION'} eq '>>')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
## Retrieve the same time on the next day +
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]+1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
elsif($cgiparams{'ACTION'} eq '<<')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
## Retrieve the same time on the next day -
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]-1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
my $gzindex;
my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
{
my $xday;
# Calculate time. If future date, calculate for past year !!!
if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
( $cgiparams{'MONTH'} > $now[4] ) ) {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
} else {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
}
# calculate end of active week (saturday 23H59)
my @then = ();
@then = localtime(time());
my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
$sunday += (6-$then[6]) * 86400;
# Convert delta in second to full weeks
$gzindex = int (($sunday-$xday)/604800 );
}
my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
my $lines = 0;
my @log=();
my $loop = 1;
my $filestr = 0;
my $lastdatetime; # for debug
my $search_for_end = 0;
while ($gzindex >=0 && $loop) {
# calculate file name
if ($gzindex == 0) {
$filestr = "/var/log/messages";
} else {
$filestr = "/var/log/messages.$gzindex";
$filestr = "$filestr.gz" if -f "$filestr.gz";
}
# now read file if existing
if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
#&General::log("reading $filestr");
READ:while (<FILE>) {
my $line = $_;
if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ qname_logger\[\d+\]:.*$/) {
# when standart viewing, just keep in memory the correct slice
# it starts a '$start' and size is $viewport
# If export, then keep all lines...
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
$log[$lines++] = "$line";
} else {
if ($lines++ < ($start + $Header::viewsize)) {
push(@log,"$line");
if (@log > $Header::viewsize) {
shift (@log);
}
#} else { dont do this optimisation, need to count lines !
# $datetime = $maxtime; # we have read viewsize lines, stop main loop
# last READ; # exit read file
}
}
$search_for_end = 1; # we find the start of slice, can look for end now
} else {
if ($search_for_end == 1) {
#finish read files when date is over (test month equality only)
$line =~ /^(...) (..) ..:..:..*$/;
$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
}
}
}
close (FILE);
}
$gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
# for a long time
}# while
# $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
{
print "Content-type: text/plain\n\n";
print "BPFire XDP DNS log\r\n";
print "$Lang::{'date'}: $date\r\n\r\n";
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
foreach $_ (@log)
{
/^... (..) (..:..:..) [\w\-]+ qname_logger\[\d+\]: Received qname: (.*) from source IP: (.*)$/;
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
my $domain = $3;
print "$time $domain $4\r\n";
}
exit 0;
}
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'xdpdns log'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base'>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
<td width='10%'>
<select name='MONTH'>
END
;
for (my $month = 0; $month < 12; $month++)
{
print "\t<option ";
if ($month == $cgiparams{'MONTH'}) {
print "selected='selected' ";
}
print "value='$month'>$longmonths[$month]</option>\n";
}
print <<END
</select>
</td>
<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
<td width='40%'>
<select name='DAY'>
END
;
print "<option value='0'>$Lang::tr{'all'}</option>\n";
for (my $day = 1; $day <= 31; $day++)
{
print "\t<option ";
if ($day == $cgiparams{'DAY'}) {
print "selected='selected' ";
}
print "value='$day'>$day</option>\n";
}
print <<END
</select>
</td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
</tr>
</table>
</form>
END
;
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'log'});
print "<p><b>$Lang::tr{'xdpdns hits'} $date: $lines</b></p>";
my $lastPageIndex = $lines - ${Header::viewsize};
$start = $lastPageIndex if ($start >= $lastPageIndex);
$start = 0 if ($start < 0);
my $prev;
if ($start == 0) {
$prev = -1;
} else {
$prev = $start - ${Header::viewsize};
$prev = 0 if ( $prev < 0);
}
my $next;
if ($start == $lastPageIndex) {
$next = -1;
} else {
$next = $start + ${Header::viewsize};
$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
}
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
if ($lines != 0) { &oldernewer(); }
print <<END
<table width='100%' class='tbl'>
<tr>
<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
<th align='center' class='boldbase'><b>$Lang::tr{'domain name'}</b></th>
<th align='center' class='boldbase'><b>$Lang::tr{'source'}</b></th>
</tr>
END
;
$lines = 0;
foreach $_ (@log)
{
my ($day, $time, $domain, $srcaddr);
if ($_ =~ /^... (..) (..:..:..) [\w\-]+ qname_logger\[\d+\]: Received qname: (.*) from source IP: (.*)$/) {
$day = $1;
$day =~ tr / /0/;
$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
$domain = $3;
$srcaddr = $4;
}
my $col="";
if ($lines % 2) {
print "<tr>";
$col="bgcolor='$color{'color20'}'";
}
else {
print "<tr>";
$col="bgcolor='$color{'color22'}'";
}
print <<END
<td align='center' $col>$time</td>
<td align='center' $col>$domain</td>
<td align='center' $col>$srcaddr</td>
END
;
print <<END
</tr>
END
;
$lines++;
}
print "</table>";
&oldernewer();
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
sub oldernewer
{
print <<END
<table width='100%'>
<tr>
END
;
print "<td align='center' width='50%'>";
if ($prev != -1) {
print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
}
else {
print "$Lang::tr{'first'} $Lang::tr{'older'}";
}
print "</td>\n";
print "<td align='center' width='50%'>";
if ($next >= 0) {
print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
print "<a href='/cgi-bin/logs.cgi/xdpdnslog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
}
else {
print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
}
print "</td>\n";
print <<END
</tr>
</table>
END
;
}

414
html/cgi-bin/logs.cgi/xdpsnilog.dat
View File

@@ -1,414 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use Getopt::Std;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
use POSIX();
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::table2colour} );
undef (@dummy);
my %cgiparams=();
my %logsettings=();
my $errormessage = '';
my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
'Sep', 'Oct', 'Nov', 'Dec' );
my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'},
$Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'},
$Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'},
$Lang::tr{'december'} );
my @now = localtime();
my $dow = $now[6];
my $doy = $now[7];
my $tdoy = $now[7];
my $year = $now[5]+1900;
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
$cgiparams{'ACTION'} = '';
&Header::getcgihash(\%cgiparams);
$logsettings{'LOGVIEW_REVERSE'} = 'off';
&General::readhash("${General::swroot}/logging/settings", \%logsettings);
${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150;
my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display
if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
{
my @temp = split(',',$ENV{'QUERY_STRING'});
$start = $temp[0];
$cgiparams{'MONTH'} = $temp[1];
$cgiparams{'DAY'} = $temp[2];
}
if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
!($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/))
{
$cgiparams{'DAY'} = $now[3];
$cgiparams{'MONTH'} = $now[4];
}
elsif($cgiparams{'ACTION'} eq '>>')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) + 86400);
## Retrieve the same time on the next day +
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]+1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
elsif($cgiparams{'ACTION'} eq '<<')
{
my @temp_then=();
my @temp_now = localtime(time);
$temp_now[4] = $cgiparams{'MONTH'};
$temp_now[3] = $cgiparams{'DAY'};
if ($cgiparams{'DAY'}) {
@temp_then = localtime(POSIX::mktime(@temp_now) - 86400);
## Retrieve the same time on the next day -
## 86400 seconds in a day
} else {
$temp_now[3] = 1;
$temp_now[4] = ($temp_now[4]-1) %12;
@temp_then = localtime(POSIX::mktime(@temp_now) );
$temp_then[3] = 0;
}
$cgiparams{'MONTH'} = $temp_then[4];
$cgiparams{'DAY'} = $temp_then[3];
}
# Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log
my $gzindex;
my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
{
my $xday;
# Calculate time. If future date, calculate for past year !!!
if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) ||
( $cgiparams{'MONTH'} > $now[4] ) ) {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1);
} else {
$xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 );
$date = "$longmonths[$cgiparams{'MONTH'}] $date, $year";
}
# calculate end of active week (saturday 23H59)
my @then = ();
@then = localtime(time());
my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]);
$sunday += (6-$then[6]) * 86400;
# Convert delta in second to full weeks
$gzindex = int (($sunday-$xday)/604800 );
}
my $monthstr = $shortmonths[$cgiparams{'MONTH'}];
my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}";
my $lines = 0;
my @log=();
my $loop = 1;
my $filestr = 0;
my $lastdatetime; # for debug
my $search_for_end = 0;
while ($gzindex >=0 && $loop) {
# calculate file name
if ($gzindex == 0) {
$filestr = "/var/log/messages";
} else {
$filestr = "/var/log/messages.$gzindex";
$filestr = "$filestr.gz" if -f "$filestr.gz";
}
# now read file if existing
if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) {
#&General::log("reading $filestr");
READ:while (<FILE>) {
my $line = $_;
if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ sni_logger\[\d+\]:.*$/) {
# when standart viewing, just keep in memory the correct slice
# it starts a '$start' and size is $viewport
# If export, then keep all lines...
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){
$log[$lines++] = "$line";
} else {
if ($lines++ < ($start + $Header::viewsize)) {
push(@log,"$line");
if (@log > $Header::viewsize) {
shift (@log);
}
#} else { dont do this optimisation, need to count lines !
# $datetime = $maxtime; # we have read viewsize lines, stop main loop
# last READ; # exit read file
}
}
$search_for_end = 1; # we find the start of slice, can look for end now
} else {
if ($search_for_end == 1) {
#finish read files when date is over (test month equality only)
$line =~ /^(...) (..) ..:..:..*$/;
$loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) );
}
}
}
close (FILE);
}
$gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped
# for a long time
}# while
# $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
{
print "Content-type: text/plain\n\n";
print "BPFire XDP TLS/SSL Web Access log\r\n";
print "$Lang::{'date'}: $date\r\n\r\n";
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
foreach $_ (@log)
{
/^... (..) (..:..:..) [\w\-]+ sni_logger\[\d+\]: Received SNI: (.*) from source IP: (.*)$/;
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
my $domain = $3;
print "$time $domain $4\r\n";
}
exit 0;
}
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'xdpsni log'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base'>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
&Header::openbox('100%', 'left', "$Lang::tr{'settings'}");
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<tr>
<td width='10%' class='base'>$Lang::tr{'month'}:&nbsp;</td>
<td width='10%'>
<select name='MONTH'>
END
;
for (my $month = 0; $month < 12; $month++)
{
print "\t<option ";
if ($month == $cgiparams{'MONTH'}) {
print "selected='selected' ";
}
print "value='$month'>$longmonths[$month]</option>\n";
}
print <<END
</select>
</td>
<td width='10%' class='base' align='right'>&nbsp;$Lang::tr{'day'}:&nbsp;</td>
<td width='40%'>
<select name='DAY'>
END
;
print "<option value='0'>$Lang::tr{'all'}</option>\n";
for (my $day = 1; $day <= 31; $day++)
{
print "\t<option ";
if ($day == $cgiparams{'DAY'}) {
print "selected='selected' ";
}
print "value='$day'>$day</option>\n";
}
print <<END
</select>
</td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='&lt;&lt;' /></td>
<td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='&gt;&gt;' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
<td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td>
</tr>
</table>
</form>
END
;
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'log'});
print "<p><b>$Lang::tr{'xdpsni hits'} $date: $lines</b></p>";
my $lastPageIndex = $lines - ${Header::viewsize};
$start = $lastPageIndex if ($start >= $lastPageIndex);
$start = 0 if ($start < 0);
my $prev;
if ($start == 0) {
$prev = -1;
} else {
$prev = $start - ${Header::viewsize};
$prev = 0 if ( $prev < 0);
}
my $next;
if ($start == $lastPageIndex) {
$next = -1;
} else {
$next = $start + ${Header::viewsize};
$next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize});
}
if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; }
if ($lines != 0) { &oldernewer(); }
print <<END
<table width='100%' class='tbl'>
<tr>
<th align='center' class='boldbase'><b>$Lang::tr{'time'}</b></th>
<th align='center' class='boldbase'><b>$Lang::tr{'domain name'}</b></th>
<th align='center' class='boldbase'><b>$Lang::tr{'source'}</b></th>
</tr>
END
;
$lines = 0;
foreach $_ (@log)
{
my ($day, $time, $domain, $srcaddr);
if ($_ =~ /^... (..) (..:..:..) [\w\-]+ sni_logger\[\d+\]: Received SNI: (.*) from source IP: (.*)$/) {
$day = $1;
$day =~ tr / /0/;
$time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
$domain = $3;
$srcaddr = $4;
}
my $col="";
if ($lines % 2) {
print "<tr>";
$col="bgcolor='$color{'color20'}'";
}
else {
print "<tr>";
$col="bgcolor='$color{'color22'}'";
}
print <<END
<td align='center' $col>$time</td>
<td align='center' $col>$domain</td>
<td align='center' $col>$srcaddr</td>
END
;
print <<END
</tr>
END
;
$lines++;
}
print "</table>";
&oldernewer();
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
sub oldernewer
{
print <<END
<table width='100%'>
<tr>
END
;
print "<td align='center' width='50%'>";
if ($prev != -1) {
print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?0,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'first'}</a> ";
print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>";
}
else {
print "$Lang::tr{'first'} $Lang::tr{'older'}";
}
print "</td>\n";
print "<td align='center' width='50%'>";
if ($next >= 0) {
print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a> ";
print "<a href='/cgi-bin/logs.cgi/xdpsnilog.dat?$lastPageIndex,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'last'}</a>";
}
else {
print "$Lang::tr{'newer'} $Lang::tr{'last'} ";
}
print "</td>\n";
print <<END
</tr>
</table>
END
;
}

13
html/cgi-bin/loxilb.cgi
View File

@@ -457,24 +457,13 @@ sub manageIP {
}
sub SaveIP {
my @save_options;
my $command = 'loxicmd';
my $dir="/var/ipfire/loxilb/";
push(@save_options, "save", "--ip", "-c", $dir);
&General::system_output($command, @save_options);
#my @output = &General::system_output($command, @save_options);
#$errormessage = join('', @output);
}
sub CreateIP {
my (%settings) = @_;
manageIP("create", %settings);
&SaveIP;
}
sub DeleteIP {
my (%settings) = @_;
manageIP("delete", %settings);
&SaveIP;
}

12
html/cgi-bin/loxilbconfig.cgi
View File

@@ -650,16 +650,6 @@ sub SortDataFile
close (FILE);
}
sub SaveLB {
my @save_options;
my $command = 'loxicmd';
my $dir="/var/ipfire/loxilb/";
push(@save_options, "save", "--lb", "-c", $dir);
&General::system_output($command, @save_options);
#my @output = &General::system_output($command, @save_options);
#$errormessage = join('', @output);
}
#
# Build the configuration file
#
@@ -696,7 +686,6 @@ sub CreateLB {
push(@loxicmd_options, "--monitor");
}
&General::system($command, @loxicmd_options);
&SaveLB;
}
sub DeleteLB {
@@ -707,5 +696,4 @@ sub DeleteLB {
push(@loxicmd_options, "delete", "lb");
push(@loxicmd_options, "$name");
&General::system($command, @loxicmd_options);
&SaveLB;
}

13
html/cgi-bin/loxilbfw.cgi
View File

@@ -630,24 +630,13 @@ sub manageFW {
}
}
sub SaveFW {
my @save_options;
my $command = 'loxicmd';
my $dir="/var/ipfire/loxilb/";
push(@save_options, "save", "--firewall", "-c", $dir);
&General::system_output($command, @save_options);
#my @output = &General::system_output($command, @save_options);
#$errormessage = join('', @output);
}
sub CreateFW {
my (%settings) = @_;
manageFW("create", %settings);
&SaveFW;
}
sub DeleteFW {
my (%settings) = @_;
manageFW("delete", %settings);
&SaveFW;
}

8
html/cgi-bin/mail.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -218,13 +218,11 @@ END
</tr>
<tr>
<td>$Lang::tr{'email mailuser'}</td>
<td><input type='text' name='txt_mailuser'
value='@{[ &Header::escape($auth{'AUTHNAME'}) ]}' style='width:22em;'></td>
<td><input type='text' name='txt_mailuser' value='$auth{'AUTHNAME'}' style='width:22em;'></td>
</tr>
<tr>
<td>$Lang::tr{'email mailpass'}</td>
<td><input type='password' name='txt_mailpass'
value='@{[ &Header::escape($auth{'AUTHPASS'}) ]}' style='width:22em;' ></td>
<td><input type='password' name='txt_mailpass' value='$auth{'AUTHPASS'}' style='width:22em;' ></td>
</tr>
<tr>
<td>$Lang::tr{'email tls'}</td>

39
html/cgi-bin/proxy.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -20,6 +20,7 @@
###############################################################################
use strict;
use Apache::Htpasswd;
use Scalar::Util qw(looks_like_number);
# enable only the following on debugging purpose
@@ -955,8 +956,7 @@ if ($netsettings{'BLUE_DEV'}) {
}
print <<END
<td class='base'>$Lang::tr{'advproxy visible hostname'}:</td>
<td><input type='text' name='VISIBLE_HOSTNAME'
value='@{[ &Header::escape($proxysettings{'VISIBLE_HOSTNAME'}) ]}' /></td>
<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
</tr>
<tr>
END
@@ -1075,15 +1075,13 @@ print <<END
<td class='base'><a href='/cgi-bin/cachemgr.cgi' target='_blank'>$Lang::tr{'proxy cachemgr'}:</td>
<td><input type='checkbox' name='CACHEMGR' $checked{'CACHEMGR'}{'on'} /></td>
<td class='base'>$Lang::tr{'advproxy admin mail'}:</td>
<td><input type='text' name='ADMIN_MAIL_ADDRESS'
value='@{[ &Header::escape($proxysettings{'ADMIN_MAIL_ADDRESS'}) ]}' /></td>
<td><input type='text' name='ADMIN_MAIL_ADDRESS' value='$proxysettings{'ADMIN_MAIL_ADDRESS'}' /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'proxy filedescriptors'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='FILEDESCRIPTORS' value='$proxysettings{'FILEDESCRIPTORS'}' size='5' /></td>
<td class='base'>$Lang::tr{'proxy admin password'}:</td>
<td><input type='text' name='ADMIN_PASSWORD'
value='@{[ &Header::escape($proxysettings{'ADMIN_PASSWORD'}) ]}' /></td>
<td><input type='text' name='ADMIN_PASSWORD' value='$proxysettings{'ADMIN_PASSWORD'}' /></td>
</tr>
<tr>
<td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
@@ -3979,14 +3977,8 @@ END
print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
}
if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq ''))
{
print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n";
}
if (!($proxysettings{'ADMIN_PASSWORD'} eq ''))
{
print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n";
}
if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
print FILE "\n";
print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
@@ -4002,13 +3994,8 @@ END
# login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
{
$proxysettings{'UPSTREAM_USER'} = &Header::escape($proxysettings{'UPSTREAM_USER'});
print FILE " login=$proxysettings{'UPSTREAM_USER'}";
if ($proxy1 eq 'YES')
{
$proxysettings{'UPSTREAM_PASSWORD'} = &Header::escape($proxysettings{'UPSTREAM_PASSWORD'});
print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}";
}
if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
}
elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
@@ -4063,7 +4050,15 @@ sub adduser
close(FILE);
} else {
&deluser($str_user);
&General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$str_user", "$str_pass");
my %htpasswd_options = (
passwdFile => "$userdb",
UseMD5 => 1,
);
my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
$htpasswd->htpasswd($str_user, $str_pass);
}
if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");

26
html/cgi-bin/qos.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -652,7 +652,7 @@ if ($errormessage) {
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
END
;
if ( $message ne "" ) {
@@ -671,11 +671,9 @@ END
END
;
if (($qossettings{'OUT_SPD'} ne '') && ($qossettings{'INC_SPD'} ne '')) {
$qossettings{'OUT_SPD'} = &Header::escape($qossettings{'OUT_SPD'});
$qossettings{'INC_SPD'} = &Header::escape($qossettings{'INC_SPD'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
<tr><td colspan='3'>&nbsp;
<tr><td width='50%' align='right'>$Lang::tr{'downlink speed'}: <td width='30%' align='left'>$qossettings{'INC_SPD'}
<td width='20%' rowspan='2' align='center' valign='middle'><input type='submit' name='ACTIONBW' value='$Lang::tr{'modify'}' />
@@ -685,11 +683,9 @@ END
;
}
if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')) {
$qossettings{'DEFCLASS_OUT'} = &Header::escape($qossettings{'DEFCLASS_OUT'});
$qossettings{'DEFCLASS_INC'} = &Header::escape($qossettings{'DEFCLASS_INC'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
<tr><td colspan='3'><hr />
<tr><td width='50%' align='right'>$Lang::tr{'downlink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_INC'}
<td width='20%' rowspan='3' align='center' valign='middle'><input type='submit' name='ACTIONDEF' value='$Lang::tr{'modify'}' />
@@ -699,7 +695,7 @@ END
</table>
</form>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%' border='0'>
<table width='66%' border='0'>
<tr><td width='100%' align='center'>
<input type='submit' name='ACTION' value='$Lang::tr{'parentclass add'}' />
<input type='submit' name='ACTION' value='$Lang::tr{'status'}' />
@@ -744,7 +740,7 @@ sub changedefclasses {
&Header::openbox('100%', 'center', $Lang::tr{'std classes'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
<tr><td width='100%' colspan='3'>$Lang::tr{'no filter pass'}
<tr><td width='33%' align='right'>$Lang::tr{'download'}:<td width='33%' align='left'><select name='DEFCLASS_INC'>
END
@@ -785,7 +781,7 @@ sub changebandwidth {
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='DEF_OUT_SPD' value='' /><input type='hidden' name='DEF_INC_SPD' value='' />
<table width='100%'>
<table width='66%'>
<tr>
<td width='100%' colspan='2'>$Lang::tr{'down and up speed'}</td>
</tr>
@@ -847,7 +843,7 @@ sub parentclass {
&Header::openbox('100%', 'center', $Lang::tr{'parentclass'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
END
;
if ( $message ne "" ) {
@@ -940,7 +936,7 @@ sub level7rule {
&Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
END
;
if ( $message ne "" ) {
@@ -986,7 +982,7 @@ sub portrule {
&Header::openbox('100%', 'center', $Lang::tr{'Add Port Rule'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
<tr><td width='100%' colspan='3'>$Lang::tr{'enter data'}
<tr><td width='33%' align='right'>$Lang::tr{'protocol'}:
<td width='33%' align='left'><select name='PPROT'>
@@ -1032,7 +1028,7 @@ sub tosrule {
}
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='100%'>
<table width='66%'>
END
;
if ( $message ne "" ) {

7
html/cgi-bin/time.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2010-2025 IPFire Team <info@ipfire.org> #
# Copyright (C) 2010 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -78,7 +78,6 @@ if ($timesettings{'ACTION'} eq $Lang::tr{'save'})
if (!($timesettings{'UPDATE_VALUE'} =~ /^\d+$/) || $timesettings{'UPDATE_VALUE'} <= 0)
{
$errormessage = $Lang::tr{'invalid time period'};
$timesettings{'UPDATE_VALUE'} = 0;
goto ERROR;
}
@@ -288,10 +287,6 @@ print <<END
</table>
END
;
my $now = strftime($Lang::tr{'timeformat'}, localtime);
print "<hr>$Lang::tr{'system time'}: $now";
&Header::closebox();
&Header::openbox('100%',1,$Lang::tr{'ntp sync'});
print <<END

13
html/cgi-bin/urlfilter.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2005-2025 IPFire Team #
# Copyright (C) 2005-2010 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -576,7 +576,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
$_ = $uqsettings{'QUOTA_USERS'};
chomp; s/\n/|/g;
my $quota_users = &Header::escape($_);
my $quota_users = $_;
if ($uqsettings{'QUOTA_USERS'} =~ /\\/)
{
@@ -936,11 +936,6 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
close FILE;
# XXX uses globbing
if(!($besettings{'BE_NAME'} =~ /^[a-zA-Z0-9-_]+$/))
{
$errormessage = 'Invalid blacklist name (use only alphanumeric characters plus hyphens or underscores)';
goto ERROR;
}
system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
# XXX uses globbing
@@ -2052,10 +2047,6 @@ foreach $line (@tclist)
if ($temp[7] eq 'on') { $time.=$Lang::tr{'urlfilter sun'}; } else { $time.='='; }
$time=$time.' &nbsp; '.$temp[8].':'.$temp[9].' to '.$temp[10].':'.$temp[11];
$temp[12] = &Header::escape($temp[12]);
$temp[13] = &Header::escape($temp[13]);
$temp[16] = &Header::escape($temp[16]);
print <<END
<td align='center'>$temp[0]</td>
<td align='center' nowrap>$time</td>

1548
html/cgi-bin/wireguard.cgi
View File

File diff suppressed because it is too large Load Diff

432
html/cgi-bin/xdpdns.cgi
View File

@@ -1,432 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
use warnings;
use CGI::Carp 'fatalsToBrowser';
use IO::Socket;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %color = ();
my %mainsettings = ();
my %settings=();
my %checked=();
my $errormessage='';
my $setting = "${General::swroot}/main/settings";
my $xdpdnssettingfile = "${General::swroot}/xdpdns/settings";
my $xdpdnsdomainfile = "${General::swroot}/xdpdns/domainfile";
# Read configuration file.
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
&Header::showhttpheaders();
$settings{'ENABLE_DNSBLOCK'} = 'off';
$settings{'ACTION'} = '';
$settings{'KEY1'} = ''; # point record for ACTION
$settings{'domainName'} = '';
my @nosaved=('domainName', 'KEY1', 'SORT_domainNameLIST');
#Define each field that can be used to sort columns
my $sortstring='^domainName';
$settings{'SORT_domainNameLIST'} = 'domainName';
# Load multiline data
our @current = ();
if (open(FILE, "$xdpdnsdomainfile")) {
@current = <FILE>;
close (FILE);
}
&Header::getcgihash(\%settings);
if ($settings{'ACTION'} eq $Lang::tr{'save'})
{
map (delete ($settings{$_}) ,(@nosaved));
&General::writehash("$xdpdnssettingfile", \%settings);
if ($settings{'ENABLE_DNSBLOCK'} eq 'on') {
&General::system('/usr/bin/touch', "${General::swroot}/xdpdns/enablexdpdns");
&General::system('/usr/local/bin/xdpdnsctrl', 'start');
} else {
&General::system('/usr/local/bin/xdpdnsctrl', 'stop');
unlink "${General::swroot}/xdpdns/enablexdpdns";
}
}
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
#Check for already existing routing entry
foreach my $line (@current) {
chomp($line); # remove newline
#Same domain already used?
if($line eq $settings{'domainName'} && $settings{'KEY1'} eq ''){
$errormessage = $Lang::tr{'ccd err loxilbconfigeexist'};
last;
}
}
unless ($errormessage) {
if ($settings{'KEY1'} eq '') { #add or edit ?
unshift (@current, "$settings{'domainName'}\n");
&General::log($Lang::tr{'xdpdns domain added'});
} else {
@current[$settings{'KEY1'}] = "$settings{'domainName'}\n";
$settings{'KEY1'} = ''; # End edit mode
&General::log($Lang::tr{'xdpdns domain changed'});
}
&CreateDomain(%settings);
# Write changes to config file.
&SortDataFile; # sort newly added/modified entry
#map ($settings{$_}='' ,@nosaved); # Clear fields
}
}
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current
chomp($line);
$settings{'domainName'}=$line;
&DeleteDomain(%settings);
splice (@current,$settings{'KEY1'},1); # Delete line
open(FILE, ">$xdpdnsdomainfile") or die "$xdpdnsdomainfile open error";
print FILE @current;
close(FILE);
$settings{'KEY1'} = ''; # End remove mode
}
## Check if sorting is asked
# If same column clicked, reverse the sort.
if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
my $newsort=$ENV{'QUERY_STRING'};
my $actual=$settings{'SORT_domainNameLIST'};
#Reverse actual sort ?
if ($actual =~ $newsort) {
my $Rev='';
if ($actual !~ 'Rev') {
$Rev='Rev';
}
$newsort.=$Rev;
}
$settings{'SORT_domainNameLIST'}=$newsort;
map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
&General::writehash($setting, \%settings);
&SortDataFile;
$settings{'ACTION'} = 'SORT'; # Create an 'ACTION'
map ($settings{$_} = '' ,@nosaved,'KEY1'); # and reinit vars to empty
}
if ($settings{'ACTION'} eq '' ) { # First launch from GUI
# Place here default value when nothing is initialized
$settings{'domainName'} = '';
}
&Header::openpage($Lang::tr{'xdpdns'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
# Read configuration file.
&General::readhash("$xdpdnssettingfile", \%settings);
# Checkbox pre-selection.
my $checked;
if ($settings{'ENABLE_DNSBLOCK'} eq "on") {
$checked = "checked='checked'";
}
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my @status = &General::system_output('/usr/local/bin/xdpdnsctrl', 'status');
if (grep(/is attached/, @status)){
$sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
}
&Header::openbox('100%', 'center', $Lang::tr{'xdpdns status'});
print <<END;
<table width='100%'>
<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<tr><td class='boldbase'>$Lang::tr{'xdpdns status'}</td>
<td align='left'>$sactive</td>
</tr>
<tr>
<td width='50%' class='boldbase'>$Lang::tr{'xdpdns enable'}
<td><input type='checkbox' name='ENABLE_DNSBLOCK' $checked></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
</tr>
END
print "</form> </table>\n";
&Header::closebox();
#
my $buttontext = $Lang::tr{'add'};
if ($settings{'KEY1'} ne '') {
$buttontext = $Lang::tr{'update'};
&Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain edit'});
} else {
&Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain add'});
}
my @INTERFACES = ("red0", "green0");
#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
<table width='100%'>
<tr>
<td class='base'>$Lang::tr{'xdpdns domain name'}:&nbsp;</td>
<td><input type='text' name='domainName' value='$settings{'domainName'}' size='25'/></td>
</tr>
</table>
<br>
<table width='100%'>
<tr>
<td width='50%' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
</tr>
</table>
</form>
END
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'xdpdns domain entries'});
print <<END;
<table width='100%' class='tbl'>
<tr>
<th width='10%' align='center'><a href='$ENV{'SCRIPT_NAME'}?domainName'><b>$Lang::tr{'xdpdns domain name'}</b></a></th>
<th width='10%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th>
</tr>
END
#
# Print each line of @current list
#
my $key = 0;
my $col="";
foreach my $line (@current) {
chomp($line); # remove newline
#Choose icon for checkbox
my $gif = '';
my $gdesc = '';
if ($line ne '' ) {
$gif = 'on.gif';
$gdesc = $Lang::tr{'click to disable'};
} else {
$gif = 'off.gif';
$gdesc = $Lang::tr{'click to enable'};
}
#Colorize each line
if ($settings{'KEY1'} eq $key) {
print "<tr bgcolor='${Header::colouryellow}'>";
} elsif ($key % 2) {
print "<tr>";
$col="bgcolor='$color{'color20'}'";
} else {
print "<tr>";
$col="bgcolor='$color{'color22'}'";
}
print <<END;
<td align='center' $col>$line</td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
<input type='hidden' name='KEY1' value='$key' />
</form>
</td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
<input type='hidden' name='KEY1' value='$key' />
</form>
</td>
</tr>
END
$key++;
}
print "</table>";
# If table contains entries, print 'Key to action icons'
if ($key) {
print <<END;
<table>
<tr>
<td class='boldbase'>&nbsp;<b>$Lang::tr{'legend'}:&nbsp;</b></td>
<td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp;&nbsp;</td>
<td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp;&nbsp;</td>
<td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
## Ouf it's the end !
# Sort the "current" array according to choices
sub SortDataFile
{
our %entries = ();
# Sort pair of record received in $a $b special vars.
# When IP is specified use numeric sort else alpha.
# If sortname ends with 'Rev', do reverse sort.
#
sub fixedleasesort {
my $qs=''; # The sort field specified minus 'Rev'
if (rindex ($settings{'SORT_domainNameLIST'},'Rev') != -1) {
$qs=substr ($settings{'SORT_domainNameLIST'},0,length($settings{'SORT_domainNameLIST'})-3);
if ($qs eq 'domainName') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($b[0]<=>$a[0]) ||
($b[1]<=>$a[1]) ||
($b[2]<=>$a[2]) ||
($b[3]<=>$a[3]);
} else {
$entries{$b}->{$qs} cmp $entries{$a}->{$qs};
}
} else { #not reverse
$qs=$settings{'SORT_domainNameLIST'};
if ($qs eq 'domainName') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($a[0]<=>$b[0]) ||
($a[1]<=>$b[1]) ||
($a[2]<=>$b[2]) ||
($a[3]<=>$b[3]);
} else {
$entries{$a}->{$qs} cmp $entries{$b}->{$qs};
}
}
}
#Use an associative array (%entries)
my $key = 0;
foreach my $line (@current) {
chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
# Build a pair 'Field Name',value for each of the data dataline.
# Each SORTABLE field must have is pair.
# Other data fields (non sortable) can be grouped in one
my @record = ('KEY',$key++,'domainName',$line);
my $record = {}; # create a reference to empty hash
%{$record} = @record; # populate that hash with @record
$entries{$record->{KEY}} = $record; # add this to a hash of hashes
}
open(FILE, ">$xdpdnsdomainfile") or die "$xdpdnsdomainfile open error";
# Each field value is printed , with the newline ! Don't forget separator and order of them.
foreach my $entry (sort fixedleasesort keys %entries) {
print FILE "$entries{$entry}->{domainName}\n";
}
close(FILE);
# Reload sorted @current
open (FILE, "$xdpdnsdomainfile");
@current = <FILE>;
close (FILE);
}
sub manageDomain {
my ($action, %settings) = @_;
# Initialize variables
my @xdpdns_options;
my $command = 'xdp_dns';
my $domain = $settings{'domainName'};
push(@xdpdns_options, $action, $domain);
#debug and display output in UI
#my @output = &General::system_output($command, @xdpdns_options);
#$errormessage = join('', @output);
&General::system($command, @xdpdns_options);
}
sub CreateDomain {
my (%settings) = @_;
manageDomain("add", %settings);
}
sub DeleteDomain {
my (%settings) = @_;
manageDomain("delete", %settings);
}

432
html/cgi-bin/xdpsni.cgi
View File

@@ -1,432 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
use warnings;
use CGI::Carp 'fatalsToBrowser';
use IO::Socket;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/location-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colouryellow} );
undef (@dummy);
my %color = ();
my %mainsettings = ();
my %settings=();
my %checked=();
my $errormessage='';
my $setting = "${General::swroot}/main/settings";
my $xdpsnisettingfile = "${General::swroot}/xdpsni/settings";
my $xdpsnidomainfile = "${General::swroot}/xdpsni/domainfile";
# Read configuration file.
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
&Header::showhttpheaders();
$settings{'ENABLE_SNIBLOCK'} = 'off';
$settings{'ACTION'} = '';
$settings{'KEY1'} = ''; # point record for ACTION
$settings{'domainName'} = '';
my @nosaved=('domainName', 'KEY1', 'SORT_domainNameLIST');
#Define each field that can be used to sort columns
my $sortstring='^domainName';
$settings{'SORT_domainNameLIST'} = 'domainName';
# Load multiline data
our @current = ();
if (open(FILE, "$xdpsnidomainfile")) {
@current = <FILE>;
close (FILE);
}
&Header::getcgihash(\%settings);
if ($settings{'ACTION'} eq $Lang::tr{'save'})
{
map (delete ($settings{$_}) ,(@nosaved));
&General::writehash("$xdpsnisettingfile", \%settings);
if ($settings{'ENABLE_SNIBLOCK'} eq 'on') {
&General::system('/usr/bin/touch', "${General::swroot}/xdpsni/enablexdpsni");
&General::system('/usr/local/bin/xdpsnictrl', 'start');
} else {
&General::system('/usr/local/bin/xdpsnictrl', 'stop');
unlink "${General::swroot}/xdpsni/enablexdpsni";
}
}
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
#Check for already existing routing entry
foreach my $line (@current) {
chomp($line); # remove newline
#Same domain already used?
if($line eq $settings{'domainName'} && $settings{'KEY1'} eq ''){
$errormessage = $Lang::tr{'ccd err loxilbconfigeexist'};
last;
}
}
unless ($errormessage) {
if ($settings{'KEY1'} eq '') { #add or edit ?
unshift (@current, "$settings{'domainName'}\n");
&General::log($Lang::tr{'xdpsni domain added'});
} else {
@current[$settings{'KEY1'}] = "$settings{'domainName'}\n";
$settings{'KEY1'} = ''; # End edit mode
&General::log($Lang::tr{'xdpsni domain changed'});
}
&CreateDomain(%settings);
# Write changes to config file.
&SortDataFile; # sort newly added/modified entry
#map ($settings{$_}='' ,@nosaved); # Clear fields
}
}
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
my $line = @current[$settings{'KEY1'}]; # KEY1 is the index in current
chomp($line);
$settings{'domainName'}=$line;
&DeleteDomain(%settings);
splice (@current,$settings{'KEY1'},1); # Delete line
open(FILE, ">$xdpsnidomainfile") or die "$xdpsnidomainfile open error";
print FILE @current;
close(FILE);
$settings{'KEY1'} = ''; # End remove mode
}
## Check if sorting is asked
# If same column clicked, reverse the sort.
if ($ENV{'QUERY_STRING'} =~ /$sortstring/ ) {
my $newsort=$ENV{'QUERY_STRING'};
my $actual=$settings{'SORT_domainNameLIST'};
#Reverse actual sort ?
if ($actual =~ $newsort) {
my $Rev='';
if ($actual !~ 'Rev') {
$Rev='Rev';
}
$newsort.=$Rev;
}
$settings{'SORT_domainNameLIST'}=$newsort;
map (delete ($settings{$_}) ,(@nosaved,'ACTION','KEY1'));# Must never be saved
&General::writehash($setting, \%settings);
&SortDataFile;
$settings{'ACTION'} = 'SORT'; # Create an 'ACTION'
map ($settings{$_} = '' ,@nosaved,'KEY1'); # and reinit vars to empty
}
if ($settings{'ACTION'} eq '' ) { # First launch from GUI
# Place here default value when nothing is initialized
$settings{'domainName'} = '';
}
&Header::openpage($Lang::tr{'xdpsni'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage);
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<font class='base' color=red>$errormessage&nbsp;</font>\n";
&Header::closebox();
}
# Read configuration file.
&General::readhash("$xdpsnisettingfile", \%settings);
# Checkbox pre-selection.
my $checked;
if ($settings{'ENABLE_SNIBLOCK'} eq "on") {
$checked = "checked='checked'";
}
my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
my @status = &General::system_output('/usr/local/bin/xdpsnictrl', 'status');
if (grep(/is attached/, @status)){
$sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
}
&Header::openbox('100%', 'center', $Lang::tr{'xdpsni status'});
print <<END;
<table width='100%'>
<form method='POST' action='$ENV{'SCRIPT_NAME'}'>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<td width='25%'>&nbsp;</td>
<tr><td class='boldbase'>$Lang::tr{'xdpsni status'}</td>
<td align='left'>$sactive</td>
</tr>
<tr>
<td width='50%' class='boldbase'>$Lang::tr{'xdpsni enable'}
<td><input type='checkbox' name='ENABLE_SNIBLOCK' $checked></td>
<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
</tr>
END
print "</form> </table>\n";
&Header::closebox();
#
my $buttontext = $Lang::tr{'add'};
if ($settings{'KEY1'} ne '') {
$buttontext = $Lang::tr{'update'};
&Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain edit'});
} else {
&Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain add'});
}
my @INTERFACES = ("red0", "green0");
#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order'
print <<END;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='KEY1' value='$settings{'KEY1'}' />
<table width='100%'>
<tr>
<td class='base'>$Lang::tr{'xdpsni domain name'}:&nbsp;</td>
<td><input type='text' name='domainName' value='$settings{'domainName'}' size='25'/></td>
</tr>
</table>
<br>
<table width='100%'>
<tr>
<td width='50%' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' /></td>
</tr>
</table>
</form>
END
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'xdpsni domain entries'});
print <<END;
<table width='100%' class='tbl'>
<tr>
<th width='10%' align='center'><a href='$ENV{'SCRIPT_NAME'}?domainName'><b>$Lang::tr{'xdpsni domain name'}</b></a></th>
<th width='10%' colspan='3' class='boldbase' align='center'><b>$Lang::tr{'action'}</b></th>
</tr>
END
#
# Print each line of @current list
#
my $key = 0;
my $col="";
foreach my $line (@current) {
chomp($line); # remove newline
#Choose icon for checkbox
my $gif = '';
my $gdesc = '';
if ($line ne '' ) {
$gif = 'on.gif';
$gdesc = $Lang::tr{'click to disable'};
} else {
$gif = 'off.gif';
$gdesc = $Lang::tr{'click to enable'};
}
#Colorize each line
if ($settings{'KEY1'} eq $key) {
print "<tr bgcolor='${Header::colouryellow}'>";
} elsif ($key % 2) {
print "<tr>";
$col="bgcolor='$color{'color20'}'";
} else {
print "<tr>";
$col="bgcolor='$color{'color22'}'";
}
print <<END;
<td align='center' $col>$line</td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
<input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
<input type='hidden' name='KEY1' value='$key' />
</form>
</td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
<input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' />
<input type='hidden' name='KEY1' value='$key' />
</form>
</td>
</tr>
END
$key++;
}
print "</table>";
# If table contains entries, print 'Key to action icons'
if ($key) {
print <<END;
<table>
<tr>
<td class='boldbase'>&nbsp;<b>$Lang::tr{'legend'}:&nbsp;</b></td>
<td><img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td class='base'>$Lang::tr{'click to disable'}</td>
<td>&nbsp;&nbsp;</td>
<td><img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
<td>&nbsp;&nbsp;</td>
<td><img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
</tr>
</table>
END
}
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
## Ouf it's the end !
# Sort the "current" array according to choices
sub SortDataFile
{
our %entries = ();
# Sort pair of record received in $a $b special vars.
# When IP is specified use numeric sort else alpha.
# If sortname ends with 'Rev', do reverse sort.
#
sub fixedleasesort {
my $qs=''; # The sort field specified minus 'Rev'
if (rindex ($settings{'SORT_domainNameLIST'},'Rev') != -1) {
$qs=substr ($settings{'SORT_domainNameLIST'},0,length($settings{'SORT_domainNameLIST'})-3);
if ($qs eq 'domainName') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($b[0]<=>$a[0]) ||
($b[1]<=>$a[1]) ||
($b[2]<=>$a[2]) ||
($b[3]<=>$a[3]);
} else {
$entries{$b}->{$qs} cmp $entries{$a}->{$qs};
}
} else { #not reverse
$qs=$settings{'SORT_domainNameLIST'};
if ($qs eq 'domainName') {
my @a = split(/\./,$entries{$a}->{$qs});
my @b = split(/\./,$entries{$b}->{$qs});
($a[0]<=>$b[0]) ||
($a[1]<=>$b[1]) ||
($a[2]<=>$b[2]) ||
($a[3]<=>$b[3]);
} else {
$entries{$a}->{$qs} cmp $entries{$b}->{$qs};
}
}
}
#Use an associative array (%entries)
my $key = 0;
foreach my $line (@current) {
chomp( $line); #remove newline because can be on field 5 or 6 (addition of REMARK)
# Build a pair 'Field Name',value for each of the data dataline.
# Each SORTABLE field must have is pair.
# Other data fields (non sortable) can be grouped in one
my @record = ('KEY',$key++,'domainName',$line);
my $record = {}; # create a reference to empty hash
%{$record} = @record; # populate that hash with @record
$entries{$record->{KEY}} = $record; # add this to a hash of hashes
}
open(FILE, ">$xdpsnidomainfile") or die "$xdpsnidomainfile open error";
# Each field value is printed , with the newline ! Don't forget separator and order of them.
foreach my $entry (sort fixedleasesort keys %entries) {
print FILE "$entries{$entry}->{domainName}\n";
}
close(FILE);
# Reload sorted @current
open (FILE, "$xdpsnidomainfile");
@current = <FILE>;
close (FILE);
}
sub manageDomain {
my ($action, %settings) = @_;
# Initialize variables
my @xdpsni_options;
my $command = 'xdp_sni';
my $domain = $settings{'domainName'};
push(@xdpsni_options, $action, $domain);
#debug and display output in UI
#my @output = &General::system_output($command, @xdpsni_options);
#$errormessage = join('', @output);
&General::system($command, @xdpsni_options);
}
sub CreateDomain {
my (%settings) = @_;
manageDomain("add", %settings);
}
sub DeleteDomain {
my (%settings) = @_;
manageDomain("delete", %settings);
}

58
html/html/themes/ipfire/include/css/style.css
View File

@@ -1,23 +1,3 @@
:root {
--color-green : #339933;
--color-green-invert : #ffffff;
--color-red : #993333;
--color-red-invert : #ffffff;
--color-blue : #333399;
--color-blue-invert : #ffffff;
--color-orange : #ff9933;
--color-orange-invert : #ffffff;
--color-yellow : #ffbe00;
--color-yellow-invert : #ffffff;
--color-black : #363636;
--color-black-invert : #ffffff;
--color-grey : #d6d6d6;
--color-light-grey : #f0f0f0;
--color-primary : #ff2e52;
--color-primary-invert : #ffffff;
--color-text : #363636;
}
/* This controls the width of the fixed width layouts */
@@ -138,29 +118,6 @@ iframe {
float: right !important;
}
/*
Text Alignment
*/
.text-left {
text-align: left;
}
.text-center {
text-align: center;
}
.text-right {
text-align: right;
}
/*
Text Colors
*/
.text-error {
color: var(--color-red);
}
/* Header */
#header {
@@ -380,21 +337,6 @@ table {
border-bottom: 1px solid #363636;
}
.tbl .status {
text-align: center;
font-weight: bold;
}
.tbl .status.is-running, .tbl .status.is-connected {
background-color: var(--color-green);
color: var(--color-green-invert);
}
.tbl .status.is-stopped, .tbl .status.is-disconnected {
background-color: var(--color-red);
color: var(--color-red-invert);
}
table.fw-nat tbody tr td {
height: 2.25em;
}

42
html/html/themes/ipfire/include/functions.pl
View File

@@ -212,8 +212,8 @@ print <<END;
<div id="footer" class='bigbox fixed'>
<span class="pull-right">
<a href="http://www.bpfire.net/" target="_blank"><strong>BPFire.net</strong></a> &bull;
<a href="https://www.paypal.com/donate/?business=BL97G8687E5B6&no_recurring=0&item_name=Make+revolutionary+eBPF+technology+available+for+non-tech+savvy+users+for+safe+online+surfing&currency_code=USD" target="_blank">$Lang::tr{'support donation'}</a>
<a href="https://www.ipfire.org/" target="_blank"><strong>IPFire.org</strong></a> &bull;
<a href="https://www.ipfire.org/donate" target="_blank">$Lang::tr{'support donation'}</a>
</span>
<strong>$system_release</strong>
@@ -265,41 +265,3 @@ sub openbox {
sub closebox {
print "</div>";
}
sub errorbox($) {
my @errors = grep { $_ ne "" } @_;
# Do nothing if there are no errors
return unless (@errors);
# Open a new box
&openbox('100%', 'left', "Oops something went wrong");
# Print all error messages
print "<ul>\n";
foreach my $error (@errors) {
print "<li>$error</li>\n";
}
print "</ul>\n";
# Close the box again
&closebox();
}
# Sections
sub opensection($) {
my $title = shift;
# Open the section
print "<section class=\"section\">";
# Show the title if set
if ($title) {
print " <h2 class=\"title\">${title}</h2>\n";
}
}
sub closesection() {
print "</section>";
}

114
langs/en/cgi-bin/en.pl
View File

@@ -304,7 +304,7 @@
'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
'advproxy errmsg invalid url' => 'Invalid URL',
'advproxy errmsg invalid user/password' => 'Error in Username and/or Password',
'advproxy errmsg invalid user' => 'Username does not exist',
'advproxy errmsg ldap base dn' => 'LDAP base DN required',
'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
'advproxy errmsg ldap port' => 'Invalid LDAP port number',
@@ -434,7 +434,6 @@
'all services' => 'All Services',
'all updates installed' => 'All updates installed',
'allmsg' => 'show all',
'allowed subnets' => 'Allowed Subnets',
'alt dialup' => 'Dialup',
'alt home' => 'Home',
'alt information' => 'Information',
@@ -672,7 +671,6 @@
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
'concentrator name' => 'Concentrator name:',
'configuration file' => 'Configuration File',
'confirmation' => 'confirmation',
'connect' => 'OVPN Start / Connect',
'connect the modem' => 'Connect the modem',
@@ -929,12 +927,10 @@
'domain name' => 'Domain name',
'domain name suffix' => 'Domain name suffix:',
'domain not set' => 'Domain not set.',
'donation-ipfire' => 'IPFire Donation',
'donation-bpfire' => 'BPFire Donation',
'donation' => 'Donation',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-ipfire-text' => '<strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.',
'donation-bpfire-text' => '<strong>BPFire</strong> is to enable revolutionary eBPF technology for non-tech savvy users, make eBPF technology available to home users or any size of organizations to secure their network environment, It is driven and maintained by Vincent Li in his free time. To keep this project running costs incurred, if you like to support him he would be pleased by a small donation.',
'done' => 'Done',
'donation-text' => '<strong>IPFire</strong> is driven and maintained by volunteers in their free time. To keep this project running costs incurred, if you like to support us we would be pleased by a small donation.',
'done' => 'Do it',
'dos charset' => 'DOS Charset',
'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
'downfall gather data sampling' => 'Downfall/Gather Data Sampling',
@@ -1039,9 +1035,6 @@
'encrypted' => 'Encrypted',
'encryption' => 'Encryption:',
'end address' => 'End address:',
'endpoint' => 'Endpoint',
'endpoint address' => 'Endpoint Address',
'endpoint port' => 'Endpoint Port',
'enter ack class' => 'Enter the ACK- Class <br /> and then press <i>Save</i>.',
'enter data' => 'Enter your settings <br /> and then press <i>Save</i>.',
'entropy' => 'Entropy',
@@ -1343,7 +1336,6 @@
'fwhost hint' => 'Note',
'fwhost hosts' => 'Firewall Hosts',
'fwhost icmptype' => 'ICMP type:',
'fwhost invalid country code' => 'Invalid Country Code',
'fwhost ip_mac' => 'IP/MAC address',
'fwhost ipadr' => 'IP address:',
'fwhost ipsec host' => 'IPsec clients:',
@@ -1368,7 +1360,6 @@
'fwhost type' => 'Type',
'fwhost used' => 'Used',
'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
'fwhost wg peers' => 'WireGuard Peers',
'fwhost wo subnet' => '(without subnet)',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',
@@ -1491,7 +1482,6 @@
'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
'imei' => 'IMEI',
'import' => 'Import',
'import connection' => 'Import a Connection',
'importkey' => 'Import PSK',
'imsi' => 'IMSI',
'in' => 'In',
@@ -1550,8 +1540,6 @@
'invalid domain name' => 'Invalid domain name.',
'invalid downlink speed' => 'Invalid downlink speed.',
'invalid end address' => 'Invalid end address.',
'invalid endpoint' => 'Invalid Endpoint',
'invalid endpoint address' => 'Invalid Endpoint Address',
'invalid fixed ip address' => 'Invalid fixed IP address',
'invalid fixed mac address' => 'Invalid fixed MAC address',
'invalid hostname' => 'Invalid hostname.',
@@ -1586,10 +1574,8 @@
'invalid input for subscription code' => 'Invalid input for subscription code',
'invalid input for valid till days' => 'Invalid input for Valid till (days).',
'invalid ip' => 'Invalid IP Address',
'invalid ip address' => 'Invalid IP Address',
'invalid ip or hostname' => 'Invalid IP Address or Hostname',
'invalid keep time' => 'Keep time must be a valid number',
'invalid keepalive interval' => 'Invalid Keepalive Interval',
'invalid key' => 'Invalid key.',
'invalid loaded file' => 'Invalid loaded file',
'invalid local-remote id' => 'local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.',
@@ -1604,7 +1590,6 @@
'invalid minimum object size' => 'Invalid minimum object size.',
'invalid mtu input' => 'Invalid MTU',
'invalid netmask' => 'Invalid netmask',
'invalid network' => 'Invalid Network',
'invalid port' => 'Invalid port. Must be a valid port number.',
'invalid port list' => 'Port list syntax is: port[,port]... where port is in /etc/services or number',
'invalid primary dns' => 'Invalid primary DNS.',
@@ -1710,22 +1695,20 @@
'local ip address' => 'Local IP Address',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
'local port' => 'Local Port',
'local subnet' => 'Local subnet:',
'local subnet is invalid' => 'Local subnet is invalid.',
'local subnets' => 'Local Subnets',
'local vpn hostname/ip' => 'Local VPN Hostname/IP',
'localkey' => 'Localkey',
'localkeyfile' => 'Localkeyfile',
'location' => 'Location',
'locationblock' => 'XDP Location Block',
'locationblock block countries' => 'Block countries/regions',
'locationblock configuration' => 'XDP Location Configuration',
'locationblock' => 'Location Block',
'locationblock block countries' => 'Block countries',
'locationblock configuration' => 'Location Configuration',
'locationblock country code' => 'Country Code',
'locationblock country is allowed' => 'Incoming traffic from this country is allowed',
'locationblock country is blocked' => 'Incoming traffic from this country will be blocked',
'locationblock country name' => 'Country Name',
'locationblock enable feature' => 'Enable XDP Location based blocking:',
'locationblock enable feature' => 'Enable Location based blocking:',
'locationblock flag' => 'Flag',
'log' => 'Log',
'log drop hostile in' => 'Log dropped packets FROM hostile networks',
@@ -1783,9 +1766,6 @@
'mailmethod' => 'Mailmethod',
'mailprogramm' => 'Mailprogramm',
'main page' => 'Main page',
'malformed preshared key' => 'Malformed Pre-Shared Key',
'malformed private key' => 'Malformed Private Key',
'malformed public key' => 'Malformed Public Key',
'manage ovpn' => '5. Tunnel Management:',
'manage printers' => 'manage printers',
'manage shares' => 'Manage Shares',
@@ -1986,7 +1966,6 @@
'one month' => 'One Month',
'one week' => 'One Week',
'one year' => 'One Year',
'online' => 'Online',
'online help en' => 'Online help (in english)',
'only digits allowed in holdoff field' => 'Only digits allowed in holdoff field',
'only digits allowed in max retries field' => 'Only digits allowed in max retries field.',
@@ -2224,14 +2203,12 @@
'psk' => 'PSK',
'ptr' => 'PTR',
'ptr lookup failed' => 'Reverse lookup failed',
'public key' => 'Public Key',
'pulse' => 'Pulse',
'pulse dial' => 'Pulse dial:',
'qos add subclass' => 'Add subclass',
'qos enter bandwidths' => 'You will need to enter your downstream and upstream bandwidth!',
'qos graphs' => 'Qos Graphs',
'qos warning' => 'The rule <strong>must</strong> be saved, otherwise it will be discarded!',
'qr code' => 'QR Code',
'quick control' => 'Quick Control',
'quick playlist' => 'Quick Playlist',
'ram' => 'RAM',
@@ -2267,7 +2244,6 @@
'reload' => 'reload',
'remark' => 'Remark',
'remark title' => 'Remark:',
'remarks' => 'Remarks',
'remote access' => 'Remote access',
'remote announce' => 'Remote Announce',
'remote browse sync' => 'Remote Browse Sync',
@@ -2275,7 +2251,6 @@
'remote logging' => 'Remote logging',
'remote subnet' => 'Remote subnet:',
'remote subnet is invalid' => 'Remote subnet is invalid.',
'remote subnets' => 'Remote Subnets',
'removable device advice' => 'Plug in a device, refresh, select and mount before usage. Umount before removal.',
'remove' => 'Remove',
'remove ca certificate' => 'Remove CA certificate',
@@ -2309,7 +2284,6 @@
'root user password' => 'Root password',
'route subnet is invalid' => 'Additional push route subnet is invalid',
'router ip' => 'Router IP address:',
'routing' => 'Routing',
'routing table entries' => 'Routing Table Entries',
'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:',
'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:',
@@ -2533,24 +2507,6 @@
'keepalived auth pass' => 'Auth Pass',
'keepalived unicast peer' => 'Unicast Peer',
'keepalived virtual address' => 'Virtual Address',
'xdpdns status' => 'Status',
'xdpdns enable' => 'Enable XDP DNS Deny',
'xdpdns domain' => 'XDP DNS Blocklist',
'xdpdns domain edit' => 'Edit Domain',
'xdpdns domain add' => 'Add Domain',
'xdpdns domain name' => 'Domain Name',
'xdpdns domain entries' => 'Domain Blocklist Entries',
'xdpdns log' => 'DNS Query Log from XDP',
'xdpdns hits' => 'Total number of DNS query log from XDP',
'xdpsni status' => 'Status',
'xdpsni enable' => 'Enable XDP TLS/SSL Web Blocklist',
'xdpsni domain' => 'XDP TLS/SSL Web Blocklist',
'xdpsni domain edit' => 'Edit Web',
'xdpsni domain add' => 'Add Web',
'xdpsni domain name' => 'Web Name',
'xdpsni domain entries' => 'Web Blocklist Entries',
'xdpsni log' => 'TLS/SSL Web Access Log from XDP',
'xdpsni hits' => 'Total number of TLS/SSL Web Access Log from XDP',
'status' => 'Status',
'status information' => 'Status information',
'status ovpn' => 'OpenVPN',
@@ -2570,7 +2526,7 @@
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
'sunday' => 'Sunday',
'support donation' => 'Support the BPFire project with your donation',
'support donation' => 'Support the IPFire project with your donation',
'swap' => 'Swap',
'swap usage per' => 'Swap usage per',
'system' => 'System',
@@ -2580,7 +2536,6 @@
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',
'system status information' => 'System Status Information',
'system time' => 'System time (as of last page load)',
'ta key' => 'TLS-Authentification-Key',
'taa zombieload2' => 'TSX Async Abort/ZombieLoad v2',
'tcp more reliable' => 'TCP (more reliable)',
@@ -2609,7 +2564,6 @@
'time' => 'Time',
'time date manually reset' => 'Time/Date manually reset.',
'time server' => 'Time Server',
'timeformat' => '%Y-%m-%d at %H:%M:%S %Z',
'timeout must be a number' => 'Timeout must be a number.',
'title' => 'Title',
'to' => 'To',
@@ -3128,61 +3082,11 @@
'week-graph' => 'Week',
'weekly firewallhits' => 'weekly firewallhits',
'weeks' => 'Weeks',
'wg' => 'WireGuard',
'wg address' => 'Address',
'wg client configuration file' => 'WireGuard Client Configuration File',
'wg client pool' => 'Client Pool',
'wg create host-to-net peer' => 'Create A New Host-To-Net Peer',
'wg create net-to-net peer' => 'Create A New Net-To-Net Peer',
'wg create peer' => 'Create A New Peer',
'wg dns' => 'DNS',
'wg download configuration' => 'Download Configuration',
'wg download configuration file' => 'Download the configuration file',
'wg edit host-to-net peer' => 'Edit Host-To-Net Peer',
'wg edit net-to-net peer' => 'Edit Net-To-Net Peer',
'wg edit peer' => 'Edit Peer',
'wg endpoint' => 'Endpoint',
'wg host to net client settings' => 'Host-To-Net Client Settings',
'wg hits' => 'Total number of Wireguard handshake',
'wg import peer' => 'Import Peer',
'wg invalid client dns' => 'Invalid client DNS address',
'wg invalid client pool' => 'Invalid client pool',
'wg invalid endpoint address' => 'Invalid endpoint address',
'wg invalid endpoint port' => 'Invalid endpoint port',
'wg invalid keepalive interval' => 'Invalid Keepalive Interval (Must be between 0 and 65535)',
'wg invalid local subnet' => 'Invalid local subnet',
'wg invalid name' => 'Invalid name (Only letters, numbers, space and hyphen are allowed)',
'wg invalid psk' => 'Invalid pre-shared key',
'wg invalid public key' => 'Invalid public key',
'wg invalid remote subnet' => 'Invalid remote subnet',
'wg invalid wg0 address' => 'Invalid wg0 IP',
'wg keepalive interval' => 'Keepalive Interval',
'wg leave empty to automatically select' => 'Leave empty to automatically select',
'wg log' => 'Wireguard handshake log',
'wg missing allowed ips' => 'Missing AllowedIPs',
'wg missing endpoint address' => 'Missing Endpoint Address',
'wg missing endpoint port' => 'Missing Endpoint Port',
'wg missing port' => 'Missing Port',
'wg missing private key' => 'Missing Private Key',
'wg missing public key' => 'Missing Public Key',
'wg name is already used' => 'The name is already in use',
'wg no local subnets' => 'No local subnets given',
'wg no more free addresses in pool' => 'No more free addresses in pool',
'wg no remote subnets' => 'No remote subnets given',
'wg peer' => 'Wireguard Peer',
'wg peer configuration' => 'Peer Configuration',
'wg peer does not exist' => 'Peer does not exist',
'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)',
'wg rw peers' => 'WireGuard Roadwarrior Peers',
'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.',
'wg show configuration qrcode' => 'Show Configuration QR Code',
'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.',
'whois results from' => 'WHOIS results from',
'wildcards' => 'Wildcards',
'winbind daemon' => 'Winbind Daemon',
'wins server' => 'Wins Server',
'wins support' => 'Wins Support',
'wireguard' => 'WireGuard',
'wireless' => 'Wireless',
'wireless config added' => 'Wireless config added',
'wireless config changed' => 'Wireless config changed',

99
langs/zh/cgi-bin/zh.pl
View File

@@ -299,7 +299,7 @@
'advproxy errmsg invalid proxy port' => '无效的代理端口',
'advproxy errmsg invalid upstream proxy' => '无效的上游代理IP/主机名',
'advproxy errmsg invalid upstream proxy username or password setting' => '无效的上游代理用户名或密码设置',
'advproxy errmsg invalid user/password' => '无效用户名或密码',
'advproxy errmsg invalid user' => '用户名不存在',
'advproxy errmsg ldap base dn' => '需要LDAP基本DN',
'advproxy errmsg ldap bind dn' => '需要LDAP绑定DN用户名和密码',
'advproxy errmsg ldap port' => '无效的LDAP端口号',
@@ -429,7 +429,6 @@
'all services' => '所有服务',
'all updates installed' => '已安装所有更新',
'allmsg' => '显示所有',
'allowed subnets' => '允许网段',
'alt dialup' => 'PPP设置',
'alt home' => '网络概括',
'alt information' => '信息',
@@ -666,7 +665,6 @@
'compression' => '压缩:',
'computer to modem rate' => '计算机到modem的速率:',
'concentrator name' => '集中器名称:',
'configuration file' => '配置文件',
'confirmation' => '确认',
'connect' => 'OVPN 启动/连接',
'connect the modem' => '连接调制解调器',
@@ -700,7 +698,7 @@
'could not retrieve common name from certificate' => '无法从证书中检索通用名称。',
'count' => '计数',
'countries' => '国别',
'country' => '国家/地区',
'country' => '国家',
'country codes and flags' => '国家代码和国旗:',
'countrycode' => '代码',
'cpu frequency' => 'CPU frequency',
@@ -926,12 +924,10 @@
'domain name' => '域名',
'domain name suffix' => '域名后缀:',
'domain not set' => '未设置域。',
'donation-ipfire' => 'IPFire 捐款',
'donation-bpfire' => 'BPFire 捐款',
'donation' => '捐款',
'donation-link' => 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.gif',
'donation-ipfire-text' => '<strong>IPFire</strong>由志愿者在空闲时间进行维护。为了保持该项目的运行成本,如果您愿意支持我们,请您为我们提供一小笔捐款。',
'donation-bpfire-text' => '<strong>BPFire</strong>为普罗大众带来革命创新性的eBPF技术为家庭用户或任何大小组织企业的网络安全保驾护航. 由Vincent Li在空闲时间进行维护。为了保持该项目的运行成本如果您愿意支持他请您为他提供一小笔捐款。',
'done' => '完成',
'donation-text' => '<strong>IPFire</strong>由志愿者在空闲时间进行维护。为了保持该项目的运行成本,如果您愿意支持我们,请您为我们提供一小笔捐款。',
'done' => '做吧',
'dos charset' => 'DOS字符集',
'down and up speed' => '输入您的下行和上行速度<br /> 然后点击<i>保存</i>。',
'downlink' => '下行链接',
@@ -1331,7 +1327,6 @@
'fwhost hint' => '注意',
'fwhost hosts' => '防火墙主机',
'fwhost icmptype' => 'ICMP类型:',
'fwhost invalid country code' => '无效国家地代码',
'fwhost ip_mac' => 'IP/MAC地址',
'fwhost ipadr' => 'IP地址:',
'fwhost ipsec host' => 'IPsec客户端:',
@@ -1478,7 +1473,6 @@
'ike lifetime should be between 1 and 24 hours' => 'IKE的有效期应在1到24小时之间。',
'imei' => 'IMEI',
'import' => '导入',
'import connection' => '导入节点',
'importkey' => '导入PSK',
'imsi' => 'IMSI',
'in' => '进',
@@ -1674,19 +1668,18 @@
'local ntp server specified but not enabled' => '已指定但未启用本地NTP服务器',
'local subnet' => '本地子网:',
'local subnet is invalid' => '本地子网无效。',
'local subnets' => '本地子网',
'local vpn hostname/ip' => '本地VPN主机/IP',
'localkey' => '本地密钥',
'localkeyfile' => '本地密钥文件',
'location' => '地区',
'locationblock' => 'XDP加速地区阻止',
'locationblock' => '地区阻止',
'locationblock block countries' => '阻止条目',
'locationblock configuration' => '地区配置',
'locationblock country code' => '国家代码',
'locationblock country is allowed' => '允许来自该国家/地区的入站流量',
'locationblock country is blocked' => '阻止该国家/地区的入站流量',
'locationblock country name' => '国家名称',
'locationblock enable feature' => '启用基于XDP加速器位置的阻止::',
'locationblock enable feature' => '启用基于位置的阻止::',
'locationblock flag' => 'Flag',
'log' => '日志',
'log dropped conntrack invalids' => '记录被连接跟踪分类为无效的丢弃数据包',
@@ -1943,7 +1936,6 @@
'one month' => '1个月',
'one week' => '1周',
'one year' => '1年',
'online' => '在线',
'online help en' => '在线帮助(英语)',
'only digits allowed in holdoff field' => '拖延字段中仅允许数字',
'only digits allowed in max retries field' => '“最大重试次数”字段中仅允许数字。',
@@ -2219,7 +2211,6 @@
'released' => '已发行',
'reload' => '重新加载',
'remark' => '备注',
'remarks' => '备注',
'remark title' => '备注:',
'remote access' => '远程访问',
'remote announce' => '远程通知',
@@ -2260,7 +2251,6 @@
'root user password' => 'Root密码',
'route subnet is invalid' => '其他推送路由子网无效',
'router ip' => '路由IP地址:',
'routing' => '路由',
'routing table entries' => '路由表条目',
'rsvd dst port overlap' => '目标端口范围与为IPFire保留的端口重叠:',
'rsvd src port overlap' => '源端口范围与为IPFire保留的端口重叠:',
@@ -2445,12 +2435,12 @@
'loxilb lb add' => '添加负载均衡配置',
'loxilb lb name' => '名字',
'loxilb lb extip' => 'IP地址',
'loxilb lb port' => '端端口',
'loxilb lb port' => '端端口',
'loxilb lb proto' => '协议',
'loxilb lb sel' => '负载算法',
'loxilb lb mode' => '模式',
'loxilb lb endpoints' => '后端服务器',
'loxilb lb eport' => '端端口',
'loxilb lb eport' => '端端口',
'loxilb lb monitor' => '后端服务监控',
'loxilb fw' => 'eBPF LoxiLB 防火墙配置',
'loxilb fw changed' => '防火墙配置被修改',
@@ -2482,24 +2472,6 @@
'keepalived auth pass' => '认证密码',
'keepalived unicast peer' => '单播同伴设备',
'keepalived virtual address' => '虚拟 IP地址',
'xdpdns status' => '运行状态',
'xdpdns enable' => '启动',
'xdpdns domain' => 'eBPF XDP 域名过滤服务',
'xdpdns domain edit' => '编辑域名',
'xdpdns domain add' => '添加域名',
'xdpdns domain name' => '域名',
'xdpdns domain entries' => '域名过滤列表',
'xdpdns log' => 'XDP记录的域名解析日志',
'xdpdns hits' => '域名解析日志总数',
'xdpsni status' => '运行状态',
'xdpsni enable' => '启动',
'xdpsni domain' => 'XDP 加密网站过滤服务',
'xdpsni domain edit' => '编辑加密网站域名',
'xdpsni domain add' => '添加加密网站域名',
'xdpsni domain name' => '加密网站域名',
'xdpsni domain entries' => '加密网站域名过滤列表',
'xdpsni log' => 'XDP记录的加密网站访问日志',
'xdpsni hits' => '加密网站访问日志总数',
'status' => '状态',
'status information' => '状态信息',
'status ovpn' => 'OpenVPN',
@@ -2519,7 +2491,7 @@
'successfully refreshed updates list' => '成功刷新更新列表。.',
'summaries kept' => '保留摘要',
'sunday' => '星期日',
'support donation' => '通过捐款支持BPFire项目',
'support donation' => '通过捐款支持IPFire项目',
'swap' => '交换',
'swap usage per' => 'Swap usage per',
'system' => '系统状态',
@@ -2529,7 +2501,6 @@
'system log viewer' => '系统日志查看器',
'system logs' => '系统日志',
'system status information' => '系统状态信息',
'system time' => '系统时间(自上次页面刷新)',
'ta key' => 'TLS认证密钥',
'taa zombieload2' => 'TSX Async中上/ZombieLoad v2',
'tcp more reliable' => 'TCP(更可靠)',
@@ -2558,7 +2529,6 @@
'time' => '时间',
'time date manually reset' => '时间/日期手动重置。',
'time server' => 'NTP服务',
'timeformat' => '%Y-%m-%d at %H:%M:%S %Z',
'timeout must be a number' => '超时必须为数字。',
'title' => '标题',
'to' => '到',
@@ -3074,55 +3044,6 @@
'week-graph' => 'Week',
'weekly firewallhits' => '防火墙命中(每周)',
'weeks' => '周',
'wg' => 'WireGuard',
'wg address' => 'IP地址',
'wg client configuration file' => 'WireGuard客户端配置文件',
'wg client pool' => '客户端地址池',
'wg create host-to-net peer' => '创建新的主机对网络节点',
'wg create net-to-net peer' => '创建新的网络对网络节点',
'wg create peer' => '创建新节点',
'wg dns' => 'DNS',
'wg download configuration' => '下载配置',
'wg download configuration file' => '下载配置文件',
'wg edit host-to-net peer' => '编辑主机对网络节点',
'wg edit net-to-net peer' => '编辑网络对网络节点',
'wg edit peer' => '编辑节点',
'wg endpoint' => '服务器节点',
'wg host to net client settings' => '主机对网络客户端设置',
'wg hits' => 'Wireguard 握手全日志',
'wg import peer' => '导入节点',
'wg invalid client dns' => '无效的客户端DNS地址',
'wg invalid client pool' => '无效的客户端地址池',
'wg invalid endpoint address' => '无效的端点地址',
'wg invalid endpoint port' => '无效的端点端口',
'wg invalid keepalive interval' => '无效的Keepalive间隔必须介于0到65535之间',
'wg invalid local subnet' => '无效的本地子网',
'wg invalid name' => '无效的名称(仅允许字母、数字、空格和连字符)',
'wg invalid psk' => '无效的预共享密钥',
'wg invalid public key' => '无效的公钥',
'wg invalid remote subnet' => '无效的远程子网',
'wg invalid wg0 address' => '无效的 wg0 IP 地址',
'wg keepalive interval' => 'Keepalive间隔',
'wg leave empty to automatically select' => '留空以自动选择',
'wg log' => 'Wireguard 握手日志',
'wg missing allowed ips' => '缺少AllowedIPs',
'wg missing endpoint address' => '缺少端点地址',
'wg missing endpoint port' => '缺少端点端口',
'wg missing port' => '缺少端口',
'wg missing private key' => '缺少私钥',
'wg missing public key' => '缺少公钥',
'wg name is already used' => '该名称已被使用',
'wg no local subnets' => '未指定本地子网',
'wg no more free addresses in pool' => '地址池中没有可用地址',
'wg no remote subnets' => '未指定远程子网',
'wg peer' => 'Wireguard 节点',
'wg peer configuration' => '节点配置',
'wg peer does not exist' => '节点不存在',
'wg pre-shared key (optional)' => '预共享密钥(可选)',
'wg rw peers' => 'WireGuard移动办公节点',
'wg scan the qr code' => '扫描二维码将WireGuard配置导入移动客户端',
'wg show configuration qrcode' => '显示配置二维码',
'wg warning configuration only shown once' => '警告此WireGuard配置文件仅显示一次因其包含未存储在IPFire上的私钥材料',
'whois results from' => 'WHOIS结果来自',
'wildcards' => 'Wildcards',
'winbind daemon' => 'Winbind进程',

120
lfs/arpwatch
View File

@@ -1,120 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
SUMMARY = Monitoring tool for ARP traffic on a network
VER = 3.8
ETHERCODES_DATE = 20200628
# From: https://ee.lbl.gov/downloads/arpwatch/
THISAPP = arpwatch-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = arpwatch
PAK_VER = 2
DEPS =
SERVICES = arpwatch
# Enable debugging code
CFLAGS += -DDEBUG=1
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE) ethercodes.dat-$(ETHERCODES_DATE).xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
ethercodes.dat-$(ETHERCODES_DATE).xz = $(DL_FROM)/ethercodes.dat-$(ETHERCODES_DATE).xz
$(DL_FILE)_BLAKE2 = a43a2ad007da266f58b5c5fd617c8955940cffc88233c16455b553aea4c9ddad8cf744996b342f156c879aab29ce6c5ae85b93abdb0fbf5dd674d39e851de273
ethercodes.dat-$(ETHERCODES_DATE).xz_BLAKE2 = e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
# Fix compilation issues
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arpwatch/53_stop-using-_getshort.patch
cd $(DIR_APP) && sed -i '1i#include <time.h>' report.c
# Don't install the initscript
cd $(DIR_APP) && sed -i '/@HAVE_FREEBSD_TRUE@/d' Makefile.in
# Fix the envelope sender
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arpwatch/fix-envelope-sender.patch
# Build!
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Install initscripts
# $(call INSTALL_INITSCRIPTS,$(SERVICES))
# Install the data directory
-mkdir -pv /var/lib/arpwatch
# Install ethercodes.dat
xz -dvv \
< $(DIR_DL)/ethercodes.dat-$(ETHERCODES_DATE).xz \
> /var/lib/arpwatch/ethercodes.dat
@rm -rf $(DIR_APP)
@$(POSTBUILD)

12
lfs/configroot
View File

@@ -54,9 +54,9 @@ $(TARGET) :
ethernet extrahd/bin fwlogs fwhosts firewall ipblocklist key langs logging mac main \
menu.d modem optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote ddos loxilb keepalived haproxy xdpdns xdpsni sensors suricata time \
proxy/calamaris/bin qos/bin red remote ddos loxilb keepalived sensors suricata time \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
wakeonlan wireguard wireless ; do \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
@@ -68,9 +68,9 @@ $(TARGET) :
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings xdpdns/settings xdpdns/domainfile xdpsni/settings xdpsni/domainfile keepalived/keepalived.conf keepalived/runsettings keepalived/settings keepalived/configvs keepalived/configrs haproxy/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings loxilb/settings keepalived/keepalived.conf keepalived/runsettings keepalived/settings keepalived/configvs keepalived/configrs qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireguard/peers wireguard/settings wireless/config wireless/settings; do \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
@@ -81,7 +81,6 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/location-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/ipblocklist-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/wireguard-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
@@ -106,9 +105,6 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/dns-ddos-settings $(CONFIG_ROOT)/ddos/dns-ddos-settings
cp $(DIR_SRC)/config/cfgroot/loxilb-settings $(CONFIG_ROOT)/loxilb/settings
cp $(DIR_SRC)/config/cfgroot/loxilb-FWconfig.txt $(CONFIG_ROOT)/loxilb/FWconfig.txt
cp $(DIR_SRC)/config/cfgroot/xdpdns-settings $(CONFIG_ROOT)/xdpdns/settings
cp $(DIR_SRC)/config/cfgroot/xdpsni-settings $(CONFIG_ROOT)/xdpsni/settings
cp $(DIR_SRC)/config/cfgroot/haproxy-settings $(CONFIG_ROOT)/haproxy/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans

10
lfs/dnsdist
View File

@@ -26,7 +26,7 @@ include Config
SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer
VER = 1.9.10
VER = 1.8.0
THISAPP = dnsdist-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -52,7 +52,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 4490a6faf11b6b7e48fc821be37d0cee1ad93455ec09dadc61e236704bb743d8e5189d085352c775d19933934230e1c5b68ed233b7de7c5cb196f7da4dc16719
$(DL_FILE)_BLAKE2 = 47cfcfe3756cdc4520c1ba1e11b7d60191125ef900ba829ff7437ac2041352b845ab5f7183f53fea9b3aa6f44c5745de3878c2b72f2be048fa57d2c2e9325c0c
install : $(TARGET)
@@ -92,8 +92,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--disable-gnutls \
--enable-dns-over-tls \
--with-lua \
--with-ebpf \
--with-xsk \
--without-net-snmp
cd $(DIR_APP) && make $(MAKETUNING)
@@ -105,10 +103,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
install -v -m 644 $(DIR_SRC)/config/backup/includes/dnsdist \
/var/ipfire/backup/addons/includes/dnsdist
# Install xsk AF_XDP configuration
install -v -m 644 $(DIR_SRC)/config/dnsdist/dnsdist-xsk.conf \
/etc/dnsdist-xsk.conf
@rm -rf $(DIR_APP)
@$(POSTBUILD)

4
lfs/flash-images
View File

@@ -40,7 +40,6 @@ IMAGE_FILE = /install/images/$(SNAME)-$(VERSION)-core$(CORE)-$(BUILD_ARCH).img.x
FSTAB_FMT = UUID=%s %-8s %-4s %-10s %d %d\n
BPFFS_FMT = %s %-8s %-4s %-10s %d %d\n
DEBUGFS_FMT = %s %-8s %-4s %-10s %d %d\n
###############################################################################
# Top-level Rules
@@ -170,8 +169,6 @@ endif
printf "$(BPFFS_FMT)" "bpffs" "/sys/fs/bpf" \
"bpf" "defaults" 0 0 >> $(MNThdd)/etc/fstab
printf "$(DEBUGFS_FMT)" "debugfs" "/sys/kernel/debug" \
"debugfs" "defaults" 0 0 >> $(MNThdd)/etc/fstab
ifeq "$(BOOTLOADER)" "grub"
# backup defaults file
@@ -180,7 +177,6 @@ ifeq "$(BOOTLOADER)" "grub"
# Enable also serial console on GRUB
echo "GRUB_TERMINAL=\"serial console\"" >> $(MNThdd)/etc/default/grub
echo "GRUB_SERIAL_COMMAND=\"serial --unit=0 --speed=115200\"" >> $(MNThdd)/etc/default/grub
echo "GRUB_CMDLINE_LINUX=\"console=tty1 console=ttyS0,115200 rd.auto panic=10\"" >> $(MNThdd)/etc/default/grub
# Add additional entry for Serial console
cp $(DIR_SRC)/config/flash-images/grub/11_linux_scon \

4
lfs/go
View File

@@ -24,7 +24,7 @@
include Config
VER = 1.24.4
VER = 1.22.0
THISAPP = go-$(VER)
DL_FILE = go$(VER).$(GOOS)-$(GOARCH).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
go$(VER).$(GOOS)-arm64.tar.gz_BLAKE2 = 330336e36ebc7cb8666159256ff6dce965465195db84e29467fe0ffa79b1fa1b698d8751df73bec1cd7d04b528d9d6a9cad259f6ad5036eb89212ebc3e91b686
go$(VER).$(GOOS)-amd64.tar.gz_BLAKE2 = 17d2f502e57d1c94bc63712d4ec1ada4bfff281d9d387257c3f7f15f71040af7baf515d665b255c66581405b2e840d9bcbe850f275d30cb8fec21ecce8d14325
go$(VER).$(GOOS)-amd64.tar.gz_BLAKE2 = 018b9dd68d12ed0f2859993b6496d95bec946031353da022eb7fff2337c6082aadabbb4f858987d854599c1c2491e7ca404a7273bde01d61a2491097b24ce1b6
install : $(TARGET)

2
lfs/haproxy
View File

@@ -96,7 +96,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-mkdir -pv /etc/haproxy /var/lib/haproxy
install -v -m 644 $(DIR_SRC)/config/haproxy/haproxy.cfg \
/var/ipfire/haproxy/haproxy.cfg
/etc/haproxy/haproxy.cfg
install -v -m 644 $(DIR_SRC)/config/backup/includes/haproxy \
/var/ipfire/backup/addons/includes/haproxy

11
lfs/initscripts
View File

@@ -96,13 +96,11 @@ $(TARGET) :
ln -sf ../init.d/vdradmin /etc/rc.d/rc0.d/K01vdradmin
ln -sf ../init.d/sslh /etc/rc.d/rc0.d/K02sslh
ln -sf ../init.d/fcron /etc/rc.d/rc0.d/K08fcron
ln -sf ../init.d/arpwatch /etc/rc.d/rc0.d/K12arpwatch
ln -sf ../init.d/apache /etc/rc.d/rc0.d/K28apache
ln -sf ../init.d/sshd /etc/rc.d/rc0.d/K30sshd
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat
ln -sf ../init.d/wireguard /etc/rc.d/rc0.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc0.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc0.d/K79leds
@@ -131,10 +129,7 @@ $(TARGET) :
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc3.d/S24cyrus-sasl
ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd
ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache
ln -sf ../init.d/haproxy /etc/rc.d/rc3.d/S35haproxy
ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron
ln -sf ../init.d/wireguard /etc/rc.d/rc3.d/S50wireguard
ln -sf ../init.d/arpwatch /etc/rc.d/rc3.d/S64arpwatch
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
ln -sf ../init.d/sslh /etc/rc.d/rc3.d/S98sslh
ln -sf ../init.d/imspetor /etc/rc.d/rc3.d/S99imspetor
@@ -142,23 +137,17 @@ $(TARGET) :
ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin
ln -sf ../init.d/loxilb /etc/rc.d/rc3.d/S100loxilb
ln -sf ../init.d/keepalived /etc/rc.d/rc3.d/S101keepalived
ln -sf ../init.d/xdpdns /etc/rc.d/rc3.d/S102xdpdns
ln -sf ../init.d/xdpsni /etc/rc.d/rc3.d/S103xdpsni
ln -sf ../init.d/xdpgeoip /etc/rc.d/rc3.d/S104xdpgeoip
ln -sf ../init.d/ddos /etc/rc.d/rc3.d/S105ddos
ln -sf ../init.d/imspetor /etc/rc.d/rc6.d/K01imspetor
ln -sf ../init.d/motion /etc/rc.d/rc6.d/K01motion
ln -sf ../init.d/vdradmin /etc/rc.d/rc6.d/K01vdradmin
ln -sf ../init.d/sslh /etc/rc.d/rc6.d/K02sslh
ln -sf ../init.d/fcron /etc/rc.d/rc6.d/K08fcron
ln -sf ../init.d/arpwatch /etc/rc.d/rc6.d/K12arpwatch
ln -sf ../init.d/apache /etc/rc.d/rc6.d/K28apache
ln -sf ../init.d/sshd /etc/rc.d/rc6.d/K30sshd
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc6.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat
ln -sf ../init.d/wireguard /etc/rc.d/rc6.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc6.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc6.d/K79leds

1
lfs/iproute2
View File

@@ -78,7 +78,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Add table for static routing
echo "200 static" >> /etc/iproute2/rt_tables
echo "201 wg" >> /etc/iproute2/rt_tables
@rm -rf $(DIR_APP)
@$(POSTBUILD)

78
lfs/kexec-tools
View File

@@ -1,78 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024-2025 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 2.0.31
THISAPP = kexec-tools-$(VER)
DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 075f1457dce9d4d6f0a3fa3cb9ed4cebfc51324fe0f3859b0cb009e1ebdb10d5df83c17d35ec55c479f1416f0836bf263d6ed814732037af6189565685f81afe
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

9
lfs/knot
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.4.7
VER = 3.2.4
THISAPP = knot-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 31e0d939847a1fb7538eed371b4e9a4d8dcfb45b9df996fa13b083a6ec32550fc5d90fc528eb43b20a4effbed06353abd0238da3a04fdf48f5139a22d1eced35
$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1
install : $(TARGET)
@@ -76,15 +76,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--enable-static=no \
--enable-xdp=yes \
--disable-fastparser \
--disable-daemon \
--disable-modules \
--enable-maxminddb=no \
--disable-documentation
cd $(DIR_APP)/src && make $(MAKETUNING) kdig kxdpgun
cd $(DIR_APP)/src/.libs && cp -av kdig kxdpgun /usr/bin
cd $(DIR_APP)/src && make $(MAKETUNING) kdig
cd $(DIR_APP)/src/.libs && cp -av kdig /usr/bin
cd $(DIR_APP)/src/.libs && cp -av lib* /usr/lib
@rm -rf $(DIR_APP)

4
lfs/libbpf
View File

@@ -24,7 +24,7 @@
include Config
VER = 1.4.6
VER = 0.8.3
THISAPP = libbpf-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 590eb2f8f5a8caa24c94a8c3e0eddb0c8685051ea08967b4307fc8e6df41b81237637fe70f946f2579520948b56dd08fb0b6f4db9218e561930c9636f84d97ca
$(DL_FILE)_BLAKE2 = abee71b4ae0d3a7d0cdf4c108091821d915d4712820dae3debe84b897e7fb84a2c763df508eb539bb74e7461ca2b6836325b7a3c08c6bc8aafe1ac4097614f31
install : $(TARGET)

78
lfs/libbpf-bootstrap
View File

@@ -1,78 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2025 BPFire Team <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 0.3.1
THISAPP = libbpf-bootstrap-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = e5ce5b8bead58a9e777b78c39964aa0a817ed4c6fc835d3be1a0a884238e698b3bef313fd7de035f56a30c316c511a8acd2353c5ac3d44e98f0ed498d4e63c8a
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP)/examples/c && make $(MAKETUNING)
cd $(DIR_APP)/examples/c && cp -vf kprobe ksyscall profile netqtop wg_handshake /usr/bin/
@rm -rf $(DIR_APP)
@$(POSTBUILD)

21
lfs/linux
View File

@@ -24,7 +24,7 @@
include Config
VER = 6.15.6
VER = 6.6.15
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
@@ -72,7 +72,7 @@ objects = \
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 34301ec451141cab53c6017445fb78c6a681095604387b20060e8b2102d9677cf25a3af9f3db56a0b88772434179f730842bce67b718cd28998e5c56178c748a
$(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7
install : $(TARGET)
@@ -116,7 +116,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Wlan Patches
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch
#cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
# Fix igb and e1000e crash
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch
@@ -130,6 +130,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Patch performance monitoring restrictions to allow further hardening
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch
# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
# Fix external module compile
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch
@@ -149,12 +152,14 @@ ifeq "$(KCFG)" "-headers"
else
# Install ipfire logo
cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/bpfire-logo-ascii.ppm \
cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \
drivers/video/logo/logo_linux_clut224.ppm
# Cleanup kernel source
cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config
cp $(DIR_SRC)/config/kernel/kernel.config.bpf $(DIR_APP)/bpf-config
cd $(DIR_APP) && make oldconfig
cd $(DIR_APP) && ./scripts/kconfig/merge_config.sh .config bpf-config
cd $(DIR_APP) && make clean
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile
@@ -171,9 +176,6 @@ else
cd $(DIR_APP)/tools/bpf/bpftool && sed -i -e 's/^prefix ?= \/usr\/local/prefix ?= \/usr/' Makefile
cd $(DIR_APP)/tools/bpf/bpftool && make $(MAKETUNING)
# Build perf tool
cd $(DIR_APP)/tools/perf && NO_JEVENTS=1 NO_LIBTRACEEVENT=1 make $(MAKETUNING)
# Install the kernel
cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX)
@@ -183,9 +185,6 @@ else
# Install bpftool
cd $(DIR_APP)/tools/bpf/bpftool && make install
# Install perf tool
cd $(DIR_APP)/tools/perf && install -m 755 perf /usr/sbin/
ifneq "$(BUILD_PLATFORM)" "x86"
cd $(DIR_APP) && make $(MAKETUNING) dtbs
mkdir -p /boot/dtb-$(VER)-$(VERSUFIX)
@@ -221,7 +220,7 @@ endif
# Install objtool
cd $(DIR_APP) && cp -a tools/objtool/objtool \
/lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || :
cd $(DIR_APP) && cp -a --parents tools/build/{Build.include,fixdep.c} \
cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \
tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build
# Make sure we can build external modules

4
lfs/llvm-project
View File

@@ -24,7 +24,7 @@
include Config
VER = 19.1.7
VER = 17.0.6
THISAPP = llvm-project-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = b435361eb3ca1d548a8b79a475150cf717be1474443005de62b58c1b0c145818dc289c6b4252cfc0e5ff3a4d106f99506dce2fbf6100182b180a5cd23a792fb1
$(DL_FILE)_BLAKE2 = 779a428c86b5e797a1f2264e33268d69799cf7d9eb9776c38af5efca2b5b6f94248bb48409306fbd61f0d4775ee7ada3cac5490b0bd55d8f56133af1df814b07
install : $(TARGET)

6
lfs/loxicmd
View File

@@ -2,7 +2,7 @@
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024-2025 BPFire
# Copyright (C) 2024 BPFire
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
VER = 0.9.8
VER = 0.9.5
THISAPP = loxicmd-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = c4ea521c25ca8e49f9831d7d942ad7552249f84114b4b32f364d8e4023ada781f5aa6e8e7378ba5c9df43fd648a40213441f353405cd6ffd4eebe3097d824b18
$(DL_FILE)_BLAKE2 = 76e9315ddd791a1bbaf4cd2fbf5a646e93eca3963f46a78efe21d93a31906d01cf318e0aa930d3b4623eec786d83b4a6c7860ee21d65e5f66eb274e107b363b9
install : $(TARGET)

7
lfs/loxilb
View File

@@ -2,7 +2,7 @@
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024-2025 BPFire
# Copyright (C) 2024 BPFire
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
VER = 0.9.8.3
VER = 0.9.5
THISAPP = loxilb-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = e59c11a6a401fe63cd6b57974a48c181c1a36ca2374252393dc8b2146d18c90da95fa1a319011e274e2469f16437b1d590257700f4244b614f9b46692cec3c97
$(DL_FILE)_BLAKE2 = b1c6b3d25543b5a4c1516e1dc35dbe393c1bd10d8b83307a857713e8ee3553690ce64ffb9d611452c68745564afc775363c90d96b53607902afe24a7d72bdcf7
install : $(TARGET)
@@ -74,7 +74,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf /opt/loxilb
cd $(DIR_APP) && mkdir -p /opt/loxilb/dp
cd $(DIR_APP) && go clean -cache
cd $(DIR_APP) && make
cd $(DIR_APP)/loxilb-ebpf/kernel && cp -f *.o /opt/loxilb/
cd $(DIR_APP) && cp -f loxilb /usr/bin/loxilb

19
lfs/lunatik → lfs/loxilb-tc
View File

@@ -25,9 +25,9 @@
include Config
VER = 5.3.2
VER = 5.11.0
THISAPP = lunatik-$(VER)
THISAPP = loxilb-tc-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = f95268c97523003ec618374e74b7d6fda9970e21bc4778d5789b83ff2d7fa67896695067ffcf6efa7959454a7752b89f75b21c9293b4e5ba40feaebf703c6dbb
$(DL_FILE)_BLAKE2 = 07ff73f6ee40ad8f4d8e74fcd42dc9adf5b1b6ed145ff0c505524913f6362d6a39510c30f9b22b2e8c7ed9a0e14875b2417068edb379c2af1feb9639edd0dd11
install : $(TARGET)
@@ -71,13 +71,10 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
#generate lunatik symbols before build
cd $(DIR_APP) && ./gensymbols.sh lua/lua.h lua/lauxlib.h lua/lualib.h > lunatik_sym.h
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
cd $(DIR_APP)/examples/filter && make
cd $(DIR_APP) && make examples_install
cd $(DIR_APP)/libbpf/src/ && mkdir build && DESTDIR=build OBJDIR=build make install
cd $(DIR_APP) && export PKG_CONFIG_PATH=$(DIR_APP)/libbpf/src/ && \
LIBBPF_FORCE=on LIBBPF_DIR=$(DIR_APP)/libbpf/src/build ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && cp -f tc/tc /usr/bin/ntc
@rm -rf $(DIR_APP)
@$(POSTBUILD)

77
lfs/makedumpfile
View File

@@ -1,77 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# Copyright (C) 2024-2025 BPFire <vincent.mc.li@gmail.com> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.7.7
THISAPP = makedumpfile-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 7d61bfabd90e74f1a84c93bfe231f5acb0cb6b3a7029eebbccaaf45e1ba3da83eae11dfe8379442d470ef78606a51878a9d42610c65e87c052c56bcaebc0867c
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make LINKTYPE=dynamic && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

Some files were not shown because too many files have changed in this diff Show More