mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 02:55:55 +02:00
a60dbb4b6a
Also extended backup.pl script to support old backups. Now it is possible to restore old backups into new firewall. On restore, all config files of new firewall will be destroyed and the 4 converters will recreate them.
166 lines
8.7 KiB
Plaintext
166 lines
8.7 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
VER = ipfire
|
|
|
|
THISAPP = configroot
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
install : $(TARGET)
|
|
|
|
check :
|
|
|
|
download :
|
|
|
|
md5 :
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) :
|
|
@$(PREBUILD)
|
|
|
|
# Create all directories
|
|
for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
|
|
ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \
|
|
ethernet extrahd/bin fwlogs fwhosts forward forward/bin isdn key langs logging mac main menu.d modem net-traffic \
|
|
net-traffic/templates nfs optionsfw \
|
|
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
|
|
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
|
|
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
|
|
wakeonlan wireless ; do \
|
|
mkdir -p $(CONFIG_ROOT)/$$i; \
|
|
done
|
|
|
|
# Touch empty files
|
|
for i in auth/users backup/include.user backup/exclude.user \
|
|
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
|
|
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
|
|
extrahd/scan extrahd/devices extrahd/partitions extrahd/settings forward/settings forward/config forward/input forward/outgoing forward/dmz forward/nat \
|
|
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \
|
|
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
|
|
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
|
|
ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
|
|
qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
|
|
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
|
|
touch $(CONFIG_ROOT)/$$i; \
|
|
done
|
|
|
|
# Copy initial configfiles
|
|
cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
|
|
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
|
|
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
|
|
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
|
|
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
|
|
cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list
|
|
cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl
|
|
cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler
|
|
cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/
|
|
cp $(DIR_SRC)/config/cfgroot/sensors-settings $(CONFIG_ROOT)/sensors/settings
|
|
cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
|
|
cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults
|
|
cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings
|
|
cp $(DIR_SRC)/config/cfgroot/net-traffic-lib.pl $(CONFIG_ROOT)/net-traffic/net-traffic-lib.pl
|
|
cp $(DIR_SRC)/config/cfgroot/net-traffic-admin.pl $(CONFIG_ROOT)/net-traffic/net-traffic-admin.pl
|
|
cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
|
|
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
|
|
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
|
|
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
|
|
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
|
|
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
|
|
cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
|
|
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
|
|
cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
|
|
cp $(DIR_SRC)/config/forwardfw/rules.pl $(CONFIG_ROOT)/forward/bin/rules.pl
|
|
cp $(DIR_SRC)/config/forwardfw/convert-xtaccess /usr/sbin/convert-xtaccess
|
|
cp $(DIR_SRC)/config/forwardfw/convert-outgoingfw /usr/sbin/convert-outgoingfw
|
|
cp $(DIR_SRC)/config/forwardfw/convert-dmz /usr/sbin/convert-dmz
|
|
cp $(DIR_SRC)/config/forwardfw/convert-portfw /usr/sbin/convert-portfw
|
|
cp $(DIR_SRC)/config/forwardfw/p2protocols $(CONFIG_ROOT)/forward/p2protocols
|
|
cp $(DIR_SRC)/config/forwardfw/firewall-lib.pl $(CONFIG_ROOT)/forward/bin/firewall-lib.pl
|
|
cp $(DIR_SRC)/config/forwardfw/firewall-policy /usr/sbin/firewall-policy
|
|
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
|
|
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
|
|
# Oneliner configfiles
|
|
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
|
|
echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
|
|
echo "01" > $(CONFIG_ROOT)/certs/serial
|
|
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
|
|
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "FWPOLICY1=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "FWPOLICY2=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "DROPPORTSCAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "DROPOUTGOING=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "SHOWREMARK=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "SHOWCOLORS=off" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "SHOWTABLES=on" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
|
|
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/forward/settings
|
|
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/forward/settings
|
|
|
|
# set rules.pl executable
|
|
chmod 755 $(CONFIG_ROOT)/forward/bin/rules.pl
|
|
|
|
# set converters executable
|
|
chmod 755 /usr/sbin/convert-*
|
|
|
|
# Modify variables in header.pl
|
|
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
|
|
-e "s+VERSION+$(VERSION)+g" \
|
|
$(CONFIG_ROOT)/header.pl
|
|
|
|
# Modify variables in general-functions.pl
|
|
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
|
|
-e "s+VERSION+$(VERSION)+g" \
|
|
$(CONFIG_ROOT)/general-functions.pl
|
|
|
|
# Modify CONFIG_ROOT in lang.pl
|
|
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
|
|
$(CONFIG_ROOT)/lang.pl
|
|
|
|
# Language files
|
|
cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/
|
|
|
|
# Configroot permissions
|
|
chown -R nobody:nobody $(CONFIG_ROOT)
|
|
chown root:root $(CONFIG_ROOT)
|
|
for i in backup/ header.pl general-functions.pl lang.pl addon-lang/ langs/ red/ ; do \
|
|
chown -R root:root $(CONFIG_ROOT)/$$i; \
|
|
done
|
|
chown root:nobody $(CONFIG_ROOT)/dhcpc
|
|
|
|
|
|
@$(POSTBUILD)
|