]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - lfs/configroot
firewall: Make logging of conntrack INVALIDs configureable
[people/pmueller/ipfire-2.x.git] / lfs / configroot
CommitLineData
cd1a2927 1###############################################################################
cd1a2927 2# #
70df8302 3# IPFire.org - A linux based firewall #
55f0bafb 4# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
70df8302
MT
5# #
6# This program is free software: you can redistribute it and/or modify #
cd1a2927 7# it under the terms of the GNU General Public License as published by #
70df8302 8# the Free Software Foundation, either version 3 of the License, or #
cd1a2927
MT
9# (at your option) any later version. #
10# #
70df8302 11# This program is distributed in the hope that it will be useful, #
cd1a2927
MT
12# but WITHOUT ANY WARRANTY; without even the implied warranty of #
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14# GNU General Public License for more details. #
15# #
16# You should have received a copy of the GNU General Public License #
70df8302 17# along with this program. If not, see <http://www.gnu.org/licenses/>. #
cd1a2927 18# #
cd1a2927
MT
19###############################################################################
20
21###############################################################################
22# Definitions
23###############################################################################
24
25include Config
26
15679d9f
MT
27VER = ipfire
28
cd1a2927
MT
29THISAPP = configroot
30DIR_APP = $(DIR_SRC)/$(THISAPP)
31TARGET = $(DIR_INFO)/$(THISAPP)
32
33###############################################################################
34# Top-level Rules
35###############################################################################
36
37install : $(TARGET)
38
39check :
40
41download :
42
43md5 :
44
45###############################################################################
46# Installation Details
47###############################################################################
48
49$(TARGET) :
50 @$(PREBUILD)
51
52 # Create all directories
5ca163cd 53 for i in addon-lang auth backup ca captive certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
73372ed4 54 ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
77729e5b 55 menu.d modem optionsfw \
9dafa928 56 ovpn patches pakfire portfw ppp private proxy/advanced/cre \
72b2109c 57 proxy/calamaris/bin qos/bin red remote sensors suricata time \
06f03f5b 58 updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
111c99dd 59 wakeonlan wireless ; do \
cd1a2927
MT
60 mkdir -p $(CONFIG_ROOT)/$$i; \
61 done
62
63 # Touch empty files
64 for i in auth/users backup/include.user backup/exclude.user \
e6f7f8e7 65 captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \
b48379d5 66 dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dns/servers dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
987d0965
SS
67 ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/locationblock firewall/input firewall/outgoing \
68 fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings \
6d37280f 69 isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
51379603 70 ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
dfb1bfaf 71 ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
06f03f5b 72 qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
4e565351 73 vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
111c99dd 74 touch $(CONFIG_ROOT)/$$i; \
cd1a2927
MT
75 done
76
77 # Copy initial configfiles
78 cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
79 cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
4e9a2b57 80 cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
987d0965 81 cp $(DIR_SRC)/config/cfgroot/location-functions.pl $(CONFIG_ROOT)/
8dcebe53 82 cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
cd1a2927 83 cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
111c99dd 84 cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
341ff36c 85 cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
c5e3d520 86 cp $(DIR_SRC)/config/cfgroot/modem-lib.pl $(CONFIG_ROOT)/
4e565351 87 cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list
4e565351 88 cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl
1fde937c 89 cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler
aa2870e6 90 cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/
958d26ac 91 cp $(DIR_SRC)/config/cfgroot/sensors-settings $(CONFIG_ROOT)/sensors/settings
111c99dd 92 cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
cd1a2927
MT
93 cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults
94 cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings
95 cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
111c99dd 96 cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
0009de91 97 cp $(DIR_SRC)/config/cfgroot/main-settings $(CONFIG_ROOT)/main/settings
4f6ef735 98 cp $(DIR_SRC)/config/cfgroot/manualpages $(CONFIG_ROOT)/main/
111c99dd 99 cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cd1a2927 100 cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
111c99dd 101 cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
d23fc912 102 cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
111c99dd 103 cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
6921f0ea
AM
104 cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess
105 cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw
106 cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
107 cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
6d8eb5de 108 cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols
6921f0ea 109 cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
111c99dd 110 cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
af8bc0d0 111 cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
a3f2459f 112 cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default
cd1a2927
MT
113 # Oneliner configfiles
114 echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
cd1a2927
MT
115 echo "01" > $(CONFIG_ROOT)/certs/serial
116 echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
02001624 117 echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
5595bc03 118 echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
c0ec1996 119 echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
9dafa928 120 echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
4e62b47f 121 echo "FWPOLICY1=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
36e9534f 122 echo "FWPOLICY2=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
5595bc03 123 echo "DROPPORTSCAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
4e62b47f 124 echo "DROPOUTGOING=on" >> $(CONFIG_ROOT)/optionsfw/settings
409cd018
MT
125 echo "DROPSAMBA=off" >> $(CONFIG_ROOT)/optionsfw/settings
126 echo "DROPPROXY=off" >> $(CONFIG_ROOT)/optionsfw/settings
5aa8edf6 127 echo "SHOWREMARK=on" >> $(CONFIG_ROOT)/optionsfw/settings
4f3bd0ca
AM
128 echo "SHOWCOLORS=on" >> $(CONFIG_ROOT)/optionsfw/settings
129 echo "SHOWTABLES=off" >> $(CONFIG_ROOT)/optionsfw/settings
ec329c06 130 echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
a1fdbdac
AF
131 echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
132 echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
02001624 133 echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
55f6e62c 134 echo "DROPHOSTILE=on" >> $(CONFIG_ROOT)/optionsfw/settings
926d840f 135 echo "LOGDROPCTINVALID=on" >> $(CONFIG_ROOT)/optionsfw/settings
6d8eb5de
AM
136 echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
137 echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
c919b15c 138 echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings
040160c7 139 echo "TREE=$(PAKFIRE_TREE)" >> $(CONFIG_ROOT)/pakfire/settings
73372ed4 140
85a62b05
SS
141 # Install snort to suricata converter.
142 cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
a5ba473c 143 cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file
77b373d6 144 cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers
85a62b05 145
99e698d0
AM
146 # set converters executable
147 chmod 755 /usr/sbin/convert-*
73372ed4 148
36f253d2
MT
149 # Make extrahd.pl executable
150 chmod 755 /var/ipfire/extrahd/bin/extrahd.pl
151
cd1a2927
MT
152 # Modify variables in header.pl
153 sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
154 -e "s+VERSION+$(VERSION)+g" \
155 $(CONFIG_ROOT)/header.pl
156
157 # Modify variables in general-functions.pl
158 sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
159 -e "s+VERSION+$(VERSION)+g" \
160 $(CONFIG_ROOT)/general-functions.pl
161
162 # Modify CONFIG_ROOT in lang.pl
163 sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
164 $(CONFIG_ROOT)/lang.pl
165
166 # Language files
462515e4 167 cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/
231499fc 168
cd1a2927
MT
169 # Configroot permissions
170 chown -R nobody:nobody $(CONFIG_ROOT)
171 chown root:root $(CONFIG_ROOT)
55f0bafb 172 for i in backup/ *.pl addon-lang/ langs/ ; do \
cd1a2927
MT
173 chown -R root:root $(CONFIG_ROOT)/$$i; \
174 done
7b906cb2 175 chown -Rv root:root $(CONFIG_ROOT)/*/bin
cd1a2927
MT
176 chown root:nobody $(CONFIG_ROOT)/dhcpc
177
178 @$(POSTBUILD)