]>
Commit | Line | Data |
---|---|---|
cd1a2927 | 1 | ############################################################################### |
cd1a2927 | 2 | # # |
70df8302 | 3 | # IPFire.org - A linux based firewall # |
30335673 | 4 | # Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> # |
70df8302 MT |
5 | # # |
6 | # This program is free software: you can redistribute it and/or modify # | |
cd1a2927 | 7 | # it under the terms of the GNU General Public License as published by # |
70df8302 | 8 | # the Free Software Foundation, either version 3 of the License, or # |
cd1a2927 MT |
9 | # (at your option) any later version. # |
10 | # # | |
70df8302 | 11 | # This program is distributed in the hope that it will be useful, # |
cd1a2927 MT |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
70df8302 | 17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # |
cd1a2927 | 18 | # # |
cd1a2927 MT |
19 | ############################################################################### |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
15679d9f MT |
27 | VER = ipfire |
28 | ||
cd1a2927 MT |
29 | THISAPP = configroot |
30 | DIR_APP = $(DIR_SRC)/$(THISAPP) | |
31 | TARGET = $(DIR_INFO)/$(THISAPP) | |
32 | ||
33 | ############################################################################### | |
34 | # Top-level Rules | |
35 | ############################################################################### | |
36 | ||
37 | install : $(TARGET) | |
38 | ||
39 | check : | |
40 | ||
41 | download : | |
42 | ||
43 | md5 : | |
44 | ||
45 | ############################################################################### | |
46 | # Installation Details | |
47 | ############################################################################### | |
48 | ||
49 | $(TARGET) : | |
50 | @$(PREBUILD) | |
51 | ||
52 | # Create all directories | |
111c99dd | 53 | for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \ |
73372ed4 | 54 | ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \ |
5edc06b7 | 55 | menu.d modem nfs optionsfw \ |
9dafa928 | 56 | ovpn patches pakfire portfw ppp private proxy/advanced/cre \ |
2b163f44 | 57 | proxy/calamaris/bin qos/bin red remote sensors snort time \ |
d9716b06 | 58 | updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ |
111c99dd | 59 | wakeonlan wireless ; do \ |
cd1a2927 MT |
60 | mkdir -p $(CONFIG_ROOT)/$$i; \ |
61 | done | |
62 | ||
63 | # Touch empty files | |
64 | for i in auth/users backup/include.user backup/exclude.user \ | |
1fde937c | 65 | certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ |
111c99dd | 66 | dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ |
30654fd8 SS |
67 | ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \ |
68 | fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \ | |
5edc06b7 | 69 | isdn/settings mac/settings main/hosts main/routing main/settings optionsfw/settings \ |
51379603 | 70 | ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ |
dfb1bfaf | 71 | ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ |
2b163f44 | 72 | qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ |
4e565351 | 73 | vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ |
111c99dd | 74 | touch $(CONFIG_ROOT)/$$i; \ |
cd1a2927 MT |
75 | done |
76 | ||
77 | # Copy initial configfiles | |
78 | cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/ | |
79 | cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/ | |
4e9a2b57 | 80 | cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/ |
30654fd8 | 81 | cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/ |
cd1a2927 | 82 | cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/ |
111c99dd | 83 | cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/ |
341ff36c | 84 | cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/ |
c5e3d520 | 85 | cp $(DIR_SRC)/config/cfgroot/modem-lib.pl $(CONFIG_ROOT)/ |
4e565351 | 86 | cp $(DIR_SRC)/config/cfgroot/advoptions-list $(CONFIG_ROOT)/dhcp/advoptions-list |
4e565351 | 87 | cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl $(CONFIG_ROOT)/connscheduler/lib.pl |
1fde937c | 88 | cp $(DIR_SRC)/config/cfgroot/connscheduler.conf $(CONFIG_ROOT)/connscheduler |
aa2870e6 | 89 | cp $(DIR_SRC)/config/extrahd/* $(CONFIG_ROOT)/extrahd/bin/ |
958d26ac | 90 | cp $(DIR_SRC)/config/cfgroot/sensors-settings $(CONFIG_ROOT)/sensors/settings |
111c99dd | 91 | cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/ |
cd1a2927 MT |
92 | cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults |
93 | cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings | |
60cbd6e7 | 94 | cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server |
cd1a2927 | 95 | cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4 |
111c99dd MT |
96 | cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/ |
97 | cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings | |
cd1a2927 | 98 | cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings |
111c99dd | 99 | cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings |
ed38f89d | 100 | cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced |
d23fc912 | 101 | cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans |
111c99dd | 102 | cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ |
6921f0ea AM |
103 | cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess |
104 | cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw | |
105 | cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz | |
106 | cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw | |
6d8eb5de | 107 | cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols |
6921f0ea | 108 | cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy |
111c99dd | 109 | cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types |
af8bc0d0 | 110 | cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices |
a3f2459f | 111 | cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default |
cd1a2927 MT |
112 | # Oneliner configfiles |
113 | echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings | |
114 | echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings | |
115 | echo "01" > $(CONFIG_ROOT)/certs/serial | |
116 | echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf | |
5595bc03 CS |
117 | echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings |
118 | echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings | |
c0ec1996 | 119 | echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings |
9dafa928 | 120 | echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings |
4e62b47f | 121 | echo "FWPOLICY1=DROP" >> $(CONFIG_ROOT)/optionsfw/settings |
36e9534f | 122 | echo "FWPOLICY2=DROP" >> $(CONFIG_ROOT)/optionsfw/settings |
5595bc03 | 123 | echo "DROPPORTSCAN=on" >> $(CONFIG_ROOT)/optionsfw/settings |
4e62b47f | 124 | echo "DROPOUTGOING=on" >> $(CONFIG_ROOT)/optionsfw/settings |
409cd018 MT |
125 | echo "DROPSAMBA=off" >> $(CONFIG_ROOT)/optionsfw/settings |
126 | echo "DROPPROXY=off" >> $(CONFIG_ROOT)/optionsfw/settings | |
5aa8edf6 | 127 | echo "SHOWREMARK=on" >> $(CONFIG_ROOT)/optionsfw/settings |
4f3bd0ca AM |
128 | echo "SHOWCOLORS=on" >> $(CONFIG_ROOT)/optionsfw/settings |
129 | echo "SHOWTABLES=off" >> $(CONFIG_ROOT)/optionsfw/settings | |
ec329c06 | 130 | echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings |
a1fdbdac AF |
131 | echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings |
132 | echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings | |
6d8eb5de AM |
133 | echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings |
134 | echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings | |
73372ed4 | 135 | |
d57c6162 | 136 | # Add conntrack helper default settings |
53a6b00c | 137 | for proto in FTP H323 IRC SIP TFTP; do \ |
d57c6162 MT |
138 | echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \ |
139 | done | |
140 | ||
53a6b00c MT |
141 | # Do not enable these by default because these are broken |
142 | for proto in AMANDA PPTP; do \ | |
143 | echo "CONNTRACK_$${proto}=off" >> $(CONFIG_ROOT)/optionsfw/settings; \ | |
144 | done | |
145 | ||
99e698d0 AM |
146 | # set converters executable |
147 | chmod 755 /usr/sbin/convert-* | |
73372ed4 | 148 | |
cd1a2927 MT |
149 | # Modify variables in header.pl |
150 | sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ | |
151 | -e "s+VERSION+$(VERSION)+g" \ | |
152 | $(CONFIG_ROOT)/header.pl | |
153 | ||
154 | # Modify variables in general-functions.pl | |
155 | sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ | |
156 | -e "s+VERSION+$(VERSION)+g" \ | |
157 | $(CONFIG_ROOT)/general-functions.pl | |
158 | ||
159 | # Modify CONFIG_ROOT in lang.pl | |
160 | sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ | |
161 | $(CONFIG_ROOT)/lang.pl | |
162 | ||
163 | # Language files | |
462515e4 | 164 | cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/ |
231499fc | 165 | |
cd1a2927 MT |
166 | # Configroot permissions |
167 | chown -R nobody:nobody $(CONFIG_ROOT) | |
168 | chown root:root $(CONFIG_ROOT) | |
d7fcd5da | 169 | for i in backup/ header.pl general-functions.pl graphs.pl lang.pl addon-lang/ langs/ red/ ; do \ |
cd1a2927 MT |
170 | chown -R root:root $(CONFIG_ROOT)/$$i; \ |
171 | done | |
7b906cb2 | 172 | chown -Rv root:root $(CONFIG_ROOT)/*/bin |
cd1a2927 MT |
173 | chown root:nobody $(CONFIG_ROOT)/dhcpc |
174 | ||
175 | @$(POSTBUILD) |