###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
cp $(DIR_SRC)/config/cfgroot/main-settings $(CONFIG_ROOT)/main/settings
+ cp $(DIR_SRC)/config/cfgroot/manualpages $(CONFIG_ROOT)/main/
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw
cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
- cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols
cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
- echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPHOSTILE=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "LOGDROPCTINVALID=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings
# Install snort to suricata converter.
cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file
-
- # Add conntrack helper default settings
- for proto in AMANDA FTP H323 IRC PPTP SIP TFTP; do \
- echo "CONNTRACK_$${proto}=off" >> $(CONFIG_ROOT)/optionsfw/settings; \
- done
+ cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers
# set converters executable
chmod 755 /usr/sbin/convert-*
# Configroot permissions
chown -R nobody:nobody $(CONFIG_ROOT)
chown root:root $(CONFIG_ROOT)
- for i in backup/ header.pl general-functions.pl graphs.pl lang.pl addon-lang/ langs/ ; do \
+ for i in backup/ *.pl addon-lang/ langs/ ; do \
chown -R root:root $(CONFIG_ROOT)/$$i; \
done
chown -Rv root:root $(CONFIG_ROOT)/*/bin
projects / people / mfischer / ipfire-2.x.git / blobdiff