/etc/sysconfig/lm_sensors
/var/ipfire/ethernet/settings
/var/ipfire/firewall/bin/*
+/var/ipfire/ovpn/openssl/*
/var/ipfire/proxy/calamaris/bin/*
/var/ipfire/qos/bin/qos.pl
/var/ipfire/urlfilter/blacklists/*/*.db
--- /dev/null
+#!/usr/bin/perl -w
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org>. #
+# #
+############################################################################
+
+package AWS;
+
+sub running_on_ec2() {
+ if (-e "/var/run/aws-instance-id") {
+ return 1;
+ }
+
+ return 0;
+}
+
+1;
$|=1; # line buffering
+require "/var/ipfire/aws-functions.pl";
+
$Header::revision = 'final';
$Header::swroot = '/var/ipfire';
$Header::graphdir='/srv/web/ipfire/html/graphs';
require "${swroot}/langs/${language}.pl";
eval `/bin/cat /srv/web/ipfire/html/themes/$THEME_NAME/include/functions.pl`;
+sub green_used() {
+ if ($ethsettings{'GREEN_DEV'} && $ethsettings{'GREEN_DEV'} ne "") {
+ return 1;
+ }
+
+ return 0;
+}
+
sub orange_used () {
if ($ethsettings{'CONFIG_TYPE'} =~ /^[24]$/) {
return 1;
if ( $ethsettings{'RED_TYPE'} eq "PPPOE" && $pppsettings{'MONPORT'} ne "" ) {
$menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} = 1;
}
+
+ # Disbale unusable things on EC2
+ if (&AWS::running_on_ec2()) {
+ $menu->{'03.network'}{'subMenu'}->{'30.dhcp'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} = 0;
+ }
+
+ # Disable proxy when no GREEN is available
+ if (!&green_used()) {
+ $menu->{'03.network'}{'subMenu'}->{'20.proxy'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'21.urlfilter'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'22.updxlrator'}{'enabled'} = 0;
+ }
}
}
--- /dev/null
+THEME=ipfire
+LANGUAGE=en
+RRDLOG=/var/log/rrd
+KEYMAP=/lib/kbd/keymaps/i386/qwerty/us.map.gz
+TIMEZONE=/usr/share/zoneinfo/posix/UTC
ENABLE_SSH_KEYS=off
-ENABLE_SSH_PROTOCOL1=off
ENABLE_SSH_PASSWORDS=on
ENABLE_SSH_PORTFW=off
ENABLE_SSH=off
-__CGI__=CGI=HASH(0x840b7a0)
+SSH_PORT=on
group: files
shadow: files
-hosts: files dns
+hosts: files dns myhostname
networks: files
protocols: files
# INPUT
# Allow access from GREEN
-iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+if [ -n "${GREEN_DEV}" ]; then
+ iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+fi
# Allow access from BLUE
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
*)
# Access from GREEN is granted to everywhere
- if [ "${IFACE}" = "${GREEN_DEV}" ]; then
- # internet via green
- # don't check source IP/NET if IFACE is GREEN
- iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
- else
- iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ if [ -n "${GREEN_DEV}" ]; then
+ if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+ # internet via green
+ # don't check source IP/NET if IFACE is GREEN
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+ else
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ fi
fi
# Grant access for IPsec VPN connections
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
#usr/share/man/man2/llistxattr.2
#usr/share/man/man2/lremovexattr.2
#usr/share/man/man2/removexattr.2
+#usr/share/man/man2/lsetxattr.2
#usr/share/man/man3/attr_get.3
#usr/share/man/man3/attr_getf.3
#usr/share/man/man3/attr_list.3
var/ipfire/addon-lang
var/ipfire/auth
#var/ipfire/auth/users
+var/ipfire/aws-functions.pl
#var/ipfire/backup
var/ipfire/backup/exclude.user
var/ipfire/backup/include.user
#usr/lib/conntrack-tools
+#usr/lib/conntrack-tools/ct_helper_amanda.la
+usr/lib/conntrack-tools/ct_helper_amanda.so
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.la
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.so
#usr/lib/conntrack-tools/ct_helper_ftp.la
usr/lib/conntrack-tools/ct_helper_ftp.so
+#usr/lib/conntrack-tools/ct_helper_mdns.la
+usr/lib/conntrack-tools/ct_helper_mdns.so
#usr/lib/conntrack-tools/ct_helper_rpc.la
usr/lib/conntrack-tools/ct_helper_rpc.so
+#usr/lib/conntrack-tools/ct_helper_sane.la
+usr/lib/conntrack-tools/ct_helper_sane.so
+#usr/lib/conntrack-tools/ct_helper_ssdp.la
+usr/lib/conntrack-tools/ct_helper_ssdp.so
+#usr/lib/conntrack-tools/ct_helper_tftp.la
+usr/lib/conntrack-tools/ct_helper_tftp.so
#usr/lib/conntrack-tools/ct_helper_tns.la
usr/lib/conntrack-tools/ct_helper_tns.so
usr/sbin/conntrack
usr/sbin/conntrackd
usr/sbin/nfct
+#usr/share/man/man5/conntrackd.conf.5
#usr/share/man/man8/conntrack.8
#usr/share/man/man8/conntrackd.8
#usr/share/man/man8/nfct.8
etc/DIR_COLORS
usr/bin/[
usr/bin/arch
+usr/bin/b2sum
+usr/bin/base32
usr/bin/base64
usr/bin/basename
usr/bin/chcon
#usr/share/locale/el/LC_MESSAGES/coreutils.mo
#usr/share/locale/el/LC_TIME
#usr/share/locale/el/LC_TIME/coreutils.mo
-#usr/share/locale/eo
-#usr/share/locale/eo/LC_MESSAGES
#usr/share/locale/eo/LC_MESSAGES/coreutils.mo
#usr/share/locale/eo/LC_TIME
#usr/share/locale/eo/LC_TIME/coreutils.mo
#usr/share/locale/fr/LC_MESSAGES/coreutils.mo
#usr/share/locale/fr/LC_TIME
#usr/share/locale/fr/LC_TIME/coreutils.mo
-#usr/share/locale/ga
-#usr/share/locale/ga/LC_MESSAGES
#usr/share/locale/ga/LC_MESSAGES/coreutils.mo
#usr/share/locale/ga/LC_TIME
#usr/share/locale/ga/LC_TIME/coreutils.mo
#usr/share/locale/hu/LC_MESSAGES/coreutils.mo
#usr/share/locale/hu/LC_TIME
#usr/share/locale/hu/LC_TIME/coreutils.mo
-#usr/share/locale/ia
-#usr/share/locale/ia/LC_MESSAGES
#usr/share/locale/ia/LC_MESSAGES/coreutils.mo
#usr/share/locale/ia/LC_TIME
#usr/share/locale/ia/LC_TIME/coreutils.mo
#usr/share/locale/lt/LC_MESSAGES/coreutils.mo
#usr/share/locale/lt/LC_TIME
#usr/share/locale/lt/LC_TIME/coreutils.mo
-#usr/share/locale/ms
-#usr/share/locale/ms/LC_MESSAGES
#usr/share/locale/ms/LC_MESSAGES/coreutils.mo
#usr/share/locale/ms/LC_TIME
#usr/share/locale/ms/LC_TIME/coreutils.mo
#usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo
#usr/share/locale/pt_BR/LC_TIME
#usr/share/locale/pt_BR/LC_TIME/coreutils.mo
-#usr/share/locale/ro
-#usr/share/locale/ro/LC_MESSAGES
#usr/share/locale/ro/LC_MESSAGES/coreutils.mo
#usr/share/locale/ro/LC_TIME
#usr/share/locale/ro/LC_TIME/coreutils.mo
#usr/share/locale/sk/LC_MESSAGES/coreutils.mo
#usr/share/locale/sk/LC_TIME
#usr/share/locale/sk/LC_TIME/coreutils.mo
-#usr/share/locale/sl
-#usr/share/locale/sl/LC_MESSAGES
#usr/share/locale/sl/LC_MESSAGES/coreutils.mo
#usr/share/locale/sl/LC_TIME
#usr/share/locale/sl/LC_TIME/coreutils.mo
+#usr/share/locale/sr/LC_MESSAGES/coreutils.mo
+#usr/share/locale/sr/LC_TIME
+#usr/share/locale/sr/LC_TIME/coreutils.mo
#usr/share/locale/sv/LC_MESSAGES/coreutils.mo
#usr/share/locale/sv/LC_TIME
#usr/share/locale/sv/LC_TIME/coreutils.mo
#usr/share/locale/tr/LC_MESSAGES/coreutils.mo
#usr/share/locale/tr/LC_TIME
#usr/share/locale/tr/LC_TIME/coreutils.mo
-#usr/share/locale/uk
-#usr/share/locale/uk/LC_MESSAGES
#usr/share/locale/uk/LC_MESSAGES/coreutils.mo
#usr/share/locale/uk/LC_TIME
#usr/share/locale/uk/LC_TIME/coreutils.mo
#usr/share/locale/zh_TW/LC_TIME
#usr/share/locale/zh_TW/LC_TIME/coreutils.mo
#usr/share/man/man1/arch.1
+#usr/share/man/man1/b2sum.1
+#usr/share/man/man1/base32.1
#usr/share/man/man1/base64.1
#usr/share/man/man1/basename.1
#usr/share/man/man1/cat.1
#usr/lib/libdhcp.a
#usr/lib/libdhcpctl.a
#usr/lib/libomapi.a
-#usr/sbin/dhclient
+usr/sbin/dhclient
usr/sbin/dhcpd
usr/sbin/dhcrelay
#usr/share/man/man1/omshell.1
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
etc/ipset
#usr/include/libipset
+#usr/include/libipset/args.h
#usr/include/libipset/data.h
#usr/include/libipset/errcode.h
#usr/include/libipset/linux_ip_set.h
#usr/include/libipset/utils.h
#usr/lib/libipset.la
#usr/lib/libipset.so
-usr/lib/libipset.so.3
-usr/lib/libipset.so.3.6.0
+usr/lib/libipset.so.11
+usr/lib/libipset.so.11.1.0
#usr/lib/pkgconfig/libipset.pc
usr/sbin/ipset
#usr/share/man/man8/ipset.8
lib/libiptc.so.0.0.0
#lib/libxtables.la
lib/libxtables.so
-lib/libxtables.so.10
-lib/libxtables.so.10.0.0
-lib/xtables
+lib/libxtables.so.12
+lib/libxtables.so.12.0.0
+#lib/xtables
+#lib/xtables/libebt_802_3.so
+#lib/xtables/libebt_ip.so
+#lib/xtables/libebt_log.so
+#lib/xtables/libebt_mark_m.so
#lib/xtables/libip6t_DNAT.so
#lib/xtables/libip6t_DNPT.so
#lib/xtables/libip6t_HL.so
#lib/xtables/libip6t_ipv6header.so
#lib/xtables/libip6t_mh.so
#lib/xtables/libip6t_rt.so
+#lib/xtables/libip6t_srh.so
#lib/xtables/libipt_CLUSTERIP.so
#lib/xtables/libipt_DNAT.so
#lib/xtables/libipt_ECN.so
#lib/xtables/libipt_LOG.so
#lib/xtables/libipt_MASQUERADE.so
-#lib/xtables/libipt_MIRROR.so
#lib/xtables/libipt_NETMAP.so
#lib/xtables/libipt_REDIRECT.so
#lib/xtables/libipt_REJECT.so
-#lib/xtables/libipt_SAME.so
#lib/xtables/libipt_SNAT.so
#lib/xtables/libipt_TTL.so
#lib/xtables/libipt_ULOG.so
#lib/xtables/libipt_icmp.so
#lib/xtables/libipt_realm.so
#lib/xtables/libipt_ttl.so
-#lib/xtables/libipt_unclean.so
#lib/xtables/libxt_AUDIT.so
#lib/xtables/libxt_CHECKSUM.so
#lib/xtables/libxt_CLASSIFY.so
#lib/xtables/libxt_TRACE.so
#lib/xtables/libxt_addrtype.so
#lib/xtables/libxt_bpf.so
+#lib/xtables/libxt_cgroup.so
#lib/xtables/libxt_cluster.so
#lib/xtables/libxt_comment.so
#lib/xtables/libxt_connbytes.so
#lib/xtables/libxt_esp.so
#lib/xtables/libxt_hashlimit.so
#lib/xtables/libxt_helper.so
+#lib/xtables/libxt_ipcomp.so
#lib/xtables/libxt_iprange.so
#lib/xtables/libxt_ipvs.so
#lib/xtables/libxt_layer7.so
#lib/xtables/libxt_length.so
#lib/xtables/libxt_limit.so
#lib/xtables/libxt_mac.so
+#lib/xtables/libxt_mangle.so
#lib/xtables/libxt_mark.so
#lib/xtables/libxt_multiport.so
#lib/xtables/libxt_nfacct.so
#usr/share/man/man8/iptables-restore.8
#usr/share/man/man8/iptables-save.8
#usr/share/man/man8/iptables.8
+#usr/share/man/man8/nfnl_osf.8
#usr/share/xtables
usr/share/xtables/pf.os
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.2.0
+usr/lib/libgcrypt.so.20.2.3
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
#usr/share/man/man1/hmac256.1
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h
+#usr/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
#usr/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
#usr/lib/libnetfilter_conntrack.la
#usr/lib/libnetfilter_conntrack.so
usr/lib/libnetfilter_conntrack.so.3
-usr/lib/libnetfilter_conntrack.so.3.6.0
+usr/lib/libnetfilter_conntrack.so.3.7.0
#usr/lib/pkgconfig/libnetfilter_conntrack.pc
--- /dev/null
+lib/libnss_myhostname.so.2
+#usr/share/doc/nss-myhostname
+#usr/share/doc/nss-myhostname/README.html
+#usr/share/doc/nss-myhostname/style.css
etc/strongswan.d/charon/aes.conf
etc/strongswan.d/charon/attr.conf
etc/strongswan.d/charon/ccm.conf
+etc/strongswan.d/charon/chapoly.conf
etc/strongswan.d/charon/cmac.conf
etc/strongswan.d/charon/constraints.conf
etc/strongswan.d/charon/counters.conf
etc/strongswan.d/charon/pkcs8.conf
etc/strongswan.d/charon/pubkey.conf
etc/strongswan.d/charon/random.conf
-etc/strongswan.d/charon/rc2.conf
etc/strongswan.d/charon/resolve.conf
etc/strongswan.d/charon/revocation.conf
etc/strongswan.d/charon/sha1.conf
usr/lib/ipsec/plugins/libstrongswan-aes.so
usr/lib/ipsec/plugins/libstrongswan-attr.so
usr/lib/ipsec/plugins/libstrongswan-ccm.so
+usr/lib/ipsec/plugins/libstrongswan-chapoly.so
usr/lib/ipsec/plugins/libstrongswan-cmac.so
usr/lib/ipsec/plugins/libstrongswan-constraints.so
usr/lib/ipsec/plugins/libstrongswan-counters.so
usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
usr/lib/ipsec/plugins/libstrongswan-pubkey.so
usr/lib/ipsec/plugins/libstrongswan-random.so
-usr/lib/ipsec/plugins/libstrongswan-rc2.so
usr/lib/ipsec/plugins/libstrongswan-resolve.so
usr/lib/ipsec/plugins/libstrongswan-revocation.so
usr/lib/ipsec/plugins/libstrongswan-sha1.so
#usr/share/strongswan/templates/config/plugins/aes.conf
#usr/share/strongswan/templates/config/plugins/attr.conf
#usr/share/strongswan/templates/config/plugins/ccm.conf
+#usr/share/strongswan/templates/config/plugins/chapoly.conf
#usr/share/strongswan/templates/config/plugins/cmac.conf
#usr/share/strongswan/templates/config/plugins/constraints.conf
#usr/share/strongswan/templates/config/plugins/counters.conf
#usr/share/strongswan/templates/config/plugins/pkcs8.conf
#usr/share/strongswan/templates/config/plugins/pubkey.conf
#usr/share/strongswan/templates/config/plugins/random.conf
-#usr/share/strongswan/templates/config/plugins/rc2.conf
#usr/share/strongswan/templates/config/plugins/resolve.conf
#usr/share/strongswan/templates/config/plugins/revocation.conf
#usr/share/strongswan/templates/config/plugins/sha1.conf
#usr/share/zoneinfo/America/Eirunepe
#usr/share/zoneinfo/America/El_Salvador
#usr/share/zoneinfo/America/Ensenada
+#usr/share/zoneinfo/America/Fortaleza
#usr/share/zoneinfo/America/Fort_Nelson
#usr/share/zoneinfo/America/Fort_Wayne
-#usr/share/zoneinfo/America/Fortaleza
#usr/share/zoneinfo/America/Glace_Bay
#usr/share/zoneinfo/America/Godthab
#usr/share/zoneinfo/America/Goose_Bay
#usr/share/zoneinfo/America/Indiana/Knox
#usr/share/zoneinfo/America/Indiana/Marengo
#usr/share/zoneinfo/America/Indiana/Petersburg
+#usr/share/zoneinfo/America/Indianapolis
#usr/share/zoneinfo/America/Indiana/Tell_City
#usr/share/zoneinfo/America/Indiana/Vevay
#usr/share/zoneinfo/America/Indiana/Vincennes
#usr/share/zoneinfo/America/Indiana/Winamac
-#usr/share/zoneinfo/America/Indianapolis
#usr/share/zoneinfo/America/Inuvik
#usr/share/zoneinfo/America/Iqaluit
#usr/share/zoneinfo/America/Jamaica
#usr/share/zoneinfo/America/Paramaribo
#usr/share/zoneinfo/America/Phoenix
#usr/share/zoneinfo/America/Port-au-Prince
-#usr/share/zoneinfo/America/Port_of_Spain
#usr/share/zoneinfo/America/Porto_Acre
+#usr/share/zoneinfo/America/Port_of_Spain
#usr/share/zoneinfo/America/Porto_Velho
#usr/share/zoneinfo/America/Puerto_Rico
+#usr/share/zoneinfo/America/Punta_Arenas
#usr/share/zoneinfo/America/Rainy_River
#usr/share/zoneinfo/America/Rankin_Inlet
#usr/share/zoneinfo/America/Recife
#usr/share/zoneinfo/Asia/Aqtobe
#usr/share/zoneinfo/Asia/Ashgabat
#usr/share/zoneinfo/Asia/Ashkhabad
+#usr/share/zoneinfo/Asia/Atyrau
#usr/share/zoneinfo/Asia/Baghdad
#usr/share/zoneinfo/Asia/Bahrain
#usr/share/zoneinfo/Asia/Baku
#usr/share/zoneinfo/Asia/Dili
#usr/share/zoneinfo/Asia/Dubai
#usr/share/zoneinfo/Asia/Dushanbe
+#usr/share/zoneinfo/Asia/Famagusta
#usr/share/zoneinfo/Asia/Gaza
#usr/share/zoneinfo/Asia/Harbin
#usr/share/zoneinfo/Asia/Hebron
#usr/share/zoneinfo/Asia/Vientiane
#usr/share/zoneinfo/Asia/Vladivostok
#usr/share/zoneinfo/Asia/Yakutsk
+#usr/share/zoneinfo/Asia/Yangon
#usr/share/zoneinfo/Asia/Yekaterinburg
#usr/share/zoneinfo/Asia/Yerevan
#usr/share/zoneinfo/Atlantic
#usr/share/zoneinfo/Atlantic/Madeira
#usr/share/zoneinfo/Atlantic/Reykjavik
#usr/share/zoneinfo/Atlantic/South_Georgia
-#usr/share/zoneinfo/Atlantic/St_Helena
#usr/share/zoneinfo/Atlantic/Stanley
+#usr/share/zoneinfo/Atlantic/St_Helena
#usr/share/zoneinfo/Australia
#usr/share/zoneinfo/Australia/ACT
#usr/share/zoneinfo/Australia/Adelaide
#usr/share/zoneinfo/Australia/Lindeman
#usr/share/zoneinfo/Australia/Lord_Howe
#usr/share/zoneinfo/Australia/Melbourne
-#usr/share/zoneinfo/Australia/NSW
#usr/share/zoneinfo/Australia/North
+#usr/share/zoneinfo/Australia/NSW
#usr/share/zoneinfo/Australia/Perth
#usr/share/zoneinfo/Australia/Queensland
#usr/share/zoneinfo/Australia/South
#usr/share/zoneinfo/Brazil/DeNoronha
#usr/share/zoneinfo/Brazil/East
#usr/share/zoneinfo/Brazil/West
-#usr/share/zoneinfo/CET
-#usr/share/zoneinfo/CST6CDT
#usr/share/zoneinfo/Canada
#usr/share/zoneinfo/Canada/Atlantic
#usr/share/zoneinfo/Canada/Central
-#usr/share/zoneinfo/Canada/East-Saskatchewan
#usr/share/zoneinfo/Canada/Eastern
+#usr/share/zoneinfo/Canada/East-Saskatchewan
#usr/share/zoneinfo/Canada/Mountain
#usr/share/zoneinfo/Canada/Newfoundland
#usr/share/zoneinfo/Canada/Pacific
#usr/share/zoneinfo/Canada/Saskatchewan
#usr/share/zoneinfo/Canada/Yukon
+#usr/share/zoneinfo/CET
#usr/share/zoneinfo/Chile
#usr/share/zoneinfo/Chile/Continental
#usr/share/zoneinfo/Chile/EasterIsland
+#usr/share/zoneinfo/CST6CDT
#usr/share/zoneinfo/Cuba
#usr/share/zoneinfo/EET
-#usr/share/zoneinfo/EST
-#usr/share/zoneinfo/EST5EDT
#usr/share/zoneinfo/Egypt
#usr/share/zoneinfo/Eire
+#usr/share/zoneinfo/EST
+#usr/share/zoneinfo/EST5EDT
#usr/share/zoneinfo/Etc
#usr/share/zoneinfo/Etc/GMT
-#usr/share/zoneinfo/Etc/GMT+0
-#usr/share/zoneinfo/Etc/GMT+1
-#usr/share/zoneinfo/Etc/GMT+10
-#usr/share/zoneinfo/Etc/GMT+11
-#usr/share/zoneinfo/Etc/GMT+12
-#usr/share/zoneinfo/Etc/GMT+2
-#usr/share/zoneinfo/Etc/GMT+3
-#usr/share/zoneinfo/Etc/GMT+4
-#usr/share/zoneinfo/Etc/GMT+5
-#usr/share/zoneinfo/Etc/GMT+6
-#usr/share/zoneinfo/Etc/GMT+7
-#usr/share/zoneinfo/Etc/GMT+8
-#usr/share/zoneinfo/Etc/GMT+9
+#usr/share/zoneinfo/Etc/GMT0
#usr/share/zoneinfo/Etc/GMT-0
+#usr/share/zoneinfo/Etc/GMT+0
#usr/share/zoneinfo/Etc/GMT-1
+#usr/share/zoneinfo/Etc/GMT+1
#usr/share/zoneinfo/Etc/GMT-10
+#usr/share/zoneinfo/Etc/GMT+10
#usr/share/zoneinfo/Etc/GMT-11
+#usr/share/zoneinfo/Etc/GMT+11
#usr/share/zoneinfo/Etc/GMT-12
+#usr/share/zoneinfo/Etc/GMT+12
#usr/share/zoneinfo/Etc/GMT-13
#usr/share/zoneinfo/Etc/GMT-14
#usr/share/zoneinfo/Etc/GMT-2
+#usr/share/zoneinfo/Etc/GMT+2
#usr/share/zoneinfo/Etc/GMT-3
+#usr/share/zoneinfo/Etc/GMT+3
#usr/share/zoneinfo/Etc/GMT-4
+#usr/share/zoneinfo/Etc/GMT+4
#usr/share/zoneinfo/Etc/GMT-5
+#usr/share/zoneinfo/Etc/GMT+5
#usr/share/zoneinfo/Etc/GMT-6
+#usr/share/zoneinfo/Etc/GMT+6
#usr/share/zoneinfo/Etc/GMT-7
+#usr/share/zoneinfo/Etc/GMT+7
#usr/share/zoneinfo/Etc/GMT-8
+#usr/share/zoneinfo/Etc/GMT+8
#usr/share/zoneinfo/Etc/GMT-9
-#usr/share/zoneinfo/Etc/GMT0
+#usr/share/zoneinfo/Etc/GMT+9
#usr/share/zoneinfo/Etc/Greenwich
#usr/share/zoneinfo/Etc/UCT
-#usr/share/zoneinfo/Etc/UTC
#usr/share/zoneinfo/Etc/Universal
+#usr/share/zoneinfo/Etc/UTC
#usr/share/zoneinfo/Etc/Zulu
#usr/share/zoneinfo/Europe
#usr/share/zoneinfo/Europe/Amsterdam
#usr/share/zoneinfo/Europe/Samara
#usr/share/zoneinfo/Europe/San_Marino
#usr/share/zoneinfo/Europe/Sarajevo
+#usr/share/zoneinfo/Europe/Saratov
#usr/share/zoneinfo/Europe/Simferopol
#usr/share/zoneinfo/Europe/Skopje
#usr/share/zoneinfo/Europe/Sofia
#usr/share/zoneinfo/GB
#usr/share/zoneinfo/GB-Eire
#usr/share/zoneinfo/GMT
-#usr/share/zoneinfo/GMT+0
-#usr/share/zoneinfo/GMT-0
#usr/share/zoneinfo/GMT0
+#usr/share/zoneinfo/GMT-0
+#usr/share/zoneinfo/GMT+0
#usr/share/zoneinfo/Greenwich
-#usr/share/zoneinfo/HST
#usr/share/zoneinfo/Hongkong
+#usr/share/zoneinfo/HST
#usr/share/zoneinfo/Iceland
#usr/share/zoneinfo/Indian
#usr/share/zoneinfo/Indian/Antananarivo
#usr/share/zoneinfo/Indian/Mayotte
#usr/share/zoneinfo/Indian/Reunion
#usr/share/zoneinfo/Iran
+#usr/share/zoneinfo/iso3166.tab
#usr/share/zoneinfo/Israel
#usr/share/zoneinfo/Jamaica
#usr/share/zoneinfo/Japan
#usr/share/zoneinfo/Kwajalein
#usr/share/zoneinfo/Libya
#usr/share/zoneinfo/MET
-#usr/share/zoneinfo/MST
-#usr/share/zoneinfo/MST7MDT
#usr/share/zoneinfo/Mexico
#usr/share/zoneinfo/Mexico/BajaNorte
#usr/share/zoneinfo/Mexico/BajaSur
#usr/share/zoneinfo/Mexico/General
+#usr/share/zoneinfo/MST
+#usr/share/zoneinfo/MST7MDT
+#usr/share/zoneinfo/Navajo
#usr/share/zoneinfo/NZ
#usr/share/zoneinfo/NZ-CHAT
-#usr/share/zoneinfo/Navajo
-#usr/share/zoneinfo/PRC
-#usr/share/zoneinfo/PST8PDT
#usr/share/zoneinfo/Pacific
#usr/share/zoneinfo/Pacific/Apia
#usr/share/zoneinfo/Pacific/Auckland
#usr/share/zoneinfo/Pacific/Yap
#usr/share/zoneinfo/Poland
#usr/share/zoneinfo/Portugal
-#usr/share/zoneinfo/ROC
-#usr/share/zoneinfo/ROK
-#usr/share/zoneinfo/Singapore
-#usr/share/zoneinfo/Turkey
-#usr/share/zoneinfo/UCT
-#usr/share/zoneinfo/US
-#usr/share/zoneinfo/US/Alaska
-#usr/share/zoneinfo/US/Aleutian
-#usr/share/zoneinfo/US/Arizona
-#usr/share/zoneinfo/US/Central
-#usr/share/zoneinfo/US/East-Indiana
-#usr/share/zoneinfo/US/Eastern
-#usr/share/zoneinfo/US/Hawaii
-#usr/share/zoneinfo/US/Indiana-Starke
-#usr/share/zoneinfo/US/Michigan
-#usr/share/zoneinfo/US/Mountain
-#usr/share/zoneinfo/US/Pacific
-#usr/share/zoneinfo/US/Pacific-New
-#usr/share/zoneinfo/US/Samoa
-#usr/share/zoneinfo/UTC
-#usr/share/zoneinfo/Universal
-#usr/share/zoneinfo/W-SU
-#usr/share/zoneinfo/WET
-#usr/share/zoneinfo/Zulu
-#usr/share/zoneinfo/iso3166.tab
#usr/share/zoneinfo/posix
#usr/share/zoneinfo/posix/Africa
#usr/share/zoneinfo/posix/Africa/Abidjan
#usr/share/zoneinfo/posix/America/Eirunepe
#usr/share/zoneinfo/posix/America/El_Salvador
#usr/share/zoneinfo/posix/America/Ensenada
+#usr/share/zoneinfo/posix/America/Fortaleza
#usr/share/zoneinfo/posix/America/Fort_Nelson
#usr/share/zoneinfo/posix/America/Fort_Wayne
-#usr/share/zoneinfo/posix/America/Fortaleza
#usr/share/zoneinfo/posix/America/Glace_Bay
#usr/share/zoneinfo/posix/America/Godthab
#usr/share/zoneinfo/posix/America/Goose_Bay
#usr/share/zoneinfo/posix/America/Indiana/Knox
#usr/share/zoneinfo/posix/America/Indiana/Marengo
#usr/share/zoneinfo/posix/America/Indiana/Petersburg
+#usr/share/zoneinfo/posix/America/Indianapolis
#usr/share/zoneinfo/posix/America/Indiana/Tell_City
#usr/share/zoneinfo/posix/America/Indiana/Vevay
#usr/share/zoneinfo/posix/America/Indiana/Vincennes
#usr/share/zoneinfo/posix/America/Indiana/Winamac
-#usr/share/zoneinfo/posix/America/Indianapolis
#usr/share/zoneinfo/posix/America/Inuvik
#usr/share/zoneinfo/posix/America/Iqaluit
#usr/share/zoneinfo/posix/America/Jamaica
#usr/share/zoneinfo/posix/America/Paramaribo
#usr/share/zoneinfo/posix/America/Phoenix
#usr/share/zoneinfo/posix/America/Port-au-Prince
-#usr/share/zoneinfo/posix/America/Port_of_Spain
#usr/share/zoneinfo/posix/America/Porto_Acre
+#usr/share/zoneinfo/posix/America/Port_of_Spain
#usr/share/zoneinfo/posix/America/Porto_Velho
#usr/share/zoneinfo/posix/America/Puerto_Rico
+#usr/share/zoneinfo/posix/America/Punta_Arenas
#usr/share/zoneinfo/posix/America/Rainy_River
#usr/share/zoneinfo/posix/America/Rankin_Inlet
#usr/share/zoneinfo/posix/America/Recife
#usr/share/zoneinfo/posix/Asia/Aqtobe
#usr/share/zoneinfo/posix/Asia/Ashgabat
#usr/share/zoneinfo/posix/Asia/Ashkhabad
+#usr/share/zoneinfo/posix/Asia/Atyrau
#usr/share/zoneinfo/posix/Asia/Baghdad
#usr/share/zoneinfo/posix/Asia/Bahrain
#usr/share/zoneinfo/posix/Asia/Baku
#usr/share/zoneinfo/posix/Asia/Dili
#usr/share/zoneinfo/posix/Asia/Dubai
#usr/share/zoneinfo/posix/Asia/Dushanbe
+#usr/share/zoneinfo/posix/Asia/Famagusta
#usr/share/zoneinfo/posix/Asia/Gaza
#usr/share/zoneinfo/posix/Asia/Harbin
#usr/share/zoneinfo/posix/Asia/Hebron
#usr/share/zoneinfo/posix/Asia/Vientiane
#usr/share/zoneinfo/posix/Asia/Vladivostok
#usr/share/zoneinfo/posix/Asia/Yakutsk
+#usr/share/zoneinfo/posix/Asia/Yangon
#usr/share/zoneinfo/posix/Asia/Yekaterinburg
#usr/share/zoneinfo/posix/Asia/Yerevan
#usr/share/zoneinfo/posix/Atlantic
#usr/share/zoneinfo/posix/Atlantic/Madeira
#usr/share/zoneinfo/posix/Atlantic/Reykjavik
#usr/share/zoneinfo/posix/Atlantic/South_Georgia
-#usr/share/zoneinfo/posix/Atlantic/St_Helena
#usr/share/zoneinfo/posix/Atlantic/Stanley
+#usr/share/zoneinfo/posix/Atlantic/St_Helena
#usr/share/zoneinfo/posix/Australia
#usr/share/zoneinfo/posix/Australia/ACT
#usr/share/zoneinfo/posix/Australia/Adelaide
#usr/share/zoneinfo/posix/Australia/Lindeman
#usr/share/zoneinfo/posix/Australia/Lord_Howe
#usr/share/zoneinfo/posix/Australia/Melbourne
-#usr/share/zoneinfo/posix/Australia/NSW
#usr/share/zoneinfo/posix/Australia/North
+#usr/share/zoneinfo/posix/Australia/NSW
#usr/share/zoneinfo/posix/Australia/Perth
#usr/share/zoneinfo/posix/Australia/Queensland
#usr/share/zoneinfo/posix/Australia/South
#usr/share/zoneinfo/posix/Brazil/DeNoronha
#usr/share/zoneinfo/posix/Brazil/East
#usr/share/zoneinfo/posix/Brazil/West
-#usr/share/zoneinfo/posix/CET
-#usr/share/zoneinfo/posix/CST6CDT
#usr/share/zoneinfo/posix/Canada
#usr/share/zoneinfo/posix/Canada/Atlantic
#usr/share/zoneinfo/posix/Canada/Central
-#usr/share/zoneinfo/posix/Canada/East-Saskatchewan
#usr/share/zoneinfo/posix/Canada/Eastern
+#usr/share/zoneinfo/posix/Canada/East-Saskatchewan
#usr/share/zoneinfo/posix/Canada/Mountain
#usr/share/zoneinfo/posix/Canada/Newfoundland
#usr/share/zoneinfo/posix/Canada/Pacific
#usr/share/zoneinfo/posix/Canada/Saskatchewan
#usr/share/zoneinfo/posix/Canada/Yukon
+#usr/share/zoneinfo/posix/CET
#usr/share/zoneinfo/posix/Chile
#usr/share/zoneinfo/posix/Chile/Continental
#usr/share/zoneinfo/posix/Chile/EasterIsland
+#usr/share/zoneinfo/posix/CST6CDT
#usr/share/zoneinfo/posix/Cuba
#usr/share/zoneinfo/posix/EET
-#usr/share/zoneinfo/posix/EST
-#usr/share/zoneinfo/posix/EST5EDT
#usr/share/zoneinfo/posix/Egypt
#usr/share/zoneinfo/posix/Eire
+#usr/share/zoneinfo/posix/EST
+#usr/share/zoneinfo/posix/EST5EDT
#usr/share/zoneinfo/posix/Etc
#usr/share/zoneinfo/posix/Etc/GMT
-#usr/share/zoneinfo/posix/Etc/GMT+0
-#usr/share/zoneinfo/posix/Etc/GMT+1
-#usr/share/zoneinfo/posix/Etc/GMT+10
-#usr/share/zoneinfo/posix/Etc/GMT+11
-#usr/share/zoneinfo/posix/Etc/GMT+12
-#usr/share/zoneinfo/posix/Etc/GMT+2
-#usr/share/zoneinfo/posix/Etc/GMT+3
-#usr/share/zoneinfo/posix/Etc/GMT+4
-#usr/share/zoneinfo/posix/Etc/GMT+5
-#usr/share/zoneinfo/posix/Etc/GMT+6
-#usr/share/zoneinfo/posix/Etc/GMT+7
-#usr/share/zoneinfo/posix/Etc/GMT+8
-#usr/share/zoneinfo/posix/Etc/GMT+9
+#usr/share/zoneinfo/posix/Etc/GMT0
#usr/share/zoneinfo/posix/Etc/GMT-0
+#usr/share/zoneinfo/posix/Etc/GMT+0
#usr/share/zoneinfo/posix/Etc/GMT-1
+#usr/share/zoneinfo/posix/Etc/GMT+1
#usr/share/zoneinfo/posix/Etc/GMT-10
+#usr/share/zoneinfo/posix/Etc/GMT+10
#usr/share/zoneinfo/posix/Etc/GMT-11
+#usr/share/zoneinfo/posix/Etc/GMT+11
#usr/share/zoneinfo/posix/Etc/GMT-12
+#usr/share/zoneinfo/posix/Etc/GMT+12
#usr/share/zoneinfo/posix/Etc/GMT-13
#usr/share/zoneinfo/posix/Etc/GMT-14
#usr/share/zoneinfo/posix/Etc/GMT-2
+#usr/share/zoneinfo/posix/Etc/GMT+2
#usr/share/zoneinfo/posix/Etc/GMT-3
+#usr/share/zoneinfo/posix/Etc/GMT+3
#usr/share/zoneinfo/posix/Etc/GMT-4
+#usr/share/zoneinfo/posix/Etc/GMT+4
#usr/share/zoneinfo/posix/Etc/GMT-5
+#usr/share/zoneinfo/posix/Etc/GMT+5
#usr/share/zoneinfo/posix/Etc/GMT-6
+#usr/share/zoneinfo/posix/Etc/GMT+6
#usr/share/zoneinfo/posix/Etc/GMT-7
+#usr/share/zoneinfo/posix/Etc/GMT+7
#usr/share/zoneinfo/posix/Etc/GMT-8
+#usr/share/zoneinfo/posix/Etc/GMT+8
#usr/share/zoneinfo/posix/Etc/GMT-9
-#usr/share/zoneinfo/posix/Etc/GMT0
+#usr/share/zoneinfo/posix/Etc/GMT+9
#usr/share/zoneinfo/posix/Etc/Greenwich
#usr/share/zoneinfo/posix/Etc/UCT
-#usr/share/zoneinfo/posix/Etc/UTC
#usr/share/zoneinfo/posix/Etc/Universal
+#usr/share/zoneinfo/posix/Etc/UTC
#usr/share/zoneinfo/posix/Etc/Zulu
#usr/share/zoneinfo/posix/Europe
#usr/share/zoneinfo/posix/Europe/Amsterdam
#usr/share/zoneinfo/posix/Europe/Samara
#usr/share/zoneinfo/posix/Europe/San_Marino
#usr/share/zoneinfo/posix/Europe/Sarajevo
+#usr/share/zoneinfo/posix/Europe/Saratov
#usr/share/zoneinfo/posix/Europe/Simferopol
#usr/share/zoneinfo/posix/Europe/Skopje
#usr/share/zoneinfo/posix/Europe/Sofia
#usr/share/zoneinfo/posix/GB
#usr/share/zoneinfo/posix/GB-Eire
#usr/share/zoneinfo/posix/GMT
-#usr/share/zoneinfo/posix/GMT+0
-#usr/share/zoneinfo/posix/GMT-0
#usr/share/zoneinfo/posix/GMT0
+#usr/share/zoneinfo/posix/GMT-0
+#usr/share/zoneinfo/posix/GMT+0
#usr/share/zoneinfo/posix/Greenwich
-#usr/share/zoneinfo/posix/HST
#usr/share/zoneinfo/posix/Hongkong
+#usr/share/zoneinfo/posix/HST
#usr/share/zoneinfo/posix/Iceland
#usr/share/zoneinfo/posix/Indian
#usr/share/zoneinfo/posix/Indian/Antananarivo
#usr/share/zoneinfo/posix/Kwajalein
#usr/share/zoneinfo/posix/Libya
#usr/share/zoneinfo/posix/MET
-#usr/share/zoneinfo/posix/MST
-#usr/share/zoneinfo/posix/MST7MDT
#usr/share/zoneinfo/posix/Mexico
#usr/share/zoneinfo/posix/Mexico/BajaNorte
#usr/share/zoneinfo/posix/Mexico/BajaSur
#usr/share/zoneinfo/posix/Mexico/General
+#usr/share/zoneinfo/posix/MST
+#usr/share/zoneinfo/posix/MST7MDT
+#usr/share/zoneinfo/posix/Navajo
#usr/share/zoneinfo/posix/NZ
#usr/share/zoneinfo/posix/NZ-CHAT
-#usr/share/zoneinfo/posix/Navajo
-#usr/share/zoneinfo/posix/PRC
-#usr/share/zoneinfo/posix/PST8PDT
#usr/share/zoneinfo/posix/Pacific
#usr/share/zoneinfo/posix/Pacific/Apia
#usr/share/zoneinfo/posix/Pacific/Auckland
#usr/share/zoneinfo/posix/Pacific/Yap
#usr/share/zoneinfo/posix/Poland
#usr/share/zoneinfo/posix/Portugal
+#usr/share/zoneinfo/posix/PRC
+#usr/share/zoneinfo/posix/PST8PDT
#usr/share/zoneinfo/posix/ROC
#usr/share/zoneinfo/posix/ROK
+#usr/share/zoneinfo/posixrules
#usr/share/zoneinfo/posix/Singapore
#usr/share/zoneinfo/posix/Turkey
#usr/share/zoneinfo/posix/UCT
+#usr/share/zoneinfo/posix/Universal
#usr/share/zoneinfo/posix/US
#usr/share/zoneinfo/posix/US/Alaska
#usr/share/zoneinfo/posix/US/Aleutian
#usr/share/zoneinfo/posix/US/Arizona
#usr/share/zoneinfo/posix/US/Central
-#usr/share/zoneinfo/posix/US/East-Indiana
#usr/share/zoneinfo/posix/US/Eastern
+#usr/share/zoneinfo/posix/US/East-Indiana
#usr/share/zoneinfo/posix/US/Hawaii
#usr/share/zoneinfo/posix/US/Indiana-Starke
#usr/share/zoneinfo/posix/US/Michigan
#usr/share/zoneinfo/posix/US/Pacific-New
#usr/share/zoneinfo/posix/US/Samoa
#usr/share/zoneinfo/posix/UTC
-#usr/share/zoneinfo/posix/Universal
-#usr/share/zoneinfo/posix/W-SU
#usr/share/zoneinfo/posix/WET
+#usr/share/zoneinfo/posix/W-SU
#usr/share/zoneinfo/posix/Zulu
-#usr/share/zoneinfo/posixrules
+#usr/share/zoneinfo/PRC
+#usr/share/zoneinfo/PST8PDT
#usr/share/zoneinfo/right
#usr/share/zoneinfo/right/Africa
#usr/share/zoneinfo/right/Africa/Abidjan
#usr/share/zoneinfo/right/America/Eirunepe
#usr/share/zoneinfo/right/America/El_Salvador
#usr/share/zoneinfo/right/America/Ensenada
+#usr/share/zoneinfo/right/America/Fortaleza
#usr/share/zoneinfo/right/America/Fort_Nelson
#usr/share/zoneinfo/right/America/Fort_Wayne
-#usr/share/zoneinfo/right/America/Fortaleza
#usr/share/zoneinfo/right/America/Glace_Bay
#usr/share/zoneinfo/right/America/Godthab
#usr/share/zoneinfo/right/America/Goose_Bay
#usr/share/zoneinfo/right/America/Indiana/Knox
#usr/share/zoneinfo/right/America/Indiana/Marengo
#usr/share/zoneinfo/right/America/Indiana/Petersburg
+#usr/share/zoneinfo/right/America/Indianapolis
#usr/share/zoneinfo/right/America/Indiana/Tell_City
#usr/share/zoneinfo/right/America/Indiana/Vevay
#usr/share/zoneinfo/right/America/Indiana/Vincennes
#usr/share/zoneinfo/right/America/Indiana/Winamac
-#usr/share/zoneinfo/right/America/Indianapolis
#usr/share/zoneinfo/right/America/Inuvik
#usr/share/zoneinfo/right/America/Iqaluit
#usr/share/zoneinfo/right/America/Jamaica
#usr/share/zoneinfo/right/America/Paramaribo
#usr/share/zoneinfo/right/America/Phoenix
#usr/share/zoneinfo/right/America/Port-au-Prince
-#usr/share/zoneinfo/right/America/Port_of_Spain
#usr/share/zoneinfo/right/America/Porto_Acre
+#usr/share/zoneinfo/right/America/Port_of_Spain
#usr/share/zoneinfo/right/America/Porto_Velho
#usr/share/zoneinfo/right/America/Puerto_Rico
+#usr/share/zoneinfo/right/America/Punta_Arenas
#usr/share/zoneinfo/right/America/Rainy_River
#usr/share/zoneinfo/right/America/Rankin_Inlet
#usr/share/zoneinfo/right/America/Recife
#usr/share/zoneinfo/right/Asia/Aqtobe
#usr/share/zoneinfo/right/Asia/Ashgabat
#usr/share/zoneinfo/right/Asia/Ashkhabad
+#usr/share/zoneinfo/right/Asia/Atyrau
#usr/share/zoneinfo/right/Asia/Baghdad
#usr/share/zoneinfo/right/Asia/Bahrain
#usr/share/zoneinfo/right/Asia/Baku
#usr/share/zoneinfo/right/Asia/Dili
#usr/share/zoneinfo/right/Asia/Dubai
#usr/share/zoneinfo/right/Asia/Dushanbe
+#usr/share/zoneinfo/right/Asia/Famagusta
#usr/share/zoneinfo/right/Asia/Gaza
#usr/share/zoneinfo/right/Asia/Harbin
#usr/share/zoneinfo/right/Asia/Hebron
#usr/share/zoneinfo/right/Asia/Vientiane
#usr/share/zoneinfo/right/Asia/Vladivostok
#usr/share/zoneinfo/right/Asia/Yakutsk
+#usr/share/zoneinfo/right/Asia/Yangon
#usr/share/zoneinfo/right/Asia/Yekaterinburg
#usr/share/zoneinfo/right/Asia/Yerevan
#usr/share/zoneinfo/right/Atlantic
#usr/share/zoneinfo/right/Atlantic/Madeira
#usr/share/zoneinfo/right/Atlantic/Reykjavik
#usr/share/zoneinfo/right/Atlantic/South_Georgia
-#usr/share/zoneinfo/right/Atlantic/St_Helena
#usr/share/zoneinfo/right/Atlantic/Stanley
+#usr/share/zoneinfo/right/Atlantic/St_Helena
#usr/share/zoneinfo/right/Australia
#usr/share/zoneinfo/right/Australia/ACT
#usr/share/zoneinfo/right/Australia/Adelaide
#usr/share/zoneinfo/right/Australia/Lindeman
#usr/share/zoneinfo/right/Australia/Lord_Howe
#usr/share/zoneinfo/right/Australia/Melbourne
-#usr/share/zoneinfo/right/Australia/NSW
#usr/share/zoneinfo/right/Australia/North
+#usr/share/zoneinfo/right/Australia/NSW
#usr/share/zoneinfo/right/Australia/Perth
#usr/share/zoneinfo/right/Australia/Queensland
#usr/share/zoneinfo/right/Australia/South
#usr/share/zoneinfo/right/Brazil/DeNoronha
#usr/share/zoneinfo/right/Brazil/East
#usr/share/zoneinfo/right/Brazil/West
-#usr/share/zoneinfo/right/CET
-#usr/share/zoneinfo/right/CST6CDT
#usr/share/zoneinfo/right/Canada
#usr/share/zoneinfo/right/Canada/Atlantic
#usr/share/zoneinfo/right/Canada/Central
-#usr/share/zoneinfo/right/Canada/East-Saskatchewan
#usr/share/zoneinfo/right/Canada/Eastern
+#usr/share/zoneinfo/right/Canada/East-Saskatchewan
#usr/share/zoneinfo/right/Canada/Mountain
#usr/share/zoneinfo/right/Canada/Newfoundland
#usr/share/zoneinfo/right/Canada/Pacific
#usr/share/zoneinfo/right/Canada/Saskatchewan
#usr/share/zoneinfo/right/Canada/Yukon
+#usr/share/zoneinfo/right/CET
#usr/share/zoneinfo/right/Chile
#usr/share/zoneinfo/right/Chile/Continental
#usr/share/zoneinfo/right/Chile/EasterIsland
+#usr/share/zoneinfo/right/CST6CDT
#usr/share/zoneinfo/right/Cuba
#usr/share/zoneinfo/right/EET
-#usr/share/zoneinfo/right/EST
-#usr/share/zoneinfo/right/EST5EDT
#usr/share/zoneinfo/right/Egypt
#usr/share/zoneinfo/right/Eire
+#usr/share/zoneinfo/right/EST
+#usr/share/zoneinfo/right/EST5EDT
#usr/share/zoneinfo/right/Etc
#usr/share/zoneinfo/right/Etc/GMT
-#usr/share/zoneinfo/right/Etc/GMT+0
-#usr/share/zoneinfo/right/Etc/GMT+1
-#usr/share/zoneinfo/right/Etc/GMT+10
-#usr/share/zoneinfo/right/Etc/GMT+11
-#usr/share/zoneinfo/right/Etc/GMT+12
-#usr/share/zoneinfo/right/Etc/GMT+2
-#usr/share/zoneinfo/right/Etc/GMT+3
-#usr/share/zoneinfo/right/Etc/GMT+4
-#usr/share/zoneinfo/right/Etc/GMT+5
-#usr/share/zoneinfo/right/Etc/GMT+6
-#usr/share/zoneinfo/right/Etc/GMT+7
-#usr/share/zoneinfo/right/Etc/GMT+8
-#usr/share/zoneinfo/right/Etc/GMT+9
+#usr/share/zoneinfo/right/Etc/GMT0
#usr/share/zoneinfo/right/Etc/GMT-0
+#usr/share/zoneinfo/right/Etc/GMT+0
#usr/share/zoneinfo/right/Etc/GMT-1
+#usr/share/zoneinfo/right/Etc/GMT+1
#usr/share/zoneinfo/right/Etc/GMT-10
+#usr/share/zoneinfo/right/Etc/GMT+10
#usr/share/zoneinfo/right/Etc/GMT-11
+#usr/share/zoneinfo/right/Etc/GMT+11
#usr/share/zoneinfo/right/Etc/GMT-12
+#usr/share/zoneinfo/right/Etc/GMT+12
#usr/share/zoneinfo/right/Etc/GMT-13
#usr/share/zoneinfo/right/Etc/GMT-14
#usr/share/zoneinfo/right/Etc/GMT-2
+#usr/share/zoneinfo/right/Etc/GMT+2
#usr/share/zoneinfo/right/Etc/GMT-3
+#usr/share/zoneinfo/right/Etc/GMT+3
#usr/share/zoneinfo/right/Etc/GMT-4
+#usr/share/zoneinfo/right/Etc/GMT+4
#usr/share/zoneinfo/right/Etc/GMT-5
+#usr/share/zoneinfo/right/Etc/GMT+5
#usr/share/zoneinfo/right/Etc/GMT-6
+#usr/share/zoneinfo/right/Etc/GMT+6
#usr/share/zoneinfo/right/Etc/GMT-7
+#usr/share/zoneinfo/right/Etc/GMT+7
#usr/share/zoneinfo/right/Etc/GMT-8
+#usr/share/zoneinfo/right/Etc/GMT+8
#usr/share/zoneinfo/right/Etc/GMT-9
-#usr/share/zoneinfo/right/Etc/GMT0
+#usr/share/zoneinfo/right/Etc/GMT+9
#usr/share/zoneinfo/right/Etc/Greenwich
#usr/share/zoneinfo/right/Etc/UCT
-#usr/share/zoneinfo/right/Etc/UTC
#usr/share/zoneinfo/right/Etc/Universal
+#usr/share/zoneinfo/right/Etc/UTC
#usr/share/zoneinfo/right/Etc/Zulu
#usr/share/zoneinfo/right/Europe
#usr/share/zoneinfo/right/Europe/Amsterdam
#usr/share/zoneinfo/right/Europe/Samara
#usr/share/zoneinfo/right/Europe/San_Marino
#usr/share/zoneinfo/right/Europe/Sarajevo
+#usr/share/zoneinfo/right/Europe/Saratov
#usr/share/zoneinfo/right/Europe/Simferopol
#usr/share/zoneinfo/right/Europe/Skopje
#usr/share/zoneinfo/right/Europe/Sofia
#usr/share/zoneinfo/right/GB
#usr/share/zoneinfo/right/GB-Eire
#usr/share/zoneinfo/right/GMT
-#usr/share/zoneinfo/right/GMT+0
-#usr/share/zoneinfo/right/GMT-0
#usr/share/zoneinfo/right/GMT0
+#usr/share/zoneinfo/right/GMT-0
+#usr/share/zoneinfo/right/GMT+0
#usr/share/zoneinfo/right/Greenwich
-#usr/share/zoneinfo/right/HST
#usr/share/zoneinfo/right/Hongkong
+#usr/share/zoneinfo/right/HST
#usr/share/zoneinfo/right/Iceland
#usr/share/zoneinfo/right/Indian
#usr/share/zoneinfo/right/Indian/Antananarivo
#usr/share/zoneinfo/right/Kwajalein
#usr/share/zoneinfo/right/Libya
#usr/share/zoneinfo/right/MET
-#usr/share/zoneinfo/right/MST
-#usr/share/zoneinfo/right/MST7MDT
#usr/share/zoneinfo/right/Mexico
#usr/share/zoneinfo/right/Mexico/BajaNorte
#usr/share/zoneinfo/right/Mexico/BajaSur
#usr/share/zoneinfo/right/Mexico/General
+#usr/share/zoneinfo/right/MST
+#usr/share/zoneinfo/right/MST7MDT
+#usr/share/zoneinfo/right/Navajo
#usr/share/zoneinfo/right/NZ
#usr/share/zoneinfo/right/NZ-CHAT
-#usr/share/zoneinfo/right/Navajo
-#usr/share/zoneinfo/right/PRC
-#usr/share/zoneinfo/right/PST8PDT
#usr/share/zoneinfo/right/Pacific
#usr/share/zoneinfo/right/Pacific/Apia
#usr/share/zoneinfo/right/Pacific/Auckland
#usr/share/zoneinfo/right/Pacific/Yap
#usr/share/zoneinfo/right/Poland
#usr/share/zoneinfo/right/Portugal
+#usr/share/zoneinfo/right/PRC
+#usr/share/zoneinfo/right/PST8PDT
#usr/share/zoneinfo/right/ROC
#usr/share/zoneinfo/right/ROK
#usr/share/zoneinfo/right/Singapore
#usr/share/zoneinfo/right/Turkey
#usr/share/zoneinfo/right/UCT
+#usr/share/zoneinfo/right/Universal
#usr/share/zoneinfo/right/US
#usr/share/zoneinfo/right/US/Alaska
#usr/share/zoneinfo/right/US/Aleutian
#usr/share/zoneinfo/right/US/Arizona
#usr/share/zoneinfo/right/US/Central
-#usr/share/zoneinfo/right/US/East-Indiana
#usr/share/zoneinfo/right/US/Eastern
+#usr/share/zoneinfo/right/US/East-Indiana
#usr/share/zoneinfo/right/US/Hawaii
#usr/share/zoneinfo/right/US/Indiana-Starke
#usr/share/zoneinfo/right/US/Michigan
#usr/share/zoneinfo/right/US/Pacific-New
#usr/share/zoneinfo/right/US/Samoa
#usr/share/zoneinfo/right/UTC
-#usr/share/zoneinfo/right/Universal
-#usr/share/zoneinfo/right/W-SU
#usr/share/zoneinfo/right/WET
+#usr/share/zoneinfo/right/W-SU
#usr/share/zoneinfo/right/Zulu
+#usr/share/zoneinfo/ROC
+#usr/share/zoneinfo/ROK
+#usr/share/zoneinfo/Singapore
+#usr/share/zoneinfo/Turkey
+#usr/share/zoneinfo/UCT
+#usr/share/zoneinfo/Universal
+#usr/share/zoneinfo/US
+#usr/share/zoneinfo/US/Alaska
+#usr/share/zoneinfo/US/Aleutian
+#usr/share/zoneinfo/US/Arizona
+#usr/share/zoneinfo/US/Central
+#usr/share/zoneinfo/US/Eastern
+#usr/share/zoneinfo/US/East-Indiana
+#usr/share/zoneinfo/US/Hawaii
+#usr/share/zoneinfo/US/Indiana-Starke
+#usr/share/zoneinfo/US/Michigan
+#usr/share/zoneinfo/US/Mountain
+#usr/share/zoneinfo/US/Pacific
+#usr/share/zoneinfo/US/Pacific-New
+#usr/share/zoneinfo/US/Samoa
+#usr/share/zoneinfo/UTC
+#usr/share/zoneinfo/WET
+#usr/share/zoneinfo/W-SU
#usr/share/zoneinfo/zone.tab
+#usr/share/zoneinfo/Zulu
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.2
-usr/lib/libunbound.so.2.5.9
+usr/lib/libunbound.so.2.5.11
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
+++ /dev/null
-../../../../common/aarch64/linux-initrd-multi
\ No newline at end of file
+++ /dev/null
-../../../../common/aarch64/linux-multi
\ No newline at end of file
+++ /dev/null
-../../../../common/aarch64/rpi-firmware
\ No newline at end of file
+++ /dev/null
-../../../../common/aarch64/u-boot
\ No newline at end of file
+++ /dev/null
-../../../../common/aarch64/u-boot-mkimage
\ No newline at end of file
--- /dev/null
+../../../common/conntrack-tools
\ No newline at end of file
--- /dev/null
+../../../common/coreutils
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+etc/rc.d/helper/aws-setup
+etc/rc.d/init.d/aws
+etc/rc.d/rcsysinit.d/S74aws
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/sbin/dhclient
+var/ipfire/backup/exclude
+var/ipfire/langs
+var/ipfire/aws-functions.pl
+var/ipfire/header.pl
+var/ipfire/general-functions.pl
--- /dev/null
+../../../common/gnupg
\ No newline at end of file
--- /dev/null
+../../../common/iana-etc
\ No newline at end of file
--- /dev/null
+../../../common/ipset
\ No newline at end of file
--- /dev/null
+../../../common/iptables
\ No newline at end of file
--- /dev/null
+../../../common/libgcrypt
\ No newline at end of file
--- /dev/null
+../../../common/nss-myhostname
\ No newline at end of file
--- /dev/null
+../../../common/strongswan
\ No newline at end of file
--- /dev/null
+../../../common/tzdata
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2017 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=123
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# Extract files
+extract_files
+
+# move exec random initskript earlier
+mv /etc/rc.d/rc3.d/S??random /etc/rc.d/rc3.d/S00random
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/unbound restart
+
+# This update needs a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
+
--- /dev/null
+../../../../common/armv5tel/linux-initrd-rpi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file
--- /dev/null
+../../../common/unbound
\ No newline at end of file
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/acpid
\ No newline at end of file
--- /dev/null
+../../../common/apache2
\ No newline at end of file
--- /dev/null
+../../../common/apr
\ No newline at end of file
--- /dev/null
+../../../common/aprutil
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/rpi-firmware
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/u-boot
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/u-boot-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/u-boot-mkimage
\ No newline at end of file
--- /dev/null
+../../../common/beep
\ No newline at end of file
--- /dev/null
+../../../common/cmake
\ No newline at end of file
--- /dev/null
+../../../common/crda
\ No newline at end of file
--- /dev/null
+../../../common/dhcp
\ No newline at end of file
--- /dev/null
+../../../common/flex
\ No newline at end of file
--- /dev/null
+../../../../common/i586/grub
\ No newline at end of file
--- /dev/null
+../../../../common/i586/intel-microcode
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../common/iw
\ No newline at end of file
--- /dev/null
+../../../common/jwhois
\ No newline at end of file
--- /dev/null
+../../../common/libidn
\ No newline at end of file
--- /dev/null
+../../../common/multipath-tools
\ No newline at end of file
--- /dev/null
+../../../common/pcre
\ No newline at end of file
--- /dev/null
+../../../common/tar
\ No newline at end of file
--- /dev/null
+../../../common/unbound
\ No newline at end of file
--- /dev/null
+../../../common/wget
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/grub
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/intel-microcode
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux-initrd
\ No newline at end of file
#usr/bin/statgrab-make-mrtg-config
#usr/bin/statgrab-make-mrtg-index
#usr/include/statgrab.h
-#usr/include/statgrab_deprecated.h
#usr/lib/libstatgrab.a
#usr/lib/libstatgrab.la
#usr/lib/libstatgrab.so
-usr/lib/libstatgrab.so.6
-usr/lib/libstatgrab.so.6.2.3
+usr/lib/libstatgrab.so.10
+usr/lib/libstatgrab.so.10.0.0
#usr/lib/pkgconfig/libstatgrab.pc
+#usr/share/doc/libstatgrab
+#usr/share/doc/libstatgrab/AUTHORS
+#usr/share/doc/libstatgrab/COPYING
+#usr/share/doc/libstatgrab/COPYING.LGPL
+#usr/share/doc/libstatgrab/NEWS
+#usr/share/doc/libstatgrab/PLATFORMS
+#usr/share/doc/libstatgrab/README
#usr/share/man/man1/saidar.1
#usr/share/man/man1/statgrab-make-mrtg-config.1
#usr/share/man/man1/statgrab-make-mrtg-index.1
#usr/share/man/man1/statgrab.1
+#usr/share/man/man3/libstatgrab.3
+#usr/share/man/man3/sg_clear_error.3
+#usr/share/man/man3/sg_comp_destroy.3
+#usr/share/man/man3/sg_comp_get_tls.3
+#usr/share/man/man3/sg_comp_init.3
+#usr/share/man/man3/sg_disk_io_compare_name.3
+#usr/share/man/man3/sg_disk_io_compare_traffic.3
+#usr/share/man/man3/sg_drop_privileges.3
+#usr/share/man/man3/sg_free_cpu_stats.3
+#usr/share/man/man3/sg_free_disk_io_stats.3
+#usr/share/man/man3/sg_free_fs_stats.3
+#usr/share/man/man3/sg_free_host_info.3
+#usr/share/man/man3/sg_free_load_stats.3
+#usr/share/man/man3/sg_free_mem_stats.3
+#usr/share/man/man3/sg_free_network_iface_stats.3
+#usr/share/man/man3/sg_free_network_io_stats.3
+#usr/share/man/man3/sg_free_page_stats.3
+#usr/share/man/man3/sg_free_process_count.3
+#usr/share/man/man3/sg_free_stats_buf.3
+#usr/share/man/man3/sg_free_swap_stats.3
+#usr/share/man/man3/sg_free_user_stats.3
+#usr/share/man/man3/sg_fs_compare_device_name.3
+#usr/share/man/man3/sg_fs_compare_mnt_point.3
#usr/share/man/man3/sg_get_cpu_percents.3
+#usr/share/man/man3/sg_get_cpu_percents_of.3
+#usr/share/man/man3/sg_get_cpu_percents_r.3
#usr/share/man/man3/sg_get_cpu_stats.3
#usr/share/man/man3/sg_get_cpu_stats_diff.3
+#usr/share/man/man3/sg_get_cpu_stats_diff_between.3
+#usr/share/man/man3/sg_get_cpu_stats_r.3
#usr/share/man/man3/sg_get_disk_io_stats.3
#usr/share/man/man3/sg_get_disk_io_stats_diff.3
+#usr/share/man/man3/sg_get_disk_io_stats_diff_between.3
+#usr/share/man/man3/sg_get_disk_io_stats_r.3
+#usr/share/man/man3/sg_get_error.3
+#usr/share/man/man3/sg_get_error_arg.3
+#usr/share/man/man3/sg_get_error_details.3
+#usr/share/man/man3/sg_get_error_errno.3
#usr/share/man/man3/sg_get_fs_stats.3
+#usr/share/man/man3/sg_get_fs_stats_diff.3
+#usr/share/man/man3/sg_get_fs_stats_diff_between.3
+#usr/share/man/man3/sg_get_fs_stats_r.3
#usr/share/man/man3/sg_get_host_info.3
+#usr/share/man/man3/sg_get_host_info_r.3
#usr/share/man/man3/sg_get_load_stats.3
+#usr/share/man/man3/sg_get_load_stats_r.3
#usr/share/man/man3/sg_get_mem_stats.3
+#usr/share/man/man3/sg_get_mem_stats_r.3
+#usr/share/man/man3/sg_get_nelements.3
#usr/share/man/man3/sg_get_network_iface_stats.3
+#usr/share/man/man3/sg_get_network_iface_stats_r.3
#usr/share/man/man3/sg_get_network_io_stats.3
#usr/share/man/man3/sg_get_network_io_stats_diff.3
+#usr/share/man/man3/sg_get_network_io_stats_diff_between.3
+#usr/share/man/man3/sg_get_network_io_stats_r.3
#usr/share/man/man3/sg_get_page_stats.3
#usr/share/man/man3/sg_get_page_stats_diff.3
+#usr/share/man/man3/sg_get_page_stats_diff_between.3
+#usr/share/man/man3/sg_get_page_stats_r.3
#usr/share/man/man3/sg_get_process_count.3
+#usr/share/man/man3/sg_get_process_count_of.3
+#usr/share/man/man3/sg_get_process_count_r.3
#usr/share/man/man3/sg_get_process_stats.3
+#usr/share/man/man3/sg_get_process_stats_r.3
#usr/share/man/man3/sg_get_swap_stats.3
+#usr/share/man/man3/sg_get_swap_stats_r.3
#usr/share/man/man3/sg_get_user_stats.3
+#usr/share/man/man3/sg_get_user_stats_r.3
+#usr/share/man/man3/sg_get_valid_filesystems.3
+#usr/share/man/man3/sg_global_lock.3
+#usr/share/man/man3/sg_global_unlock.3
+#usr/share/man/man3/sg_init.3
+#usr/share/man/man3/sg_internal-intro.3
+#usr/share/man/man3/sg_intro.3
+#usr/share/man/man3/sg_lock_mutex.3
+#usr/share/man/man3/sg_network_iface_compare_name.3
+#usr/share/man/man3/sg_network_io_compare_name.3
+#usr/share/man/man3/sg_process_compare_cpu.3
+#usr/share/man/man3/sg_process_compare_gid.3
+#usr/share/man/man3/sg_process_compare_name.3
+#usr/share/man/man3/sg_process_compare_pid.3
+#usr/share/man/man3/sg_process_compare_res.3
+#usr/share/man/man3/sg_process_compare_size.3
+#usr/share/man/man3/sg_process_compare_time.3
+#usr/share/man/man3/sg_process_compare_uid.3
+#usr/share/man/man3/sg_prove_vector.3
+#usr/share/man/man3/sg_set_error.3
+#usr/share/man/man3/sg_set_error_with_errno.3
+#usr/share/man/man3/sg_set_error_with_errno_code.3
+#usr/share/man/man3/sg_set_valid_filesystems.3
+#usr/share/man/man3/sg_shutdown.3
+#usr/share/man/man3/sg_snapshot.3
+#usr/share/man/man3/sg_str_error.3
+#usr/share/man/man3/sg_strperror.3
+#usr/share/man/man3/sg_unlock_mutex.3
+#usr/share/man/man3/sg_vector_clear.3
+#usr/share/man/man3/sg_vector_clone.3
+#usr/share/man/man3/sg_vector_clone_into.3
+#usr/share/man/man3/sg_vector_compute_diff.3
+#usr/share/man/man3/sg_vector_create.3
+#usr/share/man/man3/sg_vector_free.3
+#usr/share/man/man3/sg_vector_resize.3
#usr/share/man/man3/statgrab.3
var/ipfire/lynis
-#var/ipfire/lynis/CONTRIBUTORS
+#var/ipfire/lynis/CHANGELOG.md
+#var/ipfire/lynis/CODE_OF_CONDUCT.md
+#var/ipfire/lynis/CONTRIBUTING.md
+#var/ipfire/lynis/CONTRIBUTORS.md
#var/ipfire/lynis/db
var/ipfire/lynis/db/fileperms.db
var/ipfire/lynis/db/hints.db
var/ipfire/lynis/db/integrity.db
+var/ipfire/lynis/db/languages
+var/ipfire/lynis/db/languages/br
+var/ipfire/lynis/db/languages/cn
+var/ipfire/lynis/db/languages/de
+var/ipfire/lynis/db/languages/en
+var/ipfire/lynis/db/languages/en-GB
+var/ipfire/lynis/db/languages/en-US
+var/ipfire/lynis/db/languages/es
+var/ipfire/lynis/db/languages/fi
+var/ipfire/lynis/db/languages/fr
+var/ipfire/lynis/db/languages/gr
+var/ipfire/lynis/db/languages/he
+var/ipfire/lynis/db/languages/hu
+var/ipfire/lynis/db/languages/it
+var/ipfire/lynis/db/languages/ja
+var/ipfire/lynis/db/languages/nb-NO
+var/ipfire/lynis/db/languages/nl
+var/ipfire/lynis/db/languages/nl-BE
+var/ipfire/lynis/db/languages/nl-NL
+var/ipfire/lynis/db/languages/pl
+var/ipfire/lynis/db/languages/pt
+var/ipfire/lynis/db/languages/ru
+var/ipfire/lynis/db/languages/se
+var/ipfire/lynis/db/languages/tr
var/ipfire/lynis/db/malware-susp.db
var/ipfire/lynis/db/malware.db
var/ipfire/lynis/db/sbl.db
+var/ipfire/lynis/db/tests.db
var/ipfire/lynis/default.prf
+var/ipfire/lynis/developer.prf
#var/ipfire/lynis/extras
-var/ipfire/lynis/extras/.bzrignore
#var/ipfire/lynis/extras/README
#var/ipfire/lynis/extras/bash_completion.d
var/ipfire/lynis/extras/bash_completion.d/lynis
#var/ipfire/lynis/extras/systemd
#var/ipfire/lynis/extras/systemd/lynis.service
#var/ipfire/lynis/extras/systemd/lynis.timer
+#var/ipfire/lynis/extras/travis-ci
+#var/ipfire/lynis/extras/travis-ci/before_script.sh
#var/ipfire/lynis/include
var/ipfire/lynis/include/binaries
var/ipfire/lynis/include/consts
var/ipfire/lynis/include/data_upload
var/ipfire/lynis/include/functions
+var/ipfire/lynis/include/helper_audit_dockerfile
+var/ipfire/lynis/include/helper_configure
+var/ipfire/lynis/include/helper_show
+var/ipfire/lynis/include/helper_system_remote_scan
+var/ipfire/lynis/include/helper_update
var/ipfire/lynis/include/osdetection
var/ipfire/lynis/include/parameters
var/ipfire/lynis/include/profiles
var/ipfire/lynis/include/tests_authentication
var/ipfire/lynis/include/tests_banners
var/ipfire/lynis/include/tests_boot_services
+var/ipfire/lynis/include/tests_containers
var/ipfire/lynis/include/tests_crypto
var/ipfire/lynis/include/tests_custom.template
var/ipfire/lynis/include/tests_databases
+var/ipfire/lynis/include/tests_dns
var/ipfire/lynis/include/tests_file_integrity
var/ipfire/lynis/include/tests_file_permissions
var/ipfire/lynis/include/tests_filesystems
var/ipfire/lynis/include/tests_firewalls
var/ipfire/lynis/include/tests_hardening
-var/ipfire/lynis/include/tests_hardening_tools
var/ipfire/lynis/include/tests_homedirs
var/ipfire/lynis/include/tests_insecure_services
var/ipfire/lynis/include/tests_kernel
var/ipfire/lynis/include/tests_scheduling
var/ipfire/lynis/include/tests_shells
var/ipfire/lynis/include/tests_snmp
-#var/ipfire/lynis/include/tests_solaris
var/ipfire/lynis/include/tests_squid
var/ipfire/lynis/include/tests_ssh
var/ipfire/lynis/include/tests_storage
var/ipfire/lynis/include/tests_storage_nfs
-var/ipfire/lynis/include/tests_tcpwrappers
+var/ipfire/lynis/include/tests_system_integrity
var/ipfire/lynis/include/tests_time
var/ipfire/lynis/include/tests_tooling
+var/ipfire/lynis/include/tests_usb
var/ipfire/lynis/include/tests_virtualization
var/ipfire/lynis/include/tests_webservers
+var/ipfire/lynis/include/tool_tips
var/ipfire/lynis/lynis
var/ipfire/lynis/lynis.8
#var/ipfire/lynis/plugins
usr/sbin/mtr
+usr/sbin/mtr-packet
+#usr/share/bash-completion/completions/mtr
+#usr/share/man/man8/mtr-packet.8
#usr/share/man/man8/mtr.8
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: no eciadsl synch.bin file
WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no hardware random number generator
WARNING: translation string unused: no information available
WARNING: translation string unused: no modem selected
WARNING: translation string unused: no set selected
WARNING: translation string unused: subnet is invalid
WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
+WARNING: translation string unused: system has hwrng
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: test
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: no eciadsl synch.bin file
WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no hardware random number generator
WARNING: translation string unused: no information available
WARNING: translation string unused: no modem selected
WARNING: translation string unused: no set selected
WARNING: translation string unused: subnet is invalid
WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
+WARNING: translation string unused: system has hwrng
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: teovpn_fragment
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw all icmp
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
WARNING: untranslated string: no data
-WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: none
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
-WARNING: untranslated string: system has hwrng
WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: ta key
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw all icmp
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
WARNING: untranslated string: no data
-WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: none
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
-WARNING: untranslated string: system has hwrng
WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: ta key
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: no eciadsl synch.bin file
WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no hardware random number generator
WARNING: translation string unused: no information available
WARNING: translation string unused: no modem selected
WARNING: translation string unused: no set selected
WARNING: translation string unused: subnet is invalid
WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
+WARNING: translation string unused: system has hwrng
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: teovpn_fragment
WARNING: untranslated string: firewall log port
WARNING: untranslated string: five minutes
WARNING: untranslated string: four hours
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw err concon
WARNING: untranslated string: fwdfw err ratecon
WARNING: untranslated string: fwdfw limitconcon
WARNING: untranslated string: samba join a domain
WARNING: untranslated string: samba join domain
WARNING: untranslated string: search
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: tcp more reliable
WARNING: untranslated string: ten minutes
WARNING: untranslated string: thirty minutes
WARNING: untranslated string: vpn inactivity timeout
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client anonymous identity
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: no eciadsl synch.bin file
WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no hardware random number generator
WARNING: translation string unused: no information available
WARNING: translation string unused: no modem selected
WARNING: translation string unused: no set selected
WARNING: translation string unused: subnet is invalid
WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
+WARNING: translation string unused: system has hwrng
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: test
WARNING: untranslated string: firewall logs country
WARNING: untranslated string: five minutes
WARNING: untranslated string: four hours
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw err concon
WARNING: untranslated string: fwdfw err ratecon
WARNING: untranslated string: fwdfw limitconcon
WARNING: untranslated string: show tls-auth key
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: ta key
WARNING: untranslated string: tcp more reliable
WARNING: untranslated string: ten minutes
WARNING: untranslated string: vpn inactivity timeout
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client anonymous identity
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw all icmp
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
WARNING: untranslated string: no data
-WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: none
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
-WARNING: untranslated string: system has hwrng
WARNING: untranslated string: system has rdrand
WARNING: untranslated string: system information
WARNING: untranslated string: ta key
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client
WARNING: untranslated string: fwdfw action
WARNING: untranslated string: fwdfw additional
WARNING: untranslated string: fwdfw all icmp
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwdfw change
WARNING: untranslated string: fwdfw copy
WARNING: untranslated string: fwdfw delete
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
WARNING: untranslated string: no data
-WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: none
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ssh
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
WARNING: untranslated string: static routes
WARNING: untranslated string: support donation
-WARNING: untranslated string: system has hwrng
WARNING: untranslated string: system has rdrand
WARNING: untranslated string: ta key
WARNING: untranslated string: tcp more reliable
WARNING: untranslated string: vpn keyexchange
WARNING: untranslated string: vpn on-demand
WARNING: untranslated string: vpn start action
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn start action route
WARNING: untranslated string: vpn start action start
WARNING: untranslated string: vpn statistic n2n
WARNING: untranslated string: vpn statistic rw
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
WARNING: untranslated string: vpn weak
WARNING: untranslated string: wireless network
WARNING: untranslated string: wlan client
WARNING: translation string unused: no cfg upload
WARNING: translation string unused: no eciadsl synch.bin file
WARNING: translation string unused: no fritzdsl driver
+WARNING: translation string unused: no hardware random number generator
WARNING: translation string unused: no information available
WARNING: translation string unused: no modem selected
WARNING: translation string unused: no set selected
WARNING: translation string unused: subnet is invalid
WARNING: translation string unused: successfully refreshed updates list
WARNING: translation string unused: system graphs
+WARNING: translation string unused: system has hwrng
WARNING: translation string unused: system log viewer
WARNING: translation string unused: system status information
WARNING: translation string unused: teovpn_fragment
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: captive
+WARNING: untranslated string: fwdfw all subnets
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
WARNING: untranslated string: guardian block a host
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: ssh active sessions
+WARNING: untranslated string: ssh login time
+WARNING: untranslated string: ssh no active logins
+WARNING: untranslated string: ssh username
+WARNING: untranslated string: vpn start action add
WARNING: untranslated string: vpn statistics n2n
+WARNING: untranslated string: vpn wait
< fwdfw additional
< fwdfw addrule
< fwdfw all icmp
+< fwdfw all subnets
< fwdfw change
< fwdfw copy
< fwdfw delete
< software version
< source ip country
< ssh
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< static routes
< support donation
< system has hwrng
< vpn keyexchange
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< wireless network
< wlanap
< fwdfw additional
< fwdfw addrule
< fwdfw all icmp
+< fwdfw all subnets
< fwdfw change
< fwdfw copy
< fwdfw delete
< software version
< source ip country
< ssh
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< static routes
< support donation
< system has hwrng
< vpn keyexchange
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< wireless network
< wlanap
< firewall log port
< five minutes
< four hours
+< fwdfw all subnets
< fwdfw err concon
< fwdfw err ratecon
< fwdfw limitconcon
< samba join a domain
< samba join domain
< search
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< tcp more reliable
< ten minutes
< thirty minutes
< vpn inactivity timeout
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< wireless network
< wlanap
< firewall logs country
< five minutes
< four hours
+< fwdfw all subnets
< fwdfw err concon
< fwdfw err ratecon
< fwdfw limitconcon
< show tls-auth key
< software version
< source ip country
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< ta key
< tcp more reliable
< ten minutes
< vpn inactivity timeout
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< wireless network
< wlanap
< fwdfw additional
< fwdfw addrule
< fwdfw all icmp
+< fwdfw all subnets
< fwdfw change
< fwdfw copy
< fwdfw delete
< software version
< source ip country
< ssh
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< static routes
< support donation
< system has hwrng
< vpn keyexchange
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< wireless network
< wlanap
< fwdfw additional
< fwdfw addrule
< fwdfw all icmp
+< fwdfw all subnets
< fwdfw change
< fwdfw copy
< fwdfw delete
< software version
< source ip country
< ssh
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
< static routes
< support donation
< system has hwrng
< vpn keyexchange
< vpn on-demand
< vpn start action
+< vpn start action add
< vpn start action route
< vpn start action start
< vpn statistic n2n
< vpn statistic rw
+< vpn wait
< vpn weak
< week-graph
< wireless network
############################################################################
# Checking cgi-bin translations for language: tr #
############################################################################
+< fwdfw all subnets
+< ssh active sessions
+< ssh login time
+< ssh no active logins
+< ssh username
+< vpn start action add
+< vpn wait
}
if ($peer) {
- system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --no-check-certificate --output-document=/var/tmp/snortrules.tar.gz $url");
+ system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
} else {
- system("wget -r --no-check-certificate -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
+ system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
}
}
} elsif ($line =~ /$vpnconfig{$key}[1]\{.*ROUTED/) {
$activecolor = $Header::colourorange;
$activestatus = $Lang::tr{'vpn on-demand'};
+ } elsif ($vpnconfig{$key}[33] eq "add") {
+ $activecolor = ${Header::colourorange};
+ $activestatus = $Lang::tr{'vpn wait'};
}
}
}
<form method='post'><input type='hidden' name='AREUSURE' value='yes' />
<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
<select name='DHLENGHT'>
- <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'})</option>
<option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
<option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
<option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
</select></td>
<tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
<td class='base'><select name='DHLENGHT'>
- <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'}</option>
<option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
<option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
<option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
goto VPNCONF_ERROR;
}
+ # Check for N2N that OpenSSL maximum of valid days will not be exceeded
+ if ($cgiparams{'TYPE'} eq 'net') {
+ if ($cgiparams{'DAYS_VALID'} >= '999999') {
+ $errormessage = $Lang::tr{'invalid input for valid till days'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ }
+
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto VPNCONF_ERROR;
}
my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN=(.*)[\n]/;
+ $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
$temp =~ s/ ST=/ S=/;
}
my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN=(.*)[\n]/;
+ $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
$temp =~ s/ ST=/ S=/;
$errormessage = $Lang::tr{'passwords do not match'};
goto VPNCONF_ERROR;
}
- if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
+ if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
$errormessage = $Lang::tr{'invalid input for valid till days'};
goto VPNCONF_ERROR;
}
+ # Check for RW that OpenSSL maximum of valid days will not be exceeded
+ if ($cgiparams{'TYPE'} eq 'host') {
+ if ($cgiparams{'DAYS_VALID'} >= '999999') {
+ $errormessage = $Lang::tr{'invalid input for valid till days'};
+ goto VPNCONF_ERROR;
+ }
+ }
+
+ # Check for RW if client name is already set
+ if ($cgiparams{'TYPE'} eq 'host') {
+ foreach my $key (keys %confighash) {
+ if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
+ $errormessage = $Lang::tr{'a connection with this name already exists'};
+ goto VPNCONF_ERROR;
+ }
+ }
+ }
+
# Replace empty strings with a .
(my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
(my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
$cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
$cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
$cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
- $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
+ $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
}
VPNCONF_ERROR:
if ($cgiparams{'TYPE'} eq 'host') {
print <<END;
</select></td></tr>
- <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days): <img src='/blob.gif' alt='*' /</td>
<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
}else{
print <<END;
</select></td></tr>
- <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days): <img src='/blob.gif' alt='*' /</td>
<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td><td> </td><td> </td></tr>
<tr><td> </td><td> </td><td> </td></tr>
my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
$ntlm_auth_group =~ s/\\/\+/;
- print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+ print FILE " --require-membership-of=$ntlm_auth_group";
}
print FILE "\n";
my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
$ntlm_auth_group =~ s/\\/\+/;
- print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+ print FILE " --require-membership-of=$ntlm_auth_group";
}
print FILE "\n";
print FILE "auth_param basic children 10\n";
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
-my $blue_cidr = "# Blue not defined";
-if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
- $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
-}
-my $orange_cidr = "# Orange not defined";
-if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
- $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
-}
-
my %INACTIVITY_TIMEOUTS = (
300 => $Lang::tr{'five minutes'},
600 => $Lang::tr{'ten minutes'},
$cgiparams{'REMOTE_ID'} = '';
#use default advanced value
- $cgiparams{'IKE_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
+ $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19];
$cgiparams{'IKE_GROUPTYPE'} = 'curve25519|4096|3072|2048'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
- $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
+ $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22];
$cgiparams{'ESP_GROUPTYPE'} = 'curve25519|4096|3072|2048'; #[23];
$cgiparams{'ESP_KEYLIFE'} = '1'; #[17];
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
+ if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|camellia(256|192|128))$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
+ if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|camellia(256|192|128))$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
}
ADVANCED_ERROR:
+ $checked{'IKE_ENCRYPTION'}{'chacha20poly1305'} = '';
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
$checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+ $checked{'ESP_ENCRYPTION'}{'chacha20poly1305'} = '';
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
$selected{'DPD_ACTION'}{'none'} = '';
$selected{'DPD_ACTION'}{$cgiparams{'DPD_ACTION'}} = "selected='selected'";
+ $selected{'START_ACTION'}{'add'} = '';
$selected{'START_ACTION'}{'route'} = '';
$selected{'START_ACTION'}{'start'} = '';
$selected{'START_ACTION'}{$cgiparams{'START_ACTION'}} = "selected='selected'";
<td class='boldbase' width="15%">$Lang::tr{'encryption'}</td>
<td class='boldbase'>
<select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='chacha20poly1305' $checked{'IKE_ENCRYPTION'}{'chacha20poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
<option value='aes256gcm128' $checked{'IKE_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
<option value='aes256gcm96' $checked{'IKE_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
<option value='aes256gcm64' $checked{'IKE_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
</td>
<td class='boldbase'>
<select name='ESP_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='chacha20poly1305' $checked{'ESP_ENCRYPTION'}{'chacha20poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
<option value='aes256gcm128' $checked{'ESP_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
<option value='aes256gcm96' $checked{'ESP_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
<option value='aes256gcm64' $checked{'ESP_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
<select name="START_ACTION">
<option value="route" $selected{'START_ACTION'}{'route'}>$Lang::tr{'vpn start action route'}</option>
<option value="start" $selected{'START_ACTION'}{'start'}>$Lang::tr{'vpn start action start'}</option>
+ <option value="add" $selected{'START_ACTION'}{'add'} >$Lang::tr{'vpn start action add'}</option>
</select>
</td>
</tr>
} elsif ($line =~ /$confighash{$key}[1]\{.*ROUTED/) {
$col1="bgcolor='${Header::colourorange}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'vpn on-demand'}</font></b>";
+ } elsif ($confighash{$key}[33] eq "add") {
+ $col1="bgcolor='${Header::colourorange}'";
+ $active = "<b><font color='#FFFFFF'>$Lang::tr{'vpn wait'}</font></b>";
}
}
# move to blue if really down
'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn start action' => 'Startaktion',
+'vpn start action add' => 'Auf Verbindungseingang warten',
'vpn start action route' => 'Bei Bedarf',
'vpn start action start' => 'Immer An',
'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
+'vpn wait' => 'WARTE',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'vpn weak' => 'schwach',
'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn start action' => 'Start Action',
+'vpn start action add' => 'Wait for connection initiation',
'vpn start action route' => 'On Demand',
'vpn start action start' => 'Always On',
'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
+'vpn wait' => 'WAITING',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
'vpn weak' => 'Weak',
'waiting to synchronize clock' => 'Waiting to synchronize clock',
# Install apache config
cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
- ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
+ touch /etc/httpd/conf/hostname.conf
# Create captive logging directory
-mkdir -pv /var/log/httpd/captive
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/aws-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
+ cp $(DIR_SRC)/config/cfgroot/main-settings $(CONFIG_ROOT)/main/settings
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
include Config
-VER = 1.4.4
+VER = 1.4.5
THISAPP = conntrack-tools-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = acd9e0b27cf16ae3092ba900e4d7560e
+$(DL_FILE)_MD5 = 9356a0cd4df81a597ac26d87ccfebac4
install : $(TARGET)
include Config
-VER = 8.27
+VER = 8.29
THISAPP = coreutils-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE)= $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 502795792c212932365e077946d353ae
+$(DL_FILE)_MD5 = 960cfe75a42c9907c71439f8eb436303
install : $(TARGET)
else
tar -x -C $(MNThdd)/ -f /install/cdrom/distro.img
endif
- echo "LANGUAGE=en" >> $(MNThdd)/var/ipfire/main/settings
- echo "HOSTNAME=$(SNAME)" >> $(MNThdd)/var/ipfire/main/settings
- echo "THEME=ipfire" >> $(MNThdd)/var/ipfire/main/settings
-
-touch $(MNThdd)/lib/modules/$(KVER)-ipfire/modules.dep
mkdir $(MNThdd)/proc
mount --bind /proc $(MNThdd)/proc
# Enable also serial console on GRUB
echo "GRUB_TERMINAL=\"serial console\"" >> $(MNThdd)/etc/default/grub
echo "GRUB_SERIAL_COMMAND=\"serial --unit=0 --speed=115200\"" >> $(MNThdd)/etc/default/grub
- echo "GRUB_TIMEOUT=-1" >> $(MNThdd)/etc/default/grub
# Add additional entry for Serial console
cp $(DIR_SRC)/config/flash-images/grub/11_linux_scon \
mkdir -pv $(MNThdd)/boot/grub
chroot $(MNThdd) grub-mkconfig -o /boot/grub/grub.cfg
+ # Boot the first kernel by default
+ chroot $(MNThdd) grub-set-default 0
+
# Insert the UUID because grub-mkconfig often fails to
# detect that correctly
sed -i $(MNThdd)/boot/grub/grub.cfg \
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.10
+VER = 4.0
THISAPP = fping-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = fping
-PAK_VER = 3
+PAK_VER = 4
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6a0ddecb671df1d580d20c0dd1095773
+$(DL_FILE)_MD5 = c21a80d7519fa0ad2411bf6799873eb0
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-ipv6
+
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 1.4.22
+VER = 1.4.23
THISAPP = gnupg-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 082bda3951a94743e76b83fcf3627547
+$(DL_FILE)_MD5 = b1df02c73572f27bc859ac05ff2259ab
install : $(TARGET)
include Config
-VER = 2.10
+VER = 2.30
THISAPP = iana-etc-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 53dea53262b281322143c744ca60ffbb
+$(DL_FILE)_MD5 = 3ba3afb1d1b261383d247f46cb135ee8
install : $(TARGET)
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console
+ ln -sf ../init.d/aws /etc/rc.d/rcsysinit.d/S74aws
ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup
ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet
ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S81pakfire
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2017 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 6.32
+VER = 6.38
THISAPP = ipset-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 857a5c6a6d645196865a82bf6fd7f567
+$(DL_FILE)_MD5 = 0e5d9c85f6b78e7dff0c996e2900574b
install : $(TARGET)
include Config
-VER = 1.4.21
+VER = 1.6.2
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
-$(DL_FILE)_MD5 = 536d048c8e8eeebcd9757d0863ebb0c0
+$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
install : $(TARGET)
--bindir=/sbin \
--sbindir=/sbin \
--mandir=/usr/share/man \
+ --disable-nftables \
--with-pkgconfigdir=/usr/lib/pkgconfig
cd $(DIR_APP) && make $(MAKETUNING)
include Config
-VER = 1.8.0
+VER = 1.8.3
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 530db74602b558209f9ad7356a680971
+$(DL_FILE)_MD5 = 3139c2402e844985a67fb288a930534d
install : $(TARGET)
include Config
-VER = 1.0.6
+VER = 1.0.7
THISAPP = libnetfilter_conntrack-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7139c5f408dd9606ffecfd5dcda8175b
+$(DL_FILE)_MD5 = 013d182c2df716fcb5eb2a1fb7febd1f
install : $(TARGET)
###############################################################################
-# IPFire.org - An Open Source Firewall Solution #
-# Copyright (C) - IPFire Development Team <info@ipfire.org> #
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
###############################################################################
###############################################################################
include Config
-VER = 0.17
+VER = 0.91
THISAPP = libstatgrab-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libstatgrab
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 58385c9392898be3b09ffc5e3ebe8717
+$(DL_FILE)_MD5 = b906d312076ca9be3d5188edfe07f496
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- $(UPDATE_AUTOMAKE)
cd $(DIR_APP) && ./configure --prefix=/usr
+
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 1.6.4
+VER = 2.6.4
THISAPP = lynis-$(VER)
DL_FILE = $(THISAPP).tar.gz
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lynis
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dfa946388af8926bd24f772d4fa4830a
+$(DL_FILE)_MD5 = a5afd484b7aabf8af73adbc67a8f8756
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 0.86
+VER = 0.92
THISAPP = mtr-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mtr
-PAK_VER = 2
+PAK_VER = 3
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8d63592c9d4579ef20cf491b41843eb2
+$(DL_FILE)_MD5 = 3b3788f71641eb3eaba517ac2138e76d
install : $(TARGET)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.3
+
+THISAPP = nss-myhostname-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = d4ab9ac36c053ab8fb836db1cbd4a48f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ $(UPDATE_AUTOMAKE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --libdir=/lib
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- sed -i -e 's/^#\?Port .*$$/Port 222/' \
+ sed -i -e 's/^#\?Port .*$$/Port 22/' \
-e 's/^#\?Protocol .*$$/Protocol 2/' \
-e 's/^#\?LoginGraceTime .*$$/LoginGraceTime 30s/' \
-e 's/^#\?PubkeyAuthentication .*$$/PubkeyAuthentication yes/' \
include Config
-VER = 2.4.5
+VER = 2.4.6
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c510ad3c8fce738c678dbcc54367c945
+$(DL_FILE)_MD5 = 3a1f3f63bdaede443b4df49957df9405
install : $(TARGET)
include Config
-VER = 3.2.4
+VER = 3.2.6
THISAPP = postfix-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = postfix
-PAK_VER = 14
+PAK_VER = 15
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 60d8418278ef9f3c7d1251480ea84a42
+$(DL_FILE)_MD5 = d10f1fb551be86f6e48c2908dd8a12ff
install : $(TARGET)
include Config
-VER = 6.5
+VER = 6.6
THISAPP = smartmontools-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156
+$(DL_FILE)_MD5 = 9ae2c6e7131cd2813edcc65cbe5f223f
install : $(TARGET)
include Config
-VER = 5.6.2
+VER = 5.6.3
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 46aa3aa18fbc4bd528f9a0345ce79913
+$(DL_FILE)_MD5 = a6a28eeb22aa58080a7581771a5b63f9
install : $(TARGET)
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
+ --enable-chapoly \
--disable-padlock \
- --disable-chapoly \
+ --disable-rc2 \
$(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make $(MAKETUNING)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2017 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.5
+VER = 2.7
THISAPP = tmux-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tmux
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4a5d73d96d8f11b0bdf9b6f15ab76d15
+$(DL_FILE)_MD5 = bcdfcf910c94c3e02ce6b1c035880306
install : $(TARGET)
include Config
-VER = 0.3.2.10
+VER = 0.3.3.7
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 28
+PAK_VER = 29
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a8b8b3db93f87a5c061109dbd8cd5309
+$(DL_FILE)_MD5 = 5288d8de30c516073ad13fee44f6fdf3
install : $(TARGET)
include Config
-VER = 2016d
+VER = 2018e
TZDATA_VER = $(VER)
TZCODE_VER = $(VER)
tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_MD5 = 14bf84b6c2cdab0a9428991e0150ebe6
-tzcode$(TZCODE_VER).tar.gz_MD5 = 06fc6fc111cd8dd681abdc5326529afd
+tzdata$(TZDATA_VER).tar.gz_MD5 = 97d654f4d7253173b3eeb76a836dd65e
+tzcode$(TZCODE_VER).tar.gz_MD5 = c4d7df0fff7ba5588b32c5f27e2caf97
install : $(TARGET)
include Config
-VER = 1.7.1
+VER = 1.7.3
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e3614d9746e1fd45f191a2b88ad8df04
+$(DL_FILE)_MD5 = ea45068fb27ef358f581227b99645525
install : $(TARGET)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.21" # Version number
-CORE="122" # Core Level (Filename)
+CORE="123" # Core Level (Filename)
PAKFIRE_CORE="122" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
lfsmake2 iftop
lfsmake2 mdns-repeater
lfsmake2 i2c-tools
+ lfsmake2 nss-myhostname
}
buildinstaller() {
--- /dev/null
+#!/bin/bash
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+get() {
+ local file="${1}"
+
+ wget -qO - "http://169.254.169.254/latest/meta-data/${file}"
+}
+
+to_address() {
+ local n="${1}"
+
+ local o1=$(( (n & 0xff000000) >> 24 ))
+ local o2=$(( (n & 0xff0000) >> 16 ))
+ local o3=$(( (n & 0xff00) >> 8 ))
+ local o4=$(( (n & 0xff) ))
+
+ printf "%d.%d.%d.%d\n" "${o1}" "${o2}" "${o3}" "${o4}"
+}
+
+to_integer() {
+ local address="${1}"
+
+ local integer=0
+
+ local i
+ for i in ${address//\./ }; do
+ integer=$(( (integer << 8) + i ))
+ done
+
+ printf "%d\n" "${integer}"
+}
+
+prefix2netmask() {
+ local prefix=${1}
+
+ local zeros=$(( 32 - prefix ))
+ local netmask=0
+
+ local i
+ for (( i=0; i<${zeros}; i++ )); do
+ netmask=$(( (netmask << 1) ^ 1 ))
+ done
+
+ to_address "$(( netmask ^ 0xffffffff ))"
+}
+
+find_interface() {
+ local mac="${1}"
+
+ local path
+ for path in /sys/class/net/*; do
+ local address="$(<${path}/address)"
+
+ if [ "${mac}" = "${address}" ]; then
+ basename "${path}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+import_aws_configuration() {
+ local instance_id="$(get instance-id)"
+
+ boot_mesg "Importing AWS configuration for instance ${instance_id}..."
+
+ # Store instance ID
+ echo "${instance_id}" > /var/run/aws-instance-id
+
+ # Initialise system settings
+ local hostname=$(get local-hostname)
+
+ # Set hostname
+ if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
+ echo "HOSTNAME=${hostname%%.*}" >> /var/ipfire/main/settings
+ fi
+
+ # Set domainname
+ if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
+ echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
+ fi
+
+ # Import SSH keys
+ local line
+ for line in $(get "public-keys/"); do
+ local key_no="${line%=*}"
+
+ local key="$(get public-keys/${key_no}/openssh-key)"
+ if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
+ mkdir -p /root/.ssh
+ chmod 700 /root/.ssh
+
+ echo "${key}" >> /root/.ssh/authorized_keys
+ chmod 600 /root/.ssh/authorized_keys
+ fi
+ done
+
+ # Import any DNS server settings
+ eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
+
+ # Import network configuration
+ # After this, no network connectivity will be available from this script due to the
+ # renaming of the network interfaces for which they have to be shut down
+ local config_type=1
+ : > /var/ipfire/ethernet/settings
+
+ local mac
+ for mac in $(get network/interfaces/macs/); do
+ # Remove trailing slash
+ mac="${mac//\//}"
+
+ local device_number="$(get "network/interfaces/macs/${mac}/device-number")"
+ local interface_id="$(get "network/interfaces/macs/${mac}/interface-id")"
+
+ # First IPv4 address
+ local ipv4_address="$(get "network/interfaces/macs/${mac}/local-ipv4s" | head -n1)"
+ local ipv4_address_num="$(to_integer "${ipv4_address}")"
+
+ # Get VPC subnet
+ local vpc="$(get "network/interfaces/macs/${mac}/vpc-ipv4-cidr-block")"
+ local vpc_netaddress="${vpc%/*}"
+ local vpc_netaddress_num="$(to_integer "${vpc_netaddress}")"
+
+ # Get subnet size
+ local subnet="$(get "network/interfaces/macs/${mac}/subnet-ipv4-cidr-block")"
+
+ local prefix="${subnet#*/}"
+ local netmask="$(prefix2netmask "${prefix}")"
+ local netmask_num="$(to_integer "${netmask}")"
+
+ # Calculate the network and broadcast addresses
+ local netaddress="${subnet%/*}"
+ local netaddress_num="$(to_integer "${netaddress}")"
+ local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) )))"
+
+ case "${device_number}" in
+ # RED
+ 0)
+ local interface_name="red0"
+
+ # The gateway is always the first IP address in the subnet
+ local gateway="$(to_address $(( netaddress_num + 1 )))"
+
+ # The AWS internal DNS service is available on the second IP address of the VPC
+ local dns1="$(to_address $(( vpc_netaddress_num + 2 )))"
+ local dns2=
+
+ (
+ echo "RED_TYPE=STATIC"
+ echo "RED_DEV=${interface_name}"
+ echo "RED_MACADDR=${mac}"
+ echo "RED_DESCRIPTION='${interface_id}'"
+ echo "RED_ADDRESS=${ipv4_address}"
+ echo "RED_NETMASK=${netmask}"
+ echo "RED_NETADDRESS=${netaddress}"
+ echo "RED_BROADCAST=${broadcast}"
+ echo "DEFAULT_GATEWAY=${gateway}"
+ echo "DNS1=${DNS1:-${dns1}}"
+ echo "DNS2=${DNS2:-${dns2}}"
+ ) >> /var/ipfire/ethernet/settings
+
+ # Import aliases for RED
+ for alias in $(get "network/interfaces/macs/${mac}/local-ipv4s" | tail -n +2); do
+ echo "${alias},on,"
+ done > /var/ipfire/ethernet/aliases
+ ;;
+
+ # GREEN
+ 1)
+ local interface_name="green0"
+
+ (
+ echo "GREEN_DEV=${interface_name}"
+ echo "GREEN_MACADDR=${mac}"
+ echo "GREEN_DESCRIPTION='${interface_id}'"
+ echo "GREEN_ADDRESS=${ipv4_address}"
+ echo "GREEN_NETMASK=${netmask}"
+ echo "GREEN_NETADDRESS=${netaddress}"
+ echo "GREEN_BROADCAST=${broadcast}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+
+ # ORANGE
+ 2)
+ local interface_name="orange0"
+ config_type=2
+
+ (
+ echo "ORANGE_DEV=${interface_name}"
+ echo "ORANGE_MACADDR=${mac}"
+ echo "ORANGE_DESCRIPTION='${interface_id}'"
+ echo "ORANGE_ADDRESS=${ipv4_address}"
+ echo "ORANGE_NETMASK=${netmask}"
+ echo "ORANGE_NETADDRESS=${netaddress}"
+ echo "ORANGE_BROADCAST=${broadcast}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+ esac
+
+ # Rename interface
+ local interface="$(find_interface "${mac}")"
+
+ if [ -n "${interface}" ] && [ -n "${interface_name}" ] && [ "${interface}" != "${interface_name}" ]; then
+ ip link set "${interface}" down
+ ip link set "${interface}" name "${interface_name}"
+ fi
+ done
+
+ # Save CONFIG_TYPE
+ echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
+
+ # Actions performed only on the very first start
+ if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
+ # Enable SSH
+ sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
+
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
+ # Enable SSH key authentication
+ sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
+
+ # Firewall rules for SSH and WEBIF
+ (
+ echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ ) >> /var/ipfire/firewall/input
+
+ # This script has now completed the first steps of setup
+ touch /var/ipfire/main/firstsetup_ok
+ fi
+
+ # All done
+ echo_ok
+}
+
+case "${reason}" in
+ PREINIT)
+ # Bring up the interface
+ ip link set "${interface}" up
+ ;;
+
+ BOUND|RENEW|REBIND|REBOOT)
+ # Remove any previous IP addresses
+ ip addr flush dev "${interface}"
+
+ # Add (or re-add) the new IP address
+ ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}"
+
+ # Add the default route
+ ip route add default via "${new_routers}"
+
+ # Import AWS configuration
+ import_aws_configuration
+ ;;
+
+ EXPIRE|FAIL|RELEASE|STOP)
+ # Remove all IP addresses
+ ip addr flush dev "${interface}"
+ ;;
+
+ *)
+ echo "Unhandled reason: ${reason}" >&2
+ exit 2
+ ;;
+esac
+
+# Terminate
+exit 0
# Generate all required certificates
generate_certificates
+ # Update hostname
+ echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
+
boot_mesg "Starting Apache daemon..."
/usr/sbin/apachectl -k start
evaluate_retval
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/aws
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances.html
+running_on_ec2() {
+ local uuid
+
+ # Check if the hypervisor UUID starts with ec2
+ if [ -r "/sys/hypervisor/uuid" ]; then
+ uuid=$(</sys/hypervisor/uuid)
+
+ [ "${uuid:0:3}" = "ec2" ] && return 0
+ fi
+
+ # Check if the DMI product UUID starts with EC2
+ if [ -r "/sys/devices/virtual/dmi/id/product_uuid" ]; then
+ uuid=$(</sys/devices/virtual/dmi/id/product_uuid)
+
+ [ "${uuid:0:3}" = "EC2" ] && return 0
+ fi
+
+ # We are not running on AWS EC2
+ return 1
+}
+
+case "${1}" in
+ start)
+ # Do nothing if we are not running on AWS EC2
+ running_on_ec2 || exit 0
+
+ # Find the first interface to use
+ for i in /sys/class/net/*; do
+ [ -d "${i}" ] || continue
+ i=$(basename ${i})
+
+ # Skip loopback
+ [ "${i}" = "lo" ] && continue
+
+ # Use whatever we have found
+ intf="${i}"
+ break
+ done
+
+ # Check if we found a network interface
+ if [ ! -n "${intf}" ]; then
+ echo_failure
+
+ boot_mesg -n "Could not find a network interface" ${FAILURE}
+ boot_mesg "" ${NORMAL}
+ fi
+
+ # Run a DHCP client and set up the system accordingly
+ dhclient -sf /etc/rc.d/helper/aws-setup "${intf}"
+
+ # End DHCP client immediately
+ dhclient -sf /etc/rc.d/helper/aws-setup -r "${intf}" &>/dev/null
+ ;;
+
+ status)
+ if running_on_ec2; then
+ echo "This system is running on AWS EC2"
+ exit 0
+ else
+ echo "This system is NOT running on AWS EC2"
+ exit 1
+ fi
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/aws
# Always allow accessing the web GUI from GREEN.
iptables -N GUIINPUT
iptables -A INPUT -j GUIINPUT
- iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ if [ -n "${GREEN_DEV}" ]; then
+ iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ fi
# WIRELESS chains
iptables -N WIRELESSINPUT
iptables -t nat -N NAT_DESTINATION_FIX
iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
- iptables -t nat -A NAT_DESTINATION_FIX \
- -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ if [ -n "${GREEN_ADDRESS}" ]; then
+ iptables -t nat -A NAT_DESTINATION_FIX \
+ -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ fi
if [ -n "${BLUE_ADDRESS}" ]; then
iptables -t nat -A NAT_DESTINATION_FIX \
) > /etc/resolv.conf
}
+write_hosts() {
+ (
+ echo "127.0.0.1 localhost.localdomain localhost"
+ ) > /etc/hosts
+}
+
case "${1}" in
start)
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
evaluate_retval
fi
+ # Update hosts
+ write_hosts
+
# Update resolv.conf
write_resolv_conf
;;
# Start the udev daemon to continually watch for, and act on,
# uevents
- /sbin/udevd --daemon
+ boot_mesg "Starting udev daemon..."
+ loadproc udevd --daemon
# Now traverse /sys in order to "coldplug" devices that have
# already been discovered
;;
+ restart)
+ boot_mesg "Stopping udev daemon..."
+ killproc udevd
+
+ exec $0 start
+ ;;
+
*)
echo "Usage ${0} {start}"
exit 1
extern int automode;
-/* This will rewrite /etc/hosts, /etc/hosts.*, and the apache ServerName file. */
int writehostsfiles(void)
{
- char address[STRING_SIZE] = "";
- char netaddress[STRING_SIZE] = "";
- char netmask[STRING_SIZE] = "";
char message[1000];
- FILE *file, *hosts;
struct keyvalue *kv;
char hostname[STRING_SIZE];
char domainname[STRING_SIZE] = "localdomain";
char commandstring[STRING_SIZE];
- char buffer[STRING_SIZE];
-
- kv = initkeyvalues();
- if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))
- {
- freekeyvalues(kv);
- errorbox(_("Unable to open settings file"));
- return 0;
- }
- findkey(kv, "GREEN_ADDRESS", address);
- findkey(kv, "GREEN_NETADDRESS", netaddress);
- findkey(kv, "GREEN_NETMASK", netmask);
- freekeyvalues(kv);
kv = initkeyvalues();
if (!(readkeyvalues(kv, CONFIG_ROOT "/main/settings")))
findkey(kv, "DOMAINNAME", domainname);
freekeyvalues(kv);
- if (!(file = fopen(CONFIG_ROOT "/main/hostname.conf", "w")))
- {
- sprintf (message, _("Unable to write %s/main/hostname.conf"), CONFIG_ROOT);
- errorbox(message);
- return 0;
- }
- fprintf(file, "ServerName %s.%s\n", hostname,domainname);
- fclose(file);
-
- if (!(file = fopen(CONFIG_ROOT "/main/hosts", "r")))
- {
- errorbox(_("Unable to open main hosts file."));
- return 0;
- }
- if (!(hosts = fopen("/etc/hosts", "w")))
- {
- errorbox(_("Unable to write /etc/hosts."));
- return 0;
- }
- fprintf(hosts, "127.0.0.1\tlocalhost\n");
- if (strlen(domainname))
- fprintf(hosts, "%s\t%s.%s\t%s\n",address,hostname,domainname,hostname);
- else
- fprintf(hosts, "%s\t%s\n",address,hostname);
- while (fgets(buffer, STRING_SIZE, file))
- {
- char *token, *ip, *host, *domain;
-
- buffer[strlen(buffer) - 1] = 0;
-
- token = strtok(buffer, ",");
-
- ip = strtok(NULL, ",");
- host = strtok(NULL, ",");
- domain = strtok(NULL, ",");
-
- if (!(ip && host))
- break;
-
- if (strlen(ip) < 7 || strlen(ip) > 15
- || strspn(ip, "0123456789.") != strlen(ip))
- break;
-
- if (strspn(host, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-") != strlen(host))
- break;
-
- if (domain)
- fprintf(hosts, "%s\t%s.%s\t%s\n",ip,host,domain,host);
- else
- fprintf(hosts, "%s\t%s\n",ip,host);
- }
- fclose(file);
- fclose(hosts);
-
- /* TCP wrappers stuff. */
- if (!(file = fopen("/etc/hosts.deny", "w")))
- {
- errorbox(_("Unable to write /etc/hosts.deny."));
- return 0;
- }
- fprintf(file, "ALL : ALL\n");
- fclose(file);
-
- if (!(file = fopen("/etc/hosts.allow", "w")))
- {
- errorbox(_("Unable to write /etc/hosts.allow."));
- return 0;
- }
- fprintf(file, "sshd : ALL\n");
- fprintf(file, "ALL : localhost\n");
- fprintf(file, "ALL : %s/%s\n", netaddress, netmask);
- fclose(file);
-
sprintf(commandstring, "/bin/hostname %s.%s", hostname, domainname);
if (mysystem(NULL, commandstring))
{