rm -rf "/var/ipfire/snort"
fi
+ # Convert DNS settings
+ convert-dns-settings
+
return 0
}
return $cores;
}
+# Tiny function to grab a single IP-address from a given file.
+sub grab_address_from_file($) {
+ my ($file) = @_;
+
+ my $address;
+
+ # Check if the given file exists.
+ if(-f $file) {
+ # Open the file for reading.
+ open(FILE, $file) or die "Could not read from $file. $!\n";
+
+ # Read the address from the file.
+ $address = <FILE>;
+
+ # Close filehandle.
+ close(FILE);
+
+ # Remove newlines.
+ chomp($address);
+
+ # Check if the obtained address is valid.
+ if (&validip($address)) {
+ # Return the address.
+ return $address;
+ }
+ }
+
+ # Return nothing.
+ return;
+}
+
+# Function to get all configured and enabled nameservers.
+sub get_nameservers () {
+ my %settings;
+ my %servers;
+
+ my @nameservers;
+
+ # Read DNS configuration.
+ &readhash("$General::swroot/dns/settings", \%settings);
+
+ # Read configured DNS servers.
+ &readhasharray("$General::swroot/dns/servers", \%servers);
+
+ # Check if the ISP assigned server should be used.
+ if ($settings{'USE_ISP_NAMESERVERS'} eq "on") {
+ # Assign ISP nameserver files.
+ my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
+
+ # Loop through the array of ISP assigned DNS servers.
+ foreach my $file (@ISP_nameserver_files) {
+ # Grab the IP address.
+ my $address = &grab_address_from_file($file);
+
+ # Check if an address has been grabbed.
+ if ($address) {
+ # Add the address to the array of nameservers.
+ push(@nameservers, $address);
+ }
+ }
+ }
+
+ # Check if DNS servers are configured.
+ if (%servers) {
+ # Loop through the hash of configured DNS servers.
+ foreach my $id (keys %servers) {
+ my $address = $servers{$id}[0];
+ my $status = $servers{$id}[2];
+
+ # Check if the current processed server is enabled.
+ if ($status eq "enabled") {
+ # Add the address to the array of nameservers.
+ push(@nameservers, $address);
+ }
+ }
+ }
+
+ # Return the array.
+ return @nameservers;
+}
+
1;
# Function to generate and write the file which contains the configured and used DNS servers.
#
sub generate_dns_servers_file() {
- # Open file which contains the current used DNS configuration.
- open (FILE, "${General::swroot}/red/dns") or die "Could not read DNS configuration from ${General::swroot}/red/dns. $!\n";
-
- # Read-in whole file content and store it in a temporary array.
- my @file_content = split(' ', <FILE>);
-
- # Close file handle.
- close(FILE);
+ # Get the used DNS servers.
+ my @nameservers = &General::get_nameservers();
# Format dns servers declaration.
my $line = "\"\[";
- # Check if the current DNS configuration is using the local recursor mode.
- if ($file_content[0] eq "local" && $file_content[1] eq "recursor") {
- # The responsible DNS servers on red are directly used, and because we are not able
- # to specify each single DNS server address here, we currently have to thread each
- # address which is not part of the HOME_NET as possible DNS server.
- $line = "$line" . "!\$HOME_NET";
-
- } else {
- # Loop through the array which contains the file content.
- foreach my $server (@file_content) {
- # Remove newlines.
- chomp($server);
-
+ # Check if the system has configured nameservers.
+ if (@nameservers) {
+ # Loop through the array of nameservers.
+ foreach my $server (@nameservers) {
# Add the DNS server to the line.
$line = "$line" . "$server";
# Check if the current DNS server was the last in the array.
- if ($server ne $file_content[-1]) {
+ if ($server ne $nameservers[-1]) {
# Add "," for the next DNS server.
$line = "$line" . "\,";
}
}
+ } else {
+ # The responsible DNS servers on red are directly used, and because we are not able
+ # to specify each single DNS server address here, we currently have to thread each
+ # address which is not part of the HOME_NET as possible DNS server.
+ $line = "$line" . "!\$HOME_NET";
+
}
# Close the line...
00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
# Update GeoIP database once a month.
-%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+%hourly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-location-database >/dev/null 2>&1
# Retry sending spooled mails regularly
%hourly * /usr/sbin/dma -q
'title' => "$Lang::tr{'zoneconf title'}",
'enabled' => 1,
};
+ $subnetwork->{'12.dns'} = {
+ 'caption' => $Lang::tr{'dns title'},
+ 'uri' => '/cgi-bin/dns.cgi',
+ 'title' => "$Lang::tr{'dns title'}",
+ 'enabled' => 1,
+ };
$subnetwork->{'20.proxy'} = {'caption' => "$Lang::tr{'web proxy'}",
'uri' => '/cgi-bin/proxy.cgi',
'title' => "$Lang::tr{'web proxy'}",
'title' => "$Lang::tr{'edit hosts'}",
'enabled' => 1,
};
- $subnetwork->{'51.dnsmenu'} = {
- 'caption' => $Lang::tr{'dns menu'},
- 'uri' => '/cgi-bin/dns.cgi',
- 'title' => "$Lang::tr{'dns menu'}",
- 'enabled' => `grep "RED_TYPE=DHCP" /var/ipfire/ethernet/settings`,
- };
$subnetwork->{'52.dnsforward'} = {
'caption' => $Lang::tr{'dnsforward'},
'uri' => '/cgi-bin/dnsforward.cgi',
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
-etc/rc.d/init.d/networking/red.up/06-safe-search
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
usr/local/bin/backupiso
usr/local/bin/connscheduler
usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
usr/local/bin/convert-ovpn
usr/local/bin/filesystem-cleanup
usr/local/bin/hddshutdown
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
-etc/rc.d/init.d/networking/red.up/06-safe-search
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
-etc/rc.d/init.d/networking/red.up/06-safe-search
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
usr/local/bin/backupiso
usr/local/bin/connscheduler
usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
usr/local/bin/convert-ovpn
usr/local/bin/filesystem-cleanup
usr/local/bin/hddshutdown
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
-etc/rc.d/init.d/networking/red.up/06-safe-search
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
usr/local/bin/backupiso
usr/local/bin/connscheduler
usr/local/bin/consort.sh
+usr/local/bin/convert-dns-settings
usr/local/bin/convert-ovpn
usr/local/bin/filesystem-cleanup
usr/local/bin/hddshutdown
import os
import re
import signal
+import stat
import subprocess
import tempfile
for rr in l.rrset:
f.write("local-data: \"%s\"\n" % " ".join(rr))
+ # Make file readable for everyone
+ os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
+
os.rename(filename, self.path)
def _control(self, *args):
harden-algo-downgrade: no
use-caps-for-id: yes
aggressive-nsec: yes
+ qname-minimisation: yes
+
+ # TLS
+ tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
+
+ # EDNS Buffer Size (#12240)
+ edns-buffer-size: 1232
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"
+ # Include hosts
+ include: "/etc/unbound/hosts.conf"
+
# Include any forward zones
include: "/etc/unbound/forward.conf"
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
+WARNING: translation string unused: dnssec information
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: err rs 6 decrypt
WARNING: translation string unused: err rs 7 untartst
WARNING: translation string unused: err rs 8 untar
-WARNING: translation string unused: error
WARNING: translation string unused: error config
WARNING: translation string unused: error external access
WARNING: translation string unused: esp encryption
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: translation string unused: zoneconf val zoneslave amount error
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: addons = Addons
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default IP address = Default IP Address
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: itlb multihit = iTLB MultiHit
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: standard = Standard
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: authentication = Authentication:
WARNING: untranslated string: automatic = Automatic
WARNING: untranslated string: average = Average
-WARNING: untranslated string: back = BACK
+WARNING: untranslated string: back = Back
WARNING: untranslated string: backup = Backup
WARNING: untranslated string: backup from = Backup from
WARNING: untranslated string: backupaddon = Addon Backup
WARNING: untranslated string: blue = BLUE
WARNING: untranslated string: blue access = Blue Access
WARNING: untranslated string: broadcast = Broadcast
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: broken pipe = Broken pipe
WARNING: untranslated string: buffered memory = Buffered Memory
WARNING: untranslated string: buffers = buffers
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dmz = DMZ
WARNING: untranslated string: dnat address = Firewall Interface
-WARNING: untranslated string: dns address deleted = Successfully deleted!
-WARNING: untranslated string: dns address deleted txt = The DNS-Server addresses have been successfully deleted.<br />You have to reboot or reconnect that the changes have effect!
-WARNING: untranslated string: dns address done = The DNS-Server address settings are going to be saved.
-WARNING: untranslated string: dns address recon = Trying to reconnect!
+WARNING: untranslated string: dns = unknown string
WARNING: untranslated string: dns check failed = DNS check failed
-WARNING: untranslated string: dns desc = If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.
-WARNING: untranslated string: dns error 0 = The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.
-WARNING: untranslated string: dns error 01 = The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!
-WARNING: untranslated string: dns error 1 = The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
-WARNING: untranslated string: dns header = Assign DNS server addresses only for DHCP on red0
-WARNING: untranslated string: dns list = List of free public DNS servers
-WARNING: untranslated string: dns menu = Assign DNS-Server
-WARNING: untranslated string: dns new 0 = New <strong>primary</strong> DNS server IP:
-WARNING: untranslated string: dns new 1 = New <strong>secondary</strong> DNS server IP:
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns proxy server = DNS Proxy Server
-WARNING: untranslated string: dns saved = Successfully saved!
-WARNING: untranslated string: dns saved txt = The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!
WARNING: untranslated string: dns servers = DNS Servers
WARNING: untranslated string: dns title = Domain Name System
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
-WARNING: untranslated string: dnssec information = DNSSEC Information
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
WARNING: untranslated string: dod = Dial on Demand
WARNING: untranslated string: enter data = Enter your settings <br /> and then press <i>Save</i>.
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: error = Error
WARNING: untranslated string: error messages = Error messages
WARNING: untranslated string: esp keylife should be between 1 and 24 hours = ESP keylife should be between 1 and 24 hours.
WARNING: untranslated string: every = Every
WARNING: untranslated string: main page = Main page
WARNING: untranslated string: manage printers = manage printers
WARNING: untranslated string: manage shares = Manage Shares
-WARNING: untranslated string: manual = Manual
WARNING: untranslated string: manually = Manually
WARNING: untranslated string: map to guest = Map to Guest
WARNING: untranslated string: march = March
WARNING: untranslated string: not present = <b>Not</b> present
WARNING: untranslated string: not running = not running
WARNING: untranslated string: not set = not set
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: november = November
WARNING: untranslated string: ntp common settings = Common settings
WARNING: untranslated string: ssh tempstart30 = Stop SSH demon in 30 minutes
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: sstraffic = Net-Traffic
+WARNING: untranslated string: standard = Standard
WARNING: untranslated string: standard login script = Standard login script
WARNING: untranslated string: start = Start
WARNING: untranslated string: start address = Start address:
WARNING: untranslated string: stop = Stop
WARNING: untranslated string: stop ovpn server = Stop OpenVPN Server
WARNING: untranslated string: stopped = STOPPED
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subject = Subject
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: subscripted user rules = Talos VRT rules with subscription
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: attention = ATTENTION
WARNING: untranslated string: bit = bit
WARNING: untranslated string: block = Block
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: capabilities = Capabilities
WARNING: untranslated string: ccd add = Add network
WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
-WARNING: untranslated string: dnssec information = DNSSEC Information
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
WARNING: untranslated string: downlink = Downlink
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: error = Error
WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: fireinfo ipfire version = IPFire version
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
+WARNING: translation string unused: dnssec information
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: err rs 6 decrypt
WARNING: translation string unused: err rs 7 untartst
WARNING: translation string unused: err rs 8 untar
-WARNING: translation string unused: error
WARNING: translation string unused: error config
WARNING: translation string unused: error external access
WARNING: translation string unused: esp encryption
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: no data = unknown string
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: pakfire ago = ago.
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
+WARNING: untranslated string: standard = Standard
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: dnsforward forward_server
+WARNING: translation string unused: dnssec information
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: block = Block
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: error = Error
WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: one week = One Week
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: dnsforward forward_server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: atm device = Device:
WARNING: untranslated string: block = Block
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: capabilities = Capabilities
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
-WARNING: untranslated string: dnssec information = DNSSEC Information
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
WARNING: untranslated string: download tls-auth key = Download tls-auth key
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: error = Error
WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: one week = One Week
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: attention = ATTENTION
WARNING: untranslated string: bit = bit
WARNING: untranslated string: block = Block
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: capabilities = Capabilities
WARNING: untranslated string: ccd add = Add network
WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
-WARNING: untranslated string: dnssec information = DNSSEC Information
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
WARNING: untranslated string: downlink = Downlink
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: error = Error
WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: fireinfo ipfire version = IPFire version
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: attention = ATTENTION
WARNING: untranslated string: bit = bit
WARNING: untranslated string: block = Block
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: capabilities = Capabilities
WARNING: untranslated string: ccd add = Add network
WARNING: untranslated string: disk access per = Disk Access per
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
WARNING: untranslated string: dnsforward zone = Zone
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
-WARNING: untranslated string: dnssec information = DNSSEC Information
WARNING: untranslated string: dnssec not supported = DNSSEC Not supported
WARNING: untranslated string: dnssec validating = DNSSEC Validating
WARNING: untranslated string: downlink = Downlink
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: error = Error
WARNING: untranslated string: extrahd because there is already a device mounted = , because there is already a device mounted
WARNING: untranslated string: extrahd cant umount = Can't umount
WARNING: untranslated string: extrahd install or load driver = If your device isn't listed here, you need to install or load the driver.<br />If you can see your device but no partitions you have to create them first.
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
WARNING: untranslated string: static routes = Static Routes
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: translation string unused: dmz pinhole rule added
WARNING: translation string unused: dmz pinhole rule removed
WARNING: translation string unused: dmzpinholes for same net not necessary
+WARNING: translation string unused: dns address deleted
+WARNING: translation string unused: dns address deleted txt
+WARNING: translation string unused: dns address done
+WARNING: translation string unused: dns address recon
+WARNING: translation string unused: dns desc
+WARNING: translation string unused: dns error 0
+WARNING: translation string unused: dns error 01
+WARNING: translation string unused: dns error 1
+WARNING: translation string unused: dns header
+WARNING: translation string unused: dns list
+WARNING: translation string unused: dns menu
+WARNING: translation string unused: dns new 0
+WARNING: translation string unused: dns new 1
+WARNING: translation string unused: dns saved
+WARNING: translation string unused: dns saved txt
WARNING: translation string unused: dns server
WARNING: translation string unused: dnsforward forward_server
+WARNING: translation string unused: dnssec information
WARNING: translation string unused: do not log this port list
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: mailmethod
WARNING: translation string unused: mailprogramm
WARNING: translation string unused: manage ovpn
+WARNING: translation string unused: manual
WARNING: translation string unused: manual control and status
WARNING: translation string unused: marked
WARNING: translation string unused: max incoming size
WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
+WARNING: untranslated string: broken = Broken
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default IP address = Default IP Address
+WARNING: untranslated string: dns = unknown string
+WARNING: untranslated string: dns configuration = DNS Configuration
+WARNING: untranslated string: dns could not add server = Could not add server - Reason:
+WARNING: untranslated string: dns enable safe-search = Enable Safe Search
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
+WARNING: untranslated string: dns mode for qname minimisation = QNAME Minimisation
+WARNING: untranslated string: dns no tls hostname given = No TLS hostname given.
+WARNING: untranslated string: dns tls hostname = TLS Hostname
+WARNING: untranslated string: dns use isp assigned nameservers = Use ISP-assigned DNS servers
+WARNING: untranslated string: dns use protocol for dns queries = Protocol for DNS queries
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: error = Error
WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: force enable = Forced
WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: not validating = Not validating
WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
+WARNING: untranslated string: standard = Standard
+WARNING: untranslated string: strict = Strict
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
< backup protect key password
< bewan adsl pci st
< bewan adsl usb
+< broken
< Captive heading terms
< Captive heading voucher
< Captive invalid coupon
< dhcp server disabled on blue interface
< dhcp server enabled on blue interface
< dh name is invalid
+< dns configuration
+< dns could not add server
+< dns enable safe-search
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< done
< emerging pro rules
< emerging rules
< insert removable device
< itlb multihit
< notes
+< not validating
+< okay
< quick control
< shaping add options
< show areas
< show lines
< show tls-auth key
+< standard
+< strict
< taa zombieload2
< teovpn_fragment
< tor bridge enabled
< attention
< bit
< block
+< broken
< capabilities
< Captive
< Captive 1day
< Disabled
< dl client arch insecure
< dnat address
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< dnsforward zone
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
< dnssec aware
< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dns servers
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< downlink
< download dh parameter
< download tls-auth key
< not affected
< not a valid dh key
< notice
+< not validating
< Number of Countries for the pie chart
+< okay
< one hour
< one month
< one week
< ssh login time
< ssh no active logins
< ssh username
+< standard
< static routes
+< strict
< subnet mask
< support donation
< system has hwrng
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
+< broken
+< dns configuration
+< dns could not add server
+< dns enable safe-search
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
+< not validating
+< okay
+< standard
+< strict
############################################################################
# Checking cgi-bin translations for language: it #
############################################################################
< advproxy wpad view pac
< application layer gateways
< block
+< broken
< Captive
< Captive 1day
< Captive 1month
< dhcp dns update secret
< Disabled
< dl client arch insecure
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dns forward disable dnssec
< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
< dnssec disabled warning
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< eight hours
< email config
< email empty field
< MTU settings
< none
< not affected
+< not validating
< Number of Countries for the pie chart
+< okay
< one hour
< one month
< one week
< ssh login time
< ssh no active logins
< ssh username
+< standard
+< strict
< subnet mask
< system is offline
< taa zombieload2
< application layer gateways
< atm device
< block
+< broken
< capabilities
< Captive
< Captive 1day
< dh parameter
< Disabled
< dl client arch insecure
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dns forward disable dnssec
< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
< dnssec aware
< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dns servers
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< download dh parameter
< download tls-auth key
< drop outgoing
< none
< not affected
< not a valid dh key
+< not validating
< Number of Countries for the pie chart
+< okay
< one hour
< one month
< one week
< ssh login time
< ssh no active logins
< ssh username
+< standard
+< strict
< subnet mask
< system is offline
< taa zombieload2
< attention
< bit
< block
+< broken
< capabilities
< Captive
< Captive 1day
< Disabled
< dl client arch insecure
< dnat address
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< dnsforward zone
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
< dnssec aware
< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dns servers
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< downlink
< download dh parameter
< download tls-auth key
< not affected
< not a valid dh key
< notice
+< not validating
< Number of Countries for the pie chart
+< okay
< one hour
< one month
< one week
< ssh login time
< ssh no active logins
< ssh username
+< standard
< static routes
+< strict
< subnet mask
< support donation
< system has hwrng
< attention
< bit
< block
+< broken
< capabilities
< Captive
< Captive 1day
< disk access per
< dl client arch insecure
< dnat address
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< dnsforward zone
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
< dnssec aware
< dnssec disabled warning
< dnssec information
< dnssec not supported
< dnssec validating
< dns servers
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< downlink
< download dh parameter
< download tls-auth key
< not affected
< not a valid dh key
< notice
+< not validating
< Number of Countries for the pie chart
+< okay
< one hour
< one month
< one week
< ssh login time
< ssh no active logins
< ssh username
+< standard
< static routes
+< strict
< subnet mask
< support donation
< system has hwrng
< advproxy wpad notice
< advproxy wpad title
< advproxy wpad view pac
+< broken
< Captive delete logo
< crypto error
< cryptographic settings
< dangerous
< default IP address
< Disabled
+< dns configuration
+< dns could not add server
+< dns enable safe-search
< dns forward disable dnssec
< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
+< dns isp assigned nameserver
+< dns mode for qname minimisation
+< dns no tls hostname given
+< dns tls hostname
+< dns use isp assigned nameservers
+< dns use protocol for dns queries
< emerging pro rules
< enable smt
< error
< mitigated
< mtu
< not affected
+< not validating
+< okay
< ovpn error dh
< ovpn error md5
< ovpn tls auth
< ssh login time
< ssh no active logins
< ssh username
+< standard
+< strict
< subnet mask
< system is offline
< taa zombieload2
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2020 IPFire Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
###############################################################################
use strict;
+use IO::Socket;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
-my %dnssettings=();
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+my %cgiparams=();
+my %checked=();
+my %selected=();
my $errormessage = '';
+# Config file which stores the DNS settings.
+my $settings_file = "${General::swroot}/dns/settings";
+
+# File which stores the configured DNS-Servers.
+my $servers_file = "${General::swroot}/dns/servers";
+
+# Create files if the does not exist.
+unless (-f $settings_file) { system("touch $settings_file") };
+unless (-f $servers_file) { system("touch $servers_file") };
+
+# File which stores the ISP assigned DNS servers.
+my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
+
+# File which contains the ca-certificates.
+my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
+
+# Server which is used, to determine if the whole DNS system works properly.
+my $dns_test_server = "ping.ipfire.org";
+
+my $check_servers;
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
&Header::showhttpheaders();
+&Header::getcgihash(\%cgiparams);
-&General::readhash("${General::swroot}/dns/settings", \%dnssettings);
+##
+# Save general settings.
+#
+if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
+ # Prevent form name from been stored in conf file.
+ delete $cgiparams{'GENERAL'};
-&Header::getcgihash(\%dnssettings);
+ # Add value for non-checked checkbox.
+ if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
+ $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
+ }
-&Header::openpage($Lang::tr{'dns title'}, 1, );
+ # Add value for non-checked checkbox.
+ if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
+ $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
+ }
-&Header::openbigbox('100%', 'left', '', $errormessage);
+ # Check if using ISP nameservers and TLS is enabled at the same time.
+ if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
+ $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
+ }
+
+ # Check if there was an error.
+ if ( ! $errormessage) {
-if ($dnssettings{'ACTION'} eq $Lang::tr{'save'}) {
- if ((&General::validip($dnssettings{"DNS0"}) == 1)&&(&General::validip($dnssettings{"DNS1"}) == 1)) {
- if ($errormessage eq "") {
- &General::writehash("${General::swroot}/dns/settings", \%dnssettings);
- &Header::openbox('100%', 'left', $Lang::tr{'dns saved'});
- print "<font class='base'>$Lang::tr{'dns saved txt'}</font>\n";
- &Header::closebox();
+ # Store settings into settings file.
+ &General::writehash("$settings_file", \%cgiparams);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more()
+ }
+}
+
+###
+# Add / Edit entries.
+#
+if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
+ # Hash to store the generic DNS settings.
+ my %settings = ();
+
+ # Read-in generic settings.
+ &General::readhash("$settings_file", \%settings);
+
+ # Check if an IP-address has been given.
+ if ($cgiparams{"NAMESERVER"} eq "") {
+ $errormessage = "$Lang::tr{'dns no address given'}";
+ }
+
+ # Check if the given DNS server is valid.
+ elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
+ $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
+ }
+
+ # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
+ elsif($settings{'PROTO'} eq "TLS") {
+ unless($cgiparams{"TLS_HOSTNAME"}) {
+ $errormessage = "$Lang::tr{'dns no tls hostname given'}";
+ } else {
+ # Check if the provided domain is valid.
+ unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
+ $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
+ }
}
- } else {
- if ((&General::validip($dnssettings{"DNS0"}) == 0)&&(&General::validip($dnssettings{"DNS1"}) == 1)){
- $errormessage = $Lang::tr{'dns error 0'};
- }
- if ((&General::validip($dnssettings{"DNS1"}) == 0)&&(&General::validip($dnssettings{"DNS0"}) == 1)){
- $errormessage = $Lang::tr{'dns error 1'};
+ }
+
+ # Go further if there was no error.
+ if ( ! $errormessage) {
+ # Check if a remark has been entered.
+ $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
+
+ my %dns_servers = ();
+ my $id;
+ my $status;
+
+ # Read-in configfile.
+ &General::readhasharray($servers_file, \%dns_servers);
+
+ # Check if we should edit an existing entry and got an ID.
+ if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
+ # Assin the provided id.
+ $id = $cgiparams{'ID'};
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Grab the configured status of the corresponding entry.
+ $status = $dns_servers{$id}[2];
+ } else {
+ # Each newly added entry automatically should be enabled.
+ $status = "enabled";
+
+ # Generate the ID for the new entry.
+ #
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %dns_servers;
+
+ # Reverse the key array.
+ my @reversed = reverse(@keys);
+
+ # Obtain the last used id.
+ my $last_id = @reversed[0];
+
+ # Increase the last id by one and use it as id for the new entry.
+ $id = ++$last_id;
+
+ # The first allowed id is 3 to keep space for
+ # possible ISP assigned DNS servers.
+ if ($id <= "2") {
+ $id = "3";
+ }
}
- if ((&General::validip($dnssettings{"DNS1"}) == 0)&&(&General::validip($dnssettings{"DNS0"}) == 0)){
- $errormessage = $Lang::tr{'dns error 01'};
+
+ # Add/Modify the entry to/in the dns_servers hash.
+ $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
+
+ # Write the changed hash to the config file.
+ &General::writehasharray($servers_file, \%dns_servers);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more();
+ } else {
+ # Switch back to previous mode.
+ $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
+ }
+###
+# Toggle enable / disable.
+#
+} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
+ my %dns_servers = ();
+
+ # Only go further, if an ID has been passed.
+ if ($cgiparams{'ID'}) {
+ # Assign the given ID.
+ my $id = $cgiparams{'ID'};
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Read-in configfile.
+ &General::readhasharray($servers_file, \%dns_servers);
+
+ # Grab the configured status of the corresponding entry.
+ my $status = $dns_servers{$id}[2];
+
+ # Switch the status.
+ if ($status eq "disabled") {
+ $status = "enabled";
+ } else {
+ $status = "disabled";
}
+
+ # Modify the status of the existing entry.
+ $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
+
+ # Write the changed hash back to the config file.
+ &General::writehasharray($servers_file, \%dns_servers);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more();
}
+
+## Remove entry from DNS servers list.
+#
+} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
+ my %dns_servers = ();
+
+ # Read-in configfile.
+ &General::readhasharray($servers_file, \%dns_servers);
+
+ # Drop entry from the hash.
+ delete($dns_servers{$cgiparams{'ID'}});
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Write the changed hash to the config file.
+ &General::writehasharray($servers_file, \%dns_servers);
+
+ # Call function to handle unbound restart, etc.
+ &_handle_unbound_and_more();
+
+## Handle request to check the servers.
+#
+} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
+ $check_servers = 1;
}
-if ($dnssettings{'ACTION'} eq $Lang::tr{'reconnect'}) {
- system("/usr/local/bin/redctrl restart >/dev/null 2>&1 &");
- &Header::openbox('100%', 'left', $Lang::tr{'dns address recon'} );
- print "<font class='base'>$Lang::tr{'dns address done'}</font>\n";
- &Header::closebox();
+# Hash to store the generic DNS settings.
+my %settings = ();
+
+# Read-in general DNS settings.
+&General::readhash("$settings_file", \%settings);
+
+# Hash which contains the configured DNS servers.
+my %dns_servers = ();
+
+# Read-in config file.
+&General::readhasharray("$servers_file", \%dns_servers);
+
+&Header::openpage($Lang::tr{'dns'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+###
+# Error messages layout.
+#
+if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
}
-if ($dnssettings{'ACTION'} eq $Lang::tr{'delete'}) {
- system("cat /dev/null > ${General::swroot}/dns/settings &");
- &Header::openbox('100%', 'left', $Lang::tr{'dns address deleted'} );
- print "<font class='base'>$Lang::tr{'dns address deleted txt'}</font>\n";
- &Header::closebox();
+# Handle if a nameserver should be added or edited.
+if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
+ # Display the sub page.
+ &show_add_edit_nameserver();
+
+ # Close webpage.
+ &Header::closebigbox();
+ &Header::closepage();
+
+ # Finished here for the moment.
+ exit(0);
}
-# DPC move error message to top so it is seen!
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<font class='base'>$errormessage </font>\n";
+$cgiparams{'GENERAL'} = '';
+$cgiparams{'SERVERS'} = '';
+$cgiparams{'NAMESERVER'} = '';
+$cgiparams{'TLS_HOSTNAME'} = '';
+$cgiparams{'REMARK'} ='';
+
+$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
+$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
+$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
+
+$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
+$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
+$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
+
+$selected{'PROTO'}{'UDP'} = '';
+$selected{'PROTO'}{'TLS'} = '';
+$selected{'PROTO'}{'TCP'} = '';
+$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
+
+$selected{'QNAME_MIN'}{'standard'} = '';
+$selected{'QNAME_MIN'}{'strict'} = '';
+$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
+
+# Display nameserver and configuration sections.
+&show_nameservers();
+&show_general_dns_configuration();
+
+&Header::closebigbox();
+&Header::closepage();
+
+###
+# General DNS-Servers sektion.
+#
+sub show_general_dns_configuration () {
+ &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
+
+ print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width="100%">
+ <tr>
+ <td width="33%">
+ $Lang::tr{'dns use isp assigned nameservers'}
+ </td>
+
+ <td>
+ <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2">
+ <br>
+ </td>
+ </tr>
+
+ <tr>
+ <td width="33%">
+ $Lang::tr{'dns use protocol for dns queries'}
+ </td>
+
+ <td>
+ <select name="PROTO">
+ <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
+ <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
+ <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
+ </select>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2">
+ <br>
+ </td>
+ </tr>
+
+ <tr>
+ <td width="33%">
+ $Lang::tr{'dns enable safe-search'}
+ </td>
+
+ <td>
+ <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2">
+ <br>
+ </td>
+ </tr>
+
+ <tr>
+ <td width="33%">
+ $Lang::tr{'dns mode for qname minimisation'}
+ </td>
+
+ <td>
+ <select name="QNAME_MIN">
+ <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
+ <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
+ </select>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" align="right">
+ <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+
&Header::closebox();
}
-print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+###
+# Section to display the configured and used DNS servers.
+#
+sub show_nameservers () {
+ &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
-&Header::openbox('100%', 'left', $Lang::tr{'dns header'});
-print <<END
+ my $dns_status_string;
+ my $dns_status_col;
+ my $dns_working;
-<table border="0" width='100%'>
- <tr>
- <td colspan="2"><font class='base'>$Lang::tr{'dns desc'}<br /><img src="/images/dns_link.png" border="0" align="absmiddle"/><a href="https://wiki.ipfire.org/dns/public-servers" target="_blank">$Lang::tr{'dns list'}</a></font></td>
- </tr>
- <tr>
- <td colspan="2"> </td>
- </tr>
- <tr>
- <td width="25%"><font class='base'>$Lang::tr{'dns new 0'}</font></td>
-END
-;
-if ($dnssettings{'ACTION'} eq $Lang::tr{'delete'}) {
-print <<END
- <td width="75%"><input type="text" name="DNS0" maxlength="15" value=""/></td>
+ # Test if the DNS system is working.
+ #
+ # Simple send a request to unbound and check if it can resolve the
+ # DNS test server.
+ my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
+
+ if ($dns_status_ret eq "2") {
+ $dns_status_string = "$Lang::tr{'working'}";
+ $dns_status_col = "${Header::colourgreen}";
+ $dns_working = 1;
+ } else {
+ $dns_status_string = "$Lang::tr{'broken'}";
+ $dns_status_col = "${Header::colourred}";
+ }
+
+print <<END;
+ <table width='100%'>
+ <tr>
+ <td>
+ <strong>$Lang::tr{'status'}: </strong>
+ <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
+ </td>
+ </tr>
+ </table>
+
+ <br>
+
+ <table class="tbl" width='100%'>
+ <tr>
+ <td align="center">
+ <strong>$Lang::tr{'nameserver'}</strong>
+ </td>
+
+ <td align="center">
+ <strong>$Lang::tr{'country'}</strong>
+ </td>
+
+ <td align="center">
+ <strong>$Lang::tr{'rdns'}</strong>
+ </td>
+
+ <td align="center">
+ <strong>$Lang::tr{'remark'}</strong>
+ </td>
END
-;
-} else {
+ # Check if the status should be displayed.
+ if ($check_servers) {
print <<END
- <td width="75%"><input type="text" name="DNS0" maxlength="15" value="$dnssettings{"DNS0"}"/></td>
+ <td align="center">
+ <strong>$Lang::tr{'status'}</strong>
+ </td>
END
-;
-}
+;
+ }
+
print <<END
- </tr>
- <tr>
- <td><font class='base'>$Lang::tr{'dns new 1'}</font></td>
+
+ <td align="center" colspan="3">
+ <strong>$Lang::tr{'action'}</strong>
+ </td>
+ </tr>
END
-;
-if ($dnssettings{'ACTION'} eq $Lang::tr{'delete'}) {
-print <<END
- <td><input type="text" name="DNS1" maxlength="15" value=""/></td>
+;
+
+ # Check the usage of ISP assigned nameservers is enabled.
+ my $id = 1;
+
+ # Loop through the array which stores the files.
+ foreach my $file (@ISP_nameserver_files) {
+ # Grab the address of the nameserver.
+ my $address = &General::grab_address_from_file($file);
+
+ # Check if we got an address.
+ if ($address) {
+ # Add the address to the hash of nameservers.
+ $dns_servers{$id} = [ "$address", "none",
+ ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
+ "$Lang::tr{'dns isp assigned nameserver'}" ];
+
+ # Increase id by one.
+ $id++;
+ }
+ }
+
+ # Check some DNS servers have been configured. In this case
+ # the hash contains at least one key.
+ my $server_amount;
+ if (keys %dns_servers) {
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %dns_servers;
+
+ # Loop through all entries of the array/hash.
+ foreach my $id (@keys) {
+ # Inrease server_amount.
+ $server_amount++;
+
+ # Assign data array positions to some nice variable names.
+ my $nameserver = $dns_servers{$id}[0];
+ my $tls_hostname = $dns_servers{$id}[1];
+ my $enabled = $dns_servers{$id}[2];
+ my $remark = $dns_servers{$id}[3];
+
+ my $col = '';
+ my $toggle = '';
+ my $gif = '';
+ my $gdesc = '';
+ my $notice = "";
+
+ # Colorize columns.
+ if ($server_amount % 2) {
+ $col="bgcolor='$color{'color22'}'"; }
+ else {
+ $col="bgcolor='$color{'color20'}'";
+ }
+
+ if ($enabled eq 'enabled') {
+ $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
+ } else {
+ $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
+ }
+
+ my $status;
+ my $status_short;
+ my $status_message;
+ my $status_colour;
+
+ # Only grab the status if the nameserver is enabled.
+ if (($check_servers) && ($enabled eq "enabled")) {
+ $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
+ }
+
+ if (!defined $status) {
+ $status_short = "$Lang::tr{'disabled'}";
+
+ # DNSSEC Not supported
+ } elsif ($status eq 0) {
+ $status_short = "$Lang::tr{'broken'}";
+ $status_message = $Lang::tr{'dnssec not supported'};
+ $status_colour = ${Header::colourred};
+
+ # DNSSEC Aware
+ } elsif ($status eq 1) {
+ $status_short = "$Lang::tr{'not validating'}";
+ $status_message = $Lang::tr{'dnssec aware'};
+ $status_colour = ${Header::colourblack};
+
+ # DNSSEC Validating
+ } elsif ($status eq 2) {
+ $status_short = "$Lang::tr{'ok'}";
+ $status_message = $Lang::tr{'dnssec validating'};
+ $status_colour = ${Header::colourgreen};
+
+ # Error
+ } else {
+ $status_short = "$Lang::tr{'error'}";
+ $status_message = $status;
+ $status_colour = ${Header::colourred};
+ }
+
+ # collect more information about name server (rDNS, GeoIP country code)
+ my $ccode = &GeoIP::lookup($nameserver);
+ my $flag_icon = &GeoIP::get_flag_icon($ccode);
+
+ my $rdns;
+
+ # Only do the reverse lookup if the system is online.
+ if ($dns_working) {
+ my $iaddr = inet_aton($nameserver);
+ $rdns = gethostbyaddr($iaddr, AF_INET);
+ }
+
+ if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
+
+ # Mark ISP name servers as disabled
+ if ($id <= 2 && $enabled eq "disabled") {
+ $nameserver = "<del>$nameserver</del>";
+ }
+
+print <<END;
+ <tr>
+ <td align="center" $col>
+ $nameserver
+ </td>
+
+ <td align="center" $col>
+ <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
+ </td>
+
+ <td align="center" $col>
+ $rdns
+ </td>
+
+ <td align="center" $col>
+ $remark
+ </td>
END
-;
-} else {
+;
+ # Display server status if requested.
+ if ($check_servers) {
print <<END
- <td><input type="text" name="DNS1" maxlength="15" value="$dnssettings{"DNS1"}"/></td>
+ <td align="center" $col>
+ <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
+ </td>
END
-;
-}
-print <<END
- </tr>
- <tr>
- <td colspan="2"><hr /></td>
- </tr>
- <tr>
- <td colspan="2"><div align="center">
+;
+ }
+
+ # Check if the id is greater than "2".
+ #
+ # Nameservers with an ID's of one or two are ISP assigned,
+ # and we cannot perform any actions on them, so hide the tools for
+ # them.
+ if ($id gt "2") {
+
+print <<END;
+ <td align='center' width='5%' $col>
+ <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
+ <input type='hidden' name='ID' value='$id' />
+ <input type='hidden' name='ENABLE' value='$toggle' />
+ <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
+ </form>
+ </td>
+
+ <td align='center' width='5%' $col>
+ <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
+ <input type='hidden' name='ID' value='$id' />
+ <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
+ </form>
+ </td>
+
+ <td align='center' width='5%' $col>
+ <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
+ <input type='hidden' name='ID' value='$id' />
+ <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
+ </form>
+ </td>
END
-;
-if ($dnssettings{'ACTION'} eq $Lang::tr{'save'} && $errormessage eq "") {
-print <<END
- <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
-
- <input type='submit' name='ACTION' value='$Lang::tr{'delete'}' />
-
- <input type='submit' name='ACTION' value='$Lang::tr{'reconnect'}' />
+;
+ } else {
+ print "<td colspan='3' $col> </td>\n";
+ }
+
+
+ print"</tr>\n";
+
+ }
+
+ print"</table>\n";
+
+ print"<table width='100%'>\n";
+
+ # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
+ if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
+print <<END;
+ <tr>
+ <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
+ <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+ <td class='base'>$Lang::tr{'click to disable'}</td>
+ <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
+ <td class='base'>$Lang::tr{'click to enable'}</td>
+ <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
+ <td class='base'>$Lang::tr{'edit'}</td>
+ <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
+ <td class='base'>$Lang::tr{'remove'}</td>
+ </tr>
END
-;
-} elsif ($dnssettings{'ACTION'} eq $Lang::tr{'delete'}) {
-print <<END
- <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
-
- <input type='submit' name='ACTION' value='$Lang::tr{'reconnect'}' />
+;
+ }
+print <<END;
+ <tr>
+ <form method="post" action="$ENV{'SCRIPT_NAME'}">
+ <td colspan="9" align="right">
+ <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
+ <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
+ </td>
+ </form>
+ </tr>
+ </table>
END
;
-} elsif ($dnssettings{'ACTION'} eq $Lang::tr{'save'}) {
-print <<END
- <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
+
+ } else {
+print <<END;
+ <table width="100%">
+ <tr>
+ <td colspan="6" align="center">
+ <br>$Lang::tr{'guardian no entries'}<br>
+ </td>
+ </tr>
+
+ <tr>
+ <form method="post" action="$ENV{'SCRIPT_NAME'}">
+ <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
+ </form>
+ </tr>
+ </table>
+
END
-;
-} else {
+;
+ }
+
+ &Header::closebox();
+}
+
+###
+# Section to display the add or edit subpage.
+#
+sub show_add_edit_nameserver() {
+ print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+ my $buttontext = $Lang::tr{'save'};
+ my $dnssec_checked;
+ my $dot_checked;
+ if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
+ &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
+
+ # Update button text for upate the existing entry.
+ $buttontext = $Lang::tr{'update'};
+
+ # Add hidden input for sending ID.
+ print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
+
+ # Check if an ID has been given.
+ if ($cgiparams{'ID'}) {
+ # Assign cgiparams values.
+ $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
+ $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
+ $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
+ }
+ } else {
+ &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
+ }
+
+ my $tls_required_image;
+
+ # If the protocol is TLS, dispaly the required image.
+ if ($settings{'PROTO'} eq "TLS") {
+ $tls_required_image = "<img src='/blob.gif' alt='*'>";
+ }
+
+ # Add hidden input to store the mode.
+ print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
+
print <<END
- <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
-
- <input type='submit' name='ACTION' value='$Lang::tr{'delete'}' />
-END
-;
-}
-print <<END
- </div>
- </td>
- </tr>
-</table>
+ <table width='100%'>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'ip address'}: <img src='/blob.gif' alt='*' /></td>
+ <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
+ </tr>
+
+
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}: $tls_required_image</td>
+ <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
+ </tr>
+
+
+ <tr>
+ <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
+ <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
+ </tr>
+ </table>
+ <br>
+ <hr>
+
+ <table width='100%'>
+ <tr>
+ <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' /> $Lang::tr{'required field'}</td>
+ <td width='40%' align='right'>
+ <input type="submit" name="SERVERS" value="$buttontext">
+ <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
+ </td>
+ </tr>
+ </table>
END
;
-&Header::closebox();
+ &Header::closebox();
+ print "</form>\n";
-print "</form>\n";
+ &Header::closebox();
+}
-&Header::closebigbox();
+# Private function to handle the restart of unbound and more.
+sub _handle_unbound_and_more () {
+ # Restart unbound
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
-&Header::closepage();
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Re-generate the file which contains the DNS Server
+ # details.
+ &IDS::generate_dns_servers_file();
+
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("restart");
+ }
+}
+
+# Check if the system is online (RED is connected).
+sub red_is_active () {
+ # Check if the "active" file is present.
+ if ( -f "${General::swroot}/red/active") {
+ # Return "1" - True.
+ return 1;
+ } else {
+ # Return nothing - False.
+ return;
+ }
+}
+# Function to check a given nameserver against propper work.
+sub check_nameserver($$$$) {
+ my ($nameserver, $record, $proto, $tls_hostname) = @_;
+
+ # Check if the system is online.
+ unless (&red_is_active()) {
+ return "$Lang::tr{'system is offline'}";
+ }
+
+ # Default values.
+ my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
+ "+bufsize=1232");
+
+ # Handle different protols.
+ if ($proto eq "TCP") {
+ # Add TCP switch to the command.
+ push(@command, "+tcp");
+
+ } elsif($proto eq "TLS") {
+ # Add TLS switch to the command and provide the
+ # path to our file which contains the ca certs.
+ push(@command, "+tls-ca=$ca_certs_file");
+
+ # Check if a TLS hostname has been provided.
+ if ($tls_hostname) {
+ # Add TLS hostname to the command.
+ push(@command, "+tls-hostname=$tls_hostname");
+ } else {
+ return "$Lang::tr{'dns no tls hostname given'}";
+ }
+ }
+
+ # Add record to the command array.
+ push(@command, "$record");
+
+ # Add nameserver to the command array.
+ push(@command, "\@$nameserver");
+
+ # Connect to STDOUT and STDERR.
+ push(@command, "2>&1");
+
+ my @output = qx(@command);
+ my $output = join("", @output);
+
+ my $status = 0;
+
+ if ($output =~ m/status: (\w+)/) {
+ $status = ($1 eq "NOERROR");
+
+ if (!$status) {
+ return -1;
+ }
+ } else {
+ my $warning;
+
+ while ($output =~ m/WARNING: (.*)/g) {
+ # Add the current grabbed warning to the warning string.
+ $warning .= "$1\; ";
+ }
+
+ # Return the warning string, if we grabbed at least one.
+ if ($warning) {
+ return $warning;
+ }
+ }
+
+ my @flags = ();
+ if ($output =~ m/Flags: (.*);/) {
+ @flags = split(/ /, $1);
+ }
+
+ my $aware = ($output =~ m/RRSIG/);
+ my $validating = (grep(/ad;/, @flags));
+
+ return $aware + $validating;
+}
}
}
# Restart unbound
- system('/usr/local/bin/unboundctrl restart >/dev/null');
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
}
###
}
close(FILE);
# Restart unbound.
- system('/usr/local/bin/unboundctrl restart >/dev/null');
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
}
###
}
close(FILE);
# Restart unbound.
- system('/usr/local/bin/unboundctrl restart >/dev/null');
+ system('/usr/local/bin/unboundctrl reload >/dev/null');
}
###
# File declarations.
my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
- my $dns1file = "${General::swroot}/red/dns1";
- my $dns2file = "${General::swroot}/red/dns2";
# Get gateway address.
- my $gateway = &_get_address_from_file($gatewayfile);
-
- # Get addresses from the used dns servers.
- my $dns1 = &_get_address_from_file($dns1file);
- my $dns2 = &_get_address_from_file($dns2file);
+ my $gateway = &General::grab_address_from_file($gatewayfile);
# Check if any input has been performed.
if ($input eq '') {
}
# Check if the given input is one of the interface addresses or our gateway.
- elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") {
+ elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway") {
$errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
}
# File declarations.
my $public_address_file = "${General::swroot}/red/local-ipaddress";
my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
- my $dns1file = "${General::swroot}/red/dns1";
- my $dns2file = "${General::swroot}/red/dns2";
# Write the obtained addresses to the ignore file.
print FILE "# IPFire local interfaces.\n";
print FILE "# Include the corresponding files to obtain the addresses.\n";
print FILE "Include_File = $public_address_file\n";
print FILE "Include_File = $gatewayfile\n";
- print FILE "Include_File = $dns1file\n";
- print FILE "Include_File = $dns2file\n";
# Add all user defined hosts and networks to the ignore file.
#
close(FILE);
}
-
-# Private subfunction to obtain IP-addresses from given file names.
-#
-sub _get_address_from_file ($) {
- my $file = shift;
-
- # Check if the file exists.
- if (-e $file) {
- # Open the given file.
- open(FILE, "$file") or die "Could not open $file.";
-
- # Obtain the address from the first line of the file.
- my $address = <FILE>;
-
- # Close filehandle
- close(FILE);
-
- # Remove newlines.
- chomp $address;
-
- # Check if the grabbed address is valid.
- if (&General::validip($address)) {
- # Return the address.
- return $address;
- }
- }
-
- # Return nothing.
- return;
-}
#
sub BuildConfiguration {
system '/usr/local/bin/rebuildhosts';
- system '/usr/local/bin/unboundctrl restart &>/dev/null';
+ system '/usr/local/bin/unboundctrl reload &>/dev/null';
}
END
}
- my $dns_servers;
- if ( -e "${General::swroot}/red/dns" ) {
- open (TMP, "<${General::swroot}/red/dns");
- $dns_servers = <TMP>;
- chomp($dns_servers);
- close TMP;
- }
- print <<END;
- <tr>
- <td>
- <b><a href="netexternal.cgi">$Lang::tr{'dns servers'}</a>:</b>
- </td>
- <td style='text-align:center;'>
- $dns_servers
- </td>
- <td></td>
- </tr>
-END
-
if (&General::RedIsWireless()) {
my $iface = $netsettings{"RED_DEV"} || "red0";
&Header::closebox();
}
- ## DNSSEC
- my @nameservers = ();
- foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") {
- open(DNS, "<$f");
- my $nameserver = <DNS>;
- close(DNS);
-
- chomp($nameserver);
- if ($nameserver) {
- push(@nameservers, $nameserver);
- }
- }
-
- &Header::openbox('100%', 'center', $Lang::tr{'dnssec information'});
-
- print <<END;
- <table class="tbl" width='66%'>
- <thead>
- <tr>
- <th align="center">
- <strong>$Lang::tr{'nameserver'}</strong>
- </th>
- <th align="center">
- <strong>$Lang::tr{'country'}</strong>
- </th>
- <th align="center">
- <strong>$Lang::tr{'rdns'}</strong>
- </th>
- <th align="center">
- <strong>$Lang::tr{'status'}</strong>
- </th>
- </tr>
- </thead>
- <tbody>
-END
-
- my $id = 0;
- for my $nameserver (@nameservers) {
- my $status = &check_dnssec($nameserver, "ping.ipfire.org");
-
- my $colour = "";
- my $bgcolour = "";
- my $message = "";
-
- # DNSSEC Not supported
- if ($status == 0) {
- $message = $Lang::tr{'dnssec not supported'};
- $colour = "white";
- $bgcolour = ${Header::colourred};
-
- # DNSSEC Aware
- } elsif ($status == 1) {
- $message = $Lang::tr{'dnssec aware'};
- $colour = "black";
- $bgcolour = ${Header::colouryellow};
-
- # DNSSEC Validating
- } elsif ($status == 2) {
- $message = $Lang::tr{'dnssec validating'};
- $colour = "white";
- $bgcolour = ${Header::colourgreen};
-
- # Error
- } else {
- $colour = ${Header::colourred};
- }
-
- my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
-
- # collect more information about name server (rDNS, GeoIP country code)
- my $ccode = &GeoIP::lookup($nameserver);
- my $flag_icon = &GeoIP::get_flag_icon($ccode);
-
- my $iaddr = inet_aton($nameserver);
- my $rdns = gethostbyaddr($iaddr, AF_INET);
- if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
-
- print <<END;
- <tr bgcolor="$table_colour">
- <td>
- $nameserver
- </td>
- <td align="center">
- <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
- </td>
- <td align="center">
- $rdns
- </td>
- <td bgcolor="$bgcolour" align="center">
- <font color="$colour"><strong>$message</strong></font>
- </td>
- </tr>
-END
- }
-
- print <<END;
- </tbody>
- </table>
-END
-
- &Header::closebox();
-
if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} eq "DHCP"){
&Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
&Header::closebigbox();
&Header::closepage();
}
-
-sub check_dnssec($$) {
- my $nameserver = shift;
- my $record = shift;
-
- my @command = ("dig", "+dnssec", $record, "\@$nameserver");
-
- my @output = qx(@command);
- my $output = join("", @output);
-
- my $status = 0;
- if ($output =~ m/status: (\w+)/) {
- $status = ($1 eq "NOERROR");
-
- if (!$status) {
- return -1;
- }
- }
-
- my @flags = ();
- if ($output =~ m/flags: (.*);/) {
- @flags = split(/ /, $1);
- }
-
- my $aware = ($output =~ m/RRSIG/);
- my $validating = ("ad" ~~ @flags);
-
- return $aware + $validating;
-}
$errormessage = $Lang::tr{'bad characters in script field'};
goto ERROR; }
- if ($pppsettings{'DNS1'})
- {
- if (!(&General::validip($pppsettings{'DNS1'}))) {
- $errormessage = $Lang::tr{'invalid primary dns'};
- goto ERROR; }
- }
- if ($pppsettings{'DNS2'})
- {
- if (!(&General::validip($pppsettings{'DNS2'}))) {
- $errormessage = $Lang::tr{'invalid secondary dns'};
- goto ERROR; }
- }
-
if ($pppsettings{'MAXRETRIES'} eq '') {
$errormessage = $Lang::tr{'max retries not set'};
goto ERROR; }
<td width='25%'>$Lang::tr{'script name'}</td>
<td width='25%'><input type='text' name='LOGINSCRIPT' value='$pppsettings{'LOGINSCRIPT'}' /></td>
</tr>
-<tr><td colspan='4' width='100%'><br></br></td></tr>
-<tr>
- <td bgcolor='$color{'color20'}' colspan='4' width='100%'><b>DNS:</b></td>
-</tr>
-<tr>
- <td colspan='4' width='100%'><input type='radio' name='DNS' value='Automatic' $checked{'DNS'}{'Automatic'} />$Lang::tr{'automatic'}</td>
-</tr>
-<tr>
- <td colspan='4' width='100%'><input type='radio' name='DNS' value='Manual' $checked{'DNS'}{'Manual'} />$Lang::tr{'manual'}</td>
-</tr>
-<tr>
- <td width='25%'>$Lang::tr{'primary dns'}</td>
- <td width='25%'><input type='text' name='DNS1' value='$pppsettings{'DNS1'}'></td>
- <td width='25%'>$Lang::tr{'secondary dns'}</td>
- <td width='25%'><input type='text' name='DNS2' value='$pppsettings{'DNS2'}'></td>
-</tr>
<tr><td colspan='4' width='100%'><br></br><hr></hr><br></br></td></tr>
<tr>
<td width='25%'>$Lang::tr{'profile name'} <img src='/blob.gif' alt='*' /></td>
'available updates' => 'Available updates:',
'average' => 'Average',
'avoid dod' => 'Do not use this option with Dial on Demand! Mainly used if your IPFire is behind a router. Your RED IP must be inside one of the three reserved network numbers e.g. 10/8, 172.16/12, 192.168/16',
-'back' => 'BACK',
+'back' => 'Back',
'backup' => 'Backup',
'backup archive' => 'Backup File (.dat)',
'backup clear archive' => 'Clear Backup File (.gz)',
'blue access use hint' => 'You have to enter the MAC or the IP Address for a device. To enter both is also possible',
'blue interface' => 'Blue Interface',
'broadcast' => 'Broadcast',
+'broken' => 'Broken',
'broken pipe' => 'Broken pipe',
'buffered memory' => 'Buffered Memory',
'buffers' => 'buffers',
'dmzpinholes for same net not necessary' => 'DMZ Pinholes are not necessary for same net. Select different source or destination net.',
'dnat address' => 'Firewall Interface',
'dns address deleted' => 'Successfully deleted!',
-'dns address deleted txt' => 'The DNS-Server addresses have been successfully deleted.<br />You have to reboot or reconnect that the changes have effect!',
-'dns address done' => 'The DNS-Server address settings are going to be saved.',
+'dns address deleted txt' => 'The DNS server addresses have been successfully deleted.<br />You have to reboot or reconnect that the changes have effect!',
+'dns address done' => 'The DNS server address settings are going to be saved.',
'dns address recon' => 'Trying to reconnect!',
'dns check failed' => 'DNS check failed',
+'dns check servers' => 'Check DNS Servers',
+'dns configuration' => 'DNS Configuration',
+'dns could not add server' => 'Could not add server - Reason:',
'dns desc' => 'If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.',
+'dns enable safe-search' => 'Enable Safe Search',
'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.',
'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!',
'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.',
'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)',
'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)',
'dns header' => 'Assign DNS server addresses only for DHCP on red0',
+'dns isp nameservers and tls not allowed' => 'ISP-assigned DNS servers and TLS cannot be used at the same time.',
+'dns isp assigned nameserver' => 'ISP-assigned DNS server',
'dns list' => 'List of free public DNS servers',
-'dns menu' => 'Assign DNS-Server',
+'dns menu' => 'Assign DNS Server',
+'dns mode for qname minimisation' => 'QNAME Minimisation',
'dns new 0' => 'New <strong>primary</strong> DNS server IP:',
'dns new 1' => 'New <strong>secondary</strong> DNS server IP:',
+'dns no address given' => 'No IP Address given.',
+'dns no tls hostname given' => 'No TLS hostname given.',
'dns proxy server' => 'DNS Proxy Server',
'dns saved' => 'Successfully saved!',
'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!',
'dns server' => 'DNS Server',
'dns servers' => 'DNS Servers',
'dns title' => 'Domain Name System',
+'dns tls hostname' => 'TLS Hostname',
+'dns use isp assigned nameservers' => 'Use ISP-assigned DNS servers',
+'dns use protocol for dns queries' => 'Protocol for DNS queries',
'dnsforward' => 'DNS Forwarding',
'dnsforward add a new entry' => 'Add a new entry',
'dnsforward configuration' => 'DNS forward configuration',
'not present' => '<b>Not</b> present',
'not running' => 'not running',
'not set' => 'not set',
+'not validating' => 'Not validating',
'notes' => 'Notes',
'notice' => 'Notice',
'november' => 'November',
'october' => 'October',
'off' => 'off',
'ok' => 'OK',
+'okay' => 'Okay',
'older' => 'Older',
'on' => 'on',
'one hour' => 'One Hour',
'sssystem status' => 'System Status',
'sstraffic' => 'Net-Traffic',
'sstraffic graphs' => 'Traffic Graphs',
+'standard' => 'Standard',
'standard login script' => 'Standard login script',
'start' => 'Start',
'start address' => 'Start address:',
'stop' => 'Stop',
'stop ovpn server' => 'Stop OpenVPN Server',
'stopped' => 'STOPPED',
+'strict' => 'Strict',
'subject' => 'Subject',
'subject test' => 'Teste-mail',
'subject warn' => 'Warning - warnlevel reached',
'wlanap wlan status' => 'WLan Status',
'wol wakeup' => 'WakeUp',
'workgroup' => 'Workgroup',
+'working' => 'Working',
'written bytes' => 'Bytes Written',
'xtaccess all error' => 'You cannot set an external access to ALL, that is done in the port forwarding record.',
'xtaccess bad transfert' => 'If you specify a port destination range, the source range must be identical !',
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = guardian
-PAK_VER = 17
+PAK_VER = 18
DEPS = "perl-inotify2 perl-Net-IP"
. /etc/sysconfig/rc
. $rc_functions
-
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
dhcpcd_up()
{
# Only if RED_TYPE=DHCP update /var/ipfire/red
if [ "$RED_TYPE" == "DHCP" ]; then
-
- #Check if we have to restart the services at update
+ # Check if we have to restart the services at update
[ ! -e "/var/ipfire/red/active" ] && update=1;
if [ "$old_domain_name_service" != "$new_domain_name_service" ]; then
update=1;
update=1;
fi
- #Get DNS from dhcp
- if [ -n "$DNS0" ] && [ -n "$DNS1" ]; then
- logger -p local0.info -t dhcpcd.exe[$$] "Overwritting DNS-Server addresses with ${DNS0},${DNS1}"
- echo -n ${DNS0} > /var/ipfire/red/dns1
- echo -n ${DNS1} > /var/ipfire/red/dns2
- else
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
- fi
+ # Get DNS from dhcp
+ /etc/rc.d/helper/getdnsfromdhcpc.pl 1 > /var/run/dns1
+ /etc/rc.d/helper/getdnsfromdhcpc.pl 2 > /var/run/dns2
#Get IP Address
echo -n "$new_ip_address" > /var/ipfire/red/local-ipaddress
set | grep "^new_" | sed "s|^new_||g" | \
sort > /var/ipfire/dhcpc/dhcpcd-$interface.info
+ # Remove DNS servers
+ rm -f /var/run/dns1 /var/run/dns2
+
# Only if RED_TYPE=DHCP update /var/ipfire/red
if [ "$RED_TYPE" == "DHCP" ]; then
rm -f /var/ipfire/red/active
grep -v -E "\<gateway\>" /etc/hosts > /tmp/hosts
echo "$GATEWAY gateway" >> /tmp/hosts
mv /tmp/hosts /etc/hosts
- echo -n "${DNS1}" > /var/ipfire/red/dns1
- echo -n "${DNS2}" > /var/ipfire/red/dns2
touch /var/ipfire/red/active
# Create route to default gateway
#!/bin/bash
-# If network has not fully been brought up here, we start unbound
-# so that all following scripts can rely on DNS resolution
-
-pidof unbound > /dev/null
-if [ "${?}" = "0" ]; then
- # unbound is run so update the forwarders
- /etc/init.d/unbound update-forwarders
-else
- # Start unbound if it is not running, yet
- /etc/init.d/unbound start
-fi
+# Update DNS forwarders
+exec /etc/init.d/unbound update-forwarders
+++ /dev/null
-#!/bin/bash
-
-exec /etc/init.d/unbound update-safe-search
. /etc/sysconfig/rc
. ${rc_functions}
-TEST_DOMAIN="ipfire.org"
-
-# This domain will never validate
-TEST_DOMAIN_FAIL="dnssec-failed.org"
-
-INSECURE_ZONES=
-USE_FORWARDERS=1
-ENABLE_SAFE_SEARCH=off
-FORCE_TCP=off
-
# Cache any local zones for 60 seconds
LOCAL_TTL=60
-# EDNS buffer size
-EDNS_DEFAULT_BUFFER_SIZE=4096
-
-# Load optional configuration
-[ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
-
-DIG_ARGS=()
-
-if [ "${FORCE_TCP}" = "on" ]; then
- DIG_ARGS+=( "+tcp" )
-fi
+# Load configuration
+eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
ip_address_revptr() {
local addr=${1}
}
read_name_servers() {
- local i
- for i in 1 2; do
- echo "$(</var/ipfire/red/dns${i})"
- done 2>/dev/null | xargs echo
-}
-
-check_red_has_carrier_and_ip() {
- # Interface configured ?
- [ ! -e "/var/ipfire/red/iface" ] && return 0;
-
- # Interface present ?
- [ ! -e "/sys/class/net/$(</var/ipfire/red/iface)" ] && return 0;
-
- # has carrier ?
- [ ! "$(</sys/class/net/$(</var/ipfire/red/iface)/carrier)" = "1" ] && return 0;
+ # Read name servers from ISP
+ if [ "${USE_ISP_NAMESERVERS}" = "on" -a "${PROTO}" != "TLS" ]; then
+ local i
+ for i in 1 2; do
+ echo "$(</var/run/dns${i})"
+ done 2>/dev/null
+ fi
- # has ip ?
- [ "$(ip address show dev $(</var/ipfire/red/iface) | grep "inet")" = "" ] && return 0;
+ # Read configured name servers
+ local id address tls_hostname enabled remark
+ while IFS="," read -r id address tls_hostname enabled remark; do
+ [ "${enabled}" != "enabled" ] && continue
- return 1;
+ if [ "${PROTO}" = "TLS" ]; then
+ if [ -n "${tls_hostname}" ]; then
+ echo "${address}@853#${tls_hostname}"
+ fi
+ else
+ echo "${address}"
+ fi
+ done < /var/ipfire/dns/servers
}
config_header() {
echo
}
-update_forwarders() {
- check_red_has_carrier_and_ip
- if [ "${USE_FORWARDERS}" = "1" -a "${?}" = "1" ]; then
- local forwarders
- local broken_forwarders
-
- local ns
- for ns in $(read_name_servers); do
- test_name_server ${ns} &>/dev/null
- case "$?" in
- # Only use DNSSEC-validating or DNSSEC-aware name servers
- 0|2)
- forwarders="${forwarders} ${ns}"
- ;;
- *)
- broken_forwarders="${broken_forwarders} ${ns}"
- ;;
- esac
- done
-
- # Determine EDNS buffer size
- local new_edns_buffer_size=${EDNS_DEFAULT_BUFFER_SIZE}
-
- for ns in ${forwarders}; do
- local edns_buffer_size=$(ns_determine_edns_buffer_size ${ns})
- if [ -n "${edns_buffer_size}" ]; then
- if [ ${edns_buffer_size} -lt ${new_edns_buffer_size} ]; then
- new_edns_buffer_size=${edns_buffer_size}
- fi
- fi
- done
-
- if [ ${new_edns_buffer_size} -lt ${EDNS_DEFAULT_BUFFER_SIZE} ]; then
- boot_mesg "EDNS buffer size reduced to ${new_edns_buffer_size}" ${WARNING}
- echo_warning
-
- unbound-control -q set_option edns-buffer-size: ${new_edns_buffer_size}
- fi
-
- # Show warning for any broken upstream name servers
- if [ -n "${broken_forwarders}" ]; then
- boot_mesg "Ignoring broken upstream name server(s): ${broken_forwarders:1}" ${WARNING}
- echo_warning
- fi
-
- if [ -n "${forwarders}" ]; then
- boot_mesg "Configuring upstream name server(s): ${forwarders:1}" ${INFO}
- echo_ok
-
- # Make sure DNSSEC is activated
- enable_dnssec
-
- echo "${forwarders}" > /var/ipfire/red/dns
- unbound-control -q forward ${forwarders}
- return 0
-
- # In case we have found no working forwarders
- else
- # Test if the recursor mode is available
- if can_resolve_root +bufsize=${new_edns_buffer_size}; then
- # Make sure DNSSEC is activated
- enable_dnssec
-
- boot_mesg "Falling back to recursor mode" ${WARNING}
- echo_warning
-
- # If not, we set DNSSEC in permissive mode and allow using all recursors
- elif [ -n "${broken_forwarders}" ]; then
- disable_dnssec
-
- boot_mesg "DNSSEC has been set to permissive mode" ${FAILURE}
- echo_failure
+write_hosts_conf() {
+ (
+ config_header
- echo "${broken_forwarders}" > /var/ipfire/red/dns
- unbound-control -q forward ${broken_forwarders}
- return 0
- fi
+ # Make own hostname resolveable
+ # 1.1.1.1 is reserved for unused green, skip this
+ if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then
+ echo "local-data: \"${HOSTNAME} ${LOCAL_TTL} IN A ${GREEN_ADDRESS}\""
fi
- fi
- # If forwarders cannot be used we run in recursor mode
- echo "local recursor" > /var/ipfire/red/dns
- unbound-control -q forward off
-}
+ local address
+ for address in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
+ [ -n "${address}" ] || continue
+ [ "${address}" = "1.1.1.1" ] && continue
-remove_forwarders() {
- enable_dnssec
- echo "local recursor" > /var/ipfire/red/dns
- unbound-control -q forward off
-
-}
-
-own_hostname() {
- local hostname=$(hostname -f)
- # 1.1.1.1 is reserved for unused green, skip this
- if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then
- unbound-control -q local_data "${hostname} ${LOCAL_TTL} IN A ${GREEN_ADDRESS}"
- fi
-
- local address
- for address in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
- [ -n "${address}" ] || continue
- [ "${address}" = "1.1.1.1" ] && continue
-
- address=$(ip_address_revptr ${address})
- unbound-control -q local_data "${address} ${LOCAL_TTL} IN PTR ${hostname}"
- done
-}
-
-update_hosts() {
- local enabled address hostname domainname generateptr
-
- while IFS="," read -r enabled address hostname domainname generateptr; do
- [ "${enabled}" = "on" ] || continue
+ address=$(ip_address_revptr ${address})
+ echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
+ done
- # Build FQDN
- local fqdn="${hostname}.${domainname}"
+ # Add all hosts
+ local enabled address hostname domainname generateptr
+ while IFS="," read -r enabled address hostname domainname generateptr; do
+ [ "${enabled}" = "on" ] || continue
- unbound-control -q local_data "${fqdn} ${LOCAL_TTL} IN A ${address}"
+ # Build FQDN
+ local fqdn="${hostname}.${domainname}"
+ echo "local-data: \"${fqdn} ${LOCAL_TTL} IN A ${address}\""
- # Skip reverse resolution if the address equals the GREEN address
- [ "${address}" = "${GREEN_ADDRESS}" ] && continue
+ # Skip reverse resolution if the address equals the GREEN address
+ [ "${address}" = "${GREEN_ADDRESS}" ] && continue
- # Skip reverse resolution if user requested not to do so
- [ "${generateptr}" = "off" ] && continue
+ # Skip reverse resolution if user requested not to do so
+ [ "${generateptr}" = "off" ] && continue
- # Add RDNS
- address=$(ip_address_revptr ${address})
- unbound-control -q local_data "${address} ${LOCAL_TTL} IN PTR ${fqdn}"
- done < /var/ipfire/main/hosts
+ # Add RDNS
+ address=$(ip_address_revptr ${address})
+ echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${fqdn}\""
+ done < /var/ipfire/main/hosts
+ ) > /etc/unbound/hosts.conf
}
write_forward_conf() {
(
config_header
+ # Enable strict QNAME minimisation
+ if [ "${QNAME_MIN}" = "strict" ]; then
+ echo "server:"
+ echo " qname-minimisation-strict: yes"
+ echo
+ fi
+
# Force using TCP for upstream servers only
- if [ "${FORCE_TCP}" = "on" ]; then
+ if [ "${PROTO}" = "TCP" ]; then
echo "# Force using TCP for upstream servers only"
echo "server:"
echo " tcp-upstream: yes"
echo
fi
- local insecure_zones="${INSECURE_ZONES}"
+ local insecure_zones=""
local enabled zone server servers remark disable_dnssec rest
while IFS="," read -r enabled zone servers remark disable_dnssec rest; do
;;
esac
- # Reverse-lookup zones must be stubs
+ echo "stub-zone:"
+ echo " name: ${zone}"
+ for server in ${servers//|/ }; do
+ if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+ echo " stub-addr: ${server}"
+ else
+ echo " stub-host: ${server}"
+ fi
+ done
+ echo
+
+ # Make all reverse lookup zones transparent
case "${zone}" in
*.in-addr.arpa)
- echo "stub-zone:"
- echo " name: ${zone}"
- for server in ${servers//|/ }; do
- if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
- echo " stub-addr: ${server}"
- else
- echo " stub-host: ${server}"
- fi
- done
- echo
echo "server:"
echo " local-zone: \"${zone}\" transparent"
echo
;;
- *)
- echo "forward-zone:"
- echo " name: ${zone}"
- for server in ${servers//|/ }; do
- if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
- echo " forward-addr: ${server}"
- else
- echo " forward-host: ${server}"
- fi
- done
- echo
- ;;
esac
done < /var/ipfire/dnsforward/config
echo " domain-insecure: ${zone}"
done
fi
+
+ echo "forward-zone:"
+ echo " name: \".\""
+
+ # Force using TLS only
+ if [ "${PROTO}" = "TLS" ]; then
+ echo " forward-tls-upstream: yes"
+ fi
+
+ # Add upstream name servers
+ local ns
+ for ns in $(read_name_servers); do
+ echo " forward-addr: ${ns}"
+ done
) > /etc/unbound/forward.conf
}
done < /proc/meminfo
}
-test_name_server() {
- local ns=${1}
- local args
-
- # Return codes:
- # 0 DNSSEC validating
- # 1 Error: unreachable, etc.
- # 2 DNSSEC aware
- # 3 NOT DNSSEC-aware
-
- # Exit when the server is not reachable
- ns_is_online ${ns} || return 1
-
- # Determine the maximum edns buffer size that works
- local edns_buffer_size=$(ns_determine_edns_buffer_size ${ns})
- if [ -n "${edns_buffer_size}" ]; then
- args="${args} +bufsize=${edns_buffer_size}"
- fi
-
- local errors
- for rr in DNSKEY DS RRSIG; do
- if ! ns_forwards_${rr} ${ns} ${args}; then
- errors="${errors} ${rr}"
- fi
- done
-
- if [ -n "${errors}" ]; then
- echo >&2 "Unable to retrieve the following resource records from ${ns}: ${errors:1}"
- return 3
- fi
-
- if ns_is_validating ${ns} ${args}; then
- # Return 0 if validating
+fix_time_if_dns_fails() {
+ # If DNS is working, everything is fine
+ if resolve "ping.ipfire.org" &>/dev/null; then
return 0
- else
- # Is DNSSEC-aware
- return 2
fi
-}
-# Sends an A query to the nameserver w/o DNSSEC
-ns_is_online() {
- local ns=${1}
- shift
-
- dig "${DIG_ARGS[@]}" @${ns} +nodnssec A ${TEST_DOMAIN} $@ >/dev/null
-}
-
-# Resolving ${TEST_DOMAIN_FAIL} will fail if the nameserver is validating
-ns_is_validating() {
- local ns=${1}
- shift
-
- if ! dig "${DIG_ARGS[@]}" @${ns} A ${TEST_DOMAIN_FAIL} $@ | grep -q SERVFAIL; then
- return 1
- else
- # Determine if NS replies with "ad" data flag if DNSSEC enabled
- dig "${DIG_ARGS[@]}" @${ns} +dnssec SOA ${TEST_DOMAIN} $@ | awk -F: '/\;\;\ flags\:/ { s=1; if (/\ ad/) s=0; exit s }'
- fi
-}
-
-# Checks if we can retrieve the DNSKEY for this domain.
-# dig will print the SOA if nothing was found
-ns_forwards_DNSKEY() {
- local ns=${1}
- shift
-
- dig "${DIG_ARGS[@]}" @${ns} DNSKEY ${TEST_DOMAIN} $@ | grep -qv SOA
-}
-
-ns_forwards_DS() {
- local ns=${1}
- shift
-
- dig "${DIG_ARGS[@]}" @${ns} DS ${TEST_DOMAIN} $@ | grep -qv SOA
-}
-
-ns_forwards_RRSIG() {
- local ns=${1}
- shift
-
- dig "${DIG_ARGS[@]}" @${ns} +dnssec A ${TEST_DOMAIN} $@ | grep -q RRSIG
-}
-
-ns_supports_tcp() {
- local ns=${1}
- shift
-
- # If TCP is forced we know by now if the server responds to it
- if [ "${FORCE_TCP}" = "on" ]; then
- return 0
- fi
-
- dig "${DIG_ARGS[@]}" @${ns} +tcp A ${TEST_DOMAIN} $@ >/dev/null || return 1
-}
-
-ns_determine_edns_buffer_size() {
- local ns=${1}
- shift
-
- local b
- for b in 4096 2048 1500 1480 1464 1400 1280 512; do
- if dig "${DIG_ARGS[@]}" @${ns} +dnssec +bufsize=${b} A ${TEST_DOMAIN} $@ >/dev/null; then
- echo "${b}"
- return 0
- fi
- done
-
- return 1
-}
-
-get_root_nameservers() {
- while read -r hostname ttl record address; do
- # Searching for A records
- [ "${record}" = "A" ] || continue
-
- echo "${address}"
- done < /etc/unbound/root.hints
-}
-
-can_resolve_root() {
- local ns
- for ns in $(get_root_nameservers); do
- if dig "${DIG_ARGS[@]}" @${ns} +dnssec SOA . $@ >/dev/null; then
- return 0
- fi
- done
-
- # none of the servers was reachable
- return 1
-}
-
-enable_dnssec() {
- local status=$(unbound-control get_option val-permissive-mode)
-
- # Log DNSSEC status
- echo "on" > /var/ipfire/red/dnssec-status
-
- # Don't do anything if DNSSEC is already activated
- [ "${status}" = "no" ] && return 0
-
- # Activate DNSSEC and flush cache with any stale and unvalidated data
- unbound-control -q set_option val-permissive-mode: no
- unbound-control -q flush_zone .
-}
-
-disable_dnssec() {
- # Log DNSSEC status
- echo "off" > /var/ipfire/red/dnssec-status
-
- unbound-control -q set_option val-permissive-mode: yes
-}
-
-fix_time_if_dns_fail() {
- # If DNS still not work try to init ntp with
- # hardcoded ntp.ipfire.org (81.3.27.46)
- check_red_has_carrier_and_ip
- if [ -e "/var/ipfire/red/iface" -a "${?}" = "1" ]; then
- host 0.ipfire.pool.ntp.org > /dev/null 2>&1
- if [ "${?}" != "0" ]; then
- boot_mesg "DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
- loadproc /usr/local/bin/settime 81.3.27.46
- fi
- fi
+ # Try to sync time with a known time server
+ boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..."
+ loadproc /usr/local/bin/settime 81.3.27.46
}
resolve() {
local hostname="${1}"
- local found=0
- local ns
- for ns in $(read_name_servers); do
- local answer
- for answer in $(dig "${DIG_ARGS[@]}" +short "@${ns}" A "${hostname}"); do
- found=1
-
- # Filter out non-IP addresses
- if [[ ! "${answer}" =~ \.$ ]]; then
- echo "${answer}"
- fi
- done
-
- # End loop when we have got something
- [ ${found} -eq 1 ] && break
+ local answer
+ for answer in $(dig +short A "${hostname}"); do
+ # Filter out non-IP addresses
+ if [[ ! "${answer}" =~ \.$ ]]; then
+ echo "${answer}"
+ fi
done
}
exit 0
fi
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-
# Update configuration files
write_tuning_conf
+ write_hosts_conf
write_forward_conf
boot_mesg "Starting Unbound DNS Proxy..."
loadproc /usr/sbin/unbound || exit $?
- # Make own hostname resolveable
- own_hostname
-
- # Update any known forwarding name servers
- update_forwarders
-
# Install Safe Search rules when the system is already online
if [ -e "/var/ipfire/red/active" ]; then
update_safe_search
fi
-
- # Update hosts
- update_hosts
-
- fix_time_if_dns_fail
;;
stop)
sleep 1
$0 start
;;
+ reload|remove-forwarders)
+ # Update configuration files
+ write_forward_conf
+ write_hosts_conf
- status)
- statusproc /usr/sbin/unbound
- ;;
-
- update-forwarders)
- # Do not try updating forwarders when unbound is not running
- if ! pgrep unbound &>/dev/null; then
- exit 0
+ # Update Safe Search rules if the system is online.
+ if [ -e "/var/ipfire/red/active" ]; then
+ update_safe_search
fi
- update_forwarders
-
- unbound-control flush_negative > /dev/null
- unbound-control flush_bogus > /dev/null
-
- fix_time_if_dns_fail
+ # Call unbound-control and perform the reload
+ /usr/sbin/unbound-control -q reload
;;
- remove-forwarders)
- # Do not try updating forwarders when unbound is not running
- if ! pgrep unbound &>/dev/null; then
- exit 0
- fi
-
- remove_forwarders
-
- unbound-control flush_negative > /dev/null
- unbound-control flush_bogus > /dev/null
+ status)
+ statusproc /usr/sbin/unbound
;;
+ update-forwarders)
+ $0 reload
- test-name-server)
- ns=${2}
-
- test_name_server ${ns}
- ret=${?}
-
- case "${ret}" in
- 0)
- echo "${ns} is validating"
- ;;
- 2)
- echo "${ns} is DNSSEC-aware"
- ;;
- 3)
- echo "${ns} is NOT DNSSEC-aware"
- ;;
- *)
- echo "Test failed for an unknown reason"
- exit ${ret}
- ;;
- esac
-
- if ns_supports_tcp ${ns}; then
- echo "${ns} supports TCP fallback"
- else
- echo "${ns} does not support TCP fallback"
- fi
-
- edns_buffer_size=$(ns_determine_edns_buffer_size ${ns})
- if [ -n "${edns_buffer_size}" ]; then
- echo "EDNS buffer size for ${ns}: ${edns_buffer_size}"
- fi
-
- exit ${ret}
+ # Make sure DNS works at this point
+ fix_time_if_dns_fails
;;
resolve)
resolve "${2}"
;;
- update-safe-search)
- update_safe_search
- ;;
-
*)
- echo "Usage: $0 {start|stop|restart|status|update-forwarders|remove-forwarders|test-name-server|resolve|update-safe-search}"
+ echo "Usage: $0 {start|stop|restart|reload|status|resolve|update-forwarders|remove-forwarders}"
exit 1
;;
esac
exit(1);
if (argc < 2) {
- fprintf(stderr, "\nNo argument given.\n\nunboundctrl (restart)\n\n");
+ fprintf(stderr, "\nNo argument given.\n\nunboundctrl restart|reload\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
safe_system("/etc/rc.d/init.d/unbound restart");
+ } else if (strcmp(argv[1], "reload") == 0) {
+ safe_system("/etc/rc.d/init.d/unbound reload");
} else {
- fprintf(stderr, "\nBad argument given.\n\nunboundctrl (restart)\n\n");
+ fprintf(stderr, "\nBad argument given.\n\nunboundctrl restart|reload\n\n");
exit(1);
}
. /etc/sysconfig/rc
. $rc_functions
-eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
-
-rm -f /var/ipfire/red/active
+rm -f /var/ipfire/red/active \
+ /var/run/dns1 /var/run/dns2
run_subdir ${rc_base}/init.d/networking/red.down/
. /etc/sysconfig/rc
. $rc_functions
-PRIMARY_DNS=$DNS1
-SECONDARY_DNS=$DNS2
-
eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
-if [ "$DNS" == "Automatic" ]; then
- if [ "$TYPE" == "isdn" ]; then
- echo -n "$MS_DNS1" > /var/ipfire/red/dns1
- echo -n "$MS_DNS2" > /var/ipfire/red/dns2
- else
- if [ "$PRIMARY_DNS" == "10.11.12.13" ]; then
- echo -n "$DNS1" > /var/ipfire/red/dns1
- else
- echo -n "$PRIMARY_DNS" > /var/ipfire/red/dns1
- fi
- if [ "$SECONDARY_DNS" == "10.11.12.14" ]; then
- echo -n "$DNS2" > /var/ipfire/red/dns2
- else
- echo -n "$SECONDARY_DNS" > /var/ipfire/red/dns2
- fi
- fi
-else
- echo -n "$DNS1" > /var/ipfire/red/dns1
- echo -n "$DNS2" > /var/ipfire/red/dns2
+if [ "$TYPE" = "isdn" ]; then
+ DNS1="${MS_DNS1}"
+ DNS2="${MS_DNS2}"
fi
+# Write DNS servers to configuration
+echo "${DNS1}" > /var/run/dns1
+echo "${DNS2}" > /var/run/dns2
+
echo -n "$1" > /var/ipfire/red/iface
echo -n "$4" > /var/ipfire/red/local-ipaddress
echo -n "$5" > /var/ipfire/red/remote-ipaddress
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A Linux-based firewall #
+# Copyright (C) 2020 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+main() {
+ # Do not convert anything if we already have some servers set
+ if [ ! -s "/var/ipfire/dns/servers" ]; then
+ local DNS0 DNS1 DNS2
+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+ if [ -s "/var/ipfire/ppp/settings" ]; then
+ eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+
+ # Remove DNS, DNS1 and DNS2
+ sed -i "/^DNS[12]?=/d" /var/ipfire/ppp/settings
+ elif [ -s "/var/ipfire/dns/settings" ]; then
+ eval $(/usr/local/bin/readhash /var/ipfire/dns/settings)
+ fi
+
+ local var
+ local i=3
+ for var in DNS0 DNS1 DNS2; do
+ if [ -n "${!var}" ]; then
+ echo "${i},${!var},,enabled,"
+ (( i++ ))
+ fi
+ done > /var/ipfire/dns/servers
+
+ # Empty the old settings file
+ : > /var/ipfire/dns/settings
+
+ # Disable using ISP name servers when we already have some configured
+ if [ ${i} -gt 3 ]; then
+ echo "USE_ISP_NAMESERVERS=off" \
+ >> /var/ipfire/dns/settings
+ fi
+ fi
+
+ # Set correct ownership.
+ chown nobody:nobody /var/ipfire/dns/settings
+
+ # Convert old unbound settings file
+ if [ -e "/etc/sysconfig/unbound" ]; then
+ local USE_FORWARDERS
+ local ENABLE_SAFE_SEARCH
+ local FORCE_TCP
+
+ # Read settings
+ eval $(/usr/local/bin/readhash /etc/sysconfig/unbound)
+
+ # Safe Search
+ if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+ echo "ENABLE_SAFE_SEARCH=${ENABLE_SAFE_SEARCH}" \
+ >> /var/ipfire/dns/settings
+ fi
+
+ # Force TCP
+ if [ "${FORCE_TCP}" = "on" ]; then
+ echo "PROTO=TCP" >> /var/ipfire/dns/settings
+ fi
+
+ # Run in recursor mode
+ if [ "${USE_FORWARDERS}" = "0" ]; then
+ # Remove all servers
+ : > /var/ipfire/dns/servers
+ fi
+
+ rm -f "/etc/sysconfig/unbound"
+ fi
+
+ # Set correct ownership.
+ chown nobody:nobody /var/ipfire/dns/servers
+
+ # Make DHCP leases readable for nobody
+ chown 644 /etc/unbound/dhcp-leases.conf
+}
+
+main "$@" || exit $?
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
+
+# Proxy settings.
+# Check if a proxy should be used.
+if [[ $UPSTREAM_PROXY ]]; then
+ PROXYSETTINGS="https_proxy=http://"
+
+ # Check if authentication against the proxy is configured.
+ if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
+ PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
+ fi
+
+ # Add proxy server.
+ PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
+
+ # Export proxy settings.
+ export HTTPS_PROXY="$PROXYSETTINGS"
+fi
+
+# Get the latest location database from server.
+/usr/bin/location-downloader update
+
+# Call initscript to reload the firewall.
+/etc/init.d/firewall reload
+++ /dev/null
-#!/bin/bash
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-TMP_PATH=$(mktemp -dp /var/tmp)
-TMP_FILE=$(mktemp -p $TMP_PATH)
-
-SCRIPT_PATH=/usr/local/bin
-DEST_PATH=/usr/share/xt_geoip
-DB_PATH=/var/lib/GeoIP
-DB1_PATH=/usr/share/GeoIP
-
-DL_URL=https://geolite.maxmind.com/download/geoip/database
-DL_FILE=GeoLite2-Country-CSV.zip
-
-eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
-
-function download() {
- echo "Downloading latest GeoIP ruleset..."
-
- # Proxy settings.
- # Check if a proxy should be used.
- if [[ $UPSTREAM_PROXY ]]; then
- PROXYSETTINGS="-e https_proxy=http://"
-
- # Check if authentication against the proxy is configured.
- if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
- PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@"
- fi
-
- # Add proxy server.
- PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY"
- fi
-
- # Get the latest GeoIP database from server.
- wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
-
- # Extract files to database path.
- unzip $TMP_FILE -d $TMP_PATH
-
- return 0
-}
-
-function install() {
- echo "Install CSV database..."
-
- # Check if the database dir exists.
- if [ ! -e "$DB_PATH" ]; then
- mkdir -p $DB_PATH &>/dev/null
- fi
-
- # Check if the directory for binary databases exists.
- if [ ! -e "$DEST_PATH" ]; then
- mkdir -p $DEST_PATH &>/dev/null
- fi
-
- # Install CSV databases.
- if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then
- echo "Could not copy files. Aborting." >&2
- return 1
- fi
-
- return 0
-}
-
-function build_legacy() {
- echo "Convert database to legacy GeoIP.dat ..."
- cat $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv | \
- $DB1_PATH/bin/geolite2-to-legacy-csv.sh $DB1_PATH/bin/countryInfo.txt > \
- $TMP_FILE
- $DB1_PATH/bin/geoip-generator -v -4 --info="$(date -u +'GEO-106FREE %Y%m%d Build -IPFire-' \
- -r $DB_PATH/GeoLite2-Country-Blocks-IPv4.csv) $(<$DB_PATH/COPYRIGHT.txt)" -o \
- $DB1_PATH/GeoIP.dat $TMP_FILE
-
- return 0
-}
-
-
-function build() {
- echo "Convert database..."
-
- # Run script to convert the CSV file into several xtables
- # compatible binary files.
- if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then
- echo "Could not convert ruleset. Aborting." >&2
- return 1
- fi
-
- return 0
-}
-
-function cleanup() {
- echo "Cleaning up temporary files..."
- if ! rm -rf $TMP_PATH &>/dev/null; then
- echo "Could not remove files. Aborting." >&2
- return 1
- fi
-
- return 0
-}
-
-function main() {
- local func
- for func in download install build build_legacy; do
- if ! ${func}; then
- # Cleanup any temporary data
- cleanup
-
- return 1
- fi
- done
-
- # Cleanup
- cleanup || return $?
-
- # All done
- return 0
-}
-
-# Run the main function.
-main || exit $?
#include "setup.h"
-#define DNS1 0
-#define DNS2 1
-#define DEFAULT_GATEWAY 2
-#define DNSGATEWAY_TOTAL 3
-
extern FILE *flog;
extern char *mylog;
int changedrivers(void);
int greenaddressmenu(void);
int addressesmenu(void);
-int dnsgatewaymenu(void);
+int gatewaymenu(void);
int handlenetworking(void)
{
break;
case 4:
- dnsgatewaymenu();
+ gatewaymenu();
break;
case 0:
_("Network configuration type"),
_("Drivers and card assignments"),
_("Address settings"),
- _("DNS and Gateway settings"),
+ _("Gateway settings"),
NULL
};
int rc;
return 0;
}
-/* DNS and default gateway.... */
-int dnsgatewaymenu(void)
+/* default gateway.... */
+int gatewaymenu(void)
{
struct keyvalue *kv = initkeyvalues();
char message[1000];
char temp[STRING_SIZE] = "0";
- struct newtWinEntry entries[DNSGATEWAY_TOTAL+1];
- char *values[DNSGATEWAY_TOTAL]; /* pointers for the values. */
+ struct newtWinEntry entries[2];
+ char* values[1]; /* pointers for the values. */
int error;
int configtype;
int rc;
return 0;
}
- entries[DNS1].text = _("Primary DNS:");
- strcpy(temp, ""); findkey(kv, "DNS1", temp);
- values[DNS1] = strdup(temp);
- entries[DNS1].value = &values[DNS1];
- entries[DNS1].flags = 0;
-
- entries[DNS2].text = _("Secondary DNS:");
- strcpy(temp, ""); findkey(kv, "DNS2", temp);
- values[DNS2] = strdup(temp);
- entries[DNS2].value = &values[DNS2];
- entries[DNS2].flags = 0;
-
- entries[DEFAULT_GATEWAY].text = _("Default gateway:");
+ entries[0].text = _("Default gateway:");
strcpy(temp, ""); findkey(kv, "DEFAULT_GATEWAY", temp);
- values[DEFAULT_GATEWAY] = strdup(temp);
- entries[DEFAULT_GATEWAY].value = &values[DEFAULT_GATEWAY];
- entries[DEFAULT_GATEWAY].flags = 0;
+ values[0] = strdup(temp);
+ entries[0].value = &values[0];
+ entries[0].flags = 0;
- entries[DNSGATEWAY_TOTAL].text = NULL;
- entries[DNSGATEWAY_TOTAL].value = NULL;
- entries[DNSGATEWAY_TOTAL].flags = 0;
+ entries[1].text = NULL;
+ entries[1].value = NULL;
+ entries[1].flags = 0;
do
{
error = 0;
- rc = newtWinEntries(_("DNS and Gateway settings"),
- _("Enter the DNS and gateway information. "
- "These settings are used only with Static IP (and DHCP if DNS set) on the RED interface."),
+ rc = newtWinEntries(_("Gateway settings"),
+ _("Enter the gateway information. "
+ "These settings are used only with Static IP on the RED interface."),
50, 5, 5, 18, entries, _("OK"), _("Cancel"), NULL);
if (rc == 0 || rc == 1)
{
- strcpy(message, _("The following fields are invalid:"));
- strcpy(message, "\n\n");
- if (strlen(values[DNS1]))
+ if (strlen(values[0]))
{
- if (inet_addr(values[DNS1]) == INADDR_NONE)
- {
- strcat(message, _("Primary DNS"));
- strcat(message, "\n");
- error = 1;
- }
- }
- if (strlen(values[DNS2]))
- {
- if (inet_addr(values[DNS2]) == INADDR_NONE)
- {
- strcat(message, _("Secondary DNS"));
- strcat(message, "\n");
- error = 1;
- }
- }
- if (strlen(values[DEFAULT_GATEWAY]))
- {
- if (inet_addr(values[DEFAULT_GATEWAY]) == INADDR_NONE)
+ if (inet_addr(values[0]) == INADDR_NONE)
{
strcat(message, _("Default gateway"));
strcat(message, "\n");
error = 1;
}
}
- if (!strlen(values[DNS1]) && strlen(values[DNS2]))
- {
- strcpy(message, _("Secondary DNS specified without a Primary DNS"));
- strcat(message, "\n");
- error = 1;
- }
if (error)
errorbox(message);
else
{
- replacekeyvalue(kv, "DNS1", values[DNS1]);
- replacekeyvalue(kv, "DNS2", values[DNS2]);
- replacekeyvalue(kv, "DEFAULT_GATEWAY", values[DEFAULT_GATEWAY]);
+ replacekeyvalue(kv, "DEFAULT_GATEWAY", values[0]);
netaddresschange = 1;
- free(values[DNS1]);
- free(values[DNS2]);
- free(values[DEFAULT_GATEWAY]);
+ free(values[0]);
writekeyvalues(kv, CONFIG_ROOT "/ethernet/settings");
}
}
}
while (error);
-
+
freekeyvalues(kv);
-
+
return 1;
}