###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
download :
-md5 :
+b2 :
###############################################################################
# Installation Details
# Create all directories
for i in addon-lang auth backup ca captive certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
- ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
- menu.d modem nfs optionsfw \
+ ethernet extrahd/bin fwlogs fwhosts firewall ipblocklist key langs logging mac main \
+ menu.d modem optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
- proxy/calamaris/bin qos/bin red remote sensors snort time \
- updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
+ proxy/calamaris/bin qos/bin red remote sensors suricata time \
+ updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
# Touch empty files
for i in auth/users backup/include.user backup/exclude.user \
- captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt ddns/config ddns/settings ddns/ipcache dhcp/settings \
- dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
- ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
- fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
- isdn/settings mac/settings main/hosts main/routing main/settings optionsfw/settings \
+ captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \
+ dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dns/servers dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
+ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/locationblock firewall/input firewall/outgoing \
+ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
+ ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
- qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
+ qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
- cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/location-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/ipblocklist-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/menu/* $(CONFIG_ROOT)/menu.d/
cp $(DIR_SRC)/config/cfgroot/modem-defaults $(CONFIG_ROOT)/modem/defaults
cp $(DIR_SRC)/config/cfgroot/modem-settings $(CONFIG_ROOT)/modem/settings
- cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
- cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
+ cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
+ cp $(DIR_SRC)/config/cfgroot/main-settings $(CONFIG_ROOT)/main/settings
+ cp $(DIR_SRC)/config/cfgroot/manualpages $(CONFIG_ROOT)/main/
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
- cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
- cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced
+ cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans
- cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
- cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess
+ cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/
+ cp $(DIR_SRC)/config/firewall/config $(CONFIG_ROOT)/firewall/config
+ cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess
cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw
- cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
- cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
- cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols
- cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
+ cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz
+ cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw
+ cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy
cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
- echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
- echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPHOSTILE=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "LOGDROPHOSTILEIN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "LOGDROPHOSTILEOUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "LOGDROPCTINVALID=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
+ echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings
+ echo "TREE=$(PAKFIRE_TREE)" >> $(CONFIG_ROOT)/pakfire/settings
- # Add conntrack helper default settings
- for proto in FTP H323 IRC SIP TFTP; do \
- echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
- done
-
- # Do not enable these by default because these are broken
- for proto in AMANDA PPTP; do \
- echo "CONNTRACK_$${proto}=off" >> $(CONFIG_ROOT)/optionsfw/settings; \
- done
+ # Install snort to suricata converter.
+ cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
+ cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file
+ cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers
# set converters executable
chmod 755 /usr/sbin/convert-*
+ # Make extrahd.pl executable
+ chmod 755 /var/ipfire/extrahd/bin/extrahd.pl
+
# Modify variables in header.pl
sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
-e "s+VERSION+$(VERSION)+g" \
cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/
# Configroot permissions
- chown -R nobody:nobody $(CONFIG_ROOT)
- chown root:root $(CONFIG_ROOT)
- for i in backup/ header.pl general-functions.pl graphs.pl lang.pl addon-lang/ langs/ red/ ; do \
- chown -R root:root $(CONFIG_ROOT)/$$i; \
+ chown -Rv nobody:nobody $(CONFIG_ROOT)
+ chown root:root $(CONFIG_ROOT)
+ for i in backup/exclude.user backup/include.user connscheduler/lib.pl *.pl addon-lang/ langs/ menu.d/; do \
+ chown -Rv root:root $(CONFIG_ROOT)/$$i; \
done
chown -Rv root:root $(CONFIG_ROOT)/*/bin
chown root:nobody $(CONFIG_ROOT)/dhcpc
projects / ipfire-2.x.git / blobdiff