wbpriv:x:88:squid
nobody:x:99:
users:x:100:
- snort:x:101:
+ suricata:x:101:
logwatch:x:102:
cron:x:104:
syslogd:x:105:
nut:x:115:
cdrom:x:116:
usb:x:117:
+zabbix:x:118:
samba:x:1000:
sshd:x:74:74:sshd:/var/empty:/bin/false
nobody:x:99:99:Nobody:/home/nobody:/bin/false
postfix:x:100:100::/var/spool/postfix:/bin/false
- snort:x:101:101:ftp:/var/log/snort:/bin/false
+ suricata:x:101:101:Suricata:/var/log/suricata:/bin/false
logwatch:x:102:102::/var/log/logwatch:/bin/false
cron:x:104:104::/:/bin/false
syslogd:x:105:105:/var/empty:/bin/false
cyrus:x:111:12:Cyrus user:/usr/cyrus:
filter:x:112:12:Spam user:/home/filter:/bin/false
asterisk:x:114:114:Asterisk user:/var/empty:/bin/false
+zabbix:x:118:118:Zabbix Monitoring:/var/empty:/bin/false
samba:x:1000:1000:Samba User:/var/empty:/bin/false
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
usr/local/bin/settime
usr/local/bin/timecheck
usr/local/bin/timezone-transition
+ usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-lang-cache
+ usr/local/bin/update-ids-ruleset
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
#usr/local/include
#usr/lib
usr/lib/firewall
usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
usr/lib/firewall/rules.pl
#usr/lib/libgcc_s.so
usr/lib/libgcc_s.so.1
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
+usr/local/bin/ipsec-interfaces
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
usr/local/bin/settime
usr/local/bin/timecheck
usr/local/bin/timezone-transition
+ usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
'ConnSched time' => 'Zeit:',
'ConnSched up' => 'Herauf',
'ConnSched weekdays' => 'Wochentage:',
+ 'Daily' => 'Täglich',
+ 'Disabled' => 'Deaktiviert',
'Edit an existing route' => 'Eine existierende Route editieren',
'Enter TOS' => 'Aktivieren oder deaktivieren Sie die TOS-Bits <br /> und klicken Sie danach auf <i>Speichern</i>.',
'Existing Files' => 'Dateien in der Datenbank',
'Utilization on' => 'Auslastung auf',
'Verbose' => 'Verbose',
'WakeOnLan' => 'Wake On LAN',
+ 'Weekly' => 'Wöchentlich',
'a ca certificate with this name already exists' => 'Ein CA-Zertifikat mit diesem Namen existiert bereits.',
'a connection with this common name already exists' => 'Eine Verbindung mit diesem gemeinsamen Namen existiert bereits.',
'a connection with this name already exists' => 'Eine Verbindung mit diesem Namen existiert bereits.',
'dns error 0' => 'Die IP Adresse vom <strong>primären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>sekundären</strong> DNS Server Adresse ist jedoch gültig.<br />',
'dns error 01' => 'Die eingegebene IP Adresse des <strong>primären</strong> wie auch des <strong>sekundären</strong> DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!',
'dns error 1' => 'Die IP Adresse vom <strong>sekundären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>primäre</strong> DNS Server Adresse ist jedoch gültig.',
+'dns forward disable dnssec' => 'DNSSEC deaktivieren (nicht empfohlen)',
+'dns forwarding dnssec disabled notice' => '(DNSSEC deaktiviert)',
'dns header' => 'DNS Server Adressen zuweisen nur mit DHCP an red0',
'dns list' => 'Liste von freien öffentlichen DNS Servern',
'dns menu' => 'DNS-Server zuweisen',
'idle' => 'Leerlauf',
'idle timeout' => 'Leerlauf-Wartezeit in Min. (0 zum Deaktivieren):',
'idle timeout not set' => 'Leerlauf-Wartezeit nicht angegeben.',
- 'ids log viewer' => 'Ansicht IDS-Protokoll',
- 'ids logs' => 'IDS-Protokolldateien',
- 'ids preprocessor' => 'IDS-Präprozessor',
- 'ids rules license' => 'Um Sourcefire VRT Zertifizierte Regeln zu nutzen, müssen Sie sich unter',
- 'ids rules license1' => ' registrieren.',
- 'ids rules license2' => 'Bestätigen Sie die Lizenz; aktivieren Sie Ihren Account, indem Sie auf den Link, den Sie per Mail erhalten haben, klicken. Gehen Sie dann zu',
- 'ids rules license3' => 'klicken Sie den "Generate code"-Knopf und kopieren Sie den 40-Zeichen Oinkcode in das untere Feld.',
- 'ids rules update' => 'Snort Regeln Update',
+ 'ids apply' => 'Übernehmen',
+ 'ids apply ruleset changes' => 'Regel-Änderungen werden übernommen ... Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
+ 'ids automatic rules update' => 'Automatische Regeln-Aktualisierung',
+ 'ids traffic analyze' => 'Packet-Analyse',
+ 'ids active on' => 'Aktiv auf',
+ 'ids enable' => 'Intrusion-Prevention-System aktivieren',
+ 'ids download new ruleset' => 'Das neue Regelset wird heruntergeladen und entpackt ... Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
+ 'ids ignored hosts' => 'Ignorierte Hosts',
+ 'ids log viewer' => 'Ansicht IPS-Protokoll',
+ 'ids log hits' => 'Gesamtanzahl der aktivierten Regeln für',
+ 'ids logs' => 'IPS-Protokolldateien',
+ 'ids monitored interfaces' => 'Überwachte Netzwerkzonen',
+ 'ids monitor traffic only' => 'Netzwerk-Pakete nur überpfrüfen',
+ 'ids no network zone' => 'Mindestends eine Netzwerk-Zone muss überwacht werden!',
+ 'ids no ruleset available' => 'Kein Regelset verfügbar, bitte downloaden Sie eines!',
+ 'ids oinkcode required' => 'Für das ausgewählte Regelset wird ein Abonnement oder ein Oinkcode benötigt',
+ 'ids ruleset settings' => 'Regelset-Einstellungen',
+ 'ids ruleset autoupdate in progress' => 'Das Regelset wird gerade aktualisiert ... Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
+ 'ids working' => 'Änderungen werden übernommen ... Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
'ignore filter' => '"Ignorieren"-Filter',
'ike encryption' => 'IKE Verschlüsselung:',
'interface' => 'Schnittstelle',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
- 'intrusion detection' => 'Einbruchdetektierung',
- 'intrusion detection system' => 'Einbruchsdetektierung',
- 'intrusion detection system log viewer' => 'Betrachter der IDS-Protokolldateien',
- 'intrusion detection system rules' => 'Regeln für die Einbruchsdetektierung',
- 'intrusion detection system2' => 'Intrusion Detection System:',
+ 'intrusion detection' => 'Intrusion-Prevention',
+ 'intrusion detection system' => 'Intrusion-Prevention-System',
+ 'intrusion detection system log viewer' => 'Betrachter der IPS-Protokolldateien',
+ 'intrusion detection system rules' => 'Regelset',
+ 'intrusion detection system2' => 'Intrusion-Prevention-System',
+ 'intrusion prevention system' => 'Intrusion-Prevention-System',
'invalid broadcast ip' => 'Ungültige Broadcast-IP',
'invalid cache size' => 'Ungültige Cache-Größe.',
'invalid characters found in pre-shared key' => 'Ungültige Zeichen im Pre-Shared Schlüssel gefunden.',
'invalid input for hostname' => 'Ungültige Eingabe für Hostname',
'invalid input for ike lifetime' => 'Ungültige Eingabe für IKE Lebensdauer',
'invalid input for inactivity timeout' => 'Ungültige Eingabe für Inaktivitätstimeout',
+'invalid input for interface address' => 'Ungültige Eingabe für die Interface-Adresse',
+'invalid input for interface mode' => 'Ungültige Eingabe des Interface-Modus',
+'invalid input for interface mtu' => 'Ungültige Eingabe für die Interface-MTU',
'invalid input for keepalive 1' => 'Ungültige Eingabe für Keepalive ping',
'invalid input for keepalive 1:2' => 'Ungültige Eingabe für Keepalive (mindestens ein Verhältnis von 1:2)',
'invalid input for keepalive 2' => 'Ungültige Eingabe für Keepalive ping-restart',
+'invalid input for local ip address' => 'Ungültige Eingabe für die lokale IP-Adresse',
'invalid input for max clients' => 'Ungültige Eingabe für Max Clients',
+'invalid input for mode' => 'Ungültige Eingabe des Modus',
'invalid input for name' => 'Ungültige Eingabe für vollen Namen des Benutzers oder des System Hostnamens',
'invalid input for oink code' => 'Ungültige Eingabe für Oink Code',
'invalid input for organization' => 'Ungültige Eingabe für Organisation',
'ipfires hostname' => 'IPFire\'s Hostname',
'ipinfo' => 'IP-Info',
'ipsec' => 'IPsec',
+'ipsec connection' => 'IPsec-Verbindung',
+'ipsec interface mode gre' => 'GRE',
+'ipsec interface mode none' => '- Kein Interface (Standard) -',
+'ipsec interface mode vti' => 'VTI',
+'ipsec mode transport' => 'Transport',
+'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'IPsec-Netzwerk',
'ipsec no connections' => 'Keine aktiven IPsec-Verbindungen',
+'ipsec settings' => 'IPsec-Einstellungen',
'iptable rules' => 'IPTable-Regeln',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
'load printer' => 'Lade Drucker',
'loaded modules' => 'Geladene Module:',
'local hard disk' => 'Festplatte',
+'local ip address' => 'Lokale IP-Adresse',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Lokaler NTP Server angegeben aber nicht aktiviert',
'local subnet' => 'Lokales Subnetz:',
'mpfire search' => 'MPFire Suche',
'mpfire songs' => 'MPFire Songliste',
'mpfire webradio' => 'MPFire Webradio',
+'mtu' => 'MTU',
'mtu QoS' => 'Diese Einstellung ändert die MTU nicht global sondern nur für das QoS.',
'my new share' => 'Meine neue Freigabe',
'name' => 'Name',
'no modem selected' => 'Kein Modem ausgewählt',
'no set selected' => 'Es wurde kein Satz ausgewählt',
'no time limit' => 'unbregenzte Zeit',
+'none' => 'keiner',
'none found' => 'nichts gefunden',
'nonetworkname' => 'Kein Netzwerkname wurde eingegeben',
'noservicename' => 'Kein Dienstname wurde eingegeben',
'psk' => 'PSK',
'pulse' => 'Puls',
'pulse dial' => 'Pulswahl:',
+'qos add subclass' => 'Unterklasse hinzufügen',
'qos enter bandwidths' => 'Bitte geben Sie ihre Downstream- und Upstream-Bandbreite an!',
'qos graphs' => 'Qos Diagramme',
'qos warning' => 'Die Regel <strong>muss</strong> wieder gespeichert werden, ansonsten wird sie verworfen!',
'rsvd dst port overlap' => 'Dieser Zielportbereich überlappt mit einem Port, der für die ausschließliche Benutzung durch IPFire reserviert ist:',
'rsvd src port overlap' => 'Dieser Quellportbereich überlappt mit einem Port, der für die ausschließliche Benutzung durch IPFire reserviert ist:',
'rules already up to date' => 'Regeln sind schon aktuell',
+ 'runmode' => 'Runmode',
'running' => 'LÄUFT',
'safe removal of umounted device' => 'Sie können gefahrlos das abgemeldete Gerät entfernen',
'samba' => 'Samba',
'smtphost' => 'Smtp Host',
'smtpport' => 'Smtp Port',
'snat new source ip address' => 'Neue Quell-IP-Adresse',
- 'snort hits' => 'Gesamtanzahl der aktivierten Intrusion-Regeln für',
- 'snort working' => 'Snort führt gerade eine Aufgabe aus... Bitte warten Sie, bis diese erfolgreich beendet wurde.',
'socket options' => 'Socket Options',
'software version' => 'Software-Version',
'sort ascending' => 'Sortiere aufsteigend',
'subject warn' => 'Warnung - Warnlevel erreicht',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netzmaske ist ungültig',
+'subnet mask' => 'Subnetzmaske',
'subscripted user rules' => 'Sourcefire VRT Regeln mit Abonnement',
'successfully refreshed updates list' => 'Update-Liste erfolgreich aktualisiert.',
'summaries kept' => 'Zusammenfassungen aufheben für',
'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
'system information' => 'Systeminformationen',
+ 'system is offline' => 'Das System ist offline.',
'system log viewer' => 'Betrachter der Systemprotokolldateien',
'system logs' => 'Systemprotokolldateien',
'system status information' => 'System-Statusinformationen',
'trafficto' => 'Nach',
'transfer limits' => 'Transferbeschränkungen',
'transparent on' => 'Transparent auf',
+'transport mode does not support vti' => 'VTI wird im Transport-Modus nicht unterstützt',
'tripwire' => 'Tripwire',
'tripwire cronjob' => 'Tripwire Cronjob',
'tripwire functions' => 'Tripwire Funktionen',
'unnamed' => 'Unbenannt',
'update' => 'Aktualisieren',
'update accelerator' => 'Update-Accelerator',
+ 'update ruleset' => 'Regelsatz aktualisieren',
'update time' => 'Aktualisiere die Uhrzeit:',
'update transcript' => 'Aktualisieren',
'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen',
'vpn connecting' => 'VERBINDUNGSAUFBAU',
'vpn delayed start' => 'Verzögerung, bevor VPN gestartet wird (Sek.)',
'vpn delayed start help' => 'Falls notwendig, kann diese Verzögerung dazu verwendet werden, um Dynamic-DNS-Updates ordnungsgemäß anzuwenden. 60 ist ein gängiger Wert, wenn ROT (RED) eine dynamische IP Adresse ist.',
+'vpn force mobike' => 'MOBIKE erzwingen (nur IKEv2)',
'vpn inactivity timeout' => 'Inaktivitätstimeout',
'vpn incompatible use of defaultroute' => 'Hostname=%defaultroute nicht zulässig',
'vpn keyexchange' => 'Schlüsseltausch',
'vpn start action add' => 'Auf Verbindungseingang warten',
'vpn start action route' => 'Bei Bedarf',
'vpn start action start' => 'Immer An',
-'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
-'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
+'vpn statistic n2n' => 'VPN: Netz-zu-Netz-Statistik',
+'vpn statistic rw' => 'VPN: Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
'vpn wait' => 'WARTE',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'ConnSched time' => 'Time:',
'ConnSched up' => 'Up',
'ConnSched weekdays' => 'Days of the week:',
+ 'Daily' => 'Daily',
+ 'Disabled' => 'Disabled',
'Edit an existing route' => 'Edit an existing route',
'Enter TOS' => 'Activate or deactivate TOS-bits <br /> and then press <i>Save</i>.',
'Existing Files' => 'Files in database',
'Utilization on' => 'Utilization on',
'Verbose' => 'Verbose:',
'WakeOnLan' => 'Wake On Lan',
+ 'Weekly' => 'Weekly',
'a ca certificate with this name already exists' => 'A CA certificate with this name already exists.',
'a connection with this common name already exists' => 'A connection with this common name already exists.',
'a connection with this name already exists' => 'A connection with this name already exists.',
'cron server' => 'CRON Server',
'crypto error' => 'Cryptographic error',
'crypto warning' => 'Cryptographic warning',
+'cryptographic settings' => 'Cryptographic Settings',
'current' => 'Current',
'current aliases' => 'Current aliases',
'current class' => 'Current class',
'deep scan directories' => 'Scan recursive',
'def lease time' => 'Default Lease Time',
'default' => 'Default',
+'default IP address' => 'Default IP Address',
'default ip' => 'Default IP address',
'default lease time' => 'Default lease time (mins):',
'default networks' => 'Default networks',
'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.',
'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!',
'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.',
+'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)',
+'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)',
'dns header' => 'Assign DNS server addresses only for DHCP on red0',
'dns list' => 'List of free public DNS servers',
'dns menu' => 'Assign DNS-Server',
'email usemail' => 'Activate Mail Service',
'emailreportlevel' => 'E-mailreportlevel',
'emerging rules' => 'Emergingthreats.net Community Rules',
+ 'emerging pro rules' => 'Emergingthreats.net Pro Rules',
'empty' => 'This field may be left blank',
'empty profile' => 'empty',
'enable ignore filter' => 'Enable ignore filter',
'idle' => 'Idle',
'idle timeout' => 'Idle timeout (mins; 0 to disable):',
'idle timeout not set' => 'Idle timeout not set.',
- 'ids log viewer' => 'IDS log viewer',
- 'ids logs' => 'IDS Logs',
- 'ids preprocessor' => 'IDS preprocessor',
- 'ids rules license' => 'To utilize Sourcefire VRT Certified Rules, you need to register on',
- 'ids rules license1' => '.',
- 'ids rules license2' => 'Acknowledge the license, activate your account by visiting the url you got via mail. Then go to',
- 'ids rules license3' => 'press the "Generate code"-button and copy the 40 character Oinkcode into the field below.',
- 'ids rules update' => 'Snort rules update',
+ 'ids apply' => 'Apply',
+ 'ids apply ruleset changes' => 'The ruleset changes will be applied ... Please wait until all operations have completed successfully.',
+ 'ids automatic rules update' => 'Automatic rules update',
+ 'ids traffic analyze' => 'Traffic analyzing',
+ 'ids active on' => 'Active on',
+ 'ids download new ruleset' => 'Downloading and unpacking new ruleset ... Please wait until all operations have completed successfully.',
+ 'ids enable' => 'Enable Intrusion Prevention System',
+ 'ids hide' => 'Hide',
+ 'ids ignored hosts' => 'Ignored hosts',
+ 'ids log hits' => 'Total of number of activated rules for',
+ 'ids log viewer' => 'IPS log viewer',
+ 'ids logs' => 'IPS Logs',
+ 'ids monitored interfaces' => 'Monitored interfaces',
+ 'ids monitor traffic only' => 'Monitor traffic only',
+ 'ids no network zone' => 'At least one network zone has to be monitored!',
+ 'ids no ruleset available' => 'No ruleset available, please download one!',
+ 'ids oinkcode required' => 'The selected ruleset requires a subscription or an oinkcode',
+ 'ids ruleset settings' => 'Ruleset settings',
+ 'ids rules update' => 'IPS rules',
+ 'ids ruleset autoupdate in progress' => 'Ruleset update in progress ... Please wait until all operations have completed successfully.',
+ 'ids show' => 'Show',
+ 'ids working' => 'Changes will be applied ... Please wait until all operations have completed successfully.',
'iface' => 'Iface',
'ignore filter' => 'Ignore filter',
'ike encryption' => 'IKE Encryption:',
'instant update' => 'Instant Update',
'integrity' => 'Integrity:',
'interface' => 'Interface',
+'interface mode' => 'Interface',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
- 'intrusion detection' => 'Intrusion Detection',
- 'intrusion detection system' => 'Intrusion Detection System',
- 'intrusion detection system log viewer' => 'Intrusion Detection System Log Viewer',
- 'intrusion detection system rules' => 'intrusion detection system rules',
- 'intrusion detection system2' => 'Intrusion Detection System:',
+ 'intrusion detection' => 'Intrusion Prevention',
+ 'intrusion detection system' => 'Intrusion Prevention System',
+ 'intrusion detection system log viewer' => 'Intrusion Prevention System Log Viewer',
+ 'intrusion detection system rules' => 'Ruleset',
+ 'intrusion detection system2' => 'Intrusion Prevention System',
+ 'intrusion prevention system' => 'Intrusion Prevention System',
'invalid broadcast ip' => 'Invalid broadcast IP',
'invalid cache size' => 'Invalid cache size.',
'invalid characters found in pre-shared key' => 'Invalid characters found in pre-shared key.',
'invalid input for hostname' => 'Invalid input for hostname.',
'invalid input for ike lifetime' => 'Invalid input for IKE lifetime',
'invalid input for inactivity timeout' => 'Invalid input for Inactivity Timeout',
+'invalid input for interface address' => 'Invalid input for interface address',
+'invalid input for interface mode' => 'Invalid input for interface mode',
+'invalid input for interface mtu' => 'Invalid input to interface MTU',
'invalid input for keepalive 1' => 'Invalid input for Keepalive ping',
'invalid input for keepalive 1:2' => 'Invalid input for Keepalive use at least a ratio of 1:2',
'invalid input for keepalive 2' => 'Invalid input for Keepalive ping-restart',
+'invalid input for local ip address' => 'Invalid input for local IP address',
'invalid input for max clients' => 'Invalid input for Max Clients',
+'invalid input for mode' => 'Invalid input for mode',
'invalid input for name' => 'Invalid input for user\'s full name or system hostname',
'invalid input for oink code' => 'Invalid input for Oink code',
'invalid input for organization' => 'Invalid input for organization',
'ipfires hostname' => 'IPFire\'s Hostname',
'ipinfo' => 'IP info',
'ipsec' => 'IPsec',
+'ipsec connection' => 'IPsec Connection',
+'ipsec interface mode gre' => 'GRE',
+'ipsec interface mode none' => '- None (Default) -',
+'ipsec interface mode vti' => 'VTI',
+'ipsec mode transport' => 'Transport',
+'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'IPsec network',
'ipsec no connections' => 'No active IPsec connections',
+'ipsec settings' => 'IPsec Settings',
'iptable rules' => 'IPTable rules',
'iptmangles' => 'IPTable Mangles',
'iptnats' => 'IPTable Network Address Translation',
'load printer' => 'Load Printer',
'loaded modules' => 'Loaded modules:',
'local hard disk' => 'Hard disk',
+'local ip address' => 'Local IP Address',
'local master' => 'Local Master',
'local ntp server specified but not enabled' => 'Local NTP server specified but not enabled',
'local subnet' => 'Local subnet:',
'mpfire search' => 'MPFire Search',
'mpfire songs' => 'MPFire songlist',
'mpfire webradio' => 'MPFire Webradio',
+'mtu' => 'MTU',
'mtu QoS' => 'This does not change the global MTU, it only sets MTU for QoS.',
'my new share' => 'My new share',
'name' => 'Name',
'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:',
'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:',
'rules already up to date' => 'Rules already up to date',
+ 'runmode' => 'Runmode',
'running' => 'RUNNING',
'safe removal of umounted device' => 'You can safely remove the unmounted device',
'samba' => 'Samba',
'smtphost' => 'SMTP host',
'smtpport' => 'SMTP port',
'snat new source ip address' => 'New source IP address',
- 'snort hits' => 'Total of number of Intrusion rules activated for',
- 'snort working' => 'Snort is working ... Please wait until all operations have completed successfully.',
'socket options' => 'Socket options',
'software version' => 'Software Version',
'sort ascending' => 'Sort ascending',
'subject warn' => 'Warning - warnlevel reached',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
+'subnet mask' => 'Subnet Mask',
'subscripted user rules' => 'Sourcefire VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
'system has hwrng' => 'This system has a hardware random number generator.',
'system has rdrand' => 'This system has support for Intel(R) RDRAND.',
'system information' => 'System Information',
+ 'system is offline' => 'The system is offline.',
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',
'system status information' => 'System Status Information',
'trafficto' => 'To',
'transfer limits' => 'Transfer limits',
'transparent on' => 'Transparent on',
+'transport mode does not support vti' => 'VTI is not support in transport mode',
'tripwire' => 'Tripwire',
'tripwire cronjob' => 'tripwire cronjob',
'tripwire functions' => 'tripwire functions',
'unnamed' => 'Unnamed',
'update' => 'Update',
'update accelerator' => 'Update Accelerator',
+ 'update ruleset' => 'Update ruleset',
'update time' => 'Update the time:',
'update transcript' => 'Update transcript',
'updatedatabase' => 'Update Database with last report',
'vpn start action add' => 'Wait for connection initiation',
'vpn start action route' => 'On Demand',
'vpn start action start' => 'Always On',
-'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
-'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
+'vpn statistic n2n' => 'VPN: Net-to-Net Statistics',
+'vpn statistic rw' => 'VPN: Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn wait' => 'WAITING',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
menu.d modem optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
- proxy/calamaris/bin qos/bin red remote sensors snort time \
+ proxy/calamaris/bin qos/bin red remote sensors suricata time \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
isdn/settings mac/settings main/hosts main/routing main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
- qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
+ qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/aws-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices.default
# Oneliner configfiles
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
- echo "VPN_DELAYED_START=0" >>$(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
+ # Install snort to suricata converter.
+ cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
+
# Add conntrack helper default settings
for proto in FTP H323 IRC SIP TFTP; do \
echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
-VERSION="2.21" # Version number
-CORE="128" # Core Level (Filename)
-PAKFIRE_CORE="127" # Core Level (PAKFIRE)
+VERSION="2.23" # Version number
+CORE="130" # Core Level (Filename)
+PAKFIRE_CORE="129" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
CXXFLAGS="${CFLAGS}"
# Determine parallelism
- if [ -z "${MAKETUNING}" ]; then
- # We assume that each process consumes about
- # 192MB of memory. Therefore we find out how
- # many processes fit into memory.
- local mem_max=$(( ${HOST_MEM} / 192 ))
-
- local processors="$(system_processors)"
- local cpu_max=$(( ${processors} + 1 ))
-
- local parallelism
- if [ ${mem_max} -lt ${cpu_max} ]; then
- parallelism=${mem_max}
- else
- parallelism=${cpu_max}
- fi
-
- # limit to -j23 because perl will not build
- # more
- if [ ${parallelism} -gt 23 ]; then
- parallelism=23
- fi
-
- MAKETUNING="-j${parallelism}"
+ # We assume that each process consumes about
+ # 128MB of memory. Therefore we find out how
+ # many processes fit into memory.
+ local mem_max=$(( ${SYSTEM_MEMORY} / 128 ))
+ local cpu_max=$(( ${SYSTEM_PROCESSORS} + 1 ))
+
+ local parallelism
+ if [ ${mem_max} -lt ${cpu_max} ]; then
+ parallelism=${mem_max}
+ else
+ parallelism=${cpu_max}
fi
+ # Use this as default PARALLELISM
+ DEFAULT_PARALLELISM="${parallelism}"
+
# Compression parameters
# We use mode 8 for reasonable memory usage when decompressing
# but with overall good compression
# We need to limit memory because XZ uses too much when running
# in parallel and it isn't very smart in limiting itself.
# We allow XZ to use up to 70% of all system memory.
- local xz_memory=$(( HOST_MEM * 7 / 10 ))
+ local xz_memory=$(( SYSTEM_MEMORY * 7 / 10 ))
# XZ memory cannot be larger than 2GB on 32 bit systems
case "${build_arch}" in
# Setup environment
set +h
LC_ALL=POSIX
- export LFS LC_ALL CFLAGS CXXFLAGS MAKETUNING
+ export LFS LC_ALL CFLAGS CXXFLAGS DEFAULT_PARALLELISM
unset CC CXX CPP LD_LIBRARY_PATH LD_PRELOAD
# Make some extra directories
CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
KVER="${KVER}" \
XZ_OPT="${XZ_OPT}" \
+ DEFAULT_PARALLELISM="${DEFAULT_PARALLELISM}" \
+ SYSTEM_PROCESSORS="${SYSTEM_PROCESSORS}" \
+ SYSTEM_MEMORY="${SYSTEM_MEMORY}" \
$(fake_environ) \
$(qemu_environ) \
"$@"
CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
- MAKETUNING="${MAKETUNING}" \
+ DEFAULT_PARALLELISM="${DEFAULT_PARALLELISM}" \
+ SYSTEM_PROCESSORS="${SYSTEM_PROCESSORS}" \
+ SYSTEM_MEMORY="${SYSTEM_MEMORY}" \
make -f $* \
TOOLCHAIN=1 \
TOOLS_DIR="${TOOLS_DIR}" \
enterchroot \
${EXTRA_PATH}bash -x -c "cd /usr/src/lfs && \
- MAKETUNING=${MAKETUNING} \
make -f $* \
LFS_BASEDIR=/usr/src install" \
>> ${LOGFILE} 2>&1 &
unset TARGET_ARCH
fi
-# Get the amount of memory in this build system
-HOST_MEM=$(system_memory)
+# Get some information about the host system
+SYSTEM_PROCESSORS="$(system_processors)"
+SYSTEM_MEMORY="$(system_memory)"
if [ -n "${BUILD_ARCH}" ]; then
configure_build "${BUILD_ARCH}"
lfsmake2 xr819-firmware
lfsmake2 zd1211-firmware
lfsmake2 rpi-firmware
+ lfsmake2 intel-microcode
lfsmake2 bc
lfsmake2 u-boot MKIMAGE=1
lfsmake2 cpio
lfsmake2 linux-initrd KCFG="-multi"
;;
esac
- lfsmake2 intel-microcode
lfsmake2 xtables-addons USPACE="1"
lfsmake2 libgpg-error
lfsmake2 libgcrypt
lfsmake2 attr
lfsmake2 acl
lfsmake2 libcap
+ lfsmake2 libcap-ng
lfsmake2 pciutils
lfsmake2 usbutils
lfsmake2 libxml2
lfsmake2 setserial
lfsmake2 setup
lfsmake2 libdnet
- lfsmake2 daq
- lfsmake2 snort
+ lfsmake2 yaml
+ lfsmake2 libhtp
+ lfsmake2 suricata
lfsmake2 oinkmaster
+ lfsmake2 ids-ruleset-sources
lfsmake2 squid
lfsmake2 squidguard
lfsmake2 calamaris
lfsmake2 borgbackup
lfsmake2 libedit
lfsmake2 knot
+ lfsmake2 spectre-meltdown-checker
+ lfsmake2 zabbix_agentd
}
buildinstaller() {
iptables -A INPUT -j GUARDIAN
iptables -A FORWARD -j GUARDIAN
+ # IPS (suricata) chains
+ iptables -N IPS
+ iptables -A INPUT -j IPS
+ iptables -A FORWARD -j IPS
+ iptables -A OUTPUT -j IPS
+
# Block non-established IPsec networks
iptables -N IPSECBLOCK
iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
iptables -N OVPNINPUT
iptables -A INPUT -j OVPNINPUT
- # Tor
+ # Tor (inbound and outbound)
iptables -N TOR_INPUT
iptables -A INPUT -j TOR_INPUT
+ iptables -N TOR_OUTPUT
+ iptables -A OUTPUT -j TOR_OUTPUT
# Jump into the actual firewall ruleset.
iptables -N INPUTFW
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
- # Populate IPsec block chain
- /usr/lib/firewall/ipsec-block
+ # Populate IPsec chains
+ /usr/lib/firewall/ipsec-policy
# Apply OpenVPN firewall rules
/usr/local/bin/openvpnctrl --firewall-rules