#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16
-# Tue Nov 28 19:31:51 2006
+# Wed Nov 29 00:06:35 2006
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
+CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
+CONFIG_IP_NF_TARGET_TARPIT=m
+CONFIG_IP_NF_NAT_SIP=m
+CONFIG_IP_NF_SIP=m
#
# Bridge: Netfilter Configuration
CONFIG_IEEE80211_CRYPT_WEP=m
# CONFIG_IEEE80211_CRYPT_CCMP is not set
# CONFIG_IEEE80211_CRYPT_TKIP is not set
+CONFIG_KLIPS=m
+
+#
+# KLIPS options
+#
+CONFIG_KLIPS_ESP=y
+CONFIG_KLIPS_AH=y
+CONFIG_KLIPS_AUTH_HMAC_MD5=y
+CONFIG_KLIPS_AUTH_HMAC_SHA1=y
+# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_3DES=y
+CONFIG_KLIPS_ENC_AES=y
+# CONFIG_KLIPS_ENC_NULL is not set
+CONFIG_KLIPS_IPCOMP=y
+CONFIG_KLIPS_DEBUG=y
#
# Device Drivers
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16
-# Tue Nov 28 19:33:09 2006
+# Wed Nov 29 00:35:50 2006
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
+CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
+CONFIG_IP_NF_TARGET_TARPIT=m
+CONFIG_IP_NF_NAT_SIP=m
+CONFIG_IP_NF_SIP=m
#
# Bridge: Netfilter Configuration
CONFIG_IEEE80211_CRYPT_WEP=m
# CONFIG_IEEE80211_CRYPT_CCMP is not set
# CONFIG_IEEE80211_CRYPT_TKIP is not set
+CONFIG_KLIPS=m
+
+#
+# KLIPS options
+#
+CONFIG_KLIPS_ESP=y
+CONFIG_KLIPS_AH=y
+CONFIG_KLIPS_AUTH_HMAC_MD5=y
+CONFIG_KLIPS_AUTH_HMAC_SHA1=y
+# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_3DES=y
+CONFIG_KLIPS_ENC_AES=y
+# CONFIG_KLIPS_ENC_NULL is not set
+CONFIG_KLIPS_IPCOMP=y
+CONFIG_KLIPS_DEBUG=y
#
# Device Drivers
KEYMAP=/usr/share/kbd/keymaps/i386/qwerty/de.map.gz
LANGUAGE=de
TIMEZONE=/usr/share/zoneinfo/posix/Europe/Berlin
-GREEN_ADDRESS=192.168.0.15
+GREEN_ADDRESS=192.168.180.30
GREEN_NETMASK=255.255.255.0
-GREEN_NETADDRESS=192.168.0.0
-GREEN_BROADCAST=192.168.0.255
+GREEN_NETADDRESS=192.168.180.0
+GREEN_BROADCAST=192.168.180.255
ROOT_PASSWORD=ipfire
ADMIN_PASSWORD=ipfire
--- /dev/null
+#usr/bin/glib-genmarshal
+#usr/bin/glib-gettextize
+#usr/bin/glib-mkenums
+#usr/bin/gobject-query
+#usr/include/glib-2.0
+#usr/include/glib-2.0/glib
+#usr/include/glib-2.0/glib-object.h
+#usr/include/glib-2.0/glib.h
+#usr/include/glib-2.0/glib/galloca.h
+#usr/include/glib-2.0/glib/garray.h
+#usr/include/glib-2.0/glib/gasyncqueue.h
+#usr/include/glib-2.0/glib/gatomic.h
+#usr/include/glib-2.0/glib/gbacktrace.h
+#usr/include/glib-2.0/glib/gcache.h
+#usr/include/glib-2.0/glib/gcompletion.h
+#usr/include/glib-2.0/glib/gconvert.h
+#usr/include/glib-2.0/glib/gdataset.h
+#usr/include/glib-2.0/glib/gdate.h
+#usr/include/glib-2.0/glib/gdir.h
+#usr/include/glib-2.0/glib/gerror.h
+#usr/include/glib-2.0/glib/gfileutils.h
+#usr/include/glib-2.0/glib/ghash.h
+#usr/include/glib-2.0/glib/ghook.h
+#usr/include/glib-2.0/glib/gi18n-lib.h
+#usr/include/glib-2.0/glib/gi18n.h
+#usr/include/glib-2.0/glib/giochannel.h
+#usr/include/glib-2.0/glib/gkeyfile.h
+#usr/include/glib-2.0/glib/glist.h
+#usr/include/glib-2.0/glib/gmacros.h
+#usr/include/glib-2.0/glib/gmain.h
+#usr/include/glib-2.0/glib/gmappedfile.h
+#usr/include/glib-2.0/glib/gmarkup.h
+#usr/include/glib-2.0/glib/gmem.h
+#usr/include/glib-2.0/glib/gmessages.h
+#usr/include/glib-2.0/glib/gnode.h
+#usr/include/glib-2.0/glib/goption.h
+#usr/include/glib-2.0/glib/gpattern.h
+#usr/include/glib-2.0/glib/gprimes.h
+#usr/include/glib-2.0/glib/gprintf.h
+#usr/include/glib-2.0/glib/gqsort.h
+#usr/include/glib-2.0/glib/gquark.h
+#usr/include/glib-2.0/glib/gqueue.h
+#usr/include/glib-2.0/glib/grand.h
+#usr/include/glib-2.0/glib/grel.h
+#usr/include/glib-2.0/glib/gscanner.h
+#usr/include/glib-2.0/glib/gshell.h
+#usr/include/glib-2.0/glib/gslice.h
+#usr/include/glib-2.0/glib/gslist.h
+#usr/include/glib-2.0/glib/gspawn.h
+#usr/include/glib-2.0/glib/gstdio.h
+#usr/include/glib-2.0/glib/gstrfuncs.h
+#usr/include/glib-2.0/glib/gstring.h
+#usr/include/glib-2.0/glib/gthread.h
+#usr/include/glib-2.0/glib/gthreadpool.h
+#usr/include/glib-2.0/glib/gtimer.h
+#usr/include/glib-2.0/glib/gtree.h
+#usr/include/glib-2.0/glib/gtypes.h
+#usr/include/glib-2.0/glib/gunicode.h
+#usr/include/glib-2.0/glib/gutils.h
+#usr/include/glib-2.0/glib/gwin32.h
+#usr/include/glib-2.0/gmodule.h
+#usr/include/glib-2.0/gobject
+#usr/include/glib-2.0/gobject/gboxed.h
+#usr/include/glib-2.0/gobject/gclosure.h
+#usr/include/glib-2.0/gobject/genums.h
+#usr/include/glib-2.0/gobject/gmarshal.h
+#usr/include/glib-2.0/gobject/gobject.h
+#usr/include/glib-2.0/gobject/gobjectnotifyqueue.c
+#usr/include/glib-2.0/gobject/gparam.h
+#usr/include/glib-2.0/gobject/gparamspecs.h
+#usr/include/glib-2.0/gobject/gsignal.h
+#usr/include/glib-2.0/gobject/gsourceclosure.h
+#usr/include/glib-2.0/gobject/gtype.h
+#usr/include/glib-2.0/gobject/gtypemodule.h
+#usr/include/glib-2.0/gobject/gtypeplugin.h
+#usr/include/glib-2.0/gobject/gvalue.h
+#usr/include/glib-2.0/gobject/gvaluearray.h
+#usr/include/glib-2.0/gobject/gvaluecollector.h
+#usr/include/glib-2.0/gobject/gvaluetypes.h
+#usr/lib/glib-2.0
+#usr/lib/glib-2.0/include
+#usr/lib/glib-2.0/include/glibconfig.h
+#usr/lib/libglib-2.0.la
+usr/lib/libglib-2.0.so
+usr/lib/libglib-2.0.so.0
+usr/lib/libglib-2.0.so.0.902.4
+#usr/lib/libgmodule-2.0.la
+usr/lib/libgmodule-2.0.so
+usr/lib/libgmodule-2.0.so.0
+usr/lib/libgmodule-2.0.so.0.902.4
+#usr/lib/libgobject-2.0.la
+usr/lib/libgobject-2.0.so
+usr/lib/libgobject-2.0.so.0
+usr/lib/libgobject-2.0.so.0.902.4
+#usr/lib/libgthread-2.0.la
+usr/lib/libgthread-2.0.so
+usr/lib/libgthread-2.0.so.0
+usr/lib/libgthread-2.0.so.0.902.4
+#usr/lib/pkgconfig/glib-2.0.pc
+#usr/lib/pkgconfig/gmodule-2.0.pc
+#usr/lib/pkgconfig/gmodule-export-2.0.pc
+#usr/lib/pkgconfig/gmodule-no-export-2.0.pc
+#usr/lib/pkgconfig/gobject-2.0.pc
+#usr/lib/pkgconfig/gthread-2.0.pc
+#usr/man/man1/glib-genmarshal.1
+#usr/man/man1/glib-gettextize.1
+#usr/man/man1/glib-mkenums.1
+#usr/man/man1/gobject-query.1
+#usr/share/aclocal/glib-2.0.m4
+#usr/share/aclocal/glib-gettext.m4
+#usr/share/glib-2.0
+#usr/share/glib-2.0/gettext
+#usr/share/glib-2.0/gettext/mkinstalldirs
+#usr/share/glib-2.0/gettext/po
+#usr/share/glib-2.0/gettext/po/Makefile.in.in
+#usr/share/gtk-doc/html/glib
+#usr/share/gtk-doc/html/glib/file-name-encodings.png
+#usr/share/gtk-doc/html/glib/glib-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Asynchronous-Queues.html
+#usr/share/gtk-doc/html/glib/glib-Atomic-Operations.html
+#usr/share/gtk-doc/html/glib/glib-Automatic-String-Completion.html
+#usr/share/gtk-doc/html/glib/glib-Balanced-Binary-Trees.html
+#usr/share/gtk-doc/html/glib/glib-Basic-Types.html
+#usr/share/gtk-doc/html/glib/glib-Byte-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Byte-Order-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Caches.html
+#usr/share/gtk-doc/html/glib/glib-Character-Set-Conversion.html
+#usr/share/gtk-doc/html/glib/glib-Commandline-option-parser.html
+#usr/share/gtk-doc/html/glib/glib-Datasets.html
+#usr/share/gtk-doc/html/glib/glib-Date-and-Time-Functions.html
+#usr/share/gtk-doc/html/glib/glib-Double-ended-Queues.html
+#usr/share/gtk-doc/html/glib/glib-Doubly-Linked-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Dynamic-Loading-of-Modules.html
+#usr/share/gtk-doc/html/glib/glib-Error-Reporting.html
+#usr/share/gtk-doc/html/glib/glib-File-Utilities.html
+#usr/share/gtk-doc/html/glib/glib-Glob-style-pattern-matching.html
+#usr/share/gtk-doc/html/glib/glib-Hash-Tables.html
+#usr/share/gtk-doc/html/glib/glib-Hook-Functions.html
+#usr/share/gtk-doc/html/glib/glib-I18N.html
+#usr/share/gtk-doc/html/glib/glib-IO-Channels.html
+#usr/share/gtk-doc/html/glib/glib-Key-value-file-parser.html
+#usr/share/gtk-doc/html/glib/glib-Keyed-Data-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Lexical-Scanner.html
+#usr/share/gtk-doc/html/glib/glib-Limits-of-Basic-Types.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Allocation.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Allocators.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Chunks.html
+#usr/share/gtk-doc/html/glib/glib-Memory-Slices.html
+#usr/share/gtk-doc/html/glib/glib-Message-Logging.html
+#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Utility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-N-ary-Trees.html
+#usr/share/gtk-doc/html/glib/glib-Numerical-Definitions.html
+#usr/share/gtk-doc/html/glib/glib-Pointer-Arrays.html
+#usr/share/gtk-doc/html/glib/glib-Quarks.html
+#usr/share/gtk-doc/html/glib/glib-Random-Numbers.html
+#usr/share/gtk-doc/html/glib/glib-Relations-and-Tuples.html
+#usr/share/gtk-doc/html/glib/glib-Shell-related-Utilities.html
+#usr/share/gtk-doc/html/glib/glib-Simple-XML-Subset-Parser.html
+#usr/share/gtk-doc/html/glib/glib-Singly-Linked-Lists.html
+#usr/share/gtk-doc/html/glib/glib-Spawning-Processes.html
+#usr/share/gtk-doc/html/glib/glib-Standard-Macros.html
+#usr/share/gtk-doc/html/glib/glib-String-Chunks.html
+#usr/share/gtk-doc/html/glib/glib-String-Utility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-Strings.html
+#usr/share/gtk-doc/html/glib/glib-The-Main-Event-Loop.html
+#usr/share/gtk-doc/html/glib/glib-Thread-Pools.html
+#usr/share/gtk-doc/html/glib/glib-Threads.html
+#usr/share/gtk-doc/html/glib/glib-Timers.html
+#usr/share/gtk-doc/html/glib/glib-Trash-Stacks.html
+#usr/share/gtk-doc/html/glib/glib-Type-Conversion-Macros.html
+#usr/share/gtk-doc/html/glib/glib-Unicode-Manipulation.html
+#usr/share/gtk-doc/html/glib/glib-Version-Information.html
+#usr/share/gtk-doc/html/glib/glib-Warnings-and-Assertions.html
+#usr/share/gtk-doc/html/glib/glib-Windows-Compatibility-Functions.html
+#usr/share/gtk-doc/html/glib/glib-building.html
+#usr/share/gtk-doc/html/glib/glib-changes.html
+#usr/share/gtk-doc/html/glib/glib-compiling.html
+#usr/share/gtk-doc/html/glib/glib-core.html
+#usr/share/gtk-doc/html/glib/glib-cross-compiling.html
+#usr/share/gtk-doc/html/glib/glib-data-types.html
+#usr/share/gtk-doc/html/glib/glib-fundamentals.html
+#usr/share/gtk-doc/html/glib/glib-gettextize.html
+#usr/share/gtk-doc/html/glib/glib-resources.html
+#usr/share/gtk-doc/html/glib/glib-running.html
+#usr/share/gtk-doc/html/glib/glib-utilities.html
+#usr/share/gtk-doc/html/glib/glib.devhelp
+#usr/share/gtk-doc/html/glib/glib.devhelp2
+#usr/share/gtk-doc/html/glib/glib.html
+#usr/share/gtk-doc/html/glib/home.png
+#usr/share/gtk-doc/html/glib/index.html
+#usr/share/gtk-doc/html/glib/index.sgml
+#usr/share/gtk-doc/html/glib/ix01.html
+#usr/share/gtk-doc/html/glib/ix02.html
+#usr/share/gtk-doc/html/glib/ix03.html
+#usr/share/gtk-doc/html/glib/ix04.html
+#usr/share/gtk-doc/html/glib/ix05.html
+#usr/share/gtk-doc/html/glib/ix06.html
+#usr/share/gtk-doc/html/glib/ix07.html
+#usr/share/gtk-doc/html/glib/left.png
+#usr/share/gtk-doc/html/glib/mainloop-states.gif
+#usr/share/gtk-doc/html/glib/right.png
+#usr/share/gtk-doc/html/glib/style.css
+#usr/share/gtk-doc/html/glib/tools.html
+#usr/share/gtk-doc/html/glib/up.png
+#usr/share/gtk-doc/html/gobject
+#usr/share/gtk-doc/html/gobject/GTypeModule.html
+#usr/share/gtk-doc/html/gobject/GTypePlugin.html
+#usr/share/gtk-doc/html/gobject/ch01.html
+#usr/share/gtk-doc/html/gobject/ch01s02.html
+#usr/share/gtk-doc/html/gobject/ch02.html
+#usr/share/gtk-doc/html/gobject/ch06s03.html
+#usr/share/gtk-doc/html/gobject/ch07s02.html
+#usr/share/gtk-doc/html/gobject/ch07s03.html
+#usr/share/gtk-doc/html/gobject/chapter-gobject.html
+#usr/share/gtk-doc/html/gobject/chapter-signal.html
+#usr/share/gtk-doc/html/gobject/glib-genmarshal.html
+#usr/share/gtk-doc/html/gobject/glib-mkenums.html
+#usr/share/gtk-doc/html/gobject/glue.png
+#usr/share/gtk-doc/html/gobject/gobject-Boxed-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-Closures.html
+#usr/share/gtk-doc/html/gobject/gobject-Enumeration-and-Flag-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-GParamSpec.html
+#usr/share/gtk-doc/html/gobject/gobject-Generic-values.html
+#usr/share/gtk-doc/html/gobject/gobject-Signals.html
+#usr/share/gtk-doc/html/gobject/gobject-Standard-Parameter-and-Value-Types.html
+#usr/share/gtk-doc/html/gobject/gobject-The-Base-Object-Type.html
+#usr/share/gtk-doc/html/gobject/gobject-Type-Information.html
+#usr/share/gtk-doc/html/gobject/gobject-Value-arrays.html
+#usr/share/gtk-doc/html/gobject/gobject-Varargs-Value-Collection.html
+#usr/share/gtk-doc/html/gobject/gobject-memory.html
+#usr/share/gtk-doc/html/gobject/gobject-properties.html
+#usr/share/gtk-doc/html/gobject/gobject-query.html
+#usr/share/gtk-doc/html/gobject/gobject.devhelp
+#usr/share/gtk-doc/html/gobject/gobject.devhelp2
+#usr/share/gtk-doc/html/gobject/gtype-conventions.html
+#usr/share/gtk-doc/html/gobject/gtype-instantiable-classed.html
+#usr/share/gtk-doc/html/gobject/gtype-non-instantiable-classed.html
+#usr/share/gtk-doc/html/gobject/gtype-non-instantiable.html
+#usr/share/gtk-doc/html/gobject/home.png
+#usr/share/gtk-doc/html/gobject/howto-gobject-chainup.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-code.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-construction.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-destruction.html
+#usr/share/gtk-doc/html/gobject/howto-gobject-methods.html
+#usr/share/gtk-doc/html/gobject/howto-gobject.html
+#usr/share/gtk-doc/html/gobject/howto-interface-implement.html
+#usr/share/gtk-doc/html/gobject/howto-interface-properties.html
+#usr/share/gtk-doc/html/gobject/howto-interface.html
+#usr/share/gtk-doc/html/gobject/howto-signals.html
+#usr/share/gtk-doc/html/gobject/index.html
+#usr/share/gtk-doc/html/gobject/index.sgml
+#usr/share/gtk-doc/html/gobject/ix01.html
+#usr/share/gtk-doc/html/gobject/ix02.html
+#usr/share/gtk-doc/html/gobject/ix03.html
+#usr/share/gtk-doc/html/gobject/ix04.html
+#usr/share/gtk-doc/html/gobject/ix05.html
+#usr/share/gtk-doc/html/gobject/ix06.html
+#usr/share/gtk-doc/html/gobject/ix07.html
+#usr/share/gtk-doc/html/gobject/left.png
+#usr/share/gtk-doc/html/gobject/pr01.html
+#usr/share/gtk-doc/html/gobject/pt01.html
+#usr/share/gtk-doc/html/gobject/pt02.html
+#usr/share/gtk-doc/html/gobject/pt03.html
+#usr/share/gtk-doc/html/gobject/right.png
+#usr/share/gtk-doc/html/gobject/rn01.html
+#usr/share/gtk-doc/html/gobject/rn02.html
+#usr/share/gtk-doc/html/gobject/signal.html
+#usr/share/gtk-doc/html/gobject/style.css
+#usr/share/gtk-doc/html/gobject/tools-ginspector.html
+#usr/share/gtk-doc/html/gobject/tools-gob.html
+#usr/share/gtk-doc/html/gobject/tools-gtkdoc.html
+#usr/share/gtk-doc/html/gobject/tools-refdb.html
+#usr/share/gtk-doc/html/gobject/up.png
+#usr/share/locale/am
+#usr/share/locale/am/LC_MESSAGES
+#usr/share/locale/am/LC_MESSAGES/glib20.mo
+#usr/share/locale/ar
+#usr/share/locale/ar/LC_MESSAGES
+#usr/share/locale/ar/LC_MESSAGES/glib20.mo
+#usr/share/locale/az
+#usr/share/locale/az/LC_MESSAGES
+#usr/share/locale/az/LC_MESSAGES/glib20.mo
+#usr/share/locale/be/LC_MESSAGES/glib20.mo
+#usr/share/locale/bg
+#usr/share/locale/bg/LC_MESSAGES
+#usr/share/locale/bg/LC_MESSAGES/glib20.mo
+#usr/share/locale/bn
+#usr/share/locale/bn/LC_MESSAGES
+#usr/share/locale/bn/LC_MESSAGES/glib20.mo
+#usr/share/locale/bs
+#usr/share/locale/bs/LC_MESSAGES
+#usr/share/locale/bs/LC_MESSAGES/glib20.mo
+#usr/share/locale/ca/LC_MESSAGES/glib20.mo
+#usr/share/locale/cs/LC_MESSAGES/glib20.mo
+#usr/share/locale/cy
+#usr/share/locale/cy/LC_MESSAGES
+#usr/share/locale/cy/LC_MESSAGES/glib20.mo
+#usr/share/locale/da/LC_MESSAGES/glib20.mo
+#usr/share/locale/de/LC_MESSAGES/glib20.mo
+#usr/share/locale/el/LC_MESSAGES/glib20.mo
+#usr/share/locale/en_CA
+#usr/share/locale/en_CA/LC_MESSAGES
+#usr/share/locale/en_CA/LC_MESSAGES/glib20.mo
+#usr/share/locale/en_GB/LC_MESSAGES/glib20.mo
+#usr/share/locale/eo
+#usr/share/locale/eo/LC_MESSAGES
+#usr/share/locale/eo/LC_MESSAGES/glib20.mo
+#usr/share/locale/es/LC_MESSAGES/glib20.mo
+#usr/share/locale/et/LC_MESSAGES/glib20.mo
+#usr/share/locale/eu
+#usr/share/locale/eu/LC_MESSAGES
+#usr/share/locale/eu/LC_MESSAGES/glib20.mo
+#usr/share/locale/fa
+#usr/share/locale/fa/LC_MESSAGES
+#usr/share/locale/fa/LC_MESSAGES/glib20.mo
+#usr/share/locale/fi/LC_MESSAGES/glib20.mo
+#usr/share/locale/fr/LC_MESSAGES/glib20.mo
+#usr/share/locale/ga
+#usr/share/locale/ga/LC_MESSAGES
+#usr/share/locale/ga/LC_MESSAGES/glib20.mo
+#usr/share/locale/gl/LC_MESSAGES/glib20.mo
+#usr/share/locale/gu
+#usr/share/locale/gu/LC_MESSAGES
+#usr/share/locale/gu/LC_MESSAGES/glib20.mo
+#usr/share/locale/he
+#usr/share/locale/he/LC_MESSAGES
+#usr/share/locale/he/LC_MESSAGES/glib20.mo
+#usr/share/locale/hi
+#usr/share/locale/hi/LC_MESSAGES
+#usr/share/locale/hi/LC_MESSAGES/glib20.mo
+#usr/share/locale/hr/LC_MESSAGES/glib20.mo
+#usr/share/locale/hu/LC_MESSAGES/glib20.mo
+#usr/share/locale/id
+#usr/share/locale/id/LC_MESSAGES
+#usr/share/locale/id/LC_MESSAGES/glib20.mo
+#usr/share/locale/is
+#usr/share/locale/is/LC_MESSAGES
+#usr/share/locale/is/LC_MESSAGES/glib20.mo
+#usr/share/locale/it/LC_MESSAGES/glib20.mo
+#usr/share/locale/ja/LC_MESSAGES/glib20.mo
+#usr/share/locale/ko/LC_MESSAGES/glib20.mo
+#usr/share/locale/ku
+#usr/share/locale/ku/LC_MESSAGES
+#usr/share/locale/ku/LC_MESSAGES/glib20.mo
+#usr/share/locale/lt
+#usr/share/locale/lt/LC_MESSAGES
+#usr/share/locale/lt/LC_MESSAGES/glib20.mo
+#usr/share/locale/lv
+#usr/share/locale/lv/LC_MESSAGES
+#usr/share/locale/lv/LC_MESSAGES/glib20.mo
+#usr/share/locale/mk
+#usr/share/locale/mk/LC_MESSAGES
+#usr/share/locale/mk/LC_MESSAGES/glib20.mo
+#usr/share/locale/ml
+#usr/share/locale/ml/LC_MESSAGES
+#usr/share/locale/ml/LC_MESSAGES/glib20.mo
+#usr/share/locale/mn
+#usr/share/locale/mn/LC_MESSAGES
+#usr/share/locale/mn/LC_MESSAGES/glib20.mo
+#usr/share/locale/ms
+#usr/share/locale/ms/LC_MESSAGES
+#usr/share/locale/ms/LC_MESSAGES/glib20.mo
+#usr/share/locale/nb/LC_MESSAGES/glib20.mo
+#usr/share/locale/ne
+#usr/share/locale/ne/LC_MESSAGES
+#usr/share/locale/ne/LC_MESSAGES/glib20.mo
+#usr/share/locale/nl/LC_MESSAGES/glib20.mo
+#usr/share/locale/nn
+#usr/share/locale/nn/LC_MESSAGES
+#usr/share/locale/nn/LC_MESSAGES/glib20.mo
+#usr/share/locale/no
+#usr/share/locale/no/LC_MESSAGES
+#usr/share/locale/no/LC_MESSAGES/glib20.mo
+#usr/share/locale/or
+#usr/share/locale/or/LC_MESSAGES
+#usr/share/locale/or/LC_MESSAGES/glib20.mo
+#usr/share/locale/pa
+#usr/share/locale/pa/LC_MESSAGES
+#usr/share/locale/pa/LC_MESSAGES/glib20.mo
+#usr/share/locale/pl/LC_MESSAGES/glib20.mo
+#usr/share/locale/pt
+#usr/share/locale/pt/LC_MESSAGES
+#usr/share/locale/pt/LC_MESSAGES/glib20.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/glib20.mo
+#usr/share/locale/ro/LC_MESSAGES/glib20.mo
+#usr/share/locale/ru/LC_MESSAGES/glib20.mo
+#usr/share/locale/rw
+#usr/share/locale/rw/LC_MESSAGES
+#usr/share/locale/rw/LC_MESSAGES/glib20.mo
+#usr/share/locale/sk/LC_MESSAGES/glib20.mo
+#usr/share/locale/sl/LC_MESSAGES/glib20.mo
+#usr/share/locale/sq
+#usr/share/locale/sq/LC_MESSAGES
+#usr/share/locale/sq/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr
+#usr/share/locale/sr/LC_MESSAGES
+#usr/share/locale/sr/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr@Latn
+#usr/share/locale/sr@Latn/LC_MESSAGES
+#usr/share/locale/sr@Latn/LC_MESSAGES/glib20.mo
+#usr/share/locale/sr@ije
+#usr/share/locale/sr@ije/LC_MESSAGES
+#usr/share/locale/sr@ije/LC_MESSAGES/glib20.mo
+#usr/share/locale/sv/LC_MESSAGES/glib20.mo
+#usr/share/locale/ta
+#usr/share/locale/ta/LC_MESSAGES
+#usr/share/locale/ta/LC_MESSAGES/glib20.mo
+#usr/share/locale/te
+#usr/share/locale/te/LC_MESSAGES
+#usr/share/locale/te/LC_MESSAGES/glib20.mo
+#usr/share/locale/th
+#usr/share/locale/th/LC_MESSAGES
+#usr/share/locale/th/LC_MESSAGES/glib20.mo
+#usr/share/locale/tl
+#usr/share/locale/tl/LC_MESSAGES
+#usr/share/locale/tl/LC_MESSAGES/glib20.mo
+#usr/share/locale/tr/LC_MESSAGES/glib20.mo
+#usr/share/locale/tt
+#usr/share/locale/tt/LC_MESSAGES
+#usr/share/locale/tt/LC_MESSAGES/glib20.mo
+#usr/share/locale/uk/LC_MESSAGES/glib20.mo
+#usr/share/locale/vi
+#usr/share/locale/vi/LC_MESSAGES
+#usr/share/locale/vi/LC_MESSAGES/glib20.mo
+#usr/share/locale/wa
+#usr/share/locale/wa/LC_MESSAGES
+#usr/share/locale/wa/LC_MESSAGES/glib20.mo
+#usr/share/locale/xh
+#usr/share/locale/xh/LC_MESSAGES
+#usr/share/locale/xh/LC_MESSAGES/glib20.mo
+#usr/share/locale/yi
+#usr/share/locale/yi/LC_MESSAGES
+#usr/share/locale/yi/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_HK
+#usr/share/locale/zh_HK/LC_MESSAGES
+#usr/share/locale/zh_HK/LC_MESSAGES/glib20.mo
+#usr/share/locale/zh_TW/LC_MESSAGES/glib20.mo
--- /dev/null
+#etc/rc.d/init.d
+#etc/rc.d/init.d/kudzu
+#etc/sysconfig
+#etc/sysconfig/kudzu
+sbin/kudzu
+#usr/include/kudzu
+#usr/include/kudzu/adb.h
+#usr/include/kudzu/alias.h
+#usr/include/kudzu/ddc.h
+#usr/include/kudzu/device.h
+#usr/include/kudzu/firewire.h
+#usr/include/kudzu/ide.h
+#usr/include/kudzu/isapnp.h
+#usr/include/kudzu/keyboard.h
+#usr/include/kudzu/kudzu.h
+#usr/include/kudzu/macio.h
+#usr/include/kudzu/misc.h
+#usr/include/kudzu/modules.h
+#usr/include/kudzu/parallel.h
+#usr/include/kudzu/pci.h
+#usr/include/kudzu/pcmcia.h
+#usr/include/kudzu/psaux.h
+#usr/include/kudzu/sbus.h
+#usr/include/kudzu/scsi.h
+#usr/include/kudzu/serial.h
+#usr/include/kudzu/usb.h
+usr/lib/libkudzu.a
+usr/lib/libkudzu_loader.a
+#usr/lib/python2.4/site-packages/_kudzumodule.so
+#usr/lib/python2.4/site-packages/drv_libxml2.pyc
+#usr/lib/python2.4/site-packages/kudzu.py
+#usr/lib/python2.4/site-packages/kudzu.pyc
+#usr/lib/python2.4/site-packages/libxml2.pyc
+#usr/lib/python2.4/site-packages/snack.pyc
+usr/sbin/kudzu
+#usr/share/locale/ar/LC_MESSAGES/kudzu.mo
+#usr/share/locale/as
+#usr/share/locale/as/LC_MESSAGES
+#usr/share/locale/as/LC_MESSAGES/kudzu.mo
+#usr/share/locale/be/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bg/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bn_IN
+#usr/share/locale/bn_IN/LC_MESSAGES
+#usr/share/locale/bn_IN/LC_MESSAGES/kudzu.mo
+#usr/share/locale/bs/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ca/LC_MESSAGES/kudzu.mo
+#usr/share/locale/cs/LC_MESSAGES/kudzu.mo
+#usr/share/locale/cy/LC_MESSAGES/kudzu.mo
+#usr/share/locale/da/LC_MESSAGES/kudzu.mo
+#usr/share/locale/de/LC_MESSAGES/kudzu.mo
+#usr/share/locale/el/LC_MESSAGES/kudzu.mo
+#usr/share/locale/en_GB/LC_MESSAGES/kudzu.mo
+#usr/share/locale/es/LC_MESSAGES/kudzu.mo
+#usr/share/locale/et/LC_MESSAGES/kudzu.mo
+#usr/share/locale/eu_ES
+#usr/share/locale/eu_ES/LC_MESSAGES
+#usr/share/locale/eu_ES/LC_MESSAGES/kudzu.mo
+#usr/share/locale/fi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/fr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/gl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/gu/LC_MESSAGES/kudzu.mo
+#usr/share/locale/he/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hu/LC_MESSAGES/kudzu.mo
+#usr/share/locale/hy
+#usr/share/locale/hy/LC_MESSAGES
+#usr/share/locale/hy/LC_MESSAGES/kudzu.mo
+#usr/share/locale/id/LC_MESSAGES/kudzu.mo
+#usr/share/locale/is/LC_MESSAGES/kudzu.mo
+#usr/share/locale/it/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ja/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ka/LC_MESSAGES/kudzu.mo
+#usr/share/locale/kn
+#usr/share/locale/kn/LC_MESSAGES
+#usr/share/locale/kn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ko/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ku/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lo
+#usr/share/locale/lo/LC_MESSAGES
+#usr/share/locale/lo/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lt/LC_MESSAGES/kudzu.mo
+#usr/share/locale/lv/LC_MESSAGES/kudzu.mo
+#usr/share/locale/mk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ml/LC_MESSAGES/kudzu.mo
+#usr/share/locale/mr
+#usr/share/locale/mr/LC_MESSAGES
+#usr/share/locale/mr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ms/LC_MESSAGES/kudzu.mo
+#usr/share/locale/my
+#usr/share/locale/my/LC_MESSAGES
+#usr/share/locale/my/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nb/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/nn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/no/LC_MESSAGES/kudzu.mo
+#usr/share/locale/or/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pa/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pt/LC_MESSAGES/kudzu.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ro/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ru/LC_MESSAGES/kudzu.mo
+#usr/share/locale/si
+#usr/share/locale/si/LC_MESSAGES
+#usr/share/locale/si/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sl/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sq/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sr@Latn/LC_MESSAGES/kudzu.mo
+#usr/share/locale/sv/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ta/LC_MESSAGES/kudzu.mo
+#usr/share/locale/te/LC_MESSAGES/kudzu.mo
+#usr/share/locale/tr/LC_MESSAGES/kudzu.mo
+#usr/share/locale/uk/LC_MESSAGES/kudzu.mo
+#usr/share/locale/ur
+#usr/share/locale/ur/LC_MESSAGES
+#usr/share/locale/ur/LC_MESSAGES/kudzu.mo
+#usr/share/locale/vi/LC_MESSAGES/kudzu.mo
+#usr/share/locale/wa/LC_MESSAGES/kudzu.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/kudzu.mo
+#usr/share/locale/zh_TW/LC_MESSAGES/kudzu.mo
+#usr/share/man/man8/kudzu.8
--- /dev/null
+usr/bin/mc
+usr/bin/mcedit
+usr/bin/mcmfmt
+usr/bin/mcview
+#usr/lib/mc
+usr/lib/mc/cons.saver
+#usr/man/man1/mc.1
+#usr/man/man1/mcedit.1
+#usr/man/man1/mcview.1
+#usr/share/mc
+#usr/share/mc/bin
+usr/share/mc/bin/mc-wrapper.csh
+usr/share/mc/bin/mc-wrapper.sh
+usr/share/mc/bin/mc.csh
+usr/share/mc/bin/mc.sh
+usr/share/mc/cedit.menu
+usr/share/mc/edit.indent.rc
+usr/share/mc/edit.spell.rc
+#usr/share/mc/extfs
+usr/share/mc/extfs/README
+usr/share/mc/extfs/a
+usr/share/mc/extfs/apt
+usr/share/mc/extfs/audio
+usr/share/mc/extfs/bpp
+usr/share/mc/extfs/deb
+usr/share/mc/extfs/deba
+usr/share/mc/extfs/debd
+usr/share/mc/extfs/dpkg
+usr/share/mc/extfs/extfs.ini
+usr/share/mc/extfs/hp48
+usr/share/mc/extfs/lslR
+usr/share/mc/extfs/mailfs
+usr/share/mc/extfs/patchfs
+usr/share/mc/extfs/rpm
+usr/share/mc/extfs/rpms
+usr/share/mc/extfs/sfs.ini
+usr/share/mc/extfs/trpm
+usr/share/mc/extfs/uar
+usr/share/mc/extfs/uarj
+usr/share/mc/extfs/uha
+usr/share/mc/extfs/ulha
+usr/share/mc/extfs/urar
+usr/share/mc/extfs/uzip
+usr/share/mc/extfs/uzoo
+usr/share/mc/mc.ext
+usr/share/mc/mc.hint
+#usr/share/mc/mc.hint.cs
+#usr/share/mc/mc.hint.es
+#usr/share/mc/mc.hint.hu
+#usr/share/mc/mc.hint.it
+#usr/share/mc/mc.hint.nl
+#usr/share/mc/mc.hint.pl
+#usr/share/mc/mc.hint.ru
+#usr/share/mc/mc.hint.uk
+#usr/share/mc/mc.hint.zh
+usr/share/mc/mc.hlp
+usr/share/mc/mc.lib
+usr/share/mc/mc.menu
+#usr/share/mc/syntax
+usr/share/mc/syntax/Syntax
+usr/share/mc/syntax/ada95.syntax
+usr/share/mc/syntax/c.syntax
+usr/share/mc/syntax/changelog.syntax
+usr/share/mc/syntax/diff.syntax
+usr/share/mc/syntax/dos.syntax
+usr/share/mc/syntax/fortran.syntax
+usr/share/mc/syntax/html.syntax
+usr/share/mc/syntax/java.syntax
+usr/share/mc/syntax/js.syntax
+usr/share/mc/syntax/latex.syntax
+usr/share/mc/syntax/lisp.syntax
+usr/share/mc/syntax/lsm.syntax
+usr/share/mc/syntax/m4.syntax
+usr/share/mc/syntax/mail.syntax
+usr/share/mc/syntax/makefile.syntax
+usr/share/mc/syntax/ml.syntax
+usr/share/mc/syntax/nroff.syntax
+usr/share/mc/syntax/octave.syntax
+usr/share/mc/syntax/pascal.syntax
+usr/share/mc/syntax/perl.syntax
+usr/share/mc/syntax/php.syntax
+usr/share/mc/syntax/po.syntax
+usr/share/mc/syntax/python.syntax
+usr/share/mc/syntax/sh.syntax
+usr/share/mc/syntax/slang.syntax
+usr/share/mc/syntax/smalltalk.syntax
+usr/share/mc/syntax/spec.syntax
+usr/share/mc/syntax/sql.syntax
+usr/share/mc/syntax/swig.syntax
+usr/share/mc/syntax/syntax.syntax
+usr/share/mc/syntax/tcl.syntax
+usr/share/mc/syntax/texinfo.syntax
+usr/share/mc/syntax/unknown.syntax
+usr/share/mc/syntax/xml.syntax
+#usr/share/mc/term
+usr/share/mc/term/README.xterm
+usr/share/mc/term/ansi.ti
+usr/share/mc/term/linux.ti
+usr/share/mc/term/vt100.ti
+usr/share/mc/term/xterm.ad
+usr/share/mc/term/xterm.tcap
+usr/share/mc/term/xterm.ti
--- /dev/null
+usr/local/bin/getipstat
+#usr/local/bin/installfcdsl
+#usr/local/bin/installpackage
+#usr/local/bin/iowrap
+usr/local/bin/ipfirebackup
+usr/local/bin/ipfirebkcfg
+usr/local/bin/ipfirereboot
+usr/local/bin/ipfirerscfg
+usr/local/bin/ipsecctrl
+usr/local/bin/launch-ether-wake
+usr/local/bin/logwatch
+usr/local/bin/openvpnctrl
+usr/local/bin/qosctrl
+usr/local/bin/rebuildhosts
+usr/local/bin/restartapplejuice
+usr/local/bin/restartdhcp
+usr/local/bin/restartntpd
+usr/local/bin/restartsnort
+usr/local/bin/restartsquid
+usr/local/bin/restartssh
+usr/local/bin/restartsyslogd
+usr/local/bin/restartwireless
+usr/local/bin/setaliases
+usr/local/bin/setdate
+usr/local/bin/setdmzholes
+usr/local/bin/setfilters
+usr/local/bin/setportfw
+usr/local/bin/setxtaccess
+usr/local/bin/timecheckctrl
#usr/lib/perl5/5.8.8/i586-linux/CORE/warnings.h
usr/lib/perl5/5.8.8/i586-linux/Config.pm
#usr/lib/perl5/5.8.8/i586-linux/Config.pod
-#usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl
+usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl
usr/lib/perl5/5.8.8/i586-linux/Cwd.pm
usr/lib/perl5/5.8.8/i586-linux/DB_File.pm
#usr/lib/perl5/5.8.8/i586-linux/Data
#usr/lib/perl5/5.8.8/i586-linux/auto/DB_File
#usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.bs
usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.so
-#usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix
+usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix
#usr/lib/perl5/5.8.8/i586-linux/auto/Data
#usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper
#usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper/Dumper.bs
#usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.bs
usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.so
#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al
-#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al
+usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld
#usr/lib/perl5/5.8.8/i586-linux/auto/Encode
#usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte
#usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte/Byte.bs
#usr/lib/perl5/5.8.8/i586-linux/auto/File
#usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob
usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.bs
-#usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so
+usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so
#usr/lib/perl5/5.8.8/i586-linux/auto/Filter
#usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util
#usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util/Call
* openssh-4.3p2
* openssl-0.9.8d
* openswan-2.4.6
+* openswan-2.4.7
* openvpn-2.0.9
* pam_mysql-0.7RC1
* patch-2.5.4
cd $(DIR_APP) && install -m 0755 kudzu /install/initrd/bin/kudzu
cd $(DIR_APP) && install -m 0644 libkudzu.a /install/initrd/lib
cd $(DIR_APP) && install -m 0644 libkudzu_loader.a /install/initrd/lib
-# -mkdir -p /install/include/kudzu
-# cd $(DIR_APP) && install -m 0644 *.h /install/include/kudzu
else
+ rm -rf /usr/sbin/kudzu
cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make
cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install
cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install-program
CFLAGS =
CXXFLAGS =
-# Normal build or /tools build.
+# Normal build or SMP build.
#
-ifeq "$(PASS)" ""
- TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
-endif
-ifeq "$(PASS)" "S"
- TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
-endif
-ifeq "$(PASS)" "I"
- TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
+ifeq "$(SMP)" "1"
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
+else
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
endif
###############################################################################
# Top-level Rules
###############################################################################
objects =$(DL_FILE) \
- openswan-2.4.6.kernel-2.6-natt.patch.gz \
+ openswan-2.4.7.kernel-2.6-natt.patch.gz \
+ openswan-2.4.7.kernel-2.6-klips.patch.gz \
iptables-1.3.5.tar.bz2 \
- patch-o-matic-ng-20060206.tar.bz2 \
+ patch-o-matic-ng-20061210.tar.bz2 \
kbc_option_2420.patch \
net4801.kernel.patch_2.4.31 \
netfilter-layer7-v2.6.tar.gz \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
patch-$(PATCHLEVEL).gz = $(DL_FROM)/patch-$(PATCHLEVEL).gz
-openswan-2.4.6.kernel-2.6-natt.patch.gz = $(URL_IPFIRE)/openswan-2.4.6.kernel-2.6-natt.patch.gz
-patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
+openswan-2.4.7.kernel-2.6-natt.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-natt.patch.gz
+openswan-2.4.7.kernel-2.6-klips.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-klips.patch.gz
+patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch
net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
$(DL_FILE)_MD5 = 50695965725367f39007023feac5e256
patch-$(PATCHLEVEL).gz_MD5 = 4b09dd018286850c20c0f051ced7b583
-openswan-2.4.6.kernel-2.6-natt.patch.gz_MD5 = 398110db4372ea3acc45bd66d6d86eac
-patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566
+openswan-2.4.7.kernel-2.6-natt.patch.gz_MD5 = 980d8bbdb29a761b7f5aa852f373df62
+openswan-2.4.7.kernel-2.6-klips.patch.gz_MD5 = 5df0ffa2453488a407a23fc4ea4af879
+patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393
iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60
net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+ # Update kernel to latest patchlevel
cd $(DIR_APP) && zcat $(DIR_DL)/patch-$(PATCHLEVEL).gz | patch -p1
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.16.27-utf8_input-1.patch
# Remove patch level in EXTRAVERSION.
# (installed in a different place) if only one part could be updated
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
+ cd $(DIR_APP) && sed -i -e 's/gettext//' scripts/kconfig/lkc.h
- # Openswan-2
- # cd $(DIR_SRC) && zcat $(DIR_DL)/openswan-2.4.6.kernel-2.6-natt.patch.gz | patch -Np0
+ # Openswan 2
+ cd $(DIR_SRC) && rm -rf openswan-*
+ cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.7.tar.gz
+ cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-natt.patch.gz | patch -Np1
+ cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-klips.patch.gz | patch -Np1
+ cd $(DIR_SRC)/openswan-* && sed -i -e 's/INC_USRLOCAL=\/usr\/local/INC_USRLOCAL=\/usr/' Makefile.inc
# Patch-o-matic
cd $(DIR_SRC) && rm -rf iptables-*
cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
cd $(DIR_SRC) && rm -rf patch-o-matic*
- cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20060206.tar.bz2
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
+
+ cd $(DIR_SRC)/patch-o-matic-ng* && \
+ ./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ --iptables-path=$(ROOT)/usr/src/iptables/ \
+ TARPIT h323-conntrack-nat cuseeme-nat \
+ sip-conntrack-nat
+ # rtsp-conntrack-nat quake3-conntrack-nat mms-conntrack-nat
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pending
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ base
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ h323-conntrack-nat
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ cuseeme-nat
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ mms-conntrack-nat
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pptp-conntrack-nat
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ rtsp-conntrack
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ quake3-conntrack-nat
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ sip-conntrack-nat
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ip_queue_vwmark
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipp2p
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-01-output-hooks
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-02-input-hooks
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-03-policy-lookup
# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-04-policy-checks
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ TARPIT
- #layer7-patch
+ # Layer7-patch
cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/for_older_kernels/kernel-2.6.13-2.6.16-layer7-2.2.patch
# ip_conntrack permissions from 440 to 444
# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch
-ifeq "$(PASS)" ""
+ifeq "$(SMP)" ""
# Only do this once on the non-SMP pass
cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
endif
- # Olitec isdn gazel patch
-# cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.23-olitec-isdn.patch
-
- # Fix /proc/stat output
-# cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/linux-2.4.26-proc-stat.patch
-
- # Fix libata-core.c
- # cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.26-scsi.patch
-
- # frandom patch
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-frandom-2.patch
-
- # Propolice
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-ssp-1.patch
-
- # Support ppp-2.4.3 multilink behavior (terminate when no channel is connected)
- # need updated libpcap older than 0.8.3
- # cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp_generic-ppp-2.4.3_multilink.patch
-
- # R8169 clone D-link GSE-528T
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.29_r8169clone.patch
-
- # bootsplash
+ # Bootsplash
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bootsplash-3.1.6-2.6.15.diff
# Cleanup kernel source
cd $(DIR_APP) && make mrproper
-ifeq "$(PASS)" ""
+
+ifeq "$(SMP)" ""
cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE) $(DIR_APP)/.config
endif
-ifeq "$(PASS)" "S"
+ifeq "$(SMP)" "1"
cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).smp $(DIR_APP)/.config
endif
-ifeq "$(PASS)" "I"
- cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).installer $(DIR_APP)/.config
- cd $(DIR_APP) && sed -i -e 's/-O2/-Os/g' Makefile
-endif
cd $(DIR_APP) && make CC="$(KGCC)" oldconfig
- cd $(DIR_APP) && make CC="$(KGCC)" dep
cd $(DIR_APP) && make CC="$(KGCC)" clean
if [ "$(PASS)" = "" ]; then \
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
ln -sf System.map-$(VER) /boot/System.map; \
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
+ cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
+ cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
elif [ "$(PASS)" = "S" ]; then \
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =/EXTRAVERSION\ =\ -smp/' Makefile; \
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
ln -sf vmlinuz-$(VER)-smp /boot/vmlinuz-smp; \
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
- elif [ "$(PASS)" = "I" ]; then \
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
- cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-installer; \
- cd $(DIR_APP) && cp -v .config /boot/config-$(VER); \
+ cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
+ cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
fi
+
# remove symlinked pcmcia directory
-ifeq "$(PASS)" ""
+ifeq "$(SMP)" ""
rm -rf /lib/modules/$(VER)/pcmcia
- find /lib/modules/$(VER)/ -name '*.o' -a -type f | xargs gzip -f9
-
- # Move these SCSI drivers into same directory for probescsi.sh
- mv -f /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx/* /lib/modules/$(VER)/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx
- mv -f /lib/modules/$(VER)/kernel/drivers/scsi/aacraid/* /lib/modules/$(VER)/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aacraid
- mv -f /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2
endif
-ifeq "$(PASS)" "S"
+ifeq "$(SMP)" "1"
rm -rf /lib/modules/$(VER)-smp/pcmcia
- find /lib/modules/$(VER)-smp/ -name '*.o' -a -type f | xargs gzip -f9
-
- # Move these SCSI drivers into same directory for probescsi.sh
- mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx/* /lib/modules/$(VER)-smp/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx
- mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid/* /lib/modules/$(VER)-smp/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid
- mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)-smp/kernel/drivers/scsi
- rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2
-endif
-
-ifeq "$(PASS)" ""
- # Only do this once on the non-SMP pass
- # cd $(DIR_APP) && make mandocs
- #-mkdir -p /usr/share/man/man9/
- #cd $(DIR_APP) && cp -af Documentation/man/* /usr/share/man/man9/
endif
@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables*
@$(POSTBUILD)
include Config
-VER = 2.4.6
+VER = 2.4.7
THISAPP = openswan-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b34d71ca49dedad017879b0e912d40dd
+$(DL_FILE)_MD5 = 70f22e8adc39e07a165f75eccb7cd079
install : $(TARGET)
ipfiremake ppp
ipfiremake rp-pppoe
ipfiremake unzip
-# ipfiremake linux PASS=I # Can we remove the installer kernel?
- ipfiremake linux PASS=S
+ ipfiremake linux SMP=1
# ipfiremake 3cp4218 PASS=SMP
# ipfiremake amedyn PASS=SMP
# ipfiremake cxacru PASS=SMP
--- /dev/null
+#!/bin/sh
+
+eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
+
+if [ -f /var/ipfire/red/device ]; then
+ DEVICE=`/bin/cat /var/ipfire/red/device 2> /dev/null | /usr/bin/tr -d '\012'`
+fi
+
+iptables_init() {
+ # Flush all rules and delete all custom chains
+ /sbin/iptables -F
+ /sbin/iptables -t nat -F
+ /sbin/iptables -t mangle -F
+ /sbin/iptables -X
+ /sbin/iptables -t nat -X
+ /sbin/iptables -t mangle -X
+
+ # Set up policies
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P FORWARD DROP
+ /sbin/iptables -P OUTPUT ACCEPT
+
+ # Empty LOG_DROP and LOG_REJECT chains
+ /sbin/iptables -N LOG_DROP
+ /sbin/iptables -A LOG_DROP -m limit --limit 10/minute -j LOG
+ /sbin/iptables -A LOG_DROP -j DROP
+ /sbin/iptables -N LOG_REJECT
+ /sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG
+ /sbin/iptables -A LOG_REJECT -j REJECT
+
+ # This chain will log, then DROPs packets with certain bad combinations
+ # of flags might indicate a port-scan attempt (xmas, null, etc)
+ /sbin/iptables -N PSCAN
+ /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
+ /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
+ /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
+ /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
+ /sbin/iptables -A PSCAN -j DROP
+
+ # New tcp packets without SYN set - could well be an obscure type of port scan
+ # that's not covered above, may just be a broken windows machine
+ /sbin/iptables -N NEWNOTSYN
+ /sbin/iptables -A NEWNOTSYN -m limit --limit 10/minute -j LOG --log-prefix "NEW not SYN? "
+ /sbin/iptables -A NEWNOTSYN -j DROP
+
+ # Chain to contain all the rules relating to bad TCP flags
+ /sbin/iptables -N BADTCP
+
+ # Disallow packets frequently used by port-scanners
+ # nmap xmas
+ /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN
+ # Null
+ /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN
+ # FIN
+ /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN
+ # SYN/RST (also catches xmas variants that set SYN+RST+...)
+ /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
+ # SYN/FIN (QueSO or nmap OS probe)
+ /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
+ # NEW TCP without SYN
+ /sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN
+
+ /sbin/iptables -A INPUT -j BADTCP
+ /sbin/iptables -A FORWARD -j BADTCP
+
+}
+
+iptables_red() {
+ /sbin/iptables -F REDINPUT
+ /sbin/iptables -F REDFORWARD
+ /sbin/iptables -t nat -F REDNAT
+
+ # PPPoE / PPTP Device
+ if [ "$IFACE" != "" ]; then
+ # PPPoE / PPTP
+ if [ "$DEVICE" != "" ]; then
+ /sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
+ fi
+ if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
+ if [ "$RED_DEV" != "" ]; then
+ /sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
+ fi
+ fi
+ fi
+
+ # PPTP over DHCP
+ if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
+ fi
+
+ # Orange pinholes
+ if [ "$ORANGE_DEV" != "" ]; then
+ # This rule enables a host on ORANGE network to connect to the outside
+ # (only if we have a red connection)
+ if [ "$IFACE" != "" ]; then
+ /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT
+ /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT
+ fi
+ fi
+
+ if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then
+ # DHCP
+ if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+ if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
+ /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+
+ # Outgoing masquerading
+ /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+
+ fi
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ iptables_init
+
+ # Limit Packets- helps reduce dos/syn attacks
+ # original do nothing line
+ #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
+ # the correct one, but the negative '!' do nothing...
+ #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP
+
+ # Fix for braindead ISP's
+ /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+ # CUSTOM chains, can be used by the users themselves
+ /sbin/iptables -N CUSTOMINPUT
+ /sbin/iptables -A INPUT -j CUSTOMINPUT
+ /sbin/iptables -N CUSTOMFORWARD
+ /sbin/iptables -A FORWARD -j CUSTOMFORWARD
+ /sbin/iptables -N CUSTOMOUTPUT
+ /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
+ /sbin/iptables -t nat -N CUSTOMPREROUTING
+ /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
+ /sbin/iptables -t nat -N CUSTOMPOSTROUTING
+ /sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+
+ # filtering from GUI
+ /sbin/iptables -N GUIINPUT
+ /sbin/iptables -A INPUT -j GUIINPUT
+
+ # Accept everything connected
+ /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+ # localhost and ethernet.
+ /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
+ /sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
+ /sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
+ /sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
+ /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
+ /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
+ /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
+ /sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
+
+ # If a host on orange tries to initiate a connection to IPFire's red IP and
+ # the connection gets DNATed back through a port forward to a server on orange
+ # we end up with orange -> orange traffic passing through IPFire
+ [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
+
+ # accept all traffic from ipsec interfaces
+ /sbin/iptables -A INPUT -i ipsec+ -j ACCEPT
+ /sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
+
+ # allow DHCP on BLUE to be turned on/off
+ /sbin/iptables -N DHCPBLUEINPUT
+ /sbin/iptables -A INPUT -j DHCPBLUEINPUT
+
+ # IPSec chains
+ /sbin/iptables -N IPSECRED
+ /sbin/iptables -A INPUT -j IPSECRED
+ /sbin/iptables -N IPSECBLUE
+ /sbin/iptables -A INPUT -j IPSECBLUE
+
+ # WIRELESS chains
+ /sbin/iptables -N WIRELESSINPUT
+ /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
+ /sbin/iptables -N WIRELESSFORWARD
+ /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
+
+ # RED chain, used for the red interface
+ /sbin/iptables -N REDINPUT
+ /sbin/iptables -A INPUT -j REDINPUT
+ /sbin/iptables -N REDFORWARD
+ /sbin/iptables -A FORWARD -j REDFORWARD
+ /sbin/iptables -t nat -N REDNAT
+ /sbin/iptables -t nat -A POSTROUTING -j REDNAT
+
+ iptables_red
+
+ # DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
+ # ORANGE to talk to GREEN / BLUE.
+ /sbin/iptables -N DMZHOLES
+ if [ "$ORANGE_DEV" != "" ]; then
+ /sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
+ fi
+
+ # XTACCESS chain, used for external access
+ /sbin/iptables -N XTACCESS
+ /sbin/iptables -A INPUT -m state --state NEW -j XTACCESS
+
+ # PORTFWACCESS chain, used for portforwarding
+ /sbin/iptables -N PORTFWACCESS
+ /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
+
+ # Custom prerouting chains (for transparent proxy and port forwarding)
+ /sbin/iptables -t nat -N SQUID
+ /sbin/iptables -t nat -A PREROUTING -j SQUID
+ /sbin/iptables -t nat -N PORTFW
+ /sbin/iptables -t nat -A PREROUTING -j PORTFW
+
+
+ # Custom mangle chain (for port fowarding)
+ /sbin/iptables -t mangle -N PORTFWMANGLE
+ /sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE
+
+ # Postrouting rules (for port forwarding)
+ /sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
+ --to-source $GREEN_ADDRESS
+ if [ "$BLUE_DEV" != "" ]; then
+ /sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
+ fi
+ if [ "$ORANGE_DEV" != "" ]; then
+ /sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
+ fi
+
+ # run openvpn
+ /usr/local/bin/openvpnctrl --create-chains-and-rules
+
+ # run local firewall configuration, if present
+ if [ -x /etc/sysconfig/firewall.local ]; then
+ /etc/sysconfig/firewall.local start
+ fi
+
+ # last rule in input and forward chain is for logging.
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+ ;;
+ stop)
+ iptables_init
+ # Accept everyting connected
+ /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+ # localhost and ethernet.
+ /sbin/iptables -A INPUT -i lo -j ACCEPT
+ /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT
+
+ if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
+ /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+ if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then
+ /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
+ fi
+
+ # stop openvpn
+ /usr/local/bin/openvpnctrl --delete-chains-and-rules
+
+ # run local firewall configuration, if present
+ if [ -x /etc/sysconfig/firewall.local ]; then
+ /etc/sysconfig/firewall.local stop
+ fi
+
+ /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
+ /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+ ;;
+ reload)
+ iptables_red
+
+ # run local firewall configuration, if present
+ if [ -x /etc/sysconfig/firewall.local ]; then
+ /etc/sysconfig/firewall.local reload
+ fi
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|reload|restart}"
+ exit 1
+ ;;
+esac
+
+exit 0
fi
boot_mesg "Setting up IPFire firewall rules"
- /etc/rc.d/rc.firewall start
+ /etc/rc.d/init.d/firewall start
evaluate_retval
boot_mesg "Setting up IP Accounting"
/etc/rc.d/helper/writeipac.pl
# Begin /etc/sysconfig/clock
-UTC=1
+UTC=0
# End /etc/sysconfig/clock
--- /dev/null
+#!/bin/sh
+# Used for private firewall rules
+
+# See how we were called.
+case "$1" in
+ start)
+ ## add your 'start' rules here
+ ;;
+ stop)
+ ## add your 'stop' rules here
+ ;;
+ reload)
+ $0 stop
+ $0 start
+ ## add your 'reload' rules here
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|reload}"
+ ;;
+esac
-HOSTNAME=ipfirebox
+HOSTNAME=ipfire
#define CDROM_INSTALL 0
#define URL_INSTALL 1
#define DISK_INSTALL 2
-#define INST_FILECOUNT 6600
+#define INST_FILECOUNT 5600
#define UNATTENDED_CONF "/cdrom/boot/unattended.conf"
int raid_disk = 0;
char green_broadcast[STRING_SIZE];
char root_password[STRING_SIZE];
char admin_password[STRING_SIZE];
- char serial_console[STRING_SIZE];
- char reversesort[STRING_SIZE];
findkey(unattendedkv, "DOMAINNAME", domainname);
findkey(unattendedkv, "HOSTNAME", hostname);
findkey(unattendedkv, "GREEN_BROADCAST", green_broadcast);
findkey(unattendedkv, "ROOT_PASSWORD", root_password);
findkey(unattendedkv, "ADMIN_PASSWORD", admin_password);
- findkey(unattendedkv, "SERIAL_CONSOLE", serial_console);
- findkey(unattendedkv, "REVERSE_NICS", reversesort);
/* write main/settings. */
replacekeyvalue(mainsettings, "DOMAINNAME", domainname);
fprintf(flog, "unattended: Starting setup\n");
/* network */
-
fprintf(flog, "unattended: setting up network configuration\n");
(void) readkeyvalues(ethernetkv, "/harddisk" CONFIG_ROOT "/ethernet/settings");
return 0;
}
fprintf(file, "ServerName %s\n", hostname);
- fclose(file);
+ fclose(file);
fprintf(flog, "unattended: writing hosts\n");
if (!(hosts = fopen("/harddisk/etc/hosts", "w")))
}
fprintf(hosts, "127.0.0.1\tlocalhost\n");
fprintf(hosts, "%s\t%s.%s\t%s\n", green_address, hostname, domainname, hostname);
- fclose(hosts);
+ fclose(hosts);
fprintf(flog, "unattended: writing hosts.allow\n");
if (!(file = fopen("/harddisk/etc/hosts.allow", "w")))
fprintf(file, "ALL : ALL\n");
fclose(file);
- if (strcmp(serial_console, "yes") != 0) {
- snprintf(commandstring, STRING_SIZE,
- "/sbin/chroot /harddisk /bin/sed -i -e \"s/^s0/#s0/\" /etc/inittab");
- if (mysystem(commandstring)) {
- errorbox("unattended: ERROR modifying inittab");
- return 0;
- }
-
- snprintf(commandstring, STRING_SIZE,
- "/sbin/chroot /harddisk /bin/sed -i -e \"s/^serial/#serial/; s/^terminal/#terminal/\" /boot/grub/grub.conf");
- if (mysystem(commandstring)) {
- errorbox("unattended: ERROR modifying inittab");
- return 0;
- }
- }
-
- /* set reverse sorting of interfaces */
- if (strcmp(reversesort, "yes") == 0) {
- mysystem("/bin/touch /harddisk/var/ipfire/ethernet/reverse_nics");
- }
-
/* set root password */
fprintf(flog, "unattended: setting root password\n");
-
snprintf(commandstring, STRING_SIZE,
"/sbin/chroot /harddisk /bin/sh -c \"echo 'root:%s' | /usr/sbin/chpasswd\"", root_password);
if (mysystem(commandstring)) {
errorbox("unattended: ERROR setting root password");
return 0;
}
-
+
/* set admin password */
fprintf(flog, "unattended: setting admin password\n");
snprintf(commandstring, STRING_SIZE,
- "/sbin/chroot /harddisk /usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password);
+ "/sbin/chroot /harddisk /usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password);
if (mysystem(commandstring)) {
errorbox("unattended: ERROR setting admin password");
- return 0;
+ return 0;
}
-
- return 1;
+ return 1;
}
int main(int argc, char *argv[])
printf("Unable to mount proc in /harddisk.");
else
{
- if (system("/sbin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL"))
- printf("Unable to run setup.\n");
+
+ if (!unattended) {
+ if (system("/bin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL"))
+ printf("Unable to run setup.\n");
+ }
+ else {
+ fprintf(flog, "Entering unattended setup\n");
+ unattended_setup(unattendedkv);
+ snprintf(commandstring, STRING_SIZE, "/bin/sleep 10");
+ runcommandwithstatus(commandstring, "Unattended installation finished, system will reboot");
+ }
+
if (system("/bin/umount /harddisk/proc"))
printf("Unable to umount /harddisk/proc.\n");
}
fcloseall();
- system("/sbin/swapoff /harddisk/swapfile");
+ if (swap_file) {
+ if (raid_disk)
+ snprintf(commandstring, STRING_SIZE, "/bin/swapoff %sp2", hdparams.devnode);
+ else
+ snprintf(commandstring, STRING_SIZE, "/bin/swapoff %s2", hdparams.devnode);
+ }
+
+ newtFinished();
+
system("/bin/umount /harddisk/var");
system("/bin/umount /harddisk/boot");
system("/bin/umount /harddisk");