From: Matthias Fischer Date: Fri, 24 Apr 2015 22:32:20 +0000 (+0200) Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next X-Git-Tag: v2.17-core92~10^2~2^2~19 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=c8ab87f16b30bbc86d6beedb73e512f8ec4d7d1b;hp=7a2b5c6470e8b723868de7a5c994404d0b75d4fb Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next --- diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 35ae7c0930..2b5cd1977f 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -17,6 +17,7 @@ package General; use strict; use Socket; use IO::Socket; +use Locale::Codes::Country; use Net::SSLeay; use Net::IPv4Addr qw(:all); $|=1; # line buffering diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl new file mode 100644 index 0000000000..85a8dc84f7 --- /dev/null +++ b/config/cfgroot/geoip-functions.pl @@ -0,0 +1,90 @@ +#!/usr/bin/perl -w +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2015 IPFire Team . # +# # +############################################################################ + +package GeoIP; + +use Locale::Codes::Country; + +# Function to get the flag icon for a specified country code. +sub get_flag_icon($) { + my ($input) = @_; + + # Webserver's root dir. (Required for generating full path) + my $webroot = "/srv/web/ipfire/html"; + + # Directory which contains the flag icons. + my $flagdir = "/images/flags"; + + # File extension of the country flags. + my $ext = "png"; + + # Remove whitespaces. + chomp($input); + + # Convert given country code to lower case. + my $ccode = lc($input); + + # Generate filename, based on the contry code in lower case + # and the defined file extension. + my $file = join('.', $ccode,$ext); + + # Generate path inside webroot to the previously generated file. + my $flag_icon = join('/', $flagdir,$file); + + # Generate absolute path to the icon file. + my $absolute_path = join('', $webroot,$flag_icon); + + # Check if the a icon file exists. + if (-e "$absolute_path") { + # Return content of flag_icon. + return $flag_icon; + } +} + +# Function to get the county name by a given country code. +sub get_full_country_name($) { + my ($input) = @_; + my $name; + + # Remove whitespaces. + chomp($input); + + # Convert input into lower case format. + my $code = lc($input); + + # Handle country codes which are not in the list. + if ($code eq "a1") { $name = "Anonymous Proxy" } + elsif ($code eq "a2") { $name = "Satellite Provider" } + elsif ($code eq "o1") { $name = "Other Country" } + elsif ($code eq "ap") { $name = "Asia/Pacific Region" } + elsif ($code eq "eu") { $name = "Europe" } + elsif ($code eq "yu") { $name = "Yugoslavia" } + else { + # Use perl built-in module to get the country code. + $name = &Locale::Codes::Country::code2country($code); + } + + return $name; +} + +1; diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index cf895bf246..974c4d8b22 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -263,7 +263,7 @@ sub getcgihash { return if ($ENV{'REQUEST_METHOD'} ne 'POST'); if (!$params->{'wantfile'}) { $CGI::DISABLE_UPLOADS = 1; - $CGI::POST_MAX = 512 * 1024; + $CGI::POST_MAX = 1024 * 1024; } else { $CGI::POST_MAX = 10 * 1024 * 1024; } diff --git a/config/cron/crontab b/config/cron/crontab index d78d08f593..d5e5d7e9f0 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -57,3 +57,6 @@ HOME=/ # Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time 00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl 00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl + +# Update GeoIP database once a month. +%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1 diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl old mode 100755 new mode 100644 index f3cd67fb09..b389fac3c3 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -27,6 +27,7 @@ package fwlib; my %customnetwork=(); my %customhost=(); my %customgrp=(); +my %customgeoipgrp=(); my %customservice=(); my %customservicegrp=(); my %ccdnet=(); @@ -42,6 +43,7 @@ require '/var/ipfire/general-functions.pl'; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; @@ -59,6 +61,7 @@ my $netsettings = "${General::swroot}/ethernet/settings"; &General::readhasharray("$confignet", \%customnetwork); &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$configgrp", \%customgrp); +&General::readhasharray("$configgeoipgrp", \%customgeoipgrp); &General::readhasharray("$configccdnet", \%ccdnet); &General::readhasharray("$configccdhost", \%ccdhost); &General::readhasharray("$configipsec", \%ipsecconf); @@ -295,6 +298,17 @@ sub get_addresses if ($customgrp{$grp}[0] eq $value) { my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); + if (@address) { + push(@addresses, @address); + } + } + } + }elsif ($addr_type ~~ ["cust_geoip_src", "cust_geoip_tgt"] && $value =~ "group:") { + $value=substr($value,6); + foreach my $grp (sort {$a <=> $b} keys %customgeoipgrp) { + if ($customgeoipgrp{$grp}[0] eq $value) { + my @address = &get_address($addr_type, $customgeoipgrp{$grp}[2], $type); + if (@address) { push(@addresses, @address); } @@ -414,6 +428,20 @@ sub get_address } } + # Handle rule options with GeoIP as source. + } elsif ($key eq "cust_geoip_src") { + # Get external interface. + my $external_interface = &get_external_interface(); + + push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); + + # Handle rule options with GeoIP as target. + } elsif ($key eq "cust_geoip_tgt") { + # Get external interface. + my $external_interface = &get_external_interface(); + + push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); + # If nothing was selected, we assume "any". } else { push(@ret, ["0/0", ""]); @@ -552,4 +580,37 @@ sub get_internal_firewall_ip_address return 0; } +sub get_geoip_locations() { + # Path to the directory which contains the binary geoip + # databases. + my $directory="/usr/share/xt_geoip/LE"; + + # Array to store the final country list. + my @country_codes = (); + + # Open location and do a directory listing. + opendir(DIR, "$directory"); + my @locations = readdir(DIR); + closedir(DIR); + + # Loop through the directory listing, and cut of the file extensions. + foreach my $location (sort @locations) { + # skip . and .. + next if($location =~ /^\.$/); + next if($location =~ /^\.\.$/); + + # Remove whitespaces. + chomp($location); + + # Cut-off file extension. + my ($country_code, $extension) = split(/\./, $location); + + # Add country code to array. + push(@country_codes, $country_code); + } + + # Return final array. + return @country_codes; +} + return 1; diff --git a/config/firewall/geoipblock b/config/firewall/geoipblock new file mode 100644 index 0000000000..4d483d3b89 --- /dev/null +++ b/config/firewall/geoipblock @@ -0,0 +1 @@ +GEOIPBLOCK_ENABLED=off diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl old mode 100755 new mode 100644 index 8abc675f7f..daa95651bb --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -60,6 +60,7 @@ my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; my $configoutgoing = "${General::swroot}/firewall/outgoing"; my $p2pfile = "${General::swroot}/firewall/p2protocols"; +my $geoipfile = "${General::swroot}/firewall/geoipblock"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings"; @@ -102,6 +103,9 @@ sub main { # Load P2P block rules. &p2pblock(); + # Load GeoIP block rules. + &geoipblock(); + # Reload firewall policy. run("/usr/sbin/firewall-policy"); @@ -365,13 +369,17 @@ sub buildrules { my @source_options = (); if ($source =~ /mac/) { push(@source_options, $source); - } elsif ($source) { + } elsif ($source =~ /-m geoip/) { + push(@source_options, $source); + } elsif($source) { push(@source_options, ("-s", $source)); } # Prepare destination options. my @destination_options = (); - if ($destination) { + if ($destination =~ /-m geoip/) { + push(@destination_options, $destination); + } elsif ($destination) { push(@destination_options, ("-d", $destination)); } @@ -570,6 +578,38 @@ sub p2pblock { } } +sub geoipblock { + my %geoipsettings = (); + $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off"; + + # Flush iptables chain. + run("$IPTABLES -F GEOIPBLOCK"); + + # Check if the geoip settings file exists + if (-e "$geoipfile") { + # Read settings file + &General::readhash("$geoipfile", \%geoipsettings); + } + + # If geoip blocking is not enabled, we are finished here. + if ($geoipsettings{'GEOIPBLOCK_ENABLED'} ne "on") { + # Exit submodule. Process remaining script. + return; + } + + # Get supported locations. + my @locations = &fwlib::get_geoip_locations(); + + # Loop through all supported geoip locations and + # create iptables rules, if blocking this country + # is enabled. + foreach my $location (@locations) { + if($geoipsettings{$location} eq "on") { + run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP"); + } + } +} + sub get_protocols { my $hash = shift; my $key = shift; diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index e872e6428c..7271b32121 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -22,6 +22,12 @@ 'title' => "P2P-Block", 'enabled' => 1, }; + $subfirewall->{'50.geoipblock'} = { + 'caption' => $Lang::tr{'geoipblock'}, + 'uri' => '/cgi-bin/geoip-block.cgi', + 'title' => $Lang::tr{'geoipblock'}, + 'enabled' => 1, + }; $subfirewall->{'60.wireless'} = { 'caption' => $Lang::tr{'blue access'}, 'uri' => '/cgi-bin/wireless.cgi', diff --git a/config/rootfiles/common/Locale-Country b/config/rootfiles/common/Locale-Country index bbe51eee77..58c240625a 100644 --- a/config/rootfiles/common/Locale-Country +++ b/config/rootfiles/common/Locale-Country @@ -1,13 +1,50 @@ -#usr/lib/perl5/site_perl/5.12.3/Locale -usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Country.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Country.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Language.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Language.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Script.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Script.pod -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes/.packlist +#usr/lib/perl5/5.12.3/Locale/Codes +usr/lib/perl5/5.12.3/Locale/Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes.pod +usr/lib/perl5/5.12.3/Locale/Codes/API.pod +usr/lib/perl5/5.12.3/Locale/Codes/Changes.pod +usr/lib/perl5/5.12.3/Locale/Codes/Constants.pm +usr/lib/perl5/5.12.3/Locale/Codes/Constants.pod +usr/lib/perl5/5.12.3/Locale/Codes/Country.pm +usr/lib/perl5/5.12.3/Locale/Codes/Country.pod +usr/lib/perl5/5.12.3/Locale/Codes/Country_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Country_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency.pod +usr/lib/perl5/5.12.3/Locale/Codes/Currency_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language.pod +usr/lib/perl5/5.12.3/Locale/Codes/Language_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script.pod +usr/lib/perl5/5.12.3/Locale/Codes/Script_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script_Retired.pm +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes/.packlist +#usr/share/man/man3/Locale::Codes.3 +#usr/share/man/man3/Locale::Codes::API.3 +#usr/share/man/man3/Locale::Codes::Changes.3 +#usr/share/man/man3/Locale::Codes::Constants.3 +#usr/share/man/man3/Locale::Codes::Country.3 +#usr/share/man/man3/Locale::Codes::Currency.3 +#usr/share/man/man3/Locale::Codes::LangExt.3 +#usr/share/man/man3/Locale::Codes::LangFam.3 +#usr/share/man/man3/Locale::Codes::LangFam_Retired.3 +#usr/share/man/man3/Locale::Codes::LangVar.3 +#usr/share/man/man3/Locale::Codes::Language.3 +#usr/share/man/man3/Locale::Codes::Script.3 diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 55dd04ee58..8033a874a5 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1402,6 +1402,7 @@ srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/fireinfo.cgi srv/web/ipfire/cgi-bin/firewall.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/geoip-block.cgi srv/web/ipfire/cgi-bin/gpl.cgi srv/web/ipfire/cgi-bin/gui.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 8ddf34ae87..b4cd8f8571 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -92,6 +92,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn etc/rc.d/init.d/networking/red.up/98-leds etc/rc.d/init.d/networking/red.up/99-fireinfo +etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe #etc/rc.d/init.d/nfs-server diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 273249434d..cac4c3de14 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -218,11 +218,11 @@ usr/lib/libcollectdclient.so.0.0.0 #usr/lib/perl5/Collectd/Plugins #usr/lib/perl5/Collectd/Plugins/OpenVZ.pm #usr/lib/perl5/Collectd/Unixsock.pm -#usr/lib/perl5/i586-linux-thread-multi -#usr/lib/perl5/i586-linux-thread-multi/auto -#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd -#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd/.packlist -#usr/lib/perl5/i586-linux-thread-multi/perllocal.pod +#usr/lib/perl5/MACHINE-linux-thread-multi +#usr/lib/perl5/MACHINE-linux-thread-multi/auto +#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd +#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd/.packlist +#usr/lib/perl5/MACHINE-linux-thread-multi/perllocal.pod #usr/lib/pkgconfig/libcollectdclient.pc #usr/man/man3/Collectd::Unixsock.3 usr/sbin/collectd diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index eaf1af6ed8..f6cbb61efd 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -52,6 +52,7 @@ var/ipfire/extrahd var/ipfire/firewall #var/ipfire/firewall/config #var/ipfire/firewall/dmz +#var/ipfire/firewall/geoipblock #var/ipfire/firewall/input #var/ipfire/firewall/nat #var/ipfire/firewall/outgoing @@ -59,6 +60,7 @@ var/ipfire/firewall #var/ipfire/firewall/settings var/ipfire/fwhosts #var/ipfire/fwhosts/customgroups +#var/ipfire/fwhosts/customgeoipgrp #var/ipfire/fwhosts/customhosts #var/ipfire/fwhosts/customnetworks #var/ipfire/fwhosts/customservicegrp @@ -69,6 +71,7 @@ var/ipfire/fwlogs #var/ipfire/fwlogs/ipsettings #var/ipfire/fwlogs/portsettings var/ipfire/general-functions.pl +var/ipfire/geoip-functions.pl var/ipfire/graphs.pl var/ipfire/header.pl var/ipfire/isdn diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 3d4dd62ff0..878ba667e5 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -94,6 +94,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn etc/rc.d/init.d/networking/red.up/98-leds etc/rc.d/init.d/networking/red.up/99-fireinfo +etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe #etc/rc.d/init.d/nfs-server diff --git a/config/rootfiles/common/i586/openssl-sse2 b/config/rootfiles/common/i586/openssl-sse2 new file mode 100644 index 0000000000..59bfce3e26 --- /dev/null +++ b/config/rootfiles/common/i586/openssl-sse2 @@ -0,0 +1,2 @@ +usr/lib/sse2/libcrypto.so.10 +usr/lib/sse2/libssl.so.10 diff --git a/config/rootfiles/common/openssl-compat b/config/rootfiles/common/openssl-compat deleted file mode 100644 index ccf89d0193..0000000000 --- a/config/rootfiles/common/openssl-compat +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/libcrypto.so.0.9.8 -usr/lib/libssl.so.0.9.8 diff --git a/config/rootfiles/common/perl-Text-CSV_XS b/config/rootfiles/common/perl-Text-CSV_XS new file mode 100644 index 0000000000..bbc7d9b2b6 --- /dev/null +++ b/config/rootfiles/common/perl-Text-CSV_XS @@ -0,0 +1,8 @@ +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text/CSV_XS.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/.packlist +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.bs +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.so +#usr/share/man/man3/Text::CSV_XS.3 diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index f506dafac8..90e28d9c4c 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -101,6 +101,8 @@ usr/local/bin/timecheck usr/local/bin/timezone-transition usr/local/bin/update-bootloader usr/local/bin/update-lang-cache +usr/local/bin/xt_geoip_build +usr/local/bin/xt_geoip_update #usr/local/include #usr/local/lib #usr/local/lib/sse2 @@ -120,6 +122,7 @@ usr/local/bin/update-lang-cache #usr/local/share/man/man8 #usr/local/share/misc #usr/local/share/terminfo +#usr/local/share/xt_geoip #usr/local/share/zoneinfo #usr/local/src #usr/sbin @@ -142,6 +145,7 @@ usr/share/doc/licenses/GPLv3 #usr/share/man/man8 #usr/share/misc #usr/share/terminfo +#usr/share/xt_geoip #usr/share/zoneinfo #var #var/cache diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons new file mode 100644 index 0000000000..f6e85aeeda --- /dev/null +++ b/config/rootfiles/common/xtables-addons @@ -0,0 +1,33 @@ +lib/xtables/libxt_ACCOUNT.so +lib/xtables/libxt_CHAOS.so +lib/xtables/libxt_DELUDE.so +lib/xtables/libxt_DHCPMAC.so +lib/xtables/libxt_DNETMAP.so +lib/xtables/libxt_ECHO.so +lib/xtables/libxt_IPMARK.so +lib/xtables/libxt_LOGMARK.so +lib/xtables/libxt_TARPIT.so +lib/xtables/libxt_condition.so +lib/xtables/libxt_dhcpmac.so +lib/xtables/libxt_fuzzy.so +lib/xtables/libxt_geoip.so +lib/xtables/libxt_iface.so +lib/xtables/libxt_ipp2p.so +lib/xtables/libxt_ipv4options.so +lib/xtables/libxt_length2.so +lib/xtables/libxt_lscan.so +lib/xtables/libxt_pknock.so +lib/xtables/libxt_psd.so +lib/xtables/libxt_quota2.so +#usr/lib/libxt_ACCOUNT_cl.la +#usr/lib/libxt_ACCOUNT_cl.so +usr/lib/libxt_ACCOUNT_cl.so.0 +usr/lib/libxt_ACCOUNT_cl.so.0.0.0 +#usr/libexec/xtables-addons +usr/libexec/xtables-addons/xt_geoip_build +usr/libexec/xtables-addons/xt_geoip_dl +usr/sbin/iptaccount +#usr/share/man/man1/xt_geoip_build.1 +#usr/share/man/man1/xt_geoip_dl.1 +#usr/share/man/man8/iptaccount.8 +#usr/share/man/man8/xtables-addons.8 diff --git a/config/rootfiles/core/90/exclude b/config/rootfiles/core/90/exclude index 5be5371aaf..56e840d8cc 100644 --- a/config/rootfiles/core/90/exclude +++ b/config/rootfiles/core/90/exclude @@ -17,10 +17,12 @@ etc/sysconfig/modules etc/sysconfig/rc.local etc/udev/rules.d/30-persistent-network.rules srv/web/ipfire/html/proxy.pac -var/ipfire/time +var/ipfire/firewall/geoipblock +var/ipfire/fwhosts/custmgeoipgrp var/ipfire/ovpn/ccd.conf var/ipfire/ovpn/ccdroute var/ipfire/ovpn/ccdroute2 +var/ipfire/time var/log/cache var/state/dhcp/dhcpd.leases var/updatecache diff --git a/config/rootfiles/core/90/filelists/dnsmasq b/config/rootfiles/core/90/filelists/dnsmasq new file mode 120000 index 0000000000..d469c74631 --- /dev/null +++ b/config/rootfiles/core/90/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files index 2ef5ded31f..69d74215c5 100644 --- a/config/rootfiles/core/90/filelists/files +++ b/config/rootfiles/core/90/filelists/files @@ -1,7 +1,29 @@ etc/system-release etc/issue +etc/rc.d/init.d/firewall etc/rc.d/init.d/network-trigger +etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/rcsysinit.d/S90network-trigger +srv/web/ipfire/cgi-bin/country.cgi +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/geoip-block.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/html/themes/darkdos/include/style.css +srv/web/ipfire/html/themes/ipfire-legacy/include/style.css +srv/web/ipfire/html/themes/ipfire/include/css/style.css +srv/web/ipfire/html/themes/maniac/include/style.css +usr/lib/firewall/firewall-lib.pl usr/lib/firewall/rules.pl +usr/local/bin/backupiso +usr/local/bin/xt_geoip_build +usr/local/bin/xt_geoip_update +var/ipfire/general-functions.pl +var/ipfire/geoip-functions.pl +var/ipfire/header.pl var/ipfire/backup/include var/ipfire/langs +var/ipfire/menu.d/50-firewall.menu diff --git a/config/rootfiles/core/90/filelists/i586/openssl-sse2 b/config/rootfiles/core/90/filelists/i586/openssl-sse2 new file mode 120000 index 0000000000..f424713d6c --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/iptables b/config/rootfiles/core/90/filelists/iptables new file mode 120000 index 0000000000..8caf12bccb --- /dev/null +++ b/config/rootfiles/core/90/filelists/iptables @@ -0,0 +1 @@ +../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/openssl-0.9.8-files b/config/rootfiles/core/90/filelists/openssl-0.9.8-files new file mode 100644 index 0000000000..e80a57d13a --- /dev/null +++ b/config/rootfiles/core/90/filelists/openssl-0.9.8-files @@ -0,0 +1,19 @@ +lib/security/pam_mysql.so +usr/lib/gnupg/gpgkeys_ldap +usr/lib/gnupg/gpgkeys_hkp +usr/lib/gnupg/gpgkeys_curl +usr/lib/apache/libphp5.so +usr/lib/squid/digest_ldap_auth +usr/lib/squid/basic_ldap_auth +usr/lib/squid/ext_kerberos_ldap_group_acl +usr/lib/squid/ext_edirectory_userip_acl +usr/lib/squid/ext_ldap_group_acl +usr/lib/python2.7/lib-dynload/_ssl.so +usr/lib/python2.7/lib-dynload/_hashlib.so +usr/lib/collectd/write_http.so +usr/lib/collectd/ascent.so +usr/lib/collectd/curl_xml.so +usr/lib/collectd/apache.so +usr/lib/collectd/bind.so +usr/lib/collectd/curl.so +usr/bin/php diff --git a/config/rootfiles/core/90/filelists/perl-Text-CSV_XS b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS new file mode 120000 index 0000000000..ec1202f07b --- /dev/null +++ b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS @@ -0,0 +1 @@ +../../../common/perl-Text-CSV_XS \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/xtables-addons b/config/rootfiles/core/90/filelists/xtables-addons new file mode 120000 index 0000000000..2e24c4298b --- /dev/null +++ b/config/rootfiles/core/90/filelists/xtables-addons @@ -0,0 +1 @@ +../../../common/xtables-addons \ No newline at end of file diff --git a/config/rootfiles/core/90/update.sh b/config/rootfiles/core/90/update.sh index 6af052c0be..573d5a7c9f 100644 --- a/config/rootfiles/core/90/update.sh +++ b/config/rootfiles/core/90/update.sh @@ -136,6 +136,9 @@ esac #Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / +# Remove old openssl libraries +rm -vf /usr/lib/libcrypto.so.0.9.8 /usr/lib/libssl.so.0.9.8 + # Check diskspace on boot BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` @@ -159,6 +162,37 @@ if [ $BOOTSPACE -lt 1000 ]; then esac fi +# Create GeoIP related files if they do not exist yet. +if [ ! -e "/var/ipfire/firewall/geoipblock" ]; then + touch /var/ipfire/firewall/geoipblock + chown nobody:nobody /var/ipfire/firewall/geoipblock + + # Insert default value into file. + echo "GEOIPBLOCK_ENABLED=off" >> /var/ipfire/firewall/geoipblock +fi +if [ ! -e "/var/ipfire/fwhosts/customgeoipgrp" ]; then + touch /var/ipfire/fwhosts/customgeoipgrp + chown nobody:nobody /var/ipfire/fwhosts/customgeoipgrp +fi + +#Fix BUG10812 (openvpn server.conf has wrong collectd logfile path) +if grep -q "status /var/log/ovpnserver.log 30" /var/ipfire/ovpn/server.conf; then + sed -i "s/\/var\/log\/ovpnserver.log 30/\/var\/run\/ovpnserver.log 30/" /var/ipfire/ovpn/server.conf +fi + +# Download/Update GeoIP databases. +/usr/local/bin/xt_geoip_update + +# Update crontab +grep -q /usr/local/bin/xt_geoip_update /var/spool/cron/root.orig || cat <> /var/spool/cron/root.orig + +# Update GeoIP database once a month. +%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1 +EOF + +fcrontab -z &>/dev/null + + # Update Language cache perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" diff --git a/config/xtables-addons/mconfig b/config/xtables-addons/mconfig new file mode 100644 index 0000000000..933d717a64 --- /dev/null +++ b/config/xtables-addons/mconfig @@ -0,0 +1,24 @@ +# -*- Makefile -*- +# +build_ACCOUNT=m +build_CHAOS=m +build_DELUDE=m +build_DHCPMAC=m +build_DNETMAP=m +build_ECHO=m +build_IPMARK=m +build_LOGMARK=m +build_SYSRQ=n +build_TARPIT=m +build_condition=m +build_fuzzy=m +build_geoip=m +build_gradm=n +build_iface=m +build_ipp2p=m +build_ipv4options=m +build_length2=m +build_lscan=m +build_pknock=m +build_psd=m +build_quota2=m diff --git a/doc/language_issues.de b/doc/language_issues.de index 3a31661f36..1ccc654128 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -75,6 +75,7 @@ WARNING: translation string unused: bad characters in WARNING: translation string unused: behind a proxy WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules +WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -243,6 +244,7 @@ WARNING: translation string unused: fwhost Standard Network WARNING: translation string unused: fwhost attention WARNING: translation string unused: fwhost blue WARNING: translation string unused: fwhost changeremark +WARNING: translation string unused: fwhost cust geoip WARNING: translation string unused: fwhost err addrgrp WARNING: translation string unused: fwhost err hostorip WARNING: translation string unused: fwhost err mac @@ -258,6 +260,9 @@ WARNING: translation string unused: fwhost wo subnet WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -576,6 +581,8 @@ WARNING: translation string unused: transfer limits WARNING: translation string unused: transparent on WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug +WARNING: translation string unused: unblock +WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updates @@ -632,6 +639,7 @@ WARNING: untranslated string: bytes WARNING: untranslated string: community rules WARNING: untranslated string: dead peer detection WARNING: untranslated string: emerging rules +WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: no data diff --git a/doc/language_issues.en b/doc/language_issues.en index da14d97b8c..b7be8627b3 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -93,6 +93,7 @@ WARNING: translation string unused: bewan adsl pci st WARNING: translation string unused: bewan adsl usb WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules +WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -266,6 +267,7 @@ WARNING: translation string unused: fwhost Standard Network WARNING: translation string unused: fwhost attention WARNING: translation string unused: fwhost blue WARNING: translation string unused: fwhost changeremark +WARNING: translation string unused: fwhost cust geoip WARNING: translation string unused: fwhost err addrgrp WARNING: translation string unused: fwhost err hostorip WARNING: translation string unused: fwhost err mac @@ -283,6 +285,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -609,6 +614,8 @@ WARNING: translation string unused: transfer limits WARNING: translation string unused: transparent on WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug +WARNING: translation string unused: unblock +WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updates @@ -664,6 +671,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: no data diff --git a/doc/language_issues.es b/doc/language_issues.es index f76cd5e6a6..086dfbdc94 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -650,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -794,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -806,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -845,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -1025,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 178ddff61b..47ee3fb3f0 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -660,6 +660,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -805,6 +806,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -817,6 +819,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -856,6 +861,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -872,6 +878,13 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours @@ -1033,6 +1046,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: upload new ruleset diff --git a/doc/language_issues.it b/doc/language_issues.it index 0f69ce8354..098f4401e4 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -672,13 +672,26 @@ WARNING: untranslated string: advproxy basic authentication WARNING: untranslated string: advproxy group access control WARNING: untranslated string: advproxy group required WARNING: untranslated string: bytes +WARNING: untranslated string: check all WARNING: untranslated string: fwdfw err concon WARNING: untranslated string: fwdfw err ratecon WARNING: untranslated string: fwdfw limitconcon WARNING: untranslated string: fwdfw maxconcon WARNING: untranslated string: fwdfw numcon WARNING: untranslated string: fwdfw ratelimit +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second @@ -700,3 +713,7 @@ WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: samba join a domain WARNING: untranslated string: samba join domain +WARNING: untranslated string: uncheck all +WARNING: untranslated string: vpn statistic n2n +WARNING: untranslated string: vpn statistic rw +WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 1053474fc9..602441d0b7 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -671,6 +671,7 @@ WARNING: untranslated string: advproxy group required WARNING: untranslated string: atm device WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: check all WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed @@ -691,9 +692,21 @@ WARNING: untranslated string: fwdfw limitconcon WARNING: untranslated string: fwdfw maxconcon WARNING: untranslated string: fwdfw numcon WARNING: untranslated string: fwdfw ratelimit +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi @@ -747,6 +760,7 @@ WARNING: untranslated string: show tls-auth key WARNING: untranslated string: software version WARNING: untranslated string: source ip country WARNING: untranslated string: ta key +WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor WARNING: untranslated string: vpn statistic n2n diff --git a/doc/language_issues.pl b/doc/language_issues.pl index f76cd5e6a6..086dfbdc94 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -650,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -794,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -806,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -845,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -1025,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.ru b/doc/language_issues.ru index f524498c0a..94724d4c29 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -653,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: community rules WARNING: untranslated string: count WARNING: untranslated string: countries @@ -789,6 +790,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -801,6 +803,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -840,6 +845,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -856,6 +862,13 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours @@ -1014,6 +1027,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 310b63668e..6f846c738c 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -664,7 +664,20 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: check all +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second @@ -677,6 +690,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uncheck all WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_missings b/doc/language_missings index 0d73d2acfc..9fdc0d2761 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -29,6 +29,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -70,6 +71,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -233,6 +235,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -248,6 +251,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -298,6 +304,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -327,6 +334,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < imei @@ -496,6 +513,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -589,6 +609,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -630,6 +651,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -792,6 +814,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -807,6 +830,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -857,6 +883,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1071,6 +1098,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -1140,6 +1170,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -1181,6 +1212,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -1335,6 +1367,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -1350,6 +1383,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -1400,6 +1436,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1429,6 +1466,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < imei @@ -1598,6 +1645,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -1668,6 +1718,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -1709,6 +1760,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -1867,6 +1919,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -1882,6 +1935,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -1932,6 +1988,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1961,6 +2018,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < hour-graph @@ -2130,6 +2197,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi index 76035fb46d..65ce154337 100644 --- a/html/cgi-bin/country.cgi +++ b/html/cgi-bin/country.cgi @@ -21,7 +21,7 @@ use strict; -use Locale::Country; +use Locale::Codes::Country; my $flagdir = '/srv/web/ipfire/html/images/flags'; my $lines = '1'; diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 39b732ce36..c207ec7487 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -33,6 +33,7 @@ no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +require "${General::swroot}/geoip-functions.pl"; require "/usr/lib/firewall/firewall-lib.pl"; unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); } @@ -47,6 +48,7 @@ my %defaultNetworks=(); my %netsettings=(); my %customhost=(); my %customgrp=(); +my %customgeoipgrp=(); my %customnetworks=(); my %customservice=(); my %customservicegrp=(); @@ -74,6 +76,7 @@ my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; @@ -154,6 +157,19 @@ print<"; } + # geoip locations / groups. + my @geoip_locations = &fwlib::get_geoip_locations(); + + print "\n"; + print "\n"; + print "$Lang::tr{'geoip'}\n"; + print "\n"; + #End left table. start right table (vpn) print""; # CCD networks @@ -1397,6 +1461,7 @@ sub newrule &General::readhasharray("$confighost", \%customhost); &General::readhasharray("$configccdhost", \%ccdhost); &General::readhasharray("$configgrp", \%customgrp); + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); &General::readhasharray("$configipsec", \%ipsecconf); &General::get_aliases(\%aliases); my %checked=(); @@ -1591,7 +1656,7 @@ END $Lang::tr{'fwdfw use nat'}
-
+
+ - +
@@ -1603,9 +1668,9 @@ END END print <$Lang::tr{'dnat address'}:$Lang::tr{'dnat address'}: - END @@ -1636,9 +1701,9 @@ END $Lang::tr{'fwdfw snat'} $Lang::tr{'snat new source ip address'}:$Lang::tr{'snat new source ip address'}: - END foreach my $alias (sort keys %aliases) { @@ -2525,6 +2590,13 @@ END }else{ print $$hash{$key}[4]; } + }elsif ($$hash{$key}[3] eq 'cust_geoip_src') { + my ($split1,$split2) = split(":", $$hash{$key}[4]); + if ($split2) { + print "$split2\n"; + }else{ + print "$Lang::tr{'geoip'}: $$hash{$key}[4]\n"; + } }elsif ($$hash{$key}[4] eq 'RED1'){ print "$ipfireiface $Lang::tr{'fwdfw red'}"; }elsif ($$hash{$key}[4] eq 'ALL'){ @@ -2601,6 +2673,13 @@ END }else{ print $$hash{$key}[6]; } + }elsif ($$hash{$key}[5] eq 'cust_geoip_tgt') { + my ($split1,$split2) = split(":", $$hash{$key}[6]); + if ($split2) { + print "$split2\n"; + }else{ + print "$Lang::tr{'geoip'}: $$hash{$key}[6]\n"; + } }elsif ($$hash{$key}[5] eq 'tgt_addr'){ my ($split1,$split2) = split("/",$$hash{$key}[6]); if ($split2 eq '32'){ @@ -2618,7 +2697,6 @@ END #RULE ACTIVE if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" - }else{ $gif="/images/off.gif" } diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index f42947e8c7..994a50a104 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -27,6 +27,8 @@ use Sort::Naturally; use CGI::Carp 'fatalsToBrowser'; no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; +require "/var/ipfire/geoip-functions.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; @@ -36,6 +38,7 @@ my %customhost=(); my %customgrp=(); my %customservice=(); my %customservicegrp=(); +my %customgeoipgrp=(); my %ccdnet=(); my %ccdhost=(); my %ipsecconf=(); @@ -62,6 +65,7 @@ my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; my $configipsec = "${General::swroot}/vpn/config"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $fwconfigfwd = "${General::swroot}/firewall/config"; my $fwconfiginp = "${General::swroot}/firewall/input"; my $fwconfigout = "${General::swroot}/firewall/outgoing"; @@ -73,6 +77,7 @@ unless (-e $confighost) { system("touch $confighost"); } unless (-e $configgrp) { system("touch $configgrp"); } unless (-e $configsrv) { system("touch $configsrv"); } unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } +unless (-e $configgeoipgrp) { system("touch $configgeoipgrp"); } &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); @@ -671,6 +676,87 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'savegeoipgrp') +{ + my $grp=$fwhostsettings{'grp_name'}; + my $rem=$fwhostsettings{'remark'}; + my $count; + my $type; + my @target; + my @newgrp; + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + &General::readhasharray("$fwconfigfwd", \%fwfwd); + &General::readhasharray("$fwconfiginp", \%fwinp); + &General::readhasharray("$fwconfigout", \%fwout); + + # Check for existing group name. + if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){ + $errormessage = $Lang::tr{'fwhost err grpexist'}; + } + + # Check remark. + if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){ + $errormessage = $Lang::tr{'fwhost err remark'}; + } + + if ($fwhostsettings{'update'} eq 'on'){ + @target=$fwhostsettings{'COUNTRY_CODE'}; + $type='GeoIP Group'; + + #check if host/net exists in grp + my $test="$grp,$fwhostsettings{'oldremark'},@target"; + foreach my $key (keys %customgeoipgrp) { + my $test1="$customgeoipgrp{$key}[0],$customgeoipgrp{$key}[1],$customgeoipgrp{$key}[2]"; + if ($test1 eq $test){ + $errormessage=$Lang::tr{'fwhost err isingrp'}; + $fwhostsettings{'update'} = 'on'; + } + } + } + + if (!$errormessage){ + #on first save, we have an empty @target, so fill it with nothing + my $targetvalues=@target; + if ($targetvalues == '0'){ + @target="none"; + } + #on update, we have to delete the dummy entry + foreach my $key (keys %customgeoipgrp){ + if ($customgeoipgrp{$key}[0] eq $grp && $customgeoipgrp{$key}[2] eq "none"){ + delete $customgeoipgrp{$key}; + last; + } + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp); + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + #create array with new lines + foreach my $line (@target){ + push (@newgrp,"$grp,$rem,$line"); + } + #append new entries + my $key = &General::findhasharraykey (\%customgeoipgrp); + foreach my $line (@newgrp){ + foreach my $i (0 .. 3) { $customgeoipgrp{$key}[$i] = "";} + my ($a,$b,$c,$d) = split (",",$line); + $customgeoipgrp{$key}[0] = $a; + $customgeoipgrp{$key}[1] = $b; + $customgeoipgrp{$key}[2] = $c; + $customgeoipgrp{$key}[3] = $type; + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp); + #update counter in Host/Net + $fwhostsettings{'update'}='on'; + } + #check if ruleupdate is needed + my $geoipgrpcount=0; + $geoipgrpcount=&getgeoipcount($grp); + if($geoipgrpcount > 0 ) + { + &General::firewall_config_changed(); + } + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'saveservice') { my $ICMP; @@ -798,6 +884,12 @@ if ($fwhostsettings{'ACTION'} eq 'editgrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'editgeoipgrp') +{ + $fwhostsettings{'update'}='on'; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'editservice') { $fwhostsettings{'updatesrv'}='on'; @@ -830,6 +922,12 @@ if ($fwhostsettings{'ACTION'} eq 'resetgrp') $fwhostsettings{'remark'} =""; &showmenu; } +if ($fwhostsettings{'ACTION'} eq 'resetgeoipgrp') +{ + $fwhostsettings{'grp_name'} =""; + $fwhostsettings{'remark'} =""; + &showmenu; +} # delete if ($fwhostsettings{'ACTION'} eq 'delnet') { @@ -887,6 +985,37 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'deletegeoipgrpentry') +{ + my $grpremark; + my $grpname; + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + foreach my $key (keys %customgeoipgrp){ + if($customgeoipgrp{$key}[0].",".$customgeoipgrp{$key}[1].",".$customgeoipgrp{$key}[2].",".$customgeoipgrp{$key}[3] eq $fwhostsettings{'delentry'}){ + $grpname=$customgeoipgrp{$key}[0]; + $grpremark=$customgeoipgrp{$key}[1]; + #check if we delete the last entry, then generate dummy + if ($fwhostsettings{'last'} eq 'on'){ + $customgeoipgrp{$key}[1] = ''; + $customgeoipgrp{$key}[2] = 'none'; + $customgeoipgrp{$key}[3] = ''; + $fwhostsettings{'last'}=''; + last; + }else{ + delete $customgeoipgrp{$key}; + } + } + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp); + &General::firewall_config_changed(); + if ($fwhostsettings{'update'} eq 'on'){ + $fwhostsettings{'remark'}= $grpremark; + $fwhostsettings{'grp_name'}=$grpname; + } + &addgeoipgrp; + &viewtablegeoipgrp; +} + if ($fwhostsettings{'ACTION'} eq 'delgrp') { &General::readhasharray("$configgrp", \%customgrp); @@ -903,6 +1032,22 @@ if ($fwhostsettings{'ACTION'} eq 'delgrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'delgeoipgrp') +{ + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + &decrease($fwhostsettings{'grp_name'}); + foreach my $key (sort keys %customgeoipgrp) + { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp_name'}) + { + delete $customgeoipgrp{$key}; + } + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp); + $fwhostsettings{'grp_name'}=''; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'delservice') { &General::readhasharray("$configsrv", \%customservice); @@ -977,6 +1122,11 @@ if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'}) &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgeoipgrp'}) +{ + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'}) { &addservice; @@ -1011,6 +1161,31 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpremark') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpremark') +{ + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){ + foreach my $key (sort keys %customgeoipgrp) + { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgeoipgrp{$key}[1] eq $fwhostsettings{'oldrem'}) + { + $customgeoipgrp{$key}[1]=''; + $customgeoipgrp{$key}[1]=$fwhostsettings{'newrem'}; + } + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp); + $fwhostsettings{'update'}='on'; + $fwhostsettings{'remark'}=$fwhostsettings{'newrem'}; + }else{ + $errormessage=$Lang::tr{'fwhost err remark'}; + $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'}; + $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; + $fwhostsettings{'update'} = 'on'; + } + $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark') { &General::readhasharray("$configsrvgrp", \%customservicegrp ); @@ -1085,6 +1260,29 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpname') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpname') +{ + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp ); + if ($fwhostsettings{'oldgrpname'} ne $fwhostsettings{'grp'}){ + #Check new groupname + if (!&validhostname($fwhostsettings{'grp'})){ + $errormessage.=$Lang::tr{'fwhost err name'}."
"; + } + if (!$errormessage){ + # Rename group. + foreach my $key (keys %customgeoipgrp) { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'oldgrpname'}){ + $customgeoipgrp{$key}[0]=$fwhostsettings{'grp'}; + } + } + &General::writehasharray("$configgeoipgrp", \%customgeoipgrp ); + #change name in FW Rules + &changenameinfw($fwhostsettings{'oldgrpname'},$fwhostsettings{'grp'},6); + } + } + &addgeoipgrp; + &viewtablegeoipgrp; +} ### VIEW ### if($fwhostsettings{'ACTION'} eq '') { @@ -1096,7 +1294,7 @@ sub showmenu { print "$Lang::tr{'fwhost welcome'}"; print<
- +
END @@ -1381,6 +1579,113 @@ END print"
"; &Header::closebox(); } +sub addgeoipgrp +{ + &hint; + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgeoipgrp'}); + + my %checked=(); + my $show=''; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED'; + $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'}; + $fwhostsettings{'oldgrpname'}=$fwhostsettings{'grp_name'}; + my $grp=$fwhostsettings{'grp_name'}; + my $rem=$fwhostsettings{'remark'}; + if ($fwhostsettings{'update'} eq ''){ + print< + + $Lang::tr{'fwhost addgrpname'} +
+ + + $Lang::tr{'remark'}: + + + +
+ + +END + } else { + print< + + $Lang::tr{'fwhost addgrpname'} + + + + + + + + +
+ $Lang::tr{'remark'}: + + + + + + + + + +
+ +

+END + } + if ($fwhostsettings{'update'} eq 'on') { + my @geoip_locations = &fwlib::get_geoip_locations(); + + print< + + + + + + + +
+
+

+END + } + print < + + + + + + + +
+ + + + +
+ +END + &Header::closebox(); +} sub addservice { &error; @@ -1838,6 +2143,195 @@ sub viewtablegrp &Header::closebox(); } +} +sub viewtablegeoipgrp +{ + # If our filesize is "zero" there is nothing to read-in. + if (-z "$configgeoipgrp") { + return; + } + + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust geoipgrp'}); + &General::readhasharray("$configgeoipgrp", \%customgeoipgrp); + &General::readhasharray("$fwconfigfwd", \%fwfwd); + &General::readhasharray("$fwconfiginp", \%fwinp); + &General::readhasharray("$fwconfigout", \%fwout); + my @grp=(); + my $helper=''; + my $count=1; + my $country_code; + my $grpname; + my $remark; + my $number; + my $delflag; + my @counter; + my %hash; + + # If there are no groups we are finished here. + if (!keys %customgeoipgrp) { + print "
$Lang::tr{'fwhost err emptytable'}"; + return; + } + + # Put all groups in a hash. + foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + push (@counter,$customgeoipgrp{$key}[0]); + } + + # Increase current used key. + foreach my $key1 (@counter) { + $hash{$key1}++ ; + } + + # Sort hash. + foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + $count++; + if ($helper ne $customgeoipgrp{$key}[0]) { + $delflag='0'; + + foreach my $key1 (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + + if ($customgeoipgrp{$key}[0] eq $customgeoipgrp{$key1}[0]) + { + $delflag++; + } + if($delflag > 1){ + last; + } + } + + $number=1; + + # Groupname. + $grpname=$customgeoipgrp{$key}[0]; + + # Group remark. + $remark="$customgeoipgrp{$key}[1]"; + + # Country code. + $country_code="$customgeoipgrp{$key}[2]"; + + if ($count gt 1){ + print""; + $count=1; + } + + # Display groups header. + print "
$grpname   \n"; + print "$Lang::tr{'remark'}:  $remark  \n" if ($remark ne ''); + + # Get group count. + my $geoipgrpcount=&getgeoipcount($grpname); + print "$Lang::tr{'used'}: $geoipgrpcount x"; + + # Only display delete icon, if the group is not used by a firewall rule. + if($geoipgrpcount == '0') { + print"
\n"; + print"\n"; + print"\n"; + print"\n"; + print"
"; + } + + # Icon for group editing. +print < + + + + + + + +END + # Display headlines if the group contains any entries. + if ($country_code ne "none") { +print < + + + + + + + + +END + } + } + + # Check if our group contains any entries. + if ($country_code eq "none") { + print "\n"; + } else { + # Check if we are currently editing a group and assign column backgound colors. + my $col=''; + if ( ($fwhostsettings{'ACTION'} eq 'editgeoipgrp' || $fwhostsettings{'update'} ne '') + && $fwhostsettings{'grp_name'} eq $customgeoipgrp{$key}[0]) { + $col="bgcolor='${Header::colouryellow}'"; + } elsif ($count %2 == 0){ + $col="bgcolor='$color{'color20'}'"; + } else { + $col="bgcolor='$color{'color22'}'"; + } + + # Get country flag. + my $icon = &GeoIP::get_flag_icon($customgeoipgrp{$key}[2]); + + # Print column with flag icon. + my $col_content; + if ($icon) { + $col_content = "$customgeoipgrp{$key}[2]"; + } else { + $col_content = "N/A"; + } + + print "\n"; + + # Print column with country code. + print "\n"; + + # Print column with full country name. + my $country_name = &GeoIP::get_full_country_name($customgeoipgrp{$key}[2]); + print "\n"; + + # Generate from for removing entries from a group. + print "\n"; + print "\n"; + } + + $helper=$customgeoipgrp{$key}[0]; + $number++; + } + + print"
+ $Lang::tr{'flag'} + + $Lang::tr{'countrycode'} + + $Lang::tr{'country'} +
$Lang::tr{'fwhost err emptytable'}
$col_content$customgeoipgrp{$key}[2]$country_name
\n"; + + if ($delflag > 0){ + print"\n"; + + # Check if this group only has a single entry. + foreach my $key2 (keys %hash) { + if ($hash{$key2}<2 && $key2 eq $customgeoipgrp{$key}[0]){ + print "" ; + } + } + } + + print "\n"; + print "\n"; + print "\n"; + print "
\n"; + print "
\n"; + &Header::closebox(); } sub viewtableservice { @@ -2196,6 +2690,44 @@ sub gethostcount } return $srvcounter; } +sub getgeoipcount +{ + my $groupname=shift; + my $counter=0; + + # GeoIP groups are stored as "group:groupname" in the + # firewall settings files. + my $searchstring = join(':', "group",$groupname); + + # Count services used in firewall - forward + foreach my $key1 (keys %fwfwd) { + if($fwfwd{$key1}[4] eq $searchstring){ + $counter++; + } + if($fwfwd{$key1}[6] eq $searchstring){ + $counter++; + } + } + #Count services used in firewall - input + foreach my $key2 (keys %fwinp) { + if($fwinp{$key2}[4] eq $searchstring){ + $counter++; + } + if($fwinp{$key2}[6] eq $searchstring){ + $counter++; + } + } + #Count services used in firewall - outgoing + foreach my $key3 (keys %fwout) { + if($fwout{$key3}[4] eq $searchstring){ + $counter++; + } + if($fwout{$key3}[6] eq $searchstring){ + $counter++; + } + } + return $counter; +} sub getnetcount { my $searchstring=shift; diff --git a/html/cgi-bin/geoip-block.cgi b/html/cgi-bin/geoip-block.cgi new file mode 100644 index 0000000000..ccbfa926a0 --- /dev/null +++ b/html/cgi-bin/geoip-block.cgi @@ -0,0 +1,263 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 IPFire Developemnt Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; + +my $notice; +my $settingsfile = "${General::swroot}/firewall/geoipblock"; + +my %color = (); +my %mainsettings = (); +my %settings = (); +my %cgiparams = (); + +# Read configuration file. +&General::readhash("$settingsfile", \%settings); + +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +&Header::showhttpheaders(); + +#Get GUI values +&Header::getcgihash(\%cgiparams); + +# Call subfunction to get all available locations. +my @locations = &fwlib::get_geoip_locations(); + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + # Check if we want to disable geoipblock. + if (exists $cgiparams{'GEOIPBLOCK_ENABLED'}) { + $settings{'GEOIPBLOCK_ENABLED'} = "on"; + } else { + $settings{'GEOIPBLOCK_ENABLED'} = "off"; + } + + # Loop through our locations array to prevent from + # non existing countries or code. + foreach my $cn (@locations) { + # Check if blocking for this country should be enabled/disabled. + if (exists $cgiparams{$cn}) { + $settings{$cn} = "on"; + } else { + $settings{$cn} = "off"; + } + } + + &General::writehash("$settingsfile", \%settings); + + # Mark the firewall config as changed. + &General::firewall_config_changed(); + + # Assign reload notice. We directly can use + # the notice from p2p block. + $notice = $Lang::tr{'p2p block save notice'}; +} + +&Header::openpage($Lang::tr{'geoipblock configuration'}, 1, ''); + +# Print notice that a firewall reload is required. +if ($notice) { + &Header::openbox('100%', 'left', $Lang::tr{'notice'}); + print "$notice"; + &Header::closebox(); +} + +# Checkbox pre-selection. +my $checked; +if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") { + $checked = "checked='checked'"; +} + +# Print box to enable/disable geoipblock. +print"
\n"; + +&Header::openbox('100%', 'center', $Lang::tr{'geoipblock'}); +print < + + $Lang::tr{'geoipblock enable feature'} + + + +
+ + + +
+ + + + + +
+END + +&Header::closebox(); + +&Header::openbox('100%', 'center', $Lang::tr{'geoipblock block countries'}); +### JAVA SCRIPT ### +print < + // Function to allow checking all checkboxes at once. + function check_all() { + \$("#countries").find(":checkbox").prop("checked", true); + } + + function uncheck_all() { + \$("#countries").find(":checkbox").prop("checked", false); + } + + + + + + + + + + + + + + + + +END + +my $lines; +my $lines2; +my $col; +foreach my $location (@locations) { + # Country code in upper case. (DE) + my $ccode_uc = $location; + + # County code in lower case. (de) + my $ccode_lc = lc($location); + + # Full name of the country based on the country code. + my $cname = &GeoIP::get_full_country_name($ccode_lc); + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($ccode_uc); + + my $flag; + # Check if a flag for the country is available. + if ($flag_icon) { + $flag="$ccode_uc"; + } else { + $flag="N/A"; + } + + # Checkbox pre-selection. + my $checked; + if ($settings{$ccode_uc} eq "on") { + $checked = "checked='checked'"; + } + + # Colour lines. + if ($lines % 2) { + $col="bgcolor='$color{'color20'}'"; + } else { + $col="bgcolor='$color{'color22'}'"; + } + + # Grouping elements. + my $line_start; + my $line_end; + if ($lines2 % 2) { + # Increase lines (background color by once. + $lines++; + + # Add empty column in front. + $line_start=""; + + # When the line number can be diveded by "2", + # we are going to close the line. + $line_end=""; + } else { + # When the line number is not divideable by "2", + # we are starting a new line. + $line_start=""; + $line_end; + } + + print "$line_start\n"; + print "\n"; + print "\n"; + print "$line_end\n"; + +$lines2++; +} + +print < + +
+ $Lang::tr{'flag'} + + $Lang::tr{'countrycode'} + + $Lang::tr{'country'} +   + $Lang::tr{'flag'} + + $Lang::tr{'countrycode'} + + $Lang::tr{'country'} +
 
$flag$ccode_uc$cname
+ + + + + + +
+ $Lang::tr{'check all'} / + $Lang::tr{'uncheck all'} +
+ +
+ + + + + + + + +
$Lang::tr{'geoipblock country is blocked'}$Lang::tr{'geoipblock country is allowed'}
+END + +&Header::closebox(); +print"\n"; + +&Header::closebigbox(); +&Header::closepage(); diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 53adeacce8..eafbdb1376 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -301,7 +301,7 @@ END print ''; print ''; } -if ( $netsettings{'BLUE_DEV'} ) { +if (&Header::blue_used()) { my $sub=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); print < @@ -318,7 +318,7 @@ END print ''; print ''; } -if ( $netsettings{'ORANGE_DEV'} ) { +if (&Header::orange_used()) { my $sub=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); print < diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 6bf7b2bfd5..fb52e68016 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2346,7 +2346,9 @@ else &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}) { + # Revoke certificate if certificate was deleted and rewrite the CRL my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; ### # m.a.d net2net diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 228b5d48c2..e00bc5fd50 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -20,7 +20,7 @@ ############################################################################### use strict; -use Locale::Country; +use Locale::Codes::Country; # enable only the following on debugging purpose use warnings; @@ -323,9 +323,9 @@ END END - my @country_names = Locale::Country::all_country_names(); + my @country_names = Locale::Codes::Country::all_country_names(); foreach my $country_name (sort @country_names) { - my $country_code = Locale::Country::country2code($country_name); + my $country_code = Locale::Codes::Country::country2code($country_name); $country_code = uc($country_code); print " + - @@ -2473,9 +2444,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + - @@ -2493,14 +2464,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || END - for (my $j=2014;$j<=($year);$j++){ + for (my $j=2014;$j<=($year1);$j++){ if(($_[1]) eq $j){ print""; }else{ @@ -2011,7 +2011,12 @@ END END - my $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;"); + my $res; + if (($mon)+1 == $mon1 && ($year)+1900 == $year1){ + $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;"); + }else{ + $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(strftime('%s',TIME_RUN)),max(strftime('%s',TIME_RUN)),NAME from ACCT_HIST where date(TIME_RUN) > date($from,'unixepoch') and date(TIME_RUN) < date($till,'unixepoch') group by NAME;"); + } my $sumbytes; my $type; my $lineval; @@ -2036,8 +2041,8 @@ END - - + + diff --git a/src/squid-accounting/acct-lib.pl b/src/squid-accounting/acct-lib.pl index 7969a50239..779ecf8103 100644 --- a/src/squid-accounting/acct-lib.pl +++ b/src/squid-accounting/acct-lib.pl @@ -93,8 +93,8 @@ sub delbefore { } sub movedbdata { - $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where date(TIME_RUN,'unixepoch') < date('now','-2 months') group by NAME,date(TIME_RUN,'unixepoch');"); - $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','-2 months');"); + $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where datetime(TIME_RUN,'unixepoch') < datetime('now','start of month') group by NAME,datetime(TIME_RUN,'unixepoch');"); + $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','start of month');"); } sub gethourgraphdata { @@ -119,10 +119,10 @@ sub getmonthgraphdata { my $name=$_[3]; my $res; $dbh=connectdb; - if ($table eq 'ACCT'){ - $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and NAME = '".$name."') kum_bytes FROM (SELECT date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by date(TIME_RUN,'unixepoch')) xx;"); + if ($table eq 'ACCT_HIST'){ + $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',TIME_RUN),(SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and TIME_RUN > date($from,'unixepoch') and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE date(TIME_RUN) > date(".$from.",'unixepoch') AND date(TIME_RUN) < date(".$till.",'unixepoch') AND NAME = '".$name."' group by date(TIME_RUN);"); }else{ - $res = $dbh->selectall_arrayref( "SELECT TIME_RUN, (SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE TIME_RUN BETWEEN date(".$from.",'unixepoch') AND date(".$till.",'unixepoch') AND NAME = '".$name."' group by TIME_RUN;"); + $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and TIME_RUN > ".$from." and NAME = '".$name."') kum_bytes FROM (SELECT NAME,date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by NAME,date(TIME_RUN,'unixepoch')) xx;"); } $dbh=closedb; return $res; diff --git a/src/squid-accounting/acct.pl b/src/squid-accounting/acct.pl index 79fc7bae43..7222689458 100755 --- a/src/squid-accounting/acct.pl +++ b/src/squid-accounting/acct.pl @@ -100,7 +100,7 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){ open (FH,">/var/log/accounting.log"); close (FH); chmod 0755, "/var/log/accounting.log"; - #move all db entries older than 2 months to second table and cumulate them hourly + #move all db entries older than this month to second table and cumulate them daily &ACCT::movedbdata; &ACCT::logger($settings{'LOG'},"New Month. Old trafficvalues moved to ACCT_HIST Table\n"); if ($settings{'USEMAIL'} eq 'on'){