From 3a1019f6895602c89145cec0e252f015c465a36c Mon Sep 17 00:00:00 2001 From: ms Date: Mon, 11 Dec 2006 20:02:07 +0000 Subject: [PATCH] Patch-O-Matic in den Kernel eingebaut. (Einige Module fehlen noch...) Unattended Installer bearbeitet. Firewallscript hinzugefuegt. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@360 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- config/kernel/kernel.config.i586 | 21 +- config/kernel/kernel.config.i586.smp | 21 +- config/kernel/unattended.conf | 6 +- config/rootfiles/common/glib | 439 +++++++++++++++++++++++ config/rootfiles/common/kudzu | 125 +++++++ config/rootfiles/common/mc | 102 ++++++ config/rootfiles/common/misc-progs | 29 ++ config/rootfiles/common/perl | 18 +- doc/packages-list.txt | 1 + lfs/kudzu | 3 +- lfs/linux | 128 +++---- lfs/openswan | 4 +- make.sh | 3 +- src/initscripts/init.d/firewall | 295 +++++++++++++++ src/initscripts/init.d/network | 2 +- src/initscripts/sysconfig/clock | 2 +- src/initscripts/sysconfig/firewall.local | 20 ++ src/initscripts/sysconfig/network | 2 +- src/install+setup/install/main.c | 66 ++-- 19 files changed, 1141 insertions(+), 146 deletions(-) create mode 100644 config/rootfiles/common/glib create mode 100644 config/rootfiles/common/kudzu create mode 100644 config/rootfiles/common/mc create mode 100644 config/rootfiles/common/misc-progs create mode 100644 src/initscripts/init.d/firewall create mode 100644 src/initscripts/sysconfig/firewall.local diff --git a/config/kernel/kernel.config.i586 b/config/kernel/kernel.config.i586 index 59cfe5439d..02629151aa 100644 --- a/config/kernel/kernel.config.i586 +++ b/config/kernel/kernel.config.i586 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.16 -# Tue Nov 28 19:31:51 2006 +# Wed Nov 29 00:06:35 2006 # CONFIG_X86_32=y CONFIG_SEMAPHORE_SLEEPERS=y @@ -343,6 +343,7 @@ CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y # CONFIG_ARPD is not set CONFIG_SYN_COOKIES=y +CONFIG_IPSEC_NAT_TRAVERSAL=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y @@ -458,6 +459,9 @@ CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m +CONFIG_IP_NF_TARGET_TARPIT=m +CONFIG_IP_NF_NAT_SIP=m +CONFIG_IP_NF_SIP=m # # Bridge: Netfilter Configuration @@ -579,6 +583,21 @@ CONFIG_IEEE80211=m CONFIG_IEEE80211_CRYPT_WEP=m # CONFIG_IEEE80211_CRYPT_CCMP is not set # CONFIG_IEEE80211_CRYPT_TKIP is not set +CONFIG_KLIPS=m + +# +# KLIPS options +# +CONFIG_KLIPS_ESP=y +CONFIG_KLIPS_AH=y +CONFIG_KLIPS_AUTH_HMAC_MD5=y +CONFIG_KLIPS_AUTH_HMAC_SHA1=y +# CONFIG_KLIPS_ENC_CRYPTOAPI is not set +CONFIG_KLIPS_ENC_3DES=y +CONFIG_KLIPS_ENC_AES=y +# CONFIG_KLIPS_ENC_NULL is not set +CONFIG_KLIPS_IPCOMP=y +CONFIG_KLIPS_DEBUG=y # # Device Drivers diff --git a/config/kernel/kernel.config.i586.smp b/config/kernel/kernel.config.i586.smp index e0a976948e..7fbcfd46e5 100644 --- a/config/kernel/kernel.config.i586.smp +++ b/config/kernel/kernel.config.i586.smp @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.16 -# Tue Nov 28 19:33:09 2006 +# Wed Nov 29 00:35:50 2006 # CONFIG_X86_32=y CONFIG_SEMAPHORE_SLEEPERS=y @@ -349,6 +349,7 @@ CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y # CONFIG_ARPD is not set CONFIG_SYN_COOKIES=y +CONFIG_IPSEC_NAT_TRAVERSAL=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y @@ -464,6 +465,9 @@ CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m +CONFIG_IP_NF_TARGET_TARPIT=m +CONFIG_IP_NF_NAT_SIP=m +CONFIG_IP_NF_SIP=m # # Bridge: Netfilter Configuration @@ -585,6 +589,21 @@ CONFIG_IEEE80211=m CONFIG_IEEE80211_CRYPT_WEP=m # CONFIG_IEEE80211_CRYPT_CCMP is not set # CONFIG_IEEE80211_CRYPT_TKIP is not set +CONFIG_KLIPS=m + +# +# KLIPS options +# +CONFIG_KLIPS_ESP=y +CONFIG_KLIPS_AH=y +CONFIG_KLIPS_AUTH_HMAC_MD5=y +CONFIG_KLIPS_AUTH_HMAC_SHA1=y +# CONFIG_KLIPS_ENC_CRYPTOAPI is not set +CONFIG_KLIPS_ENC_3DES=y +CONFIG_KLIPS_ENC_AES=y +# CONFIG_KLIPS_ENC_NULL is not set +CONFIG_KLIPS_IPCOMP=y +CONFIG_KLIPS_DEBUG=y # # Device Drivers diff --git a/config/kernel/unattended.conf b/config/kernel/unattended.conf index 9362028e87..b8ddba20c2 100644 --- a/config/kernel/unattended.conf +++ b/config/kernel/unattended.conf @@ -3,9 +3,9 @@ HOSTNAME=ipfire KEYMAP=/usr/share/kbd/keymaps/i386/qwerty/de.map.gz LANGUAGE=de TIMEZONE=/usr/share/zoneinfo/posix/Europe/Berlin -GREEN_ADDRESS=192.168.0.15 +GREEN_ADDRESS=192.168.180.30 GREEN_NETMASK=255.255.255.0 -GREEN_NETADDRESS=192.168.0.0 -GREEN_BROADCAST=192.168.0.255 +GREEN_NETADDRESS=192.168.180.0 +GREEN_BROADCAST=192.168.180.255 ROOT_PASSWORD=ipfire ADMIN_PASSWORD=ipfire diff --git a/config/rootfiles/common/glib b/config/rootfiles/common/glib new file mode 100644 index 0000000000..7fb52aa839 --- /dev/null +++ b/config/rootfiles/common/glib @@ -0,0 +1,439 @@ +#usr/bin/glib-genmarshal +#usr/bin/glib-gettextize +#usr/bin/glib-mkenums +#usr/bin/gobject-query +#usr/include/glib-2.0 +#usr/include/glib-2.0/glib +#usr/include/glib-2.0/glib-object.h +#usr/include/glib-2.0/glib.h +#usr/include/glib-2.0/glib/galloca.h +#usr/include/glib-2.0/glib/garray.h +#usr/include/glib-2.0/glib/gasyncqueue.h +#usr/include/glib-2.0/glib/gatomic.h +#usr/include/glib-2.0/glib/gbacktrace.h +#usr/include/glib-2.0/glib/gcache.h +#usr/include/glib-2.0/glib/gcompletion.h +#usr/include/glib-2.0/glib/gconvert.h +#usr/include/glib-2.0/glib/gdataset.h +#usr/include/glib-2.0/glib/gdate.h +#usr/include/glib-2.0/glib/gdir.h +#usr/include/glib-2.0/glib/gerror.h +#usr/include/glib-2.0/glib/gfileutils.h +#usr/include/glib-2.0/glib/ghash.h +#usr/include/glib-2.0/glib/ghook.h +#usr/include/glib-2.0/glib/gi18n-lib.h +#usr/include/glib-2.0/glib/gi18n.h +#usr/include/glib-2.0/glib/giochannel.h +#usr/include/glib-2.0/glib/gkeyfile.h +#usr/include/glib-2.0/glib/glist.h +#usr/include/glib-2.0/glib/gmacros.h +#usr/include/glib-2.0/glib/gmain.h +#usr/include/glib-2.0/glib/gmappedfile.h +#usr/include/glib-2.0/glib/gmarkup.h +#usr/include/glib-2.0/glib/gmem.h +#usr/include/glib-2.0/glib/gmessages.h +#usr/include/glib-2.0/glib/gnode.h +#usr/include/glib-2.0/glib/goption.h +#usr/include/glib-2.0/glib/gpattern.h +#usr/include/glib-2.0/glib/gprimes.h +#usr/include/glib-2.0/glib/gprintf.h +#usr/include/glib-2.0/glib/gqsort.h +#usr/include/glib-2.0/glib/gquark.h +#usr/include/glib-2.0/glib/gqueue.h +#usr/include/glib-2.0/glib/grand.h +#usr/include/glib-2.0/glib/grel.h +#usr/include/glib-2.0/glib/gscanner.h +#usr/include/glib-2.0/glib/gshell.h +#usr/include/glib-2.0/glib/gslice.h +#usr/include/glib-2.0/glib/gslist.h +#usr/include/glib-2.0/glib/gspawn.h +#usr/include/glib-2.0/glib/gstdio.h +#usr/include/glib-2.0/glib/gstrfuncs.h +#usr/include/glib-2.0/glib/gstring.h +#usr/include/glib-2.0/glib/gthread.h +#usr/include/glib-2.0/glib/gthreadpool.h +#usr/include/glib-2.0/glib/gtimer.h +#usr/include/glib-2.0/glib/gtree.h +#usr/include/glib-2.0/glib/gtypes.h +#usr/include/glib-2.0/glib/gunicode.h +#usr/include/glib-2.0/glib/gutils.h +#usr/include/glib-2.0/glib/gwin32.h +#usr/include/glib-2.0/gmodule.h +#usr/include/glib-2.0/gobject +#usr/include/glib-2.0/gobject/gboxed.h +#usr/include/glib-2.0/gobject/gclosure.h +#usr/include/glib-2.0/gobject/genums.h +#usr/include/glib-2.0/gobject/gmarshal.h +#usr/include/glib-2.0/gobject/gobject.h +#usr/include/glib-2.0/gobject/gobjectnotifyqueue.c +#usr/include/glib-2.0/gobject/gparam.h +#usr/include/glib-2.0/gobject/gparamspecs.h +#usr/include/glib-2.0/gobject/gsignal.h +#usr/include/glib-2.0/gobject/gsourceclosure.h +#usr/include/glib-2.0/gobject/gtype.h +#usr/include/glib-2.0/gobject/gtypemodule.h +#usr/include/glib-2.0/gobject/gtypeplugin.h +#usr/include/glib-2.0/gobject/gvalue.h +#usr/include/glib-2.0/gobject/gvaluearray.h +#usr/include/glib-2.0/gobject/gvaluecollector.h +#usr/include/glib-2.0/gobject/gvaluetypes.h +#usr/lib/glib-2.0 +#usr/lib/glib-2.0/include +#usr/lib/glib-2.0/include/glibconfig.h +#usr/lib/libglib-2.0.la +usr/lib/libglib-2.0.so +usr/lib/libglib-2.0.so.0 +usr/lib/libglib-2.0.so.0.902.4 +#usr/lib/libgmodule-2.0.la +usr/lib/libgmodule-2.0.so +usr/lib/libgmodule-2.0.so.0 +usr/lib/libgmodule-2.0.so.0.902.4 +#usr/lib/libgobject-2.0.la +usr/lib/libgobject-2.0.so +usr/lib/libgobject-2.0.so.0 +usr/lib/libgobject-2.0.so.0.902.4 +#usr/lib/libgthread-2.0.la +usr/lib/libgthread-2.0.so +usr/lib/libgthread-2.0.so.0 +usr/lib/libgthread-2.0.so.0.902.4 +#usr/lib/pkgconfig/glib-2.0.pc +#usr/lib/pkgconfig/gmodule-2.0.pc +#usr/lib/pkgconfig/gmodule-export-2.0.pc +#usr/lib/pkgconfig/gmodule-no-export-2.0.pc +#usr/lib/pkgconfig/gobject-2.0.pc +#usr/lib/pkgconfig/gthread-2.0.pc +#usr/man/man1/glib-genmarshal.1 +#usr/man/man1/glib-gettextize.1 +#usr/man/man1/glib-mkenums.1 +#usr/man/man1/gobject-query.1 +#usr/share/aclocal/glib-2.0.m4 +#usr/share/aclocal/glib-gettext.m4 +#usr/share/glib-2.0 +#usr/share/glib-2.0/gettext +#usr/share/glib-2.0/gettext/mkinstalldirs +#usr/share/glib-2.0/gettext/po +#usr/share/glib-2.0/gettext/po/Makefile.in.in +#usr/share/gtk-doc/html/glib +#usr/share/gtk-doc/html/glib/file-name-encodings.png +#usr/share/gtk-doc/html/glib/glib-Arrays.html +#usr/share/gtk-doc/html/glib/glib-Asynchronous-Queues.html +#usr/share/gtk-doc/html/glib/glib-Atomic-Operations.html +#usr/share/gtk-doc/html/glib/glib-Automatic-String-Completion.html +#usr/share/gtk-doc/html/glib/glib-Balanced-Binary-Trees.html +#usr/share/gtk-doc/html/glib/glib-Basic-Types.html +#usr/share/gtk-doc/html/glib/glib-Byte-Arrays.html +#usr/share/gtk-doc/html/glib/glib-Byte-Order-Macros.html +#usr/share/gtk-doc/html/glib/glib-Caches.html +#usr/share/gtk-doc/html/glib/glib-Character-Set-Conversion.html +#usr/share/gtk-doc/html/glib/glib-Commandline-option-parser.html +#usr/share/gtk-doc/html/glib/glib-Datasets.html +#usr/share/gtk-doc/html/glib/glib-Date-and-Time-Functions.html +#usr/share/gtk-doc/html/glib/glib-Double-ended-Queues.html +#usr/share/gtk-doc/html/glib/glib-Doubly-Linked-Lists.html +#usr/share/gtk-doc/html/glib/glib-Dynamic-Loading-of-Modules.html +#usr/share/gtk-doc/html/glib/glib-Error-Reporting.html +#usr/share/gtk-doc/html/glib/glib-File-Utilities.html +#usr/share/gtk-doc/html/glib/glib-Glob-style-pattern-matching.html +#usr/share/gtk-doc/html/glib/glib-Hash-Tables.html +#usr/share/gtk-doc/html/glib/glib-Hook-Functions.html +#usr/share/gtk-doc/html/glib/glib-I18N.html +#usr/share/gtk-doc/html/glib/glib-IO-Channels.html +#usr/share/gtk-doc/html/glib/glib-Key-value-file-parser.html +#usr/share/gtk-doc/html/glib/glib-Keyed-Data-Lists.html +#usr/share/gtk-doc/html/glib/glib-Lexical-Scanner.html +#usr/share/gtk-doc/html/glib/glib-Limits-of-Basic-Types.html +#usr/share/gtk-doc/html/glib/glib-Memory-Allocation.html +#usr/share/gtk-doc/html/glib/glib-Memory-Allocators.html +#usr/share/gtk-doc/html/glib/glib-Memory-Chunks.html +#usr/share/gtk-doc/html/glib/glib-Memory-Slices.html +#usr/share/gtk-doc/html/glib/glib-Message-Logging.html +#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Macros.html +#usr/share/gtk-doc/html/glib/glib-Miscellaneous-Utility-Functions.html +#usr/share/gtk-doc/html/glib/glib-N-ary-Trees.html +#usr/share/gtk-doc/html/glib/glib-Numerical-Definitions.html +#usr/share/gtk-doc/html/glib/glib-Pointer-Arrays.html +#usr/share/gtk-doc/html/glib/glib-Quarks.html +#usr/share/gtk-doc/html/glib/glib-Random-Numbers.html +#usr/share/gtk-doc/html/glib/glib-Relations-and-Tuples.html +#usr/share/gtk-doc/html/glib/glib-Shell-related-Utilities.html +#usr/share/gtk-doc/html/glib/glib-Simple-XML-Subset-Parser.html +#usr/share/gtk-doc/html/glib/glib-Singly-Linked-Lists.html +#usr/share/gtk-doc/html/glib/glib-Spawning-Processes.html +#usr/share/gtk-doc/html/glib/glib-Standard-Macros.html +#usr/share/gtk-doc/html/glib/glib-String-Chunks.html +#usr/share/gtk-doc/html/glib/glib-String-Utility-Functions.html +#usr/share/gtk-doc/html/glib/glib-Strings.html +#usr/share/gtk-doc/html/glib/glib-The-Main-Event-Loop.html +#usr/share/gtk-doc/html/glib/glib-Thread-Pools.html +#usr/share/gtk-doc/html/glib/glib-Threads.html +#usr/share/gtk-doc/html/glib/glib-Timers.html +#usr/share/gtk-doc/html/glib/glib-Trash-Stacks.html +#usr/share/gtk-doc/html/glib/glib-Type-Conversion-Macros.html +#usr/share/gtk-doc/html/glib/glib-Unicode-Manipulation.html +#usr/share/gtk-doc/html/glib/glib-Version-Information.html +#usr/share/gtk-doc/html/glib/glib-Warnings-and-Assertions.html +#usr/share/gtk-doc/html/glib/glib-Windows-Compatibility-Functions.html +#usr/share/gtk-doc/html/glib/glib-building.html +#usr/share/gtk-doc/html/glib/glib-changes.html +#usr/share/gtk-doc/html/glib/glib-compiling.html +#usr/share/gtk-doc/html/glib/glib-core.html +#usr/share/gtk-doc/html/glib/glib-cross-compiling.html +#usr/share/gtk-doc/html/glib/glib-data-types.html +#usr/share/gtk-doc/html/glib/glib-fundamentals.html +#usr/share/gtk-doc/html/glib/glib-gettextize.html +#usr/share/gtk-doc/html/glib/glib-resources.html +#usr/share/gtk-doc/html/glib/glib-running.html +#usr/share/gtk-doc/html/glib/glib-utilities.html +#usr/share/gtk-doc/html/glib/glib.devhelp +#usr/share/gtk-doc/html/glib/glib.devhelp2 +#usr/share/gtk-doc/html/glib/glib.html +#usr/share/gtk-doc/html/glib/home.png +#usr/share/gtk-doc/html/glib/index.html +#usr/share/gtk-doc/html/glib/index.sgml +#usr/share/gtk-doc/html/glib/ix01.html +#usr/share/gtk-doc/html/glib/ix02.html +#usr/share/gtk-doc/html/glib/ix03.html +#usr/share/gtk-doc/html/glib/ix04.html +#usr/share/gtk-doc/html/glib/ix05.html +#usr/share/gtk-doc/html/glib/ix06.html +#usr/share/gtk-doc/html/glib/ix07.html +#usr/share/gtk-doc/html/glib/left.png +#usr/share/gtk-doc/html/glib/mainloop-states.gif +#usr/share/gtk-doc/html/glib/right.png +#usr/share/gtk-doc/html/glib/style.css +#usr/share/gtk-doc/html/glib/tools.html +#usr/share/gtk-doc/html/glib/up.png +#usr/share/gtk-doc/html/gobject +#usr/share/gtk-doc/html/gobject/GTypeModule.html +#usr/share/gtk-doc/html/gobject/GTypePlugin.html +#usr/share/gtk-doc/html/gobject/ch01.html +#usr/share/gtk-doc/html/gobject/ch01s02.html +#usr/share/gtk-doc/html/gobject/ch02.html +#usr/share/gtk-doc/html/gobject/ch06s03.html +#usr/share/gtk-doc/html/gobject/ch07s02.html +#usr/share/gtk-doc/html/gobject/ch07s03.html +#usr/share/gtk-doc/html/gobject/chapter-gobject.html +#usr/share/gtk-doc/html/gobject/chapter-signal.html +#usr/share/gtk-doc/html/gobject/glib-genmarshal.html +#usr/share/gtk-doc/html/gobject/glib-mkenums.html +#usr/share/gtk-doc/html/gobject/glue.png +#usr/share/gtk-doc/html/gobject/gobject-Boxed-Types.html +#usr/share/gtk-doc/html/gobject/gobject-Closures.html +#usr/share/gtk-doc/html/gobject/gobject-Enumeration-and-Flag-Types.html +#usr/share/gtk-doc/html/gobject/gobject-GParamSpec.html +#usr/share/gtk-doc/html/gobject/gobject-Generic-values.html +#usr/share/gtk-doc/html/gobject/gobject-Signals.html +#usr/share/gtk-doc/html/gobject/gobject-Standard-Parameter-and-Value-Types.html +#usr/share/gtk-doc/html/gobject/gobject-The-Base-Object-Type.html +#usr/share/gtk-doc/html/gobject/gobject-Type-Information.html +#usr/share/gtk-doc/html/gobject/gobject-Value-arrays.html +#usr/share/gtk-doc/html/gobject/gobject-Varargs-Value-Collection.html +#usr/share/gtk-doc/html/gobject/gobject-memory.html +#usr/share/gtk-doc/html/gobject/gobject-properties.html +#usr/share/gtk-doc/html/gobject/gobject-query.html +#usr/share/gtk-doc/html/gobject/gobject.devhelp +#usr/share/gtk-doc/html/gobject/gobject.devhelp2 +#usr/share/gtk-doc/html/gobject/gtype-conventions.html +#usr/share/gtk-doc/html/gobject/gtype-instantiable-classed.html +#usr/share/gtk-doc/html/gobject/gtype-non-instantiable-classed.html +#usr/share/gtk-doc/html/gobject/gtype-non-instantiable.html +#usr/share/gtk-doc/html/gobject/home.png +#usr/share/gtk-doc/html/gobject/howto-gobject-chainup.html +#usr/share/gtk-doc/html/gobject/howto-gobject-code.html +#usr/share/gtk-doc/html/gobject/howto-gobject-construction.html +#usr/share/gtk-doc/html/gobject/howto-gobject-destruction.html +#usr/share/gtk-doc/html/gobject/howto-gobject-methods.html +#usr/share/gtk-doc/html/gobject/howto-gobject.html +#usr/share/gtk-doc/html/gobject/howto-interface-implement.html +#usr/share/gtk-doc/html/gobject/howto-interface-properties.html +#usr/share/gtk-doc/html/gobject/howto-interface.html +#usr/share/gtk-doc/html/gobject/howto-signals.html +#usr/share/gtk-doc/html/gobject/index.html +#usr/share/gtk-doc/html/gobject/index.sgml +#usr/share/gtk-doc/html/gobject/ix01.html +#usr/share/gtk-doc/html/gobject/ix02.html +#usr/share/gtk-doc/html/gobject/ix03.html +#usr/share/gtk-doc/html/gobject/ix04.html +#usr/share/gtk-doc/html/gobject/ix05.html +#usr/share/gtk-doc/html/gobject/ix06.html +#usr/share/gtk-doc/html/gobject/ix07.html +#usr/share/gtk-doc/html/gobject/left.png +#usr/share/gtk-doc/html/gobject/pr01.html +#usr/share/gtk-doc/html/gobject/pt01.html +#usr/share/gtk-doc/html/gobject/pt02.html +#usr/share/gtk-doc/html/gobject/pt03.html +#usr/share/gtk-doc/html/gobject/right.png +#usr/share/gtk-doc/html/gobject/rn01.html +#usr/share/gtk-doc/html/gobject/rn02.html +#usr/share/gtk-doc/html/gobject/signal.html +#usr/share/gtk-doc/html/gobject/style.css +#usr/share/gtk-doc/html/gobject/tools-ginspector.html +#usr/share/gtk-doc/html/gobject/tools-gob.html +#usr/share/gtk-doc/html/gobject/tools-gtkdoc.html +#usr/share/gtk-doc/html/gobject/tools-refdb.html +#usr/share/gtk-doc/html/gobject/up.png +#usr/share/locale/am +#usr/share/locale/am/LC_MESSAGES +#usr/share/locale/am/LC_MESSAGES/glib20.mo +#usr/share/locale/ar +#usr/share/locale/ar/LC_MESSAGES +#usr/share/locale/ar/LC_MESSAGES/glib20.mo +#usr/share/locale/az +#usr/share/locale/az/LC_MESSAGES +#usr/share/locale/az/LC_MESSAGES/glib20.mo +#usr/share/locale/be/LC_MESSAGES/glib20.mo +#usr/share/locale/bg +#usr/share/locale/bg/LC_MESSAGES +#usr/share/locale/bg/LC_MESSAGES/glib20.mo +#usr/share/locale/bn +#usr/share/locale/bn/LC_MESSAGES +#usr/share/locale/bn/LC_MESSAGES/glib20.mo +#usr/share/locale/bs +#usr/share/locale/bs/LC_MESSAGES +#usr/share/locale/bs/LC_MESSAGES/glib20.mo +#usr/share/locale/ca/LC_MESSAGES/glib20.mo +#usr/share/locale/cs/LC_MESSAGES/glib20.mo +#usr/share/locale/cy +#usr/share/locale/cy/LC_MESSAGES +#usr/share/locale/cy/LC_MESSAGES/glib20.mo +#usr/share/locale/da/LC_MESSAGES/glib20.mo +#usr/share/locale/de/LC_MESSAGES/glib20.mo +#usr/share/locale/el/LC_MESSAGES/glib20.mo +#usr/share/locale/en_CA +#usr/share/locale/en_CA/LC_MESSAGES +#usr/share/locale/en_CA/LC_MESSAGES/glib20.mo +#usr/share/locale/en_GB/LC_MESSAGES/glib20.mo +#usr/share/locale/eo +#usr/share/locale/eo/LC_MESSAGES +#usr/share/locale/eo/LC_MESSAGES/glib20.mo +#usr/share/locale/es/LC_MESSAGES/glib20.mo +#usr/share/locale/et/LC_MESSAGES/glib20.mo +#usr/share/locale/eu +#usr/share/locale/eu/LC_MESSAGES +#usr/share/locale/eu/LC_MESSAGES/glib20.mo +#usr/share/locale/fa +#usr/share/locale/fa/LC_MESSAGES +#usr/share/locale/fa/LC_MESSAGES/glib20.mo +#usr/share/locale/fi/LC_MESSAGES/glib20.mo +#usr/share/locale/fr/LC_MESSAGES/glib20.mo +#usr/share/locale/ga +#usr/share/locale/ga/LC_MESSAGES +#usr/share/locale/ga/LC_MESSAGES/glib20.mo +#usr/share/locale/gl/LC_MESSAGES/glib20.mo +#usr/share/locale/gu +#usr/share/locale/gu/LC_MESSAGES +#usr/share/locale/gu/LC_MESSAGES/glib20.mo +#usr/share/locale/he +#usr/share/locale/he/LC_MESSAGES +#usr/share/locale/he/LC_MESSAGES/glib20.mo +#usr/share/locale/hi +#usr/share/locale/hi/LC_MESSAGES +#usr/share/locale/hi/LC_MESSAGES/glib20.mo +#usr/share/locale/hr/LC_MESSAGES/glib20.mo +#usr/share/locale/hu/LC_MESSAGES/glib20.mo +#usr/share/locale/id +#usr/share/locale/id/LC_MESSAGES +#usr/share/locale/id/LC_MESSAGES/glib20.mo +#usr/share/locale/is +#usr/share/locale/is/LC_MESSAGES +#usr/share/locale/is/LC_MESSAGES/glib20.mo +#usr/share/locale/it/LC_MESSAGES/glib20.mo +#usr/share/locale/ja/LC_MESSAGES/glib20.mo +#usr/share/locale/ko/LC_MESSAGES/glib20.mo +#usr/share/locale/ku +#usr/share/locale/ku/LC_MESSAGES +#usr/share/locale/ku/LC_MESSAGES/glib20.mo +#usr/share/locale/lt +#usr/share/locale/lt/LC_MESSAGES +#usr/share/locale/lt/LC_MESSAGES/glib20.mo +#usr/share/locale/lv +#usr/share/locale/lv/LC_MESSAGES +#usr/share/locale/lv/LC_MESSAGES/glib20.mo +#usr/share/locale/mk +#usr/share/locale/mk/LC_MESSAGES +#usr/share/locale/mk/LC_MESSAGES/glib20.mo +#usr/share/locale/ml +#usr/share/locale/ml/LC_MESSAGES +#usr/share/locale/ml/LC_MESSAGES/glib20.mo +#usr/share/locale/mn +#usr/share/locale/mn/LC_MESSAGES +#usr/share/locale/mn/LC_MESSAGES/glib20.mo +#usr/share/locale/ms +#usr/share/locale/ms/LC_MESSAGES +#usr/share/locale/ms/LC_MESSAGES/glib20.mo +#usr/share/locale/nb/LC_MESSAGES/glib20.mo +#usr/share/locale/ne +#usr/share/locale/ne/LC_MESSAGES +#usr/share/locale/ne/LC_MESSAGES/glib20.mo +#usr/share/locale/nl/LC_MESSAGES/glib20.mo +#usr/share/locale/nn +#usr/share/locale/nn/LC_MESSAGES +#usr/share/locale/nn/LC_MESSAGES/glib20.mo +#usr/share/locale/no +#usr/share/locale/no/LC_MESSAGES +#usr/share/locale/no/LC_MESSAGES/glib20.mo +#usr/share/locale/or +#usr/share/locale/or/LC_MESSAGES +#usr/share/locale/or/LC_MESSAGES/glib20.mo +#usr/share/locale/pa +#usr/share/locale/pa/LC_MESSAGES +#usr/share/locale/pa/LC_MESSAGES/glib20.mo +#usr/share/locale/pl/LC_MESSAGES/glib20.mo +#usr/share/locale/pt +#usr/share/locale/pt/LC_MESSAGES +#usr/share/locale/pt/LC_MESSAGES/glib20.mo +#usr/share/locale/pt_BR/LC_MESSAGES/glib20.mo +#usr/share/locale/ro/LC_MESSAGES/glib20.mo +#usr/share/locale/ru/LC_MESSAGES/glib20.mo +#usr/share/locale/rw +#usr/share/locale/rw/LC_MESSAGES +#usr/share/locale/rw/LC_MESSAGES/glib20.mo +#usr/share/locale/sk/LC_MESSAGES/glib20.mo +#usr/share/locale/sl/LC_MESSAGES/glib20.mo +#usr/share/locale/sq +#usr/share/locale/sq/LC_MESSAGES +#usr/share/locale/sq/LC_MESSAGES/glib20.mo +#usr/share/locale/sr +#usr/share/locale/sr/LC_MESSAGES +#usr/share/locale/sr/LC_MESSAGES/glib20.mo +#usr/share/locale/sr@Latn +#usr/share/locale/sr@Latn/LC_MESSAGES +#usr/share/locale/sr@Latn/LC_MESSAGES/glib20.mo +#usr/share/locale/sr@ije +#usr/share/locale/sr@ije/LC_MESSAGES +#usr/share/locale/sr@ije/LC_MESSAGES/glib20.mo +#usr/share/locale/sv/LC_MESSAGES/glib20.mo +#usr/share/locale/ta +#usr/share/locale/ta/LC_MESSAGES +#usr/share/locale/ta/LC_MESSAGES/glib20.mo +#usr/share/locale/te +#usr/share/locale/te/LC_MESSAGES +#usr/share/locale/te/LC_MESSAGES/glib20.mo +#usr/share/locale/th +#usr/share/locale/th/LC_MESSAGES +#usr/share/locale/th/LC_MESSAGES/glib20.mo +#usr/share/locale/tl +#usr/share/locale/tl/LC_MESSAGES +#usr/share/locale/tl/LC_MESSAGES/glib20.mo +#usr/share/locale/tr/LC_MESSAGES/glib20.mo +#usr/share/locale/tt +#usr/share/locale/tt/LC_MESSAGES +#usr/share/locale/tt/LC_MESSAGES/glib20.mo +#usr/share/locale/uk/LC_MESSAGES/glib20.mo +#usr/share/locale/vi +#usr/share/locale/vi/LC_MESSAGES +#usr/share/locale/vi/LC_MESSAGES/glib20.mo +#usr/share/locale/wa +#usr/share/locale/wa/LC_MESSAGES +#usr/share/locale/wa/LC_MESSAGES/glib20.mo +#usr/share/locale/xh +#usr/share/locale/xh/LC_MESSAGES +#usr/share/locale/xh/LC_MESSAGES/glib20.mo +#usr/share/locale/yi +#usr/share/locale/yi/LC_MESSAGES +#usr/share/locale/yi/LC_MESSAGES/glib20.mo +#usr/share/locale/zh_CN/LC_MESSAGES/glib20.mo +#usr/share/locale/zh_HK +#usr/share/locale/zh_HK/LC_MESSAGES +#usr/share/locale/zh_HK/LC_MESSAGES/glib20.mo +#usr/share/locale/zh_TW/LC_MESSAGES/glib20.mo diff --git a/config/rootfiles/common/kudzu b/config/rootfiles/common/kudzu new file mode 100644 index 0000000000..7773620207 --- /dev/null +++ b/config/rootfiles/common/kudzu @@ -0,0 +1,125 @@ +#etc/rc.d/init.d +#etc/rc.d/init.d/kudzu +#etc/sysconfig +#etc/sysconfig/kudzu +sbin/kudzu +#usr/include/kudzu +#usr/include/kudzu/adb.h +#usr/include/kudzu/alias.h +#usr/include/kudzu/ddc.h +#usr/include/kudzu/device.h +#usr/include/kudzu/firewire.h +#usr/include/kudzu/ide.h +#usr/include/kudzu/isapnp.h +#usr/include/kudzu/keyboard.h +#usr/include/kudzu/kudzu.h +#usr/include/kudzu/macio.h +#usr/include/kudzu/misc.h +#usr/include/kudzu/modules.h +#usr/include/kudzu/parallel.h +#usr/include/kudzu/pci.h +#usr/include/kudzu/pcmcia.h +#usr/include/kudzu/psaux.h +#usr/include/kudzu/sbus.h +#usr/include/kudzu/scsi.h +#usr/include/kudzu/serial.h +#usr/include/kudzu/usb.h +usr/lib/libkudzu.a +usr/lib/libkudzu_loader.a +#usr/lib/python2.4/site-packages/_kudzumodule.so +#usr/lib/python2.4/site-packages/drv_libxml2.pyc +#usr/lib/python2.4/site-packages/kudzu.py +#usr/lib/python2.4/site-packages/kudzu.pyc +#usr/lib/python2.4/site-packages/libxml2.pyc +#usr/lib/python2.4/site-packages/snack.pyc +usr/sbin/kudzu +#usr/share/locale/ar/LC_MESSAGES/kudzu.mo +#usr/share/locale/as +#usr/share/locale/as/LC_MESSAGES +#usr/share/locale/as/LC_MESSAGES/kudzu.mo +#usr/share/locale/be/LC_MESSAGES/kudzu.mo +#usr/share/locale/bg/LC_MESSAGES/kudzu.mo +#usr/share/locale/bn/LC_MESSAGES/kudzu.mo +#usr/share/locale/bn_IN +#usr/share/locale/bn_IN/LC_MESSAGES +#usr/share/locale/bn_IN/LC_MESSAGES/kudzu.mo +#usr/share/locale/bs/LC_MESSAGES/kudzu.mo +#usr/share/locale/ca/LC_MESSAGES/kudzu.mo +#usr/share/locale/cs/LC_MESSAGES/kudzu.mo +#usr/share/locale/cy/LC_MESSAGES/kudzu.mo +#usr/share/locale/da/LC_MESSAGES/kudzu.mo +#usr/share/locale/de/LC_MESSAGES/kudzu.mo +#usr/share/locale/el/LC_MESSAGES/kudzu.mo +#usr/share/locale/en_GB/LC_MESSAGES/kudzu.mo +#usr/share/locale/es/LC_MESSAGES/kudzu.mo +#usr/share/locale/et/LC_MESSAGES/kudzu.mo +#usr/share/locale/eu_ES +#usr/share/locale/eu_ES/LC_MESSAGES +#usr/share/locale/eu_ES/LC_MESSAGES/kudzu.mo +#usr/share/locale/fi/LC_MESSAGES/kudzu.mo +#usr/share/locale/fr/LC_MESSAGES/kudzu.mo +#usr/share/locale/gl/LC_MESSAGES/kudzu.mo +#usr/share/locale/gu/LC_MESSAGES/kudzu.mo +#usr/share/locale/he/LC_MESSAGES/kudzu.mo +#usr/share/locale/hi/LC_MESSAGES/kudzu.mo +#usr/share/locale/hr/LC_MESSAGES/kudzu.mo +#usr/share/locale/hu/LC_MESSAGES/kudzu.mo +#usr/share/locale/hy +#usr/share/locale/hy/LC_MESSAGES +#usr/share/locale/hy/LC_MESSAGES/kudzu.mo +#usr/share/locale/id/LC_MESSAGES/kudzu.mo +#usr/share/locale/is/LC_MESSAGES/kudzu.mo +#usr/share/locale/it/LC_MESSAGES/kudzu.mo +#usr/share/locale/ja/LC_MESSAGES/kudzu.mo +#usr/share/locale/ka/LC_MESSAGES/kudzu.mo +#usr/share/locale/kn +#usr/share/locale/kn/LC_MESSAGES +#usr/share/locale/kn/LC_MESSAGES/kudzu.mo +#usr/share/locale/ko/LC_MESSAGES/kudzu.mo +#usr/share/locale/ku/LC_MESSAGES/kudzu.mo +#usr/share/locale/lo +#usr/share/locale/lo/LC_MESSAGES +#usr/share/locale/lo/LC_MESSAGES/kudzu.mo +#usr/share/locale/lt/LC_MESSAGES/kudzu.mo +#usr/share/locale/lv/LC_MESSAGES/kudzu.mo +#usr/share/locale/mk/LC_MESSAGES/kudzu.mo +#usr/share/locale/ml/LC_MESSAGES/kudzu.mo +#usr/share/locale/mr +#usr/share/locale/mr/LC_MESSAGES +#usr/share/locale/mr/LC_MESSAGES/kudzu.mo +#usr/share/locale/ms/LC_MESSAGES/kudzu.mo +#usr/share/locale/my +#usr/share/locale/my/LC_MESSAGES +#usr/share/locale/my/LC_MESSAGES/kudzu.mo +#usr/share/locale/nb/LC_MESSAGES/kudzu.mo +#usr/share/locale/nl/LC_MESSAGES/kudzu.mo +#usr/share/locale/nn/LC_MESSAGES/kudzu.mo +#usr/share/locale/no/LC_MESSAGES/kudzu.mo +#usr/share/locale/or/LC_MESSAGES/kudzu.mo +#usr/share/locale/pa/LC_MESSAGES/kudzu.mo +#usr/share/locale/pl/LC_MESSAGES/kudzu.mo +#usr/share/locale/pt/LC_MESSAGES/kudzu.mo +#usr/share/locale/pt_BR/LC_MESSAGES/kudzu.mo +#usr/share/locale/ro/LC_MESSAGES/kudzu.mo +#usr/share/locale/ru/LC_MESSAGES/kudzu.mo +#usr/share/locale/si +#usr/share/locale/si/LC_MESSAGES +#usr/share/locale/si/LC_MESSAGES/kudzu.mo +#usr/share/locale/sk/LC_MESSAGES/kudzu.mo +#usr/share/locale/sl/LC_MESSAGES/kudzu.mo +#usr/share/locale/sq/LC_MESSAGES/kudzu.mo +#usr/share/locale/sr/LC_MESSAGES/kudzu.mo +#usr/share/locale/sr@Latn/LC_MESSAGES/kudzu.mo +#usr/share/locale/sv/LC_MESSAGES/kudzu.mo +#usr/share/locale/ta/LC_MESSAGES/kudzu.mo +#usr/share/locale/te/LC_MESSAGES/kudzu.mo +#usr/share/locale/tr/LC_MESSAGES/kudzu.mo +#usr/share/locale/uk/LC_MESSAGES/kudzu.mo +#usr/share/locale/ur +#usr/share/locale/ur/LC_MESSAGES +#usr/share/locale/ur/LC_MESSAGES/kudzu.mo +#usr/share/locale/vi/LC_MESSAGES/kudzu.mo +#usr/share/locale/wa/LC_MESSAGES/kudzu.mo +#usr/share/locale/zh_CN/LC_MESSAGES/kudzu.mo +#usr/share/locale/zh_TW/LC_MESSAGES/kudzu.mo +#usr/share/man/man8/kudzu.8 diff --git a/config/rootfiles/common/mc b/config/rootfiles/common/mc new file mode 100644 index 0000000000..ec00e5fdb8 --- /dev/null +++ b/config/rootfiles/common/mc @@ -0,0 +1,102 @@ +usr/bin/mc +usr/bin/mcedit +usr/bin/mcmfmt +usr/bin/mcview +#usr/lib/mc +usr/lib/mc/cons.saver +#usr/man/man1/mc.1 +#usr/man/man1/mcedit.1 +#usr/man/man1/mcview.1 +#usr/share/mc +#usr/share/mc/bin +usr/share/mc/bin/mc-wrapper.csh +usr/share/mc/bin/mc-wrapper.sh +usr/share/mc/bin/mc.csh +usr/share/mc/bin/mc.sh +usr/share/mc/cedit.menu +usr/share/mc/edit.indent.rc +usr/share/mc/edit.spell.rc +#usr/share/mc/extfs +usr/share/mc/extfs/README +usr/share/mc/extfs/a +usr/share/mc/extfs/apt +usr/share/mc/extfs/audio +usr/share/mc/extfs/bpp +usr/share/mc/extfs/deb +usr/share/mc/extfs/deba +usr/share/mc/extfs/debd +usr/share/mc/extfs/dpkg +usr/share/mc/extfs/extfs.ini +usr/share/mc/extfs/hp48 +usr/share/mc/extfs/lslR +usr/share/mc/extfs/mailfs +usr/share/mc/extfs/patchfs +usr/share/mc/extfs/rpm +usr/share/mc/extfs/rpms +usr/share/mc/extfs/sfs.ini +usr/share/mc/extfs/trpm +usr/share/mc/extfs/uar +usr/share/mc/extfs/uarj +usr/share/mc/extfs/uha +usr/share/mc/extfs/ulha +usr/share/mc/extfs/urar +usr/share/mc/extfs/uzip +usr/share/mc/extfs/uzoo +usr/share/mc/mc.ext +usr/share/mc/mc.hint +#usr/share/mc/mc.hint.cs +#usr/share/mc/mc.hint.es +#usr/share/mc/mc.hint.hu +#usr/share/mc/mc.hint.it +#usr/share/mc/mc.hint.nl +#usr/share/mc/mc.hint.pl +#usr/share/mc/mc.hint.ru +#usr/share/mc/mc.hint.uk +#usr/share/mc/mc.hint.zh +usr/share/mc/mc.hlp +usr/share/mc/mc.lib +usr/share/mc/mc.menu +#usr/share/mc/syntax +usr/share/mc/syntax/Syntax +usr/share/mc/syntax/ada95.syntax +usr/share/mc/syntax/c.syntax +usr/share/mc/syntax/changelog.syntax +usr/share/mc/syntax/diff.syntax +usr/share/mc/syntax/dos.syntax +usr/share/mc/syntax/fortran.syntax +usr/share/mc/syntax/html.syntax +usr/share/mc/syntax/java.syntax +usr/share/mc/syntax/js.syntax +usr/share/mc/syntax/latex.syntax +usr/share/mc/syntax/lisp.syntax +usr/share/mc/syntax/lsm.syntax +usr/share/mc/syntax/m4.syntax +usr/share/mc/syntax/mail.syntax +usr/share/mc/syntax/makefile.syntax +usr/share/mc/syntax/ml.syntax +usr/share/mc/syntax/nroff.syntax +usr/share/mc/syntax/octave.syntax +usr/share/mc/syntax/pascal.syntax +usr/share/mc/syntax/perl.syntax +usr/share/mc/syntax/php.syntax +usr/share/mc/syntax/po.syntax +usr/share/mc/syntax/python.syntax +usr/share/mc/syntax/sh.syntax +usr/share/mc/syntax/slang.syntax +usr/share/mc/syntax/smalltalk.syntax +usr/share/mc/syntax/spec.syntax +usr/share/mc/syntax/sql.syntax +usr/share/mc/syntax/swig.syntax +usr/share/mc/syntax/syntax.syntax +usr/share/mc/syntax/tcl.syntax +usr/share/mc/syntax/texinfo.syntax +usr/share/mc/syntax/unknown.syntax +usr/share/mc/syntax/xml.syntax +#usr/share/mc/term +usr/share/mc/term/README.xterm +usr/share/mc/term/ansi.ti +usr/share/mc/term/linux.ti +usr/share/mc/term/vt100.ti +usr/share/mc/term/xterm.ad +usr/share/mc/term/xterm.tcap +usr/share/mc/term/xterm.ti diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs new file mode 100644 index 0000000000..65e1920a7c --- /dev/null +++ b/config/rootfiles/common/misc-progs @@ -0,0 +1,29 @@ +usr/local/bin/getipstat +#usr/local/bin/installfcdsl +#usr/local/bin/installpackage +#usr/local/bin/iowrap +usr/local/bin/ipfirebackup +usr/local/bin/ipfirebkcfg +usr/local/bin/ipfirereboot +usr/local/bin/ipfirerscfg +usr/local/bin/ipsecctrl +usr/local/bin/launch-ether-wake +usr/local/bin/logwatch +usr/local/bin/openvpnctrl +usr/local/bin/qosctrl +usr/local/bin/rebuildhosts +usr/local/bin/restartapplejuice +usr/local/bin/restartdhcp +usr/local/bin/restartntpd +usr/local/bin/restartsnort +usr/local/bin/restartsquid +usr/local/bin/restartssh +usr/local/bin/restartsyslogd +usr/local/bin/restartwireless +usr/local/bin/setaliases +usr/local/bin/setdate +usr/local/bin/setdmzholes +usr/local/bin/setfilters +usr/local/bin/setportfw +usr/local/bin/setxtaccess +usr/local/bin/timecheckctrl diff --git a/config/rootfiles/common/perl b/config/rootfiles/common/perl index 8771d80804..9e8355082f 100644 --- a/config/rootfiles/common/perl +++ b/config/rootfiles/common/perl @@ -512,7 +512,7 @@ usr/lib/perl5/5.8.8/i586-linux/ByteLoader.pm #usr/lib/perl5/5.8.8/i586-linux/CORE/warnings.h usr/lib/perl5/5.8.8/i586-linux/Config.pm #usr/lib/perl5/5.8.8/i586-linux/Config.pod -#usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl +usr/lib/perl5/5.8.8/i586-linux/Config_heavy.pl usr/lib/perl5/5.8.8/i586-linux/Cwd.pm usr/lib/perl5/5.8.8/i586-linux/DB_File.pm #usr/lib/perl5/5.8.8/i586-linux/Data @@ -606,7 +606,7 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Cwd/Cwd.so #usr/lib/perl5/5.8.8/i586-linux/auto/DB_File #usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.bs usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/DB_File.so -#usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix +usr/lib/perl5/5.8.8/i586-linux/auto/DB_File/autosplit.ix #usr/lib/perl5/5.8.8/i586-linux/auto/Data #usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper #usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper/Dumper.bs @@ -626,12 +626,12 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Data/Dumper/Dumper.so #usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.bs usr/lib/perl5/5.8.8/i586-linux/auto/Digest/MD5/MD5.so #usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al -#usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/DynaLoader.a +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/autosplit.ix +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_expandspec.al +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_find_symbol_anywhere.al +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/dl_findfile.al +usr/lib/perl5/5.8.8/i586-linux/auto/DynaLoader/extralibs.ld #usr/lib/perl5/5.8.8/i586-linux/auto/Encode #usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte #usr/lib/perl5/5.8.8/i586-linux/auto/Encode/Byte/Byte.bs @@ -665,7 +665,7 @@ usr/lib/perl5/5.8.8/i586-linux/auto/Fcntl/Fcntl.so #usr/lib/perl5/5.8.8/i586-linux/auto/File #usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.bs -#usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so +usr/lib/perl5/5.8.8/i586-linux/auto/File/Glob/Glob.so #usr/lib/perl5/5.8.8/i586-linux/auto/Filter #usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util #usr/lib/perl5/5.8.8/i586-linux/auto/Filter/Util/Call diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 1cfef40b4e..b938b229f2 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -167,6 +167,7 @@ * openssh-4.3p2 * openssl-0.9.8d * openswan-2.4.6 +* openswan-2.4.7 * openvpn-2.0.9 * pam_mysql-0.7RC1 * patch-2.5.4 diff --git a/lfs/kudzu b/lfs/kudzu index 68ee3703cc..963a8db985 100644 --- a/lfs/kudzu +++ b/lfs/kudzu @@ -83,9 +83,8 @@ ifeq "$(LFS_PASS)" "install" cd $(DIR_APP) && install -m 0755 kudzu /install/initrd/bin/kudzu cd $(DIR_APP) && install -m 0644 libkudzu.a /install/initrd/lib cd $(DIR_APP) && install -m 0644 libkudzu_loader.a /install/initrd/lib -# -mkdir -p /install/include/kudzu -# cd $(DIR_APP) && install -m 0644 *.h /install/include/kudzu else + rm -rf /usr/sbin/kudzu cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install cd $(DIR_APP) && ARCH=$(MACHINE) RPM_OPT_FLAGS="$(CFLAGS)" make install-program diff --git a/lfs/linux b/lfs/linux index b03973cab7..8264a699b3 100644 --- a/lfs/linux +++ b/lfs/linux @@ -36,25 +36,22 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS = -# Normal build or /tools build. +# Normal build or SMP build. # -ifeq "$(PASS)" "" - TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire -endif -ifeq "$(PASS)" "S" - TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp -endif -ifeq "$(PASS)" "I" - TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer +ifeq "$(SMP)" "1" + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp +else + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire endif ############################################################################### # Top-level Rules ############################################################################### objects =$(DL_FILE) \ - openswan-2.4.6.kernel-2.6-natt.patch.gz \ + openswan-2.4.7.kernel-2.6-natt.patch.gz \ + openswan-2.4.7.kernel-2.6-klips.patch.gz \ iptables-1.3.5.tar.bz2 \ - patch-o-matic-ng-20060206.tar.bz2 \ + patch-o-matic-ng-20061210.tar.bz2 \ kbc_option_2420.patch \ net4801.kernel.patch_2.4.31 \ netfilter-layer7-v2.6.tar.gz \ @@ -62,8 +59,9 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) patch-$(PATCHLEVEL).gz = $(DL_FROM)/patch-$(PATCHLEVEL).gz -openswan-2.4.6.kernel-2.6-natt.patch.gz = $(URL_IPFIRE)/openswan-2.4.6.kernel-2.6-natt.patch.gz -patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2 +openswan-2.4.7.kernel-2.6-natt.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-natt.patch.gz +openswan-2.4.7.kernel-2.6-klips.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-klips.patch.gz +patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2 iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2 kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31 @@ -71,8 +69,9 @@ netfilter-layer7-v2.6.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz $(DL_FILE)_MD5 = 50695965725367f39007023feac5e256 patch-$(PATCHLEVEL).gz_MD5 = 4b09dd018286850c20c0f051ced7b583 -openswan-2.4.6.kernel-2.6-natt.patch.gz_MD5 = 398110db4372ea3acc45bd66d6d86eac -patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566 +openswan-2.4.7.kernel-2.6-natt.patch.gz_MD5 = 980d8bbdb29a761b7f5aa852f373df62 +openswan-2.4.7.kernel-2.6-klips.patch.gz_MD5 = 5df0ffa2453488a407a23fc4ea4af879 +patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393 iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5 kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60 net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04 @@ -106,6 +105,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + + # Update kernel to latest patchlevel cd $(DIR_APP) && zcat $(DIR_DL)/patch-$(PATCHLEVEL).gz | patch -p1 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.16.27-utf8_input-1.patch # Remove patch level in EXTRAVERSION. @@ -113,86 +114,67 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # (installed in a different place) if only one part could be updated cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile + cd $(DIR_APP) && sed -i -e 's/gettext//' scripts/kconfig/lkc.h - # Openswan-2 - # cd $(DIR_SRC) && zcat $(DIR_DL)/openswan-2.4.6.kernel-2.6-natt.patch.gz | patch -Np0 + # Openswan 2 + cd $(DIR_SRC) && rm -rf openswan-* + cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.7.tar.gz + cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-natt.patch.gz | patch -Np1 + cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-klips.patch.gz | patch -Np1 + cd $(DIR_SRC)/openswan-* && sed -i -e 's/INC_USRLOCAL=\/usr\/local/INC_USRLOCAL=\/usr/' Makefile.inc # Patch-o-matic cd $(DIR_SRC) && rm -rf iptables-* cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2 cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables cd $(DIR_SRC) && rm -rf patch-o-matic* - cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20060206.tar.bz2 + cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2 + + cd $(DIR_SRC)/patch-o-matic-ng* && \ + ./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ --iptables-path=$(ROOT)/usr/src/iptables/ \ + TARPIT h323-conntrack-nat cuseeme-nat \ + sip-conntrack-nat + # rtsp-conntrack-nat quake3-conntrack-nat mms-conntrack-nat # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pending # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ base -# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ h323-conntrack-nat -# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ cuseeme-nat # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ mms-conntrack-nat # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pptp-conntrack-nat # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ rtsp-conntrack # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ quake3-conntrack-nat -# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ sip-conntrack-nat # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ip_queue_vwmark # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipp2p # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-01-output-hooks # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-02-input-hooks # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-03-policy-lookup # cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-04-policy-checks -# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ TARPIT - #layer7-patch + # Layer7-patch cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/for_older_kernels/kernel-2.6.13-2.6.16-layer7-2.2.patch # ip_conntrack permissions from 440 to 444 # cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch -ifeq "$(PASS)" "" +ifeq "$(SMP)" "" # Only do this once on the non-SMP pass cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5 endif - # Olitec isdn gazel patch -# cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.23-olitec-isdn.patch - - # Fix /proc/stat output -# cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/linux-2.4.26-proc-stat.patch - - # Fix libata-core.c - # cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/linux-2.4.26-scsi.patch - - # frandom patch -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-frandom-2.patch - - # Propolice -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.27-ssp-1.patch - - # Support ppp-2.4.3 multilink behavior (terminate when no channel is connected) - # need updated libpcap older than 0.8.3 - # cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ppp_generic-ppp-2.4.3_multilink.patch - - # R8169 clone D-link GSE-528T -# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.4.29_r8169clone.patch - - # bootsplash + # Bootsplash cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bootsplash-3.1.6-2.6.15.diff # Cleanup kernel source cd $(DIR_APP) && make mrproper -ifeq "$(PASS)" "" + +ifeq "$(SMP)" "" cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE) $(DIR_APP)/.config endif -ifeq "$(PASS)" "S" +ifeq "$(SMP)" "1" cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).smp $(DIR_APP)/.config endif -ifeq "$(PASS)" "I" - cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).installer $(DIR_APP)/.config - cd $(DIR_APP) && sed -i -e 's/-O2/-Os/g' Makefile -endif cd $(DIR_APP) && make CC="$(KGCC)" oldconfig - cd $(DIR_APP) && make CC="$(KGCC)" dep cd $(DIR_APP) && make CC="$(KGCC)" clean if [ "$(PASS)" = "" ]; then \ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \ @@ -203,6 +185,8 @@ endif ln -sf System.map-$(VER) /boot/System.map; \ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \ + cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \ + cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \ elif [ "$(PASS)" = "S" ]; then \ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =/EXTRAVERSION\ =\ -smp/' Makefile; \ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \ @@ -212,42 +196,16 @@ endif ln -sf vmlinuz-$(VER)-smp /boot/vmlinuz-smp; \ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \ - elif [ "$(PASS)" = "I" ]; then \ - cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \ - cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-installer; \ - cd $(DIR_APP) && cp -v .config /boot/config-$(VER); \ + cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \ + cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \ fi + # remove symlinked pcmcia directory -ifeq "$(PASS)" "" +ifeq "$(SMP)" "" rm -rf /lib/modules/$(VER)/pcmcia - find /lib/modules/$(VER)/ -name '*.o' -a -type f | xargs gzip -f9 - - # Move these SCSI drivers into same directory for probescsi.sh - mv -f /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx/* /lib/modules/$(VER)/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aic7xxx - mv -f /lib/modules/$(VER)/kernel/drivers/scsi/aacraid/* /lib/modules/$(VER)/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/aacraid - mv -f /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)/kernel/drivers/scsi/sym53c8xx_2 endif -ifeq "$(PASS)" "S" +ifeq "$(SMP)" "1" rm -rf /lib/modules/$(VER)-smp/pcmcia - find /lib/modules/$(VER)-smp/ -name '*.o' -a -type f | xargs gzip -f9 - - # Move these SCSI drivers into same directory for probescsi.sh - mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx/* /lib/modules/$(VER)-smp/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aic7xxx - mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid/* /lib/modules/$(VER)-smp/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/aacraid - mv -f /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2/* /lib/modules/$(VER)-smp/kernel/drivers/scsi - rm -rf /lib/modules/$(VER)-smp/kernel/drivers/scsi/sym53c8xx_2 -endif - -ifeq "$(PASS)" "" - # Only do this once on the non-SMP pass - # cd $(DIR_APP) && make mandocs - #-mkdir -p /usr/share/man/man9/ - #cd $(DIR_APP) && cp -af Documentation/man/* /usr/share/man/man9/ endif @rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* @$(POSTBUILD) diff --git a/lfs/openswan b/lfs/openswan index 16565db11f..3fee13ff1c 100644 --- a/lfs/openswan +++ b/lfs/openswan @@ -26,7 +26,7 @@ include Config -VER = 2.4.6 +VER = 2.4.7 THISAPP = openswan-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b34d71ca49dedad017879b0e912d40dd +$(DL_FILE)_MD5 = 70f22e8adc39e07a165f75eccb7cd079 install : $(TARGET) diff --git a/make.sh b/make.sh index 24864c3ab2..fdd425d4af 100644 --- a/make.sh +++ b/make.sh @@ -324,8 +324,7 @@ buildipfire() { ipfiremake ppp ipfiremake rp-pppoe ipfiremake unzip -# ipfiremake linux PASS=I # Can we remove the installer kernel? - ipfiremake linux PASS=S + ipfiremake linux SMP=1 # ipfiremake 3cp4218 PASS=SMP # ipfiremake amedyn PASS=SMP # ipfiremake cxacru PASS=SMP diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall new file mode 100644 index 0000000000..c1c0c7e712 --- /dev/null +++ b/src/initscripts/init.d/firewall @@ -0,0 +1,295 @@ +#!/bin/sh + +eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings) +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) +IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'` + +if [ -f /var/ipfire/red/device ]; then + DEVICE=`/bin/cat /var/ipfire/red/device 2> /dev/null | /usr/bin/tr -d '\012'` +fi + +iptables_init() { + # Flush all rules and delete all custom chains + /sbin/iptables -F + /sbin/iptables -t nat -F + /sbin/iptables -t mangle -F + /sbin/iptables -X + /sbin/iptables -t nat -X + /sbin/iptables -t mangle -X + + # Set up policies + /sbin/iptables -P INPUT DROP + /sbin/iptables -P FORWARD DROP + /sbin/iptables -P OUTPUT ACCEPT + + # Empty LOG_DROP and LOG_REJECT chains + /sbin/iptables -N LOG_DROP + /sbin/iptables -A LOG_DROP -m limit --limit 10/minute -j LOG + /sbin/iptables -A LOG_DROP -j DROP + /sbin/iptables -N LOG_REJECT + /sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG + /sbin/iptables -A LOG_REJECT -j REJECT + + # This chain will log, then DROPs packets with certain bad combinations + # of flags might indicate a port-scan attempt (xmas, null, etc) + /sbin/iptables -N PSCAN + /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? " + /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? " + /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? " + /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? " + /sbin/iptables -A PSCAN -j DROP + + # New tcp packets without SYN set - could well be an obscure type of port scan + # that's not covered above, may just be a broken windows machine + /sbin/iptables -N NEWNOTSYN + /sbin/iptables -A NEWNOTSYN -m limit --limit 10/minute -j LOG --log-prefix "NEW not SYN? " + /sbin/iptables -A NEWNOTSYN -j DROP + + # Chain to contain all the rules relating to bad TCP flags + /sbin/iptables -N BADTCP + + # Disallow packets frequently used by port-scanners + # nmap xmas + /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN + # Null + /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN + # FIN + /sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN + # SYN/RST (also catches xmas variants that set SYN+RST+...) + /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN + # SYN/FIN (QueSO or nmap OS probe) + /sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN + # NEW TCP without SYN + /sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN + + /sbin/iptables -A INPUT -j BADTCP + /sbin/iptables -A FORWARD -j BADTCP + +} + +iptables_red() { + /sbin/iptables -F REDINPUT + /sbin/iptables -F REDFORWARD + /sbin/iptables -t nat -F REDNAT + + # PPPoE / PPTP Device + if [ "$IFACE" != "" ]; then + # PPPoE / PPTP + if [ "$DEVICE" != "" ]; then + /sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT + fi + if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then + if [ "$RED_DEV" != "" ]; then + /sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT + fi + fi + fi + + # PPTP over DHCP + if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then + /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT + /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT + fi + + # Orange pinholes + if [ "$ORANGE_DEV" != "" ]; then + # This rule enables a host on ORANGE network to connect to the outside + # (only if we have a red connection) + if [ "$IFACE" != "" ]; then + /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT + /sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT + fi + fi + + if [ "$IFACE" != "" -a -f /var/ipfire/red/active ]; then + # DHCP + if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then + /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + fi + if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then + /sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + fi + + # Outgoing masquerading + /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE + + fi +} + +# See how we were called. +case "$1" in + start) + iptables_init + + # Limit Packets- helps reduce dos/syn attacks + # original do nothing line + #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec + # the correct one, but the negative '!' do nothing... + #/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP + + # Fix for braindead ISP's + /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + + # CUSTOM chains, can be used by the users themselves + /sbin/iptables -N CUSTOMINPUT + /sbin/iptables -A INPUT -j CUSTOMINPUT + /sbin/iptables -N CUSTOMFORWARD + /sbin/iptables -A FORWARD -j CUSTOMFORWARD + /sbin/iptables -N CUSTOMOUTPUT + /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT + /sbin/iptables -t nat -N CUSTOMPREROUTING + /sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING + /sbin/iptables -t nat -N CUSTOMPOSTROUTING + /sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING + + # filtering from GUI + /sbin/iptables -N GUIINPUT + /sbin/iptables -A INPUT -j GUIINPUT + + # Accept everything connected + /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT + + # localhost and ethernet. + /sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT + /sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo + /sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP + /sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT + /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP + /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP + /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp + /sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT + + # If a host on orange tries to initiate a connection to IPFire's red IP and + # the connection gets DNATed back through a port forward to a server on orange + # we end up with orange -> orange traffic passing through IPFire + [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT + + # accept all traffic from ipsec interfaces + /sbin/iptables -A INPUT -i ipsec+ -j ACCEPT + /sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT + + # allow DHCP on BLUE to be turned on/off + /sbin/iptables -N DHCPBLUEINPUT + /sbin/iptables -A INPUT -j DHCPBLUEINPUT + + # IPSec chains + /sbin/iptables -N IPSECRED + /sbin/iptables -A INPUT -j IPSECRED + /sbin/iptables -N IPSECBLUE + /sbin/iptables -A INPUT -j IPSECBLUE + + # WIRELESS chains + /sbin/iptables -N WIRELESSINPUT + /sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT + /sbin/iptables -N WIRELESSFORWARD + /sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD + + # RED chain, used for the red interface + /sbin/iptables -N REDINPUT + /sbin/iptables -A INPUT -j REDINPUT + /sbin/iptables -N REDFORWARD + /sbin/iptables -A FORWARD -j REDFORWARD + /sbin/iptables -t nat -N REDNAT + /sbin/iptables -t nat -A POSTROUTING -j REDNAT + + iptables_red + + # DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow + # ORANGE to talk to GREEN / BLUE. + /sbin/iptables -N DMZHOLES + if [ "$ORANGE_DEV" != "" ]; then + /sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES + fi + + # XTACCESS chain, used for external access + /sbin/iptables -N XTACCESS + /sbin/iptables -A INPUT -m state --state NEW -j XTACCESS + + # PORTFWACCESS chain, used for portforwarding + /sbin/iptables -N PORTFWACCESS + /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS + + # Custom prerouting chains (for transparent proxy and port forwarding) + /sbin/iptables -t nat -N SQUID + /sbin/iptables -t nat -A PREROUTING -j SQUID + /sbin/iptables -t nat -N PORTFW + /sbin/iptables -t nat -A PREROUTING -j PORTFW + + + # Custom mangle chain (for port fowarding) + /sbin/iptables -t mangle -N PORTFWMANGLE + /sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE + + # Postrouting rules (for port forwarding) + /sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \ + --to-source $GREEN_ADDRESS + if [ "$BLUE_DEV" != "" ]; then + /sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS + fi + if [ "$ORANGE_DEV" != "" ]; then + /sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS + fi + + # run openvpn + /usr/local/bin/openvpnctrl --create-chains-and-rules + + # run local firewall configuration, if present + if [ -x /etc/sysconfig/firewall.local ]; then + /etc/sysconfig/firewall.local start + fi + + # last rule in input and forward chain is for logging. + /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT " + /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT " + ;; + stop) + iptables_init + # Accept everyting connected + /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + + # localhost and ethernet. + /sbin/iptables -A INPUT -i lo -j ACCEPT + /sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT + + if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then + /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + fi + if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then + /sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + /sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT + fi + + # stop openvpn + /usr/local/bin/openvpnctrl --delete-chains-and-rules + + # run local firewall configuration, if present + if [ -x /etc/sysconfig/firewall.local ]; then + /etc/sysconfig/firewall.local stop + fi + + /sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT " + /sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT " + ;; + reload) + iptables_red + + # run local firewall configuration, if present + if [ -x /etc/sysconfig/firewall.local ]; then + /etc/sysconfig/firewall.local reload + fi + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 {start|stop|reload|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/src/initscripts/init.d/network b/src/initscripts/init.d/network index d392c16f48..8c989cc7c2 100644 --- a/src/initscripts/init.d/network +++ b/src/initscripts/init.d/network @@ -82,7 +82,7 @@ case "${1}" in fi boot_mesg "Setting up IPFire firewall rules" - /etc/rc.d/rc.firewall start + /etc/rc.d/init.d/firewall start evaluate_retval boot_mesg "Setting up IP Accounting" /etc/rc.d/helper/writeipac.pl diff --git a/src/initscripts/sysconfig/clock b/src/initscripts/sysconfig/clock index d5d1c2f5dc..ed6f78bfe2 100644 --- a/src/initscripts/sysconfig/clock +++ b/src/initscripts/sysconfig/clock @@ -1,5 +1,5 @@ # Begin /etc/sysconfig/clock -UTC=1 +UTC=0 # End /etc/sysconfig/clock diff --git a/src/initscripts/sysconfig/firewall.local b/src/initscripts/sysconfig/firewall.local new file mode 100644 index 0000000000..5e4677fd98 --- /dev/null +++ b/src/initscripts/sysconfig/firewall.local @@ -0,0 +1,20 @@ +#!/bin/sh +# Used for private firewall rules + +# See how we were called. +case "$1" in + start) + ## add your 'start' rules here + ;; + stop) + ## add your 'stop' rules here + ;; + reload) + $0 stop + $0 start + ## add your 'reload' rules here + ;; + *) + echo "Usage: $0 {start|stop|reload}" + ;; +esac diff --git a/src/initscripts/sysconfig/network b/src/initscripts/sysconfig/network index 3061057909..87059165b9 100644 --- a/src/initscripts/sysconfig/network +++ b/src/initscripts/sysconfig/network @@ -1 +1 @@ -HOSTNAME=ipfirebox +HOSTNAME=ipfire diff --git a/src/install+setup/install/main.c b/src/install+setup/install/main.c index f3d665f2c6..9e6443f7df 100644 --- a/src/install+setup/install/main.c +++ b/src/install+setup/install/main.c @@ -14,7 +14,7 @@ #define CDROM_INSTALL 0 #define URL_INSTALL 1 #define DISK_INSTALL 2 -#define INST_FILECOUNT 6600 +#define INST_FILECOUNT 5600 #define UNATTENDED_CONF "/cdrom/boot/unattended.conf" int raid_disk = 0; @@ -108,8 +108,6 @@ int unattended_setup(struct keyvalue *unattendedkv) { char green_broadcast[STRING_SIZE]; char root_password[STRING_SIZE]; char admin_password[STRING_SIZE]; - char serial_console[STRING_SIZE]; - char reversesort[STRING_SIZE]; findkey(unattendedkv, "DOMAINNAME", domainname); findkey(unattendedkv, "HOSTNAME", hostname); @@ -122,8 +120,6 @@ int unattended_setup(struct keyvalue *unattendedkv) { findkey(unattendedkv, "GREEN_BROADCAST", green_broadcast); findkey(unattendedkv, "ROOT_PASSWORD", root_password); findkey(unattendedkv, "ADMIN_PASSWORD", admin_password); - findkey(unattendedkv, "SERIAL_CONSOLE", serial_console); - findkey(unattendedkv, "REVERSE_NICS", reversesort); /* write main/settings. */ replacekeyvalue(mainsettings, "DOMAINNAME", domainname); @@ -138,7 +134,6 @@ int unattended_setup(struct keyvalue *unattendedkv) { fprintf(flog, "unattended: Starting setup\n"); /* network */ - fprintf(flog, "unattended: setting up network configuration\n"); (void) readkeyvalues(ethernetkv, "/harddisk" CONFIG_ROOT "/ethernet/settings"); @@ -164,7 +159,7 @@ int unattended_setup(struct keyvalue *unattendedkv) { return 0; } fprintf(file, "ServerName %s\n", hostname); - fclose(file); + fclose(file); fprintf(flog, "unattended: writing hosts\n"); if (!(hosts = fopen("/harddisk/etc/hosts", "w"))) @@ -174,7 +169,7 @@ int unattended_setup(struct keyvalue *unattendedkv) { } fprintf(hosts, "127.0.0.1\tlocalhost\n"); fprintf(hosts, "%s\t%s.%s\t%s\n", green_address, hostname, domainname, hostname); - fclose(hosts); + fclose(hosts); fprintf(flog, "unattended: writing hosts.allow\n"); if (!(file = fopen("/harddisk/etc/hosts.allow", "w"))) @@ -196,47 +191,24 @@ int unattended_setup(struct keyvalue *unattendedkv) { fprintf(file, "ALL : ALL\n"); fclose(file); - if (strcmp(serial_console, "yes") != 0) { - snprintf(commandstring, STRING_SIZE, - "/sbin/chroot /harddisk /bin/sed -i -e \"s/^s0/#s0/\" /etc/inittab"); - if (mysystem(commandstring)) { - errorbox("unattended: ERROR modifying inittab"); - return 0; - } - - snprintf(commandstring, STRING_SIZE, - "/sbin/chroot /harddisk /bin/sed -i -e \"s/^serial/#serial/; s/^terminal/#terminal/\" /boot/grub/grub.conf"); - if (mysystem(commandstring)) { - errorbox("unattended: ERROR modifying inittab"); - return 0; - } - } - - /* set reverse sorting of interfaces */ - if (strcmp(reversesort, "yes") == 0) { - mysystem("/bin/touch /harddisk/var/ipfire/ethernet/reverse_nics"); - } - /* set root password */ fprintf(flog, "unattended: setting root password\n"); - snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /bin/sh -c \"echo 'root:%s' | /usr/sbin/chpasswd\"", root_password); if (mysystem(commandstring)) { errorbox("unattended: ERROR setting root password"); return 0; } - + /* set admin password */ fprintf(flog, "unattended: setting admin password\n"); snprintf(commandstring, STRING_SIZE, - "/sbin/chroot /harddisk /usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password); + "/sbin/chroot /harddisk /usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", admin_password); if (mysystem(commandstring)) { errorbox("unattended: ERROR setting admin password"); - return 0; + return 0; } - - return 1; + return 1; } int main(int argc, char *argv[]) @@ -849,8 +821,18 @@ EXIT: printf("Unable to mount proc in /harddisk."); else { - if (system("/sbin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL")) - printf("Unable to run setup.\n"); + + if (!unattended) { + if (system("/bin/chroot /harddisk /usr/local/sbin/setup /dev/tty2 INSTALL")) + printf("Unable to run setup.\n"); + } + else { + fprintf(flog, "Entering unattended setup\n"); + unattended_setup(unattendedkv); + snprintf(commandstring, STRING_SIZE, "/bin/sleep 10"); + runcommandwithstatus(commandstring, "Unattended installation finished, system will reboot"); + } + if (system("/bin/umount /harddisk/proc")) printf("Unable to umount /harddisk/proc.\n"); } @@ -858,7 +840,15 @@ EXIT: fcloseall(); - system("/sbin/swapoff /harddisk/swapfile"); + if (swap_file) { + if (raid_disk) + snprintf(commandstring, STRING_SIZE, "/bin/swapoff %sp2", hdparams.devnode); + else + snprintf(commandstring, STRING_SIZE, "/bin/swapoff %s2", hdparams.devnode); + } + + newtFinished(); + system("/bin/umount /harddisk/var"); system("/bin/umount /harddisk/boot"); system("/bin/umount /harddisk"); -- 2.39.2