From 5595bc0381fe971b538ddd0b7cf3bf4a9f31832c Mon Sep 17 00:00:00 2001
From: maniacikarus <maniacikarus@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Date: Fri, 28 Dec 2007 16:22:35 +0000
Subject: [PATCH] pakfire cgi not refreshes after upgrades readded firewall
 options to disbale drop logging added log option for outgoing fw mode 1
 cleaned kernel log from firewall messages change firewall init script because
 of changes added samba cgi ability to change charsets started core update
 number 4

git-svn-id: http://svn.ipfire.org/svn/ipfire/branches/2.1/trunk@1132 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
---
 config/menu/50-firewall.menu                  |   6 ++
 config/rootfiles/core/4/files                 |  11 ++
 config/rootfiles/core/4/meta                  |   1 +
 config/rootfiles/core/4/update.sh             |   4 +
 doc/language_issues.de                        |   2 -
 doc/language_issues.en                        |   2 -
 html/cgi-bin/logs.cgi/firewalllog.dat         |   2 +-
 html/cgi-bin/logs.cgi/log.dat                 |  38 ++++---
 html/cgi-bin/logs.cgi/showrequestfromip.dat   |   3 +-
 html/cgi-bin/logs.cgi/showrequestfromport.dat |   3 +-
 html/cgi-bin/optionsfw.cgi                    | 101 ++++++++++++++++++
 html/cgi-bin/outgoingfw.cgi                   |  23 ++++
 html/cgi-bin/pakfire.cgi                      |   3 +
 html/cgi-bin/samba.cgi                        |  15 ++-
 langs/de/cgi-bin/de.pl                        |   8 ++
 langs/en/cgi-bin/en.pl                        |   8 ++
 lfs/configroot                                |   7 +-
 lfs/samba                                     |   2 +-
 src/initscripts/init.d/firewall               |  42 +++++---
 19 files changed, 234 insertions(+), 47 deletions(-)
 create mode 100644 config/rootfiles/core/4/files
 create mode 100644 config/rootfiles/core/4/meta
 create mode 100644 config/rootfiles/core/4/update.sh
 create mode 100644 html/cgi-bin/optionsfw.cgi

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 69357b7a07..02b9045f22 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -34,3 +34,9 @@
 				'title' => "Universal Plug and Play",
 				'enabled' => 0,
 				};
+    $subfirewall->{'60.optingsfw'} = {
+				'caption' => $Lang::tr{'options fw'},
+				'uri' => '/cgi-bin/optionsfw.cgi',
+				'title' => "$Lang::tr{'options fw'}",
+				'enabled' => 1,
+				};
diff --git a/config/rootfiles/core/4/files b/config/rootfiles/core/4/files
new file mode 100644
index 0000000000..c4f79caf42
--- /dev/null
+++ b/config/rootfiles/core/4/files
@@ -0,0 +1,11 @@
+etc/inid.d/firewall
+var/ipfire/langs
+var/ipfire/optionsfw/settings
+var/ipfire/menu.d/50-firewall.menu
+srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/cgi-bin/outgoingfw.cgi
+srv/web/ipfire/cgi-bin/optionsfw.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromip.dat
+srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromport.dat
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
diff --git a/config/rootfiles/core/4/meta b/config/rootfiles/core/4/meta
new file mode 100644
index 0000000000..d547fa86fa
--- /dev/null
+++ b/config/rootfiles/core/4/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/4/update.sh b/config/rootfiles/core/4/update.sh
new file mode 100644
index 0000000000..649eb261bf
--- /dev/null
+++ b/config/rootfiles/core/4/update.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+. /opt/pakfire/lib/functions.sh
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+extract_files
diff --git a/doc/language_issues.de b/doc/language_issues.de
index fe91cbcb2d..36021aa2f2 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -239,7 +239,6 @@ WARNING: translation string unused: net config type help
 WARNING: translation string unused: net-traffic configuration
 WARNING: translation string unused: network configuration
 WARNING: translation string unused: network status information
-WARNING: translation string unused: new optionsfw later
 WARNING: translation string unused: new optionsfw must boot
 WARNING: translation string unused: no alcatelusb firmware
 WARNING: translation string unused: no cfg upload
@@ -255,7 +254,6 @@ WARNING: translation string unused: only red
 WARNING: translation string unused: openvpn client
 WARNING: translation string unused: openvpn server
 WARNING: translation string unused: optional data
-WARNING: translation string unused: options fw
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
diff --git a/doc/language_issues.en b/doc/language_issues.en
index a912343a17..613786130c 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -266,7 +266,6 @@ WARNING: translation string unused: net config type help
 WARNING: translation string unused: net-traffic configuration
 WARNING: translation string unused: network configuration
 WARNING: translation string unused: network status information
-WARNING: translation string unused: new optionsfw later
 WARNING: translation string unused: new optionsfw must boot
 WARNING: translation string unused: no alcatelusb firmware
 WARNING: translation string unused: no cfg upload
@@ -283,7 +282,6 @@ WARNING: translation string unused: only red
 WARNING: translation string unused: openvpn client
 WARNING: translation string unused: openvpn server
 WARNING: translation string unused: optional data
-WARNING: translation string unused: options fw
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 2812d435e6..5979a76791 100644
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -333,7 +333,7 @@ foreach $_ (@log)
         my $comment = $3; 
         my $packet = $4;
 
-        $packet =~ /IN=(\w+)/;       my $iface=$1;
+        $packet =~ /IN=(\w+)/;       my $iface=$1; if ( $1 eq "27" ){ $iface="";}
         $packet =~ /SRC=([\d\.]+)/;  my $srcaddr=$1;
         $packet =~ /DST=([\d\.]+)/;  my $dstaddr=$1;
         $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat
index 5a2ef9b527..3c408a78fa 100644
--- a/html/cgi-bin/logs.cgi/log.dat
+++ b/html/cgi-bin/logs.cgi/log.dat
@@ -12,8 +12,8 @@
 use strict;
 
 # enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
@@ -50,21 +50,20 @@ my $year = $now[5]+1900;
 $cgiparams{'DAY'} = $now[3];
 $cgiparams{'MONTH'} = $now[4];
 $cgiparams{'ACTION'} = '';
-$cgiparams{'SECTION'} = 'ipfire';
+$cgiparams{'SECTION'} = 'kernel';
 
 my %sections = (
-        'ipfire' => '(ipfire)',
-        'red' => '(red.*|kernel: usb.*|pppd\[.*\]|chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|kernel: eth.*|dhcpcd\[.*\]|modem_run\[.*\])',
-        'dns' => '(dnsmasq\[.*\])',
-        'dhcp' => '(dhcpd)',
-        'cron' => '(fcron\[.*\])',
-        'ntp' => '(ntpd(?:ate)?\[.*\])',
-        'ssh' => '(sshd(?:\(.*\))?\[.*\])',
-        'auth' => '(\w+\(pam_unix\)\[.*\])',
-        'kernel' => '(kernel)',
-        'ipsec' => '(ipsec_[\w_]+|pluto\[.*\]|vpnwatch)',
-        'snort' => '(snort)',
-        'openvpn' => '(openvpnserver)\[.*\]'
+        'ipfire' => '(ipfire: )',
+        'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
+        'dns' => '(dnsmasq\[.*\]: )',
+        'dhcp' => '(dhcpd: )',
+        'cron' => '(fcron\[.*\]: )',
+        'ntp' => '(ntpd(?:ate)?\[.*\]: )',
+        'ssh' => '(sshd(?:\(.*\))?\[.*\]: )',
+        'auth' => '(\w+\(pam_unix\)\[.*\]: )',
+        'kernel' => '(kernel: (?!DROP-))',
+        'ipsec' => '(ipsec_[\w_]+: |pluto\[.*\]: |vpnwatch: )',
+        'openvpn' => '(openvpnserver)\[.*\]: '
 	 );
 
 # Translations for the %sections array.
@@ -80,7 +79,6 @@ my %trsections = (
         'kernel' => "$Lang::tr{'kernel'}",
         'ipsec' => 'IPSec',
         'openvpn' => 'OpenVPN',
-        'snort' => 'Snort'
 	);
 
 
@@ -197,7 +195,7 @@ while ($gzindex >=0 && $loop) {
 	    #&General::log("reading $filestr");
 	    READ:while (<FILE>) {
 		my $line = $_;
-	 	if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ ${section}: (.*)/) {
+	 	if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ ${section}(.*)/) {
 		    # when standart viewing, just keep in memory the correct slice
 		    # it starts a '$start' and size is $viewport
 		    # If export, then keep all lines...
@@ -242,11 +240,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
 
 	foreach $_ (@log)
 	{
-		/^... (..) (..:..:..) [\w\-]+ ${section}: (.*)$/;
+		/^... (..) (..:..:..) [\w\-]+ ${section}(.*)$/;
 		my $day =  $1;
 		$day =~ tr / /0/;
 		my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
-		print "$time $3 $4\r\n";
+  print "$time $3 $4\r\n";
 	}
 	exit 0;
 }
@@ -365,7 +363,7 @@ $lines = 0;
 #print '<tt>';
 foreach $_ (@log)
 {
-	/^... (..) (..:..:..) [\w\-]+ ${section}: (.*)$/;
+	/^... (..) (..:..:..) [\w\-]+ ${section}(.*)$/;
 	my $day =  $1;
 	$day =~ tr / /0/;
 	my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat
index 0e8a71fb5a..7aa5c0552f 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
@@ -306,7 +306,7 @@ foreach $_ (@slice)
 	$timestamp =~ /(...) (..) (..:..:..)/;
 	my $month = $1; my $day = $2; my $time = $3;
 
-	if ($a =~ /IN\=(\w+)/) { $in = $1; }
+	if ($a =~ /IN\=(\w+)/) { $iface = $1; }
 	if ($a =~ /OUT\=(\w+)/) { $out = $1; }
 	if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
 	if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
@@ -314,7 +314,6 @@ foreach $_ (@slice)
 	my $protostrlc = lc($protostr);
 	if ($a =~  /SPT\=([\d\.]+)/){ $srcport = $1; }
 	if ($a =~  /DPT\=([\d\.]+)/){ $dstport = $1; }
-	$a =~ /IN=(\w+)/;       my $iface=$1;
 
 	if ($lines % 2) {
 		print "<tr bgcolor='${Header::table1colour}'>\n"; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat
index bf8fe581ca..6103431322 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
@@ -312,7 +312,7 @@ foreach $_ (@slice)
 	$timestamp =~ /(...) (..) (..:..:..)/;
 	my $month = $1; my $day = $2; my $time = $3;
 
-	if ($a =~ /IN\=(\w+)/) { $in = $1; }
+	if ($a =~ /IN\=(\w+)/) { $iface = $1; }
 	if ($a =~ /OUT\=(\w+)/) { $out = $1; }
 	if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
 	if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
@@ -320,7 +320,6 @@ foreach $_ (@slice)
 	my $protostrlc = lc($protostr);
 	if ($a =~  /SPT\=([\d\.]+)/){ $srcport = $1; }
 	if ($a =~  /DPT\=([\d\.]+)/){ $dstport = $1; }
-	$a =~ /IN=(\w+)/;       my $iface=$1;
 
 	if ($lines % 2) {
 		print "<tr bgcolor='${Header::table1colour}'>\n"; }
diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
new file mode 100644
index 0000000000..de68fea4e5
--- /dev/null
+++ b/html/cgi-bin/optionsfw.cgi
@@ -0,0 +1,101 @@
+#!/usr/bin/perl
+#
+# SmoothWall CGIs
+#
+# This code is distributed under the terms of the GPL
+#
+# (c) The SmoothWall Team
+#
+# Copyright (C) 01-02-2002 Graham Smith <grhm@grhm.co.uk>
+#
+# $Id: optionsfw.cgi,v 1.1.2.10 2005/10/03 00:34:10 gespinasse Exp $
+#
+#
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+
+my %checked =();     # Checkbox manipulations
+
+# File used
+my $filename = "${General::swroot}/optionsfw/settings";
+
+our %settings=();
+$settings{'DISABLEPING'} = 'NO';
+$settings{'DROPNEWNOTSYN'} = 'on';
+$settings{'DROPINPUT'} = 'on';
+$settings{'DROPOUTPUT'} = 'on';
+$settings{'DROPPORTSCAN'} = 'on';
+
+my $errormessage = '';
+my $warnmessage = '';
+
+&Header::showhttpheaders();
+
+#Get GUI values
+&Header::getcgihash(\%settings);
+
+if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+	 $errormessage = $Lang::tr{'new optionsfw later'};
+	 delete $settings{'__CGI__'};delete $settings{'x'};delete $settings{'y'};
+	 &General::writehash($filename, \%settings);             # Save good settings
+   } else {
+	 &General::readhash($filename, \%settings);                      # Get saved settings and reset to good if needed
+	 }
+
+&Header::openpage($Lang::tr{'options fw'}, 1, '');
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+if ($errormessage) {
+        &Header::openbox('100%', 'left', $Lang::tr{'warning messages'});
+        print "<font color='red'>$errormessage&nbsp;</font>";
+        &Header::closebox();
+}
+
+$checked{'DROPNEWNOTSYN'}{'off'} = '';
+$checked{'DROPNEWNOTSYN'}{'on'} = '';
+$checked{'DROPNEWNOTSYN'}{$settings{'DROPNEWNOTSYN'}} = "checked='checked'";
+$checked{'DROPINPUT'}{'off'} = '';
+$checked{'DROPINPUT'}{'on'} = '';
+$checked{'DROPINPUT'}{$settings{'DROPINPUT'}} = "checked='checked'";
+$checked{'DROPOUTPUT'}{'off'} = '';
+$checked{'DROPOUTPUT'}{'on'} = '';
+$checked{'DROPOUTPUT'}{$settings{'DROPOUTPUT'}} = "checked='checked'";
+$checked{'DROPPORTSCAN'}{'off'} = '';
+$checked{'DROPPORTSCAN'}{'on'} = '';
+$checked{'DROPPORTSCAN'}{$settings{'DROPPORTSCAN'}} = "checked='checked'";
+
+&Header::openbox('100%', 'center', $Lang::tr{'options fw'});
+print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";
+
+print <<END
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+<table width='95%' cellspacing='0'>
+<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'drop newnotsyn'}</td><td align='left'>on <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/
+																						<input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> off</td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'drop input'}</td><td align='left'>on <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
+																						<input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> off</td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'drop output'}</td><td align='left'>on <input type='radio' name='DROPOUTPUT' value='on' $checked{'DROPOUTPUT'}{'on'} />/
+																						<input type='radio' name='DROPOUTPUT' value='off' $checked{'DROPOUTPUT'}{'off'} /> off</td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'drop portscan'}</td><td align='left'>on <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
+																						<input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> off</td></tr>
+</table>
+<br />
+<table width='10%' cellspacing='0'>
+<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+												<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
+												<input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td></tr>
+</table>
+</form>
+END
+;
+&Header::closebox();
+&Header::closebigbox();
+&Header::closepage();
diff --git a/html/cgi-bin/outgoingfw.cgi b/html/cgi-bin/outgoingfw.cgi
index 013f6005ee..dcb96b9372 100644
--- a/html/cgi-bin/outgoingfw.cgi
+++ b/html/cgi-bin/outgoingfw.cgi
@@ -71,10 +71,15 @@ $outfwsettings{'DISPLAY_DPORT'} = '';
 $outfwsettings{'DISPLAY_SMAC'} = '';
 $outfwsettings{'DISPLAY_SIP'} = '';
 $outfwsettings{'POLICY'} = 'MODE0';
+$outfwsettings{'MODE1LOG'} = 'off';
 
 &General::readhash("${General::swroot}/outgoing/settings", \%outfwsettings);
 &Header::getcgihash(\%outfwsettings);
 
+$checked{'MODE1LOG'}{'off'} = '';
+$checked{'MODE1LOG'}{'on'} = '';
+$checked{'MODE1LOG'}{$outfwsettings{'MODE1LOG'}} = "checked='checked'";
+
 if ($outfwsettings{'POLICY'} eq 'MODE0'){ $selected{'POLICY'}{'MODE0'} = 'selected'; } else { $selected{'POLICY'}{'MODE0'} = ''; }
 if ($outfwsettings{'POLICY'} eq 'MODE1'){ $selected{'POLICY'}{'MODE1'} = 'selected'; } else { $selected{'POLICY'}{'MODE1'} = ''; }
 if ($outfwsettings{'POLICY'} eq 'MODE2'){ $selected{'POLICY'}{'MODE2'} = 'selected'; } else { $selected{'POLICY'}{'MODE2'} = ''; }
@@ -98,8 +103,10 @@ if ($outfwsettings{'ACTION'} eq $Lang::tr{'reset'})
 if ($outfwsettings{'ACTION'} eq $Lang::tr{'save'})
 {
 	my $MODE = $outfwsettings{'POLICY'};
+	my $MODE1LOG = $outfwsettings{'MODE1LOG'};
 	%outfwsettings = ();
 	$outfwsettings{'POLICY'} = "$MODE";
+	$outfwsettings{'MODE1LOG'} = "$MODE1LOG";
 	&General::writehash("${General::swroot}/outgoing/settings", \%outfwsettings);
 	system("/usr/local/bin/outgoingfwctrl");
 }
@@ -331,6 +338,22 @@ END
 ;
 				}
 			}
+if ($outfwsettings{'POLICY'} eq 'MODE1'){
+print <<END
+					<tr bgcolor='$color{'color20'}'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
+					    <td align='center'>tcp&udp
+					    <td align='center'>all
+					    <td align='center'>ALL
+					    <td align='center'>drop
+					    <td align='center'><img src='/images/stock_stop.png' alt='DENY' />
+					    <td align='center'>on <input type='radio' name='MODE1LOG' value='on' $checked{'MODE1LOG'}{'on'} /><input type='radio' name='MODE1LOG' value='off' $checked{'MODE1LOG'}{'off'} /> off
+					    <td align='center'><input type='hidden' name='ACTION' value=$Lang::tr{'save'} /><input type='image' src='/images/media-floppy.png' width="18" height="18" alt=$Lang::tr{'save'} /></form></tr>
+					     <table border='0' cellpadding='0' cellspacing='0'><tr>
+						<td>
+						<td></table>
+END
+;
+}
 		print <<END
 		</table>
 END
diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi
index cadc23534f..167f48f738 100644
--- a/html/cgi-bin/pakfire.cgi
+++ b/html/cgi-bin/pakfire.cgi
@@ -46,6 +46,8 @@ $pakfiresettings{'AUTOUPDATE'} = 'off';
 $pakfiresettings{'AUTOUPGRADE'} = 'off';
 $pakfiresettings{'UUID'} = 'on';
 
+sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
+
 &Header::getcgihash(\%pakfiresettings);
 
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -141,6 +143,7 @@ END
 } elsif ($pakfiresettings{'ACTION'} eq 'upgrade') {
 
 	system("/usr/local/bin/pakfire upgrade -y --no-colors &>/dev/null");
+	refreshpage();
 
 } elsif ($pakfiresettings{'ACTION'} eq "$Lang::tr{'save'}") {
 
diff --git a/html/cgi-bin/samba.cgi b/html/cgi-bin/samba.cgi
index 1f091a8302..1c1939cfdc 100644
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -90,6 +90,9 @@ $sambasettings{'OTHERINTERFACES'} = '127.0.0.1';
 $sambasettings{'GUESTACCOUNT'} = 'samba';
 $sambasettings{'MAPTOGUEST'} = 'Never';
 $sambasettings{'LOGLEVEL'} = '3 passdb:5 auth:5 winbind:2';
+$sambasettings{'DOSCHARSET'} = 'CP850';
+$sambasettings{'UNIXCHARSET'} = 'UTF8';
+$sambasettings{'DISPLAYCHARSET'} = 'CP850';
 $sambasettings{'SOCKETOPTIONS'} = 'TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE';
 ### Values that have to be initialized
 $sambasettings{'ACTION'} = '';
@@ -151,6 +154,9 @@ if ($sambasettings{'ACTION'} eq 'globalresetyes')
 	$sambasettings{'GUESTACCOUNT'} = 'samba';
 	$sambasettings{'MAPTOGUEST'} = 'Never';
 	$sambasettings{'LOGLEVEL'} = '3 passdb:5 auth:5 winbind:2';
+	$sambasettings{'DOSCHARSET'} = 'CP850';
+	$sambasettings{'UNIXCHARSET'} = 'UTF8';
+	$sambasettings{'DISPLAYCHARSET'} = 'CP850';
 ### Samba CUPS Variablen
 	$sambasettings{'LOADPRINTERS'} = 'Yes';
 	$sambasettings{'PRINTING'} = 'cups';
@@ -256,7 +262,9 @@ fstype = NTFS
 kernel oplocks = false
 map to guest = $sambasettings{'MAPTOGUEST'}
 smb ports = 445 139
-unix charset = CP850
+dos charset = $sambasettings{'DOSCHARSET'}
+unix charset = $sambasettings{'UNIXCHARSET'}
+display charset = $sambasettings{'DISPLAYCHARSET'}
 
 security = $sambasettings{'SECURITY'}
 encrypt passwords = yes
@@ -276,7 +284,7 @@ wins server = $sambasettings{'WINSSRV'}
 
 log file       = /var/log/samba/samba-log.%m
 lock directory = /var/lock/samba
-pid directory = /var/run/
+pid directory  = /var/run/
 log level = $sambasettings{'LOGLEVEL'}
 	
 preferred master = $sambasettings{'PREFERREDMASTER'}
@@ -419,6 +427,9 @@ print <<END
 <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'workgroup'}</td><td align='left'><input type='text' name='WORKGRP' value='$sambasettings{'WORKGRP'}' size="30" /></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'netbios name'}</td><td align='left'><input type='text' name='NETBIOSNAME' value='$sambasettings{'NETBIOSNAME'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'dos charset'}</td><td align='left'><input type='text' name='DOSCHARSET' value='$sambasettings{'DOSCHARSET'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'unix charset'}</td><td align='left'><input type='text' name='UNIXCHARSET' value='$sambasettings{'UNIXCHARSET'}' size="30" /></td></tr>
+<tr><td align='left' width='40%'>$Lang::tr{'display charset'}</td><td align='left'><input type='text' name='DISPLAYCHARSET' value='$sambasettings{'DISPLAYCHARSET'}' size="30" /></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'server string'}</td><td align='left'><input type='text' name='SRVSTRING' value='$sambasettings{'SRVSTRING'}' size="30" /></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'log level'}</td><td align='left'><input type='text' name='LOGLEVEL' value='$sambasettings{'LOGLEVEL'}' size="30" /></td></tr>
 <tr><td align='left' width='40%'>$Lang::tr{'interfaces'}</td><td align='left'>on <input type='radio' name='VPN' value='on' $checked{'VPN'}{'on'} />/
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b8fbd66e4a..a04804ab13 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -609,6 +609,7 @@
 'disk access per' => 'Plattenzugriff je',
 'disk usage' => 'Festplattenbelegung',
 'display' => 'Anzeige',
+'display charset' => 'Display Charset',
 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen',
 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen',
 'display webinterface effects' => 'Ãberblendeffekte einschalten',
@@ -631,6 +632,7 @@
 'domain name' => 'Domainname',
 'domain name suffix' => 'Domain-Name-Suffix:',
 'domain not set' => 'Domain nicht eingegeben.',
+'dos charset' => 'DOS Charset',
 'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
 'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)',
 'downlink std class' => 'Downloadstandardklasse',
@@ -643,6 +645,10 @@
 'download root certificate' => 'Root Zertifikat herunterladen',
 'dpd action' => 'Aktion fÃ¼r Dead Peer Detection',
 'driver' => 'Treiber',
+'drop input' => 'Verworfene Input Pakete loggen',
+'drop newnotsyn' => 'Verworfene New Not Syn Pakete loggen',
+'drop output' => 'Verworfene Output Pakete loggen',
+'drop portscan' => 'Verworfene Portscan Pakete loggen',
 'dst port' => 'Ziel-Port',
 'dstprt range overlaps' => 'Der Zielportbereich Ã¼berlappt mit einem bereits definierten Port.',
 'dstprt within existing' => 'Der Zielport liegt innerhalb eines bereits definierten Portbereichs.',
@@ -758,6 +764,7 @@
 'from email server' => 'Von Email Server',
 'from email user' => 'Von Email Benutzer',
 'from warn email bad' => 'Von Email Adresse ist nicht gÃ¼ltig',
+'fw logging' => 'Firewall Logging',
 'gateway' => 'Gateway',
 'gateway ip' => 'Gateway-IP',
 'gen static key' => 'Statischen SchlÃ¼ssel erzeugen',
@@ -1591,6 +1598,7 @@
 'unable to contact' => 'Kann nicht erreicht werden',
 'unencrypted' => 'NichtverschlÃ¼sselt',
 'uninstall' => 'Deinstallieren',
+'unix charset' => 'UNIX Charset',
 'unix group' => ' UNIX Benutzergruppe',
 'unix password sync' => 'Unix Password Sync',
 'unix shell' => 'UNIX Shell',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 14fdfd40fe..0b4ed6ef55 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -632,6 +632,7 @@
 'disk access per' => 'Disk Access per',
 'disk usage' => 'Disk usage',
 'display' => 'Display',
+'display charset' => 'Display Charset',
 'display hostname in window title' => 'Display hostname in window title',
 'display traffic at home' => 'Display calculated traffic on startpage',
 'display webinterface effects' => 'Activate effects',
@@ -655,6 +656,7 @@
 'domain name suffix' => 'Domain name suffix:',
 'domain not set' => 'Domain not set.',
 'done' => 'Do it',
+'dos charset' => 'DOS Charset',
 'down and up speed' => 'Enter your Down- and Uplink-Speed <br /> and then press <i>Save</i>.',
 'downlink speed' => 'Downlink speed (kbit/sec)',
 'downlink std class' => 'downlink standard class',
@@ -667,6 +669,10 @@
 'download root certificate' => 'Download Root Certificate',
 'dpd action' => 'Dead Peer Detection action',
 'driver' => 'Driver',
+'drop input' => 'Log dropped Input pakets',
+'drop newnotsyn' => 'Log dropped New Not Syn pakets',
+'drop output' => 'Log dropped Output pakets',
+'drop portscan' => 'Log dropped Portscan pakets',
 'dst port' => 'Dst Port',
 'dstprt range overlaps' => 'Destination port range overlaps an already defined port.',
 'dstprt within existing' => 'Destination port is within an already defined port range.',
@@ -782,6 +788,7 @@
 'from email server' => 'From Email server',
 'from email user' => 'From Email user',
 'from warn email bad' => 'From email address is not valid',
+'fw logging' => 'Firewall logging',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',
 'gateway' => 'Gateway',
@@ -1623,6 +1630,7 @@
 'unable to contact' => 'Unable to contact',
 'unencrypted' => 'Unencrypted',
 'uninstall' => 'Uninstall',
+'unix charset' => 'UNIX Charset',
 'unix group' => ' UNIX usergroup',
 'unix password sync' => 'Unix Password Sync',
 'unix shell' => 'UNIX Shell',
diff --git a/lfs/configroot b/lfs/configroot
index 1c8f21f6d0..2581a6ac85 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -106,7 +106,12 @@ $(TARGET) :
 	echo  "VPN_DELAYED_START=0"	>>$(CONFIG_ROOT)/vpn/settings
 	echo  "01"			> $(CONFIG_ROOT)/certs/serial
 	echo  "nameserver    1.2.3.4"	> $(CONFIG_ROOT)/ppp/fake-resolv.conf
-	echo  "DISABLEPING=NO"		> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPNEWNOTSYN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPINPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPOUTPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPINPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPOUTPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPPORTSCAN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 
 	# Modify variables in header.pl
 	sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
diff --git a/lfs/samba b/lfs/samba
index ff563e326b..2b308f5f15 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 3
+PAK_VER    = 4
 
 DEPS       = "cups cyrus-sasl"
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index ad30c3d1d4..a5ffdc03e7 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -2,6 +2,7 @@
 
 eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
 IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
 
 if [ -f /var/ipfire/red/device ]; then
@@ -33,16 +34,20 @@ iptables_init() {
 	# This chain will log, then DROPs packets with certain bad combinations
 	# of flags might indicate a port-scan attempt (xmas, null, etc)
 	/sbin/iptables -N PSCAN
-	/sbin/iptables -A PSCAN -p tcp  -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
-	/sbin/iptables -A PSCAN -p udp  -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
-	/sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
-	/sbin/iptables -A PSCAN -f      -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
-	/sbin/iptables -A PSCAN -j DROP
+	if [ "$DROPPORTSCAN" == "on" ]; then
+		/sbin/iptables -A PSCAN -p tcp  -m limit --limit 10/minute -j LOG --log-prefix "DROP-TCP Scan " -m comment --comment "DROP-TCP PScan"
+		/sbin/iptables -A PSCAN -p udp  -m limit --limit 10/minute -j LOG --log-prefix "DROP-UDP Scan " -m comment --comment "DROP-UPD PScan"
+		/sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "DROP-ICMP Scan " -m comment --comment "DROP-ICMP PScan"
+		/sbin/iptables -A PSCAN -f      -m limit --limit 10/minute -j LOG --log-prefix "DROP-FRAG Scan " -m comment --comment "DROP-FRAG PScan"
+	fi
+	/sbin/iptables -A PSCAN -j DROP -m comment --comment "DROP PScan"
 
 	# New tcp packets without SYN set - could well be an obscure type of port scan
 	# that's not covered above, may just be a broken windows machine
 	/sbin/iptables -N NEWNOTSYN
-	/sbin/iptables -A NEWNOTSYN  -m limit --limit 10/minute -j LOG  --log-prefix "NEW not SYN? "
+	if [ "$DROPNEWNOTSYN" == "on" ]; then
+		/sbin/iptables -A NEWNOTSYN  -m limit --limit 10/minute -j LOG  --log-prefix "DROP-NEW not SYN " -m comment --comment "DROP-NEW not SYN"
+	fi
 	/sbin/iptables -A NEWNOTSYN  -j DROP
 
 	# Chain to contain all the rules relating to bad TCP flags
@@ -158,10 +163,10 @@ case "$1" in
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	/sbin/iptables -N IPSECVIRTUAL
 	/sbin/iptables -N OPENSSLVIRTUAL
-	/sbin/iptables -A INPUT -j IPSECVIRTUAL
-	/sbin/iptables -A INPUT -j OPENSSLVIRTUAL
-	/sbin/iptables -A FORWARD -j IPSECVIRTUAL
-	/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL
+	/sbin/iptables -A INPUT -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL INPUT"
+	/sbin/iptables -A INPUT -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL INPUT"
+	/sbin/iptables -A FORWARD -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL FORWARD"
+	/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
 	
 	# Outgoing Firewall
 	/sbin/iptables -A FORWARD -j OUTGOINGFW
@@ -255,8 +260,13 @@ case "$1" in
 	fi
 	
 	# last rule in input and forward chain is for logging.
-	/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
-	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+
+	if [ "$DROPINPUT" == "on" ]; then
+		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP-INPUT "  -m comment --comment "DROP-INPUT"
+	fi
+	if [ "$DROPOUTPUT" == "on" ]; then
+		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP-OUTPUT "  -m comment --comment "DROP-OUTPUT"
+	fi
         ;;
   startovpn)  
 	# run openvpn
@@ -285,8 +295,12 @@ case "$1" in
 		/etc/sysconfig/firewall.local stop
 	fi
 
-	/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
-	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
+	if [ "$DROPINPUT" == "on" ]; then
+		/sbin/iptables -A INPUT   -m limit --limit 10/minute -j LOG --log-prefix "DROP-INPUT "  -m comment --comment "DROP-INPUT"
+	fi
+	if [ "$DROPOUTPUT" == "on" ]; then
+		/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP-OUTPUT "  -m comment --comment "DROP-OUTPUT"
+	fi
         ;;
   stopovpn)
 	# stop openvpn
-- 
2.39.2