-.config
+/.DS_Store
+/.config
/build
/cache
/ccache
/packages
/tmp
/*.diff
+._*
*.img.gz
*.img.xz
*.iso
# Check if an upstream proxy is configured.
if ($proxysettings{'UPSTREAM_PROXY'}) {
- my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
my $proxy_url;
- # Check if we got a peer.
- if ($peer) {
- $proxy_url = "http://";
+ $proxy_url = "http://";
- # Check if the proxy requires authentication.
- if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
- $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
- }
-
- # Add proxy server address and port.
- $proxy_url .= "$peer\:$peerport";
- } else {
- # Log error message and break.
- &_log_to_syslog("Could not proper configure the proxy server access.");
-
- # Return "1" - false.
- return 1;
+ # Check if the proxy requires authentication.
+ if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
+ $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
}
+ # Add proxy server address and port.
+ $proxy_url .= $proxysettings{'UPSTREAM_PROXY'};
+
# Setup proxy settings.
$downloader->proxy(['http', 'https'], $proxy_url);
}
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+ SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.112-ipfire Kernel Configuration
+# Linux/arm64 4.14.121-ipfire Kernel Configuration
#
CONFIG_ARM64=y
CONFIG_64BIT=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.112-ipfire-kirkwood Kernel Configuration
+# Linux/arm 4.14.121-ipfire-kirkwood Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.112-ipfire-multi Kernel Configuration
+# Linux/arm 4.14.121-ipfire-multi Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.112-ipfire Kernel Configuration
+# Linux/x86 4.14.121-ipfire Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.112-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.121-ipfire-pae Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.112-ipfire Kernel Configuration
+# Linux/x86 4.14.121-ipfire Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
'title' => "$Lang::tr{'system information'}",
'enabled' => 1,
};
- $subsystem->{'42.shutdown'} = {
+ $subsystem->{'42.hwvuln'} = {
+ 'caption' => $Lang::tr{'hardware vulnerabilities'},
+ 'uri' => '/cgi-bin/vulnerabilities.cgi',
+ 'title' => "$Lang::tr{'hardware vulnerabilities'}",
+ 'enabled' => 1,
+ };
+ $subsystem->{'43.shutdown'} = {
'caption' => $Lang::tr{'shutdown'},
'uri' => '/cgi-bin/shutdown.cgi',
'title' => "$Lang::tr{'shutdown'}",
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
#usr/lib/libbind9.la
#usr/lib/libbind9.so
usr/lib/libbind9.so.161
-usr/lib/libbind9.so.161.0.1
+usr/lib/libbind9.so.161.0.2
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libdns.so.1105
-usr/lib/libdns.so.1105.0.0
+usr/lib/libdns.so.1106
+usr/lib/libdns.so.1106.0.0
#usr/lib/libisc.la
#usr/lib/libisc.so
usr/lib/libisc.so.1100
-usr/lib/libisc.so.1100.1.0
+usr/lib/libisc.so.1100.2.0
#usr/lib/libisccc.la
#usr/lib/libisccc.so
usr/lib/libisccc.so.161
var/ipfire/main
#var/ipfire/main/hosts
#var/ipfire/main/routing
+#var/ipfire/main/security
#var/ipfire/main/settings
#var/ipfire/menu.d
var/ipfire/menu.d/00-menu.main
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
#usr/share/man/man1/vnstati.1
#usr/share/man/man1/vnstat.1
#var/lib/vnstat
+#var/log/vnstat
+var/log/vnstat/tag
#srv/web/ipfire/cgi-bin/upnp.cgi
srv/web/ipfire/cgi-bin/urlfilter.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/cgi-bin/vulnerabilities.cgi
srv/web/ipfire/cgi-bin/wakeonlan.cgi
srv/web/ipfire/cgi-bin/webaccess.cgi
srv/web/ipfire/cgi-bin/wireless.cgi
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
+etc/rc.d/init.d/smt
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
etc/rc.d/rcsysinit.d/S40mountfs
etc/rc.d/rcsysinit.d/S42fsresize
etc/rc.d/rcsysinit.d/S43mounttmpfs
+etc/rc.d/rcsysinit.d/S44smt
etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
lib/firmware/intel-ucode/06-2d-07
lib/firmware/intel-ucode/06-2e-06
lib/firmware/intel-ucode/06-2f-02
+lib/firmware/intel-ucode/06-37-08
+lib/firmware/intel-ucode/06-37-09
lib/firmware/intel-ucode/06-3a-09
lib/firmware/intel-ucode/06-3c-03
lib/firmware/intel-ucode/06-3d-04
lib/firmware/intel-ucode/06-45-01
lib/firmware/intel-ucode/06-46-01
lib/firmware/intel-ucode/06-47-01
+lib/firmware/intel-ucode/06-4c-03
+lib/firmware/intel-ucode/06-4c-04
lib/firmware/intel-ucode/06-4e-03
-lib/firmware/intel-ucode/06-55-03
lib/firmware/intel-ucode/06-55-04
+lib/firmware/intel-ucode/06-55-07
lib/firmware/intel-ucode/06-56-02
lib/firmware/intel-ucode/06-56-03
lib/firmware/intel-ucode/06-56-04
lib/firmware/intel-ucode/06-7a-01
lib/firmware/intel-ucode/06-8e-09
lib/firmware/intel-ucode/06-8e-0a
+lib/firmware/intel-ucode/06-8e-0b
+lib/firmware/intel-ucode/06-8e-0c
lib/firmware/intel-ucode/06-9e-09
lib/firmware/intel-ucode/06-9e-0a
lib/firmware/intel-ucode/06-9e-0b
+lib/firmware/intel-ucode/06-9e-0c
+lib/firmware/intel-ucode/06-9e-0d
lib/firmware/intel-ucode/0f-00-07
lib/firmware/intel-ucode/0f-00-0a
lib/firmware/intel-ucode/0f-01-02
--- /dev/null
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
--- /dev/null
+../../../common/squid
\ No newline at end of file
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
-core=131
+core=133
# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
done
# Stop services
+/etc/init.d/squid stop
# Extract files
extract_files
/usr/local/bin/update-lang-cache
# Start services
-/etc/init.d/suricata restart
-
-# This update needs a reboot...
-touch /var/run/need_reboot
+/etc/init.d/squid start
# Finish
/etc/init.d/fireinfo start
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../../common/aarch64/linux
\ No newline at end of file
--- /dev/null
+../../../../common/aarch64/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
--- /dev/null
+../../../common/bind
\ No newline at end of file
etc/system-release
etc/issue
etc/mime.types
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/rc.d/init.d/smt
etc/rc.d/init.d/suricata
+etc/rc.d/init.d/unbound
+etc/rc.d/rcsysinit.d/S44smt
etc/suricata/suricata.yaml
+etc/unbound/unbound.conf
opt/pakfire/lib/functions.pl
opt/pakfire/pakfire
srv/web/ipfire/cgi-bin/captive.cgi
srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/routing.cgi
+srv/web/ipfire/cgi-bin/urlfilter.cgi
+srv/web/ipfire/cgi-bin/vulnerabilities.cgi
srv/web/ipfire/cgi-bin/zoneconf.cgi
usr/lib/firewall/rules.pl
+usr/local/bin/backupiso
+usr/local/bin/update-ids-ruleset
usr/sbin/convert-snort
var/ipfire/ids-functions.pl
var/ipfire/langs
+var/ipfire/menu.d/10-system.menu
var/ipfire/menu.d/30-network.menu
var/ipfire/network-functions.pl
--- /dev/null
+../../../../common/i586/intel-microcode
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/intel-microcode
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux-initrd
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=132
+
+exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ # don't start pakfire again at error
+ killall -KILL pak_update
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+ cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire*)
+ # Ok.
+ ;;
+ *)
+ exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+ ;;
+esac
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 80000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+ exit 2
+fi
+
+# Remove the old kernel
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-*-ipfire-*
+rm -rf /boot/zImage-*-ipfire-*
+rm -rf /boot/uInit-*-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+rm -f /etc/sysconfig/lm_sensors
+
+# Stop services
+/etc/init.d/suricata stop
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# create main/security file
+touch /var/ipfire/main/security
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/apache reload
+/etc/init.d/collectd restart
+/etc/init.d/firewall restart
+/etc/init.d/unbound restart
+/etc/init.d/suricata start
+
+# Search sensors again after reboot into the new kernel
+rm -f /etc/sysconfig/lm_sensors
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+ sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+ /boot/pakfire-kernel-update ${KVER}
+fi
+
+case "$(uname -m)" in
+ i?86)
+ # Force (re)install pae kernel if pae is supported
+ rm -rf /opt/pakfire/db/installed/meta-linux-pae
+ rm -rf /opt/pakfire/db/rootfiles/linux-pae
+ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ touch /var/run/need_reboot
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ fi
+ else
+ touch /var/run/need_reboot
+ fi
+ ;;
+ *)
+ # This update needs a reboot...
+ touch /var/run/need_reboot
+ ;;
+esac
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
--- /dev/null
+#usr/bin/capinfos
+#usr/bin/captype
+usr/bin/dumpcap
+#usr/bin/editcap
+#usr/bin/idl2wrs
+#usr/bin/mergecap
+#usr/bin/randpkt
+#usr/bin/rawshark
+#usr/bin/reordercap
+#usr/bin/sharkd
+#usr/bin/text2pcap
+usr/bin/tshark
+#usr/include/wireshark
+#usr/include/wireshark/cfile.h
+#usr/include/wireshark/cli_main.h
+#usr/include/wireshark/codecs
+#usr/include/wireshark/codecs/codecs.h
+#usr/include/wireshark/epan
+#usr/include/wireshark/epan/addr_and_mask.h
+#usr/include/wireshark/epan/addr_resolv.h
+#usr/include/wireshark/epan/address.h
+#usr/include/wireshark/epan/address_types.h
+#usr/include/wireshark/epan/afn.h
+#usr/include/wireshark/epan/aftypes.h
+#usr/include/wireshark/epan/app_mem_usage.h
+#usr/include/wireshark/epan/arcnet_pids.h
+#usr/include/wireshark/epan/arptypes.h
+#usr/include/wireshark/epan/asn1.h
+#usr/include/wireshark/epan/ax25_pids.h
+#usr/include/wireshark/epan/bridged_pids.h
+#usr/include/wireshark/epan/capture_dissectors.h
+#usr/include/wireshark/epan/charsets.h
+#usr/include/wireshark/epan/chdlctypes.h
+#usr/include/wireshark/epan/color_filters.h
+#usr/include/wireshark/epan/column-info.h
+#usr/include/wireshark/epan/column-utils.h
+#usr/include/wireshark/epan/column.h
+#usr/include/wireshark/epan/conv_id.h
+#usr/include/wireshark/epan/conversation.h
+#usr/include/wireshark/epan/conversation_debug.h
+#usr/include/wireshark/epan/conversation_table.h
+#usr/include/wireshark/epan/crc10-tvb.h
+#usr/include/wireshark/epan/crc16-tvb.h
+#usr/include/wireshark/epan/crc32-tvb.h
+#usr/include/wireshark/epan/crc6-tvb.h
+#usr/include/wireshark/epan/crc8-tvb.h
+#usr/include/wireshark/epan/decode_as.h
+#usr/include/wireshark/epan/dfilter
+#usr/include/wireshark/epan/dfilter/dfilter.h
+#usr/include/wireshark/epan/dfilter/drange.h
+#usr/include/wireshark/epan/diam_dict.h
+#usr/include/wireshark/epan/disabled_protos.h
+#usr/include/wireshark/epan/dissector_filters.h
+#usr/include/wireshark/epan/dissectors
+#usr/include/wireshark/epan/dissectors/file-rbm.h
+#usr/include/wireshark/epan/dissectors/packet-6lowpan.h
+#usr/include/wireshark/epan/dissectors/packet-a21.h
+#usr/include/wireshark/epan/dissectors/packet-acp133.h
+#usr/include/wireshark/epan/dissectors/packet-acse.h
+#usr/include/wireshark/epan/dissectors/packet-actrace.h
+#usr/include/wireshark/epan/dissectors/packet-adb_service.h
+#usr/include/wireshark/epan/dissectors/packet-afp.h
+#usr/include/wireshark/epan/dissectors/packet-alcap.h
+#usr/include/wireshark/epan/dissectors/packet-ansi_a.h
+#usr/include/wireshark/epan/dissectors/packet-ansi_map.h
+#usr/include/wireshark/epan/dissectors/packet-ansi_tcap.h
+#usr/include/wireshark/epan/dissectors/packet-arp.h
+#usr/include/wireshark/epan/dissectors/packet-atalk.h
+#usr/include/wireshark/epan/dissectors/packet-atm.h
+#usr/include/wireshark/epan/dissectors/packet-atn-ulcs.h
+#usr/include/wireshark/epan/dissectors/packet-bacapp.h
+#usr/include/wireshark/epan/dissectors/packet-bacnet.h
+#usr/include/wireshark/epan/dissectors/packet-ber.h
+#usr/include/wireshark/epan/dissectors/packet-bfd.h
+#usr/include/wireshark/epan/dissectors/packet-bgp.h
+#usr/include/wireshark/epan/dissectors/packet-bluetooth.h
+#usr/include/wireshark/epan/dissectors/packet-bssap.h
+#usr/include/wireshark/epan/dissectors/packet-bssgp.h
+#usr/include/wireshark/epan/dissectors/packet-btatt.h
+#usr/include/wireshark/epan/dissectors/packet-btavctp.h
+#usr/include/wireshark/epan/dissectors/packet-btavdtp.h
+#usr/include/wireshark/epan/dissectors/packet-btavrcp.h
+#usr/include/wireshark/epan/dissectors/packet-bthci_acl.h
+#usr/include/wireshark/epan/dissectors/packet-bthci_cmd.h
+#usr/include/wireshark/epan/dissectors/packet-bthci_evt.h
+#usr/include/wireshark/epan/dissectors/packet-bthci_sco.h
+#usr/include/wireshark/epan/dissectors/packet-btl2cap.h
+#usr/include/wireshark/epan/dissectors/packet-btle.h
+#usr/include/wireshark/epan/dissectors/packet-btrfcomm.h
+#usr/include/wireshark/epan/dissectors/packet-btsdp.h
+#usr/include/wireshark/epan/dissectors/packet-c1222.h
+#usr/include/wireshark/epan/dissectors/packet-camel.h
+#usr/include/wireshark/epan/dissectors/packet-cdt.h
+#usr/include/wireshark/epan/dissectors/packet-cell_broadcast.h
+#usr/include/wireshark/epan/dissectors/packet-charging_ase.h
+#usr/include/wireshark/epan/dissectors/packet-chdlc.h
+#usr/include/wireshark/epan/dissectors/packet-cip.h
+#usr/include/wireshark/epan/dissectors/packet-cipsafety.h
+#usr/include/wireshark/epan/dissectors/packet-cmip.h
+#usr/include/wireshark/epan/dissectors/packet-cmp.h
+#usr/include/wireshark/epan/dissectors/packet-cms.h
+#usr/include/wireshark/epan/dissectors/packet-coap.h
+#usr/include/wireshark/epan/dissectors/packet-credssp.h
+#usr/include/wireshark/epan/dissectors/packet-crmf.h
+#usr/include/wireshark/epan/dissectors/packet-csn1.h
+#usr/include/wireshark/epan/dissectors/packet-dap.h
+#usr/include/wireshark/epan/dissectors/packet-dcc.h
+#usr/include/wireshark/epan/dissectors/packet-dccp.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-browser.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-budb.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-butc.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-dce122.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-dcom.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-dnsserver.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-frsapi.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-frsrpc.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-netlogon.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-nt.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-pnp.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-rras.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-samr.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-spoolss.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-svcctl.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc-tapi.h
+#usr/include/wireshark/epan/dissectors/packet-dcerpc.h
+#usr/include/wireshark/epan/dissectors/packet-dcom-dispatch.h
+#usr/include/wireshark/epan/dissectors/packet-dcom.h
+#usr/include/wireshark/epan/dissectors/packet-diameter.h
+#usr/include/wireshark/epan/dissectors/packet-diameter_3gpp.h
+#usr/include/wireshark/epan/dissectors/packet-diffserv-mpls-common.h
+#usr/include/wireshark/epan/dissectors/packet-disp.h
+#usr/include/wireshark/epan/dissectors/packet-dns.h
+#usr/include/wireshark/epan/dissectors/packet-docsis-tlv.h
+#usr/include/wireshark/epan/dissectors/packet-dop.h
+#usr/include/wireshark/epan/dissectors/packet-dsp.h
+#usr/include/wireshark/epan/dissectors/packet-dtls.h
+#usr/include/wireshark/epan/dissectors/packet-dtn.h
+#usr/include/wireshark/epan/dissectors/packet-dvbci.h
+#usr/include/wireshark/epan/dissectors/packet-e164.h
+#usr/include/wireshark/epan/dissectors/packet-e212.h
+#usr/include/wireshark/epan/dissectors/packet-eapol.h
+#usr/include/wireshark/epan/dissectors/packet-edonkey.h
+#usr/include/wireshark/epan/dissectors/packet-eigrp.h
+#usr/include/wireshark/epan/dissectors/packet-enip.h
+#usr/include/wireshark/epan/dissectors/packet-epl.h
+#usr/include/wireshark/epan/dissectors/packet-epmd.h
+#usr/include/wireshark/epan/dissectors/packet-erf.h
+#usr/include/wireshark/epan/dissectors/packet-ess.h
+#usr/include/wireshark/epan/dissectors/packet-eth.h
+#usr/include/wireshark/epan/dissectors/packet-f5ethtrailer.h
+#usr/include/wireshark/epan/dissectors/packet-fc.h
+#usr/include/wireshark/epan/dissectors/packet-fcbls.h
+#usr/include/wireshark/epan/dissectors/packet-fcct.h
+#usr/include/wireshark/epan/dissectors/packet-fcels.h
+#usr/include/wireshark/epan/dissectors/packet-fcfcs.h
+#usr/include/wireshark/epan/dissectors/packet-fcfzs.h
+#usr/include/wireshark/epan/dissectors/packet-fclctl.h
+#usr/include/wireshark/epan/dissectors/packet-fcsb3.h
+#usr/include/wireshark/epan/dissectors/packet-fcswils.h
+#usr/include/wireshark/epan/dissectors/packet-ff.h
+#usr/include/wireshark/epan/dissectors/packet-fix.h
+#usr/include/wireshark/epan/dissectors/packet-fmp.h
+#usr/include/wireshark/epan/dissectors/packet-frame.h
+#usr/include/wireshark/epan/dissectors/packet-ftam.h
+#usr/include/wireshark/epan/dissectors/packet-geonw.h
+#usr/include/wireshark/epan/dissectors/packet-giop.h
+#usr/include/wireshark/epan/dissectors/packet-gluster.h
+#usr/include/wireshark/epan/dissectors/packet-gmr1_common.h
+#usr/include/wireshark/epan/dissectors/packet-gmr1_rr.h
+#usr/include/wireshark/epan/dissectors/packet-gprscdr.h
+#usr/include/wireshark/epan/dissectors/packet-gre.h
+#usr/include/wireshark/epan/dissectors/packet-gsm_a_common.h
+#usr/include/wireshark/epan/dissectors/packet-gsm_a_rr.h
+#usr/include/wireshark/epan/dissectors/packet-gsm_map.h
+#usr/include/wireshark/epan/dissectors/packet-gsm_rlcmac.h
+#usr/include/wireshark/epan/dissectors/packet-gsm_sms.h
+#usr/include/wireshark/epan/dissectors/packet-gsmtap.h
+#usr/include/wireshark/epan/dissectors/packet-gssapi.h
+#usr/include/wireshark/epan/dissectors/packet-gtp.h
+#usr/include/wireshark/epan/dissectors/packet-gtpv2.h
+#usr/include/wireshark/epan/dissectors/packet-h223.h
+#usr/include/wireshark/epan/dissectors/packet-h225.h
+#usr/include/wireshark/epan/dissectors/packet-h235.h
+#usr/include/wireshark/epan/dissectors/packet-h245.h
+#usr/include/wireshark/epan/dissectors/packet-h248.h
+#usr/include/wireshark/epan/dissectors/packet-h263.h
+#usr/include/wireshark/epan/dissectors/packet-h264.h
+#usr/include/wireshark/epan/dissectors/packet-h265.h
+#usr/include/wireshark/epan/dissectors/packet-h323.h
+#usr/include/wireshark/epan/dissectors/packet-h450-ros.h
+#usr/include/wireshark/epan/dissectors/packet-hpext.h
+#usr/include/wireshark/epan/dissectors/packet-http.h
+#usr/include/wireshark/epan/dissectors/packet-http2.h
+#usr/include/wireshark/epan/dissectors/packet-iana-oui.h
+#usr/include/wireshark/epan/dissectors/packet-iax2.h
+#usr/include/wireshark/epan/dissectors/packet-icmp.h
+#usr/include/wireshark/epan/dissectors/packet-idmp.h
+#usr/include/wireshark/epan/dissectors/packet-idp.h
+#usr/include/wireshark/epan/dissectors/packet-ieee1609dot2.h
+#usr/include/wireshark/epan/dissectors/packet-ieee80211-radio.h
+#usr/include/wireshark/epan/dissectors/packet-ieee80211-radiotap-defs.h
+#usr/include/wireshark/epan/dissectors/packet-ieee80211-radiotap-iter.h
+#usr/include/wireshark/epan/dissectors/packet-ieee80211.h
+#usr/include/wireshark/epan/dissectors/packet-ieee802154.h
+#usr/include/wireshark/epan/dissectors/packet-ieee8023.h
+#usr/include/wireshark/epan/dissectors/packet-ieee802a.h
+#usr/include/wireshark/epan/dissectors/packet-igmp.h
+#usr/include/wireshark/epan/dissectors/packet-imf.h
+#usr/include/wireshark/epan/dissectors/packet-inap.h
+#usr/include/wireshark/epan/dissectors/packet-infiniband.h
+#usr/include/wireshark/epan/dissectors/packet-ip.h
+#usr/include/wireshark/epan/dissectors/packet-ipmi.h
+#usr/include/wireshark/epan/dissectors/packet-ipsec.h
+#usr/include/wireshark/epan/dissectors/packet-ipx.h
+#usr/include/wireshark/epan/dissectors/packet-isakmp.h
+#usr/include/wireshark/epan/dissectors/packet-isis-clv.h
+#usr/include/wireshark/epan/dissectors/packet-isis.h
+#usr/include/wireshark/epan/dissectors/packet-isl.h
+#usr/include/wireshark/epan/dissectors/packet-isup.h
+#usr/include/wireshark/epan/dissectors/packet-its.h
+#usr/include/wireshark/epan/dissectors/packet-iwarp-ddp-rdmap.h
+#usr/include/wireshark/epan/dissectors/packet-juniper.h
+#usr/include/wireshark/epan/dissectors/packet-jxta.h
+#usr/include/wireshark/epan/dissectors/packet-kerberos.h
+#usr/include/wireshark/epan/dissectors/packet-knxip.h
+#usr/include/wireshark/epan/dissectors/packet-knxip_decrypt.h
+#usr/include/wireshark/epan/dissectors/packet-l2tp.h
+#usr/include/wireshark/epan/dissectors/packet-lapdm.h
+#usr/include/wireshark/epan/dissectors/packet-lbm.h
+#usr/include/wireshark/epan/dissectors/packet-lbtrm.h
+#usr/include/wireshark/epan/dissectors/packet-lbtru.h
+#usr/include/wireshark/epan/dissectors/packet-lbttcp.h
+#usr/include/wireshark/epan/dissectors/packet-lcsap.h
+#usr/include/wireshark/epan/dissectors/packet-ldap.h
+#usr/include/wireshark/epan/dissectors/packet-ldp.h
+#usr/include/wireshark/epan/dissectors/packet-link16.h
+#usr/include/wireshark/epan/dissectors/packet-lisp.h
+#usr/include/wireshark/epan/dissectors/packet-llc.h
+#usr/include/wireshark/epan/dissectors/packet-lnet.h
+#usr/include/wireshark/epan/dissectors/packet-logotypecertextn.h
+#usr/include/wireshark/epan/dissectors/packet-lpp.h
+#usr/include/wireshark/epan/dissectors/packet-lte-rrc.h
+#usr/include/wireshark/epan/dissectors/packet-mac-lte.h
+#usr/include/wireshark/epan/dissectors/packet-mausb.h
+#usr/include/wireshark/epan/dissectors/packet-mbim.h
+#usr/include/wireshark/epan/dissectors/packet-mbtcp.h
+#usr/include/wireshark/epan/dissectors/packet-mgcp.h
+#usr/include/wireshark/epan/dissectors/packet-mle.h
+#usr/include/wireshark/epan/dissectors/packet-mms.h
+#usr/include/wireshark/epan/dissectors/packet-mount.h
+#usr/include/wireshark/epan/dissectors/packet-mp4ves.h
+#usr/include/wireshark/epan/dissectors/packet-mpeg-descriptor.h
+#usr/include/wireshark/epan/dissectors/packet-mpeg-sect.h
+#usr/include/wireshark/epan/dissectors/packet-mpls.h
+#usr/include/wireshark/epan/dissectors/packet-mq.h
+#usr/include/wireshark/epan/dissectors/packet-msrp.h
+#usr/include/wireshark/epan/dissectors/packet-mstp.h
+#usr/include/wireshark/epan/dissectors/packet-mtp3.h
+#usr/include/wireshark/epan/dissectors/packet-nbap.h
+#usr/include/wireshark/epan/dissectors/packet-ncp-int.h
+#usr/include/wireshark/epan/dissectors/packet-ncp-nmas.h
+#usr/include/wireshark/epan/dissectors/packet-ncp-sss.h
+#usr/include/wireshark/epan/dissectors/packet-ndmp.h
+#usr/include/wireshark/epan/dissectors/packet-ndps.h
+#usr/include/wireshark/epan/dissectors/packet-netbios.h
+#usr/include/wireshark/epan/dissectors/packet-netlink.h
+#usr/include/wireshark/epan/dissectors/packet-nfs.h
+#usr/include/wireshark/epan/dissectors/packet-ngap.h
+#usr/include/wireshark/epan/dissectors/packet-nisplus.h
+#usr/include/wireshark/epan/dissectors/packet-nlm.h
+#usr/include/wireshark/epan/dissectors/packet-nr-rrc.h
+#usr/include/wireshark/epan/dissectors/packet-nsh.h
+#usr/include/wireshark/epan/dissectors/packet-ntlmssp.h
+#usr/include/wireshark/epan/dissectors/packet-ntp.h
+#usr/include/wireshark/epan/dissectors/packet-nvme.h
+#usr/include/wireshark/epan/dissectors/packet-ocsp.h
+#usr/include/wireshark/epan/dissectors/packet-oer.h
+#usr/include/wireshark/epan/dissectors/packet-opensafety.h
+#usr/include/wireshark/epan/dissectors/packet-oscore.h
+#usr/include/wireshark/epan/dissectors/packet-osi-options.h
+#usr/include/wireshark/epan/dissectors/packet-osi.h
+#usr/include/wireshark/epan/dissectors/packet-p1.h
+#usr/include/wireshark/epan/dissectors/packet-p22.h
+#usr/include/wireshark/epan/dissectors/packet-p7.h
+#usr/include/wireshark/epan/dissectors/packet-p772.h
+#usr/include/wireshark/epan/dissectors/packet-pcap_pktdata.h
+#usr/include/wireshark/epan/dissectors/packet-pcnfsd.h
+#usr/include/wireshark/epan/dissectors/packet-pdcp-lte.h
+#usr/include/wireshark/epan/dissectors/packet-pdcp-nr.h
+#usr/include/wireshark/epan/dissectors/packet-per.h
+#usr/include/wireshark/epan/dissectors/packet-pkcs1.h
+#usr/include/wireshark/epan/dissectors/packet-pkcs12.h
+#usr/include/wireshark/epan/dissectors/packet-pkinit.h
+#usr/include/wireshark/epan/dissectors/packet-pkix1explicit.h
+#usr/include/wireshark/epan/dissectors/packet-pkix1implicit.h
+#usr/include/wireshark/epan/dissectors/packet-pkixac.h
+#usr/include/wireshark/epan/dissectors/packet-pkixproxy.h
+#usr/include/wireshark/epan/dissectors/packet-pkixqualified.h
+#usr/include/wireshark/epan/dissectors/packet-pkixtsp.h
+#usr/include/wireshark/epan/dissectors/packet-portmap.h
+#usr/include/wireshark/epan/dissectors/packet-ppi-geolocation-common.h
+#usr/include/wireshark/epan/dissectors/packet-ppp.h
+#usr/include/wireshark/epan/dissectors/packet-pres.h
+#usr/include/wireshark/epan/dissectors/packet-ptp.h
+#usr/include/wireshark/epan/dissectors/packet-ptpip.h
+#usr/include/wireshark/epan/dissectors/packet-pw-atm.h
+#usr/include/wireshark/epan/dissectors/packet-pw-common.h
+#usr/include/wireshark/epan/dissectors/packet-q708.h
+#usr/include/wireshark/epan/dissectors/packet-q931.h
+#usr/include/wireshark/epan/dissectors/packet-q932.h
+#usr/include/wireshark/epan/dissectors/packet-qsig.h
+#usr/include/wireshark/epan/dissectors/packet-radius.h
+#usr/include/wireshark/epan/dissectors/packet-raknet.h
+#usr/include/wireshark/epan/dissectors/packet-ranap.h
+#usr/include/wireshark/epan/dissectors/packet-rdm.h
+#usr/include/wireshark/epan/dissectors/packet-rdt.h
+#usr/include/wireshark/epan/dissectors/packet-reload.h
+#usr/include/wireshark/epan/dissectors/packet-rlc-lte.h
+#usr/include/wireshark/epan/dissectors/packet-rlc-nr.h
+#usr/include/wireshark/epan/dissectors/packet-rmi.h
+#usr/include/wireshark/epan/dissectors/packet-rmt-common.h
+#usr/include/wireshark/epan/dissectors/packet-rohc.h
+#usr/include/wireshark/epan/dissectors/packet-ros.h
+#usr/include/wireshark/epan/dissectors/packet-rpc.h
+#usr/include/wireshark/epan/dissectors/packet-rpcrdma.h
+#usr/include/wireshark/epan/dissectors/packet-rrc.h
+#usr/include/wireshark/epan/dissectors/packet-rsvp.h
+#usr/include/wireshark/epan/dissectors/packet-rtcp.h
+#usr/include/wireshark/epan/dissectors/packet-rtp-events.h
+#usr/include/wireshark/epan/dissectors/packet-rtp.h
+#usr/include/wireshark/epan/dissectors/packet-rtps.h
+#usr/include/wireshark/epan/dissectors/packet-rtse.h
+#usr/include/wireshark/epan/dissectors/packet-rtsp.h
+#usr/include/wireshark/epan/dissectors/packet-rx.h
+#usr/include/wireshark/epan/dissectors/packet-s1ap.h
+#usr/include/wireshark/epan/dissectors/packet-s5066sis.h
+#usr/include/wireshark/epan/dissectors/packet-s7comm.h
+#usr/include/wireshark/epan/dissectors/packet-s7comm_szl_ids.h
+#usr/include/wireshark/epan/dissectors/packet-sccp.h
+#usr/include/wireshark/epan/dissectors/packet-scsi-mmc.h
+#usr/include/wireshark/epan/dissectors/packet-scsi-osd.h
+#usr/include/wireshark/epan/dissectors/packet-scsi-sbc.h
+#usr/include/wireshark/epan/dissectors/packet-scsi-smc.h
+#usr/include/wireshark/epan/dissectors/packet-scsi-ssc.h
+#usr/include/wireshark/epan/dissectors/packet-scsi.h
+#usr/include/wireshark/epan/dissectors/packet-sctp.h
+#usr/include/wireshark/epan/dissectors/packet-sdp.h
+#usr/include/wireshark/epan/dissectors/packet-ses.h
+#usr/include/wireshark/epan/dissectors/packet-sflow.h
+#usr/include/wireshark/epan/dissectors/packet-sip.h
+#usr/include/wireshark/epan/dissectors/packet-skinny.h
+#usr/include/wireshark/epan/dissectors/packet-sll.h
+#usr/include/wireshark/epan/dissectors/packet-smb-browse.h
+#usr/include/wireshark/epan/dissectors/packet-smb-common.h
+#usr/include/wireshark/epan/dissectors/packet-smb-mailslot.h
+#usr/include/wireshark/epan/dissectors/packet-smb-pipe.h
+#usr/include/wireshark/epan/dissectors/packet-smb-sidsnooping.h
+#usr/include/wireshark/epan/dissectors/packet-smb.h
+#usr/include/wireshark/epan/dissectors/packet-smb2.h
+#usr/include/wireshark/epan/dissectors/packet-smpp.h
+#usr/include/wireshark/epan/dissectors/packet-smrse.h
+#usr/include/wireshark/epan/dissectors/packet-snmp.h
+#usr/include/wireshark/epan/dissectors/packet-socketcan.h
+#usr/include/wireshark/epan/dissectors/packet-spice.h
+#usr/include/wireshark/epan/dissectors/packet-sprt.h
+#usr/include/wireshark/epan/dissectors/packet-sscop.h
+#usr/include/wireshark/epan/dissectors/packet-stat-notify.h
+#usr/include/wireshark/epan/dissectors/packet-stat.h
+#usr/include/wireshark/epan/dissectors/packet-sv.h
+#usr/include/wireshark/epan/dissectors/packet-syslog.h
+#usr/include/wireshark/epan/dissectors/packet-t124.h
+#usr/include/wireshark/epan/dissectors/packet-t30.h
+#usr/include/wireshark/epan/dissectors/packet-t38.h
+#usr/include/wireshark/epan/dissectors/packet-tacacs.h
+#usr/include/wireshark/epan/dissectors/packet-tcap.h
+#usr/include/wireshark/epan/dissectors/packet-tcp.h
+#usr/include/wireshark/epan/dissectors/packet-tetra.h
+#usr/include/wireshark/epan/dissectors/packet-tls-utils.h
+#usr/include/wireshark/epan/dissectors/packet-tls.h
+#usr/include/wireshark/epan/dissectors/packet-tn3270.h
+#usr/include/wireshark/epan/dissectors/packet-tn5250.h
+#usr/include/wireshark/epan/dissectors/packet-tpkt.h
+#usr/include/wireshark/epan/dissectors/packet-tr.h
+#usr/include/wireshark/epan/dissectors/packet-tte.h
+#usr/include/wireshark/epan/dissectors/packet-ua.h
+#usr/include/wireshark/epan/dissectors/packet-uaudp.h
+#usr/include/wireshark/epan/dissectors/packet-ubertooth.h
+#usr/include/wireshark/epan/dissectors/packet-udp.h
+#usr/include/wireshark/epan/dissectors/packet-umts_fp.h
+#usr/include/wireshark/epan/dissectors/packet-umts_mac.h
+#usr/include/wireshark/epan/dissectors/packet-umts_rlc.h
+#usr/include/wireshark/epan/dissectors/packet-usb-hid.h
+#usr/include/wireshark/epan/dissectors/packet-usb.h
+#usr/include/wireshark/epan/dissectors/packet-usbip.h
+#usr/include/wireshark/epan/dissectors/packet-vxlan.h
+#usr/include/wireshark/epan/dissectors/packet-wap.h
+#usr/include/wireshark/epan/dissectors/packet-wccp.h
+#usr/include/wireshark/epan/dissectors/packet-windows-common.h
+#usr/include/wireshark/epan/dissectors/packet-wlancertextn.h
+#usr/include/wireshark/epan/dissectors/packet-wps.h
+#usr/include/wireshark/epan/dissectors/packet-wsp.h
+#usr/include/wireshark/epan/dissectors/packet-wtls.h
+#usr/include/wireshark/epan/dissectors/packet-wtp.h
+#usr/include/wireshark/epan/dissectors/packet-x11-keysymdef.h
+#usr/include/wireshark/epan/dissectors/packet-x11.h
+#usr/include/wireshark/epan/dissectors/packet-x2ap.h
+#usr/include/wireshark/epan/dissectors/packet-x509af.h
+#usr/include/wireshark/epan/dissectors/packet-x509ce.h
+#usr/include/wireshark/epan/dissectors/packet-x509if.h
+#usr/include/wireshark/epan/dissectors/packet-x509sat.h
+#usr/include/wireshark/epan/dissectors/packet-xml.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-conference.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-core.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-gtalk.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-jingle.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-other.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp-utils.h
+#usr/include/wireshark/epan/dissectors/packet-xmpp.h
+#usr/include/wireshark/epan/dissectors/packet-ypbind.h
+#usr/include/wireshark/epan/dissectors/packet-yppasswd.h
+#usr/include/wireshark/epan/dissectors/packet-ypserv.h
+#usr/include/wireshark/epan/dissectors/packet-ypxfr.h
+#usr/include/wireshark/epan/dissectors/packet-zbee-aps.h
+#usr/include/wireshark/epan/dissectors/packet-zbee-nwk.h
+#usr/include/wireshark/epan/dissectors/packet-zbee-security.h
+#usr/include/wireshark/epan/dissectors/packet-zbee-zcl.h
+#usr/include/wireshark/epan/dissectors/packet-zbee-zdp.h
+#usr/include/wireshark/epan/dissectors/packet-zbee.h
+#usr/include/wireshark/epan/dissectors/packet-ziop.h
+#usr/include/wireshark/epan/dtd.h
+#usr/include/wireshark/epan/dtd_parse.h
+#usr/include/wireshark/epan/dvb_chartbl.h
+#usr/include/wireshark/epan/eap.h
+#usr/include/wireshark/epan/eapol_keydes_types.h
+#usr/include/wireshark/epan/epan.h
+#usr/include/wireshark/epan/epan_dissect.h
+#usr/include/wireshark/epan/etypes.h
+#usr/include/wireshark/epan/ex-opt.h
+#usr/include/wireshark/epan/except.h
+#usr/include/wireshark/epan/exceptions.h
+#usr/include/wireshark/epan/expert.h
+#usr/include/wireshark/epan/export_object.h
+#usr/include/wireshark/epan/exported_pdu.h
+#usr/include/wireshark/epan/filter_expressions.h
+#usr/include/wireshark/epan/follow.h
+#usr/include/wireshark/epan/frame_data.h
+#usr/include/wireshark/epan/frame_data_sequence.h
+#usr/include/wireshark/epan/ftypes
+#usr/include/wireshark/epan/ftypes/ftypes.h
+#usr/include/wireshark/epan/funnel.h
+#usr/include/wireshark/epan/garrayfix.h
+#usr/include/wireshark/epan/golay.h
+#usr/include/wireshark/epan/guid-utils.h
+#usr/include/wireshark/epan/iana_charsets.h
+#usr/include/wireshark/epan/iax2_codec_type.h
+#usr/include/wireshark/epan/in_cksum.h
+#usr/include/wireshark/epan/ip_opts.h
+#usr/include/wireshark/epan/ipproto.h
+#usr/include/wireshark/epan/ipv4.h
+#usr/include/wireshark/epan/ipv6.h
+#usr/include/wireshark/epan/lapd_sapi.h
+#usr/include/wireshark/epan/llcsaps.h
+#usr/include/wireshark/epan/maxmind_db.h
+#usr/include/wireshark/epan/media_params.h
+#usr/include/wireshark/epan/next_tvb.h
+#usr/include/wireshark/epan/nlpid.h
+#usr/include/wireshark/epan/oids.h
+#usr/include/wireshark/epan/osi-utils.h
+#usr/include/wireshark/epan/oui.h
+#usr/include/wireshark/epan/packet.h
+#usr/include/wireshark/epan/packet_info.h
+#usr/include/wireshark/epan/params.h
+#usr/include/wireshark/epan/plugin_if.h
+#usr/include/wireshark/epan/ppptypes.h
+#usr/include/wireshark/epan/prefs-int.h
+#usr/include/wireshark/epan/prefs.h
+#usr/include/wireshark/epan/print.h
+#usr/include/wireshark/epan/print_stream.h
+#usr/include/wireshark/epan/proto.h
+#usr/include/wireshark/epan/proto_data.h
+#usr/include/wireshark/epan/ps.h
+#usr/include/wireshark/epan/ptvcursor.h
+#usr/include/wireshark/epan/range.h
+#usr/include/wireshark/epan/reassemble.h
+#usr/include/wireshark/epan/reedsolomon.h
+#usr/include/wireshark/epan/register.h
+#usr/include/wireshark/epan/req_resp_hdrs.h
+#usr/include/wireshark/epan/rtd_table.h
+#usr/include/wireshark/epan/rtp_pt.h
+#usr/include/wireshark/epan/sctpppids.h
+#usr/include/wireshark/epan/secrets.h
+#usr/include/wireshark/epan/show_exception.h
+#usr/include/wireshark/epan/slow_protocol_subtypes.h
+#usr/include/wireshark/epan/sminmpec.h
+#usr/include/wireshark/epan/srt_table.h
+#usr/include/wireshark/epan/stat_groups.h
+#usr/include/wireshark/epan/stat_tap_ui.h
+#usr/include/wireshark/epan/stats_tree.h
+#usr/include/wireshark/epan/stats_tree_priv.h
+#usr/include/wireshark/epan/stream.h
+#usr/include/wireshark/epan/strutil.h
+#usr/include/wireshark/epan/t35.h
+#usr/include/wireshark/epan/tap-voip.h
+#usr/include/wireshark/epan/tap.h
+#usr/include/wireshark/epan/tfs.h
+#usr/include/wireshark/epan/time_fmt.h
+#usr/include/wireshark/epan/timestamp.h
+#usr/include/wireshark/epan/timestats.h
+#usr/include/wireshark/epan/to_str.h
+#usr/include/wireshark/epan/tvbparse.h
+#usr/include/wireshark/epan/tvbuff-int.h
+#usr/include/wireshark/epan/tvbuff.h
+#usr/include/wireshark/epan/uat-int.h
+#usr/include/wireshark/epan/uat.h
+#usr/include/wireshark/epan/unit_strings.h
+#usr/include/wireshark/epan/value_string.h
+#usr/include/wireshark/epan/wmem
+#usr/include/wireshark/epan/wmem/wmem.h
+#usr/include/wireshark/epan/wmem/wmem_array.h
+#usr/include/wireshark/epan/wmem/wmem_core.h
+#usr/include/wireshark/epan/wmem/wmem_interval_tree.h
+#usr/include/wireshark/epan/wmem/wmem_list.h
+#usr/include/wireshark/epan/wmem/wmem_map.h
+#usr/include/wireshark/epan/wmem/wmem_miscutl.h
+#usr/include/wireshark/epan/wmem/wmem_queue.h
+#usr/include/wireshark/epan/wmem/wmem_scopes.h
+#usr/include/wireshark/epan/wmem/wmem_stack.h
+#usr/include/wireshark/epan/wmem/wmem_strbuf.h
+#usr/include/wireshark/epan/wmem/wmem_strutl.h
+#usr/include/wireshark/epan/wmem/wmem_tree.h
+#usr/include/wireshark/epan/wmem/wmem_user_cb.h
+#usr/include/wireshark/epan/x264_prt_id.h
+#usr/include/wireshark/epan/xdlc.h
+#usr/include/wireshark/file.h
+#usr/include/wireshark/globals.h
+#usr/include/wireshark/log.h
+#usr/include/wireshark/version_info.h
+#usr/include/wireshark/wiretap
+#usr/include/wireshark/wiretap/file_wrappers.h
+#usr/include/wireshark/wiretap/merge.h
+#usr/include/wireshark/wiretap/pcap-encap.h
+#usr/include/wireshark/wiretap/pcapng_module.h
+#usr/include/wireshark/wiretap/secrets-types.h
+#usr/include/wireshark/wiretap/wtap.h
+#usr/include/wireshark/wiretap/wtap_opttypes.h
+#usr/include/wireshark/ws_attributes.h
+#usr/include/wireshark/ws_compiler_tests.h
+#usr/include/wireshark/ws_diag_control.h
+#usr/include/wireshark/ws_symbol_export.h
+#usr/include/wireshark/ws_version.h
+#usr/include/wireshark/wsutil
+#usr/include/wireshark/wsutil/adler32.h
+#usr/include/wireshark/wsutil/base32.h
+#usr/include/wireshark/wsutil/bits_count_ones.h
+#usr/include/wireshark/wsutil/bits_ctz.h
+#usr/include/wireshark/wsutil/bitswap.h
+#usr/include/wireshark/wsutil/buffer.h
+#usr/include/wireshark/wsutil/color.h
+#usr/include/wireshark/wsutil/copyright_info.h
+#usr/include/wireshark/wsutil/cpu_info.h
+#usr/include/wireshark/wsutil/crash_info.h
+#usr/include/wireshark/wsutil/crc10.h
+#usr/include/wireshark/wsutil/crc11.h
+#usr/include/wireshark/wsutil/crc16-plain.h
+#usr/include/wireshark/wsutil/crc16.h
+#usr/include/wireshark/wsutil/crc32.h
+#usr/include/wireshark/wsutil/crc6.h
+#usr/include/wireshark/wsutil/crc7.h
+#usr/include/wireshark/wsutil/crc8.h
+#usr/include/wireshark/wsutil/curve25519.h
+#usr/include/wireshark/wsutil/eax.h
+#usr/include/wireshark/wsutil/filesystem.h
+#usr/include/wireshark/wsutil/frequency-utils.h
+#usr/include/wireshark/wsutil/g711.h
+#usr/include/wireshark/wsutil/inet_addr.h
+#usr/include/wireshark/wsutil/inet_ipv4.h
+#usr/include/wireshark/wsutil/inet_ipv6.h
+#usr/include/wireshark/wsutil/interface.h
+#usr/include/wireshark/wsutil/jsmn.h
+#usr/include/wireshark/wsutil/json_dumper.h
+#usr/include/wireshark/wsutil/mpeg-audio.h
+#usr/include/wireshark/wsutil/netlink.h
+#usr/include/wireshark/wsutil/nstime.h
+#usr/include/wireshark/wsutil/os_version_info.h
+#usr/include/wireshark/wsutil/pint.h
+#usr/include/wireshark/wsutil/plugins.h
+#usr/include/wireshark/wsutil/pow2.h
+#usr/include/wireshark/wsutil/privileges.h
+#usr/include/wireshark/wsutil/processes.h
+#usr/include/wireshark/wsutil/report_message.h
+#usr/include/wireshark/wsutil/sign_ext.h
+#usr/include/wireshark/wsutil/sober128.h
+#usr/include/wireshark/wsutil/socket.h
+#usr/include/wireshark/wsutil/str_util.h
+#usr/include/wireshark/wsutil/strnatcmp.h
+#usr/include/wireshark/wsutil/strtoi.h
+#usr/include/wireshark/wsutil/tempfile.h
+#usr/include/wireshark/wsutil/time_util.h
+#usr/include/wireshark/wsutil/type_util.h
+#usr/include/wireshark/wsutil/unicode-utils.h
+#usr/include/wireshark/wsutil/utf8_entities.h
+#usr/include/wireshark/wsutil/ws_cpuid.h
+#usr/include/wireshark/wsutil/ws_mempbrk.h
+#usr/include/wireshark/wsutil/ws_mempbrk_int.h
+#usr/include/wireshark/wsutil/ws_pipe.h
+#usr/include/wireshark/wsutil/ws_printf.h
+#usr/include/wireshark/wsutil/wsjson.h
+#usr/include/wireshark/wsutil/xtea.h
+#usr/lib/libwireshark.so
+usr/lib/libwireshark.so.12
+usr/lib/libwireshark.so.12.0.1
+#usr/lib/libwiretap.so
+usr/lib/libwiretap.so.9
+usr/lib/libwiretap.so.9.0.1
+#usr/lib/libwscodecs.so
+usr/lib/libwscodecs.so.2
+usr/lib/libwscodecs.so.2.0.0
+#usr/lib/libwsutil.so
+usr/lib/libwsutil.so.10
+usr/lib/libwsutil.so.10.0.0
+#usr/lib/pkgconfig/wireshark.pc
+#usr/lib/wireshark
+#usr/lib/wireshark/cmake
+#usr/lib/wireshark/cmake/FindGLIB2.cmake
+#usr/lib/wireshark/cmake/FindWSWinLibs.cmake
+#usr/lib/wireshark/cmake/LocatePythonModule.cmake
+#usr/lib/wireshark/cmake/UseAsn2Wrs.cmake
+#usr/lib/wireshark/cmake/UseMakePluginReg.cmake
+#usr/lib/wireshark/cmake/WiresharkConfig.cmake
+#usr/lib/wireshark/cmake/WiresharkConfigVersion.cmake
+#usr/lib/wireshark/cmake/WiresharkTargets-relwithdebinfo.cmake
+#usr/lib/wireshark/cmake/WiresharkTargets.cmake
+#usr/lib/wireshark/extcap
+usr/lib/wireshark/extcap/androiddump
+usr/lib/wireshark/extcap/dpauxmon
+usr/lib/wireshark/extcap/randpktdump
+usr/lib/wireshark/extcap/udpdump
+#usr/lib/wireshark/plugins
+#usr/lib/wireshark/plugins/3.0
+#usr/lib/wireshark/plugins/3.0/codecs
+usr/lib/wireshark/plugins/3.0/codecs/l16mono.so
+#usr/lib/wireshark/plugins/3.0/epan
+usr/lib/wireshark/plugins/3.0/epan/ethercat.so
+usr/lib/wireshark/plugins/3.0/epan/gryphon.so
+usr/lib/wireshark/plugins/3.0/epan/irda.so
+usr/lib/wireshark/plugins/3.0/epan/mate.so
+usr/lib/wireshark/plugins/3.0/epan/opcua.so
+usr/lib/wireshark/plugins/3.0/epan/profinet.so
+usr/lib/wireshark/plugins/3.0/epan/stats_tree.so
+usr/lib/wireshark/plugins/3.0/epan/transum.so
+usr/lib/wireshark/plugins/3.0/epan/unistim.so
+usr/lib/wireshark/plugins/3.0/epan/wimax.so
+usr/lib/wireshark/plugins/3.0/epan/wimaxasncp.so
+usr/lib/wireshark/plugins/3.0/epan/wimaxmacphy.so
+usr/lib/wireshark/plugins/3.0/wiretap
+usr/lib/wireshark/plugins/3.0/wiretap/usbdump.so
+#usr/share/doc/wireshark
+#usr/share/doc/wireshark/androiddump.html
+#usr/share/doc/wireshark/capinfos.html
+#usr/share/doc/wireshark/captype.html
+#usr/share/doc/wireshark/ciscodump.html
+#usr/share/doc/wireshark/dftest.html
+#usr/share/doc/wireshark/dpauxmon.html
+#usr/share/doc/wireshark/dumpcap.html
+#usr/share/doc/wireshark/editcap.html
+#usr/share/doc/wireshark/extcap.html
+#usr/share/doc/wireshark/mergecap.html
+#usr/share/doc/wireshark/randpkt.html
+#usr/share/doc/wireshark/randpktdump.html
+#usr/share/doc/wireshark/rawshark.html
+#usr/share/doc/wireshark/reordercap.html
+#usr/share/doc/wireshark/sshdump.html
+#usr/share/doc/wireshark/text2pcap.html
+#usr/share/doc/wireshark/tshark.html
+#usr/share/doc/wireshark/udpdump.html
+#usr/share/doc/wireshark/wireshark-filter.html
+#usr/share/doc/wireshark/wireshark.html
+#usr/share/man/man1/androiddump.1
+#usr/share/man/man1/capinfos.1
+#usr/share/man/man1/captype.1
+#usr/share/man/man1/ciscodump.1
+#usr/share/man/man1/dftest.1
+#usr/share/man/man1/dpauxmon.1
+#usr/share/man/man1/dumpcap.1
+#usr/share/man/man1/editcap.1
+#usr/share/man/man1/mergecap.1
+#usr/share/man/man1/randpkt.1
+#usr/share/man/man1/randpktdump.1
+#usr/share/man/man1/rawshark.1
+#usr/share/man/man1/reordercap.1
+#usr/share/man/man1/sshdump.1
+#usr/share/man/man1/text2pcap.1
+#usr/share/man/man1/tshark.1
+#usr/share/man/man1/udpdump.1
+#usr/share/man/man1/wireshark.1
+#usr/share/man/man4/extcap.4
+#usr/share/man/man4/wireshark-filter.4
+#usr/share/wireshark
+#usr/share/wireshark/AUTHORS-SHORT
+#usr/share/wireshark/COPYING
+#usr/share/wireshark/androiddump.html
+#usr/share/wireshark/capinfos.html
+#usr/share/wireshark/captype.html
+usr/share/wireshark/cfilters
+#usr/share/wireshark/ciscodump.html
+usr/share/wireshark/colorfilters
+usr/share/wireshark/dfilters
+#usr/share/wireshark/dftest.html
+#usr/share/wireshark/diameter
+usr/share/wireshark/diameter/AlcatelLucent.xml
+usr/share/wireshark/diameter/Cisco.xml
+usr/share/wireshark/diameter/CiscoSystems.xml
+usr/share/wireshark/diameter/Custom.xml
+usr/share/wireshark/diameter/Ericsson.xml
+usr/share/wireshark/diameter/HP.xml
+usr/share/wireshark/diameter/Huawei.xml
+usr/share/wireshark/diameter/Inovar.xml
+usr/share/wireshark/diameter/Juniper.xml
+usr/share/wireshark/diameter/Nokia.xml
+usr/share/wireshark/diameter/NokiaSolutionsAndNetworks.xml
+usr/share/wireshark/diameter/Oracle.xml
+usr/share/wireshark/diameter/Starent.xml
+usr/share/wireshark/diameter/TGPP.xml
+usr/share/wireshark/diameter/TGPP2.xml
+usr/share/wireshark/diameter/VerizonWireless.xml
+usr/share/wireshark/diameter/Vodafone.xml
+usr/share/wireshark/diameter/chargecontrol.xml
+usr/share/wireshark/diameter/dictionary.dtd
+usr/share/wireshark/diameter/dictionary.xml
+usr/share/wireshark/diameter/eap.xml
+usr/share/wireshark/diameter/etsie2e4.xml
+usr/share/wireshark/diameter/mobileipv4.xml
+usr/share/wireshark/diameter/mobileipv6.xml
+usr/share/wireshark/diameter/nasreq.xml
+usr/share/wireshark/diameter/sip.xml
+usr/share/wireshark/diameter/sunping.xml
+#usr/share/wireshark/dtds
+usr/share/wireshark/dtds/dc.dtd
+usr/share/wireshark/dtds/itunes.dtd
+usr/share/wireshark/dtds/mscml.dtd
+usr/share/wireshark/dtds/pocsettings.dtd
+usr/share/wireshark/dtds/presence.dtd
+usr/share/wireshark/dtds/reginfo.dtd
+usr/share/wireshark/dtds/rlmi.dtd
+usr/share/wireshark/dtds/rss.dtd
+usr/share/wireshark/dtds/smil.dtd
+usr/share/wireshark/dtds/watcherinfo.dtd
+usr/share/wireshark/dtds/xcap-caps.dtd
+usr/share/wireshark/dtds/xcap-error.dtd
+#usr/share/wireshark/dumpcap.html
+#usr/share/wireshark/editcap.html
+#usr/share/wireshark/enterprises.tsv
+#usr/share/wireshark/extcap.html
+#usr/share/wireshark/help
+#usr/share/wireshark/help/capture_filters.txt
+#usr/share/wireshark/help/capturing.txt
+#usr/share/wireshark/help/display_filters.txt
+#usr/share/wireshark/help/faq.py
+#usr/share/wireshark/help/getting_started.txt
+#usr/share/wireshark/help/overview.txt
+#usr/share/wireshark/help/toc
+#usr/share/wireshark/ipmap.html
+#usr/share/wireshark/manuf
+#usr/share/wireshark/mergecap.html
+#usr/share/wireshark/pdml2html.xsl
+#usr/share/wireshark/profiles
+#usr/share/wireshark/profiles/Bluetooth
+usr/share/wireshark/profiles/Bluetooth/colorfilters
+usr/share/wireshark/profiles/Bluetooth/preferences
+#usr/share/wireshark/profiles/Classic
+usr/share/wireshark/profiles/Classic/colorfilters
+#usr/share/wireshark/profiles/No
+#Reassembly
+#usr/share/wireshark/profiles/No
+#Reassembly/preferences
+#usr/share/wireshark/radius
+#usr/share/wireshark/radius/README.radius_dictionary
+usr/share/wireshark/radius/custom.includes
+#usr/share/wireshark/radius/dictionary
+usr/share/wireshark/radius/dictionary.3com
+usr/share/wireshark/radius/dictionary.3gpp
+usr/share/wireshark/radius/dictionary.3gpp2
+usr/share/wireshark/radius/dictionary.acc
+usr/share/wireshark/radius/dictionary.acme
+usr/share/wireshark/radius/dictionary.actelis
+usr/share/wireshark/radius/dictionary.aerohive
+usr/share/wireshark/radius/dictionary.airespace
+usr/share/wireshark/radius/dictionary.alcatel
+usr/share/wireshark/radius/dictionary.alcatel-lucent.aaa
+usr/share/wireshark/radius/dictionary.alcatel.esam
+usr/share/wireshark/radius/dictionary.alcatel.sr
+usr/share/wireshark/radius/dictionary.alteon
+usr/share/wireshark/radius/dictionary.altiga
+usr/share/wireshark/radius/dictionary.alvarion
+usr/share/wireshark/radius/dictionary.alvarion.wimax.v2_2
+usr/share/wireshark/radius/dictionary.apc
+usr/share/wireshark/radius/dictionary.aptis
+usr/share/wireshark/radius/dictionary.arbor
+usr/share/wireshark/radius/dictionary.aruba
+usr/share/wireshark/radius/dictionary.ascend
+usr/share/wireshark/radius/dictionary.asn
+usr/share/wireshark/radius/dictionary.audiocodes
+usr/share/wireshark/radius/dictionary.avaya
+usr/share/wireshark/radius/dictionary.azaire
+usr/share/wireshark/radius/dictionary.bay
+usr/share/wireshark/radius/dictionary.bintec
+usr/share/wireshark/radius/dictionary.bluecoat
+usr/share/wireshark/radius/dictionary.bristol
+usr/share/wireshark/radius/dictionary.broadsoft
+usr/share/wireshark/radius/dictionary.brocade
+usr/share/wireshark/radius/dictionary.bskyb
+usr/share/wireshark/radius/dictionary.bt
+usr/share/wireshark/radius/dictionary.cablelabs
+usr/share/wireshark/radius/dictionary.cabletron
+usr/share/wireshark/radius/dictionary.camiant
+usr/share/wireshark/radius/dictionary.chillispot
+usr/share/wireshark/radius/dictionary.cisco
+usr/share/wireshark/radius/dictionary.cisco.asa
+usr/share/wireshark/radius/dictionary.cisco.bbsm
+usr/share/wireshark/radius/dictionary.cisco.vpn3000
+usr/share/wireshark/radius/dictionary.cisco.vpn5000
+usr/share/wireshark/radius/dictionary.citrix
+usr/share/wireshark/radius/dictionary.clavister
+usr/share/wireshark/radius/dictionary.cnergee
+usr/share/wireshark/radius/dictionary.colubris
+usr/share/wireshark/radius/dictionary.columbia_university
+usr/share/wireshark/radius/dictionary.compat
+usr/share/wireshark/radius/dictionary.compatible
+usr/share/wireshark/radius/dictionary.cosine
+usr/share/wireshark/radius/dictionary.dante
+usr/share/wireshark/radius/dictionary.dellemc
+usr/share/wireshark/radius/dictionary.dhcp
+usr/share/wireshark/radius/dictionary.digium
+usr/share/wireshark/radius/dictionary.dlink
+usr/share/wireshark/radius/dictionary.dragonwave
+usr/share/wireshark/radius/dictionary.efficientip
+usr/share/wireshark/radius/dictionary.eltex
+usr/share/wireshark/radius/dictionary.epygi
+usr/share/wireshark/radius/dictionary.equallogic
+usr/share/wireshark/radius/dictionary.ericsson
+usr/share/wireshark/radius/dictionary.ericsson.ab
+usr/share/wireshark/radius/dictionary.ericsson.packet.core.networks
+usr/share/wireshark/radius/dictionary.extreme
+usr/share/wireshark/radius/dictionary.f5
+usr/share/wireshark/radius/dictionary.fdxtended
+usr/share/wireshark/radius/dictionary.fortinet
+usr/share/wireshark/radius/dictionary.foundry
+usr/share/wireshark/radius/dictionary.freedhcp
+usr/share/wireshark/radius/dictionary.freeradius
+usr/share/wireshark/radius/dictionary.freeradius.internal
+usr/share/wireshark/radius/dictionary.freeswitch
+usr/share/wireshark/radius/dictionary.gandalf
+usr/share/wireshark/radius/dictionary.garderos
+usr/share/wireshark/radius/dictionary.gemtek
+usr/share/wireshark/radius/dictionary.h3c
+usr/share/wireshark/radius/dictionary.hp
+usr/share/wireshark/radius/dictionary.huawei
+usr/share/wireshark/radius/dictionary.iana
+usr/share/wireshark/radius/dictionary.iea
+usr/share/wireshark/radius/dictionary.infoblox
+usr/share/wireshark/radius/dictionary.infonet
+usr/share/wireshark/radius/dictionary.ipunplugged
+usr/share/wireshark/radius/dictionary.issanni
+usr/share/wireshark/radius/dictionary.itk
+usr/share/wireshark/radius/dictionary.jradius
+usr/share/wireshark/radius/dictionary.juniper
+usr/share/wireshark/radius/dictionary.karlnet
+usr/share/wireshark/radius/dictionary.kineto
+usr/share/wireshark/radius/dictionary.lancom
+usr/share/wireshark/radius/dictionary.livingston
+usr/share/wireshark/radius/dictionary.localweb
+usr/share/wireshark/radius/dictionary.lucent
+usr/share/wireshark/radius/dictionary.manzara
+usr/share/wireshark/radius/dictionary.meinberg
+usr/share/wireshark/radius/dictionary.merit
+usr/share/wireshark/radius/dictionary.meru
+usr/share/wireshark/radius/dictionary.microsemi
+usr/share/wireshark/radius/dictionary.microsoft
+usr/share/wireshark/radius/dictionary.mikrotik
+usr/share/wireshark/radius/dictionary.motorola
+usr/share/wireshark/radius/dictionary.motorola.wimax
+usr/share/wireshark/radius/dictionary.navini
+usr/share/wireshark/radius/dictionary.netscreen
+usr/share/wireshark/radius/dictionary.networkphysics
+usr/share/wireshark/radius/dictionary.nexans
+usr/share/wireshark/radius/dictionary.nokia
+usr/share/wireshark/radius/dictionary.nokia.conflict
+usr/share/wireshark/radius/dictionary.nomadix
+usr/share/wireshark/radius/dictionary.nortel
+usr/share/wireshark/radius/dictionary.ntua
+usr/share/wireshark/radius/dictionary.openser
+usr/share/wireshark/radius/dictionary.packeteer
+usr/share/wireshark/radius/dictionary.paloalto
+usr/share/wireshark/radius/dictionary.patton
+usr/share/wireshark/radius/dictionary.perle
+usr/share/wireshark/radius/dictionary.propel
+usr/share/wireshark/radius/dictionary.prosoft
+usr/share/wireshark/radius/dictionary.proxim
+usr/share/wireshark/radius/dictionary.purewave
+usr/share/wireshark/radius/dictionary.quiconnect
+usr/share/wireshark/radius/dictionary.quintum
+usr/share/wireshark/radius/dictionary.redcreek
+usr/share/wireshark/radius/dictionary.rfc2865
+usr/share/wireshark/radius/dictionary.rfc2866
+usr/share/wireshark/radius/dictionary.rfc2867
+usr/share/wireshark/radius/dictionary.rfc2868
+usr/share/wireshark/radius/dictionary.rfc2869
+usr/share/wireshark/radius/dictionary.rfc3162
+usr/share/wireshark/radius/dictionary.rfc3576
+usr/share/wireshark/radius/dictionary.rfc3580
+usr/share/wireshark/radius/dictionary.rfc4072
+usr/share/wireshark/radius/dictionary.rfc4372
+usr/share/wireshark/radius/dictionary.rfc4603
+usr/share/wireshark/radius/dictionary.rfc4675
+usr/share/wireshark/radius/dictionary.rfc4679
+usr/share/wireshark/radius/dictionary.rfc4818
+usr/share/wireshark/radius/dictionary.rfc4849
+usr/share/wireshark/radius/dictionary.rfc5090
+usr/share/wireshark/radius/dictionary.rfc5176
+usr/share/wireshark/radius/dictionary.rfc5447
+usr/share/wireshark/radius/dictionary.rfc5580
+usr/share/wireshark/radius/dictionary.rfc5607
+usr/share/wireshark/radius/dictionary.rfc5904
+usr/share/wireshark/radius/dictionary.rfc6519
+usr/share/wireshark/radius/dictionary.rfc6572
+usr/share/wireshark/radius/dictionary.rfc6677
+usr/share/wireshark/radius/dictionary.rfc6911
+usr/share/wireshark/radius/dictionary.rfc6929
+usr/share/wireshark/radius/dictionary.rfc6930
+usr/share/wireshark/radius/dictionary.rfc7055
+usr/share/wireshark/radius/dictionary.rfc7155
+usr/share/wireshark/radius/dictionary.rfc7268
+usr/share/wireshark/radius/dictionary.rfc7499
+usr/share/wireshark/radius/dictionary.rfc7930
+usr/share/wireshark/radius/dictionary.riverbed
+usr/share/wireshark/radius/dictionary.riverstone
+usr/share/wireshark/radius/dictionary.roaringpenguin
+usr/share/wireshark/radius/dictionary.ruckus
+usr/share/wireshark/radius/dictionary.ruggedcom
+usr/share/wireshark/radius/dictionary.sangoma
+usr/share/wireshark/radius/dictionary.sg
+usr/share/wireshark/radius/dictionary.shasta
+usr/share/wireshark/radius/dictionary.shiva
+usr/share/wireshark/radius/dictionary.siemens
+usr/share/wireshark/radius/dictionary.slipstream
+usr/share/wireshark/radius/dictionary.sofaware
+usr/share/wireshark/radius/dictionary.sonicwall
+usr/share/wireshark/radius/dictionary.springtide
+usr/share/wireshark/radius/dictionary.starent
+usr/share/wireshark/radius/dictionary.starent.vsa1
+usr/share/wireshark/radius/dictionary.surfnet
+usr/share/wireshark/radius/dictionary.symbol
+usr/share/wireshark/radius/dictionary.t_systems_nova
+usr/share/wireshark/radius/dictionary.telebit
+usr/share/wireshark/radius/dictionary.telkom
+usr/share/wireshark/radius/dictionary.terena
+usr/share/wireshark/radius/dictionary.trapeze
+usr/share/wireshark/radius/dictionary.travelping
+usr/share/wireshark/radius/dictionary.tropos
+usr/share/wireshark/radius/dictionary.ukerna
+usr/share/wireshark/radius/dictionary.unisphere
+usr/share/wireshark/radius/dictionary.unix
+usr/share/wireshark/radius/dictionary.usr
+usr/share/wireshark/radius/dictionary.utstarcom
+usr/share/wireshark/radius/dictionary.valemount
+usr/share/wireshark/radius/dictionary.verizon
+usr/share/wireshark/radius/dictionary.versanet
+usr/share/wireshark/radius/dictionary.vqp
+usr/share/wireshark/radius/dictionary.walabi
+usr/share/wireshark/radius/dictionary.waverider
+usr/share/wireshark/radius/dictionary.wichorus
+usr/share/wireshark/radius/dictionary.wimax
+usr/share/wireshark/radius/dictionary.wimax.alvarion
+usr/share/wireshark/radius/dictionary.wimax.wichorus
+usr/share/wireshark/radius/dictionary.wispr
+usr/share/wireshark/radius/dictionary.xedia
+usr/share/wireshark/radius/dictionary.xylan
+usr/share/wireshark/radius/dictionary.yubico
+usr/share/wireshark/radius/dictionary.zeus
+usr/share/wireshark/radius/dictionary.zte
+usr/share/wireshark/radius/dictionary.zyxel
+#usr/share/wireshark/randpkt.html
+#usr/share/wireshark/randpktdump.html
+#usr/share/wireshark/rawshark.html
+#usr/share/wireshark/reordercap.html
+usr/share/wireshark/services
+usr/share/wireshark/smi_modules
+#usr/share/wireshark/sshdump.html
+#usr/share/wireshark/text2pcap.html
+#usr/share/wireshark/tpncp
+usr/share/wireshark/tpncp/tpncp.dat
+#usr/share/wireshark/tshark.html
+#usr/share/wireshark/udpdump.html
+#usr/share/wireshark/wimaxasncp
+usr/share/wireshark/wimaxasncp/dictionary.dtd
+usr/share/wireshark/wimaxasncp/dictionary.xml
+usr/share/wireshark/wireshark-filter.html
+usr/share/wireshark/wireshark.html
+usr/share/wireshark/wka
+usr/share/wireshark/ws.css
DataDirectory /var/lib/tor
-User nobody
+User tor
Log notice syslog
# Include any forward zones
include: "/etc/unbound/forward.conf"
+ # Include safe search settings
+ include: "/etc/unbound/safe-search.conf"
+
remote-control:
control-enable: yes
control-use-cert: no
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: untranslated string: addons = Addons
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian = Guardian
WARNING: untranslated string: guardian logtarget_syslog = unknown string
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
-WARNING: untranslated string: ids hide = Hide
-WARNING: untranslated string: ids rules update = Ruleset
-WARNING: untranslated string: ids show = Show
-WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
-WARNING: untranslated string: info messages = unknown string
-WARNING: untranslated string: interface mode = Interface
-WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: Add Rule = Add rule
WARNING: untranslated string: Add a route = Add a route
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: current hosts = Current hosts
WARNING: untranslated string: current playlist = Current Playlist
WARNING: untranslated string: current rules = Current rules:
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: date = Date
WARNING: untranslated string: date not in logs = No (or only partial) logs exist for the day queried
WARNING: untranslated string: day = Day
WARNING: untranslated string: empty = This field may be left blank
WARNING: untranslated string: empty profile = empty
WARNING: untranslated string: enable ignore filter = Enable ignore filter
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: enabled = Enabled:
WARNING: untranslated string: enabled on = Enabled on
WARNING: untranslated string: encapsulation = Encapsulation
WARNING: untranslated string: extrahd to = to
WARNING: untranslated string: extrahd to root = to root
WARNING: untranslated string: extrahd you cant mount = You can't mount
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: false classnumber = The Class-Number does not match the interface.
WARNING: untranslated string: false max bandwith = Maximum bandwith is false.
WARNING: untranslated string: false min bandwith = Minimum bandwith is false.
WARNING: untranslated string: fixed ip lease modified = Fixed IP lease modified
WARNING: untranslated string: fixed ip lease removed = Fixed IP lease removed
WARNING: untranslated string: flag = Flag
+WARNING: untranslated string: force enable = Forced
WARNING: untranslated string: force user = force all new file to user
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: free = Free
WARNING: untranslated string: free memory = Free Memory
WARNING: untranslated string: harddisk temperature = Harddisk Temperature
WARNING: untranslated string: hardware graphs = Hardware Graphs
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: hdd temperature in = Harddisk temperature in
WARNING: untranslated string: help = Help
WARNING: untranslated string: high = High
WARNING: untranslated string: media = Media
WARNING: untranslated string: media information = Media information
WARNING: untranslated string: medium = Medium
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: memory = Memory
WARNING: untranslated string: memory information = Memory information
WARNING: untranslated string: memory usage per = Memory Usage per
WARNING: untranslated string: minute = Minute
WARNING: untranslated string: minutes = Minutes
WARNING: untranslated string: misc-options = Miscellaneous options
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: mode = Mode
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem = Modem
WARNING: untranslated string: none found = none found
WARNING: untranslated string: not a valid ca certificate = Not a valid CA certificate.
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: not enough disk space = Not enough disk space
WARNING: untranslated string: not present = <b>Not</b> present
WARNING: untranslated string: not running = not running
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn generating the root and host certificates = Generating the root and host certificate can take a long time.
WARNING: untranslated string: ovpn ha = Hash algorithm
-WARNING: untranslated string: ovpn hmac = HMAC options
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn on blue = OpenVPN on BLUE:
WARNING: untranslated string: ovpn subnet = OpenVPN subnet:
WARNING: untranslated string: ovpn subnet is invalid = OpenVPN subnet is invalid.
WARNING: untranslated string: ovpn subnet overlap = OpenVPN Subnet overlaps with :
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: p2p block = P2P networks
WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes.
WARNING: untranslated string: pfs yes no = Perfect Forward Secrecy (PFS)
WARNING: untranslated string: pkcs12 file password = PKCS12 File Password
WARNING: untranslated string: play = Play
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: policy = Policy
WARNING: untranslated string: port = Port
WARNING: untranslated string: portscans = portscancs
WARNING: untranslated string: printing options = printing options
WARNING: untranslated string: priority = Priority
WARNING: untranslated string: processes = Processes
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: profile = Profile
WARNING: untranslated string: profile deleted = Profile deleted:
WARNING: untranslated string: profile has errors = Profile has errors
WARNING: untranslated string: smbrestart = Restart samba
WARNING: untranslated string: smbstart = Start samba
WARNING: untranslated string: smbstop = Stop samba
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
WARNING: untranslated string: snat new source ip address = New source IP address
WARNING: untranslated string: socket options = Socket options
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: source port numbers = Source port must be a valid port number or port range.
WARNING: untranslated string: speaker off = Speaker off:
WARNING: untranslated string: speaker on = Speaker on:
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: src port = Src Port
WARNING: untranslated string: ssh = SSH
WARNING: untranslated string: ssh access = SSH Access
WARNING: untranslated string: urlfilter restore settings = Restore URL filter settings
WARNING: untranslated string: urlfilter restore success = URL filter configuration has been restored. The URL filter must be restarted to activate the new settings.
WARNING: untranslated string: urlfilter restore text = To restore a previously saved configuration upload the .tar.gz backup file below
-WARNING: untranslated string: urlfilter safesearch = Enable SafeSearch
WARNING: untranslated string: urlfilter sat = S
WARNING: untranslated string: urlfilter saturday = Sat
WARNING: untranslated string: urlfilter save and restart = Save and Restart
WARNING: untranslated string: vpn subjectaltname = Subject Alt Name
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: waiting to synchronize clock = Waiting to synchronize clock
WARNING: untranslated string: warning messages = Warning messages
WARNING: untranslated string: was deleted = was deleted
WARNING: untranslated string: you can only define one roadwarrior connection when using pre-shared key authentication = You can only define one Roadwarrior connection when using pre-shared key authentication.<br />Either you already have a Roadwarrior connection with pre-shared key authentication, or you're trying to add one now.
WARNING: untranslated string: your department = Your department
WARNING: untranslated string: your e-mail = Your e-mail address
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: countrycode = Code
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: fireinfo ipfire version = IPFire version
WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled
WARNING: untranslated string: first = First
WARNING: untranslated string: five minutes = 5 Minutes
WARNING: untranslated string: flag = Flag
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: fw default drop = Firewall policy
WARNING: untranslated string: fw settings = Firewall settings
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
WARNING: untranslated string: maximum = Maximum
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: messages = Messages
WARNING: untranslated string: minimum = Minimum
WARNING: untranslated string: minute = Minute
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem hardware details = Modem Hardware
WARNING: untranslated string: modem information = Modem Information
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn generating the root and host certificates = Generating the root and host certificate can take a long time.
WARNING: untranslated string: ovpn ha = Hash algorithm
-WARNING: untranslated string: ovpn hmac = HMAC options
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn port in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn routes push = Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24
WARNING: untranslated string: ovpn routes push options = Route push options
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: p2p block = P2P networks
WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes.
WARNING: untranslated string: pakfire ago = ago.
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: pptp netconfig = My Net Config
WARNING: untranslated string: pptp peer = Peer
WARNING: untranslated string: pptp route = PPTP Route
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: proxy reports = Proxy Reports
WARNING: untranslated string: proxy reports daily = Daily reports
WARNING: untranslated string: proxy reports monthly = Monthly reports
WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running.
WARNING: untranslated string: show dh = Show Diffie-Hellman parameters
WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
WARNING: untranslated string: snat new source ip address = New source IP address
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: source ip country = Source IP Country
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh = SSH
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wireless network = WiFi Network
WARNING: untranslated string: wlan client = Wireless client
WARNING: untranslated string: wlan client advanced settings = Advanced settings
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: could not open update information file
WARNING: translation string unused: create
WARNING: translation string unused: create new backup
+WARNING: translation string unused: cryptographic settings
WARNING: translation string unused: current dynamic leases
WARNING: translation string unused: current media
WARNING: translation string unused: current ovpn
WARNING: translation string unused: ovpn device
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn engines
+WARNING: translation string unused: ovpn hmac
WARNING: translation string unused: ovpn log
WARNING: translation string unused: ovpn mtu-disc
WARNING: translation string unused: ovpn mtu-disc and mtu not 1500
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Captive clients = unknown string
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Daily = Daily
WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: bytes = unknown string
-WARNING: untranslated string: default IP address = Default IP Address
-WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
-WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: generate ptr = Generate PTR
WARNING: untranslated string: guardian logtarget_syslog = unknown string
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
-WARNING: untranslated string: interface mode = Interface
-WARNING: untranslated string: invalid input for interface address = Invalid input for interface address
-WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode
-WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU
-WARNING: untranslated string: invalid input for local ip address = Invalid input for local IP address
-WARNING: untranslated string: invalid input for mode = Invalid input for mode
-WARNING: untranslated string: ipsec connection = IPsec Connection
-WARNING: untranslated string: ipsec interface mode gre = GRE
-WARNING: untranslated string: ipsec interface mode none = - None (Default) -
-WARNING: untranslated string: ipsec interface mode vti = VTI
-WARNING: untranslated string: ipsec mode transport = Transport
-WARNING: untranslated string: ipsec mode tunnel = Tunnel
-WARNING: untranslated string: ipsec settings = IPsec Settings
-WARNING: untranslated string: local ip address = Local IP Address
-WARNING: untranslated string: mtu = MTU
+WARNING: untranslated string: meltdown = Meltdown
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: no data = unknown string
+WARNING: untranslated string: not affected = Not Affected
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: pakfire ago = ago.
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
-WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: system is offline = The system is offline.
-WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: vpn statistics n2n = unknown string
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wlanap auto = Automatic Channel Selection
WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
WARNING: untranslated string: wlanap client isolation = Client Isolation
WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: ovpn device
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn engines
+WARNING: translation string unused: ovpn hmac
WARNING: translation string unused: ovpn log
WARNING: translation string unused: ovpn mtu-disc
WARNING: translation string unused: ovpn mtu-disc and mtu not 1500
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP)
WARNING: untranslated string: firewall log ip = Firewall log (IP)
WARNING: untranslated string: firewall log port = Firewall log (Port)
WARNING: untranslated string: five minutes = 5 Minutes
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections
WARNING: untranslated string: guardian logtarget_syslog = unknown string
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: masquerading = Masquerading
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: messages = Messages
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: one week = One Week
WARNING: untranslated string: ovpn add conf = Additional configuration
WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: pptp netconfig = My Net Config
WARNING: untranslated string: pptp peer = Peer
WARNING: untranslated string: pptp route = PPTP Route
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: required field = Required field
WARNING: untranslated string: samba join a domain = Join a domain
WARNING: untranslated string: samba join domain = Join domain
WARNING: untranslated string: search = Search
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wireless network = WiFi Network
WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity
WARNING: untranslated string: wlan client auth auto = Auto
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: check all = Check all
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dh = Diffie-Hellman parameters
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP)
WARNING: untranslated string: firewall log port = Firewall log (Port)
WARNING: untranslated string: firewall logs country = Fw-Loggraphs (Country)
WARNING: untranslated string: five minutes = 5 Minutes
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections
WARNING: untranslated string: guardian logtarget_syslog = unknown string
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: masquerading = Masquerading
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: messages = Messages
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem hardware details = Modem Hardware
WARNING: untranslated string: modem information = Modem Information
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: one week = One Week
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn generating the root and host certificates = Generating the root and host certificate can take a long time.
WARNING: untranslated string: ovpn ha = Hash algorithm
-WARNING: untranslated string: ovpn hmac = HMAC options
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: pptp netconfig = My Net Config
WARNING: untranslated string: pptp peer = Peer
WARNING: untranslated string: pptp route = PPTP Route
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: search = Search
WARNING: untranslated string: show dh = Show Diffie-Hellman parameters
WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: source ip country = Source IP Country
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wireless network = WiFi Network
WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity
WARNING: untranslated string: wlan client auth auto = Auto
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: 24 hours = 24 Hours
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: countrycode = Code
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: fireinfo ipfire version = IPFire version
WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled
WARNING: untranslated string: first = First
WARNING: untranslated string: five minutes = 5 Minutes
WARNING: untranslated string: flag = Flag
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: fw default drop = Firewall policy
WARNING: untranslated string: fw settings = Firewall settings
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
WARNING: untranslated string: maximum = Maximum
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: messages = Messages
WARNING: untranslated string: minimum = Minimum
WARNING: untranslated string: minute = Minute
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem hardware details = Modem Hardware
WARNING: untranslated string: modem information = Modem Information
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn generating the root and host certificates = Generating the root and host certificate can take a long time.
WARNING: untranslated string: ovpn ha = Hash algorithm
-WARNING: untranslated string: ovpn hmac = HMAC options
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn port in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn routes push = Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24
WARNING: untranslated string: ovpn routes push options = Route push options
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: p2p block = P2P networks
WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes.
WARNING: untranslated string: pakfire ago = ago.
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: pptp netconfig = My Net Config
WARNING: untranslated string: pptp peer = Peer
WARNING: untranslated string: pptp route = PPTP Route
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: proxy reports = Proxy Reports
WARNING: untranslated string: proxy reports daily = Daily reports
WARNING: untranslated string: proxy reports monthly = Monthly reports
WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running.
WARNING: untranslated string: show dh = Show Diffie-Hellman parameters
WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
WARNING: untranslated string: snat new source ip address = New source IP address
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: source ip country = Source IP Country
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh = SSH
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wireless network = WiFi Network
WARNING: untranslated string: wlan client = Wireless client
WARNING: untranslated string: wlan client advanced settings = Advanced settings
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: untranslated string: 24 hours = 24 Hours
WARNING: untranslated string: Add a route = Add a route
WARNING: untranslated string: Captive = Captive Portal
-WARNING: untranslated string: Captive ACTIVATE = ACTIVATE
+WARNING: untranslated string: Captive ACTIVATE = unknown string
WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS
WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon
WARNING: untranslated string: Captive activated = Activated
WARNING: untranslated string: Captive clients = unknown string
WARNING: untranslated string: Captive config = Settings
WARNING: untranslated string: Captive coupon = Coupon
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Captive expiry time = Expiry Time
WARNING: untranslated string: Captive export coupons = Export Coupons
WARNING: untranslated string: Captive generate coupons = Generate Coupons
WARNING: untranslated string: countrycode = Code
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default = Default
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: email usemail = Activate Mail Service
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: entropy graphs = Entropy Graphs
WARNING: untranslated string: extrahd to = to
WARNING: untranslated string: extrahd to root = to root
WARNING: untranslated string: extrahd you cant mount = You can't mount
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP)
WARNING: untranslated string: first = First
WARNING: untranslated string: five minutes = 5 Minutes
WARNING: untranslated string: flag = Flag
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: four hours = 4 Hours
WARNING: untranslated string: fw default drop = Firewall policy
WARNING: untranslated string: fw settings = Firewall settings
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: masquerading disabled = Masquerading disabled
WARNING: untranslated string: masquerading enabled = Masquerading enabled
WARNING: untranslated string: maximum = Maximum
+WARNING: untranslated string: meltdown = Meltdown
WARNING: untranslated string: messages = Messages
WARNING: untranslated string: minimum = Minimum
WARNING: untranslated string: minute = Minute
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: model = Model
WARNING: untranslated string: modem hardware details = Modem Hardware
WARNING: untranslated string: modem information = Modem Information
WARNING: untranslated string: no data = unknown string
WARNING: untranslated string: none = none
WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: notice = Notice
WARNING: untranslated string: one hour = One Hour
WARNING: untranslated string: one month = One Month
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: ovpn generating the root and host certificates = Generating the root and host certificate can take a long time.
WARNING: untranslated string: ovpn ha = Hash algorithm
-WARNING: untranslated string: ovpn hmac = HMAC options
WARNING: untranslated string: ovpn mgmt in root range = A port number of 1024 or higher is required.
WARNING: untranslated string: ovpn no connections = No active OpenVPN connections
WARNING: untranslated string: ovpn port in root range = A port number of 1024 or higher is required.
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
WARNING: untranslated string: p2p block = P2P networks
WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes.
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
WARNING: untranslated string: pptp netconfig = My Net Config
WARNING: untranslated string: pptp peer = Peer
WARNING: untranslated string: pptp route = PPTP Route
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: proxy reports = Proxy Reports
WARNING: untranslated string: proxy reports daily = Daily reports
WARNING: untranslated string: proxy reports monthly = Monthly reports
WARNING: untranslated string: server restart = You are not able to save any changes while the OpenVPN server is running.
WARNING: untranslated string: show dh = Show Diffie-Hellman parameters
WARNING: untranslated string: show tls-auth key = Show tls-auth key
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
WARNING: untranslated string: snat new source ip address = New source IP address
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: source ip country = Source IP Country
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh = SSH
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
WARNING: untranslated string: vpn weak = Weak
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wireless network = WiFi Network
WARNING: untranslated string: wlan client = Wireless client
WARNING: untranslated string: wlan client advanced settings = Advanced settings
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
WARNING: translation string unused: ovpn device
WARNING: translation string unused: ovpn dl
WARNING: translation string unused: ovpn engines
+WARNING: translation string unused: ovpn hmac
WARNING: translation string unused: ovpn log
WARNING: translation string unused: ovpn mtu-disc
WARNING: translation string unused: ovpn mtu-disc and mtu not 1500
WARNING: translation string unused: urlfilter background image
WARNING: translation string unused: urlfilter background text
WARNING: translation string unused: urlfilter enable jpeg
+WARNING: translation string unused: urlfilter safesearch
WARNING: translation string unused: urlfilter update information
WARNING: translation string unused: urlfilter update notification
WARNING: translation string unused: urlfilter update results
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Captive clients = unknown string
+WARNING: untranslated string: Captive delete logo = Delete Logo
WARNING: untranslated string: Daily = Daily
WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
+WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT)
+WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL
+WARNING: untranslated string: force enable = Forced
+WARNING: untranslated string: foreshadow = Foreshadow
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian logtarget_syslog = unknown string
WARNING: untranslated string: guardian no entries = unknown string
WARNING: untranslated string: guardian service = unknown string
+WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities
WARNING: untranslated string: ids apply = Apply
WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
WARNING: untranslated string: ipsec mode tunnel = Tunnel
WARNING: untranslated string: ipsec settings = IPsec Settings
WARNING: untranslated string: local ip address = Local IP Address
+WARNING: untranslated string: meltdown = Meltdown
+WARNING: untranslated string: mitigated = Mitigated
WARNING: untranslated string: mtu = MTU
WARNING: untranslated string: no data = unknown string
+WARNING: untranslated string: not affected = Not Affected
WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
+WARNING: untranslated string: ovpn tls auth = TLS Channel Protection:
WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
+WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
WARNING: untranslated string: ptr = PTR
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing config added = unknown string
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
+WARNING: untranslated string: smt disabled = Simultaneous Multi-Threading (SMT) is disabled
+WARNING: untranslated string: smt enabled = Simultaneous Multi-Threading (SMT) is enabled
+WARNING: untranslated string: smt not supported = Simultaneous Multi-Threading (SMT) is not supported
+WARNING: untranslated string: spectre variant 1 = Spectre Variant 1
+WARNING: untranslated string: spectre variant 2 = Spectre Variant 2
+WARNING: untranslated string: spectre variant 4 = Spectre Variant 4
WARNING: untranslated string: ssh active sessions = Active logins
WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding
WARNING: untranslated string: ssh login time = Logged in since
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
+WARNING: untranslated string: vulnerability = Vulnerability
+WARNING: untranslated string: vulnerable = Vulnerable
WARNING: untranslated string: wlanap auto = Automatic Channel Selection
WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
WARNING: untranslated string: wlanap client isolation = Client Isolation
WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
WARNING: untranslated string: wlanap ssid = SSID
+WARNING: untranslated string: zoneconf notice reboot = Please reboot to apply your changes.
WARNING: untranslated string: zoneconf title = Zone Configuration
< community rules
< could not connect to www ipfire org
< cryptographic settings
+< dangerous
< dead peer detection
< default IP address
< dhcp server disabled on blue interface
< done
< emerging pro rules
< emerging rules
+< enable smt
+< fallout zombieload ridl
+< force enable
+< foreshadow
< g.dtm
< g.lite
< guardian
-< ids hide
-< ids rules update
-< ids show
< insert removable device
-< interface mode
< notes
< quick control
< shaping add options
< Captive 1month
< Captive 1week
< Captive activate
-< Captive ACTIVATE
< Captive activated
< Captive active on
< Captive agree tac
< Captive client session expiry time
< Captive config
< Captive coupon
+< Captive delete logo
< Captive err doublevoucher
< Captive expire
< Captive expiry time
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< dead peer detection
< default
< default ip
< email usemail
< emerging pro rules
< emerging rules
+< enable smt
< encryption
< entropy
< entropy graphs
< error
+< fallout zombieload ridl
< fifteen minutes
< fireinfo ipfire version
< fireinfo is disabled
< first
< five minutes
< flag
+< force enable
+< foreshadow
< forward firewall
< four hours
< fw default drop
< grouptype
< guardian
< hardware support
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< maximum
< MB read
< MB written
+< meltdown
< messages
< minimum
< minute
+< mitigated
< model
< modem hardware details
< modem information
< never
< no hardware random number generator
< none
+< not affected
< not a valid dh key
< notice
< Number of Countries for the pie chart
< ovpn error md5
< ovpn generating the root and host certificates
< ovpn ha
-< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
+< ovpn tls auth
< ovpn warning rfc3280
< p2p block
< p2p block save notice
+< please reboot to apply your changes
< pptp netconfig
< pptp peer
< pptp route
+< processor vulnerability mitigations
< proxy reports
< proxy reports daily
< proxy reports monthly
< Set time on boot
< show dh
< show tls-auth key
+< smt disabled
+< smt enabled
+< smt not supported
< snat new source ip address
< software version
< source ip country
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh
< ssh active sessions
< ssh agent forwarding
< vpn statistic rw
< vpn wait
< vpn weak
+< vulnerability
+< vulnerable
< Weekly
< wireless network
< wlanap
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< advproxy wpad notice
< advproxy wpad title
< advproxy wpad view pac
-< cryptographic settings
+< Captive delete logo
< Daily
-< default IP address
+< dangerous
< Disabled
-< dns forward disable dnssec
< dnsforward dnssec disabled
-< dns forwarding dnssec disabled notice
< emerging pro rules
+< enable smt
< error
+< fallout zombieload ridl
+< force enable
+< foreshadow
< generate ptr
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< ids ruleset settings
< ids show
< ids working
-< interface mode
< intrusion prevention system
-< invalid input for interface address
-< invalid input for interface mode
-< invalid input for interface mtu
-< invalid input for local ip address
-< invalid input for mode
-< ipsec connection
-< ipsec interface mode gre
-< ipsec interface mode none
-< ipsec interface mode vti
-< ipsec mode transport
-< ipsec mode tunnel
-< ipsec settings
-< local ip address
-< mtu
+< meltdown
+< mitigated
+< not affected
+< ovpn tls auth
+< please reboot to apply your changes
+< processor vulnerability mitigations
< ptr
< runmode
+< smt disabled
+< smt enabled
+< smt not supported
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh agent forwarding
-< subnet mask
< system is offline
-< transport mode does not support vti
< update ruleset
+< vulnerability
+< vulnerable
< Weekly
< wlanap auto
< wlanap broadcast ssid
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< Captive 1month
< Captive 1week
< Captive activate
-< Captive ACTIVATE
< Captive activated
< Captive active on
< Captive agree tac
< Captive client session expiry time
< Captive config
< Captive coupon
+< Captive delete logo
< Captive err doublevoucher
< Captive expire
< Captive expiry time
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< default IP address
< dhcp dns enable update
< dhcp dns key name
< email tls
< email usemail
< emerging pro rules
+< enable smt
< error
+< fallout zombieload ridl
< fifteen minutes
< firewall graph country
< firewall graph ip
< firewall log ip
< firewall log port
< five minutes
+< force enable
+< foreshadow
< four hours
< fwdfw all subnets
< fwdfw err concon
< geoipblock flag
< guaranteed bandwith
< guardian
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< masquerading
< masquerading disabled
< masquerading enabled
+< meltdown
< messages
+< mitigated
< mtu
< MTU settings
< none
+< not affected
< Number of Countries for the pie chart
< one hour
< one month
< ovpn add conf
< ovpn error dh
< ovpn error md5
+< ovpn tls auth
< ovpn warning rfc3280
+< please reboot to apply your changes
< pptp netconfig
< pptp peer
< pptp route
+< processor vulnerability mitigations
< ptr
< rdns
< required field
< samba join a domain
< samba join domain
< search
+< smt disabled
+< smt enabled
+< smt not supported
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh active sessions
< ssh agent forwarding
< ssh login time
< vpn statistic rw
< vpn wait
< vpn weak
+< vulnerability
+< vulnerable
< Weekly
< wireless network
< wlanap
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< Captive 1month
< Captive 1week
< Captive activate
-< Captive ACTIVATE
< Captive activated
< Captive active on
< Captive agree tac
< Captive client session expiry time
< Captive config
< Captive coupon
+< Captive delete logo
< Captive err doublevoucher
< Captive expire
< Captive expiry time
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< default
< default IP address
< dh
< email tls
< email usemail
< emerging pro rules
+< enable smt
< error
+< fallout zombieload ridl
< fifteen minutes
< firewall graph country
< firewall graph ip
< firewall log port
< firewall logs country
< five minutes
+< force enable
+< foreshadow
< four hours
< fwdfw all subnets
< fwdfw err concon
< geoipblock enable feature
< geoipblock flag
< guardian
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< masquerading
< masquerading disabled
< masquerading enabled
+< meltdown
< messages
+< mitigated
< model
< modem hardware details
< modem information
< nameserver
< never
< none
+< not affected
< not a valid dh key
< Number of Countries for the pie chart
< one hour
< ovpn error md5
< ovpn generating the root and host certificates
< ovpn ha
-< ovpn hmac
< ovpn reneg sec
+< ovpn tls auth
< ovpn warning rfc3280
+< please reboot to apply your changes
< pptp netconfig
< pptp peer
< pptp route
+< processor vulnerability mitigations
< ptr
< random number generator daemon
< rdns
< search
< show dh
< show tls-auth key
+< smt disabled
+< smt enabled
+< smt not supported
< software version
< source ip country
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh active sessions
< ssh agent forwarding
< ssh login time
< vpn statistic rw
< vpn wait
< vpn weak
+< vulnerability
+< vulnerable
< Weekly
< wireless network
< wlanap
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< Captive 1month
< Captive 1week
< Captive activate
-< Captive ACTIVATE
< Captive activated
< Captive active on
< Captive agree tac
< Captive client session expiry time
< Captive config
< Captive coupon
+< Captive delete logo
< Captive err doublevoucher
< Captive expire
< Captive expiry time
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< dead peer detection
< default
< default ip
< email usemail
< emerging pro rules
< emerging rules
+< enable smt
< encryption
< entropy
< entropy graphs
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< fallout zombieload ridl
< fifteen minutes
< firewall graph country
< firewall graph ip
< first
< five minutes
< flag
+< force enable
+< foreshadow
< forward firewall
< four hours
< fw default drop
< grouptype
< guardian
< hardware support
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< maximum
< MB read
< MB written
+< meltdown
< messages
< minimum
< minute
+< mitigated
< model
< modem hardware details
< modem information
< never
< no hardware random number generator
< none
+< not affected
< not a valid dh key
< notice
< Number of Countries for the pie chart
< ovpn error md5
< ovpn generating the root and host certificates
< ovpn ha
-< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
< ovpn reneg sec
< ovpn routes push
< ovpn routes push options
+< ovpn tls auth
< ovpn warning rfc3280
< p2p block
< p2p block save notice
+< please reboot to apply your changes
< pptp netconfig
< pptp peer
< pptp route
+< processor vulnerability mitigations
< proxy reports
< proxy reports daily
< proxy reports monthly
< server restart
< show dh
< show tls-auth key
+< smt disabled
+< smt enabled
+< smt not supported
< snat new source ip address
< software version
< source ip country
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh
< ssh active sessions
< ssh agent forwarding
< vpn statistic rw
< vpn wait
< vpn weak
+< vulnerability
+< vulnerable
< Weekly
< wireless network
< wlanap
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< Captive 1month
< Captive 1week
< Captive activate
-< Captive ACTIVATE
< Captive activated
< Captive active on
< Captive agree tac
< Captive client session expiry time
< Captive config
< Captive coupon
+< Captive delete logo
< Captive err doublevoucher
< Captive expire
< Captive expiry time
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< day-graph
< dead peer detection
< default
< email usemail
< emerging pro rules
< emerging rules
+< enable smt
< encryption
< entropy
< entropy graphs
< extrahd unable to read
< extrahd unable to write
< extrahd you cant mount
+< fallout zombieload ridl
< fifteen minutes
< firewall graph country
< firewall graph ip
< first
< five minutes
< flag
+< force enable
+< foreshadow
< forward firewall
< four hours
< frequency
< grouptype
< guardian
< hardware support
+< hardware vulnerabilities
< hour-graph
< ids apply
< ids apply ruleset changes
< maximum
< MB read
< MB written
+< meltdown
< messages
< minimum
< minute
+< mitigated
< model
< modem hardware details
< modem information
< never
< no hardware random number generator
< none
+< not affected
< not a valid dh key
< notice
< Number of Countries for the pie chart
< ovpn error md5
< ovpn generating the root and host certificates
< ovpn ha
-< ovpn hmac
< ovpn mgmt in root range
< ovpn mtu-disc
< ovpn mtu-disc and mtu not 1500
< ovpn no connections
< ovpn port in root range
< ovpn reneg sec
+< ovpn tls auth
< ovpn warning rfc3280
< p2p block
< p2p block save notice
+< please reboot to apply your changes
< pptp netconfig
< pptp peer
< pptp route
+< processor vulnerability mitigations
< proxy reports
< proxy reports daily
< proxy reports monthly
< server restart
< show dh
< show tls-auth key
+< smt disabled
+< smt enabled
+< smt not supported
< snat new source ip address
< software version
< source ip country
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh
< ssh active sessions
< ssh agent forwarding
< vpn statistic rw
< vpn wait
< vpn weak
+< vulnerability
+< vulnerable
< week-graph
< Weekly
< wireless network
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
< advproxy wpad notice
< advproxy wpad title
< advproxy wpad view pac
+< Captive delete logo
< crypto error
< cryptographic settings
< crypto warning
< Daily
+< dangerous
< default IP address
< Disabled
< dns forward disable dnssec
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< emerging pro rules
+< enable smt
< error
+< fallout zombieload ridl
+< force enable
+< foreshadow
< fwdfw all subnets
< generate ptr
+< hardware vulnerabilities
< ids apply
< ids apply ruleset changes
< ids automatic rules update
< ipsec mode tunnel
< ipsec settings
< local ip address
+< meltdown
+< mitigated
< mtu
+< not affected
< ovpn error dh
< ovpn error md5
+< ovpn tls auth
< ovpn warning rfc3280
+< please reboot to apply your changes
+< processor vulnerability mitigations
< ptr
< runmode
+< smt disabled
+< smt enabled
+< smt not supported
+< spectre variant 1
+< spectre variant 2
+< spectre variant 4
< ssh active sessions
< ssh agent forwarding
< ssh login time
< update ruleset
< vpn start action add
< vpn wait
+< vulnerability
+< vulnerable
< Weekly
< wlanap auto
< wlanap broadcast ssid
< zoneconf nicmode bridge
< zoneconf nicmode default
< zoneconf nicmode macvtap
+< zoneconf notice reboot
< zoneconf title
< zoneconf val native assignment error
< zoneconf val ppp assignment error
}
}
+if ($cgiparams{'ACTION'} eq "$Lang::tr{'Captive delete logo'}") {
+ unlink $logo;
+}
+
if ($cgiparams{'ACTION'} eq "$Lang::tr{'Captive generate coupons'}") {
#check valid remark
if ($cgiparams{'REMARK'} ne '' && !&validremark($cgiparams{'REMARK'})){
print <<END;
<tr>
<td>$Lang::tr{'Captive logo uploaded'}</td>
- <td>$Lang::tr{'yes'}</td>
+ <td>
+ $Lang::tr{'yes'}
+ <input type='submit' name='ACTION' value="$Lang::tr{'Captive delete logo'}"/>
+ </td>
</tr>
END
}
Marcus Scholz,
Ersan Yildirim,
Joern-Ingo Weigert,
+Alexander Koch,
Wolfgang Apolinarski,
Alfred Haas,
Lars Schuhmacher,
Rene Zingel,
Sascha Kilian,
Ronald Wiesinger,
-Alexander Koch,
Stephan Feddersen,
Stéphane Pautrel,
Justin Luth,
Michael Eitelwein,
Bernhard Bitsch,
Dominik Hassler,
+Florian Bührle,
Larsen,
Gabriel Rolland,
Anton D. Seliverstov,
Kim Wölfel,
Logan Schmidt,
Nico Prenzel,
+Oliver Fuhrer,
Osmar Gonzalez,
Paul T. Simmons,
Rob Brewer,
'openvpn' => '(openvpnserver\[.*\]: |.*n2n\[.*\]: )',
'pakfire' => '(pakfire:)',
'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
- 'suricata' => '(suricata\[.*\]: )',
+ 'suricata' => '(suricata: )',
'squid' => '(squid\[.*\]: |squid: )',
'ssh' => '(sshd(?:\(.*\))?\[.*\]: )',
'unbound' => '(unbound: \[.*:.*\])(.*:.*$)',
print CONF "status /var/run/ovpnserver.log 30\n";
print CONF "ncp-disable\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
- if ($sovpnsettings{'DAUTH'} eq '') {
- print CONF "";
- } else {
print CONF "auth $sovpnsettings{'DAUTH'}\n";
- }
+
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
}
$vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
$vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
$vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
+ $vpnsettings{'COMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
$vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
- $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
- $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
+ $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
+ $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
$zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
}
print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
- if ($vpnsettings{'DAUTH'} eq '') {
- print CLIENTCONF "";
- } else {
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
- }
+
if ($vpnsettings{'TLSAUTH'} eq 'on') {
if ($cgiparams{'MODE'} eq 'insecure') {
print CLIENTCONF ";";
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
if ($cgiparams{'TLSAUTH'} eq '') {
$cgiparams{'TLSAUTH'} = 'off';
}
$checked{'REDIRECT_GW_DEF1'}{'off'} = '';
$checked{'REDIRECT_GW_DEF1'}{'on'} = '';
$checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
+ $checked{'DCOMPLZO'}{'off'} = '';
+ $checked{'DCOMPLZO'}{'on'} = '';
+ $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
$checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
$checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
$checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
$selected{'LOG_VERB'}{'10'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
- $selected{'DAUTH'}{'whirlpool'} = '';
- $selected{'DAUTH'}{'SHA512'} = '';
- $selected{'DAUTH'}{'SHA384'} = '';
- $selected{'DAUTH'}{'SHA256'} = '';
- $selected{'DAUTH'}{'SHA1'} = '';
- $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
- $checked{'TLSAUTH'}{'off'} = '';
- $checked{'TLSAUTH'}{'on'} = '';
- $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
</tr>
<tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='20%'> </td><td width='20%'></td><td width='35%'></td>
</tr>
<tr>
<td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
</tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
+ <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
+ </tr>
+
<tr>
<td class='base'>$Lang::tr{'ovpn add conf'}</td>
<td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
</table>
<hr size='1'>
-<table width='100%'>
- <tr>
- <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
- </tr>
- <tr>
- <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
- </tr>
- <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
- <td><select name='DAUTH'>
- <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
- <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
- <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
- <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
- <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
- </select>
- </td>
- <td>$Lang::tr{'openvpn default'}: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
- </tr>
-</table>
-
-<table width='100%'>
- <tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
- </tr>
-
- <tr>
- <td class='base'>HMAC tls-auth</td>
- <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
- </tr>
- </table><hr>
END
if ( -e "/var/run/openvpn.pid"){
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
<tr><td> </td><td> </td></tr>
</table>
$selected{'DAUTH'}{'SHA384'} = '';
$selected{'DAUTH'}{'SHA256'} = '';
$selected{'DAUTH'}{'SHA1'} = '';
- # If no hash algorythm has been choosen yet, select
- # the old default value (SHA1) for compatiblity reasons.
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
if (1) {
&Header::showhttpheaders();
$cgiparams{'MSSFIX'} = 'off';
}
if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA512';
- }
+ if (-z "${General::swroot}/ovpn/ovpnconfig") {
+ $cgiparams{'DAUTH'} = 'SHA512';
+ }
+ foreach my $key (keys %confighash) {
+ if ($confighash{$key}[3] ne 'host') {
+ $cgiparams{'DAUTH'} = 'SHA512';
+ } else {
+ $cgiparams{'DAUTH'} = 'SHA1';
+ }
+ }
+ }
+ if ($cgiparams{'TLSAUTH'} eq '') {
+ $cgiparams{'TLSAUTH'} = 'off';
+ }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
$selected{'DAUTH'}{'SHA1'} = '';
$selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
+ $checked{'TLSAUTH'}{'off'} = '';
+ $checked{'TLSAUTH'}{'on'} = '';
+ $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
+
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
if (&haveOrangeNet()) {
print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
- }
- print <<END;
+ }
+
+ print <<END;
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'net config'}:</b></td>
+ </tr>
+ <tr><td colspan='1'><br></td></tr>
+
<tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
<td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
<td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td>
<td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
+ </tr>
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
+ </tr>
+ <tr><td colspan='1'><br></td></tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn ha'}</td>
+ <td><select name='DAUTH'>
+ <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
+ <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
+ <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
+ <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
+ <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
+ </select>
+ </td>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER'>
<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
</select>
</td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
- <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
</tr>
+
+ <tr><td colspan='4'><br></td></tr>
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
+ <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
+ </tr>
+
<tr><td colspan='4'><br><br></td></tr>
END
;
sub writepacfile
{
+ my %vpnconfig=();
+ my %ovpnconfig=();
+ &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac");
flock(FILE, 2);
print FILE "function FindProxyForURL(url, host)\n";
}
}
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
+ if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {
+ my @networks = split(/\|/, $vpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
+ print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
+ foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {
+ my @networks = split(/\|/, $ovpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
$filtersettings{'BLOCK_ALL'} = 'off';
$filtersettings{'ENABLE_EMPTY_ADS'} = 'off';
$filtersettings{'ENABLE_GLOBAL_WHITELIST'} = 'off';
-$filtersettings{'ENABLE_SAFESEARCH'} = 'off';
$filtersettings{'ENABLE_LOG'} = 'off';
$filtersettings{'ENABLE_USERNAME_LOG'} = 'off';
$filtersettings{'ENABLE_CATEGORY_LOG'} = 'off';
$checked{'ENABLE_GLOBAL_WHITELIST'}{'off'} = '';
$checked{'ENABLE_GLOBAL_WHITELIST'}{'on'} = '';
$checked{'ENABLE_GLOBAL_WHITELIST'}{$filtersettings{'ENABLE_GLOBAL_WHITELIST'}} = "checked='checked'";
-$checked{'ENABLE_SAFESEARCH'}{'off'} = '';
-$checked{'ENABLE_SAFESEARCH'}{'on'} = '';
-$checked{'ENABLE_SAFESEARCH'}{$filtersettings{'ENABLE_SAFESEARCH'}} = "checked='checked'";
$checked{'ENABLE_LOG'}{'off'} = '';
$checked{'ENABLE_LOG'}{'on'} = '';
$checked{'ENABLE_LOG'}{$filtersettings{'ENABLE_LOG'}} = "checked='checked'";
<td width='25%' class='base'>$Lang::tr{'urlfilter enable log'}:</td>
<td><input type='checkbox' name='ENABLE_LOG' $checked{'ENABLE_LOG'}{'on'} /></td>
</tr>
-<tr>
- <td class='base'>$Lang::tr{'urlfilter safesearch'}:</td>
- <td><input type='checkbox' name='ENABLE_SAFESEARCH' $checked{'ENABLE_SAFESEARCH'}{'on'} /></td>
- <td class='base'>$Lang::tr{'urlfilter username log'}:</td>
- <td><input type='checkbox' name='ENABLE_USERNAME_LOG' $checked{'ENABLE_USERNAME_LOG'}{'on'} /></td>
-</tr>
<tr>
<td class='base'>$Lang::tr{'urlfilter empty ads'}:</td>
<td><input type='checkbox' name='ENABLE_EMPTY_ADS' $checked{'ENABLE_EMPTY_ADS'}{'on'} /></td>
- <td class='base'>$Lang::tr{'urlfilter category log'}:</td>
- <td><input type='checkbox' name='ENABLE_CATEGORY_LOG' $checked{'ENABLE_CATEGORY_LOG'}{'on'} /></td>
+ <td class='base'>$Lang::tr{'urlfilter username log'}:</td>
+ <td><input type='checkbox' name='ENABLE_USERNAME_LOG' $checked{'ENABLE_USERNAME_LOG'}{'on'} /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'urlfilter block ip'}:</td>
<td><input type='checkbox' name='BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR'}{'on'} /></td>
+ <td class='base'>$Lang::tr{'urlfilter category log'}:</td>
+ <td><input type='checkbox' name='ENABLE_CATEGORY_LOG' $checked{'ENABLE_CATEGORY_LOG'}{'on'} /></td>
</tr>
<tr>
<td class='base'>$Lang::tr{'urlfilter block all'}:</td>
}
}
- if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
- {
+ if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) {
print FILE "rewrite rew-rule-1 {\n";
- if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
- {
- print FILE " # rewrite localfiles\n";
- foreach (@repositoryfiles)
- {
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
- }
- }
-
- if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
+ print FILE " # rewrite localfiles\n";
+ foreach (@repositoryfiles)
{
- print FILE " # rewrite safesearch\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
- print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n";
- print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n";
- print FILE " s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n";
- print FILE " s@(.*\\Wbing\\.\\w+/)(.*)(\\badlt=\\w+)(.*)\@\\1\\2adlt=strict\\4\@i\n";
- print FILE " s@(.*\\Wbing\\.\\w+/.*)\@\\1\\\&adlt=strict\@i\n";
+ print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
}
-
print FILE "}\n\n";
-
- if ((!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) && ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')) {
- print FILE "rewrite rew-rule-2 {\n";
- if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
- {
- print FILE " # rewrite localfiles\n";
- foreach (@repositoryfiles)
- {
- print FILE " s@.*/$_\$\@http://$netsettings{'GREEN_ADDRESS'}:$http_port/repository/$_\@i\n";
- }
- } else {
- print FILE " # rewrite nothing\n";
- }
- print FILE "}\n\n";
- }
}
if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
if (!($filtersettings{'UNFILTERED_CLIENTS'} eq '')) {
print FILE " unfiltered {\n";
print FILE " pass all\n";
- if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
- {
- print FILE " rewrite rew-rule-2\n";
- }
print FILE " }\n\n";
}
if (!($filtersettings{'BANNED_CLIENTS'} eq '')) {
print FILE " logfile".$ident." urlfilter.log\n";
}
}
- if ((($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles)) || ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on'))
+ if (($filtersettings{'ENABLE_REWRITE'} eq 'on') && (@repositoryfiles))
{
print FILE " rewrite rew-rule-1\n";
}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+my %VULNERABILITIES = (
+ "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
+ "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
+ "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
+ "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
+ "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
+ "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
+);
+
+my $errormessage = "";
+my $notice = "";
+
+my %mainsettings = ();
+my %color = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my %settings = (
+ "ENABLE_SMT" => "auto",
+);
+&General::readhash("${General::swroot}/main/security", \%settings);
+
+&Header::showhttpheaders();
+
+&Header::getcgihash(\%settings);
+
+if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+ if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
+ $errormessage = $Lang::tr{'invalid input'};
+ }
+
+ unless ($errormessage) {
+ &General::writehash("${General::swroot}/main/security", \%settings);
+ $notice = $Lang::tr{'please reboot to apply your changes'};
+ }
+}
+
+my %checked = ();
+$checked{'ENABLE_SMT'}{'auto'} = '';
+$checked{'ENABLE_SMT'}{'on'} = '';
+$checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
+
+&Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
+
+&Header::openbigbox("100%", "left", "", $errormessage);
+
+if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font color='red'>$errormessage</font>";
+ &Header::closebox();
+}
+
+if ($notice) {
+ &Header::openbox('100%', 'left', $Lang::tr{'notice'});
+ print "<font color='red'>$notice</font>";
+ &Header::closebox();
+}
+
+&Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
+
+print <<END;
+ <table class="tbl" width='100%'>
+ <thead>
+ <tr>
+ <th align="center">
+ <strong>$Lang::tr{'vulnerability'}</strong>
+ </th>
+ <th align="center">
+ <strong>$Lang::tr{'status'}</strong>
+ </th>
+ </tr>
+ </thead>
+ <tbody>
+END
+
+my $id = 0;
+for my $vuln (sort keys %VULNERABILITIES) {
+ my ($status, $message) = &check_status($vuln);
+ next if (!$status);
+
+ my $colour = "";
+ my $bgcolour = "";
+ my $status_message = "";
+
+ # Not affected
+ if ($status eq "Not affected") {
+ $status_message = $Lang::tr{'not affected'};
+ $colour = "white";
+ $bgcolour = ${Header::colourblack};
+
+ # Vulnerable
+ } elsif ($status eq "Vulnerable") {
+ $status_message = $Lang::tr{'vulnerable'};
+ $colour = "white";
+ $bgcolour = ${Header::colourred};
+
+ # Mitigated
+ } elsif ($status eq "Mitigation") {
+ $status_message = $Lang::tr{'mitigated'};
+ $colour = "white";
+ $bgcolour = ${Header::colourgreen};
+
+ # Unknown report from kernel
+ } else {
+ $status_message = $status;
+ $colour = "black";
+ $bgcolour = ${Header::colouryellow};
+ }
+
+ my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+
+ print <<END;
+ <tr bgcolor="$table_colour">
+ <td align="left">
+ <strong>$VULNERABILITIES{$vuln}</strong>
+ </td>
+
+ <td bgcolor="$bgcolour" align="center">
+ <font color="$colour">
+END
+ if ($message) {
+ print "<strong>$status_message</strong>: $message";
+ } else {
+ print "<strong>$status_message</strong>";
+ }
+
+ print <<END;
+ </font>
+ </td>
+ </tr>
+END
+ }
+
+print <<END;
+ </tbody>
+ </table>
+END
+
+&Header::closebox();
+
+print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+&Header::openbox('100%', 'center', $Lang::tr{'settings'});
+
+my $smt_status = &smt_status();
+
+print <<END;
+ <table class="tbl" width="66%">
+ <tbody>
+ <tr>
+ <th colspan="2" align="center">
+ <strong>$smt_status</strong>
+ </th>
+ </tr>
+
+ <tr>
+ <td width="50%" align="left">
+ $Lang::tr{'enable smt'}
+ </td>
+
+ <td width="50%" align="center">
+ <label>
+ <input type="radio" name="ENABLE_SMT"
+ value="auto" $checked{'ENABLE_SMT'}{'auto'}>
+ $Lang::tr{'automatic'}
+ </label> /
+ <label>
+ <input type="radio" name="ENABLE_SMT"
+ value="on" $checked{'ENABLE_SMT'}{'on'}>
+ $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
+ </label>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" align="right">
+ <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
+ </td>
+ </tr>
+ </tbody>
+ </table>
+END
+
+&Header::closebox();
+
+print "</form>\n";
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+sub check_status($) {
+ my $vuln = shift;
+
+ open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
+ my $status = <FILE>;
+ close(FILE);
+
+ # Fix status when something has been mitigated, but not fully, yet
+ if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
+ return ("Vulnerable", $2);
+ }
+
+ if ($status =~ /^(Vulnerable|Mitigation): (.*)$/) {
+ return ($1, $2);
+ }
+
+ return $status;
+}
+
+sub smt_status() {
+ open(FILE, "/sys/devices/system/cpu/smt/control");
+ my $status = <FILE>;
+ close(FILE);
+
+ chomp($status);
+
+ if ($status eq "on") {
+ return $Lang::tr{'smt enabled'};
+ } elsif (($status eq "off") || ($status eq "forceoff")) {
+ return $Lang::tr{'smt disabled'};
+ } elsif ($status eq "notsupported") {
+ return $Lang::tr{'smt not supported'};
+ }
+
+ return $status;
+}
<style>
table {
width: 100%;
+ border-collapse: collapse;
+ table-layout: fixed;
}
tr {
height: 4em;
}
- td:first-child {
- width: 1px;
+ tr.thin {
+ height: 3em;
+ }
+
+ td.narrow {
+ width: 11em;
}
td {
border: 0.5px solid black;
}
- table {
- border-collapse: collapse;
+ td.slightlygrey {
+ background-color: #F0F0F0;
}
td.h {
width: 100%;
padding-top: 20px;
text-align: right;
+ color: red;
}
#submit-container.input {
button {
margin-top: 1em;
}
-
</style>
END
;
my %vlansettings = ();
my %cgiparams = ();
+my $restart_notice = "";
+
&General::readhash("${General::swroot}/ethernet/settings",\%ethsettings);
&General::readhash("${General::swroot}/ethernet/vlans",\%vlansettings);
&General::writehash("${General::swroot}/ethernet/settings",\%ethsettings);
&General::writehash("${General::swroot}/ethernet/vlans",\%vlansettings);
+
+ $restart_notice = $Lang::tr{'zoneconf notice reboot'};
}
&Header::openbox('100%', 'left', $Lang::tr{"zoneconf nic assignment"});
### START OF TABLE ###
print <<END
- <form method='post' enctype='multipart/form-data'>
- <tr>
- <td class="h topleft" /td>
+<form method='post' enctype='multipart/form-data'>
+ <table>
+ <tr>
+ <td class="h narrow topleft" /td>
END
;
-# Fill the table header with all physical NICs
-foreach (@nics) {
- my $mac = $_->[0];
- my $nic = $_->[1];
-
- print "<td class='h textcenter'>$nic<br>$mac</td>";
-}
-
-print "</tr>";
-
+# Fill the table header with all activated zones
foreach (@zones) {
my $uc = uc $_;
my $dev_name = $ethsettings{"${uc}_DEV"};
next;
}
- print "<tr>";
-
+ # If the zone is in PPP mode, don't show a mode dropdown
if ($uc eq "RED") {
my $red_type = $ethsettings{"RED_TYPE"};
my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
- # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
if ($red_restricted) {
- print "<td class='h $_'>$uc<br>($red_type)</td>";
-
- foreach (@nics) {
- my $mac = $_->[0];
- my $checked = "";
+ print "<td class='h textcenter $_'>$uc ($red_type)</td>";
- if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
- $checked = "checked";
- }
-
- print "<td class='textcenter'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
- }
-
- print "</tr>";
next; # We're done here
}
}
}
print <<END
- <td class='h $_'>$uc<br>
+ <td class='h textcenter $_'>$uc</br>
<select name="MODE $uc">
<option value="DEFAULT" $mode_selected{"DEFAULT"}>$Lang::tr{"zoneconf nicmode default"}</option>
<option value="BRIDGE" $mode_selected{"BRIDGE"}>$Lang::tr{"zoneconf nicmode bridge"}</option>
</td>
END
;
+}
- # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
- my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"};
+print "</tr>";
- # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
- $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
+my $slightlygrey = "";
+
+foreach (@nics) {
+ my $mac = $_->[0];
+ my $nic = $_->[1];
+ my $wlan = $_->[2];
+
+ print "<tr><td class='h narrow textcenter'>$nic<br>$mac</td>";
+
+ # Iterate through all zones and check if the current NIC is assigned to it
+ foreach (@zones) {
+ my $uc = uc $_;
+ my $dev_name = $ethsettings{"${uc}_DEV"};
+
+ if ($dev_name eq "") { # Again, skip the zone if it is not activated
+ next;
+ }
+
+ if ($uc eq "RED") {
+ my $red_type = $ethsettings{"RED_TYPE"};
+ my $red_restricted = ($uc eq "RED" && ! ($red_type eq "STATIC" || $red_type eq "DHCP"));
+
+ # VLANs/Bridging is not possible if the RED interface is set to PPP, PPPoE, VDSL, ...
+ if ($red_restricted) {
+ my $checked = "";
+
+ if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
+ $checked = "checked";
+ }
+
+ print "<td class='textcenter $slightlygrey'><input type='radio' id='PPPACCESS $mac' name='PPPACCESS' value='$mac' $checked></td>";
+ next; # We're done here
+ }
+ }
- foreach (@nics) { # Check for all nics if they are assigned to the current zone
my %access_selected = ();
- my $mac = $_->[0];
- my $wlan = $_->[2];
+ my $zone_mode = $ethsettings{"${uc}_MODE"};
+ my $zone_parent_dev = $vlansettings{"${uc}_PARENT_DEV"}; # ZONE_PARENT_DEV is set if this zone accesses any interface via a VLAN
my $field_disabled = "disabled"; # Only enable the VLAN ID input field if the current access mode is VLAN
my $zone_vlan_id = "";
+ # If ZONE_PARENT_DEV is set to a NICs name (e.g. green0 or eth0) instead of a MAC address, we have to find out this NICs MAC address
+ $zone_parent_dev = &Network::get_mac_by_name($zone_parent_dev);
+
# If the current NIC is accessed by the current zone via a VLAN, the ZONE_PARENT_DEV option corresponds to the current NIC
if ($mac eq $zone_parent_dev) {
$access_selected{"VLAN"} = "selected";
$field_disabled = "";
$zone_vlan_id = $vlansettings{"${uc}_VLAN_ID"};
- }
-
- # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
- if ($zone_mode eq "bridge") {
+ } elsif ($zone_mode eq "bridge") { # If the current zone is in bridge mode, all corresponding NICs (Native as well as VLAN) are set via the ZONE_SLAVES option
my @slaves = split(/ /, $ethsettings{"${uc}_SLAVES"});
foreach (@slaves) {
last;
}
}
- } else { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
- if ($mac eq $ethsettings{"${uc}_MACADDR"}) {
- $access_selected{"NATIVE"} = "selected";
- }
+ } elsif ($mac eq $ethsettings{"${uc}_MACADDR"}) { # Native access via ZONE_MACADDR is only set if the zone does not access a NIC via a VLAN and the zone is not in bridge mode
+ $access_selected{"NATIVE"} = "selected";
}
$access_selected{"NONE"} = ($access_selected{"NATIVE"} eq "") && ($access_selected{"VLAN"} eq "") ? "selected" : "";
my $vlan_disabled = ($wlan) ? "disabled" : "";
print <<END
- <td class="textcenter">
+ <td class="textcenter $slightlygrey">
<select name="ACCESS $uc $mac" onchange="document.getElementById('TAG $uc $mac').disabled = (this.value === 'VLAN' ? false : true)">
<option value="NONE" $access_selected{"NONE"}>- $Lang::tr{"zoneconf access none"} -</option>
<option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
</td>
END
;
-
}
+
print "</tr>";
+
+ if ($slightlygrey) {
+ $slightlygrey = "";
+ } else {
+ $slightlygrey = "slightlygrey";
+ }
}
print <<END
</table>
<div id="submit-container">
+ $restart_notice
<input type="submit" name="ACTION" value="$Lang::tr{"save"}">
</div>
</form>
'Captive clients' => 'Clients',
'Captive config' => 'Konfiguration',
'Captive coupon' => 'Gutschein',
+'Captive delete logo' => 'Logo löschen',
'Captive err doublevoucher' => 'Ein Gutschein mit diesem Code ist bereits im Umlauf',
'Captive expire' => 'Ablauf',
'Captive expiry time' => 'Ablaufzeit',
'harddisk temperature graphs' => 'Festplatten-Diagramme',
'hardware graphs' => 'Hardware-Diagramme',
'hardware support' => 'Hardware-Unterstützung',
+'hardware vulnerabilities' => 'Hardwareverwundbarkeiten',
'hdd temperature in' => 'Festplattentemperatur in',
'help' => 'Hilfe',
'high' => 'Hoch',
'ids automatic rules update' => 'Automatische Regelaktualisierung',
'ids download new ruleset' => 'Das neue Regelsatz wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
'ids enable' => 'Intrusion-Prevention-System aktivieren',
+'ids hide' => 'Verstecken',
'ids ignored hosts' => 'Ausnahmeliste',
'ids log hits' => 'Gesamtanzahl der aktivierten Regeln für',
'ids log viewer' => 'Ansicht IPS-Protokoll',
'ids no network zone' => 'Bitte wählen Sie mindestens eine Netzwerkzone aus, die überwacht werden soll',
'ids no ruleset available' => 'Es ist kein Regelsatz verfügbar. Bitte laden Sie einen Regelsatz herunter.',
'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt',
+'ids rules update' => 'Regelsatz',
'ids ruleset autoupdate in progress' => 'Der Regelsatz wird gerade aktualisiert. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
'ids ruleset settings' => 'Regelsatzeinstellungen',
+'ids show' => 'Anzeigen',
'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
'ignore filter' => '"Ignorieren"-Filter',
'ike integrity' => 'IKE Integrität:',
'ike lifetime' => 'IKE Lebensdauer:',
'ike lifetime should be between 1 and 24 hours' => 'IKE Lebensdauer sollte zwischen 1 und 24 Stunden betragen.',
+'ike lifetime should be between 1 and 8 hours' => 'Die IKE-Laufzeit sollte zwischen einer und acht Stunden betragen',
'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'PSK importieren',
'incoming traffic in bytes per second' => 'Eingehender Verkehr',
'incorrect password' => 'Fehlerhaftes Passwort',
'info' => 'Info',
+'info messages' => 'Info',
'init string' => 'Initialisierung:',
'insert floppy' => 'Legen Sie eine formatierte Diskette in das Floppy-Laufwerk in IPFire und klicken auf <i>Datensicherung auf Diskette</i>, um die Systemeinstellungen zu sichern. Überprüfen Sie das Ergebnis sorgfältig, um sicher zu sein, dass die Datensicherung vollständig und erfolgreich abgeschlossen wurde.',
'install' => 'Installieren',
'instant update' => 'Sofortiges Update',
'integrity' => 'Integrität:',
'interface' => 'Schnittstelle',
+'interface mode' => 'Schnittstelle',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
'intrusion detection' => 'Intrusion-Prevention',
'media' => 'Laufwerke',
'media information' => 'Laufwerksinformationen',
'medium' => 'Mittel',
+'meltdown' => 'Meltdown',
'memory' => 'Speicher',
'memory information' => 'Speicherinformationen',
'memory usage per' => 'Speichernutzung pro',
'misc-options' => 'Sonstige Optionen',
'missing dat' => 'Verschlüsseltes Archiv wurde nicht gefunden',
'missing gz' => 'Nichtverschlüsseltes Archiv wurde nicht gefunden',
+'mitigated' => 'Entschärft',
'mode' => 'Modus',
'model' => 'Modell',
'modem' => 'Modem',
'no' => 'Nein',
'no alcatelusb firmware' => 'Keine Alcatel USB ADSL-Firmware vorhanden. Bitte hochladen.',
'no cfg upload' => 'Keine Daten wurden hochgeladen',
+'no data' => 'Keine Daten',
'no dhcp lease' => 'Eine DHCP-Zuordnung konnte nicht empfangen werden',
'no eciadsl synch.bin file' => 'Keine ECI ADSL Datei synch.bin vorhanden. Bitte hochladen.',
'no filter pass' => 'Legen Sie hier die Standardklassen fest durch die nicht-gefilterte Pakete gehen.',
'noservicename' => 'Kein Dienstname wurde eingegeben',
'not a valid ca certificate' => 'Kein gültiges CA Zertifikat.',
'not a valid dh key' => 'Kein gültiger Diffie-Hellman-Parameter. Es sind nur Parameter mit einer Länge von 2048, 3072 oder 4096 Bit im PKCS#3-Format erlaubt.',
+'not affected' => 'Nicht betroffen',
'not enough disk space' => 'Nicht genügend Plattenplatz vorhanden',
'not present' => '<B>Nicht</B> vorhanden',
'not running' => 'nicht gestartet',
'ovpn error md5' => 'Das Host Zertifikat nutzt einen MD5 Algorithmus welcher nicht mehr akzeptiert wird. <br>Bitte IPFire auf die neueste Version updaten und generieren sie ein neues Root und Host Zertifikate.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn generating the root and host certificates' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern.',
'ovpn ha' => 'Hash-Algorithmus',
-'ovpn hmac' => 'HMAC-Optionen',
'ovpn log' => 'OVPN-Protokoll',
'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
'ovpn mtu-disc' => 'Path MTU Discovery',
'ovpn subnet' => 'OpenVPN-Subnetz:',
'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist ungültig.',
'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich mit ',
+'ovpn tls auth' => 'TLS-Kanalabsicherung:',
'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht RFC3280 Regelkonform. <br>Bitte IPFire auf die letzte Version updaten und generieren sie ein neues Root und Host Zertifikat so bald wie möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert werden!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_fragment' => 'Fragmentgrösse',
'ping disabled' => 'Ping Antwort deaktivieren',
'pkcs12 file password' => 'PKCS12 Datei-Passwort',
'play' => 'Play',
+'please reboot to apply your changes' => 'Bitte starten Sie das System neu',
'polfile' => 'Polfile',
'policy' => 'Richtlinie',
'port' => 'Port',
'printing options' => 'Druckeroptionen',
'priority' => 'Priorität',
'processes' => 'Prozesse',
+'processor vulnerability mitigations' => 'Prozessorverwundbarkeitsentschärfungen',
'profile' => 'Profil',
'profile deleted' => 'Profil gelöscht: ',
'profile has errors' => 'Profil fehlerhaft',
'smbrestart' => 'Samba neustarten',
'smbstart' => 'Samba Dienste starten',
'smbstop' => 'Samba Dienste beenden',
+'smt disabled' => 'Simultanes Multi-Threading ausgeschaltet',
+'smt enabled' => 'Simultanes Multi-Threading eingeschaltet',
+'smt not supported' => 'Simultanes Multi-Threading nicht unterstützt',
'smtphost' => 'Smtp Host',
'smtpport' => 'Smtp Port',
'snat new source ip address' => 'Neue Quell-IP-Adresse',
'source port overlaps' => 'Quell-Port-Bereich überlappt mit einem bereits definierten Port-Bereich.',
'speaker off' => 'Lautsprecher aus:',
'speaker on' => 'Lautsprecher ein:',
+'spectre variant 1' => 'Spectre-Variante 1',
+'spectre variant 2' => 'Spectre-Variante 2',
+'spectre variant 4' => 'Spectre-Variante 4',
'squid extension methods' => 'Ihre <tt>extension_methods</tt> Liste',
'squid extension methods invalid' => 'Ihre \'extension_methods\' Liste darf nur Worte aus Großbuchstaben und Ziffer enthalten, die mittels eines Leerzeichens getrennt werden.',
'squid fix cache' => 'Cache reparieren',
'vpn wait' => 'WARTE',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'vpn weak' => 'schwach',
+'vulnerability' => 'Verwundbarkeit',
+'vulnerable' => 'Verwundbar',
'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht',
'warning messages' => 'Warnhinweise',
'zoneconf nicmode bridge' => 'Brücke',
'zoneconf nicmode default' => 'Normal',
'zoneconf nicmode macvtap' => 'MacVTap',
+'zoneconf notice reboot' => 'Bitte einen Neustart durchführen, um die Änderungen zu übernehmen.',
'zoneconf title' => 'Zonen einrichten',
'zoneconf val native assignment error' => 'Eine Netzwerkkarte kann nicht von mehreren Zonen nativ verwendet werden.',
'zoneconf val ppp assignment error' => 'Die Netzwerkkarte, die von RED im PPP-Modus verwendet wird, kann keiner anderen Zone zugeordnet werden.',
'Captive 1day' => '1 day',
'Captive 1month' => '1 month',
'Captive 1week' => '1 week',
-'Captive ACTIVATE' => 'ACTIVATE',
'Captive GAIN ACCESS' => 'GAIN ACCESS',
'Captive WiFi coupon' => 'WiFi Coupon',
'Captive activate' => 'Activate',
'Captive client session expiry time' => 'Session Expiry Time',
'Captive config' => 'Settings',
'Captive coupon' => 'Coupon',
+'Captive delete logo' => 'Delete Logo',
'Captive err doublevoucher' => 'A coupon with this code already exists',
'Captive expire' => 'Expire',
'Captive expiry time' => 'Expiry Time',
'custom networks' => 'Custom networks',
'custom services' => 'Custom services',
'daily firewallhits' => 'daily firewallhits',
+'dangerous' => 'Dangerous',
'dat without key' => 'An encrypted archive cannot be restored without the key.',
'date' => 'Date',
'date not in logs' => 'No (or only partial) logs exist for the day queried',
'empty profile' => 'empty',
'enable ignore filter' => 'Enable ignore filter',
'enable javascript' => 'Enable javascript',
+'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)',
'enable wildcards' => 'Enable wildcards:',
'enabled' => 'Enabled:',
'enabled on' => 'Enabled on',
'extrahd unable to read' => 'Unable to read',
'extrahd unable to write' => 'Unable to write',
'extrahd you cant mount' => 'You can\'t mount',
+'fallout zombieload ridl' => 'Fallout/ZombieLoad/RIDL',
'false classnumber' => 'The Class-Number does not match the interface.',
'false max bandwith' => 'Maximum bandwith is false.',
'false min bandwith' => 'Minimum bandwith is false.',
'fixed ip lease modified' => 'Fixed IP lease modified',
'fixed ip lease removed' => 'Fixed IP lease removed',
'flag' => 'Flag',
+'force enable' => 'Forced',
'force update' => 'Force update',
'force user' => 'force all new file to user',
+'foreshadow' => 'Foreshadow',
'forward firewall' => 'Firewall',
'forwarding rule added' => 'Forwarding rule added; restarting forwarder',
'forwarding rule removed' => 'Forwarding rule removed; restarting forwarder',
'harddisk temperature graphs' => 'HDD Graphs',
'hardware graphs' => 'Hardware Graphs',
'hardware support' => 'Hardware Support',
+'hardware vulnerabilities' => 'Hardware Vulnerabilities',
'hdd temperature in' => 'Harddisk temperature in',
'help' => 'Help',
'high' => 'High',
'media' => 'Media',
'media information' => 'Media information',
'medium' => 'Medium',
+'meltdown' => 'Meltdown',
'memory' => 'Memory',
'memory information' => 'Memory information',
'memory usage per' => 'Memory Usage per',
'misc-options' => 'Miscellaneous options',
'missing dat' => 'Encrypted archive not found',
'missing gz' => 'Unencrypted archive not found',
+'mitigated' => 'Mitigated',
'mode' => 'Mode',
'model' => 'Model',
'modem' => 'Modem',
'noservicename' => 'No Service Name entered',
'not a valid ca certificate' => 'Not a valid CA certificate.',
'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.',
+'not affected' => 'Not Affected',
'not enough disk space' => 'Not enough disk space',
'not present' => '<b>Not</b> present',
'not running' => 'not running',
'ovpn error md5' => 'You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn generating the root and host certificates' => 'Generating the root and host certificate can take a long time.',
'ovpn ha' => 'Hash algorithm',
-'ovpn hmac' => 'HMAC options',
'ovpn log' => 'OVPN-Log',
'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
'ovpn mtu-disc' => 'Path MTU Discovery',
'ovpn subnet' => 'OpenVPN subnet:',
'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
+'ovpn tls auth' => 'TLS Channel Protection:',
'ovpn warning rfc3280' => 'Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>',
'ovpn_fastio' => 'Fast-IO',
'ovpn_mssfix' => 'MSSFIX Size',
'ping disabled' => 'Disable ping response',
'pkcs12 file password' => 'PKCS12 File Password',
'play' => 'Play',
+'please reboot to apply your changes' => 'Please reboot to apply your changes',
'polfile' => 'Polfile',
'policy' => 'Policy',
'port' => 'Port',
'printing options' => 'printing options',
'priority' => 'Priority',
'processes' => 'Processes',
+'processor vulnerability mitigations' => 'Processor Vulnerability Mitigations',
'profile' => 'Profile',
'profile deleted' => 'Profile deleted: ',
'profile has errors' => 'Profile has errors',
'smbrestart' => 'Restart samba',
'smbstart' => 'Start samba',
'smbstop' => 'Stop samba',
+'smt disabled' => 'Simultaneous Multi-Threading (SMT) is disabled',
+'smt enabled' => 'Simultaneous Multi-Threading (SMT) is enabled',
+'smt not supported' => 'Simultaneous Multi-Threading (SMT) is not supported',
'smtphost' => 'SMTP host',
'smtpport' => 'SMTP port',
'snat new source ip address' => 'New source IP address',
'source port overlaps' => 'Source port range overlaps an existing port range.',
'speaker off' => 'Speaker off:',
'speaker on' => 'Speaker on:',
+'spectre variant 1' => 'Spectre Variant 1',
+'spectre variant 2' => 'Spectre Variant 2',
+'spectre variant 4' => 'Spectre Variant 4',
'squid extension methods' => 'Your <tt>extension_methods</tt> list',
'squid extension methods invalid' => 'Your \'extension_methods\' list can only contain uppercase words of letters and digits, separated with a space. ',
'squid fix cache' => 'Repair cache',
'vpn wait' => 'WAITING',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
'vpn weak' => 'Weak',
+'vulnerability' => 'Vulnerability',
+'vulnerable' => 'Vulnerable',
'waiting to synchronize clock' => 'Waiting to synchronize clock',
'warn when traffic reaches' => 'Warn when traffic reaches x %',
'warning messages' => 'Warning messages',
'zoneconf nicmode bridge' => 'Bridge',
'zoneconf nicmode default' => 'Default',
'zoneconf nicmode macvtap' => 'MacVTtap',
+'zoneconf notice reboot' => 'Please reboot to apply your changes.',
'zoneconf title' => 'Zone Configuration',
'zoneconf val native assignment error' => 'A NIC cannot be accessed natively by more than one zone.',
'zoneconf val ppp assignment error' => 'The NIC used for RED in PPP mode cannot be accessed by any other zone.',
'alt vpn' => 'VPNs',
'and' => 'Et',
'ansi t1.483' => 'A EFFACER',
-'apcupsd' => 'Statut APC-UPS',
+'apcupsd' => 'Statut UPS-APC',
'application layer gateways' => 'Passerelles de couche d\'application',
'apply' => 'Appliquer maintenant',
'april' => 'Avril',
'calamaris show usernames' => 'Montrer les noms d\'utilisateurs ',
'calamaris skip archived logfiles' => 'Ignorer les archives de fichiers journal ',
'calamaris unlimited' => 'illimité',
-'calamaris view' => 'Voir',
-'calamaris view report' => 'Voir le rapport',
+'calamaris view' => 'Afficher le rapport',
+'calamaris view report' => 'Rapport ',
'calc traffic all x minutes' => 'Calculer le trafic toutes les X minutes',
'cancel' => 'Annuler',
'cancel-adv-options' => 'Annuler',
'class in use' => 'La classe est déjà en cours d\'utilisation.',
'clear cache' => 'Vider le cache',
'clear playlist' => 'Liste de lecture vide',
-'clenabled' => 'Fournir du temps au réseau local',
+'clenabled' => 'Fournir l\'heure au réseau local',
'click to disable' => 'Activé (cocher pour désactiver)',
'click to enable' => 'Désactivé (cocher pour activer)',
'client' => 'Nom de la station (ordinateur)',
'could not open installed updates file' => 'Impossible d\'ouvrir le fichier des mises à jour installées',
'could not open update information file' => 'Impossible d\'ouvrir le fichier d\'information de mise à jour. Le fichier est corrompu.',
'could not retrieve common name from certificate' => 'Impossible de récupérer le nom courant depuis le certificat.',
-'count' => 'Compte',
+'count' => 'Nombre',
'countries' => 'Pays',
'country' => 'Pays ',
'country codes and flags' => 'Codes de pays et drapeaux :',
'cron server' => 'Serveur CRON',
'crypto error' => 'Erreur cryptographique',
'crypto warning' => 'Alerte cryptographique',
-'current' => 'Courant',
-'current aliases' => 'Alias courants :',
-'current class' => 'Classes courantes',
-'current devices' => 'Périphériques courants',
+'cryptographic settings' => 'Paramètres cryptographiques',
+'current' => 'Actuel',
+'current aliases' => 'Alias actuels :',
+'current class' => 'Classes actuelles',
+'current devices' => 'Périphériques actuels',
'current dhcp leases on blue' => 'Etat actuel des baux DHCP sur BLEU',
'current dynamic leases' => 'Etat actuel des baux dynamiques',
'current fixed leases' => 'Etat actuel des baux fixes',
-'current hosts' => 'Hôtes courants :',
-'current media' => 'Média courant',
+'current hosts' => 'Hôtes actuels :',
+'current media' => 'Média actuel',
'current ovpn' => 'Connexion OVPN active :',
-'current playlist' => 'Liste de lecture courante',
-'current profile' => 'Profil courant :',
-'current rules' => 'Règles courantes :',
+'current playlist' => 'Liste de lecture actuelle',
+'current profile' => 'Profil actuel :',
+'current rules' => 'Règles actuelles :',
'custom networks' => 'Réseaux personnalisés',
'custom services' => 'Services personnalisés',
'daily firewallhits' => 'Contacts journaliers du pare-feu',
'ddns noip prefix' => 'Pour utiliser autre chose que des IP dans le mode de groupe, préfixez les noms d\'hôtes avec <b>%</b>',
'deactivate' => 'désactiver',
'deactivate user' => 'désactiver l\'utilisateur',
-'dead peer detection' => 'Détection Dead Peer',
+'dead peer detection' => 'Détection pair mort',
'debugme' => 'Pas encore implémenté',
'december' => 'Décembre',
'deep scan directories' => 'Scan récursif',
'def lease time' => 'Durée de bail par défaut',
'default' => 'Par défaut',
+'default IP address' => 'Adresse IP par défaut',
'default ip' => 'Adresse IP par défaut',
'default lease time' => 'Durée du bail par défaut (minutes) :',
'default networks' => 'Réseaux par défaut',
'dns error 0' => 'L\'adresse IP du <strong>premier</strong> serveur DNS n\'est pas valide, veuillez revoir votre saisie<br />La saisie de l\'adresse du <strong>second</strong> serveur DNS est valide.',
'dns error 01' => 'Les adresses IP du <strong>premier</strong> et du <strong>second</strong> serveur DNS ne sont pas valides, veuillez revoir vos saisies',
'dns error 1' => 'L\'adresse IP du <strong>second</strong> serveur DNS n\'est pas valide, veuillez revoir votre saisie<br />La saisie de l\'adresse du <strong>premier</strong> serveur DNS est valide.',
+'dns forward disable dnssec' => 'Désactiver DNSSEC (dangereux)',
+'dns forwarding dnssec disabled notice' => '(DNSSEC désactivé)',
'dns header' => 'Assigner les adresses du serveur DNS seulement pour le DHCP sur ROUGE0',
'dns list' => 'Liste de serveurs DNS publiques gratuits',
'dns menu' => 'Assigner un serveur DNS',
'dnsforward entries' => 'Entrées actuelles',
'dnsforward forward_servers' => 'Nom des serveurs ',
'dnsforward zone' => 'Zone ',
-'dnssec aware' => 'DNSSEC Aware',
+'dnssec aware' => 'DNSSEC avisé',
'dnssec disabled warning' => 'AVERTISSEMENT : DNSSEC a été désactivé',
'dnssec information' => 'Informations DNSSEC',
'dnssec not supported' => 'DNSSEC non supporté',
'downlink speed' => 'Débit descendant - download (kbit/sec) ',
'downlink std class' => 'Classe standard de téléchargement ',
'download' => 'Téléchargement ',
-'download ca certificate' => 'Téléchargez le certificat CA',
-'download certificate' => 'Téléchargez le certificat',
+'download ca certificate' => 'Télécharger le certificat CA',
+'download certificate' => 'Télécharger le certificat',
'download dh parameter' => 'Télécharger paramètres Diffie-Hellman',
-'download host certificate' => 'Téléchargez le certificat de l\'hôte',
+'download host certificate' => 'Télécharger le certificat de l\'hôte',
'download new ruleset' => 'Télécharger de nouvelles règles',
-'download pkcs12 file' => 'Téléchargez le fichier PKCS12',
-'download root certificate' => 'Téléchargez le certificat Root',
+'download pkcs12 file' => 'Télécharger le fichier PKCS12',
+'download root certificate' => 'Télécharger le certificat Root',
'download tls-auth key' => 'Télécharger la clé tls-auth',
'dpd action' => 'Détection du peer mort',
'dpd delay' => 'Retard',
'generate a certificate' => 'Générer un certificat :',
'generate dh key' => 'Générer paramètres Diffie-Hellman',
'generate iso' => 'Générer ISO',
-'generate root/host certificates' => 'Générer des certificats root / hôte',
+'generate root/host certificates' => 'Générer des certificats root / hôte ',
'generate tripwire keys and init' => 'Générer des clef Tripwire et init',
'generatekeys' => 'Générer des clefs',
'generatepolicy' => 'Générer une nouvelle politique',
'instant update' => 'Mise à jour instantanée',
'integrity' => 'Intégrité :',
'interface' => 'Interface',
+'interface mode' => 'Mode d\'interface',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
'intrusion detection' => 'Détection d\'intrusion',
'invalid input for hostname' => 'Nom d\'hôte non valide.',
'invalid input for ike lifetime' => 'Durée de validité IKE non valide',
'invalid input for inactivity timeout' => 'Entrée non valide pour le délai d\'inactivité',
+'invalid input for interface address' => 'Entrée non valide pour l\'adresse d\'interface',
+'invalid input for interface mode' => 'Entrée non valide pour le mode d\'interface',
+'invalid input for interface mtu' => 'Entrée non valide vers l\'interface MTU',
'invalid input for keepalive 1' => 'Ping keepalive non valide',
'invalid input for keepalive 1:2' => 'Keepalive non valide, utilisez au minimum un ratio de 1:2',
'invalid input for keepalive 2' => 'Redémarrage ping keepalive non valide',
+'invalid input for local ip address' => 'Entrée non valide pour l\'adresse IP locale',
'invalid input for max clients' => 'Nombre de clients maximum non valide',
+'invalid input for mode' => 'Entrée non valide pour le mode',
'invalid input for name' => 'Mauvaise entrée pour le nom d\'utilisateur ou le nom du sytème',
'invalid input for oink code' => 'Oink code non valide',
'invalid input for organization' => 'Organisation non valide',
'ipfires hostname' => 'Nom d\'hôte d\'IPFire ',
'ipinfo' => 'Info IP',
'ipsec' => 'IPsec',
+'ipsec connection' => 'Connexion IPsec',
+'ipsec interface mode gre' => 'GRE',
+'ipsec interface mode none' => '- Aucun (défaut) -',
+'ipsec interface mode vti' => 'VTI',
+'ipsec mode transport' => 'Transport',
+'ipsec mode tunnel' => 'Tunnel',
'ipsec network' => 'Réseau IPsec',
'ipsec no connections' => 'Aucune connexion IPsec active',
+'ipsec settings' => 'Paramètres IPsec',
'iptable rules' => 'Règles table IP',
'iptmangles' => 'Mangles IPTable ',
'iptnats' => 'Traduction d\'adresses réseaux table IP ',
'load printer' => 'Charger imprimante',
'loaded modules' => 'Modules chargés :',
'local hard disk' => 'Disque dur',
+'local ip address' => 'Adresse IP locale',
'local master' => 'Maitre local',
'local ntp server specified but not enabled' => 'Serveur NTP local spécifié mais pas activé',
'local subnet' => 'Sous-réseau local :',
'mpfire search' => 'Recherche MPFire',
'mpfire songs' => 'Liste des chansons MPFire',
'mpfire webradio' => 'Radio web MPFire',
+'mtu' => 'MTU',
'mtu QoS' => 'Ceci ne change pas le MTU global, cela règle uniquement le MTU pour la QoS.',
'my new share' => 'Mon nouveau partage',
'name' => 'Nom',
'newer' => 'Récents',
'next' => 'suivant',
'no' => 'Non',
-'no alcatelusb firmware' => 'aucun firmware Alcatel USB, veuillez le charger.',
+'no alcatelusb firmware' => 'Aucun firmware Alcatel USB, veuillez le charger.',
'no cfg upload' => 'Aucune donnée n\'a été envoyée',
'no dhcp lease' => 'Aucun bail DHCP n\'a été obtenu',
'no eciadsl synch.bin file' => 'Aucun fichier ECI ADSL synch.bin, veuillez le charger.',
'october' => 'Octobre',
'off' => 'off',
'ok' => 'Ok',
-'older' => 'Anciens',
+'older' => 'Plus anciens',
'on' => 'sur',
'one hour' => 'Une heure',
'one month' => 'Un mois',
'ovpn dh parameters' => 'Options de paramètres Diffie-Hellman',
'ovpn dh upload' => 'Mettre à jour de nouveaux paramètres Diffie-Hellman ',
'ovpn dl' => 'Télécharger OVPN-Config',
-'ovpn engines' => 'Crypto engine',
+'ovpn engines' => 'Moteur Crypto',
'ovpn errmsg green already pushed' => 'La route pour le réseau VERT est toujours activée',
'ovpn errmsg invalid ip or mask' => 'Adresse ou masque de sous-r?seau invalide',
'ovpn error dh' => 'Le paramètre Diffie-Hellman doit être au minimum à 2048 bits ! <br>Veuillez générer ou télécharger un nouveau paramètre Diffie-Hellman, cela peut être fait ci-dessous dans la section "Options de paramètres Diffie-Hellman".</br>',
'percentage' => 'Pourcentage',
'persistent' => 'Persistant',
'pfs yes no' => 'Perfect Forward Secrecy (PFS)',
-'phase1 group' => 'Phase 1 du groupe',
+'phase1 group' => 'Groupe phase1',
'phonebook entry' => 'Entrée du répertoire :',
'ping disabled' => 'Désactiver la réponse au ping',
'pkcs12 file password' => 'Mot de passe PKCS12 ',
'proxy no proxy local' => 'Rejeter le proxy local sur les réseaux BLEU /VERT',
'proxy port' => 'Port du proxy',
'proxy reconfigure' => 'Sauvegarder et recharger',
-'proxy reports' => 'Rapports proxy',
+'proxy reports' => 'Rapports proxy ',
'proxy reports daily' => 'Rapports quotidiens',
'proxy reports monthly' => 'Rapports mensuels',
-'proxy reports today' => 'Aujourd\'hui',
+'proxy reports today' => 'Rapport d\'aujourd\'hui',
'proxy reports weekly' => 'Rapports hebdomadaires',
'psk' => 'PSK',
'pulse' => 'Impulsion',
'refresh' => 'Rafraîchir',
'refresh index page while connected' => 'Rafraîchir la page index.cgi tout en restant connecté',
'refresh update list' => 'Rafraîchir la liste des mises à jour',
-'registered user rules' => 'Règles Talos VRT pour les utilisateurs enregistrés',
+'registered user rules' => 'Règles Sourcefire VRT pour les utilisateurs enregistrés',
'released' => 'Disponible',
'reload' => 'Recharger',
'remark' => 'Remarque ',
'resetglobals' => 'Réinitialiser les paramètres globaux',
'resetpolicy' => 'Réinitialiser la politique par défaut',
'resetshares' => 'réinitialiser les partages ?',
-'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'Réinitialiser la configuration VPN va supprimer le CA root, le certificat hôte et tous les certificats basés sur les connexions ',
+'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections' => 'La réinitialisation de la configuration VPN va supprimer le CA root, le certificat hôte et tous les certificats basés sur les connexions ',
'restart' => 'Relancer',
'restart ovpn server' => 'Relancer le serveur OpenVPN',
'restore' => 'Restaurer',
'services settings' => 'Pare-feu - Paramètres des services',
'set' => 'défini',
'set time now' => 'Régler heure maintenant',
-'set time now help' => 'Pour placer dans la file d\'attente un événement de synchronisation à tout moment (même si vous utilisez un calendrier répété), appuyez sur le bouton <i>Régler heure maintenant</i>. Il se peut que vous ayez à attendre cinq minutes, ou plus, avant qu\'un évènement de synchronisation se produise.',
+'set time now help' => 'A tout moment, pour placer un événement de synchronisation dans la file d\'attente (même si vous utilisez un calendrier répété), appuyez sur le bouton <i>Régler heure maintenant</i>. Il se peut que vous ayez à attendre cinq minutes, ou plus, avant qu\'une synchronisation se produise.',
'settings' => 'Réglages ',
'shaping add options' => 'Ajouter un service',
'shaping list options' => 'Services de mise en forme du trafic',
'shares' => 'Partages',
'show ajax speedmeter in footer' => 'Afficher le compteur de bande passante Ajax',
'show areas' => 'montrer les domaines',
-'show ca certificate' => 'Montrer le certificat CA',
+'show ca certificate' => 'Afficher le certificat CA',
'show certificate' => 'Afficher le certificat',
'show crl' => 'Montrer la liste de révocation des certificats',
-'show dh' => 'Voir paramètres Diffie-Hellman',
-'show host certificate' => 'Montrer le certificat hôte',
+'show dh' => 'Afficher les paramètres Diffie-Hellman',
+'show host certificate' => 'Afficher le certificat hôte',
'show last x lines' => 'Montrer les dernières x lignes',
'show lines' => 'Montrer les lignes',
-'show root certificate' => 'Montrer le certificat root',
+'show root certificate' => 'Afficher le certificat root',
'show share options' => 'Montrer les options partagées',
-'show tls-auth key' => 'afficher clef tls-auth',
+'show tls-auth key' => 'Afficher clef tls-auth',
'shuffle' => 'Mélanger',
'shutdown' => 'Arrêter',
'shutdown ask' => 'Arrêter ?',
'static ip' => 'IP statique',
'static routes' => 'Routes statiques',
'status' => 'Statut',
-'status information' => 'Etat matériel',
+'status information' => 'Informations d\'état',
'status ovpn' => 'Statut / configuration OpenVPN :',
'std classes' => 'Classes standards',
'stop' => 'Arrêter',
'subject warn' => 'Attention - Le niveau d\'alerte a été atteint',
'subnet' => 'Sous-réseau',
'subnet is invalid' => 'Le masque réseau est non valide',
-'subscripted user rules' => 'Règles Talos VRT avec abonnement',
+'subnet mask' => 'Masque de sous-réseau',
+'subscripted user rules' => 'Règles Sourcefire VRT avec abonnement',
'successfully refreshed updates list' => 'La liste des mises à jour a été rafraîchie avec succès.',
'summaries kept' => 'Conserver pour les résumés',
'sunday' => 'Dimanche',
'tor errmsg invalid accounting limit' => 'Invalid accounting limit',
'tor errmsg invalid directory port' => 'Invalid directory port',
'tor errmsg invalid ip or mask' => 'Sous-réseau ou IP non valide',
-'tor errmsg invalid node id' => 'Node ID invalide',
+'tor errmsg invalid node id' => 'ID noeud invalide',
'tor errmsg invalid relay address' => 'Adresse relais invalide',
'tor errmsg invalid relay name' => 'Surnom relais invalide',
'tor errmsg invalid relay port' => 'Port relais invalide',
'trafficto' => 'A',
'transfer limits' => 'Limites des taux de transfert',
'transparent on' => 'Transparent sur',
+'transport mode does not support vti' => 'VTI n\'est pas supporté dans le mode de transport',
'tripwire' => 'Tripwire',
-'tripwire cronjob' => 'Tripwire cronjob',
+'tripwire cronjob' => 'cronjob tripwire',
'tripwire functions' => 'fonctions tripwire',
'tripwire reports' => 'rapports tripwire',
'tripwireoperating' => 'Le processus a commencé, cela peut prendre quelques minutes. Veuillez attendre que la fenêtre se soit automatiquement rafraîchie pour que le processus soit fini.',
'unnamed' => 'Sans nom',
'update' => 'Mettre à jour',
'update accelerator' => 'Accélérateur (cache)',
-'update time' => 'Mettre à jour l\'heure :',
+'update time' => 'Mise à jour de l\'heure :',
'update transcript' => 'Mettre à jour transcript',
'updatedatabase' => 'Mettre à jour la base de données avec le dernier rapport',
'updates' => 'Mises à jour',
'year-graph' => 'Annee',
'yearly firewallhits' => 'Contacts annuels du pare-feu',
'yes' => 'Oui',
-'you can only define one roadwarrior connection when using pre-shared key authentication' => 'vous ne pouvez définir qu\'une connexion client nomade lors de l\'utilisation avec pré-authentification par clé partagée.<br />Soit vous avez déjà une connexion client nomade avec pré-authentification par clé partagée, ou vous essayez d\'en ajouter une maintenant.',
+'you can only define one roadwarrior connection when using pre-shared key authentication' => 'Vous ne pouvez définir qu\'une connexion client nomade lors de l\'utilisation avec pré-authentification par clé partagée.<br />Soit vous avez déjà une connexion client nomade avec pré-authentification par clé partagée, ou vous essayez d\'en ajouter une maintenant.',
'your department' => 'Votre département',
'your e-mail' => 'Votre adresse de courriel ',
);
include Config
-VER = 9.11.6-P1
+VER = 9.11.7
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8294f1a86f57a331379717d714e840e3
+$(DL_FILE)_MD5 = 5c16cdab2ee066ed43a623febfd29244
install : $(TARGET)
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
- isdn/settings mac/settings main/hosts main/routing main/settings optionsfw/settings \
+ isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
include Config
-VER = 0.1
+VER = 0.2.1
THISAPP = igmpproxy-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = igmpproxy
-PAK_VER = 4
+PAK_VER = 5
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c56f41ec195bc1fe016369bf74efc5a1
+$(DL_FILE)_MD5 = 3a9c2cb42c1f5ee0cb769a4884545641
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/igmpproxy-001-Send-IGMP-packets-with-IP-Router-Alert-option-RFC-21.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/igmpproxy-002-Change-default-interface-state-to-disabled-wrt-29458.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/igmpproxy-003-Restrict-igmp-reports-for-downstream-interfaces-wrt-.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/igmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/igmpproxy-100-use-monotic-clock-instead-of-time-of-day.patch
- cd $(DIR_APP) && aclocal && automake --add-missing && autoreconf
- $(UPDATE_AUTOMAKE)
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
ln -sf ../init.d/mountfs /etc/rc.d/rcsysinit.d/S40mountfs
ln -sf ../init.d/fsresize /etc/rc.d/rcsysinit.d/S42fsresize
ln -sf ../init.d/mounttmpfs /etc/rc.d/rcsysinit.d/S43mounttmpfs
+ ln -sf ../init.d/smt /etc/rc.d/rcsysinit.d/S44smt
ln -sf ../init.d/udev_retry /etc/rc.d/rcsysinit.d/S45udev_retry
ln -sf ../init.d/cleanfs /etc/rc.d/rcsysinit.d/S50cleanfs
ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 20180807a
+VER = 20190514
-THISAPP = microcode-$(VER)
-DL_FILE = $(THISAPP).tgz
+THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER)
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b12f8680d87c81a302e8c85712ed1a80
+$(DL_FILE)_MD5 = ad5fe712f54387c0737caef8131b4770
+
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && mkdir -p $(DIR_APP) && tar zxf $(DIR_DL)/$(DL_FILE) -C $(DIR_APP)
- ls /usr/src
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && mkdir -p $(DIR_APP) && tar zxf $(DIR_DL)/$(DL_FILE)
# Copy the firmware files into the right position
cd $(DIR_APP) && cp -R intel-ucode /lib/firmware/
@rm -rf $(DIR_APP)
include Config
-VER = 4.14.113
-ARM_PATCHES = 4.14.113-ipfire0
+VER = 4.14.121
+ARM_PATCHES = 4.14.121-ipfire0
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
CFLAGS =
CXXFLAGS =
-PAK_VER = 82
+PAK_VER = 83
DEPS = ""
HEADERS_ARCH = $(BUILD_PLATFORM)
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = fd34a25839945f902f0c6d694d42ea7f
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 51eab5175bf8f0ad986006c74e60b472
+$(DL_FILE)_MD5 = 619cfc35e376eaa1f05d835624bbb432
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = ac64bdb78fbecba032b92df61c928d3f
install : $(TARGET)
include Config
-VER = 0.40
+VER = 0.41
THISAPP = spectre-meltdown-checker-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spectre-meltdown-checker
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = cc1ed68faf3fde13b1ff3bd15a22d46d
+$(DL_FILE)_MD5 = d3adcb3ac32e226dc18ab7f6ef6f7617
install : $(TARGET)
include Config
-VER = 4.6
+VER = 4.7
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e25e7cc37754ad14d8aa368c0c210e54
+$(DL_FILE)_MD5 = ec7be696032b962eac9ba5726940a3aa
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-4.6-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 36
+PAK_VER = 38
-DEPS = ""
+DEPS = "libseccomp"
###############################################################################
# Top-level Rules
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.0.1
+
+THISAPP = wireshark-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = tshark
+DEPS = "krb5"
+PAK_VER = 1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 370a113e1c8ec240c4621cfb5abb0c52
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist :
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && mkdir build
+ cd $(DIR_APP)/build && cmake .. \
+ -DBUILD_wireshark=OFF \
+ -DCMAKE_INSTALL_PREFIX=/usr
+
+ cd $(DIR_APP)/build && make $(PARALELLISMFLAGS)
+ cd $(DIR_APP)/build && make install
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
sed -i 's|/var/lib/vnstat|/var/log/vnstat|g' /etc/vnstat.conf
sed -i 's|/var/log/vnstat/vnstat.log|/var/log/vnstat.log|g' /etc/vnstat.conf
sed -i 's|/var/run/vnstat/vnstat.pid|/var/run/vnstat.pid|g' /etc/vnstat.conf
+
+ mkdir -p /var/log/vnstat
+ touch /var/log/vnstat/tag
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
+# If you update the version don't forget to update backupiso and add it to core update
VERSION="2.23" # Version number
-CORE="132" # Core Level (Filename)
-PAKFIRE_CORE="131" # Core Level (PAKFIRE)
+CORE="133" # Core Level (Filename)
+PAKFIRE_CORE="132" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
lfsmake2 zabbix_agentd
lfsmake2 flashrom
lfsmake2 firmware-update
+ lfsmake2 tshark
}
buildinstaller() {
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/smt
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/security)
+
+case "${1}" in
+ start)
+ # Nothing to do here when SMT is forced on
+ if [ "${ENABLE_SMT}" = "on" ]; then
+ exit 0
+ fi
+
+ # Nothing to do if this processor is not vulnerable
+ # to Fallout/RIDL.
+ if [ -r "/sys/devices/system/cpu/vulnerabilities/mds" ]; then
+ if [ "$(</sys/devices/system/cpu/vulnerabilities/mds)" = "Not affected" ]; then
+ exit 0
+ fi
+
+ # Disable SMT when supported and enabled
+ if [ "$(</sys/devices/system/cpu/smt/control)" = "on" ]; then
+ boot_mesg "Disabling Simultaneous Multi-Threading (SMT)..."
+ echo "forceoff" > /sys/devices/system/cpu/smt/control
+ echo_ok
+ fi
+ fi
+ ;;
+
+ *)
+ echo "Usage: ${0} {start}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/smt
#
# Author : Stefan Schantl <stefan.schantl@ipfire.org>
#
-# Version : 01.01
+# Version : 01.02
#
# Notes :
#
[ "$line" ] && [ -z "${line%processor*}" ] && ((CPUCOUNT++))
done </proc/cpuinfo
- echo $CPUCOUNT
+ # Limit to a maximum of 16 cores, because suricata does not support more than
+ # 16 netfilter queues at the moment.
+ if [ $CPUCOUNT -gt "16" ]; then
+ echo "16"
+ else
+ echo $CPUCOUNT
+ fi
}
# Function to flush the firewall chains.
INSECURE_ZONES=
USE_FORWARDERS=1
+ENABLE_SAFE_SEARCH=off
# Cache any local zones for 60 seconds
LOCAL_TTL=60
fi
}
+# Sets up Safe Search for various search engines
+write_safe_search_conf() {
+ local google_tlds=(
+ google.ad
+ google.ae
+ google.al
+ google.am
+ google.as
+ google.at
+ google.az
+ google.ba
+ google.be
+ google.bf
+ google.bg
+ google.bi
+ google.bj
+ google.bs
+ google.bt
+ google.by
+ google.ca
+ google.cat
+ google.cd
+ google.cf
+ google.cg
+ google.ch
+ google.ci
+ google.cl
+ google.cm
+ google.cn
+ google.co.ao
+ google.co.bw
+ google.co.ck
+ google.co.cr
+ google.co.id
+ google.co.il
+ google.co.in
+ google.co.jp
+ google.co.ke
+ google.co.kr
+ google.co.ls
+ google.com
+ google.co.ma
+ google.com.af
+ google.com.ag
+ google.com.ai
+ google.com.ar
+ google.com.au
+ google.com.bd
+ google.com.bh
+ google.com.bn
+ google.com.bo
+ google.com.br
+ google.com.bz
+ google.com.co
+ google.com.cu
+ google.com.cy
+ google.com.do
+ google.com.ec
+ google.com.eg
+ google.com.et
+ google.com.fj
+ google.com.gh
+ google.com.gi
+ google.com.gt
+ google.com.hk
+ google.com.jm
+ google.com.kh
+ google.com.kw
+ google.com.lb
+ google.com.ly
+ google.com.mm
+ google.com.mt
+ google.com.mx
+ google.com.my
+ google.com.na
+ google.com.nf
+ google.com.ng
+ google.com.ni
+ google.com.np
+ google.com.om
+ google.com.pa
+ google.com.pe
+ google.com.pg
+ google.com.ph
+ google.com.pk
+ google.com.pr
+ google.com.py
+ google.com.qa
+ google.com.sa
+ google.com.sb
+ google.com.sg
+ google.com.sl
+ google.com.sv
+ google.com.tj
+ google.com.tr
+ google.com.tw
+ google.com.ua
+ google.com.uy
+ google.com.vc
+ google.com.vn
+ google.co.mz
+ google.co.nz
+ google.co.th
+ google.co.tz
+ google.co.ug
+ google.co.uk
+ google.co.uz
+ google.co.ve
+ google.co.vi
+ google.co.za
+ google.co.zm
+ google.co.zw
+ google.cv
+ google.cz
+ google.de
+ google.dj
+ google.dk
+ google.dm
+ google.dz
+ google.ee
+ google.es
+ google.fi
+ google.fm
+ google.fr
+ google.ga
+ google.ge
+ google.gg
+ google.gl
+ google.gm
+ google.gp
+ google.gr
+ google.gy
+ google.hn
+ google.hr
+ google.ht
+ google.hu
+ google.ie
+ google.im
+ google.iq
+ google.is
+ google.it
+ google.je
+ google.jo
+ google.kg
+ google.ki
+ google.kz
+ google.la
+ google.li
+ google.lk
+ google.lt
+ google.lu
+ google.lv
+ google.md
+ google.me
+ google.mg
+ google.mk
+ google.ml
+ google.mn
+ google.ms
+ google.mu
+ google.mv
+ google.mw
+ google.ne
+ google.nl
+ google.no
+ google.nr
+ google.nu
+ google.pl
+ google.pn
+ google.ps
+ google.pt
+ google.ro
+ google.rs
+ google.ru
+ google.rw
+ google.sc
+ google.se
+ google.sh
+ google.si
+ google.sk
+ google.sm
+ google.sn
+ google.so
+ google.sr
+ google.st
+ google.td
+ google.tg
+ google.tk
+ google.tl
+ google.tm
+ google.tn
+ google.to
+ google.tt
+ google.vg
+ google.vu
+ google.ws
+ )
+
+ (
+ # Nothing to do if safe search is not enabled
+ if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
+ exit 0
+ fi
+
+ # This all belongs into the server: section
+ echo "server:"
+
+ # Bing
+ echo " local-zone: bing.com transparent"
+ echo " local-data: \"www.bing.com CNAME strict.bing.com.\""
+
+ # DuckDuckGo
+ echo " local-zone: duckduckgo.com transparent"
+ echo " local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\""
+
+ # Google
+ local domain
+ for domain in ${google_tlds[@]}; do
+ echo " local-zone: ${domain} transparent"
+ echo " local-data: \"www.${domain} CNAME forcesafesearch.google.com.\""
+ done
+
+ # Yandex
+ echo " local-zone: yandex.ru transparent"
+ echo " local-data: \"yandex.ru A 213.180.193.56\""
+
+ # YouTube
+ echo " local-zone: youtube.com transparent"
+ echo " local-data: \"www.youtube.com CNAME restrictmoderate.youtube.com.\""
+ ) > /etc/unbound/safe-search.conf
+}
+
case "$1" in
start)
# Print a nicer messagen when unbound is already running
# Update configuration files
write_tuning_conf
write_forward_conf
+ write_safe_search_conf
boot_mesg "Starting Unbound DNS Proxy..."
loadproc /usr/sbin/unbound || exit $?
+++ /dev/null
-From fed8c3db10bc9d3a1e799a774924c00522595d0c Mon Sep 17 00:00:00 2001
-From: Evgeny Yurchenko <evg.yurch@rogers.com>
-Date: Mon, 4 Jan 2010 05:13:59 +0500
-Subject: [PATCH] Send IGMP packets with IP Router Alert option [RFC 2113] included in IP header
-
----
- src/igmp.c | 17 ++++++++++++-----
- src/igmpproxy.h | 1 +
- 2 files changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/src/igmp.c b/src/igmp.c
-index a0cd27d..b547688 100644
---- a/src/igmp.c
-+++ b/src/igmp.c
-@@ -67,7 +67,7 @@ void initIgmp() {
- * - Checksum (let the kernel fill it in)
- */
- ip->ip_v = IPVERSION;
-- ip->ip_hl = sizeof(struct ip) >> 2;
-+ ip->ip_hl = (sizeof(struct ip) + 4) >> 2; /* +4 for Router Alert option */
- ip->ip_tos = 0xc0; /* Internet Control */
- ip->ip_ttl = MAXTTL; /* applies to unicasts only */
- ip->ip_p = IPPROTO_IGMP;
-@@ -213,7 +213,7 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i
- ip = (struct ip *)send_buf;
- ip->ip_src.s_addr = src;
- ip->ip_dst.s_addr = dst;
-- ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
-+ ip_set_len(ip, IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen);
-
- if (IN_MULTICAST(ntohl(dst))) {
- ip->ip_ttl = curttl;
-@@ -221,13 +221,20 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i
- ip->ip_ttl = MAXTTL;
- }
-
-- igmp = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
-+ /* Add Router Alert option */
-+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[0] = IPOPT_RA;
-+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[1] = 0x04;
-+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[2] = 0x00;
-+ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[3] = 0x00;
-+
-+ igmp = (struct igmp *)(send_buf + IP_HEADER_RAOPT_LEN);
- igmp->igmp_type = type;
- igmp->igmp_code = code;
- igmp->igmp_group.s_addr = group;
- igmp->igmp_cksum = 0;
- igmp->igmp_cksum = inetChksum((u_short *)igmp,
-- IGMP_MINLEN + datalen);
-+ IP_HEADER_RAOPT_LEN + datalen);
-+
- }
-
- /*
-@@ -257,7 +264,7 @@ void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, in
- #endif
- sdst.sin_addr.s_addr = dst;
- if (sendto(MRouterFD, send_buf,
-- MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
-+ IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen, 0,
- (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
- if (errno == ENETDOWN)
- my_log(LOG_ERR, errno, "Sender VIF was down.");
-diff --git a/src/igmpproxy.h b/src/igmpproxy.h
-index 0de7791..4df8a79 100644
---- a/src/igmpproxy.h
-+++ b/src/igmpproxy.h
-@@ -64,6 +64,7 @@
- #define MAX_IP_PACKET_LEN 576
- #define MIN_IP_HEADER_LEN 20
- #define MAX_IP_HEADER_LEN 60
-+#define IP_HEADER_RAOPT_LEN 24
-
- #define MAX_MC_VIFS 32 // !!! check this const in the specific includes
-
---
-1.7.2.5
-
+++ /dev/null
-From 85e240727305b156097ee7aa0f0c4473a136291f Mon Sep 17 00:00:00 2001
-From: Constantin Baranov <const@mimas.ru>
-Date: Tue, 23 Feb 2010 21:08:02 +0400
-Subject: [PATCH] Change default interface state to disabled (wrt #2945877)
-
----
- src/ifvc.c | 2 +-
- src/igmpproxy.c | 6 ++++--
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/ifvc.c b/src/ifvc.c
-index 545b3b4..9d7ee97 100644
---- a/src/ifvc.c
-+++ b/src/ifvc.c
-@@ -139,7 +139,7 @@ void buildIfVc() {
- IfDescEp->allowednets->subnet_addr = subnet;
-
- // Set the default params for the IF...
-- IfDescEp->state = IF_STATE_DOWNSTREAM;
-+ IfDescEp->state = IF_STATE_DISABLED;
- IfDescEp->robustness = DEFAULT_ROBUSTNESS;
- IfDescEp->threshold = DEFAULT_THRESHOLD; /* ttl limit */
- IfDescEp->ratelimit = DEFAULT_RATELIMIT;
-diff --git a/src/igmpproxy.c b/src/igmpproxy.c
-index 1ece15a..35000c7 100644
---- a/src/igmpproxy.c
-+++ b/src/igmpproxy.c
-@@ -186,8 +186,10 @@ int igmpProxyInit() {
- }
- }
-
-- addVIF( Dp );
-- vifcount++;
-+ if (Dp->state != IF_STATE_DISABLED) {
-+ addVIF( Dp );
-+ vifcount++;
-+ }
- }
- }
-
---
-1.7.2.5
-
+++ /dev/null
-From 65f777e7f66b55239d935c1cf81bb5abc0f6c89f Mon Sep 17 00:00:00 2001
-From: Grinch <grinch79@users.sourceforge.net>
-Date: Sun, 16 Aug 2009 19:58:26 +0500
-Subject: [PATCH] Restrict igmp reports for downstream interfaces (wrt #2833339)
-
-atm all igmp membership reports are forwarded to the upstream interface.
-Unfortunately some ISP Providers restrict some multicast groups (esp. those
-that are defined as local link groups and that are not supposed to be
-forwarded to the wan, i.e 224.0.0.0/24). Therefore there should be some
-kind of black oder whitelisting.
-As whitelisting can be accomplished quite easy I wrote a litte patch, which
-is attached to this request.
----
- doc/igmpproxy.conf.5.in | 19 +++++++++++++++++++
- src/config.c | 23 ++++++++++++++++++++++-
- src/igmpproxy.h | 1 +
- src/request.c | 20 ++++++++++++++++----
- 4 files changed, 58 insertions(+), 5 deletions(-)
-
-diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
-index a4ea7d0..56efa22 100644
---- a/doc/igmpproxy.conf.5.in
-+++ b/doc/igmpproxy.conf.5.in
-@@ -116,6 +116,25 @@ This is especially useful for the upstream interface, since the source for multi
- traffic is often from a remote location. Any number of altnet parameters can be specified.
- .RE
-
-+.B whitelist
-+.I networkaddr
-+.RS
-+Defines a whitelist for multicast groups. The network address must be in the following
-+format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32,
-+i.e. 'a.b.c.d/32'.
-+
-+By default all multicast groups are allowed on any downstream interface. If at least one
-+whitelist entry is defined, all igmp membership reports for not explicitly whitelisted
-+multicast groups will be ignored and therefore not be served by igmpproxy. This is especially
-+useful, if your provider does only allow a predefined set of multicast groups. These whitelists
-+are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the
-+same machine as igmpproxy from requesting 'unallowed' multicast groups.
-+
-+You may specify as many whitelist entries as needed. Although you should keep it as simple as
-+possible, as this list is parsed for every membership report and therefore this increases igmp
-+response times. Often used or large groups should be defined first, as parsing ends as soon as
-+a group matches an entry.
-+.RE
-
- .SH EXAMPLE
- ## Enable quickleave
-diff --git a/src/config.c b/src/config.c
-index 5a96ce0..d72619f 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -46,6 +46,9 @@ struct vifconfig {
-
- // Keep allowed nets for VIF.
- struct SubnetList* allowednets;
-+
-+ // Allowed Groups
-+ struct SubnetList* allowedgroups;
-
- // Next config in list...
- struct vifconfig* next;
-@@ -202,6 +205,8 @@ void configureVifs() {
- // Insert the configured nets...
- vifLast->next = confPtr->allowednets;
-
-+ Dp->allowedgroups = confPtr->allowedgroups;
-+
- break;
- }
- }
-@@ -215,7 +220,7 @@ void configureVifs() {
- */
- struct vifconfig *parsePhyintToken() {
- struct vifconfig *tmpPtr;
-- struct SubnetList **anetPtr;
-+ struct SubnetList **anetPtr, **agrpPtr;
- char *token;
- short parseError = 0;
-
-@@ -239,6 +244,7 @@ struct vifconfig *parsePhyintToken() {
- tmpPtr->threshold = 1;
- tmpPtr->state = IF_STATE_DOWNSTREAM;
- tmpPtr->allowednets = NULL;
-+ tmpPtr->allowedgroups = NULL;
-
- // Make a copy of the token to store the IF name
- tmpPtr->name = strdup( token );
-@@ -248,6 +254,7 @@ struct vifconfig *parsePhyintToken() {
-
- // Set the altnet pointer to the allowednets pointer.
- anetPtr = &tmpPtr->allowednets;
-+ agrpPtr = &tmpPtr->allowedgroups;
-
- // Parse the rest of the config..
- token = nextConfigToken();
-@@ -266,6 +273,20 @@ struct vifconfig *parsePhyintToken() {
- anetPtr = &(*anetPtr)->next;
- }
- }
-+ else if(strcmp("whitelist", token)==0) {
-+ // Whitelist
-+ token = nextConfigToken();
-+ my_log(LOG_DEBUG, 0, "Config: IF: Got whitelist token %s.", token);
-+
-+ *agrpPtr = parseSubnetAddress(token);
-+ if(*agrpPtr == NULL) {
-+ parseError = 1;
-+ my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
-+ break;
-+ } else {
-+ agrpPtr = &(*agrpPtr)->next;
-+ }
-+ }
- else if(strcmp("upstream", token)==0) {
- // Upstream
- my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
-diff --git a/src/igmpproxy.h b/src/igmpproxy.h
-index 4dabd1c..0de7791 100644
---- a/src/igmpproxy.h
-+++ b/src/igmpproxy.h
-@@ -145,6 +145,7 @@ struct IfDesc {
- short Flags;
- short state;
- struct SubnetList* allowednets;
-+ struct SubnetList* allowedgroups;
- unsigned int robustness;
- unsigned char threshold; /* ttl limit */
- unsigned int ratelimit;
-diff --git a/src/request.c b/src/request.c
-index e3589f6..89b91de 100644
---- a/src/request.c
-+++ b/src/request.c
-@@ -82,10 +82,22 @@ void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
- my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
- inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
-
-- // The membership report was OK... Insert it into the route table..
-- insertRoute(group, sourceVif->index);
--
--
-+ // If we don't have a whitelist we insertRoute and done
-+ if(sourceVif->allowedgroups == NULL)
-+ {
-+ insertRoute(group, sourceVif->index);
-+ return;
-+ }
-+ // Check if this Request is legit on this interface
-+ struct SubnetList *sn;
-+ for(sn = sourceVif->allowedgroups; sn != NULL; sn = sn->next)
-+ if((group & sn->subnet_mask) == sn->subnet_addr)
-+ {
-+ // The membership report was OK... Insert it into the route table..
-+ insertRoute(group, sourceVif->index);
-+ return;
-+ }
-+ my_log(LOG_INFO, 0, "The group address %s may not be requested from this interface. Ignoring.", inetFmt(group, s1));
- } else {
- // Log the state of the interface the report was recieved on.
- my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
---
-1.7.2.5
-
+++ /dev/null
-From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001
-From: Stefan Becker <stefan.becker@nokia.com>
-Date: Fri, 11 Dec 2009 21:08:57 +0200
-Subject: [PATCH] Restrict igmp reports forwarding to upstream interface
-
-Utilize the new "whitelist" keyword also on the upstream interface definition.
-If specified then only whitelisted multicast groups will be forwarded upstream.
-
-This can be used to avoid publishing private multicast groups to the world,
-e.g. SSDP from a UPnP server on the internal network.
----
- doc/igmpproxy.conf.5.in | 5 +++++
- src/rttable.c | 17 +++++++++++++++++
- 2 files changed, 22 insertions(+), 0 deletions(-)
-
-diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
-index 56efa22..d916f05 100644
---- a/doc/igmpproxy.conf.5.in
-+++ b/doc/igmpproxy.conf.5.in
-@@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it
- possible, as this list is parsed for every membership report and therefore this increases igmp
- response times. Often used or large groups should be defined first, as parsing ends as soon as
- a group matches an entry.
-+
-+You may also specify whitelist entries for the upstream interface. Only igmp membership reports
-+for explicitely whitelisted multicast groups will be sent out on the upstream interface. This
-+is useful if you want to use multicast groups only between your downstream interfaces, like SSDP
-+from a UPnP server.
- .RE
-
- .SH EXAMPLE
-diff --git a/src/rttable.c b/src/rttable.c
-index f0701a8..77dd791 100644
---- a/src/rttable.c
-+++ b/src/rttable.c
-@@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
- my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
- }
-
-+ // Check if there is a white list for the upstram VIF
-+ if (upstrIf->allowedgroups != NULL) {
-+ uint32_t group = route->group;
-+ struct SubnetList* sn;
-+
-+ // Check if this Request is legit to be forwarded to upstream
-+ for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next)
-+ if((group & sn->subnet_mask) == sn->subnet_addr)
-+ // Forward is OK...
-+ break;
-+
-+ if (sn == NULL) {
-+ my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1));
-+ return;
-+ }
-+ }
-+
- // Send join or leave request...
- if(join) {
-
---
-1.7.2.5
-
+++ /dev/null
-From d0e66e0719ae8eb549f7cc220fdc66575d3db332 Mon Sep 17 00:00:00 2001
-From: Jonas Gorski <jonas.gorski@gmail.com>
-Date: Thu, 29 Mar 2012 17:01:11 +0200
-Subject: [PATCH 4/4] use monotic clock instead of time of day
-
-The time of day might chance e.g. by daylight savings time during the
-runtime, which causes timers to fire repeatedly for a long time.
-
-Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
-
-Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
----
- configure.ac | 2 ++
- src/igmpproxy.c | 26 +++++++++++++-------------
- src/igmpproxy.h | 3 ++-
- 3 files changed, 17 insertions(+), 14 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 85beb08..bd84eba 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -25,6 +25,8 @@ AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
- #include <netinet/in.h>
- ]])
-
-+AC_SEARCH_LIBS([clock_gettime],[rt])
-+
- AC_CONFIG_FILES([
- Makefile
- doc/Makefile
-diff --git a/src/igmpproxy.c b/src/igmpproxy.c
-index 35000c7..3a9ccad 100644
---- a/src/igmpproxy.c
-+++ b/src/igmpproxy.c
-@@ -234,13 +234,13 @@ void igmpProxyRun() {
- int MaxFD, Rt, secs;
- fd_set ReadFDS;
- socklen_t dummy = 0;
-- struct timeval curtime, lasttime, difftime, tv;
-+ struct timespec curtime, lasttime, difftime, tv;
- // The timeout is a pointer in order to set it to NULL if nessecary.
-- struct timeval *timeout = &tv;
-+ struct timespec *timeout = &tv;
-
- // Initialize timer vars
-- difftime.tv_usec = 0;
-- gettimeofday(&curtime, NULL);
-+ difftime.tv_nsec = 0;
-+ clock_gettime(CLOCK_MONOTONIC, &curtime);
- lasttime = curtime;
-
- // First thing we send a membership query in downstream VIF's...
-@@ -263,7 +263,7 @@ void igmpProxyRun() {
- if(secs == -1) {
- timeout = NULL;
- } else {
-- timeout->tv_usec = 0;
-+ timeout->tv_nsec = 0;
- timeout->tv_sec = secs;
- }
-
-@@ -274,7 +274,7 @@ void igmpProxyRun() {
- FD_SET( MRouterFD, &ReadFDS );
-
- // wait for input
-- Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
-+ Rt = pselect( MaxFD +1, &ReadFDS, NULL, NULL, timeout, NULL );
-
- // log and ignore failures
- if( Rt < 0 ) {
-@@ -307,20 +307,20 @@ void igmpProxyRun() {
- */
- if (Rt == 0) {
- curtime.tv_sec = lasttime.tv_sec + secs;
-- curtime.tv_usec = lasttime.tv_usec;
-+ curtime.tv_nsec = lasttime.tv_nsec;
- Rt = -1; /* don't do this next time through the loop */
- } else {
-- gettimeofday(&curtime, NULL);
-+ clock_gettime(CLOCK_MONOTONIC, &curtime);
- }
- difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
-- difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
-- while (difftime.tv_usec > 1000000) {
-+ difftime.tv_nsec += curtime.tv_nsec - lasttime.tv_nsec;
-+ while (difftime.tv_nsec > 1000000000) {
- difftime.tv_sec++;
-- difftime.tv_usec -= 1000000;
-+ difftime.tv_nsec -= 1000000000;
- }
-- if (difftime.tv_usec < 0) {
-+ if (difftime.tv_nsec < 0) {
- difftime.tv_sec--;
-- difftime.tv_usec += 1000000;
-+ difftime.tv_nsec += 1000000000;
- }
- lasttime = curtime;
- if (secs == 0 || difftime.tv_sec > 0)
-diff --git a/src/igmpproxy.h b/src/igmpproxy.h
-index 4df8a79..36a4f04 100644
---- a/src/igmpproxy.h
-+++ b/src/igmpproxy.h
-@@ -44,12 +44,13 @@
- #include <string.h>
- #include <fcntl.h>
- #include <stdbool.h>
-+#include <time.h>
-
- #include <sys/socket.h>
- #include <sys/un.h>
--#include <sys/time.h>
- #include <sys/ioctl.h>
- #include <sys/param.h>
-+#include <sys/select.h>
-
- #include <net/if.h>
- #include <netinet/in.h>
---
-1.7.2.5
-
+++ /dev/null
---- configure.ac.~ Wed Apr 20 14:26:07 2016
-+++ configure.ac Fri Apr 22 17:20:46 2016
-@@ -3160,6 +3160,9 @@
- ;;
- esac
-
-+SQUID_CHECK_DEFAULT_FD_SETSIZE
-+SQUID_CHECK_MAXFD
-+
- dnl --with-maxfd present for compatibility with Squid-2.
- dnl undocumented in ./configure --help to encourage using the Squid-3 directive
- AC_ARG_WITH(maxfd,,
-@@ -3190,8 +3193,6 @@
- esac
- ])
-
--SQUID_CHECK_DEFAULT_FD_SETSIZE
--SQUID_CHECK_MAXFD
- if test "x$squid_filedescriptors_num" != "x"; then
- AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
- fi
#!/bin/sh
# FIXME: edit this lines before release
-IPFVER=2.21
+IPFVER=2.23
COREVER=$(cat /opt/pakfire/db/core/mine)
arch=$(uname -m)
# Store error message for displaying in the WUI.
&IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+ # Unlock the IDS page.
+ &IDS::unlock_ids_page();
+
# Exit.
exit 0;
}
projects / people / pmueller / ipfire-2.x.git / commitdiff
