Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into beyond-next
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 26 Mar 2014 22:42:57 +0000 (23:42 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 26 Mar 2014 22:42:57 +0000 (23:42 +0100)
config/cfgroot/graphs.pl
config/firewall/firewall-lib.pl
config/firewall/rules.pl
html/cgi-bin/entropy.cgi [changed mode: 0755->0644]
html/cgi-bin/firewall.cgi
html/cgi-bin/wlanap.cgi
lfs/hostapd
lfs/linux
src/initscripts/init.d/hostapd
src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch [new file with mode: 0644]

index 4942c98..487a4dd 100644 (file)
@@ -92,7 +92,7 @@ sub makegraphbox {
        print "<a href='".$_[0]."?".$_[1]."?month' target='".$_[1]."box'><b>".$Lang::tr{'month'}."</b></a>";
        print " - ";
        print "<a href='".$_[0]."?".$_[1]."?year' target='".$_[1]."box'><b>".$Lang::tr{'year'}."</b></a>";
-       print "</center>";
+       print "<br></center>";
        print "<iframe src='".$_[0]."?".$_[1]."?".$_[2]."' width='".$width."' height='".$height."' scrolling='no' frameborder='no' marginheight='0' name='".$_[1]."box'></iframe>";
 }
 
index fc80555..ae2a462 100755 (executable)
@@ -35,6 +35,7 @@ my %ipsecconf=();
 my %ipsecsettings=();
 my %netsettings=();
 my %ovpnsettings=();
+my %aliases=();
 
 require '/var/ipfire/general-functions.pl';
 
@@ -49,12 +50,12 @@ my $configipsec             = "${General::swroot}/vpn/config";
 my $configovpn         = "${General::swroot}/ovpn/settings";
 my $val;
 my $field;
+my $netsettings                = "${General::swroot}/ethernet/settings";
 
 &General::readhash("/var/ipfire/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/ovpn/settings", \%ovpnsettings);
 &General::readhash("${General::swroot}/vpn/settings", \%ipsecsettings);
 
-
 &General::readhasharray("$confignet", \%customnetwork);
 &General::readhasharray("$confighost", \%customhost);
 &General::readhasharray("$configgrp", \%customgrp);
@@ -103,8 +104,6 @@ sub get_srvgrp_prot
        return $back;
        
 }
-
-
 sub get_srv_port
 {
        my $val=shift;
@@ -253,5 +252,276 @@ sub get_host_ip
                }  
        }
 }
+sub get_addresses
+{
+       my $hash = shift;
+       my $key  = shift;
+       my $type = shift;
+
+       my @addresses = ();
+       my $addr_type;
+       my $value;
+       my $group_name;
+
+       if ($type eq "src") {
+               $addr_type = $$hash{$key}[3];
+               $value = $$hash{$key}[4];
+
+       } elsif ($type eq "tgt") {
+               $addr_type = $$hash{$key}[5];
+               $value = $$hash{$key}[6];
+       }
+
+       if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) {
+               foreach my $grp (sort {$a <=> $b} keys %customgrp) {
+                       if ($customgrp{$grp}[0] eq $value) {
+                               my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type);
+
+                               if (@address) {
+                                       push(@addresses, @address);
+                               }
+                       }
+               }
+       } else {
+               my @address = &get_address($addr_type, $value, $type);
+
+               if (@address) {
+                       push(@addresses, @address);
+               }
+       }
+
+       return @addresses;
+}
+sub get_address
+{
+       my $key   = shift;
+       my $value = shift;
+       my $type  = shift;
+
+       my @ret = ();
+
+       # If the user manually typed an address, we just check if it is a MAC
+       # address. Otherwise, we assume that it is an IP address.
+       if ($key ~~ ["src_addr", "tgt_addr"]) {
+               if (&General::validmac($value)) {
+                       push(@ret, "-m mac --mac-source $value");
+               } else {
+                       push(@ret, $value);
+               }
+
+       # If a default network interface (GREEN, BLUE, etc.) is selected, we
+       # try to get the corresponding address of the network.
+       } elsif ($key ~~ ["std_net_src", "std_net_tgt", "Standard Network"]) {
+               my $external_interface = &get_external_interface();
+
+               my $network_address = &get_std_net_ip($value, $external_interface);
+               if ($network_address) {
+                       push(@ret, $network_address);
+               }
+
+       # Custom networks.
+       } elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) {
+               my $network_address = &get_net_ip($value);
+               if ($network_address) {
+                       push(@ret, $network_address);
+               }
+
+       # Custom hosts.
+       } elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) {
+               my $host_address = &get_host_ip($value, $type);
+               if ($host_address) {
+                       push(@ret, $host_address);
+               }
+
+       # OpenVPN networks.
+       } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
+               my $network_address = &get_ovpn_net_ip($value, 1);
+               if ($network_address) {
+                       push(@ret, $network_address);
+               }
+
+       # OpenVPN hosts.
+       } elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) {
+               my $host_address = &get_ovpn_host_ip($value, 33);
+               if ($host_address) {
+                       push(@ret, $host_address);
+               }
+
+       # OpenVPN N2N.
+       } elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) {
+               my $network_address = &get_ovpn_n2n_ip($value, 11);
+               if ($network_address) {
+                       push(@ret, $network_address);
+               }
+
+       # IPsec networks.
+       } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
+               my $network_address = &get_ipsec_net_ip($value, 11);
+               if ($network_address) {
+                       push(@ret, $network_address);
+               }
+
+       # The firewall's own IP addresses.
+       } elsif ($key ~~ ["ipfire", "ipfire_src"]) {
+               # ALL
+               if ($value eq "ALL") {
+                       push(@ret, "0/0");
+
+               # GREEN
+               } elsif ($value eq "GREEN") {
+                       push(@ret, $netsettings{"GREEN_ADDRESS"});
+
+               # BLUE
+               } elsif ($value eq "BLUE") {
+                       push(@ret, $netsettings{"BLUE_ADDRESS"});
+
+               # ORANGE
+               } elsif ($value eq "ORANGE") {
+                       push(@ret, $netsettings{"ORANGE_ADDRESS"});
+
+               # RED
+               } elsif ($value ~~ ["RED", "RED1"]) {
+                       my $address = &get_external_address();
+                       if ($address) {
+                               push(@ret, $address);
+                       }
+
+               # Aliases
+               } else {
+                       my %alias = &get_alias($value);
+                       if (%alias) {
+                               push(@ret, $alias{"IPT"});
+                       }
+               }
+
+       # If nothing was selected, we assume "any".
+       } else {
+               push(@ret, "0/0");
+       }
+
+       return @ret;
+}
+sub get_external_interface()
+{
+       open(IFACE, "/var/ipfire/red/iface") or return "";
+       my $iface = <IFACE>;
+       close(IFACE);
+
+       return $iface;
+}
+sub get_external_address()
+{
+       open(ADDR, "/var/ipfire/red/local-ipaddress") or return "";
+       my $address = <ADDR>;
+       close(ADDR);
+
+       return $address;
+}
+sub get_alias
+{
+       my $id = shift;
+
+       foreach my $alias (sort keys %aliases) {
+               if ($id eq $alias) {
+                       return $aliases{$alias};
+               }
+       }
+}
+sub get_nat_address
+{
+       my $zone = shift;
+       my $source = shift;
+
+       # Any static address of any zone.
+       if ($zone eq "AUTO") {
+               if ($source && ($source !~ m/mac/i )) {
+                       my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
+                       if ($firewall_ip) {
+                               return $firewall_ip;
+                       }
+
+                       $firewall_ip = &get_matching_firewall_address($source, 1);
+                       if ($firewall_ip) {
+                               return $firewall_ip;
+                       }
+               }
+
+               return &get_external_address();
+
+       } elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
+               return $netsettings{$zone . "_ADDRESS"};
+
+       } elsif ($zone eq "Default IP") {
+               return &get_external_address();
+
+       } else {
+               return &get_alias($zone);
+       }
+
+       print_error("Could not find NAT address");
+}
+sub get_internal_firewall_ip_addresses
+{
+       my $use_orange = shift;
+
+       my @zones = ("GREEN", "BLUE");
+       if ($use_orange) {
+               push(@zones, "ORANGE");
+       }
+
+       my @addresses = ();
+       for my $zone (@zones) {
+               next unless (exists $netsettings{$zone . "_ADDRESS"});
+
+               my $zone_address = $netsettings{$zone . "_ADDRESS"};
+               push(@addresses, $zone_address);
+       }
+
+       return @addresses;
+}
+sub get_matching_firewall_address
+{
+       my $addr = shift;
+       my $use_orange = shift;
+
+       my ($address, $netmask) = split("/", $addr);
+
+       my @zones = ("GREEN", "BLUE");
+       if ($use_orange) {
+               push(@zones, "ORANGE");
+       }
+
+       foreach my $zone (@zones) {
+               next unless (exists $netsettings{$zone . "_ADDRESS"});
+
+               my $zone_subnet = $netsettings{$zone . "_NETADDRESS"};
+               my $zone_mask   = $netsettings{$zone . "_NETMASK"};
+
+               if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) {
+                       return $netsettings{$zone . "_ADDRESS"};
+               }
+       }
+
+       return 0;
+}
+sub get_internal_firewall_ip_address
+{
+       my $subnet = shift;
+       my $use_orange = shift;
+
+       my ($net_address, $net_mask) = split("/", $subnet);
+       if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) {
+               return 0;
+       }
+
+       my @addresses = &get_internal_firewall_ip_addresses($use_orange);
+       foreach my $zone_address (@addresses) {
+               if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) {
+                       return $zone_address;
+               }
+       }
+
+       return 0;
+}
 
 return 1;
index 50fff3f..f25983c 100755 (executable)
@@ -170,10 +170,13 @@ sub buildrules {
                }
 
                # Collect all sources.
-               my @sources = &get_addresses($hash, $key, "src");
+               my @sources = &fwlib::get_addresses($hash, $key, "src");
 
                # Collect all destinations.
-               my @destinations = &get_addresses($hash, $key, "tgt");
+               my @destinations = &fwlib::get_addresses($hash, $key, "tgt");
+
+               # True if the destination is the firewall itself.
+               my $destination_is_firewall = ($$hash{$key}[5] eq "ipfire");
 
                # Check if logging should be enabled.
                my $LOG = ($$hash{$key}[17] eq 'ON');
@@ -246,7 +249,7 @@ sub buildrules {
                        }
 
                        # Prepare protocol options (like ICMP types, ports, etc...).
-                       my @protocol_options = &get_protocol_options($hash, $key, $protocol);
+                       my @protocol_options = &get_protocol_options($hash, $key, $protocol, 0);
 
                        # Check if this protocol knows ports.
                        my $protocol_has_ports = ($protocol ~~ @PROTOCOLS_WITH_PORTS);
@@ -271,7 +274,6 @@ sub buildrules {
 
                                        # Append protocol.
                                        if ($protocol ne "all") {
-                                               push(@options, ("-p", $protocol));
                                                push(@options, @protocol_options);
                                        }
 
@@ -299,7 +301,7 @@ sub buildrules {
 
                                        # Process NAT rules.
                                        if ($NAT) {
-                                               my $nat_address = &get_nat_address($$hash{$key}[29], $source);
+                                               my $nat_address = &fwlib::get_nat_address($$hash{$key}[29], $source);
 
                                                # Skip NAT rules if the NAT address is unknown
                                                # (i.e. no internet connection has been established, yet).
@@ -308,30 +310,57 @@ sub buildrules {
                                                # Destination NAT
                                                if ($NAT_MODE eq "DNAT") {
                                                        # Make port-forwardings useable from the internal networks.
-                                                       my @internal_addresses = &get_internal_firewall_ip_addresses(1);
+                                                       my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
                                                        unless ($nat_address ~~ @internal_addresses) {
                                                                &add_dnat_mangle_rules($nat_address, @options);
                                                        }
 
-                                                       my @nat_options = @options;
+                                                       my @nat_options = ();
+                                                       if ($protocol ne "all") {
+                                                               my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1);
+                                                               push(@nat_options, @nat_protocol_options);
+                                                       }
                                                        push(@nat_options, @source_options);
                                                        push(@nat_options, ("-d", $nat_address));
+                                                       push(@nat_options, @time_options);
 
-                                                       my ($dnat_address, $dnat_mask) = split("/", $destination);
-                                                       @destination_options = ("-d", $dnat_address);
-
+                                                       my $dnat_port;
                                                        if ($protocol_has_ports) {
-                                                               my $dnat_port = &get_dnat_target_port($hash, $key);
+                                                               $dnat_port = &get_dnat_target_port($hash, $key);
+                                                       }
+
+                                                       my @nat_action_options = ();
 
-                                                               if ($dnat_port) {
-                                                                       $dnat_address .= ":$dnat_port";
+                                                       # Use iptables REDIRECT
+                                                       my $use_redirect = ($destination_is_firewall && !$destination && $protocol_has_ports && $dnat_port);
+                                                       if ($use_redirect) {
+                                                               push(@nat_action_options, ("-j", "REDIRECT", "--to-ports", $dnat_port));
+
+                                                       # Use iptables DNAT
+                                                       } else {
+                                                               if ($destination_is_firewall && !$destination) {
+                                                                       $destination = &fwlib::get_external_address();
                                                                }
+                                                               next unless ($destination);
+
+                                                               my ($dnat_address, $dnat_mask) = split("/", $destination);
+                                                               @destination_options = ("-d", $dnat_address);
+
+                                                               if ($protocol_has_ports) {
+                                                                       my $dnat_port = &get_dnat_target_port($hash, $key);
+
+                                                                       if ($dnat_port) {
+                                                                               $dnat_address .= ":$dnat_port";
+                                                                       }
+                                                               }
+
+                                                               push(@nat_action_options, ("-j", "DNAT", "--to-destination", $dnat_address));
                                                        }
 
                                                        if ($LOG) {
                                                                run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options @log_limit_options -j LOG --log-prefix 'DNAT '");
                                                        }
-                                                       run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j DNAT --to-destination $dnat_address");
+                                                       run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options @nat_action_options");
 
                                                # Source NAT
                                                } elsif ($NAT_MODE eq "SNAT") {
@@ -369,65 +398,6 @@ sub buildrules {
        }
 }
 
-sub get_external_interface() {
-       open(IFACE, "/var/ipfire/red/iface") or return "";
-       my $iface = <IFACE>;
-       close(IFACE);
-
-       return $iface;
-}
-
-sub get_external_address() {
-       open(ADDR, "/var/ipfire/red/local-ipaddress") or return "";
-       my $address = <ADDR>;
-       close(ADDR);
-
-       return $address;
-}
-
-sub get_alias {
-       my $id = shift;
-
-       foreach my $alias (sort keys %aliases) {
-               if ($id eq $alias) {
-                       return $aliases{$alias};
-               }
-       }
-}
-
-sub get_nat_address {
-       my $zone = shift;
-       my $source = shift;
-
-       # Any static address of any zone.
-       if ($zone eq "AUTO") {
-               if ($source) {
-                       my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
-                       if ($firewall_ip) {
-                               return $firewall_ip;
-                       }
-
-                       $firewall_ip = &get_matching_firewall_address($source, 1);
-                       if ($firewall_ip) {
-                               return $firewall_ip;
-                       }
-               }
-
-               return &get_external_address();
-
-       } elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
-               return $defaultNetworks{$zone . "_ADDRESS"};
-
-       } elsif ($zone eq "Default IP") {
-               return &get_external_address();
-
-       } else {
-               return &get_alias($zone);
-       }
-
-       print_error("Could not find NAT address");
-}
-
 # Formats the given timestamp into the iptables format which is "hh:mm" UTC.
 sub format_time {
        my $val = shift;
@@ -493,155 +463,6 @@ sub p2pblock {
        }
 }
 
-sub get_addresses {
-       my $hash = shift;
-       my $key  = shift;
-       my $type = shift;
-
-       my @addresses = ();
-       my $addr_type;
-       my $value;
-       my $group_name;
-
-       if ($type eq "src") {
-               $addr_type = $$hash{$key}[3];
-               $value = $$hash{$key}[4];
-
-       } elsif ($type eq "tgt") {
-               $addr_type = $$hash{$key}[5];
-               $value = $$hash{$key}[6];
-       }
-
-       if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) {
-               foreach my $grp (sort {$a <=> $b} keys %customgrp) {
-                       if ($customgrp{$grp}[0] eq $value) {
-                               my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type);
-
-                               if (@address) {
-                                       push(@addresses, @address);
-                               }
-                       }
-               }
-       } else {
-               my @address = &get_address($addr_type, $value, $type);
-
-               if (@address) {
-                       push(@addresses, @address);
-               }
-       }
-
-       return @addresses;
-}
-
-sub get_address {
-       my $key   = shift;
-       my $value = shift;
-       my $type  = shift;
-
-       my @ret = ();
-
-       # If the user manually typed an address, we just check if it is a MAC
-       # address. Otherwise, we assume that it is an IP address.
-       if ($key ~~ ["src_addr", "tgt_addr"]) {
-               if (&General::validmac($value)) {
-                       push(@ret, "-m mac --mac-source $value");
-               } else {
-                       push(@ret, $value);
-               }
-
-       # If a default network interface (GREEN, BLUE, etc.) is selected, we
-       # try to get the corresponding address of the network.
-       } elsif ($key ~~ ["std_net_src", "std_net_tgt", "Standard Network"]) {
-               my $external_interface = &get_external_interface();
-
-               my $network_address = &fwlib::get_std_net_ip($value, $external_interface);
-               if ($network_address) {
-                       push(@ret, $network_address);
-               }
-
-       # Custom networks.
-       } elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) {
-               my $network_address = &fwlib::get_net_ip($value);
-               if ($network_address) {
-                       push(@ret, $network_address);
-               }
-
-       # Custom hosts.
-       } elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) {
-               my $host_address = &fwlib::get_host_ip($value, $type);
-               if ($host_address) {
-                       push(@ret, $host_address);
-               }
-
-       # OpenVPN networks.
-       } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
-               my $network_address = &fwlib::get_ovpn_net_ip($value, 1);
-               if ($network_address) {
-                       push(@ret, $network_address);
-               }
-
-       # OpenVPN hosts.
-       } elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) {
-               my $host_address = &fwlib::get_ovpn_host_ip($value, 33);
-               if ($host_address) {
-                       push(@ret, $host_address);
-               }
-
-       # OpenVPN N2N.
-       } elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) {
-               my $network_address = &fwlib::get_ovpn_n2n_ip($value, 11);
-               if ($network_address) {
-                       push(@ret, $network_address);
-               }
-
-       # IPsec networks.
-       } elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
-               my $network_address = &fwlib::get_ipsec_net_ip($value, 11);
-               if ($network_address) {
-                       push(@ret, $network_address);
-               }
-
-       # The firewall's own IP addresses.
-       } elsif ($key ~~ ["ipfire", "ipfire_src"]) {
-               # ALL
-               if ($value eq "ALL") {
-                       push(@ret, "0/0");
-
-               # GREEN
-               } elsif ($value eq "GREEN") {
-                       push(@ret, $defaultNetworks{"GREEN_ADDRESS"});
-
-               # BLUE
-               } elsif ($value eq "BLUE") {
-                       push(@ret, $defaultNetworks{"BLUE_ADDRESS"});
-
-               # ORANGE
-               } elsif ($value eq "ORANGE") {
-                       push(@ret, $defaultNetworks{"ORANGE_ADDRESS"});
-
-               # RED
-               } elsif ($value ~~ ["RED", "RED1"]) {
-                       my $address = &get_external_address();
-                       if ($address) {
-                               push(@ret, $address);
-                       }
-
-               # Aliases
-               } else {
-                       my %alias = &get_alias($value);
-                       if (%alias) {
-                               push(@ret, $alias{"IPT"});
-                       }
-               }
-
-       # If nothing was selected, we assume "any".
-       } else {
-               push(@ret, "0/0");
-       }
-
-       return @ret;
-}
-
 sub get_protocols {
        my $hash = shift;
        my $key = shift;
@@ -701,8 +522,16 @@ sub get_protocol_options {
        my $hash = shift;
        my $key  = shift;
        my $protocol = shift;
+       my $nat_options_wanted = shift;
        my @options = ();
 
+       # Nothing to do if no protocol is specified.
+       if ($protocol eq "all") {
+               return @options;
+       } else {
+               push(@options, ("-p", $protocol));
+       }
+
        # Process source ports.
        my $use_src_ports = ($$hash{$key}[7] eq "ON");
        my $src_ports     = $$hash{$key}[10];
@@ -720,7 +549,7 @@ sub get_protocol_options {
                my $dst_ports      = $$hash{$key}[15];
 
                if (($dst_ports_mode eq "TGT_PORT") && $dst_ports) {
-                       if ($use_dnat && $$hash{$key}[30]) {
+                       if ($nat_options_wanted && $use_dnat && $$hash{$key}[30]) {
                                $dst_ports = $$hash{$key}[30];
                        }
                        push(@options, &format_ports($dst_ports, "dst"));
@@ -828,50 +657,12 @@ sub make_log_limit_options {
        return @options;
 }
 
-sub get_internal_firewall_ip_addresses {
-       my $use_orange = shift;
-
-       my @zones = ("GREEN", "BLUE");
-       if ($use_orange) {
-               push(@zones, "ORANGE");
-       }
-
-       my @addresses = ();
-       for my $zone (@zones) {
-               next unless (exists $defaultNetworks{$zone . "_ADDRESS"});
-
-               my $zone_address = $defaultNetworks{$zone . "_ADDRESS"};
-               push(@addresses, $zone_address);
-       }
-
-       return @addresses;
-}
-
-sub get_internal_firewall_ip_address {
-       my $subnet = shift;
-       my $use_orange = shift;
-
-       my ($net_address, $net_mask) = split("/", $subnet);
-       if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) {
-               return 0;
-       }
-
-       my @addresses = &get_internal_firewall_ip_addresses($use_orange);
-       foreach my $zone_address (@addresses) {
-               if (&General::IpInSubnet($zone_address, $net_address, $net_mask)) {
-                       return $zone_address;
-               }
-       }
-
-       return 0;
-}
-
 sub firewall_is_in_subnet {
        my $subnet = shift;
 
        # ORANGE is missing here, because nothing may ever access
        # the firewall from this network.
-       my $address = &get_internal_firewall_ip_address($subnet, 0);
+       my $address = &fwlib::get_internal_firewall_ip_address($subnet, 0);
 
        if ($address) {
                return 1;
@@ -880,27 +671,3 @@ sub firewall_is_in_subnet {
        return 0;
 }
 
-sub get_matching_firewall_address {
-       my $addr = shift;
-       my $use_orange = shift;
-
-       my ($address, $netmask) = split("/", $addr);
-
-       my @zones = ("GREEN", "BLUE");
-       if ($use_orange) {
-               push(@zones, "ORANGE");
-       }
-
-       foreach my $zone (@zones) {
-               next unless (exists $defaultNetworks{$zone . "_ADDRESS"});
-
-               my $zone_subnet = $defaultNetworks{$zone . "_NETADDRESS"};
-               my $zone_mask   = $defaultNetworks{$zone . "_NETMASK"};
-
-               if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) {
-                       return $defaultNetworks{$zone . "_ADDRESS"};
-               }
-       }
-
-       return 0;
-}
old mode 100755 (executable)
new mode 100644 (file)
index 436bdaf..164e7cb 100644 (file)
@@ -584,8 +584,10 @@ sub checktarget
                                }
                        }
                }else{
-                       $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
-                       return $errormessage;
+                       if ($fwdfwsettings{'grp2'} ne 'ipfire'){
+                               $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+                               return $errormessage;
+                       }
                }
        }
        if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
@@ -989,6 +991,12 @@ sub deleterule
                &base;
        }
 }
+sub del_double
+{
+       my %all=();
+       @all{@_}=1;
+       return (keys %all);
+}
 sub disable_rule
 {
        my $key1=shift;
@@ -2551,9 +2559,21 @@ END
                                        <td align='center' $tdcolor>
 END
                        #Is this a DNAT rule?
+                       my $natstring;
                        if ($$hash{$key}[31] eq 'dnat' && $$hash{$key}[28] eq 'ON'){
                                if ($$hash{$key}[29] eq 'Default IP'){$$hash{$key}[29]=$Lang::tr{'red1'};}
-                               print "Firewall ($$hash{$key}[29])";
+                               if ($$hash{$key}[29] eq 'AUTO'){
+                                       my @src_addresses=&fwlib::get_addresses(\%$hash,$key,'src');
+                                       my @nat_ifaces;
+                                       foreach my $val (@src_addresses){
+                                               push (@nat_ifaces,&fwlib::get_nat_address($$hash{$key}[29],$val));
+                                       }
+                                       @nat_ifaces=&del_double(@nat_ifaces);
+                                       $natstring = join(', ', @nat_ifaces);
+                               }else{
+                                       $natstring = $$hash{$key}[29];
+                               }
+                               print "$Lang::tr{'firewall'} ($natstring)";
                                if($$hash{$key}[30] ne ''){
                                        $$hash{$key}[30]=~ tr/|/,/;
                                        print": $$hash{$key}[30]";
index 5b2490d..50806ac 100644 (file)
@@ -265,7 +265,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
 my $wiphy = `iw dev $wlanapsettings{'INTERFACE'} info | grep wiphy | cut -d" " -f2`;
 chomp $wiphy;
 
-@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS)" 2>/dev/null`;
+@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "passive scanning" 2>/dev/null`;
 # get available channels
 
 my @temp;
@@ -512,7 +512,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){
         @status =  `wlanconfig $wlanapsettings{'INTERFACE'} list`;
 }
 if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
-        @status =  `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump`;
+        @status =  `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump && echo ""`;
 }
 print <<END
 <br />
index 36343de..5560a42 100644 (file)
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = hostapd
-PAK_VER    = 28
+PAK_VER    = 29
 
 DEPS       = ""
 
index 687de36..1f91c0b 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
 
 include Config
 
-VER        = 3.10.33
+VER        = 3.10.34
 
 RPI_PATCHES = linux-3.10.27-grsec-943b563
-GRS_PATCHES = grsecurity-2.9.1-3.10.33-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.34-ipfire1.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -36,7 +36,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 38
+PAK_VER    = 39
 DEPS      = ""
 
 VERSUFIX=ipfire$(KCFG)
@@ -74,9 +74,9 @@ $(DL_FILE)                            = $(URL_IPFIRE)/$(DL_FILE)
 rpi-patches-$(RPI_PATCHES).patch.xz    = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
 $(GRS_PATCHES)                         = $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5                         = 01865f9c129f3c7eee51e25b3781a364
+$(DL_FILE)_MD5                         = 30991b495a3d75196d5608072d2e62e6
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5        = 8cf81f48408306d93ccee59b58af2e92
-$(GRS_PATCHES)_MD5                     = c99be0018e8bc55fb2e2b8f0ea9783d5
+$(GRS_PATCHES)_MD5                     = b490f7f3bf48387ab2eb60212fcf0c11
 
 install : $(TARGET)
 
@@ -136,6 +136,7 @@ endif
 
        # Wlan Patches
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch
 
        # mISDN Patches
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN_hfc-s_add_id.patch
index c0b11e6..8f59a7f 100644 (file)
@@ -75,7 +75,10 @@ case "${1}" in
                        fi
                fi
 
-               # First reset to World (00) and then set new country
+               # First set to any country then reset to World (00)
+               # and then set new country because the card is only
+               # reprogrammed if the region was changed.
+               /usr/sbin/iw reg set DE
                /usr/sbin/iw reg set 00
                /usr/sbin/iw reg set $COUNTRY
 
diff --git a/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch b/src/patches/linux-3.10.34-iwlwifi-noibss_only_on_radar_chan.patch
new file mode 100644 (file)
index 0000000..cc76fe6
--- /dev/null
@@ -0,0 +1,23 @@
+diff -Naur linux-3.10.34.org/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c linux-3.10.34/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c
+--- linux-3.10.34.org/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c  2014-03-24 05:42:03.000000000 +0100
++++ linux-3.10.34/drivers/net/wireless/iwlwifi/iwl-eeprom-parse.c      2014-03-25 09:08:28.548634788 +0100
+@@ -613,14 +613,16 @@
+                       /* set no-HT40, will enable as appropriate later */
+                       channel->flags = IEEE80211_CHAN_NO_HT40;
++
++                      if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR) {
++                              channel->flags |= IEEE80211_CHAN_RADAR;
++
+                       if (!(eeprom_ch->flags & EEPROM_CHANNEL_IBSS))
+                               channel->flags |= IEEE80211_CHAN_NO_IBSS;
+                       if (!(eeprom_ch->flags & EEPROM_CHANNEL_ACTIVE))
+                               channel->flags |= IEEE80211_CHAN_PASSIVE_SCAN;
+-
+-                      if (eeprom_ch->flags & EEPROM_CHANNEL_RADAR)
+-                              channel->flags |= IEEE80211_CHAN_RADAR;
++}
+                       /* Initialize regulatory-based run-time data */
+                       channel->max_power =