'[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 240acdfd875b2c143e2ef95e2100382c'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfire-scm
Subject:    [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 240acdfd875b2c143e2ef95e2100382c
From:       git () ipfire ! org (Michael Tremer)
Date:       2014-01-18 21:41:41
Message-ID: 20140118214141.87B4820B0F () argus ! ipfire ! org
[Download RAW message or body]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  240acdfd875b2c143e2ef95e2100382c4b6d0569 (commit)
       via  37c84696a2c0eecda7bed87bea042018469c4120 (commit)
       via  0053269b90ed2902506fc46d9eaa3cc9472d7ccd (commit)
       via  917ee261019ef78e8cc5a681fa2abf55c8999e18 (commit)
      from  c27850183cce88fa26024be063a71a002bca5111 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 240acdfd875b2c143e2ef95e2100382c4b6d0569
Author: Stefan Schantl <stefan.schantl at ipfire.org>
Date:   Sat Jan 18 18:37:40 2014 +0100

    Drop "Extra Query" for Shutdown and Reboot from gui.cgi.
    
    In the past this option has been used to prevent users from
    accidently shutting down or rebooting their systems. With IPFire 2.15
    there is a own subpage on the WUI for doing this actions, so there is no
    need anymore for those extra query.

commit 37c84696a2c0eecda7bed87bea042018469c4120
Author: Stefan Schantl <stefan.schantl at ipfire.org>
Date:   Sat Jan 18 18:11:09 2014 +0100

    Make firewall convert scripts more robust.
    
    The converter scripts procude a lot of error, when they get executed on a system \
with  a previously installed version of the New Firewall or they get run twice.
    
    In this case the scripts will detect that their input files are missing and will \
exit with  an error message. The scripts now also check if the input files are empty \
(no corresponding  rules created) and will exit with an nothing to do message.

commit 0053269b90ed2902506fc46d9eaa3cc9472d7ccd
Author: Stefan Schantl <stefan.schantl at ipfire.org>
Date:   Sat Jan 18 18:05:32 2014 +0100

    Core 76: Fix sed command.
    
    There was a syntax error in one of the sed commands, which produced the following \
error:  sed: -e expression #1, char 34: unknown option to `s'.

commit 917ee261019ef78e8cc5a681fa2abf55c8999e18
Author: Stefan Schantl <stefan.schantl at ipfire.org>
Date:   Sat Jan 18 18:00:37 2014 +0100

    Core76: Drop output of iptables commands.
    
    When updating a system with previously installed New Firewall,
    the required firewall chains already are created. In this case error messages
    will be displayed which could be ignored but may unsettle somebody.

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/convert-dmz        |  9 +++++++++
 config/firewall/convert-outgoingfw | 28 ++++++++++++++++++++++++----
 config/firewall/convert-portfw     | 11 +++++++++++
 config/firewall/convert-xtaccess   | 11 +++++++++++
 config/rootfiles/core/76/update.sh | 16 ++++++++--------
 html/cgi-bin/gui.cgi               | 17 -----------------
 6 files changed, 63 insertions(+), 29 deletions(-)

Difference in files:
diff --git a/config/firewall/convert-dmz b/config/firewall/convert-dmz
index fbcc4cf..7b77045 100755
--- a/config/firewall/convert-dmz
+++ b/config/firewall/convert-dmz
@@ -55,6 +55,15 @@ my $field29 = 'ALL';
 my $field30 = '';
 my $field31 = 'dnat';
 
+if (! -e "$dmzconfig") {
+	print "DMZ config file not found. Exiting!\n";
+	exit(1);
+}
+
+if (! -s "$dmzconfig") {
+	print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+	exit(0);
+}
 
 open(FILE, $dmzconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
diff --git a/config/firewall/convert-outgoingfw b/config/firewall/convert-outgoingfw
index 4f8bcdc..ea49375 100755
--- a/config/firewall/convert-outgoingfw
+++ b/config/firewall/convert-outgoingfw
@@ -48,8 +48,8 @@ my $ccdconfig		= "${General::swroot}/ovpn/ccd.conf";
 my $fwdfwconfig		= "${General::swroot}/firewall/config";
 my $outfwconfig		= "${General::swroot}/firewall/outgoing";
 my $fwdfwsettings	= "${General::swroot}/firewall/settings";
-my @ipgroups = qx(ls $ipgrouppath);
-my @macgroups = qx(ls $macgrouppath);
+my @ipgroups = qx(ls $ipgrouppath 2>/dev/null);
+my @macgroups = qx(ls $macgrouppath 2>/dev/null);
 my @hostarray=();
 my %outsettings=();
 my %hosts=();
@@ -65,16 +65,36 @@ my %ownnet=();
 my %ovpnSettings = ();
 my @active= ('Aktiv', 'aktiv', 'Active', 'Activo', 'Actif', 'Actief', 'Aktywne', \
'??????????????', 'Aktif');  &General::readhash("${General::swroot}/ovpn/settings", \
                \%ovpnSettings);
-&General::readhash($outfwsettings,\%outsettings);
 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
 
+if (-e "$outfwsettings") {
+	&General::readhash($outfwsettings,\%outsettings);
+}
+else
+{
+	print "Config file for outgoing-firewall not found. Exiting!\n";
+	exit(1);
+}
+
+if (! -s "$outfwsettings") {
+        print "Empty DMZ configuration file. Nothing to do. Exiting...\n";
+        exit(0);
+}
+
 #ONLY RUN if /var/ipfire/outgoing exists
 if ( -d "/var/ipfire/outgoing"){
 	&process_groups;
 	&process_rules;
 	&process_p2p;
 }
+else
+{
+	print "/var/ipfire/outgoing not found. Exiting!\n";
+	exit 1
+}
+
 system("/usr/local/bin/firewallctrl");
+
 sub process_groups
 {
 	if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
@@ -111,7 +131,7 @@ sub process_groups
 	foreach my $group (@macgroups){
 		chomp $group;
 		print LOG "\nProcessing MAC-GROUP: $group...\n";
-		open (DATEI, "<$macgrouppath/$group");
+		open (DATEI, "<$macgrouppath/$group") or die 'Unable to open config file.';
 		my @zeilen = <DATEI>;
 		foreach my $mac (@zeilen){
 			chomp($mac);
diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw
index 447ef90..fedddee 100755
--- a/config/firewall/convert-portfw
+++ b/config/firewall/convert-portfw
@@ -36,6 +36,17 @@ my \
($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$rem  my \
($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1);
  my $count=0;
 my $jump;
+
+if (! -e "$portfwconfig") {
+        print "Config file for portforward not found. Exiting!\n";
+        exit(1);
+}
+
+if (! -s "$portfwconfig") {
+        print "Empty portforward configuration file. Nothing to do. Exiting...\n";
+        exit(0);
+}
+
 if(! -d "/var/log/converters"){ mkdir("/var/log/converters");}
 open(FILE, $portfwconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
diff --git a/config/firewall/convert-xtaccess b/config/firewall/convert-xtaccess
index 363af7a..d11e09c 100755
--- a/config/firewall/convert-xtaccess
+++ b/config/firewall/convert-xtaccess
@@ -49,6 +49,17 @@ my $field28 = '';
 my $field29 = 'ALL';
 my $field30 = '';
 my $field31 = 'dnat';
+
+if (! -e "$xtaccessconfig") {
+        print "Config file for external access not found. Exiting!\n";
+        exit(1);
+}
+
+if (! -s "$xtaccessconfig") {
+        print "Empty external access configuration file. Nothing to do. \
Exiting...\n"; +        exit(0);
+}
+
 open(FILE, $xtaccessconfig) or die 'Unable to open config file.';
 my @current = <FILE>;
 close(FILE);
diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index ea1ede9..cf0d2f9 100644
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -245,13 +245,13 @@ rm -f /usr/local/bin/outgoingfwctrl
 rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
 
 # Generate chains for new firewall
-/sbin/iptables -N INPUTFW
-/sbin/iptables -N FORWARDFW
-/sbin/iptables -N POLICYFWD
-/sbin/iptables -N POLICYIN
-/sbin/iptables -N POLICYOUT
-/sbin/iptables -t nat -N NAT_SOURCE
-/sbin/iptables -t nat -N NAT_DESTINATION
+/sbin/iptables -N INPUTFW 2>/dev/null
+/sbin/iptables -N FORWARDFW 2>/dev/null
+/sbin/iptables -N POLICYFWD 2>/dev/null
+/sbin/iptables -N POLICYIN 2>/dev/null
+/sbin/iptables -N POLICYOUT 2>/dev/null
+/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
+/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
 
 # Convert firewall configuration
 /usr/sbin/convert-xtaccess
@@ -267,7 +267,7 @@ sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
 sed -i -e "s/^proc/#proc/g" /etc/fstab
 sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
 sed -i -e "s/^devpts/#devpts/g" /etc/fstab
-sed -i -e "s|^none\s/var/run|#none	/var/run|/g" /etc/fstab
+sed -i -e "s|^none\s/var/run|#none	/var/run|g" /etc/fstab
 
 # Convert udev persistent network rules
 sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
diff --git a/html/cgi-bin/gui.cgi b/html/cgi-bin/gui.cgi
index dfdf7cd..80a0596 100644
--- a/html/cgi-bin/gui.cgi
+++ b/html/cgi-bin/gui.cgi
@@ -38,7 +38,6 @@ my $errormessage='';
 
 $cgiparams{'SPEED'} = 'off';
 $cgiparams{'WINDOWWITHHOSTNAME'} = 'off';
-$cgiparams{'REBOOTQUESTION'} = 'off';
 $cgiparams{'REFRESHINDEX'} = 'off';
 $cgiparams{'ACTION'} = '';
 &Header::getcgihash(\%cgiparams);
@@ -87,7 +86,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
         # write cgi vars to the file.
 	$mainsettings{'LANGUAGE'} = $cgiparams{'lang'};
 	$mainsettings{'WINDOWWITHHOSTNAME'} = $cgiparams{'WINDOWWITHHOSTNAME'};
-	$mainsettings{'REBOOTQUESTION'} = $cgiparams{'REBOOTQUESTION'};
 	$mainsettings{'PPPUPDOWNBEEP'} = $cgiparams{'PPPUPDOWNBEEP'};
 	$mainsettings{'SPEED'} = $cgiparams{'SPEED'};
 	$mainsettings{'THEME'} = $cgiparams{'theme'};
@@ -101,12 +99,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
 	} else {
 		$cgiparams{'WINDOWWITHHOSTNAME'} = 'on';
 	}
-	
-	if ($mainsettings{'REBOOTQUESTION'}) {
-		$cgiparams{'REBOOTQUESTION'} = $mainsettings{'REBOOTQUESTION'};
-	} else {
-		$cgiparams{'REBOOTQUESTION'} = 'on';
-	}
 
 	if ($mainsettings{'PPPUPDOWNBEEP'}) {
 		$cgiparams{'PPPUPDOWNBEEP'} = $mainsettings{'PPPUPDOWNBEEP'};
@@ -139,7 +131,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}")
 if ($cgiparams{'ACTION'} eq "$Lang::tr{'restore defaults'}")
 {
 	$cgiparams{'WINDOWWITHHOSTNAME'} = 'on';
-	$cgiparams{'REBOOTQUESTION'} = 'on';
 	$cgiparams{'PPPUPDOWNBEEP'} = 'on';
 	$cgiparams{'REFRESHINDEX'} = 'off';
 	$cgiparams{'SPEED'} = 'on';
@@ -150,10 +141,6 @@ $checked{'WINDOWWITHHOSTNAME'}{'off'} = '';
 $checked{'WINDOWWITHHOSTNAME'}{'on'} = '';
 $checked{'WINDOWWITHHOSTNAME'}{$cgiparams{'WINDOWWITHHOSTNAME'}} = \
"checked='checked'";  
-$checked{'REBOOTQUESTION'}{'off'} = '';
-$checked{'REBOOTQUESTION'}{'on'} = '';
-$checked{'REBOOTQUESTION'}{$cgiparams{'REBOOTQUESTION'}} = "checked='checked'";
-
 $checked{'PPPUPDOWNBEEP'}{'off'} = '';
 $checked{'PPPUPDOWNBEEP'}{'on'} = '';
 $checked{'PPPUPDOWNBEEP'}{$cgiparams{'PPPUPDOWNBEEP'}} = "checked='checked'";
@@ -185,10 +172,6 @@ print <<END
     <td>$Lang::tr{'display hostname in window title'}</td>
 </tr>
 <tr>
-    <td><input type='checkbox' name='REBOOTQUESTION' \
                $checked{'REBOOTQUESTION'}{'on'} /></td>
-    <td>$Lang::tr{'reboot question'}</td>
-</tr>
-<tr>
     <td><input type='checkbox' name='REFRESHINDEX' $checked{'REFRESHINDEX'}{'on'} \
/></td>  <td>$Lang::tr{'refresh index page while connected'}</td>
 </tr>


hooks/post-receive
--
IPFire 2.x development tree


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic