From patchwork Sat Nov 28 14:03:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 3684 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX52ZRGz3wpp for ; Sat, 28 Nov 2020 14:04:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CjtX34wbdz1HZ; Sat, 28 Nov 2020 14:04:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CjtX307nJz2xkD; Sat, 28 Nov 2020 14:04:03 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX209n3z2xTN for ; Sat, 28 Nov 2020 14:04:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CjtX06KNGzly for ; Sat, 28 Nov 2020 14:04:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1606572241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=Zx76+CVCTNuw72Ml0dxSFxLoro+GGQfBvS6jcBexwFE=; b=u8/a7f1jI6IB3jBhVn5PznKnYzeotFxf0vX12beqvlQmZjdYT/uWKNldqrLC827stFF98i CrWq/GRztKBi93hd/rJbQZiV5K/fb0aSQNdNz+48m0B6unhuTAtG7dIr3DoYeM+sTeyGwC wWfiZa7uRK8Dc9tpsdcLHCvFi9aPXsMFuvdYBza29yEfkR8OrVfbRn4s07oHW9ATBgBz2X CVyHaNXyfK/Wg8ouqxUOwFYffHxxDzMYKWUp2jEwmaVJs9fWk9+CtlqtVPwo966P3CgxPC liXdLrhJ5AbFpdnnCjhVoX+LdT5gkdAK6ZU+2V/Cd9AxQrvvUIBC48qrMxEQAA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1606572241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=Zx76+CVCTNuw72Ml0dxSFxLoro+GGQfBvS6jcBexwFE=; b=Sms47H+KAzYR0P8dXy1GmJmXNu8KmEiv6O+9+NegtbqSuYou++aJ6rjTKkA+MLwrF5FYiy gM7aKVBDcVpwJpDA== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 1/3] optionsfw.cgi: Modified for 'forcing dns on green/blue' Date: Sat, 28 Nov 2020 15:03:51 +0100 Message-Id: <20201128140353.3168-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" I'm sending this through patchwork now, since I've found that the last patches wouldn't apply (they contained *local* paths, sorry for that). Short background of this patch: - It adds [DNS/NTP]_FORCED_ON_[INTERFACE] options to '/var/ipfire/optionsfw/settings'. - The corresponding options should only be visible if the respective interface is actually available. If BLUE interface doesn't exist, there shouldn't be any visible ON/OFF switches for 'DNS/NTP on BLUE' or BLUE logging options. - Language strings were altered accordingly, they come in a later patch of this series. - Screenshots: => https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-firewall/3512/91 ['Masquerading on BLUE' is not shown because screenshots were made on a testmachine.] - One thing that DOESN'T work: For changes to take effect without a complete reboot, it is necessary to restart the firewall rules through '/etc/init.d/firewall restart'. I tried to implement this by adding a 'Save and Restart'-button. But whatever I tried, this won't work through the Web-GUI. Neither by calling the init-file, nor with a newly written 'optionsfwctrl.c' program. The save function is working, but I wasn't able to trigger a restart of the firewall rules. No seen errors, it just won't work. Calling the new 'optionsfwctrl.c' through console or restarting the rules with '/etc/init.d/firewall restart' was ok, though (e.g.). This has been marked in the patch (line 29). Signed-off-by: Matthias Fischer --- html/cgi-bin/optionsfw.cgi | 101 ++++++++++++++++++++++++++++++++----- 1 file changed, 87 insertions(+), 14 deletions(-) diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 47aba59cb..bec90b731 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -69,6 +69,31 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { &General::readhash($filename, \%settings); # Load good settings } +if ($settings{'ACTION'} eq $Lang::tr{'fw settings save and restart'}) { + if ($settings{'defpol'} ne '1'){ + $errormessage .= $Lang::tr{'new optionsfw later'}; + &General::writehash($filename, \%settings); # Save good settings + system("/usr/local/bin/firewallctrl"); + }else{ + if ($settings{'POLICY'} ne ''){ + $fwdfwsettings{'POLICY'} = $settings{'POLICY'}; + } + if ($settings{'POLICY1'} ne ''){ + $fwdfwsettings{'POLICY1'} = $settings{'POLICY1'}; + } + my $MODE = $fwdfwsettings{'POLICY'}; + my $MODE1 = $fwdfwsettings{'POLICY1'}; + %fwdfwsettings = (); + $fwdfwsettings{'POLICY'} = "$MODE"; + $fwdfwsettings{'POLICY1'} = "$MODE1"; + &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings); + &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings); + system("/usr/local/bin/firewallctrl"); + system("/etc/rc.d/init.d/firewall restart >/dev/null 2>&1 "); # <--- !THIS DOESN'T WORK! + } + &General::readhash($filename, \%settings); # Load good settings +} + &Header::openpage($Lang::tr{'options fw'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); &General::readhash($filename, \%settings); @@ -158,6 +183,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORANGE'}} = 'selected="sele $selected{'MASQUERADE_BLUE'}{'off'} = ''; $selected{'MASQUERADE_BLUE'}{'on'} = ''; $selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} = 'selected="selected"'; +$checked{'DNS_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'DNS_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_GREEN'}{'off'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{'on'} = ''; +$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} = "checked='checked'"; +$checked{'NTP_FORCE_ON_BLUE'}{'off'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{'on'} = ''; +$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} = "checked='checked'"; &Header::openbox('100%', 'center',); print "
"; @@ -207,7 +244,38 @@ END END } - print < + +   + $Lang::tr{'fw green'} + + $Lang::tr{'dns force on green'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on green'}$Lang::tr{'on'} / + $Lang::tr{'off'} +END + + if (&Header::blue_used()) { + print < + $Lang::tr{'fw blue'} +   + + $Lang::tr{'dns force on blue'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'ntp force on blue'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop proxy'}$Lang::tr{'on'} / + $Lang::tr{'off'} + $Lang::tr{'drop samba'}$Lang::tr{'on'} / + $Lang::tr{'off'} + + +END + } + + print <
@@ -224,21 +292,25 @@ END $Lang::tr{'off'} $Lang::tr{'drop portscan'}$Lang::tr{'on'} / $Lang::tr{'off'} -$Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / +END + + if (&Header::blue_used()) { + print < + + $Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / $Lang::tr{'off'} -$Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / + $Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / $Lang::tr{'off'} - -
+ +END + } + + print < + +
- - - - -
$Lang::tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / - $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / - $Lang::tr{'off'}
-
$Lang::tr{'fw settings'}
$Lang::tr{'fw settings color'}$Lang::tr{'on'} / @@ -323,7 +395,8 @@ END
- + +
From patchwork Sat Nov 28 14:03:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 3685 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX62dNLz3wqk for ; Sat, 28 Nov 2020 14:04:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CjtX41Fhwz1cG; Sat, 28 Nov 2020 14:04:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CjtX40kvtz2xbM; Sat, 28 Nov 2020 14:04:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX23H1Tz2xTN for ; Sat, 28 Nov 2020 14:04:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CjtX15MXZz1HZ for ; Sat, 28 Nov 2020 14:04:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1606572241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:in-reply-to:in-reply-to:references:references; bh=OTDHMhag7iqdG+JHQ3+jwVOGGWvHqCeFA8xsWu/kPzc=; b=F1Nk3lbVFDZZAlTKtpecIJkUMsFVtK2I+qRo0+y4dhEavnZyTzMRSsWp2vAry73X5wtbDC bhoyGYqQv0pT70Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1606572241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:in-reply-to:in-reply-to:references:references; bh=OTDHMhag7iqdG+JHQ3+jwVOGGWvHqCeFA8xsWu/kPzc=; b=A5xOFFZ0na7nI/mKoyayzPHzzQfhZvw49XscI4v5yoiOH8ADdThSJAgW+QJNu2F7au0sd5 kxNkmnx77Go/a/FPowVks2XS8jospMl9pVs50MBSeatM3d5HkvP0JT2/A+h1l/KZmMFlDX KzMYlYIPQVSP3c4IFHAL+TaDmSxVo59hJprfr6T7b2yI9IabxunXEBp5bysWv0W98KYvLS NgMqrUqHJ7TZmVbj932OeC6rkdKcf8e42TRRDCOQoRy5oHb7LZ7aQCxQz4N35kHGvqQJwg 25yqjpsBFsssibgkgxEKH/rajbkD6tt+NEV+a0JPRlwOVPzf4wlwSRKEfGmdvA== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 2/3] /etc/init.d/firewall: Modified for 'forcing dns on green/blue' Date: Sat, 28 Nov 2020 15:03:52 +0100 Message-Id: <20201128140353.3168-2-matthias.fischer@ipfire.org> In-Reply-To: <20201128140353.3168-1-matthias.fischer@ipfire.org> References: <20201128140353.3168-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" I used '/etc/rc.d/init.d/firewall' with REDIRECT rules and placed them just behind the CAPITVE_PORTAL_CHAIN, as Michael mentioned on the list. I hope, I got the right place. Short background: - To avoid creating duplicate rule entries, I used code like 'if ! iptables -t nat -C..." or 'if iptables -t nat -C..." ("Check for the existence of a rule"). This was done because I wanted to be absolutely sure that a specific rule would only be created if it doesn't already exist. To reduce output noise I added '>/dev/null 2>&1', where it seemed necessary. Results: If I delete just *one* rule manually, only the missing rule will be created, I found no duplicates. ON/OFF switches worked as expected. ToDo: Adding the default settings (all OFF) during install ('update.sh') to '/var/ipfire/optionsfw/settings'. Restart using Web-GUI with 'Save and Restart' button. By now, restart is only possible through only console. Signed-off-by: Matthias Fischer --- src/initscripts/system/firewall | 71 +++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 65f1c979b..4e02bd3d9 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -246,6 +246,77 @@ iptables_init() { iptables -A ${i} -j CAPTIVE_PORTAL done +# Force DNS REDIRECT on GREEN (udp, tcp, 53) +if [ "$DNS_FORCE_ON_GREEN" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT + fi + + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi +fi + +# Force DNS REDIRECT on BLUE (udp, tcp, 53) +if [ "$DNS_FORCE_ON_BLUE" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT + fi + + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p tcp -m tcp --dport 53 -j REDIRECT >/dev/null 2>&1 + fi + +fi + +# Force NTP REDIRECT on GREEN (udp, 123) +if [ "$NTP_FORCE_ON_GREEN" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i green0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1 + fi + +fi + +# Force DNS REDIRECT on BLUE (udp, 123) +if [ "$NTP_FORCE_ON_BLUE" == "on" ]; then + if ! iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT + fi + +else + + if iptables -t nat -C CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1; then + iptables -t nat -D CUSTOMPREROUTING -i blue0 -p udp -m udp --dport 123 -j REDIRECT >/dev/null 2>&1 + fi + +fi + # Accept everything connected for i in INPUT FORWARD OUTPUT; do iptables -A ${i} -j CONNTRACK From patchwork Sat Nov 28 14:03:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 3686 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX736X3z3wpp for ; Sat, 28 Nov 2020 14:04:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CjtX420KXz1lc; Sat, 28 Nov 2020 14:04:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CjtX41LW6z2ycc; Sat, 28 Nov 2020 14:04:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CjtX31DYMz2y5Q for ; Sat, 28 Nov 2020 14:04:03 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CjtX234qqzly for ; Sat, 28 Nov 2020 14:04:02 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1606572242; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7DnIlCYwa7D1KQMEsWeyL3OR0/bZDpFobNInky3B1N0=; b=h1LtwXLMubsQsod4xILAXdDQnd+LLM86pztdctPVERhOva+siCaADAmUOZDs22bggLQCIV Ic5N2bUud4aPJNAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1606572242; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7DnIlCYwa7D1KQMEsWeyL3OR0/bZDpFobNInky3B1N0=; b=EpZ2l0b+BWICwE4hc9YH4FBiWFW3bb+2Ni6Ht3KlACG0PDj15+U2ADGaL+tZssVVIiXzoj HnIwdTHm0+/g4rdwitsTEdG4sdUwryLOA/TmG24hb4GbbRGPMt2liWYRSURIqG8yC/rFJi xHQwjVIR9t6MFV9pUWv7k0/5KhjsthH0S/nM5aAhquUzT9iXyk2HxYD4c7k4x/GXbEjqYq WgO8L2j1lk30412WxOK5Q1i4ym4zww6CitjnZ29SoXcvPCJ9rCKZ2ppdjy1pjRq7Rb7z0f 8j9Iziip/svzG7wK8TDgKjYzMZpdfWX57jnrl9/RlJyxOpttso1554z9fGFKNQ== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 3/3] language files: Modified for 'forcing dns on green/blue' Date: Sat, 28 Nov 2020 15:03:53 +0100 Message-Id: <20201128140353.3168-3-matthias.fischer@ipfire.org> In-Reply-To: <20201128140353.3168-1-matthias.fischer@ipfire.org> References: <20201128140353.3168-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Added the necessary translation strings for 'de.pl' and 'en.pl'. Signed-off-by: Matthias Fischer --- langs/de/cgi-bin/de.pl | 6 ++++++ langs/en/cgi-bin/en.pl | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 2fb46e741..6adb3afa0 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -834,6 +834,8 @@ 'dns error 0' => 'Die IP Adresse vom primären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene sekundären DNS Server Adresse ist jedoch gültig.
', 'dns error 01' => 'Die eingegebene IP Adresse des primären wie auch des sekundären DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!', 'dns error 1' => 'Die IP Adresse vom sekundären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene primäre DNS Server Adresse ist jedoch gültig.', +'dns force on blue' => 'Erzwinge lokale DNS-Server auf BLAU', +'dns force on green' => 'Erzwinge lokale DNS-Server auf GRÜN', 'dns forward disable dnssec' => 'DNSSEC deaktivieren (nicht empfohlen)', 'dns forwarding dnssec disabled notice' => '(DNSSEC deaktiviert)', 'dns header' => 'DNS Server Adressen zuweisen nur mit DHCP an red0', @@ -1102,12 +1104,14 @@ 'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig', 'fw blue' => 'Firewalloptionen für das Blaue Interface', 'fw default drop' => 'Firewallrichtlinie', +'fw green' => 'Firewalloptionen für das Grüne Interface', 'fw logging' => 'Firewallprotokollierung', 'fw settings' => 'Firewalleinstellungen', 'fw settings color' => 'Farben in Regeltabelle anzeigen', 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen', 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen', 'fw settings ruletable' => 'Leere Regeltabellen anzeigen', +'fw settings save and restart' => 'Speichern und Neustart', 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)', 'fwdfw DROP' => 'Verwerfen (DROP)', 'fwdfw MODE1' => 'Alle Pakete verwerfen', @@ -1812,6 +1816,8 @@ 'november' => 'November', 'ntp common settings' => 'Allgemeine Einstellungen', 'ntp configuration' => 'Zeitserverkonfiguration', +'ntp force on green' => 'Erzwinge lokale NTP-Server auf GRÜN', +'ntp force on blue' => 'Erzwinge lokale NTP-Server auf BLAU', 'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muss NTP vorher aktiviert sein.', 'ntp server' => 'NTP-Server', 'ntp sync' => 'Synchronisation', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index b5284effa..f76211544 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -857,6 +857,8 @@ 'dns error 0' => 'The IP address of the primary DNS server is not valid, please check your entries!
The entered secondary DNS server address is valid.', 'dns error 01' => 'The entered IP address of the primary and secondary DNS server are not valid, please check your entries!', 'dns error 1' => 'The IP address of the secondary DNS server is not valid, please check your entries!
The entered primary DNS server address is valid.', +'dns force on green' => 'Force DNS to use local DNS servers on GREEN', +'dns force on blue' => 'Force DNS to use local DNS servers on BLUE', 'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)', 'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)', 'dns header' => 'Assign DNS server addresses only for DHCP on red0', @@ -1128,12 +1130,14 @@ 'from warn email bad' => 'From e-mail address is not valid', 'fw blue' => 'Firewall options for BLUE interface', 'fw default drop' => 'Firewall policy', +'fw green' => 'Firewall options for GREEN interface', 'fw logging' => 'Firewall logging', 'fw settings' => 'Firewall settings', 'fw settings color' => 'Show colors in ruletable', 'fw settings dropdown' => 'Show all networks on rulecreation site', 'fw settings remark' => 'Show remarks in ruletable', 'fw settings ruletable' => 'Show empty ruletables', +'fw settings save and restart' => 'Save and Restart', 'fwdfw ACCEPT' => 'ACCEPT', 'fwdfw DROP' => 'DROP', 'fwdfw MODE1' => 'Drop all packets', @@ -1842,6 +1846,8 @@ 'november' => 'November', 'ntp common settings' => 'Common settings', 'ntp configuration' => 'NTP Configuration', +'ntp force on green' => 'Force NTP to use local NTP servers on GREEN', +'ntp force on blue' => 'Force NTP to use local NTP servers on BLUE', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', 'ntp sync' => 'Synchronization',