summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TODO4
-rw-r--r--mk/modules.mk39
-rw-r--r--package/Config.in1
-rw-r--r--package/Makefile1
-rw-r--r--package/axtls/files/axhttpd.init2
-rw-r--r--package/base-files/extra/etc/profile6
-rwxr-xr-xpackage/base-files/extra/init3
-rwxr-xr-xpackage/base-files/extra/sbin/update14
-rw-r--r--package/bind/files/named.init2
-rw-r--r--package/bitlbee/files/bitlbee.init2
-rw-r--r--package/bluez/files/bluez.init2
-rw-r--r--package/busybox/config/Config.in4
-rw-r--r--package/busybox/config/archival/Config.in10
-rw-r--r--package/busybox/config/init/Config.in6
-rw-r--r--package/busybox/config/networking/Config.in2
-rw-r--r--package/busybox/config/procps/Config.in2
-rw-r--r--package/busybox/files/inetd.init2
-rw-r--r--package/busybox/files/syslog.init4
-rw-r--r--package/cfinstall/src/cfinstall2
-rw-r--r--package/chillispot/files/chillispot.init2
-rw-r--r--package/collectd/files/collectd.init2
-rw-r--r--package/cups/files/cupsd.init2
-rw-r--r--package/dansguardian/files/dansguardian.init6
-rw-r--r--package/dansguardian/files/dansguardian.postinst4
-rw-r--r--package/dbus/files/dbus.init2
-rw-r--r--package/dhcp-forwarder/files/dhcp-fwd.init2
-rw-r--r--package/dhcp/files/dhcpd.init2
-rw-r--r--package/dnsmasq/files/dnsmasq.init2
-rw-r--r--package/dropbear/files/dropbear.init2
-rw-r--r--package/ebtables/Config.in6
-rw-r--r--package/ebtables/Makefile32
-rw-r--r--package/ebtables/patches/patch-Makefile95
-rw-r--r--package/esound/files/esd.init2
-rw-r--r--package/ez-ipupdate/files/ez-ipupdate.init2
-rw-r--r--package/fakeidentd/files/fakeidentd.init2
-rw-r--r--package/freeradius-server/files/radiusd.init2
-rw-r--r--package/frickin/files/frickin.init2
-rw-r--r--package/gkrellmd/files/gkrellmd.init2
-rw-r--r--package/gmediaserver/files/gmediaserver.init2
-rw-r--r--package/grub-bin/Makefile2
-rw-r--r--package/heimdal/files/heimdal.init6
-rw-r--r--package/htpdate/files/htpdate.init2
-rw-r--r--package/iptables/Makefile14
-rw-r--r--package/iptables/files/firewall.conf119
-rwxr-xr-xpackage/iptables/files/firewall.init35
-rw-r--r--package/iptables/files/iptables.postinst5
-rw-r--r--package/iptables/files/l7/aim.pat27
-rw-r--r--package/iptables/files/l7/bittorrent.pat14
-rw-r--r--package/iptables/files/l7/edonkey-dl.pat8
-rw-r--r--package/iptables/files/l7/edonkey.pat29
-rw-r--r--package/iptables/files/l7/fasttrack.pat25
-rw-r--r--package/iptables/files/l7/ftp.pat34
-rw-r--r--package/iptables/files/l7/gnutella.pat36
-rw-r--r--package/iptables/files/l7/http.pat28
-rw-r--r--package/iptables/files/l7/ident.pat14
-rw-r--r--package/iptables/files/l7/irc.pat20
-rw-r--r--package/iptables/files/l7/jabber.pat24
-rw-r--r--package/iptables/files/l7/msnmessenger.pat15
-rw-r--r--package/iptables/files/l7/ntp.pat17
-rw-r--r--package/iptables/files/l7/pop3.pat50
-rw-r--r--package/iptables/files/l7/smtp.pat39
-rw-r--r--package/iptables/files/l7/ssl.pat15
-rw-r--r--package/iptables/files/l7/vnc.pat23
-rw-r--r--package/krb5/files/krb5.init4
-rw-r--r--package/lighttpd/files/lighttpd.init2
-rw-r--r--package/maradns/files/maradns.init2
-rw-r--r--package/mini_httpd/files/mini_httpd.init2
-rw-r--r--package/miredo/files/miredo-server.init2
-rw-r--r--package/miredo/files/miredo.init2
-rw-r--r--package/monit/files/monit.init2
-rw-r--r--package/mpd/files/mpd.conf1
-rw-r--r--package/mpd/files/mpd.init4
-rw-r--r--package/mpd/files/mpd.postinst2
-rw-r--r--package/mrd6/files/mrd6.init2
-rw-r--r--package/mt-daapd/files/mt-daapd.init2
-rw-r--r--package/net-snmp/files/snmpd.init2
-rw-r--r--package/netperf/files/netserver.init2
-rw-r--r--package/nfs-utils/files/nfsd.init10
-rw-r--r--package/nut/files/upsd.init2
-rw-r--r--package/opensips/files/opensips.init2
-rw-r--r--package/openvpn/files/openvpn.init2
-rw-r--r--package/osiris/files/osirisd.init2
-rw-r--r--package/p910nd/files/p910nd.init2
-rw-r--r--package/parprouted/files/parprouted.init2
-rw-r--r--package/php/files/php.init2
-rw-r--r--package/pmacct/files/nfacctd.init2
-rw-r--r--package/pmacct/files/pmacctd.init2
-rw-r--r--package/pptpd/files/pptpd.init2
-rw-r--r--package/radvd/files/radvd.init2
-rw-r--r--package/rarpd/files/rarpd.init2
-rw-r--r--package/reaim/files/reaim.init2
-rw-r--r--package/rp-pppoe/files/pppoe-relay.init2
-rw-r--r--package/rp-pppoe/files/pppoe-server.init2
-rw-r--r--package/rrdcollect/files/rrdcollect.init2
-rw-r--r--package/samba/files/samba.init4
-rw-r--r--package/scanlogd/files/scanlogd.init2
-rw-r--r--package/siproxd/files/siproxd.init2
-rw-r--r--package/snort-wireless/files/snort-wireless.init2
-rw-r--r--package/snort/files/snort.init2
-rw-r--r--package/squid/Config.in1
-rw-r--r--package/squid/Makefile15
-rw-r--r--package/squid/files/squid.conf16
-rw-r--r--package/squid/files/squid.init37
-rw-r--r--package/squid/files/squid.postinst6
-rw-r--r--package/srelay/files/srelay.init2
-rw-r--r--package/subversion/files/svnserve.init2
-rw-r--r--package/syslog-ng/files/syslog-ng.init2
-rw-r--r--package/tinyproxy/Makefile4
-rw-r--r--package/tinyproxy/files/tinyproxy.conf228
-rw-r--r--package/tinyproxy/files/tinyproxy.init3
-rw-r--r--package/tinyproxy/files/tinyproxy.postinst3
-rw-r--r--package/tor/files/tor.init2
-rw-r--r--package/vrrpd/files/vrrpd.init2
-rw-r--r--package/vsftpd/files/vsftpd.init2
-rw-r--r--package/watchdog/files/watchdog.init2
-rw-r--r--package/xinetd/files/xinetd.init2
-rwxr-xr-xscripts/install.sh9
-rw-r--r--target/alix1c/Makefile2
-rw-r--r--target/alix2d/Makefile2
-rw-r--r--target/linux/config/Config.in.netfilter247
120 files changed, 999 insertions, 557 deletions
diff --git a/TODO b/TODO
index fa99e3e1e..f9bf804c1 100644
--- a/TODO
+++ b/TODO
@@ -1,5 +1,4 @@
-- fix init scripts pidof? vs. killall
-- rpm package backend
+- make rpm package backend working
- freebsd build
- win cygwin build
- netbsd build
@@ -9,4 +8,3 @@
- network scripts for pppoe
- customise mconf help texts to better fit for OpenADK
- publish via trac
-
diff --git a/mk/modules.mk b/mk/modules.mk
index bdb8fa897..19ab1b14d 100644
--- a/mk/modules.mk
+++ b/mk/modules.mk
@@ -269,6 +269,45 @@ $(eval $(call KMOD_template,INET_XFRM_MODE_BEET,net-ipsec-beet,\
## Filtering / Firewalling
##
#
+# Ethernet Bridging firewall
+#
+$(eval $(call KMOD_template,BRIDGE_NF_EBTABLES,nf-ebtables,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtables \
+,55))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_BROUTE,nf-ebtables-broute,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_broute \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_T_FILTER,nf-ebtables-filter,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_filter \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_T_NAT,nf-ebtables-nat,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_nat \
+,60))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_802_3,nf-ebtables-802-3,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_802_3 \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_AMONG,nf-ebtables-among,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_among \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_ARP,nf-ebtables-arp,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_arpreply \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_IP,nf-ebtables-ip,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_ip \
+,65))
+
+$(eval $(call KMOD_template,BRIDGE_EBT_REDIRECT,nf-ebtables-redirect,\
+ $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_redirect \
+,65))
+
+#
# Netfilter Core
#
$(eval $(call KMOD_template,NETFILTER_XT_TARGET_CLASSIFY,nf-classify,\
diff --git a/package/Config.in b/package/Config.in
index 8799b3588..898f916d7 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -237,6 +237,7 @@ menu "Firewall / Routing / Bridging"
source "package/arpd/Config.in"
source "package/bridge-utils/Config.in"
source "package/cutter/Config.in"
+source "package/ebtables/Config.in"
source "package/ether-wake/Config.in"
source "package/iproute2/Config.in"
source "package/ipset/Config.in"
diff --git a/package/Makefile b/package/Makefile
index 27f9f1fe5..070ecf0ee 100644
--- a/package/Makefile
+++ b/package/Makefile
@@ -83,6 +83,7 @@ package-$(ADK_PACKAGE_DSNIFF) += dsniff
package-$(ADK_PACKAGE_E2FSPROGS) += e2fsprogs
package-$(ADK_PACKAGE_LIBUUID) += e2fsprogs
package-$(ADK_PACKAGE_LIBBLKID) += e2fsprogs
+package-$(ADK_PACKAGE_EBTABLES) += ebtables
package-$(ADK_PACKAGE_ELINKS) += elinks
package-$(ADK_PACKAGE_ESOUND) += esound
package-$(ADK_PACKAGE_ETHER_WAKE) += ether-wake
diff --git a/package/axtls/files/axhttpd.init b/package/axtls/files/axhttpd.init
index bc11e0b4c..61572bf0f 100644
--- a/package/axtls/files/axhttpd.init
+++ b/package/axtls/files/axhttpd.init
@@ -17,7 +17,7 @@ start)
/usr/sbin/axhttpd >>/var/log/axhttpd.access
;;
stop)
- killall axhttpd
+ pkill axhttpd
;;
restart)
sh $0 stop
diff --git a/package/base-files/extra/etc/profile b/package/base-files/extra/etc/profile
index 798548a46..1b8f4a6a6 100644
--- a/package/base-files/extra/etc/profile
+++ b/package/base-files/extra/etc/profile
@@ -1,12 +1,12 @@
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+export TERM=vt220
if [[ $(id -u) = 0 ]]; then
export PS1='# '
else
export PS1='$ '
+ export HOME=/tmp
fi
-export HOME=/tmp
cat /etc/banner 2>&-
-[ -x /usr/bin/less ] || alias less=more
-[ -x /usr/bin/vim ] || alias vim=vi
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
[ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; }
[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 "$@"; }
diff --git a/package/base-files/extra/init b/package/base-files/extra/init
index 9013065d0..db8c3a676 100755
--- a/package/base-files/extra/init
+++ b/package/base-files/extra/init
@@ -1,5 +1,5 @@
#!/bin/sh
-echo "Pre-boot initializing"
+echo "Starting system ..."
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
mount -nt proc proc /proc
mount -o nosuid,nodev,noexec -t sysfs sysfs /sys
@@ -19,5 +19,4 @@ mount -o remount,rw /
cat /etc/.rnd >/dev/urandom 2>&1
[ -f /etc/fstab ] && mount -a
[ -x /sbin/cfgfs ] && { cfgfs setup; mount -o remount,ro /;}
-echo "Starting system"
exec /sbin/init
diff --git a/package/base-files/extra/sbin/update b/package/base-files/extra/sbin/update
index a812bb23d..10d6e58c2 100755
--- a/package/base-files/extra/sbin/update
+++ b/package/base-files/extra/sbin/update
@@ -7,9 +7,8 @@ if [ $who -ne 0 ]; then
fi
cd /
-
+umount -f /etc
mount -o remount,rw /
-umount /etc
check_exit() {
if [ $? -ne 0 ];then
@@ -19,17 +18,17 @@ check_exit() {
}
extract_from_file() {
- tar -xzvf $1
+ cat $1 | gunzip -c | tar -xf -
check_exit
}
extract_from_ssh() {
- ssh $1 "cat $2" | tar -xzvf -
+ ssh $1 "cat $2" | gunzip -c | tar -xf -
check_exit
}
extract_from_http() {
- wget -O - $1 | tar -xzvf -
+ wget -O - $1 | gunzip -c | tar -xf -
check_exit
}
@@ -60,7 +59,6 @@ case $1 in
esac
sync
-mount --bind /etc /tmp/.cfgfs/root
+mount -o bind /etc /tmp/.cfgfs/root
-echo "Check with cfgfs status if you need to merge and save any changes in /etc."
-echo "You should reboot now."
+echo "Update sucessful. You should reboot now."
diff --git a/package/bind/files/named.init b/package/bind/files/named.init
index ce0c0abfa..b2052c1d3 100644
--- a/package/bind/files/named.init
+++ b/package/bind/files/named.init
@@ -15,7 +15,7 @@ autostop) ;;
fi
;;
stop)
- killall named
+ pkill named
;;
restart)
sh $0 stop
diff --git a/package/bitlbee/files/bitlbee.init b/package/bitlbee/files/bitlbee.init
index 1ff40c754..491b741c7 100644
--- a/package/bitlbee/files/bitlbee.init
+++ b/package/bitlbee/files/bitlbee.init
@@ -14,7 +14,7 @@ start)
bitlbee -D
;;
stop)
- killall bitlbee
+ pkill bitlbee
;;
restart)
sh $0 stop
diff --git a/package/bluez/files/bluez.init b/package/bluez/files/bluez.init
index 6a61d38cd..477013d9f 100644
--- a/package/bluez/files/bluez.init
+++ b/package/bluez/files/bluez.init
@@ -13,7 +13,7 @@ start)
bluetoothd
;;
stop)
- killall bluetoothd
+ pkill bluetoothd
;;
restart)
sh $0 stop
diff --git a/package/busybox/config/Config.in b/package/busybox/config/Config.in
index 6da769cc0..427a45b4a 100644
--- a/package/busybox/config/Config.in
+++ b/package/busybox/config/Config.in
@@ -65,7 +65,7 @@ config BUSYBOX_SHOW_USAGE
config BUSYBOX_FEATURE_VERBOSE_USAGE
bool "Show verbose applet usage messages"
- default n
+ default y
select BUSYBOX_SHOW_USAGE
help
All BusyBox applets will show more verbose help messages when
@@ -155,7 +155,7 @@ config BUSYBOX_FEATURE_CLEAN_UP
config BUSYBOX_FEATURE_PIDFILE
bool "Support writing pidfiles"
- default n
+ default y
help
This option makes some applets (e.g. crond, syslogd, inetd) write
a pidfile in /var/run. Some applications rely on them.
diff --git a/package/busybox/config/archival/Config.in b/package/busybox/config/archival/Config.in
index 0140b7631..124f5887c 100644
--- a/package/busybox/config/archival/Config.in
+++ b/package/busybox/config/archival/Config.in
@@ -7,19 +7,19 @@ menu "Archival Utilities"
config BUSYBOX_FEATURE_SEAMLESS_LZMA
bool "Make tar, rpm, modprobe etc understand .lzma data"
- default n
+ default y
help
Make tar, rpm, modprobe etc understand .lzma data.
config BUSYBOX_FEATURE_SEAMLESS_BZ2
bool "Make tar, rpm, modprobe etc understand .bz2 data"
- default n
+ default y
help
Make tar, rpm, modprobe etc understand .bz2 data.
config BUSYBOX_FEATURE_SEAMLESS_GZ
bool "Make tar, rpm, modprobe etc understand .gz data"
- default n
+ default y
help
Make tar, rpm, modprobe etc understand .gz data.
@@ -163,7 +163,7 @@ config BUSYBOX_GUNZIP
config BUSYBOX_GZIP
bool "gzip"
- default n
+ default y
help
gzip is used to compress files.
It's probably the most widely used UNIX compression program.
@@ -276,7 +276,7 @@ config BUSYBOX_FEATURE_TAR_LONG_OPTIONS
config BUSYBOX_FEATURE_TAR_UNAME_GNAME
bool "Enable use of user and group names"
- default n
+ default p
depends on BUSYBOX_TAR
help
Enables use of user and group names in tar. This affects contents
diff --git a/package/busybox/config/init/Config.in b/package/busybox/config/init/Config.in
index bb2d0aa32..9ca5b2885 100644
--- a/package/busybox/config/init/Config.in
+++ b/package/busybox/config/init/Config.in
@@ -21,7 +21,7 @@ config BUSYBOX_FEATURE_USE_INITTAB
config BUSYBOX_FEATURE_KILL_REMOVED
bool "Support killing processes that have been removed from inittab"
- default y
+ default n
depends on BUSYBOX_FEATURE_USE_INITTAB
help
When respawn entries are removed from inittab and a SIGHUP is
@@ -41,7 +41,7 @@ config BUSYBOX_FEATURE_KILL_DELAY
config BUSYBOX_FEATURE_INIT_SCTTY
bool "Run commands with leading dash with controlling tty"
- default n
+ default y
depends on BUSYBOX_INIT
help
If this option is enabled, init will try to give a controlling
@@ -56,7 +56,7 @@ config BUSYBOX_FEATURE_INIT_SCTTY
config BUSYBOX_FEATURE_INIT_SYSLOG
bool "Enable init to write to syslog"
- default n
+ default y
depends on BUSYBOX_INIT
config BUSYBOX_FEATURE_EXTRA_QUIET
diff --git a/package/busybox/config/networking/Config.in b/package/busybox/config/networking/Config.in
index 797c21aea..0db95b6d4 100644
--- a/package/busybox/config/networking/Config.in
+++ b/package/busybox/config/networking/Config.in
@@ -60,7 +60,7 @@ config BUSYBOX_ARPING
config BUSYBOX_BRCTL
bool "brctl"
- depends on !ADK_PACKAGE_BRCTL
+ depends on !ADK_PACKAGE_BRIDGE_UTILS
default n
help
Manage ethernet bridges.
diff --git a/package/busybox/config/procps/Config.in b/package/busybox/config/procps/Config.in
index acec4e45e..c0c600b4e 100644
--- a/package/busybox/config/procps/Config.in
+++ b/package/busybox/config/procps/Config.in
@@ -64,7 +64,7 @@ config BUSYBOX_PIDOF
config BUSYBOX_FEATURE_PIDOF_SINGLE
bool "Enable argument for single shot (-s)"
- default n
+ default y
depends on BUSYBOX_PIDOF
help
Support argument '-s' for returning only the first pid found.
diff --git a/package/busybox/files/inetd.init b/package/busybox/files/inetd.init
index ff041aed4..093e81f01 100644
--- a/package/busybox/files/inetd.init
+++ b/package/busybox/files/inetd.init
@@ -14,7 +14,7 @@ start)
autostop)
;;
stop)
- killall inetd
+ pkill inetd
;;
restart)
sh $0 stop
diff --git a/package/busybox/files/syslog.init b/package/busybox/files/syslog.init
index 9552dfe0a..cbf0165c9 100644
--- a/package/busybox/files/syslog.init
+++ b/package/busybox/files/syslog.init
@@ -14,8 +14,8 @@ start)
klogd
;;
stop)
- killall klogd
- killall syslogd
+ pkill klogd
+ pkill syslogd
;;
restart)
sh $0 stop
diff --git a/package/cfinstall/src/cfinstall b/package/cfinstall/src/cfinstall
index 0c1a61779..7e9a0d1ad 100644
--- a/package/cfinstall/src/cfinstall
+++ b/package/cfinstall/src/cfinstall
@@ -35,7 +35,7 @@ chroot /mnt mount -t proc /proc /proc
chroot /mnt mount -t sysfs /sys /sys
cat << EOF > /mnt/boot/grub/grub.cfg
set default=0
-set timeout=5
+set timeout=1
serial --unit=0 --speed=$speed
terminal_output serial
terminal_input serial
diff --git a/package/chillispot/files/chillispot.init b/package/chillispot/files/chillispot.init
index 308668fca..8a09a3d35 100644
--- a/package/chillispot/files/chillispot.init
+++ b/package/chillispot/files/chillispot.init
@@ -13,7 +13,7 @@ start)
chilli
;;
stop)
- killall chilli
+ pkill chilli
;;
restart)
sh $0 stop
diff --git a/package/collectd/files/collectd.init b/package/collectd/files/collectd.init
index 601dd53d4..468c6fa11 100644
--- a/package/collectd/files/collectd.init
+++ b/package/collectd/files/collectd.init
@@ -14,7 +14,7 @@ start)
collectd
;;
stop)
- killall collectd
+ pkill collectd
;;
restart)
sh $0 stop
diff --git a/package/cups/files/cupsd.init b/package/cups/files/cupsd.init
index 03be3300f..49c37b24f 100644
--- a/package/cups/files/cupsd.init
+++ b/package/cups/files/cupsd.init
@@ -16,7 +16,7 @@ start)
/usr/sbin/cupsd -c /etc/cups/cupsd.conf
;;
stop)
- killall cupsd
+ pkill cupsd
;;
restart)
sh $0 stop
diff --git a/package/dansguardian/files/dansguardian.init b/package/dansguardian/files/dansguardian.init
index 8c883d4bf..2f2547f12 100644
--- a/package/dansguardian/files/dansguardian.init
+++ b/package/dansguardian/files/dansguardian.init
@@ -11,10 +11,14 @@ autostart)
exec sh $0 start
;;
start)
+ if [ ! -f /var/log/dansguardian-access.log ];then
+ touch /var/log/dansguardian-access.log
+ chown proxy:proxy /var/log/dansguardian-access.log
+ fi
dansguardian
;;
stop)
- killall dansguardian
+ pkill dansguardian
;;
restart)
sh $0 stop
diff --git a/package/dansguardian/files/dansguardian.postinst b/package/dansguardian/files/dansguardian.postinst
index 80272f705..95f5fb639 100644
--- a/package/dansguardian/files/dansguardian.postinst
+++ b/package/dansguardian/files/dansguardian.postinst
@@ -1,6 +1,6 @@
#!/bin/sh
. $IPKG_INSTROOT/etc/functions.sh
gid=$(get_next_gid)
-add_user proxy $(get_next_uid) $gid /etc/dansguardian
-add_group proxy $gid
+add_user dansguardian $(get_next_uid) $gid /etc/dansguardian
+add_group dansguardian $gid
add_rcconf dansguardian dansguardian NO
diff --git a/package/dbus/files/dbus.init b/package/dbus/files/dbus.init
index 3484c4522..0f7367f38 100644
--- a/package/dbus/files/dbus.init
+++ b/package/dbus/files/dbus.init
@@ -14,7 +14,7 @@ start)
dbus-daemon --config-file=/etc/dbus-1/system.conf
;;
stop)
- killall dbus-daemon
+ pkill dbus-daemon
;;
restart)
sh $0 stop
diff --git a/package/dhcp-forwarder/files/dhcp-fwd.init b/package/dhcp-forwarder/files/dhcp-fwd.init
index 8e6cda234..1a193f2ae 100644
--- a/package/dhcp-forwarder/files/dhcp-fwd.init
+++ b/package/dhcp-forwarder/files/dhcp-fwd.init
@@ -13,7 +13,7 @@ start)
dhcp-fwd
;;
stop)
- killall dhcp-fwd
+ pkill dhcp-fwd
;;
restart)
sh $0 stop
diff --git a/package/dhcp/files/dhcpd.init b/package/dhcp/files/dhcpd.init
index 6ba76df9f..acdfc501f 100644
--- a/package/dhcp/files/dhcpd.init
+++ b/package/dhcp/files/dhcpd.init
@@ -14,7 +14,7 @@ start)
dhcpd $dhcpd_flags
;;
autostop|stop)
- killall dhcpd
+ pkill dhcpd
;;
restart)
sh $0 stop
diff --git a/package/dnsmasq/files/dnsmasq.init b/package/dnsmasq/files/dnsmasq.init
index be9218bcb..01ca2cca6 100644
--- a/package/dnsmasq/files/dnsmasq.init
+++ b/package/dnsmasq/files/dnsmasq.init
@@ -14,7 +14,7 @@ start)
/usr/sbin/dnsmasq
;;
stop)
- killall dnsmasq
+ pkill dnsmasq
;;
restart)
sh $0 stop
diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init
index 09eea25e4..1c4c33745 100644
--- a/package/dropbear/files/dropbear.init
+++ b/package/dropbear/files/dropbear.init
@@ -30,7 +30,7 @@ start)
/usr/sbin/dropbear $dropbear_flags
;;
stop)
- killall dropbear
+ pkill dropbear
;;
restart)
sh $0 stop
diff --git a/package/ebtables/Config.in b/package/ebtables/Config.in
new file mode 100644
index 000000000..7e78aeedd
--- /dev/null
+++ b/package/ebtables/Config.in
@@ -0,0 +1,6 @@
+config ADK_PACKAGE_EBTABLES
+ prompt "ebtables.......................... Ethernet bridging firewall tool"
+ tristate
+ default n
+ help
+ http://ebtables.sourceforge.net/
diff --git a/package/ebtables/Makefile b/package/ebtables/Makefile
new file mode 100644
index 000000000..2a2c7dfe3
--- /dev/null
+++ b/package/ebtables/Makefile
@@ -0,0 +1,32 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include ${TOPDIR}/rules.mk
+
+PKG_NAME:= ebtables
+PKG_VERSION:= 2.0.9
+PKG_RELEASE:= 1
+PKG_MD5SUM:= 0e0c20adf2bba6d91dbd0b74a1a38c33
+PKG_DESCR:= ethernet bridging firewall tool
+PKG_SECTION:= net
+PKG_URL:= http://ebtables.sourceforge.net
+PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=ebtables/}
+
+DISTFILES:= ${PKG_NAME}-v${PKG_VERSION}-1.tar.gz
+WRKDIST= ${WRKDIR}/${PKG_NAME}-v${PKG_VERSION}-1
+
+include ${TOPDIR}/mk/package.mk
+
+$(eval $(call PKG_template,EBTABLES,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
+
+BUILD_STYLE:= auto
+INSTALL_STYLE:= auto
+
+post-install:
+ ${INSTALL_DIR} ${IDIR_EBTABLES}/etc
+ ${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin ${IDIR_EBTABLES}/usr/lib
+ ${INSTALL_DATA} ${WRKINST}/etc/ethertypes ${IDIR_EBTABLES}/etc
+ ${INSTALL_BIN} ${WRKINST}/usr/sbin/ebtables ${IDIR_EBTABLES}/usr/sbin
+ ${CP} ${WRKINST}/usr/lib/*.so ${IDIR_EBTABLES}/usr/lib
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/ebtables/patches/patch-Makefile b/package/ebtables/patches/patch-Makefile
new file mode 100644
index 000000000..62528ec30
--- /dev/null
+++ b/package/ebtables/patches/patch-Makefile
@@ -0,0 +1,95 @@
+--- ebtables-v2.0.9-1.orig/Makefile 2009-06-21 15:13:25.000000000 +0200
++++ ebtables-v2.0.9-1/Makefile 2009-11-29 15:39:30.000000000 +0100
+@@ -8,17 +8,16 @@ PROGDATE:=June\ 2009
+
+ # default paths
+ LIBDIR:=/usr/lib
+-MANDIR:=/usr/local/man
+-BINDIR:=/usr/local/sbin
++MANDIR:=/usr/man
++BINDIR:=/usr/sbin
+ ETCDIR:=/etc
+-INITDIR:=/etc/rc.d/init.d
++INITDIR:=/etc/init.d
+ SYSCONFIGDIR:=/etc/sysconfig
+ DESTDIR:=
+
+-CFLAGS:=-Wall -Wunused
++CFLAGS?=-Wall -Wunused
+ CFLAGS_SH_LIB:=-fPIC
+-CC:=gcc
+-LD:=ld
++CC?=gcc
+
+ ifeq ($(shell uname -m),sparc64)
+ CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
+@@ -85,7 +84,7 @@ ebtables-standalone.o: ebtables-standalo
+
+ .PHONY: libebtc
+ libebtc: $(OBJECTS2)
+- $(LD) -shared -soname libebtc.so -o libebtc.so -lc $(OBJECTS2)
++ $(CC) -shared -o libebtc.so -lc $(OBJECTS2)
+
+ ebtables: $(OBJECTS) ebtables-standalone.o libebtc
+ $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \
+@@ -154,28 +153,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/
+ .PHONY: scripts
+ scripts: ebtables-save ebtables.sysv ebtables-config
+ cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+- install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
++ install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+ cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+- install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables
++ mkdir -p $(DESTDIR)$(INITDIR)
++ install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables
+ cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+- install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config
++ #install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config
+ rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+ mkdir -p $(DESTDIR)$(@D)
+ sed 's/$$(VERSION)/$(PROGVERSION)/' ebtables.8 | sed 's/$$(DATE)/$(PROGDATE)/' > ebtables.8_
+- install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
++ install -m 0644 ebtables.8_ $(DESTDIR)$@
+ rm -f ebtables.8_
+
+ $(ETHERTYPESFILE): ethertypes
+ mkdir -p $(DESTDIR)$(@D)
+- install -m 0644 -o root -g root $< $(DESTDIR)$@
++ install -m 0644 $< $(DESTDIR)$@
+
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+ mkdir -p $(DESTDIR)$(BINDIR)
+- install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+- install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
++ install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
++ install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(ETHERTYPESFILE) exec scripts
+@@ -199,18 +199,18 @@ release:
+ rm -f extensions/ebt_inat.c
+ rm -rf $(CVSDIRS)
+ mkdir -p include/linux/netfilter_bridge
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/
+ # To keep possible compile error complaints about undefined ETH_P_8021Q
+ # off my back
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/if_ether.h include/linux/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/types.h include/linux/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ $(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \
+ include/linux/netfilter_bridge/
+- install -m 0644 -o root -g root \
++ install -m 0644 \
+ include/ebtables.h include/linux/netfilter_bridge/
+ make clean
+ touch *
diff --git a/package/esound/files/esd.init b/package/esound/files/esd.init
index 0f60c59e5..fd2ebf877 100644
--- a/package/esound/files/esd.init
+++ b/package/esound/files/esd.init
@@ -12,7 +12,7 @@ start)
esd -d /dev/sound/dsp -public -tcp -nobeeps
;;
stop)
- killall esd
+ pkill esd
;;
restart)
sh $0 stop
diff --git a/package/ez-ipupdate/files/ez-ipupdate.init b/package/ez-ipupdate/files/ez-ipupdate.init
index c6fbfc39e..ea784481c 100644
--- a/package/ez-ipupdate/files/ez-ipupdate.init
+++ b/package/ez-ipupdate/files/ez-ipupdate.init
@@ -13,7 +13,7 @@ start)
/usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf -d
;;
stop)
- killall ez-ipupdate
+ pkill ez-ipupdate
;;
restart)
sh $0 stop
diff --git a/package/fakeidentd/files/fakeidentd.init b/package/fakeidentd/files/fakeidentd.init
index d145a6906..652ee02df 100644
--- a/package/fakeidentd/files/fakeidentd.init
+++ b/package/fakeidentd/files/fakeidentd.init
@@ -13,7 +13,7 @@ start)
fakeidentd ${fakeidentd_flags}
;;
stop)
- killall fakeidentd
+ pkill fakeidentd
;;
restart)
sh $0 stop
diff --git a/package/freeradius-server/files/radiusd.init b/package/freeradius-server/files/radiusd.init
index 818f803ff..e43c5f94e 100644
--- a/package/freeradius-server/files/radiusd.init
+++ b/package/freeradius-server/files/radiusd.init
@@ -14,7 +14,7 @@ start)
radiusd
;;
stop)
- killall radiusd
+ pkill radiusd
;;
restart)
sh $0 stop
diff --git a/package/frickin/files/frickin.init b/package/frickin/files/frickin.init
index 4e63232c0..baf5d9c18 100644
--- a/package/frickin/files/frickin.init
+++ b/package/frickin/files/frickin.init
@@ -13,7 +13,7 @@ start)
frickin ${frickin_flags}
;;
stop)
- killall frickin
+ pkill frickin
;;
restart)
sh $0 stop
diff --git a/package/gkrellmd/files/gkrellmd.init b/package/gkrellmd/files/gkrellmd.init
index dfbf7dc5f..79b998713 100644
--- a/package/gkrellmd/files/gkrellmd.init
+++ b/package/gkrellmd/files/gkrellmd.init
@@ -13,7 +13,7 @@ start)
gkrellmd -d
;;
stop)
- killall gkrellmd
+ pkill gkrellmd
;;
restart)
sh $0 stop
diff --git a/package/gmediaserver/files/gmediaserver.init b/package/gmediaserver/files/gmediaserver.init
index 81deeb899..1c67e5f40 100644
--- a/package/gmediaserver/files/gmediaserver.init
+++ b/package/gmediaserver/files/gmediaserver.init
@@ -13,7 +13,7 @@ autostop) ;;
gmediaserver $gmediaserver_flags
;;
stop)
- killall gmediaserver
+ pkill gmediaserver
;;
restart)
sh $0 stop
diff --git a/package/grub-bin/Makefile b/package/grub-bin/Makefile
index 1d2fbb334..24f386acd 100644
--- a/package/grub-bin/Makefile
+++ b/package/grub-bin/Makefile
@@ -8,7 +8,7 @@ include ${TOPDIR}/rules.mk
PKG_NAME:= grub-bin
PKG_VERSION:= 1.97.1
PKG_RELEASE:= 1
-PKG_MD5SUM:= 99ddead9dcb689a7ec2431c1e6b3cf0d
+PKG_MD5SUM:= 24961a39e63d8ec16d765aad3a301cda
PKG_DESCR:= GRUB bootloader
PKG_SECTION:= sys
PKG_SITES:= http://openadk.org/distfiles/
diff --git a/package/heimdal/files/heimdal.init b/package/heimdal/files/heimdal.init
index 2e87f4932..33692f111 100644
--- a/package/heimdal/files/heimdal.init
+++ b/package/heimdal/files/heimdal.init
@@ -15,9 +15,9 @@ start)
/usr/sbin/kpasswdd &
;;
stop)
- killall kdc
- killall kadmind
- killall kpasswdd
+ pkill kdc
+ pkill kadmind
+ pkill kpasswdd
;;
restart)
sh $0 stop
diff --git a/package/htpdate/files/htpdate.init b/package/htpdate/files/htpdate.init
index 4457e4391..0b3f34ad6 100644
--- a/package/htpdate/files/htpdate.init
+++ b/package/htpdate/files/htpdate.init
@@ -14,7 +14,7 @@ start)
htpdate -l -s -t $htpdate_flags && htpdate -D $htpdate_flags
;;
stop)
- killall htpdate
+ pkill htpdate
;;
restart)
sh $0 stop
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index b8e1df9c2..0548aad57 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk
PKG_NAME:= iptables
PKG_VERSION:= 1.4.5
-PKG_RELEASE:= 1
+PKG_RELEASE:= 2
PKG_MD5SUM:= 44f13990132c20299c1994cd6f425140
PKG_DESCR:= The netfilter firewalling software
PKG_SECTION:= net
@@ -24,7 +24,6 @@ include ${TOPDIR}/mk/package.mk
#include ${LINUX_DIR}/.config
$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-$(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
$(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
CONFIGURE_STYLE:= gnu
@@ -32,21 +31,16 @@ CONFIGURE_ARGS+= --enable-devel
BUILD_STYLE:= auto
INSTALL_STYLE:= auto
-SUB_INSTALL-${ADK_PACKAGE_IPTABLES_UTILS}+= iptables-utils-install
SUB_INSTALL-${ADK_PACKAGE_IP6TABLES}+= ip6tables-install
post-install: ${SUB_INSTALL-m} ${SUB_INSTALL-y}
- ${INSTALL_DIR} ${IDIR_IPTABLES}/usr/lib
- ${INSTALL_DIR} ${IDIR_IPTABLES}/usr/sbin
- ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin/
+ ${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin}
+ ${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc
+ ${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin/
${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib
${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib
${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib
-iptables-utils-install:
- ${INSTALL_DIR} ${IDIR_IPTABLES_UTILS}/usr/sbin
- ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} ${IDIR_IPTABLES_UTILS}/usr/sbin/
-
ip6tables-install:
${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/lib
${INSTALL_DIR} ${IDIR_IP6TABLES}/usr/sbin
diff --git a/package/iptables/files/firewall.conf b/package/iptables/files/firewall.conf
new file mode 100644
index 000000000..bc9a39c41
--- /dev/null
+++ b/package/iptables/files/firewall.conf
@@ -0,0 +1,119 @@
+#!/bin/sh
+
+
+echo "configure /etc/firewall.conf first."
+exit 1
+
+### Interfaces
+WAN=ppp0
+LAN=br0
+WLAN=
+
+######################################################################
+### Default ruleset
+######################################################################
+
+### Create chains
+iptables -N input_rule
+iptables -N forwarding_rule
+iptables -t nat -N prerouting_rule
+iptables -t nat -N postrouting_rule
+
+### Default policy
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+### INPUT
+### (connections with the router as destination)
+
+# base case
+iptables -A INPUT -m state --state INVALID -j DROP
+iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
+
+# custom rules
+iptables -A INPUT -j input_rule
+
+# allow access from anything but WAN
+iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
+# allow icmp messages
+iptables -A INPUT -p icmp -j ACCEPT
+
+# reject
+iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
+iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+
+### OUTPUT
+### (connections with the router as source)
+
+# base case
+iptables -A OUTPUT -m state --state INVALID -j DROP
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+### FORWARD
+### (connections routed through the router)
+
+# base case
+iptables -A FORWARD -m state --state INVALID -j DROP
+iptables -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# custom rules
+iptables -A FORWARD -j forwarding_rule
+iptables -t nat -A PREROUTING -j prerouting_rule
+iptables -t nat -A POSTROUTING -j postrouting_rule
+
+# allow LAN
+iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
+
+### MASQUERADING
+echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+
+######################################################################
+### Default ruleset end
+######################################################################
+
+###
+### Connections to the router
+###
+
+# ssh
+#iptables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
+
+# IPSec
+#iptables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
+
+# OpenVPN
+#iptables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
+
+# PPTP
+#iptables -A input_rule -i $WAN -p gre -j ACCEPT
+#iptables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
+
+###
+### VPN traffic
+###
+
+# IPSec
+#iptables -A forwarding_rule -o ipsec+ -j ACCEPT
+#iptables -A forwarding_rule -i ipsec+ -j ACCEPT
+
+# OpenVPN
+#iptables -A forwarding_rule -o tun+ -j ACCEPT
+#iptables -A forwarding_rule -i tun+ -j ACCEPT
+
+###
+### Port forwardings to LAN
+###
+
+#iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 3389 -j DNAT --to 192.168.1.10
+#iptables -A forwarding_rule -i $WAN -p tcp --dport 3389 -d 192.168.1.10 -j ACCEPT
+
+# Transparent Bridging Proxy
+#ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
+# --ip-destination-port 80 -j redirect --redirect-target ACCEPT
+#iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
+# -j REDIRECT --to-port 8080
+
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
new file mode 100755
index 000000000..b3ea698d6
--- /dev/null
+++ b/package/iptables/files/firewall.init
@@ -0,0 +1,35 @@
+#!/bin/sh
+#PKG iptables
+#INIT 45
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+ test x"${firewall:-NO}" = x"NO" && exit 0
+ exec sh $0 start
+ ;;
+start)
+ . /etc/firewall.conf
+ ;;
+stop)
+ ### Clear tables
+ iptables -F
+ iptables -X
+ iptables -t nat -F
+ iptables -t nat -X
+ iptables -P INPUT ACCEPT
+ iptables -P FORWARD ACCEPT
+ iptables -P OUTPUT ACCEPT
+ iptables -t nat -P PREROUTING ACCEPT
+ iptables -t nat -P POSTROUTING ACCEPT
+ ;;
+restart)
+ sh $0 stop
+ sh $0 start
+ ;;
+*)
+ echo "Usage: $0 {start | stop | restart}"
+ ;;
+esac
+exit $?
diff --git a/package/iptables/files/iptables.postinst b/package/iptables/files/iptables.postinst
index fd2865a31..89b0af164 100644
--- a/package/iptables/files/iptables.postinst
+++ b/package/iptables/files/iptables.postinst
@@ -1,7 +1,4 @@
#!/bin/sh
. $IPKG_INSTROOT/etc/functions.sh
-if [ -f $IPKG_INSTROOT/etc/init.d/S45firewall ]; then
- add_rcconf iptables firewall NO
-fi
-
+add_rcconf iptables firewall NO
diff --git a/package/iptables/files/l7/aim.pat b/package/iptables/files/l7/aim.pat
deleted file mode 100644
index 9768dbbdc..000000000
--- a/package/iptables/files/l7/aim.pat
+++ /dev/null
@@ -1,27 +0,0 @@
-# AIM - AOL instant messenger (OSCAR and TOC)
-# Pattern quality: good notsofast
-# Usually runs on port 5190
-#
-# This may also match ICQ traffic.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-aim
-# See http://gridley.acns.carleton.edu/~straitm/final (and various other places)
-# The first bit matches OSCAR signon and data commands, but not sure what
-# \x03\x0b matches, but it works apparently.
-# The next three bits match various parts of the TOC signon process.
-# The third one is the magic number "*", then 0x01 for "signon", then up to four
-# bytes ("up to" because l7-filter strips out nulls) which contain a sequence
-# number (2 bytes) the data length (2 more) and 3 nulls (which don't count),
-# then 0x01 for the version number (not sure if there ever has been another
-# version)
-# The fourth one is a command string, followed by some stuff, then the
-# beginning of the "roasted" password
-
-# This pattern is too slow!
-
-^(\*[\x01\x02].*\x03\x0b|\*\x01.?.?.?.?\x01)|flapon|toc_signon.*0x
diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat
deleted file mode 100644
index c1804ee4b..000000000
--- a/package/iptables/files/l7/bittorrent.pat
+++ /dev/null
@@ -1,14 +0,0 @@
-# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern quality: great veryfast
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-bittorrent
-
-# Does not attempt to match the HTTP download of the tracker
-# 0x13 is the length of "bittorrent protocol"
-# Second two bits match UDP wierdness, commented out until it's tested
-#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP])
-^\x13bittorrent protocol
diff --git a/package/iptables/files/l7/edonkey-dl.pat b/package/iptables/files/l7/edonkey-dl.pat
deleted file mode 100644
index d344d169d..000000000
--- a/package/iptables/files/l7/edonkey-dl.pat
+++ /dev/null
@@ -1,8 +0,0 @@
-# eDonkey2000 - P2P filesharing (download part) - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch usepacket
-
-edonkey-dl
-
-^[\xe3\xe4\xc5\xe5\xd4](....)?[\x01\x0a\x0e\x0f\x10\x18\x19\x1b\x1c\x47\x4a\x4f\x51\x53\x54\x58\x60\x81\x90\x96\x9a\x9c\xa2]
-
-
diff --git a/package/iptables/files/l7/edonkey.pat b/package/iptables/files/l7/edonkey.pat
deleted file mode 100644
index efbc3f361..000000000
--- a/package/iptables/files/l7/edonkey.pat
+++ /dev/null
@@ -1,29 +0,0 @@
-# eDonkey2000 - P2P filesharing - http://edonkey2000.com
-# Pattern quality: good veryfast overmatch
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether this pattern
-# works for you or not. If you believe it could be improved please post your
-# suggestions to that list as well. You may subscribe to this list at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Matt Skidmore <fox AT woozle.org>
-
-edonkey
-
-# http://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6
-#
-# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5
-#
-# God this is a mess. What an irritating protocol.
-# This will match about 1% of streams with random data in them!
-
-^[\xe3\xc5\xe5\xd4](....)?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x5b\x5c\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$)
-
-# matches everything and too much
-# ^(\xe3|\xc5|\xd4)
-
-# ipp2p essentially uses "\xe3....\x47", which doesn't seem at all right to me.
-
-# bandwidtharbitrator uses
-# e0.*@.*6[a-z].*p$|e0.*@.*[a-z]6[a-z].*p0$|e.*@.*[0-9]6.*p$|emule|edonkey
-# no comments to explain what all the mush is, of course...
diff --git a/package/iptables/files/l7/fasttrack.pat b/package/iptables/files/l7/fasttrack.pat
deleted file mode 100644
index 46295c6bb..000000000
--- a/package/iptables/files/l7/fasttrack.pat
+++ /dev/null
@@ -1,25 +0,0 @@
-# FastTrack - P2P filesharing (Kazaa, Morpheus, iMesh, Grokster, etc)
-# Pattern quality: good notsofast
-#
-# Tested with Kazaa Lite Resurrection 0.0.7.6F
-#
-# This appears to match the download connections well, but not the search
-# connections (I think they are encrypted :-( ).
-#
-# Please post to l7-filter-developers@lists.sf.net as to whether it works
-# for you or not. If you believe it could be improved please post your
-# suggestions to that list as well. You may subscribe to this list at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-fasttrack
-# while this is a valid http request, this will be caught because
-# the http pattern matches the response (and therefore the next packet)
-# Even so, it's best to put this match earlier in the chain.
-# http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/PROTOCOL?rev=HEAD&content-type=text/vnd.viewcvs-markup
-
-# This pattern is kinda slow, but not too bad.
-^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-
-# This isn't much faster:
-#^get (/.download/.*|/.supernode.|/.status.|/.network.*|/.files|/.hash=[0-9a-f]*/.*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?
-
diff --git a/package/iptables/files/l7/ftp.pat b/package/iptables/files/l7/ftp.pat
deleted file mode 100644
index 9593ffd1b..000000000
--- a/package/iptables/files/l7/ftp.pat
+++ /dev/null
@@ -1,34 +0,0 @@
-# FTP - File Transfer Protocol - RFC 959
-# Pattern quality: great fast
-#
-# Usually runs on port 21. Note that the data stream is on a dynamically
-# assigned port, which means that you will need the FTP connection
-# tracking module in your kernel to usefully match FTP data transfers.
-#
-# This pattern is well tested. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Matches the first two things a server should say. Most servers say
-# something after 220, even though they don't have to, and it usually
-# includes the string "ftp" (l7-filter is case insensitive).
-# This includes proftpd, vsftpd, wuftpd, warftpd, pureftpd, Bulletproof
-# FTP Server, and whatever ftp.microsoft.com uses. Just in case, the next
-# thing the server sends is a 331. All the above servers also send
-# something including "password" after this code.
-ftp
-# actually, let's just do the first for now, it's faster
-^220[\x09-\x0d -~]*ftp
-
-# This is ~10x faster if the stream starts with "220"
-#^220.*ftp
-
-# This will match more, but much slower
-#^220[\x09-\x0d -~]*ftp|331[\x09-\x0d -~]*password
-
-# This pattern is more precise, but takes longer to match. (3 packets vs. 1)
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a331
-
-# same as above, but slightly less precise and only takes 2 packets.
-#^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a
diff --git a/package/iptables/files/l7/gnutella.pat b/package/iptables/files/l7/gnutella.pat
deleted file mode 100644
index ebbd5c621..000000000
--- a/package/iptables/files/l7/gnutella.pat
+++ /dev/null
@@ -1,36 +0,0 @@
-# Gnutella - P2P filesharing
-# Pattern quality: good fast
-#
-# This should match both Gnutella and "Gnutella2" ("Mike's protocol")
-#
-# Various clients use this protocol including Mactella, Shareaza,
-# GTK-gnutella, Gnucleus, Gnotella, LimeWire, BearShare, and iMesh.
-#
-# This is tested with gtk-gnutella and Shareaza.
-#
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net . If you can improve on this
-# pattern, please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# http://www.gnutella2.com/tiki-index.php?page=UDP%20Transceiver
-# http://rfc-gnutella.sf.net/
-# http://www.gnutella2.com/tiki-index.php?page=Gnutella2%20Specification
-# http://en.wikipedia.org/wiki/Shareaza
-
-gnutella
-
-# The first part matches UDP messages - All start with "GND", then have
-# a flag byte which is either \x00, \x01 or \x02, then two sequence bytes
-# that can be anything, then a fragment number, which must start at 1.
-# The rest matches TCP first client message or first server message (in case
-# we can't see client messages). Some parts of this are empirical rather than
-# document based. Assumes version is between 0.0 and 2.9. (usually is
-# 0.4 or 0.6). I'm guessing at many of the user-agents.
-# The last bit is emprical and probably only matches Limewire.
-^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|..................lime)
-
-# Needlessly precise, at the expense of time
-#^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /[\x09-\x0d -~]*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /[\x09-\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella[\x09-\x0d -~]*content-type: application/x-gnutella|..................lime)
-
-
diff --git a/package/iptables/files/l7/http.pat b/package/iptables/files/l7/http.pat
deleted file mode 100644
index 520e7fe21..000000000
--- a/package/iptables/files/l7/http.pat
+++ /dev/null
@@ -1,28 +0,0 @@
-# HTTP - HyperText Transfer Protocol - RFC 2616
-# Pattern quality: great notsofast
-# Usually runs on port 80
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# this intentionally catches the response from the server
-# rather than the request so that other protocols which use
-# http (like kazaa) can be caught based on specific http requests
-# regardless of the ordering of filters...
-# also matches posts
-
-# Sites that serve really long cookies may break this by pushing the
-# server response too far away from the beginning of the connection. To
-# fix this, increase the kernel's data buffer length.
-
-http
-# Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF (rfc 2616)
-# As specified in rfc 2616 a status code is preceeded and followed by a
-# space.
-http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]
-# A slightly faster version that might be good enough:
-#http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
-# old pattern(s):
-#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/)
diff --git a/package/iptables/files/l7/ident.pat b/package/iptables/files/l7/ident.pat
deleted file mode 100644
index 672b0753c..000000000
--- a/package/iptables/files/l7/ident.pat
+++ /dev/null
@@ -1,14 +0,0 @@
-# Ident - Identification Protocol - RFC 1413
-# Pattern quality: good veryfast
-# Usually runs on port 113
-#
-# This pattern is believed to work. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ident
-# "number , numberCRLF" possibly without the CR and/or LF.
-# ^$ is appropriate because the first packet should never have anything
-# else in it.
-^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\x09-\x0d]*,[\x09-\x0d]*[1-9][0-9]?[0-9]?[0-9]?[0-9]?(\x0d\x0a|[\x0d\x0a])?$
diff --git a/package/iptables/files/l7/irc.pat b/package/iptables/files/l7/irc.pat
deleted file mode 100644
index 6643f6c2f..000000000
--- a/package/iptables/files/l7/irc.pat
+++ /dev/null
@@ -1,20 +0,0 @@
-# IRC - Internet Relay Chat - RFC 1459
-# Pattern quality: good veryfast
-#
-# Usually runs on port 6666 or 6667
-# Note that chat traffic runs on these ports, but IRC-DCC traffic (which
-# can use much more bandwidth) uses a dynamically assigned port, so you
-# must have the IRC connection tracking module in your kernel to classify
-# this.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-irc
-# First thing that happens is that the client sends NICK and USER, in
-# either order. This allows MIRC color codes (\x02-\x0d instead of
-# \x09-\x0d).
-^(nick[\x09-\x0d -~]*user[\x09-\x0d -~]*:|user[\x09-\x0d -~]*:[\x02-\x0d -~]*nick[\x09-\x0d -~]*\x0d\x0a)
-
diff --git a/package/iptables/files/l7/jabber.pat b/package/iptables/files/l7/jabber.pat
deleted file mode 100644
index 7a0c6840e..000000000
--- a/package/iptables/files/l7/jabber.pat
+++ /dev/null
@@ -1,24 +0,0 @@
-# Jabber (XMPP) - an open instant messenger protocol - http://jabber.org
-# Pattern quality: good fast
-#
-# This pattern has been tested with Gaim and Gabber. It is only tested
-# with non-SSL mode Jabber with no proxies. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# Thanks to Jan Hudec for some improvements.
-
-# Jabber seems to take a long time to set up a connection. I'm
-# connecting with Gabber 0.8.8 to 12jabber.org and the first 8 packets
-# is this:
-# <stream:stream to='12jabber.com' xmlns='jabber:client'
-# xmlns:stream='http://etherx.jabber.org/streams'><?xml
-# version='1.0'?><stream:stream
-# xmlns:stream='http://etherx.jabber.org/streams' id='3f73e951'
-# xmlns='jabber:client' from='12jabber.com'>
-#
-# No mention of my username or password yet, you'll note.
-
-jabber
-<stream:stream[\x09-\x0d ][ -~]*[\x09-\x0d ]xmlns=['"]jabber
diff --git a/package/iptables/files/l7/msnmessenger.pat b/package/iptables/files/l7/msnmessenger.pat
deleted file mode 100644
index e07f71f31..000000000
--- a/package/iptables/files/l7/msnmessenger.pat
+++ /dev/null
@@ -1,15 +0,0 @@
-# MSN Messenger - Microsoft Network chat client
-# Pattern quality: good veryfast
-#
-# Usually uses port 1863
-# http://www.hypothetic.org/docs/msn/index.php
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-msnmessenger
-# ver: allow versions up to 99.
-# usr (in case ver didn't work):
-^(ver [0-9]+ msnp[1-9][0-9]? [\x09-\x0d -~]* cvr|usr md5 i [ -~]*)
diff --git a/package/iptables/files/l7/ntp.pat b/package/iptables/files/l7/ntp.pat
deleted file mode 100644
index b7e443e21..000000000
--- a/package/iptables/files/l7/ntp.pat
+++ /dev/null
@@ -1,17 +0,0 @@
-# (S)NTP - (Simple) Network Time Protocol - RFCs 1305 and 2030
-# Pattern quality: good veryfast overmatch
-#
-# This pattern is tested and is believed to work. If this does not work
-# for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . Subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# client|server
-# Requires the server's timestamp to be in the present or future (of 2005).
-# Tested with ntpdate on Linux.
-# Assumes version 2, 3 or 4.
-
-# Note that ntp packets are always 48 bytes, so you should match on that too.
-
-ntp
-^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff])
diff --git a/package/iptables/files/l7/pop3.pat b/package/iptables/files/l7/pop3.pat
deleted file mode 100644
index f6bb63061..000000000
--- a/package/iptables/files/l7/pop3.pat
+++ /dev/null
@@ -1,50 +0,0 @@
-# POP3 - Post Office Protocol version 3 (popular e-mail protocol) - RFC 1939
-# Pattern quality: good veryfast
-#
-# This pattern has been tested somewhat. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-# this is a difficult protocol to match because of the relative lack of
-# distinguishing information. Read on.
-pop3
-
-# this the most conservative pattern. It should definitely work.
-#^(\+ok|-err)
-
-# this pattern assumes that the server says _something_ after +ok or -err
-# I think this is probably the way to go.
-^(\+ok |-err )
-
-# more that 90% of servers seem to say "pop" after "+ok", but not all.
-#^(\+ok .*pop)
-
-# Here's another tack. I think this is my second favorite.
-#^(\+ok [\x09-\x0d -~]*(ready|hello|pop|starting)|-err [\x09-\x0d -~]*(invalid|unknown|unimplemented|unrecognized|command))
-
-# this matches the server saying "you have N messages that are M bytes",
-# which the client probably asks for early in the session (not tested)
-#\+ok [0-9]+ [0-9]+
-
-# some sample servers:
-# RFC example: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
-# mail.dreamhost.com: +OK Hello there.
-# pop.carleton.edu: +OK POP3D(*) Server PMDFV6.2.2 at Fri, 12 Sep 2003 19:28:10 -0500 (CDT) (APOP disabled)
-# mail.earthlink.net: +OK NGPopper vEL_4_38 at earthlink.net ready <25509.1063412951@falcon>
-# *.email.umn.edu: +OK Cubic Circle's v1.22 1998/04/11 POP3 ready <7d1e0000da67623f@aquamarine.tc.umn.edu>
-# mail.yale.edu: +OK POP3 pantheon-po01 v2002.81 server ready
-# mail.gustavus.edu: +OK POP3 solen v2001.78 server ready
-# mail.reed.edu: +OK POP3 letra.reed.edu v2002.81 server ready
-# mail.bowdoin.edu: +OK mail.bowdoin.edu POP3 service (iPlanet Messaging Server 5.2 HotFix 1.15 (built Apr 28 2003))
-# pop.colby.edu: +OK Qpopper (version 4.0.5) at basalt starting.
-# mail.mac.com: +OK Netscape Messaging Multiplexor ready
-
-# various error strings:
-#-ERR Invalid command.
-#-ERR invalid command
-#-ERR unimplemented
-#-ERR Invalid command, try one of: USER name, PASS string, QUIT
-#-ERR Unknown AUTHORIZATION state command
-#-ERR Unrecognized command
-#-ERR Unknown command: "sadf'".
diff --git a/package/iptables/files/l7/smtp.pat b/package/iptables/files/l7/smtp.pat
deleted file mode 100644
index 1bab7a1df..000000000
--- a/package/iptables/files/l7/smtp.pat
+++ /dev/null
@@ -1,39 +0,0 @@
-# SMTP - Simple Mail Transfer Protocol - RFC 2821 (See also RFC 1869)
-# Pattern quality: great fast
-# usually runs on port 25
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-smtp
-# As usual, no text is required after "220", but all known servers have some
-# there. It (almost?) always has string "smtp" in it. The RFC examples
-# does not, so we match those too, just in case anyone has copied them
-# literally.
-^220[\x09-\x0d -~]* (e?smtp|simple mail)
-
-# This is ~3x faster if the stream starts with "220"
-#^220.* (e?smtp|simple mail)
-
-# Some examples:
-# 220 mail.stalker.com ESMTP CommuniGate Pro 4.1.3
-# 220 mail.vieodata.com ESMTP Merak 6.1.0; Mon, 15 Sep 2003 13:48:11 -0400
-# 220 mail.ut.caldera.com ESMTP
-# 220 persephone.pmail.gen.nz ESMTP server ready.
-# 220 smtp1.superb.net ESMTP
-# 220 mail.kerio.com Kerio MailServer 5.6.7 ESMTP ready
-# 220-mail.deerfield.com ESMTP VisNetic.MailServer.v6.0.9.0; Mon, 15 Sep 2003 13:4
-# 220 altn.com ESMTP MDaemon 6.8.5; Mon, 15 Sep 2003 12:46:42 -0500
-# 220 X1 NT-ESMTP Server ipsmin0165atl2.interland.net (IMail 6.06 73062-3)
-# 220 mail.icewarp.com ESMTP Merak 6.1.1; Mon, 15 Sep 2003 19:43:23 +0200
-# 220-mail.email-scan.com ESMTP
-# 220 smaug.dreamhost.com ESMTP
-# 220 kona.carleton.edu -- Server ESMTP (PMDF V6.2#30648)
-# 220 letra.reed.edu ESMTP Sendmail 8.12.9/8.12.9; Mon, 15 Sep 2003 10:35:57 -0700 (PDT)
-# 220-swan.mail.pas.earthlink.net ESMTP Exim 3.33 #1 Mon, 15 Sep 2003 10:32:15 -0700
-#
-# RFC examples:
-# 220 xyz.com Simple Mail Transfer Service Ready (RFC example)
-# 220 dbc.mtview.ca.us SMTP service ready
diff --git a/package/iptables/files/l7/ssl.pat b/package/iptables/files/l7/ssl.pat
deleted file mode 100644
index ab5f62caa..000000000
--- a/package/iptables/files/l7/ssl.pat
+++ /dev/null
@@ -1,15 +0,0 @@
-# SSL and TLS - Secure Socket Layer / Transport Layer Security - RFC 2246
-# Pattern quality: good fast
-# Usually runs on port 443
-#
-# This is a superset validcertssl. For it to match, it must be first.
-#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-
-ssl
-# Client Hello | Server Hello with certificate
-# This allows SSL 3.X, which includes TLS 1.0, known internally as SSL 3.1
-^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b)
diff --git a/package/iptables/files/l7/vnc.pat b/package/iptables/files/l7/vnc.pat
deleted file mode 100644
index 35bfbd4ba..000000000
--- a/package/iptables/files/l7/vnc.pat
+++ /dev/null
@@ -1,23 +0,0 @@
-# VNC - Virtual Network Computing. Also known as RFB - Remote Frame Buffer
-# Pattern quality: good fast
-# http://www.realvnc.com/documentation.html
-#
-# This pattern has been verified with vnc v3.3.7 on WinXP and Linux
-# Please report on how this pattern works for you at
-# l7-filter-developers@lists.sf.net . If you can improve on this pattern,
-# please also post to that list. You may subscribe at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
-#
-# Thanks to Trevor Paskett <tpaskett AT cymphonix.com> for this pattern.
-
-vnc
-# Assumes single digit major and minor version numbers
-# This message should be all alone in the first packet, so ^$ is appropriate
-^rfb 00[1-9]\.00[0-9]\x0a$
-
-# This is a more restrictive version which assumes the version numbers
-# are ones actually in existance at the time of this writing, i.e. 3.3,
-# 3.7 and 3.8 (with some clients wrongly reporting 3.5). It should be
-# slightly faster, but probably not worth the extra maintenance.
-# ^rfb 003\.00[3578]\x0a$
-
diff --git a/package/krb5/files/krb5.init b/package/krb5/files/krb5.init
index f91d0427b..259c03651 100644
--- a/package/krb5/files/krb5.init
+++ b/package/krb5/files/krb5.init
@@ -14,8 +14,8 @@ start)
/usr/sbin/kadmind &
;;
stop)
- killall krb5kdc
- killall kadmind
+ pkill krb5kdc
+ pkill kadmind
;;
restart)
sh $0 stop
diff --git a/package/lighttpd/files/lighttpd.init b/package/lighttpd/files/lighttpd.init
index cdfd3183d..37b543fd2 100644
--- a/package/lighttpd/files/lighttpd.init
+++ b/package/lighttpd/files/lighttpd.init
@@ -14,7 +14,7 @@ start)
lighttpd $lighttpd_flags
;;
stop)
- killall lighttpd
+ pkill lighttpd
;;
restart)
sh $0 stop
diff --git a/package/maradns/files/maradns.init b/package/maradns/files/maradns.init
index 960ae15e0..ca256f517 100644
--- a/package/maradns/files/maradns.init
+++ b/package/maradns/files/maradns.init
@@ -16,7 +16,7 @@ start)
maradns &
;;
stop)
- killall maradns
+ pkill maradns
;;
restart)
sh $0 stop
diff --git a/package/mini_httpd/files/mini_httpd.init b/package/mini_httpd/files/mini_httpd.init
index 9cf60b3ee..53411d41c 100644
--- a/package/mini_httpd/files/mini_httpd.init
+++ b/package/mini_httpd/files/mini_httpd.init
@@ -14,7 +14,7 @@ start)
mini_httpd $mini_httpd_flags
;;
stop)
- killall mini_httpd
+ pkill mini_httpd
;;
restart)
sh $0 stop
diff --git a/package/miredo/files/miredo-server.init b/package/miredo/files/miredo-server.init
index 6231573a4..b77e62af6 100644
--- a/package/miredo/files/miredo-server.init
+++ b/package/miredo/files/miredo-server.init
@@ -14,7 +14,7 @@ start)
miredo-server
;;
stop)
- killall miredo-server
+ pkill miredo-server
;;
restart)
sh $0 stop
diff --git a/package/miredo/files/miredo.init b/package/miredo/files/miredo.init
index d1e846ad7..23285fb86 100644
--- a/package/miredo/files/miredo.init
+++ b/package/miredo/files/miredo.init
@@ -14,7 +14,7 @@ start)
miredo
;;
stop)
- killall miredo
+ pkill miredo
;;
restart)
sh $0 stop
diff --git a/package/monit/files/monit.init b/package/monit/files/monit.init
index 712e7899b..d4d914f95 100644
--- a/package/monit/files/monit.init
+++ b/package/monit/files/monit.init
@@ -14,7 +14,7 @@ start)
monit $monit_flags
;;
stop)
- killall monit
+ pkill monit
;;
restart)
sh $0 stop
diff --git a/package/mpd/files/mpd.conf b/package/mpd/files/mpd.conf
index 4e3725119..10b1e6918 100644
--- a/package/mpd/files/mpd.conf
+++ b/package/mpd/files/mpd.conf
@@ -3,6 +3,7 @@ user "mpd"
music_directory "~/music"
playlist_directory "~/.mpd/playlists"
db_file "~/.mpd/database"
+pid_file "/var/run/mpd/mpd.pid"
log_file "~/.mpd/log"
error_file "~/.mpd/error-log"
# An example of an ALSA output
diff --git a/package/mpd/files/mpd.init b/package/mpd/files/mpd.init
index 97b883a11..29482b365 100644
--- a/package/mpd/files/mpd.init
+++ b/package/mpd/files/mpd.init
@@ -17,6 +17,10 @@ start)
echo "mpd user must be in group audio."
exit 1
fi
+ if [ ! -d /var/run/mpd ];then
+ mkdir -p /var/run/mpd
+ chown mpd:mpd /var/run/mpd
+ fi
mpd
;;
stop)
diff --git a/package/mpd/files/mpd.postinst b/package/mpd/files/mpd.postinst
index 361adeec0..957d973cb 100644
--- a/package/mpd/files/mpd.postinst
+++ b/package/mpd/files/mpd.postinst
@@ -2,5 +2,5 @@
. $IPKG_INSTROOT/etc/functions.sh
gid=$(get_next_gid)
add_group mpd $gid
-add_user mpd $(get_next_uid) $gid /mnt
+add_user mpd $(get_next_uid) $gid /mnt/media
add_rcconf mpd
diff --git a/package/mrd6/files/mrd6.init b/package/mrd6/files/mrd6.init
index 710cde814..da6b5eea3 100644
--- a/package/mrd6/files/mrd6.init
+++ b/package/mrd6/files/mrd6.init
@@ -14,7 +14,7 @@ start)
/usr/sbin/mrd6 -f /etc/mrd6.conf -D
;;
stop)
- killall mrd6
+ pkill mrd6
;;
restart)
sh $0 stop
diff --git a/package/mt-daapd/files/mt-daapd.init b/package/mt-daapd/files/mt-daapd.init
index 84ab61d11..a7632388a 100644
--- a/package/mt-daapd/files/mt-daapd.init
+++ b/package/mt-daapd/files/mt-daapd.init
@@ -14,7 +14,7 @@ start)
mt-daapd
;;
stop)
- killall mt-daapd
+ pkill mt-daapd
;;
restart)
sh $0 stop
diff --git a/package/net-snmp/files/snmpd.init b/package/net-snmp/files/snmpd.init
index 4a3d2671f..a1c4503ac 100644
--- a/package/net-snmp/files/snmpd.init
+++ b/package/net-snmp/files/snmpd.init
@@ -15,7 +15,7 @@ start)
snmpd $snmpd_flags
;;
stop)
- killall snmpd
+ pkill snmpd
;;
restart)
sh $0 stop
diff --git a/package/netperf/files/netserver.init b/package/netperf/files/netserver.init
index e5fe31a51..eea806a67 100644
--- a/package/netperf/files/netserver.init
+++ b/package/netperf/files/netserver.init
@@ -14,7 +14,7 @@ start)
netserver
;;
stop)
- killall netserver
+ pkill netserver
;;
restart)
sh $0 stop
diff --git a/package/nfs-utils/files/nfsd.init b/package/nfs-utils/files/nfsd.init
index af8a4b94a..9379d6a39 100644
--- a/package/nfs-utils/files/nfsd.init
+++ b/package/nfs-utils/files/nfsd.init
@@ -30,12 +30,12 @@ start)
fi
;;
stop)
- killall nfsd
- killall mountd
- killall statd
+ pkill nfsd
+ pkill mountd
+ pkill statd
if [ ${nfs_server_version} -eq 4 ];then
- killall idmapd
- killall svcgssd
+ pkill idmapd
+ pkill svcgssd
fi
;;
restart)
diff --git a/package/nut/files/upsd.init b/package/nut/files/upsd.init
index a65d1ad81..edd023eff 100644
--- a/package/nut/files/upsd.init
+++ b/package/nut/files/upsd.init
@@ -16,7 +16,7 @@ start)
/usr/sbin/upsd || exit 2
;;
stop)
- /usr/sbin/upsd -c stop || killall upsd
+ /usr/sbin/upsd -c stop || pkill upsd
/usr/bin/upsdrvctl stop
;;
restart)
diff --git a/package/opensips/files/opensips.init b/package/opensips/files/opensips.init
index 389bb7f64..3f60f8be6 100644
--- a/package/opensips/files/opensips.init
+++ b/package/opensips/files/opensips.init
@@ -14,7 +14,7 @@ start)
/usr/sbin/opensips
;;
stop)
- killall opensips
+ pkill opensips
;;
restart)
sh $0 stop
diff --git a/package/openvpn/files/openvpn.init b/package/openvpn/files/openvpn.init
index 4c147b4bd..9998742e2 100644
--- a/package/openvpn/files/openvpn.init
+++ b/package/openvpn/files/openvpn.init
@@ -16,7 +16,7 @@ start)
done
;;
stop)
- killall openvpn
+ pkill openvpn
;;
restart)
sh $0 stop
diff --git a/package/osiris/files/osirisd.init b/package/osiris/files/osirisd.init
index 6d6b4d443..1b1106967 100644
--- a/package/osiris/files/osirisd.init
+++ b/package/osiris/files/osirisd.init
@@ -15,7 +15,7 @@ start)
osirisd
;;
stop)
- killall osirisd
+ pkill osirisd
;;
restart)
sh $0 stop
diff --git a/package/p910nd/files/p910nd.init b/package/p910nd/files/p910nd.init
index 9d0c227a7..5107579bc 100644
--- a/package/p910nd/files/p910nd.init
+++ b/package/p910nd/files/p910nd.init
@@ -14,7 +14,7 @@ start)
p910nd $p910nd_flags
;;
stop)
- killall p910nd
+ pkill p910nd
;;
restart)
sh $0 stop
diff --git a/package/parprouted/files/parprouted.init b/package/parprouted/files/parprouted.init
index 98a901408..a0c82d1a1 100644
--- a/package/parprouted/files/parprouted.init
+++ b/package/parprouted/files/parprouted.init
@@ -14,7 +14,7 @@ start)
parprouted ${parprouted_flags}
;;
stop)
- killall parprouted
+ pkill parprouted
;;
restart)
sh $0 stop
diff --git a/package/php/files/php.init b/package/php/files/php.init
index 63a91d4c7..3d404ac79 100644
--- a/package/php/files/php.init
+++ b/package/php/files/php.init
@@ -16,7 +16,7 @@ start)
php ${php_flags} &
;;
stop)
- killall php
+ pkill php
;;
restart)
sh $0 stop
diff --git a/package/pmacct/files/nfacctd.init b/package/pmacct/files/nfacctd.init
index 3e768474d..911184d21 100644
--- a/package/pmacct/files/nfacctd.init
+++ b/package/pmacct/files/nfacctd.init
@@ -14,7 +14,7 @@ autostop) ;;
nfacctd $nfaccd_flags
;;
stop)
- killall nfacctd
+ pkill nfacctd
;;
restart)
sh $0 stop
diff --git a/package/pmacct/files/pmacctd.init b/package/pmacct/files/pmacctd.init
index 2e9a01dd1..5a44474c0 100644
--- a/package/pmacct/files/pmacctd.init
+++ b/package/pmacct/files/pmacctd.init
@@ -14,7 +14,7 @@ autostop) ;;
pmacctd $pmacctd_flags
;;
stop)
- killall pmacctd
+ pkill pmacctd
;;
restart)
sh $0 stop
diff --git a/package/pptpd/files/pptpd.init b/package/pptpd/files/pptpd.init
index f4f37613f..e26b1f072 100644
--- a/package/pptpd/files/pptpd.init
+++ b/package/pptpd/files/pptpd.init
@@ -14,7 +14,7 @@ start)
pptpd
;;
stop)
- killall pptpd
+ pkill pptpd
;;
restart)
sh $0 stop
diff --git a/package/radvd/files/radvd.init b/package/radvd/files/radvd.init
index c6722a29e..cfb4125bc 100644
--- a/package/radvd/files/radvd.init
+++ b/package/radvd/files/radvd.init
@@ -16,7 +16,7 @@ start)
;;
stop)
- killall radvd
+ pkill radvd
echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
;;
diff --git a/package/rarpd/files/rarpd.init b/package/rarpd/files/rarpd.init
index 7af906b46..2b8e0f876 100644
--- a/package/rarpd/files/rarpd.init
+++ b/package/rarpd/files/rarpd.init
@@ -14,7 +14,7 @@ start)
rarpd $rarpd_flags
;;
stop)
- killall rarpd
+ pkill rarpd
;;
restart)
sh $0 stop
diff --git a/package/reaim/files/reaim.init b/package/reaim/files/reaim.init
index 7450b7e08..71a1336b0 100644
--- a/package/reaim/files/reaim.init
+++ b/package/reaim/files/reaim.init
@@ -21,7 +21,7 @@ start)
reaim
;;
stop)
- killall reaim
+ pkill reaim
;;
restart)
sh $0 stop
diff --git a/package/rp-pppoe/files/pppoe-relay.init b/package/rp-pppoe/files/pppoe-relay.init
index 5998b5291..458a47eaf 100644
--- a/package/rp-pppoe/files/pppoe-relay.init
+++ b/package/rp-pppoe/files/pppoe-relay.init
@@ -14,7 +14,7 @@ start)
pppoe-relay $pppoe_relay_flags
;;
stop)
- killall pppoe-relay
+ pkill pppoe-relay
;;
restart)
sh $0 stop
diff --git a/package/rp-pppoe/files/pppoe-server.init b/package/rp-pppoe/files/pppoe-server.init
index f8c7c7fd5..b078110a0 100644
--- a/package/rp-pppoe/files/pppoe-server.init
+++ b/package/rp-pppoe/files/pppoe-server.init
@@ -14,7 +14,7 @@ start)
pppoe-server
;;
stop)
- killall pppoe-server
+ pkill pppoe-server
;;
restart)
sh $0 stop
diff --git a/package/rrdcollect/files/rrdcollect.init b/package/rrdcollect/files/rrdcollect.init
index 0f9d00ab1..5c83ae013 100644
--- a/package/rrdcollect/files/rrdcollect.init
+++ b/package/rrdcollect/files/rrdcollect.init
@@ -22,7 +22,7 @@ start)
rrdcollect
;;
stop)
- killall rrdcollect
+ pkill rrdcollect
;;
restart)
sh $0 stop
diff --git a/package/samba/files/samba.init b/package/samba/files/samba.init
index 862a63515..a8279e366 100644
--- a/package/samba/files/samba.init
+++ b/package/samba/files/samba.init
@@ -17,8 +17,8 @@ start)
smbd -D
;;
stop)
- killall nmbd
- killall smbd
+ pkill nmbd
+ pkill smbd
;;
restart)
sh $0 stop
diff --git a/package/scanlogd/files/scanlogd.init b/package/scanlogd/files/scanlogd.init
index cd4279e4c..696ee8d77 100644
--- a/package/scanlogd/files/scanlogd.init
+++ b/package/scanlogd/files/scanlogd.init
@@ -15,7 +15,7 @@ start)
scanlogd $scanlogd_flags
;;
stop)
- killall scanlogd
+ pkill scanlogd
;;
restart)
sh $0 stop
diff --git a/package/siproxd/files/siproxd.init b/package/siproxd/files/siproxd.init
index f29921f52..e186ec934 100644
--- a/package/siproxd/files/siproxd.init
+++ b/package/siproxd/files/siproxd.init
@@ -14,7 +14,7 @@ autostop) ;;
siproxd
;;
stop)
- killall siproxd
+ pkill siproxd
;;
restart)
sh $0 stop
diff --git a/package/snort-wireless/files/snort-wireless.init b/package/snort-wireless/files/snort-wireless.init
index 3d7376bbe..1a07d1be2 100644
--- a/package/snort-wireless/files/snort-wireless.init
+++ b/package/snort-wireless/files/snort-wireless.init
@@ -15,7 +15,7 @@ start)
snort ${snort_wireless_flags}
;;
stop)
- killall snort
+ pkill snort
;;
restart)
sh $0 stop
diff --git a/package/snort/files/snort.init b/package/snort/files/snort.init
index 6228cc13e..b426a9fe7 100644
--- a/package/snort/files/snort.init
+++ b/package/snort/files/snort.init
@@ -14,7 +14,7 @@ start)
snort $snort_flags
;;
stop)
- killall snort
+ pkill snort
;;
*)
echo "usage: $0 {start | stop | restart}"
diff --git a/package/squid/Config.in b/package/squid/Config.in
index c0cc8f818..c597986d8 100644
--- a/package/squid/Config.in
+++ b/package/squid/Config.in
@@ -4,6 +4,7 @@ config ADK_PACKAGE_SQUID
tristate
default n
select ADK_PACKAGE_LIBOPENSSL
+ select ADK_PACKAGE_LIBPTHREAD
help
Squid is a high-performance proxy caching server for web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
diff --git a/package/squid/Makefile b/package/squid/Makefile
index 80f97c032..cfc35061c 100644
--- a/package/squid/Makefile
+++ b/package/squid/Makefile
@@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk
PKG_NAME:= squid
PKG_VERSION:= 3.0.STABLE20
-PKG_RELEASE:= 1
+PKG_RELEASE:= 2
PKG_MD5SUM:= b69577cfc5cfb6808ec426e3a933220d
PKG_DESCR:= squid web and cache proxy
PKG_SECTION:= net
@@ -113,12 +113,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \
--enable-x-accelerator-vary \
--with-pthreads \
--with-dl \
- --enable-icmp \
--enable-kill-parent-hack \
--enable-arp-acl \
--enable-ssl \
- --disable-htcp \
- --disable-esi \
--enable-err-languages=English \
--enable-default-err-language=English \
--enable-linux-netfilter \
@@ -128,6 +125,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \
--enable-cache-digests \
--enable-referer-log \
--enable-delay-pools \
+ --disable-snmp \
+ --disable-esi \
+ --disable-htcp \
--disable-wccp \
--disable-wccpv2 \
--enable-useragent-log \
@@ -146,11 +146,14 @@ post-configure:
${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \
${WRKBUILD}/libtool
endif
+post-configure:
+ ${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \
+ ${WRKBUILD}/libtool
post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m}
${INSTALL_DIR} ${IDIR_SQUID}/etc/squid
- ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf \
- ${WRKINST}/etc/squid/squid.conf ${IDIR_SQUID}/etc/squid/
+ ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf ${IDIR_SQUID}/etc/squid/
+ ${INSTALL_DATA} ./files/squid.conf ${IDIR_SQUID}/etc/squid/
${INSTALL_DIR} ${IDIR_SQUID}/usr/share/squid
${CP} ${WRKINST}/usr/share/squid/* ${IDIR_SQUID}/usr/share/squid/
${INSTALL_DIR} ${IDIR_SQUID}/usr/sbin ${IDIR_SQUID}/usr/lib/squid
diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf
new file mode 100644
index 000000000..9e6571192
--- /dev/null
+++ b/package/squid/files/squid.conf
@@ -0,0 +1,16 @@
+visible_hostname linux
+# for transparent proxy use following
+# http_port 3128 transparent
+http_port 3128
+pid_filename /var/run/squid.pid
+# logging
+access_log syslog
+cache_store_log none
+cache_log /var/log/squid-cache.log
+# security
+cache_effective_user squid
+cache_effective_group squid
+# cache dir
+cache_dir ufs /var/squid/cache 10M 16 256
+# allow all
+http_access allow all
diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init
new file mode 100644
index 000000000..5fd8e4c13
--- /dev/null
+++ b/package/squid/files/squid.init
@@ -0,0 +1,37 @@
+#!/bin/sh
+#PKG squid
+#INIT 70
+
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+ test x"${squid:-NO}" = x"NO" && exit 0
+ exec sh $0 start
+ ;;
+start)
+ if [ ! -f /var/log/squid-cache.log ];then
+ touch /var/log/squid-cache.log
+ chown squid:squid /var/log/squid-cache.log
+ fi
+ if [ ! -d /var/squid/cache ];then
+ mkdir -p /var/squid/cache
+ chown squid:squid /var/squid/cache
+ squid -z
+ fi
+ squid
+ ;;
+stop)
+ squid -k kill
+ ;;
+restart)
+ sh $0 stop
+ sh $0 start
+ ;;
+
+*)
+ echo "usage: $0 {start | stop | restart}"
+ exit 1
+esac
+exit $?
diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst
new file mode 100644
index 000000000..6a08126c9
--- /dev/null
+++ b/package/squid/files/squid.postinst
@@ -0,0 +1,6 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/functions.sh
+gid=$(get_next_gid)
+add_user squid $(get_next_uid) $gid /var/squid/cache
+add_group squid $gid
+add_rcconf squid squid NO
diff --git a/package/srelay/files/srelay.init b/package/srelay/files/srelay.init
index 5cae3c161..d7aa908f5 100644
--- a/package/srelay/files/srelay.init
+++ b/package/srelay/files/srelay.init
@@ -15,7 +15,7 @@ start)
srelay ${srelay_flags}
;;
stop)
- killall srelay
+ pkill srelay
;;
restart)
sh $0 stop
diff --git a/package/subversion/files/svnserve.init b/package/subversion/files/svnserve.init
index a52fdb43a..1cfb1e0dd 100644
--- a/package/subversion/files/svnserve.init
+++ b/package/subversion/files/svnserve.init
@@ -25,7 +25,7 @@ start)
/usr/bin/svnserve -d -r $svnserve_path
;;
stop)
- killall svnserve
+ pkill svnserve
;;
restart)
sh $0 stop
diff --git a/package/syslog-ng/files/syslog-ng.init b/package/syslog-ng/files/syslog-ng.init
index a613e8e9b..2cc6ab8b6 100644
--- a/package/syslog-ng/files/syslog-ng.init
+++ b/package/syslog-ng/files/syslog-ng.init
@@ -18,7 +18,7 @@ start)
[ -x /usr/sbin/syslog-ng ] && /usr/sbin/syslog-ng
;;
stop)
- killall syslog-ng
+ pkill syslog-ng
;;
restart)
sh $0 stop
diff --git a/package/tinyproxy/Makefile b/package/tinyproxy/Makefile
index b359bbb75..5bf6a8af8 100644
--- a/package/tinyproxy/Makefile
+++ b/package/tinyproxy/Makefile
@@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk
PKG_NAME:= tinyproxy
PKG_VERSION:= 1.6.5
-PKG_RELEASE:= 1
+PKG_RELEASE:= 2
PKG_MD5SUM:= 2b2862ba33d2939e4572688d442ba415
PKG_DESCR:= Tinyproxy is a lightweight HTTP and HTTPS proxy.
PKG_SECTION:= net
@@ -37,9 +37,9 @@ post-install:
${INSTALL_DIR} ${IDIR_TINYPROXY}/usr/sbin \
${IDIR_TINYPROXY}/etc/tinyproxy \
${IDIR_TINYPROXY}/usr/share/tinyproxy
+ ${INSTALL_DATA} ./files/tinyproxy.conf ${IDIR_TINYPROXY}/etc/tinyproxy
${INSTALL_BIN} ${WRKINST}/usr/sbin/tinyproxy ${IDIR_TINYPROXY}/usr/sbin/
${INSTALL_DATA} ${WRKINST}/usr/share/tinyproxy/{debug,default,stats}.html ${IDIR_TINYPROXY}/usr/share/tinyproxy/
${INSTALL_DATA} ${WRKINST}/usr/share/tinyproxy/HTML_VARIABLES ${IDIR_TINYPROXY}/usr/share/tinyproxy/
- ${INSTALL_DATA} ${WRKINST}/etc/tinyproxy/tinyproxy.conf ${IDIR_TINYPROXY}/etc/tinyproxy/
include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/tinyproxy/files/tinyproxy.conf b/package/tinyproxy/files/tinyproxy.conf
new file mode 100644
index 000000000..6460a2c88
--- /dev/null
+++ b/package/tinyproxy/files/tinyproxy.conf
@@ -0,0 +1,228 @@
+##
+## tinyproxy.conf -- tinyproxy daemon configuration file
+##
+
+#
+# Name of the user the tinyproxy daemon should switch to after the port
+# has been bound.
+#
+User tinyproxy
+Group tinyproxy
+
+#
+# Port to listen on.
+#
+Port 8888
+
+#
+# If you have multiple interfaces this allows you to bind to only one. If
+# this is commented out, tinyproxy will bind to all interfaces present.
+#
+#Listen 192.168.0.1
+
+#
+# The Bind directive allows you to bind the outgoing connections to a
+# particular IP address.
+#
+#Bind 192.168.0.1
+
+#
+# Timeout: The number of seconds of inactivity a connection is allowed to
+# have before it closed by tinyproxy.
+#
+Timeout 600
+
+#
+# ErrorFile: Defines the HTML file to send when a given HTTP error
+# occurs. You will probably need to customize the location to your
+# particular install. The usual locations to check are:
+# /usr/local/share/tinyproxy
+# /usr/share/tinyproxy
+# /etc/tinyproxy
+#
+# ErrorFile 404 "/usr/share/tinyproxy/404.html"
+# ErrorFile 400 "/usr/share/tinyproxy/400.html"
+# ErrorFile 503 "/usr/share/tinyproxy/503.html"
+# ErrorFile 403 "/usr/share/tinyproxy/403.html"
+# ErrorFile 408 "/usr/share/tinyproxy/408.html"
+
+#
+# DefaultErrorFile: The HTML file that gets sent if there is no
+# HTML file defined with an ErrorFile keyword for the HTTP error
+# that has occured.
+#
+DefaultErrorFile "/usr/share/tinyproxy/default.html"
+
+#
+# StatFile: The HTML file that gets sent when a request is made
+# for the stathost. If this file doesn't exist a basic page is
+# hardcoded in tinyproxy.
+#
+StatFile "/usr/share/tinyproxy/stats.html"
+
+#
+# Where to log the information. Either LogFile or Syslog should be set,
+# but not both.
+#
+Logfile "/var/log/tinyproxy.log"
+# Syslog On
+
+#
+# Set the logging level. Allowed settings are:
+# Critical (least verbose)
+# Error
+# Warning
+# Notice
+# Connect (to log connections without Info's noise)
+# Info (most verbose)
+# The LogLevel logs from the set level and above. For example, if the LogLevel
+# was set to Warning, than all log messages from Warning to Critical would be
+# output, but Notice and below would be suppressed.
+#
+LogLevel Critical
+
+#
+# PidFile: Write the PID of the main tinyproxy thread to this file so it
+# can be used for signalling purposes.
+#
+PidFile "/var/run/tinyproxy.pid"
+
+#
+# Include the X-Tinyproxy header, which has the client's IP address when
+# connecting to the sites listed.
+#
+#XTinyproxy mydomain.com
+
+#
+# Turns on upstream proxy support.
+#
+# The upstream rules allow you to selectively route upstream connections
+# based on the host/domain of the site being accessed.
+#
+# For example:
+# # connection to test domain goes through testproxy
+# upstream testproxy:8008 ".test.domain.invalid"
+# upstream testproxy:8008 ".our_testbed.example.com"
+# upstream testproxy:8008 "192.168.128.0/255.255.254.0"
+#
+# # no upstream proxy for internal websites and unqualified hosts
+# no upstream ".internal.example.com"
+# no upstream "www.example.com"
+# no upstream "10.0.0.0/8"
+# no upstream "192.168.0.0/255.255.254.0"
+# no upstream "."
+#
+# # connection to these boxes go through their DMZ firewalls
+# upstream cust1_firewall:8008 "testbed_for_cust1"
+# upstream cust2_firewall:8008 "testbed_for_cust2"
+#
+# # default upstream is internet firewall
+# upstream firewall.internal.example.com:80
+#
+# The LAST matching rule wins the route decision. As you can see, you
+# can use a host, or a domain:
+# name matches host exactly
+# .name matches any host in domain "name"
+# . matches any host with no domain (in 'empty' domain)
+# IP/bits matches network/mask
+# IP/mask matches network/mask
+#
+#Upstream some.remote.proxy:port
+
+#
+# This is the absolute highest number of threads which will be created. In
+# other words, only MaxClients number of clients can be connected at the
+# same time.
+#
+MaxClients 100
+
+#
+# These settings set the upper and lower limit for the number of
+# spare servers which should be available. If the number of spare servers
+# falls below MinSpareServers then new ones will be created. If the number
+# of servers exceeds MaxSpareServers then the extras will be killed off.
+#
+MinSpareServers 5
+MaxSpareServers 20
+
+#
+# Number of servers to start initially.
+#
+StartServers 10
+
+#
+# MaxRequestsPerChild is the number of connections a thread will handle
+# before it is killed. In practise this should be set to 0, which disables
+# thread reaping. If you do notice problems with memory leakage, then set
+# this to something like 10000
+#
+MaxRequestsPerChild 0
+
+#
+# The following is the authorization controls. If there are any access
+# control keywords then the default action is to DENY. Otherwise, the
+# default action is ALLOW.
+#
+# Also the order of the controls are important. The incoming connections
+# are tested against the controls based on order.
+#
+Allow 127.0.0.1
+Allow 192.168.1.0/25
+
+#
+# The "Via" header is required by the HTTP RFC, but using the real host name
+# is a security concern. If the following directive is enabled, the string
+# supplied will be used as the host name in the Via header; otherwise, the
+# server's host name will be used.
+#
+ViaProxyName "tinyproxy"
+
+#
+# The location of the filter file.
+#
+#Filter "/etc/tinyproxy/filter"
+
+#
+# Filter based on URLs rather than domains.
+#
+#FilterURLs On
+
+#
+# Use POSIX Extended regular expressions rather than basic.
+#
+#FilterExtended On
+
+#
+# Use case sensitive regular expressions.
+#
+#FilterCaseSensitive On
+
+#
+# Change the default policy of the filtering system. If this directive is
+# commented out, or is set to "No" then the default policy is to allow
+# everything which is not specifically denied by the filter file.
+#
+# However, by setting this directive to "Yes" the default policy becomes to
+# deny everything which is _not_ specifically allowed by the filter file.
+#
+#FilterDefaultDeny Yes
+
+#
+# If an Anonymous keyword is present, then anonymous proxying is enabled.
+# The headers listed are allowed through, while all others are denied. If
+# no Anonymous keyword is present, then all header are allowed through.
+# You must include quotes around the headers.
+#
+#Anonymous "Host"
+#Anonymous "Authorization"
+
+#
+# This is a list of ports allowed by tinyproxy when the CONNECT method
+# is used. To disable the CONNECT method altogether, set the value to 0.
+# If no ConnectPort line is found, all ports are allowed (which is not
+# very secure.)
+#
+# The following two ports are used by SSL.
+#
+ConnectPort 443
+ConnectPort 563
diff --git a/package/tinyproxy/files/tinyproxy.init b/package/tinyproxy/files/tinyproxy.init
index 8cf6fbb6a..cdf86e049 100644
--- a/package/tinyproxy/files/tinyproxy.init
+++ b/package/tinyproxy/files/tinyproxy.init
@@ -14,7 +14,8 @@ start)
tinyproxy
;;
stop)
- killall tinyproxy
+ pkill tinyproxy
+ rm /var/run/tinyproxy.pid
;;
restart)
sh $0 stop
diff --git a/package/tinyproxy/files/tinyproxy.postinst b/package/tinyproxy/files/tinyproxy.postinst
index 4965f625d..903927e49 100644
--- a/package/tinyproxy/files/tinyproxy.postinst
+++ b/package/tinyproxy/files/tinyproxy.postinst
@@ -1,3 +1,6 @@
#!/bin/sh
. $IPKG_INSTROOT/etc/functions.sh
+gid=$(get_next_gid)
+add_user tinyproxy $(get_next_uid) $gid /etc/tinyproxy
+add_group tinyproxy $gid
add_rcconf tinyproxy tinyproxy NO
diff --git a/package/tor/files/tor.init b/package/tor/files/tor.init
index dd3759252..fcc8c144b 100644
--- a/package/tor/files/tor.init
+++ b/package/tor/files/tor.init
@@ -15,7 +15,7 @@ start)
tor
;;
stop)
- killall tor
+ pkill tor
;;
restart)
sh $0 stop
diff --git a/package/vrrpd/files/vrrpd.init b/package/vrrpd/files/vrrpd.init
index cbac88074..9e8170643 100644
--- a/package/vrrpd/files/vrrpd.init
+++ b/package/vrrpd/files/vrrpd.init
@@ -14,7 +14,7 @@ autostop) ;;
vrrpd $vrrpd_flags
;;
stop)
- killall vrrpd
+ pkill vrrpd
;;
restart)
sh $0 stop
diff --git a/package/vsftpd/files/vsftpd.init b/package/vsftpd/files/vsftpd.init
index 7d5e5cccb..7bc01c965 100644
--- a/package/vsftpd/files/vsftpd.init
+++ b/package/vsftpd/files/vsftpd.init
@@ -15,7 +15,7 @@ start)
vsftpd
;;
stop)
- killall vsftpd
+ pkill vsftpd
;;
restart)
sh $0 stop
diff --git a/package/watchdog/files/watchdog.init b/package/watchdog/files/watchdog.init
index c5be0f768..5c3351d6b 100644
--- a/package/watchdog/files/watchdog.init
+++ b/package/watchdog/files/watchdog.init
@@ -14,7 +14,7 @@ start)
/usr/sbin/watchdog
;;
stop)
- killall watchdog
+ pkill watchdog
;;
restart)
sh $0 stop
diff --git a/package/xinetd/files/xinetd.init b/package/xinetd/files/xinetd.init
index d0b8c0517..a7a7db8d5 100644
--- a/package/xinetd/files/xinetd.init
+++ b/package/xinetd/files/xinetd.init
@@ -14,7 +14,7 @@ start)
xinetd
;;
stop)
- killall xinetd
+ pkill xinetd
;;
restart)
sh $0 stop
diff --git a/scripts/install.sh b/scripts/install.sh
index 2be010c0b..44a261e67 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -132,8 +132,8 @@ if [ $($sfdisk -l $1 2>/dev/null|grep Empty|wc -l) -ne 4 ];then
fi
fi
-printf "Create partition and filesystem\n"
if [ $rb532 -ne 0 ];then
+ printf "Create partition and filesystem for rb532\n"
rootpart=${1}2
$parted -s $1 mklabel msdos
sleep 2
@@ -153,6 +153,7 @@ if [ $rb532 -ne 0 ];then
else
rootpart=${1}1
if [ $cfgfs -eq 0 ];then
+ printf "Create partition and filesystem without cfgfs\n"
$sfdisk $1 << EOF
,,L
;
@@ -162,6 +163,7 @@ y
EOF
$mke2fs ${rootpart}
else
+ printf "Create partition and filesystem with cfgfs\n"
$parted -s $1 mklabel msdos
sleep 2
maxsize=$(env LC_ALL=C $parted $1 -s unit cyl print |awk '/^Disk/ { print $3 }'|sed -e 's/cyl//')
@@ -182,7 +184,7 @@ else
fi
sleep 2
-$tune2fs -c 0 -i 0 ${rootpart} >/dev/null
+$tune2fs -c 0 -i 0 -m 1 ${rootpart} >/dev/null
if [ $? -eq 0 ];then
printf "Successfully disabled filesystem checks on ${rootpart}\n"
else
@@ -199,13 +201,14 @@ chmod 1777 $tmp/tmp
chmod 4755 $tmp/bin/busybox
if [ $rb532 -eq 0 ];then
+ printf "Installing GRUB bootloader\n"
mkdir -p $tmp/boot/grub
mount -o bind /dev $tmp/dev
chroot $tmp mount -t proc /proc /proc
chroot $tmp mount -t sysfs /sys /sys
cat << EOF > $tmp/boot/grub/grub.cfg
set default=0
-set timeout=5
+set timeout=1
serial --unit=0 --speed=115200
terminal_output serial
terminal_input serial
diff --git a/target/alix1c/Makefile b/target/alix1c/Makefile
index 93a7c6642..4278c90f9 100644
--- a/target/alix1c/Makefile
+++ b/target/alix1c/Makefile
@@ -13,7 +13,7 @@ kernel-install:
ifeq ($(FS),ext2-cf)
imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
@echo
- @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL),"
+ @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)"
@echo "To install everything to CompactFlash use scripts/install.sh"
@echo 'Login as user root with password linux123 via ssh or console'
endif
diff --git a/target/alix2d/Makefile b/target/alix2d/Makefile
index 93a7c6642..4278c90f9 100644
--- a/target/alix2d/Makefile
+++ b/target/alix2d/Makefile
@@ -13,7 +13,7 @@ kernel-install:
ifeq ($(FS),ext2-cf)
imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
@echo
- @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL),"
+ @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)"
@echo "To install everything to CompactFlash use scripts/install.sh"
@echo 'Login as user root with password linux123 via ssh or console'
endif
diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter
index a4dc9b7c7..fc3c2682f 100644
--- a/target/linux/config/Config.in.netfilter
+++ b/target/linux/config/Config.in.netfilter
@@ -8,6 +8,10 @@ config ADK_KERNEL_NETFILTER_ADVANCED
bool
default n
+config ADK_KERNEL_BRIDGE_NETFILTER
+ bool
+ default n
+
config ADK_KERNEL_NETFILTER_XTABLES
bool
select ADK_KERNEL_NETFILTER
@@ -397,7 +401,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG
config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
tristate 'REDIRECT target support'
- depends on ADK_KPACKAGE_KMOD_IP_NF_NAT
+ depends on ADK_KPACKAGE_KMOD_NF_NAT
help
REDIRECT is a special case of NAT: all incoming connections are
mapped onto the incoming interface's address, causing the packets to
@@ -406,7 +410,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
tristate 'NETMAP target support'
- depends on ADK_KPACKAGE_KMOD_IP_NF_NAT
+ depends on ADK_KPACKAGE_KMOD_NF_NAT
help
NETMAP is an implementation of static 1:1 NAT mapping of network
addresses. It maps the network address part, while keeping the host
@@ -415,14 +419,14 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
config ADK_KPACKAGE_KMOD_IP_NF_TARGET_SAME
tristate 'SAME target support'
- depends on ADK_KPACKAGE_KMOD_IP_NF_NAT
+ depends on ADK_KPACKAGE_KMOD_NF_NAT
help
This option adds a `SAME' target, which works like the standard SNAT
target, but attempts to give clients the same IP for all connections.
config ADK_KPACKAGE_KMOD_IP_NF_MANGLE
tristate 'Packet mangling'
- depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
+ depends on ADK_KPACKAGE_KMOD_NF_NAT
help
This option adds a `mangle' table to iptables: see the man page for
iptables(8). This table is used for various packet alterations
@@ -441,4 +445,239 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN
ECN support in general.
endmenu
+
+menu "Ethernet bridge firewalling"
+
+config ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ tristate 'Ethernet Bridge tables (ebtables) support'
+ select ADK_KERNEL_BRIDGE_NETFILTER
+ help
+ ebtables is a general, extensible frame/packet identification
+ framework. Say 'Y' or 'M' here if you want to do Ethernet
+ filtering/NAT/brouting on the Ethernet bridge.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_BROUTE
+ tristate "ebt: broute table support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ The ebtables broute table is used to define rules that decide between
+ bridging and routing frames, giving Linux the functionality of a
+ brouter. See the man page for ebtables(8) and examples on the ebtables
+ website.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_FILTER
+ tristate "ebt: filter table support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ The ebtables filter table is used to define frame filtering rules at
+ local input, forwarding and local output. See the man page for
+ ebtables(8).
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_NAT
+ tristate "ebt: nat table support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ The ebtables nat table is used to define rules that alter the MAC
+ source address (MAC SNAT) or the MAC destination address (MAC DNAT).
+ See the man page for ebtables(8).
+
+ To compile it as a module, choose M here. If unsure, say N.
+#
+# matches
+#
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_802_3
+ tristate "ebt: 802.3 filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds matching support for 802.3 Ethernet frames.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_AMONG
+ tristate "ebt: among filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the among match, which allows matching the MAC source
+ and/or destination address on a list of addresses. Optionally,
+ MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARP
+ tristate "ebt: ARP filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the ARP match, which allows ARP and RARP header field
+ filtering.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP
+ tristate "ebt: IP filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the IP match, which allows basic IP header field
+ filtering.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP6
+ tristate "ebt: IP6 filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES && ADK_KPACKAGE_KMOD_IPV6
+ help
+ This option adds the IP6 match, which allows basic IPV6 header field
+ filtering.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LIMIT
+ tristate "ebt: limit match support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the limit match, which allows you to control
+ the rate at which a rule can be matched. This match is the
+ equivalent of the iptables limit match.
+
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK
+ tristate "ebt: mark filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the mark match, which allows matching frames based on
+ the 'nfmark' value in the frame. This can be set by the mark target.
+ This value is the same as the one used in the iptables mark match and
+ target.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_PKTTYPE
+ tristate "ebt: packet type filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the packet type match, which allows matching on the
+ type of packet based on its Ethernet "class" (as determined by
+ the generic networking code): broadcast, multicast,
+ for this host alone or for another host.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_STP
+ tristate "ebt: STP filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the Spanning Tree Protocol match, which
+ allows STP header field filtering.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_VLAN
+ tristate "ebt: 802.1Q VLAN filter support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the 802.1Q vlan match, which allows the filtering of
+ 802.1Q vlan fields.
+
+ To compile it as a module, choose M here. If unsure, say N.
+#
+# targets
+#
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARPREPLY
+ tristate "ebt: arp reply target support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the arp reply target, which allows
+ automatically sending arp replies to arp requests.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_DNAT
+ tristate "ebt: dnat target support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the MAC DNAT target, which allows altering the MAC
+ destination address of frames.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK_T
+ tristate "ebt: mark target support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the mark target, which allows marking frames by
+ setting the 'nfmark' value in the frame.
+ This value is the same as the one used in the iptables mark match and
+ target.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_REDIRECT
+ tristate "ebt: redirect target support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the MAC redirect target, which allows altering the MAC
+ destination address of a frame to that of the device it arrived on.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_SNAT
+ tristate "ebt: snat target support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the MAC SNAT target, which allows altering the MAC
+ source address of frames.
+
+ To compile it as a module, choose M here. If unsure, say N.
+#
+# watchers
+#
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LOG
+ tristate "ebt: log support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option adds the log watcher, that you can use in any rule
+ in any ebtables table. It records info about the frame header
+ to the syslog.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ULOG
+ tristate "ebt: ulog support (OBSOLETE)"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option enables the old bridge-specific "ebt_ulog" implementation
+ which has been obsoleted by the new "nfnetlink_log" code (see
+ CONFIG_NETFILTER_NETLINK_LOG).
+
+ This option adds the ulog watcher, that you can use in any rule
+ in any ebtables table. The packet is passed to a userspace
+ logging daemon using netlink multicast sockets. This differs
+ from the log watcher in the sense that the complete packet is
+ sent to userspace instead of a descriptive text and that
+ netlink multicast sockets are used instead of the syslog.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config ADK_KPACKAGE_KMOD_BRIDGE_EBT_NFLOG
+ tristate "ebt: nflog support"
+ depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
+ help
+ This option enables the nflog watcher, which allows to LOG
+ messages through the netfilter logging API, which can use
+ either the old LOG target, the old ULOG target or nfnetlink_log
+ as backend.
+
+ This option adds the nflog watcher, that you can use in any rule
+ in any ebtables table.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+
+endmenu
+
endmenu