* Tue Oct 28 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.3.1-31.sme

- Update the references in Createlinks to smeserver-*-update [SME: 13249] thanks to Zsolt Vasarhelyi
Update the references in Createlinks to smeserver-*-update SME: 13249
2025-10-28 14:21:08 -04:00 · 2025-10-28 16:03:35 +02:00 · 2025-10-22 13:46:41 +02:00
3 changed files with 82 additions and 79 deletions
--- a/2
+++ b/2
@@ -37,7 +37,7 @@ for my $event (qw(xt_geoip-update bootstrap-console-save
 {
    event_link("smeserver-xt_geoip-download-action", $event, "10");
 }
-for my $event (qw(bootstrap-console-save e-smith-packetfilter-update
+for my $event (qw(bootstrap-console-save smeserver-packetfilter-update
        smeserver-xt_geoip-update remoteaccess-update))
 {
    event_link("xt_geoip_kmod", $event, "15");
--- a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
+++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
@@ -1,9 +1,9 @@
 {
    my $BC = $masq{BadCountries} || '';
-    my $GP = $masq{GeoIP} || 'disabled';
+    my $GP = $masq{GeoIP}        || 'disabled';
    my $KERNEL = `/bin/uname -r`;
    chomp($KERNEL);
-    my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
+    my $PATH_MODULE  = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
    my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko";
    my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko";
    my $port;
@@ -11,8 +11,8 @@
    my $servStatus;
    my $locBC;

-   # to allow reload  without locking  just after initial  install   
-   $OUT .=<<'EOF';
+    # to allow reload  without locking  just after initial  install
+    $OUT .= <<'EOF';
   iptables -n --list XTGeoIP >/dev/null 2>&1
   test=$?
   if [[ $test -eq 1 ]] ; then
@@ -26,96 +26,91 @@
 EOF

    # Find the current XTGeoIP_$$ chain, and create a new one.
-    $OUT .=<<'EOF';
+    $OUT .= <<'EOF';
    OLD_XTGeoIP=$(get_safe_id XTGeoIP filter find)
    NEW_XTGeoIP=$(get_safe_id XTGeoIP filter new)
    /sbin/iptables --new-chain $NEW_XTGeoIP
 EOF

-    if ( $GP eq 'enabled' )
-    {
-        if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE)
-        {
+    if ($GP eq 'enabled') {
+        if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE) {

-    # do not block Localhost(s)
-    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s 127.0.0.0/24 -j RETURN\n";
+            # do not block Localhost(s)
+            $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s 127.0.0.0/24 -j RETURN\n";

-    # do not block LAN
-    my $locals = "@locals";
-    if (@locals)
-    {
-        # Make a new local_chk chain and add any networks found in networks db
-        foreach my $local (@locals)
-        {
-            # If the network is a remote vpn subnet, restrict it to the ipsec0
-            # interface.
-            my ($net, $msk) = split /\//, $local;
-            my $netrec = $nets->get($net);
-            die "Can't find network $net in networks db!\n" unless $netrec;
-            $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s $local";
-            if (($netrec->prop('remoteVPNSubnet') || 'no') eq 'yes')
-            {
-                $OUT .= " --in-interface ipsec0";
-            }
-            $OUT .= " -j RETURN\n";
-        }
-    }
+            # do not block LAN
+            my $locals = "@locals";

-    # [SME: 12445] do not block Remote authorized access
-    # TO DO : allow pin point per service eg this UK ip/network even if UK is filtered
+            if (@locals) {

-    (($masq{XTAcceptValidRemoteHosts} || 'enabled') eq 'enabled'){
-        foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){
-          my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_");
-          $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s $ip/$bits -j RETURN\n" unless "$ip" eq '0.0.0.0';
-        }
-    } 
+                # Make a new local_chk chain and add any networks found in networks db
+                foreach my $local (@locals) {

-	my @services = split(/,/, $masq{'XtServices'});
-	
-	foreach my $servName (@services) 
-	{
-    	    $port = ${$servName}{'TCPPort'} || '';
-    	    my $servStatus = ${$servName}{'status'} || 'disabled';
-    	    my $servAccess = ${$servName}{'access'} || 'private';
-    	    my $locBC = ${$servName}{'BadCountries'} || '';
-            my $reverse = ( ( ${$servName}{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!":  "";
-    	    if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
-                push  @locPorts, $port;
-		my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport";
-                $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j NFLOG --nflog-prefix \"GeoIP BAN: $servName\"\n";
-                $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n";
-    	    }
-	}
+                    # If the network is a remote vpn subnet, restrict it to the ipsec0
+                    # interface.
+                    my ($net, $msk) = split /\//, $local;
+                    my $netrec = $nets->get($net);
+                    die "Can't find network $net in networks db!\n" unless $netrec;
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s $local";

-   # block for all or other ports should move there
-   if ($BC ne '') {
-	            my $reverse = ( ( $masq{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!":  "";
-        	    my $others = ( ( $masq{'XTGeoipOther'}  || 'disabled') eq "enabled") ? 1 : 0;
-        	    @locPorts = () unless $others;
-            	    if (@locPorts != 0) {
-            		my $LocPorts = join ',', @locPorts;
-                        $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: OTHER\"\n";
-                        $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts  $reverse --src-cc $BC -j DROP\n";
-		    } else {
-                        $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: ALL\"\n";
-                        $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j DROP\n";
-            	    }
+                    if (($netrec->prop('remoteVPNSubnet') || 'no') eq 'yes') {
+                        $OUT .= " --in-interface ipsec0";
+                    }
+                    $OUT .= " -j RETURN\n";
+                } ## end foreach my $local (@locals)
+            } ## end if (@locals)
+
+            # [SME: 12445] do not block Remote authorized access
+            # TO DO : allow pin point per service eg this UK ip/network even if UK is filtered
+            if (($masq{XTAcceptValidRemoteHosts} || 'enabled') eq 'enabled') {
+                foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')) {
+                    my ($ip, $bits) = Net::IPv4Addr::ipv4_parse("$_");
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -s $ip/$bits -j RETURN\n" unless "$ip" eq '0.0.0.0';
                }
-                $OUT .= "    /sbin/iptables --append  \$NEW_XTGeoIP" .
-                " -j RETURN\n";
+            } ## end if (($masq{XTAcceptValidRemoteHosts...}))
+
+            my @services = split(/,/, $masq{'XtServices'});
+
+            foreach my $servName (@services) {
+                $port = ${$servName}{'TCPPort'} || '';
+                my $servStatus = ${$servName}{'status'}       || 'disabled';
+                my $servAccess = ${$servName}{'access'}       || 'private';
+                my $locBC      = ${$servName}{'BadCountries'} || '';
+                my $reverse = ((${$servName}{'XTGeoipRev'} || 'disabled') eq "enabled") ? "!" : "";
+
+                if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
+                    push @locPorts, $port;
+                    my $multi = ($port =~ /[,:]/) ? "-m multiport --dports" : "--dport";
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j NFLOG --nflog-prefix \"GeoIP BAN: $servName\"\n";
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n";
+                } ## end if ($port ne '' and $servStatus...)
+            } ## end foreach my $servName (@services)
+
+            # block for all or other ports should move there
+            if ($BC ne '') {
+                my $reverse = (($masq{'XTGeoipRev'}   || 'disabled') eq "enabled") ? "!" : "";
+                my $others  = (($masq{'XTGeoipOther'} || 'disabled') eq "enabled") ? 1   : 0;
+                @locPorts = () unless $others;
+
+                if (@locPorts != 0) {
+                    my $LocPorts = join ',', @locPorts;
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: OTHER\"\n";
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts  $reverse --src-cc $BC -j DROP\n";
+                } else {
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: ALL\"\n";
+                    $OUT .= "    /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j DROP\n";
+                }
+            } ## end if ($BC ne '')
+            $OUT .= "    /sbin/iptables --append  \$NEW_XTGeoIP" . " -j RETURN\n";
            ## end of add
-
-        }
-    }
-
+        } ## end if (-s $PATH_MODULE ||...)
+    } ## end if ($GP eq 'enabled')

    # Having created a new XTGeoIP chain, activate it and destroy the old.
-    $OUT .=<<'EOF';
+    $OUT .= <<'EOF';
    /sbin/iptables --replace XTGeoIP 1 \
            --jump $NEW_XTGeoIP
    /sbin/iptables --flush $OLD_XTGeoIP
    /sbin/iptables --delete-chain $OLD_XTGeoIP
 EOF
-
 }
--- a/smeserver-xt_geoip.spec
+++ b/smeserver-xt_geoip.spec
@@ -1,6 +1,6 @@
 %define name smeserver-xt_geoip
 %define version 1.3.1
-%define release 29
+%define release 31

 Summary: smserver rpm to setup database, update and configuration for xt_geoip module with a panel.
 Name: %{name}
@@ -78,7 +78,15 @@ rm -rf %{name}-%{version}


 %changelog
-* Tue Oct 21 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 1.3.1-29.sme 
+* Tue Oct 28 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.3.1-31.sme
+- Update the references in Createlinks to smeserver-*-update [SME: 13249]
+  thanks to Zsolt Vasarhelyi
+
+* Wed Oct 22 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 1.3.1-30.sme
+- Fix error in patch for [SME: 12445]
+- Tidy template
+
+* Tue Oct 21 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 1.3.1-29.sme
 - Fix SmartMatch errors [SME: 13240]
 - Fix panel errors [SME: 13173]
 - Do not block remote access authorized [SME: 12445]
Author	SHA1	Message	Date
Jean-Philippe Pialasse	14aa2d8fda	* Tue Oct 28 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.3.1-31.sme - Update the references in Createlinks to smeserver-*-update [SME: 13249] thanks to Zsolt Vasarhelyi	2025-10-28 14:21:08 -04:00
Zsolt Vasarhelyi	a570a47f5a	Update the references in Createlinks to smeserver-*-update SME: 13249	2025-10-28 16:03:35 +02:00
John Crisp	daa56b9cc5	xt_geoip 1.3.1-30.sme Fix syntax in masq template for [SME: 12445]	2025-10-22 13:46:41 +02:00