Posted by hans2 on Feb 09, 2016; 8:55pm
URL: https://itus.accessinnov.com/Hotfix-160210-tp8.html

i've received this hotfix on Jan 9th from Jabari. Not 100% sure if this works for everybody as we were working on a bridge issue. My recommendation would be to make a backup first (double check that the mentioned files are included in the backup list)

File: hotfix_160210.tgz

Installation Instructions
1) secure copy hotfix_160210.tgz to the root directory of the Shield
2) tar -zxvf hotfix_160210.tgz
3) reboot -f

Here are some notes regarding all the changes in the hotfix:
############################################################
Changes on/before 160109 by ITUS:
1) ituswebfilter.sh - Fix for increment into the broadcast address.

2) itus-setup.sh -  
- bridge mode users cannot replace the x.x.x.111 address in the web UI. If a static IP address is assigned to br-lan it will add the address to the interface, but will not remove x.x.x.111. The user ends up with multiple address on the interface.  
- added a line to setup a DNS server to the static interface because I notice /tmp/resolve.conf.auto didn't have a dns server.

3) log-gen.sh -  updated /etc/itus/lists/log-gen.sh to generate logs with blocked domains and changed the format to be more readable. 

4) dhcp - Removed the DHCP server options from the lan interface

5) /etc/init.d/snort - Ensure eth0 and eth2 are in promiscuous mode.
        - Added ifconfig eth0 up promisc
        - Added ifconfig eth2 up promisc
        
 6) /etc/itus/factory_reset.sh
       - Removed umount -a from them beginning of the file because it makes the entire file system read-only and the following commands in the script cannot successfully execute.

7) /etc/rc.local
       - Removed the first 5 or 6 lines of code that copies the /etc/config/network.br to /etc/config/network and /etc/init.d/snort.br to /etc/init.d/snort
       - This prevents the system from reverting back to the default settings between reboots.

8) /etc/config/network
       - This is the default networking file for bridge mode and no changes were made. I added it to ensure itus-setup.sh and ituswebfilter would run correctly on the first run.

9) /etc/snort/snort_bridge.conf
      - Setup whitelist and blacklist for snort but the settings are commented out by default. Users can uncomment the lines, add an ip address to the whitelist or blacklist, and restart snort.
       - Setup blacklisting - I discovered snort has a blacklist of ip addresses in /etc/snort/rules that we aren't using.
       - Setup whitelisting - Snort will not process the rules for packets destined for ip addresses in the whitelist. This would be a good work around for     the PS4.

10) /etc/snort/rules/L2.whitelist
       - Users can add ip addresses to the whitelist

Changes on/before 160210 by HANS
11) Hans: solved the ownership of the files - no longer need to chown root.root of these files.

############################################################