Start the wireguard peer handshake logging in wireguard init script
through lightweight kernel bpf trampoline fentry tracing on wireguard
kernel function.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 6424fa8757a3a8fd8fde1be6935a1984abe8fdb2 (HEAD -> loongfire-port, origin/loongfire-port)
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Nov 7 19:17:59 2025 -0800
wg_handshake: log wireguard handshake message
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit fa10708e3c87519f8e9c85cdff7a2bdd80dbd699 (HEAD -> main)
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 24 20:58:18 2025 -0700
tc-basic-classifier: allow port range for classification
Improve user space class_filter to add port range like:
./class_filter -i red0 --add-port "8080-8082:10:40mbit"
or
./class_filter -i red0 --add-port "8083:20:60mbit"
each port will still be added as individual entry in port map, so no
code change required in bpf side.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 5852f6184e3d129667df01011c4ecdf6df994266
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Wed Oct 22 19:41:05 2025 -0700
tc-basic-classifier: make tcp and udp port classification
make port classification for both UDP and TCP.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 0bda902c82c755bda1d5ba40d1404051de4e9102
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue Oct 21 19:28:15 2025 -0700
tc-basic-classifier: fix IP endiness and classification on red0
the IP in user space is stored in host order but bpf program IP lookup
by network order. also tested IP classification green0 not working. so
should do destination IP classification on red0 interface, and the
destination IP is going to be Internet destination IP addresses. need to
figure out how to do IP based classification on LAN/green0 network IPs
if required.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit ced17feca631f6963a2439f41ef09a7db048f316 (HEAD -> main)
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Oct 20 21:28:17 2025 -0700
tc-basic-classifier: fix tcp port Endianess bug by AI
AI generated class_filter program stored the tcp port in network order,
but in bpf program the tcp port is converted to host order, and result in
tcp port lookup failure, unable to get the correct classid, fail to do rate
classification.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit a18fe4be0374ab1efb21c1228a5c5790ded7636e
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Oct 20 19:15:34 2025 -0700
tc-basic-classifier: classify port and IP from bpf map
add port and IP rate classification based on bpf map so user could
add or remove port/IP rate classification dynamically at run time
since TC class works on egress direction, so port rate classification
works on red0 egress, and IP rate classification works on green0 egress
port rate classification:
class_filter -a -b ./class_filter.bpf.o -i red0 -v
class_filter -i red0 --add-port 8080:10:80mbit
class_filter -i red0 --add-port 8081:20:40mbit
class_filter -i red0 --delete-port 8080
class_filter -i red0 --list-ports
IP rate classification:
class_filter -a -b ./class_filter.bpf.o -i green0 -v
class_filter -i red0 --add-ip 192.168.1.0/24:40:30mbit
class_filter -i red0 --delete-ip 192.168.1.0/24
class_filter -i red0 --list-ips
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 12280ef22ae49f75eda047144ed3e9dc0f73e04a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 19:45:07 2025 -0700
tc-basic-classifier: add user space program
the bpf skel header is generated only if USER_TARGETS
is added in Makefile, so add a dummy user space program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit fe5cc1814af4c995f61ec08708110deef7a65c45
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 19:28:45 2025 -0700
xdp-tools: rebase on upstream xdp-tools main branch
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 7dee7fd954c06a3c58bedbb5561b9ee65c3f749f
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 18:39:59 2025 -0700
tc-basic-classifier: rename the class filter
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 0b946b848c72511922fa211b6a4db0da092d204c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 16:37:27 2025 +0200
ddns.cgi: Escape the variables when they are being sent back to the browser
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 67db35c8a536b54d169336269853aaa6eae85ab5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:44 2025 +0200
ddns.cgi: Fixes bug 13884
Fixes: bug 13884 - ddns.cgi LOGIN PASSWORD SERVICE Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
sync IPFire fwhosts.cgi
commit 2398cc431a3fb2cd4141b6a846f0cd0742f6a97c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:05:32 2025 +0200
fwhosts.cgi: Escape PROT in the right place
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ad995081302f6b28ea11c74e56306d94a7bee076
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:02:18 2025 +0200
fwhosts.cgi: Check country code before proceeding
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a2c624b99dbcecb469e6001505731049ef5cbbd3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:37 2025 +0200
fwhosts.cgi Fix for bug 13876 & bug 13877
Fixes: Bug 13876 savelocationgrp COUNTRY_CODE Stored Cross-Site Scripting
Fixes: Bug 13877 saveservice PROT Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 798556ec29207d5131a7600d5489f1ee92a7b87a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:57 2025 +0000
fwhosts.cgi: Move the tooltip into the usage counter
This will clutter the page less as we don't have any good icon sets.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 61b277aa9c578a9a69e552f593a8bde421b811bc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:56 2025 +0000
fwhosts.cgi: Don't show anything if a host/group is unused
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ca811a746a79f0e02cfb780cbd4543a057131e3a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Jun 23 17:16:55 2025 +0000
fwhosts.cgi: Remove whitespace issues
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5511d94ed0d8ea6fd372d52cba515b4d6726abed
Author: Peer Dietzmann <dietzmann@brecht-schule.hamburg>
Date: Mon Jun 23 17:16:54 2025 +0000
fwhosts.cgi: Show in which firewall rule objects are being used
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 341eb00a821c4254ddd04968beed2e98e5a33aff
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat May 3 15:10:16 2025 +0200
fwhosts.cgi: Correctly show IP addresses for WireGuard RW peers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 61f447ff341d2f7720fb6c5b483cc9fb063e869c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:07:36 2025 +0200
ids.cgi: Escape the remark before sending it back to the browser
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f0015fefe6d2523c5bb9818fa6aeeb064f6e45db
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:38 2025 +0200
ids.cgi: Fixes bug 13878
Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit a461fd70445aec9dfa34bf9c5a29a85e0ad0e2fe
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat May 10 12:30:56 2025 +0200
chpasswd.cgi: Fixes bug12755 - v3 with password verification correction
- v3 version based on feedback from @Michael to use the status value returned from
using the htpasswd command.
- Also simplified the whole section to carry out the change if the status is 0, ie all
went well, otherwise give an error but without identifying if the error is in the
username or the password. This makes it more secure as any attacker only knows it
failed and doesn't know if any part of the authentication was correct or not.
- Changed the error messages in line with this so the language file changes are in the
other part of this patch set submission.
- Tested out on my vm test bed and worked fine. If the username was incorrect or the
password was incorrect or both were incorrect the same error message is given. If
both are correct then the update is carried out.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9c0dab3d3ca807e836823253aced80a14bc1970a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 7 09:06:12 2025 +0000
chpasswd.cgi: Add missing $
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4c39e38f90fea60ef62e07267fd84f1b89de0297
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:11 2025 +0200
chpasswd.cgi: Make swroot refs the same as for other cgi files
- This uses the swroot definition from general-functions.pl and makes the definition
the same as used in the majority of other IPFire cgi files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c1549ff7a9c8e3f9f17a29a6b169fce175fea42
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:09 2025 +0200
chpasswd.cgi: Fixes bug12755 - proxy auth password problem longer than 8 chars
- The existing version of the perl module Apache::Htpasswd was using the crypt hash for
the password hashing, which is very insecure. The only alternative with this module
is the md5 and sha1 hashes which are also considered weak now.
- The module was last updated in Nov 2012 and there is no alternative module available.
- This patch replaces that perl module with using the apache htpasswd program. This can
be set to use the bcrypt hash which is considered secure. This is used for the
generation of the root and admin passwords during the IPFire install.
- Tested out on my vm testbed system and the password for a specific user name was
changed successfully without any restriction to the length of the password.
- Existing passwords with the existing md5 or crypt options will still work as htpasswd
can manage different encoding hashes in the one file.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit f7c4f7d2968be6c9b786b7f7e46fdb8ac96c8104
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:32:51 2025 +0200
proxy.cgi: Escape parameters in the right place
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e22ecef885c34462565ae20020a32a27d0585dc3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:52 2025 +0200
proxy.cgi: Further fix for bug 13893
- Previous patch for proxy.cgi was related to the mitigation provided by the bug reporter
for the parameter VISIBLE_HOSTNAME. This parameter however was not mentioned in the
description for that bug.
- bug 13893 description mentions TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD,
ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD but it mentions them as being from dns.cgi
which is incorrect except for TLS_HOSTNAME.
- The other parameters are from proxy.cgi but no mitigation was shown for those in the
bug report.
- This patch adds fixes for the parameters UPSTREAM_USER, UPSTREAM_PASSWORD,
ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD
Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4cf0694e55305e368c4ca28da2db7481c8f08c5a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:51 2025 +0200
proxy.cgi: Fixes bug 13893
Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a63c51da8ea03896c3340960821fbacece58f861
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:10 2025 +0200
proxy.cgi: Fixes bug12755 - proxy auth problem with password longer than 8 chars
- This makes the proxy local password management the same between chpasswd.cgi and
proxy.cgi
- Tested out on my vm testbed and was able to create and modify users and their passwords
in the proxy.cgi page or modify a password for a specified user on the chpasswd.cgi
page. This all happened successfully and was confirmed by testing out the local
authentication.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit f34349dd754c6cdb29058b603028a7155ebfa830
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Oct 2 13:10:14 2025 +0200
dns.cgi: Fix for XSS potential
- Related to CVE-2025-50976
- Fixes NAMESERVER & REMARK
- TLS_HOSTNAME was already fixed in a previous patch
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit db042629c0cae5b78eeddb8a9db8783c557138b0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 17:29:35 2025 +0200
dns.cgi: Validate the TLS hostname irregardless of TLS being used
That way, we won't have to perform escaping later on and can rely on
having a valid value.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 98616a36c00b7fc845995c5cc4d8e301e58a20a7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:50 2025 +0200
dns.cgi: Fixes bug 13892
Fixes: bug 13892 - dns.cgi TLS_HOSTNAME Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 21539d63dfcb15f186309b3107f63d455e4008ea
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Oct 2 13:10:15 2025 +0200
firewall.cgi: Fixes XSS potential
- Related to CVE-2025-50975
- Fixes PROT
- ruleremark was already escaped when firewall.cgi was initially merged back in Core
Update 77.
- SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as
ports or port ranges.
- std_net_tgt is a string defined in the code and not a variable
- The variable key ignores any input that is not a digit and subsequently uses the next
free rulenumber digit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit c2eba600d753df95a81707f7da0ab172ed864ab0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Sep 20 14:02:01 2025 +0000
arpwatch: Fix the envelope sender
arpwatch invokes sendmail without passing the envelope sender
explicitely. This causes that mails can get rejected if the From: header
does not match the envelope sender.
This patch passes the correct address as the envelope sender.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
this is initial kdump and kdump scripts, it looks when run kdump-config
load the first time, the kdump kernel can be loaded, and test crash dump
with echo c > /proc/sysrq-trigger result in system hang forever, then
had to power reset. after power reset, kdump-config load could no longer
load the kdump kernel, errors out with:
[root@bpfire-3 crash]# kdump-config load
cp: cannot stat '/etc/kdump/sysctl.conf': No such file or directory
Creating symlink /var/lib/kdump/vmlinuz.
ln: failed to create symbolic link '/var/lib/kdump/vmlinuz': No such file or directory
Unable to locate kernel hook ... failed!
Can't find kernel text map area from kcore
Cannot load /boot/vmlinuz-6.15.6-ipfire
failed to load kdump kernel ... failed!
so kdump is not working properly, but add the kdump scripts anyway, the
issue can be investigated later in future.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
makedumpfile build by default in BPFire use static libdw.a, libelf.a but
libdw.a, libelf.a are not build with zstd which makdedumpfile static
build requires, so build makedumpfile dynamically, see [0].
[0]: https://github.com/vincentmli/bpfire/issues/109
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 68a3334413efb1a963b7cc6c6dca1ec0126e1cc1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Jul 18 08:42:12 2025 +0000
wireguard-functions.pl: Automatically skip IPv6 subnets
Since we do not support this and some VPN providers generate
configuration files that send any data over to them, we simply ignore
any IPv6 subnets.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f7565a885b55384a64edd8bd73079143a04da519
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Jul 18 09:57:34 2025 +0000
wireguard-functions.pl: Remove any carriage returns on import
Some files might include carriage returns which won't be removed by
chomp() on Linux. To be extra safe, we remove them manually.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Choose one IP from client pool and add it to road warrior interface
wg0 so road warrior VPN client could reach firewall through the VPN
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
6.15.6 include:
From 06a34f7db773e01efa8a90c5b4d912207a80dd60 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Sun, 17 Nov 2024 22:20:30 +0100
Subject: [PATCH] wireguard: device: support big tcp GSO
Advertise GSO_MAX_SIZE as TSO max size in order support BIG TCP for wireguard.
This helps to improve wireguard performance a bit when enabled as it allows
wireguard to aggregate larger skbs in wg_packet_consume_data_done() via
napi_gro_receive(), but also allows the stack to build larger skbs on xmit
where the driver then segments them before encryption inside wg_xmit().
We've seen a 15% improvement in TCP stream performance.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20241117212030.629159-5-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
drivers/net/wireguard/device.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c
index a2ba71fbbed46..6cf173a008e78 100644
--- a/drivers/net/wireguard/device.c
+++ b/drivers/net/wireguard/device.c
@@ -302,6 +302,8 @@ static void wg_setup(struct net_device *dev)
/* We need to keep the dst around in case of icmp replies. */
netif_keep_dst(dev);
+ netif_set_tso_max_size(dev, GSO_MAX_SIZE);
+
wg->dev = dev;
}
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 0ee4f61deaf50b5c091d94afbedd5615c002cfae
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Jun 25 15:22:32 2025 +0100
firewall.cgi: Remove some left-over debugging code
This code prevented that any firewall rules could have been created due
to the WUI always assuming that there would be some error.
Fixes: #13860 - Error message when creating a firewall rule with a subnet for src
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
ipfire has changed theme css style and wireguard.cgi relies
on the new css style, replace the bpfire css style with ipfire style
breaks other cgi style, so make the change minium that is only
relevant to wireguard.cgi VPN peers status.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
wireguard.cgi calls errorbox and opensection/closesection,
but they are missing from header.pl. ipfire had functons.pl
removed and moved subroutines to header.pl and added errorbox
in header.pl. to keep the change minimum so not affect other
features, add errorbox and opensection/closesection in functions.pl
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
missing set_defaults sub result in error when generate
flash image during build after add wireguard UI
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit c29a07b2ee505811a6cd78ca643bf816beb77375
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon May 26 11:38:57 2025 +0200
index.cgi: Show WireGuard status using the function library
The settings file is also loaded all the time and we don't need to load
it again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit d6868ae94c63d0f708985e6bb6604a4bd40cf1a8
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 6 18:20:46 2024 +0200
firewall: Allow WG traffic when the firewall is in permissive mode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 50b4c402226cda390832d3124a2a46187cc635c3
Author: Stephen Cuka <stephen@firemypi.org>
Date: Thu Feb 27 16:34:16 2025 -0700
fwhosts.cgi: Add button spacing on 'Firewall/Firewall Groups' page.
Add spacing between showmenu() buttons on Firewall/Firewall Groups page to improve the look of the page.
No changes to the functions of the page.
Signed-off-by: Stephen Cuka <stephen@firemypi.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Apr 23 12:35:52 2025 +0200
firewall: Add support for WireGuard peers to groups
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
