webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 15:32:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,668 Commits 2 Branches 1 Tag
0203401cf5dcd2fc005eb33a593b625f56258463
Commit Graph

92 Commits

Author SHA1 Message Date
Alexander Marx
6233483ba7 Forward Firewall: Bugfix: When creating a rule which results in an error, the counters in the firewallgroups where increased. 
Bugfix: When using icmp-type "all" there was no rule created

Conflicts:
	html/cgi-bin/forwardfw.cgi
 2013-09-27 10:43:01 +02:00
Michael Tremer
52c5ec837f firewall: Rewrite policy script. 
Restructure the code; add fallback options if no configuration
is set; reliably check if BLUE or ORANGE are used.
 2013-09-02 21:51:22 +02:00
Alexander Marx
5bee9a9df5 Forward Firewall: edited GPL-header 2013-08-13 13:47:27 +02:00
Alexander Marx
dc21519f68 Forward Firewall: added GPL header to all files 2013-08-13 12:44:01 +02:00
Alexander Marx
93c2de1c66 Forward Firewall: Bugfix: ICMP rules where applied double 2013-08-09 14:49:35 +02:00
Alexander Marx
653a71b951 Forward FIrewall: Bugfix: When using predefined services in rulecreation, the rule was not applied. Bugfix: when in rulecreationpage and pressing "back" the site gets white. 2013-08-09 14:49:35 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
7326051edb Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules 2013-08-09 14:15:32 +02:00
Alexander Marx
a648546338 Forward Firewall: added "default-rules-table" at the end of forward ruletable 2013-08-09 14:15:31 +02:00
Alexander Marx
7f25a65fc1 Forward Firewall: moved default rules from FORWARDFW to POLICYFWD 2013-08-09 14:15:31 +02:00
Alexander Marx
e17121fee7 Forward Firewall: removed nat part from rules.pl (file nat not existent anymore) 2013-08-09 14:15:31 +02:00
Alexander Marx
a0fb1099ef Forward Firewall: Design changes 
1) source has a new option "firewall" with dropdown for interfaces
2) source default networks->deleted IPFire, all ip's now in brackets
3) deleted warning message in Target that a mac is not usable
4) changes for "apply" button
5) in ruletable the protocol is now right beneath the ruletype column
6) changed target dropdown "INTERNET" to "RED"
7) renamed OpenVPN N-2N to OpenVPN Net-to-Net
8) set missing default firewall options
9) little changes on the en and de lang files
 2013-08-09 14:15:30 +02:00
Alexander Marx
ac9e77e3ba Forward Firewall: added missing fields to the converters (for dnat) 2013-08-09 14:15:30 +02:00
Alexander Marx
f557ea1e59 Forward Firewall: removed PORTFWACCESS flushing from rules.pl 2013-08-09 14:15:30 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
60607a6c75 Forward Firewall: removed DMZ from rules.pl (does no longer exist, is forward now 2013-08-09 14:15:29 +02:00
Alexander Marx
3f09f5309c Forward Firewall: convert-dmz now puts converted files into /var/ipfire/forward/config instead of /var/ipfire/forward/dmz 2013-08-09 14:15:29 +02:00
Alexander Marx
674f4e9d51 Forward Firewall: on every reload of the new firewall-rules the firewall.local is also reloaded 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
fb0ce57589 Forward Firewall: cleanup unused code 2013-08-09 14:15:28 +02:00
Alexander Marx
8762442c4e Forward Firewall: INPUT Firewall added "ALL" with ip 0.0.0.0 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Alexander Marx
05d4f131e9 Forward Firewall: Implemented INPUT Firewall (extended external access) 
Now you are able to define INPUT Rules on every interface ip
 2013-08-09 14:15:27 +02:00
Alexander Marx
6fab5bca2a Forward Firewall: edited rules.pl so that in the rules the ip addresses from the remote ovpn N2N subnet are used instead of the openvpn subnet(because its only used as transfer net) 2013-08-09 14:13:11 +02:00
Alexander Marx
aff15defbc Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall 2013-08-09 14:13:10 +02:00
Alexander Marx
53f4c74d9b Forward Firewall: some changes in firewall script to make collectd work 2013-08-09 14:13:10 +02:00
Alexander Marx
94ea1f0346 Forward Firewall: fixed firewall hits statistik and extended it to show input,output,forward,newnotsyn and portscan seperately. 2013-08-09 14:13:10 +02:00
Alexander Marx
08e1c65d85 Forward Firewall: added SNAT multiport support 2013-08-09 14:12:40 +02:00
Alexander Marx
98cee89f94 Forward Firewall: Added multiport support to DNAT/Portforwarding 
Now it is possible to use multiple ports under DNAT when TARGET has no Port, one Port or one Portrange defined
 2013-08-09 14:12:39 +02:00
Alexander Marx
bc912c6e0c Forward Firewall: Version 0.9.9.2 
1) Some changes in en.pl
2) DNAT now supports REJECT/DROP rules
3) Bugfix: comma in remark customservicegroup
4) improved installer
 2013-08-09 14:12:39 +02:00
Alexander Marx
e09884e04f Forward Firewall: some fixes: 
1) Counter was not correctly decreased when deleting a network from a customgroup
2) Convert-outgoingfw improved
3) Backup didn't set filepermissions correctly
 2013-08-09 14:12:39 +02:00
Alexander Marx
f7e649ddfb Forward Firewall: some typos in dmz-converter 2013-08-09 14:12:39 +02:00
Alexander Marx
a60dbb4b6a Forward Firewall: added dmz-converter. 
Also extended backup.pl script to support old backups. Now it is possible to restore old backups into new firewall. On restore, all config files of new firewall will be destroyed and the 4 converters will recreate them.
 2013-08-09 14:12:37 +02:00
Alexander Marx
829697d076 Forward Firewall: enabled Portranges for DNAT 2013-08-09 14:11:58 +02:00
Alexander Marx
6be32fe504 Forward Firewall: bugfix: DNAT now correctly creates rules, when customservice defined as target 2013-08-09 14:11:58 +02:00
Alexander Marx
28640b7365 Forward Firewall: fix NAT-rules: iptables rule was not applied correctly in PORTFWACCESS 2013-08-09 14:11:58 +02:00
Alexander Marx
fb61ec6715 Forward Firewall: Bugfix: blue was allowed to connect to everywhere if forward firewall was open 2013-08-09 14:11:57 +02:00
Alexander Marx
8343fd1250 Forward Firewall: Fix converter-outgoingfw. Produced wrong counters while converting 2013-08-09 14:11:57 +02:00
Alexander Marx
54d6863787 Forward Firewall: fixed converter bug: Remark is "0" and Alias ip is taken as ip instead of name 2013-08-09 14:11:57 +02:00
Alexander Marx
6b681c40d2 Forward Firewall: 0.9.8.7 Implemented SNAT/DNAT 
reorganized firewall chains
 2013-08-09 14:11:57 +02:00
Alexander Marx
93b75f31ad Forward Firewall: clean up some files 
Fix iptables loop wirelessctrl
Fix firewall chain order
Fix policies (added comment for statistic)
 2013-08-09 14:11:56 +02:00
Alexander Marx
a6edca5a89 Forward Firewall: support for SNAT/DNAT in GUI and rules.pl 2013-08-09 14:11:56 +02:00
Alexander Marx
ddcec9d339 Forward Firewall: Firewall sets Internetdevice correctly now (was always red0) 2013-08-09 14:11:56 +02:00
Alexander Marx
f2ab6fba4a Forward Firewall: 
1) Custom Hosts: now 17 chars can be entered into IP/MAC field
2) Forwardfw: Bugfix: When no alias is set and IPFIRE is selected as target, no target address is recognised
3) Forwardfw: Now source and Target addressfield (manual) are set to 17 chars maxlegth.
4) Converter: Bugfix: When starting converter from commandline, all hosts are entered into groups again.
 2013-08-09 14:11:56 +02:00
Alexander Marx
05612a544b Forward Firewall: fix converter for outgoingfw. remarkfield (new) was not implemented here 
fwhosts: Some layout changes in tables (cellspacing='0')
 2013-08-09 14:11:55 +02:00
Alexander Marx
d58677779f Forward Firewall: forgot to delete devel-comment 2013-08-09 14:11:55 +02:00
Alexander Marx
fccf52cf7e Forward Firewall: fixed a bug in convert-outgoingfw. THe hosts are created with wrong amount of fields in hasharray. 
Also fixed a bug which sets wrong firewall mode for FORWARD when outgoing rules are used.
 2013-08-09 14:11:55 +02:00
Alexander Marx
472136c927 Forward Firewall: Fix ruletimes. Now the timevalues which are entered in the gui are saved to the rulefile. 
Wenn rule.pl is called, the script calculates the difference to UTC time and sets the iptables times accordingly.

With this approach there's no need to save if the times are created in summertime or wintertime.
 2013-08-09 14:11:55 +02:00
Alexander Marx
ef6f983b17 Forward Firewall: put rule OUTGOING ACCEPT Related, established into /etc/init.d/firewall 
deleted ACCEPT OUTGOINGFW related,established from POLICYOUT
 2013-08-09 14:11:55 +02:00
Alexander Marx
a0f267b92c Forward Firewall: removed --kerneltz from rules.pl. New function timeconvert in forwardfw.cgiu takes care of timeconversion now 2013-08-09 14:11:55 +02:00