webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,956 Commits 2 Branches 1 Tag
0206795e57d0b0f0caabec7de4efe54fff1bc6b5
Commit Graph

609 Commits

Author SHA1 Message Date
Michael Tremer
0206795e57 sslh: Move binary to /usr/sbin. 2013-12-27 11:29:10 +01:00
Michael Tremer
230eeac04d sslh: Cleanup initscript. 
Calling setxtaccess has been removed and never have been used
at this place.
Also, it is checked if the external IP address was properly
read from file.
 2013-12-27 11:11:29 +01:00
Arne Fitzenreiter
bb234c63ef partresize: fix partresize for new arm image layout. 2013-12-23 22:28:27 +01:00
Alexander Marx
c0f99754df Firewall: now it is possible to connect from one ipfire to a green network of another openvpn connected ipfire 
Please take care to put this into the docu! One can create DROP rules if
the remote ipfire should NOT be able to connect to the others internal
networks. Therefor you have to take the green interface IP as SOURCE!
 2013-12-23 11:05:04 +01:00
Arne Fitzenreiter
dd6c9bb9c3 collectd initskript: parse new lm_sensors config. 2013-12-19 22:46:48 +01:00
Alexander Marx
fac3861429 Firewall: Bugfix: in /etc/init.d/firewall the REDNAT chain was affected BEFORE NAT_SOURCE. Outgoing SNAT rules where not working though 2013-12-16 12:29:02 +01:00
Arne Fitzenreiter
3a3759c625 mountkernfs: fix mount of /sys and /proc without initrd. 2013-12-08 16:07:35 +01:00
Arne Fitzenreiter
80469a8935 initskripts: updates for new udev. 2013-11-18 23:36:10 +01:00
Arne Fitzenreiter
1ee33ddadf util-linux: update to 2.24. 
this is needed for newer udev versions but need some initskript
changes. The updater and arm rootfile is not finished yet.
 2013-11-17 18:51:04 +01:00
Michael Tremer
ab4876ad42 firewall: Don't require to enable the RW server for N2N networks. 
The firewall rules for OpenVPN have not been applied for N2N
connections when the road warrior server was disabled.
 2013-11-08 13:38:09 +01:00
Alexander Marx
8039a71099 Firewall: renamed forwardfwctrl to firewallctrl 2013-10-24 09:42:42 +02:00
Michael Tremer
568438067c Merge branch 'next' into fifteen 2013-10-14 14:12:04 +02:00
Michael Tremer
0f6b606785 squid: Implement intercept mode. 2013-10-14 13:54:24 +02:00
Michael Tremer
ba25f014b2 network-vlans: Use ip link command instead of vconfig. 
This patch gets rid of using vconfig for configuring VLAN
devices. ip link is much more suitable for that and creates
the interface with the right name and MAC address in just
one step.
 2013-10-04 13:36:48 +02:00
Michael Tremer
0203401cf5 Merge remote-tracking branch 'origin/next' into fifteen 
Conflicts:
	doc/language_issues.es
	doc/language_issues.fr
	doc/language_issues.nl
	doc/language_issues.pl
	doc/language_issues.tr
	doc/language_missings
 2013-10-03 14:26:33 +02:00
Michael Tremer
6adacba055 tor: Increase number of max. open file descriptors. 2013-09-30 12:14:09 +02:00
Michael Tremer
d9949d4dd1 Merge remote-tracking branch 'earl/tor' into next 
Conflicts:
	lfs/tor
 2013-09-14 14:37:18 +02:00
Arne Fitzenreiter
1a78fe5e2d firstsetup: add missing "fi". 2013-09-14 12:38:39 +02:00
Arne Fitzenreiter
7676ceba65 firstsetup: don't overwrite meta-linux-pae if already present. 2013-09-12 00:51:50 +02:00
Jan Paul Tuecking
e122dd6366 tor: changed init script due to directory port option 2013-09-07 14:52:02 +02:00
Michael Tremer
2b1ff41196 dnsmasq: Fix appending arguments to the argument list. 2013-09-02 19:11:40 +02:00
Michael Tremer
2340d265b1 dnsmasq: Put custom arguments first. 2013-09-02 19:01:44 +02:00
Michael Tremer
2ac39db92e Merge remote-tracking branch 'amarx/firewall' into fifteen 2013-08-28 11:33:20 +02:00
Michael Tremer
ae650f9518 tor: Fix initscript (again). 2013-08-24 17:21:21 +02:00
Michael Tremer
dea399178e tor: Fix initscript (again). 2013-08-24 17:19:36 +02:00
Michael Tremer
754f508b5b squid: Update to 3.3.8. 2013-08-22 12:57:56 +02:00
Michael Tremer
529ac19c46 tor: Only start tor when it has been enabled. 2013-08-21 17:22:54 +02:00
Michael Tremer
3765eb6179 tor: Only start tor when it has been enabled. 2013-08-19 13:23:51 +02:00
Michael Tremer
987b75bcd4 firewall: Add TOR chains. 2013-08-09 14:49:35 +02:00
Alexander Marx
e1efb8199d Forward Firewall: deleted postrouting block in firewall (not used anywhere) 2013-08-09 14:15:33 +02:00
Michael Tremer
bb12dd7b69 iptables: Cleanup creating SNAT/DNAT chains. 2013-08-09 14:15:33 +02:00
Michael Tremer
47cd046aed iptables: Remove OPENSSL{PHYSICAL,VIRTUAL} chains which are unused. 2013-08-09 14:15:33 +02:00
Michael Tremer
d5f1422d81 iptables: Jump into the firewall rulesets after everything else has been done. 2013-08-09 14:15:33 +02:00
Michael Tremer
51ab1de143 iptables: Create OVPNNAT chain after CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
815eaff433 iptables: Create guardian's chains after the CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
1e55533052 iptables: Cleanup creating the OVPNBLOCK chain. 
This should happen after the CUSTOM* chains.
 2013-08-09 14:15:32 +02:00
Michael Tremer
3b9a23ce07 iptables: Block all loopback packets on non-loopback interfaces. 2013-08-09 14:15:32 +02:00
Michael Tremer
afc611d448 iptables: Create LOOPBACK chain. 
This chain accepts all communication on the loopback
interface without running it through the entire connection
tracking first.

Packets on lo can never be blocked and must always be
accepted. The firewall has to trust itself anyway.
 2013-08-09 14:15:32 +02:00
Michael Tremer
c0359d6dfb iptables: Only jump into BADTCP for TCP packets. 
This saves us from evaluating lots of rules for non-TCP
packets.
 2013-08-09 14:15:32 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
e41b651b4a Forward Firewall: changed order of LOG and DROP rules for INPUT Chain 2013-08-09 14:15:28 +02:00
Alexander Marx
ed9ab82c61 Forward Firewall 0.9.9.7: reordered INPUT POLICY. 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Alexander Marx
e1eef9d53e Forward Firewall: BUGFIX: When creating DMZ Rules with MANUAL IP as source and afterwards editing the rule, the rule was copied and not just edited. 
BUGFIX: When using SNAT (outbound) the rule does not seem to work. The NAT_SOURCE chain was on wron position in POSTROUTING
 2013-08-09 14:13:12 +02:00
Alexander Marx
c400fe4c84 Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh 2013-08-09 14:13:12 +02:00
Alexander Marx
3e79f33fc2 Forward Firewall: reordered some rules to get rid of INPUT_DROP messages in log when connected to webinterface 2013-08-09 14:13:11 +02:00
Alexander Marx
dc82656bf9 Forward Firewall: 0.9.9.4a - Bugfix typo in firewallscript, DMZ Link on startpage now leads to firewall instead of dmzpinholes 2013-08-09 14:13:10 +02:00
Alexander Marx
aff15defbc Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall 2013-08-09 14:13:10 +02:00