webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 17:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,902 Commits 2 Branches 1 Tag
0a340fbe1e76323afc7473b296dec871f3d820b0
Commit Graph

13902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
0a340fbe1e mail.cgi: Always check content of fields 
These checks did not do anything but clear all fields
when mailing was disabled.

It makes a lot more sense to retain people's settings,
even when they have been disabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-13 18:41:01 +00:00
peter.mueller@ipfire.org
8f9c4081b4 Core Update 138: ship ca-certificates 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-13 18:40:04 +00:00
peter.mueller@ipfire.org
d5ccd924e0 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-13 18:39:50 +00:00
peter.mueller@ipfire.org
c772b7550c Tor: fix permissions of /var/ipfire/tor/torrc after installation 
Fixes #12220

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 19:50:32 +00:00
Arne Fitzenreiter
94c09bd9c4 core138: add firewall-lib.pl to update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 13:25:55 +00:00
Stefan Schantl
dba780a784 firewall-lib.pl: Populate GeoIP rules only if location is available. 
In case a GeoIP related firewall rule should be created, the script
now will check if the given location is still available.

Fixes #12054.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 13:23:43 +00:00
Arne Fitzenreiter
75612f0644 start core138 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 13:22:31 +00:00
Michael Tremer
a42dfb216d speedtest-cli: Use Python 3 instead of Python 2 
This seems to be required although the documentation says
that Python 2 is supported.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 13:17:11 +00:00
Michael Tremer
45a3168ef1 python3: Bump release version to redistribute package 
Python 3 was linked against an old version of OpenSSL on my
system and to avoid this, we need to ship it again being built
against the current version of it.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-29 13:17:07 +00:00
Michael Tremer
d704e75d75 QoS: Do no classify as default when L7 filter isn't done 
We need to allow some more packets to pass through the
mangle chains so that the layer 7 filter can determine
what protocol it finds.

If L7 filter decides that a connection is of type "unknown",
we mark it as default, or it is marked with the correct class.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-22 15:57:01 +00:00
Arne Fitzenreiter
41c242bff8 Revert "Revert "Revert "core137: Remove imq0 and unload imq module after QoS has been stopped""" 
This reverts commit e4d242da4a.

this fails because we let QoS running and it doesn't like if the imq0
device was removed. (why imq0 can removed when it is up?)
 2019-10-22 15:54:37 +00:00
Matthias Fischer
4ba4645d12 bind: Update to 9.11.12 
For details see:
https://downloads.isc.org/isc/bind9/9.11.12/RELEASE-NOTES-bind-9.11.12.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 19:01:32 +00:00
Michael Tremer
b3ce3510ad grub: Build after Python is available 
The build sometimes aborted because python was not found
when Grub was being built for EFI.

Fixes: #12209
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 19:01:03 +00:00
Arne Fitzenreiter
e4d242da4a Revert "Revert "core137: Remove imq0 and unload imq module after QoS has been stopped"" 
This reverts commit 39c4ed4427.
 2019-10-21 19:00:19 +00:00
Michael Tremer
615bf6e0f0 QoS: Delete more unused iptables commands 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:36 +00:00
Michael Tremer
76bf53db8b QoS: Drop support for setting TOS bits per class 
This is useless since no ISP will evaluate those settings
any more and it has a rather large impact on throughput.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:31 +00:00
Michael Tremer
6f07564242 QoS: No longer set TOS bits for ACK packets 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:29 +00:00
Michael Tremer
1e35eeac59 QoS: Remove some IPsec rules which never worked 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:25 +00:00
Michael Tremer
fc09b98296 QoS: Classify incoming traffic in PREROUTING 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:23 +00:00
Daniel Weismüller
4b5aa97393 QoS: Use CONNMARK to mark connections in connection tracking 
This patch modifies the connection tracking in that ways that
it sets a connection mark which will be retrieved when a packet
is being redirected to the IFB interface.

This way, we can use classification without having the packet
being sent through iptables first.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:20 +00:00
Michael Tremer
7d770777e0 Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" 
This reverts commit 88b8ffac6b.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:14 +00:00
Michael Tremer
afe23fbb52 QoS: Drop support for subclasses 
This feature was never properly implemented and the UI was dead

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:12 +00:00
Michael Tremer
8d6b654369 QoS: Suppress an error message when cleaning up from previous runs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:10 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Michael Tremer
50ed363e89 QoS: Do not delete egress qdisc after classes have been created 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:06 +00:00
Michael Tremer
677c1f47d7 QoS: Start qosd immediately 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:59 +00:00
Michael Tremer
96f16b8501 QoS: Tidy up qdiscs after QoS is being stopped 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:53 +00:00
Michael Tremer
0dfb3984d0 QoS: Use Intermediate Functional Block 
This is an alternative implementation to the Intermediate Queuing
Device (IMQ) which is an out-of-tree kernel patch and has been
criticised for being slow, especially with mutliple processors.

IFB is part of the mainline kernel and a lot less code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:41 +00:00
Michael Tremer
c37af2f004 QoS: Do not manually load iptables modules 
This should not be necessary and causes the script to
wait for two seconds.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:14 +00:00
Arne Fitzenreiter
3670ac5622 core137: remove QoS stop at update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-20 20:29:50 +00:00
Arne Fitzenreiter
39c4ed4427 Revert "core137: Remove imq0 and unload imq module after QoS has been stopped" 
This reverts commit f48920d84f.
 2019-10-20 20:28:10 +00:00
Arne Fitzenreiter
fb41342122 Revert "QoS: Do not manually load iptables modules" 
This reverts commit cae6916d59.
 2019-10-20 20:25:24 +00:00
Arne Fitzenreiter
bd122644e4 Revert "QoS: Use Intermediate Functional Block" 
This reverts commit 3c33d9d854.
 2019-10-20 20:24:43 +00:00
Arne Fitzenreiter
707e0471ce Revert "Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"" 
This reverts commit ec01ebe246.
 2019-10-20 20:24:16 +00:00
Arne Fitzenreiter
5e661eb533 Revert "QoS: Tidy up qdiscs after QoS is being stopped" 
This reverts commit eedf7b06c0.
 2019-10-20 20:23:54 +00:00
Arne Fitzenreiter
005fc8ed5d Revert "QoS: Process incoming packets in PREROUTING only" 
This reverts commit e6341c5856.
 2019-10-20 20:23:13 +00:00
Arne Fitzenreiter
d7297c477a Revert "QoS: Do not delete egress qdisc after classes have been created" 
This reverts commit 39ff91ecf8.
 2019-10-20 20:21:53 +00:00
Arne Fitzenreiter
fb8d7759b8 Revert "QoS: Start qosd immediately" 
This reverts commit 6a9bcd6c1d.
 2019-10-20 20:21:23 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
fc08e632e3 Revert "QoS: Suppress an error message when cleaning up from previous runs" 
This reverts commit cebad6e2b9.
 2019-10-20 20:19:58 +00:00
Arne Fitzenreiter
896f24cc58 Revert "QoS: Move packet classification to FORWARD chain for ingress" 
This reverts commit 424a332fd3.
 2019-10-20 20:19:21 +00:00
Arne Fitzenreiter
323900264f Revert "QoS: Use CLASSIFY iptables target instead of MARK" 
This reverts commit 3e151d19f9.
 2019-10-20 20:18:56 +00:00
Arne Fitzenreiter
bebc33813a Revert "QoS: Drop tc filter rules to move marked packets into the correct class" 
This reverts commit 63f7d7475e.
 2019-10-20 20:18:34 +00:00
Arne Fitzenreiter
50e97cd55f Revert "QoS: Drop support for subclasses" 
This reverts commit bc4d4da870.
 2019-10-20 20:18:00 +00:00
Arne Fitzenreiter
6aeaa3a75e Revert "QoS: Drop support for setting TOS bits per class" 
This reverts commit 3174d9c6b6.
 2019-10-20 20:17:18 +00:00
Arne Fitzenreiter
ac45e4f3e9 Revert "QoS: No longer set TOS bits for ACK packets" 
This reverts commit b1c695e872.
 2019-10-20 20:16:05 +00:00
Arne Fitzenreiter
6e414ea1e0 core137: don't start QoS 
QoS need to load kernel modules but the currect kernel
was removed so it cannot correct start without a reboot.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-20 09:51:04 +00:00
Daniel Weismüller
f48920d84f core137: Remove imq0 and unload imq module after QoS has been stopped 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 21:09:04 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 23:07:44 +02:00
Arne Fitzenreiter
cafef39aa2 Revert "suricata: Enable rust support" 
This reverts commit 5b87687cb1.
 2019-10-18 20:39:47 +02:00