webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 04:22:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,337 Commits 2 Branches 1 Tag
0fa8a4e98e3c7b44f0e66f9958693a66bbb7fdeb
Commit Graph

10337 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arne Fitzenreiter
0fa8a4e98e Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-10-12 22:52:34 +02:00
Arne Fitzenreiter
11ecfb92a0 backup: add unbound config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:51:35 +02:00
Arne Fitzenreiter
d221f41fbe unbound: bind to all interfaces 
this allow to add interfaces without restart unbound.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:43:21 +02:00
Arne Fitzenreiter
3a6752d928 setup: restart unbound after network config change 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:39:41 +02:00
Daniel Weismüller
d653b433ec drop of the obsolete and deprecated vdr addon vdr_vnsiserver3 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 11:21:24 +01:00
Michael Tremer
86c9deb2ea unbound: Public static leases in DNS, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-11 19:14:33 +02:00
Michael Tremer
998e880b61 unbound: Skip invalid hostnames 
If there are any invalid hostnames in the DHCP leases
table, we just skip them and do not create and RRs for
them.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 20:11:57 +01:00
Matthias Fischer
5eeea64237 guardian 2.0: fixes for rootfile 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:08:33 +01:00
Michael Tremer
3a52755b97 core106: Ship changed pakfire.cgi 
This was actually changed over a year ago, but was
never shipped in an update.

Commit 212fd689a3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:05:01 +01:00
Michael Tremer
b32a8aefa2 core106: Ship updated iptables.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:04:24 +01:00
Matthias Fischer
58c2333bdc iptables.cgi: cosmetics - wider columns 
Hi,

Since the first three columns of 'iptables.cgi' gave a nearly unreadable output
with large numbers, so I made 'pkts', 'bytes' and 'target'-columns a bit wider.

BEFORE - it was something like this:

Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts bytestarget        proc opt in     out source    destination
  32M38G    BADTCP        tcp  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    CUSTOMINPUT   all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    P2PBLOCK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    GUARDIAN      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  00        OVPNBLOCK     all  --  tun+   *   0.0.0.0/0 0.0.0.0/0
  32M38G    IPTVINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    ICMPINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    LOOPBACK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  21M21G    CONNTRACK     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  393873484KDHCPGREENINPUTall  --  green0 *   0.0.0.0/0 0.0.0.0/0
  645153642KGEOIPBLOCK    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  386592304KIPSECINPUT    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  386592304KGUIINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KWIRELESSINPUT all  --  *      *   0.0.0.0/0 0.0.0.0/0 ctstate NEW
  368332209KOVPNINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KTOR_INPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KINPUTFW       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  309641833KREDINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  309641833KPOLICYIN      all  --  *      *   0.0.0.0/0 0.0.0.0/0

AFTER - somehow better readable - I think: ;-)

Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts  bytes target         proc opt in     out source    destination
  32M   38G   BADTCP         tcp  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   CUSTOMINPUT    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   P2PBLOCK       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   GUARDIAN       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  0     0     OVPNBLOCK      all  --  tun+   *   0.0.0.0/0 0.0.0.0/0
  32M   38G   IPTVINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   ICMPINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   LOOPBACK       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  21M   21G   CONNTRACK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  39387 3484K DHCPGREENINPUT all  --  green0 *   0.0.0.0/0 0.0.0.0/0
  64515 3642K GEOIPBLOCK     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  38659 2304K IPSECINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  38659 2304K GUIINPUT       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K WIRELESSINPUT  all  --  *      *   0.0.0.0/0 0.0.0.0/0 ctstate NEW
  36833 2209K OVPNINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K TOR_INPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K INPUTFW        all  --  *      *   0.0.0.0/0 0.0.0.0/0
  30964 1833K REDINPUT       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  30964 1833K POLICYIN       all  --  *      *   0.0.0.0/0 0.0.0.0/0

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:03:51 +01:00
Arne Fitzenreiter
f824cd285b setclock: accept also empty logfile timestamp 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-09 12:10:15 +02:00
Arne Fitzenreiter
0807ce69ee setclock: prevent time bacjump by empty rtc batteries 
This is a work around to prevent not working dns
resolution if the time jumps before the DNSSec signing key.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-08 15:43:54 +02:00
Arne Fitzenreiter
0d7ca700bd unbound: skip green interface if ip was set to 1.1.1.1 
this is a reserved marker for unused green ip.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-07 11:27:33 +02:00
Michael Tremer
e22bcd38d6 unbound: Correctly format PTR records 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-06 10:42:49 +01:00
Michael Tremer
71cf56fe53 core106: Restart DHCP server to import leases into DNS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-06 10:41:54 +01:00
Michael Tremer
eef9b2529c setup: Store passwords in SHA format 
htpasswd doesn't protect passwords very well. MD5 was used
before and now any newly created passwords will use the
SHA format.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-04 22:41:48 +01:00
Michael Tremer
574ee681d2 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2016-10-04 22:34:23 +01:00
Arne Fitzenreiter
e3a90a5736 Revert "core106: Add DNS root key to exclude list" 
This reverts commit f58002a83f.
 2016-10-04 22:05:26 +02:00
Arne Fitzenreiter
a48a2034f5 unbound: fix update forwarders if unbound was not running 
psgrep has no "-q" switch so i use pidof.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-04 19:24:26 +02:00
Arne Fitzenreiter
9aa7b0469d Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-10-03 17:55:42 +02:00
Arne Fitzenreiter
f75c279b97 unbound: fix reverse lockup of webif defined hosts 
and make the own host resolveable.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-03 17:53:13 +02:00
Michael Tremer
350e29c26f Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-03 12:13:43 +01:00
Matthias Fischer
c5f633c917 guardian 2.0: suggested cosmetic changes 
I did the following:

- Rearranged the fields on 'guardian.cgi' a bit - in a (hopefully) logical manner,
  so that they don't need so much room.
- Added some translation-strings and explanations to (revised) 'guardian.cgi'.
- Added missing language string(s), deleted obsolete.
- Deleted all guardian entries from standard language files in
  '/var/ipfire/langs'-directory.
- Added (upgraded) addon-specific language files to '/var/ipfire/addon-lang'-directory.

I hope, I didn't forget something...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2016-10-03 12:12:13 +01:00
Michael Tremer
52587edac4 core106: Ship updated libidn 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-03 11:45:36 +01:00
Matthias Fischer
64602fdf7d libidn: Update to 1.33 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-03 11:40:40 +01:00
Arne Fitzenreiter
642b831b72 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-10-02 16:36:57 +02:00
Arne Fitzenreiter
e24d6112bb index.cgi: display unbound dns servers 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-02 16:35:50 +02:00
Michael Tremer
5edc06b701 Remove IPAC stuff 
This is unused for a very very very long time and serves
no purpose any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-02 15:13:55 +01:00
Arne Fitzenreiter
cc60329d88 Add search domain to /etc/resolv.conf at boot time 
unbound does not append the local domain to the request
any more (like dnsmasq did). Therefore, the client needs
to do that if desired.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-02 15:32:14 +02:00
Arne Fitzenreiter
b29c97b168 unbound: Test upstream name servers before using 
unbound has some trouble with validating DNSSEC-enabled
domains when the upstream name server is stripping signatures
from the authoritative responses.

This script now checks that, removes any broken upstream
name servers from the list and prints a warning.

If all name servers fail the test, unbound falls back
into recursor mode.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-02 15:25:23 +02:00
Arne Fitzenreiter
f58002a83f core106: Add DNS root key to exclude list 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-02 13:36:07 +02:00
Arne Fitzenreiter
9f50355a8c unbound: Update to 1.5.10 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-02 13:35:45 +02:00
Michael Tremer
a1de9f6fc9 core106: Ship updated /etc/login.defs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-01 18:56:42 +01:00
Michael Tremer
80bc60228b unbound: Print nicer error message when already running 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-01 18:55:23 +01:00
Michael Tremer
46d8d50f45 unbound: Start unbound when invoked by DHCP scripts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-01 18:52:07 +01:00
Michael Tremer
da31472505 shadow-utils: Create standard set of configuration files 
Previously we copied the default configuration from the upstream
package and modified that. Unfortunately a patch and a sed command
changed the file which resulted in unwanted changes.

This patch removes the patch and sed command and adds a new set
of configuration files that just need to be copied to the system.

Fixes #11195

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-01 18:42:18 +01:00
Arne Fitzenreiter
60fc489b04 attr: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-01 15:17:37 +02:00
Arne Fitzenreiter
829435bea3 ntp: fix wait for red if dhcp or wpasupplicant is running. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-27 20:15:53 +02:00
Arne Fitzenreiter
3cf764f338 samba: default enable SMBv2. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-27 19:38:38 +02:00
Arne Fitzenreiter
b547554aea core106: ship mt7601u firmware. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-27 19:20:14 +02:00
Arne Fitzenreiter
dee3be75f9 mpfr: fix missing eof in rootfile. 
this is the reason for missing mt7601u firmware.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-27 19:18:21 +02:00
Michael Tremer
92aebbcddd Revert "libjpeg: update to 1.4.2" 
This reverts commit feba68e4af.

Breaks building netpbm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-27 09:44:49 +01:00
Arne Fitzenreiter
01176164b5 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-09-26 23:18:30 +02:00
Arne Fitzenreiter
de48b89ca1 Revert "Revert "tcl: update to 8.6.6"" 
with new krb5 also the tcl update works.
This reverts commit 053c554822.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-26 23:17:08 +02:00
Michael Tremer
e26a93322d core106: Add recently updated packages, etc. 
This update removes dnsmasq and replaces it with unbound.

Also many packages are updated and shipped.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-26 21:03:33 +01:00
Michael Tremer
59bddc7989 Start Core Update 106 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-26 20:25:22 +01:00
Marcel Lorenz
feba68e4af libjpeg: update to 1.4.2 
The old libjpeg is renamed to libjpeg-compat
The compat makes the old libs maintainable

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-09-26 20:18:25 +01:00
Arne Fitzenreiter
b8987235d2 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-09-26 18:53:49 +02:00
Arne Fitzenreiter
724c0b8e4b attr: rootfile update. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-09-26 18:51:27 +02:00