This is the IP address or FQDN which will be written into
Apple Configuration profiles as public peer address.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Return output of iptables directly instead of writing it to files.
* Make iptables wait for 5s if xtables is locked by another iptables
process. (--wait 5 argument)
* Add optional parameter "-x" to have iptables report exact numbers.
* Add optional parameter "-f" to display the filter table (default).
* Add optional parameter "-n" to display the nat table.
* Add optional parameter "-m" to display the mangle table.
* Adapt iptables.cgi and guardian.cgi to catch getipstat output
instead of reading temp-files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With wireless device as members in bridges, we cannot predict the name
very well. So we will use the MAC address and find the correct device
name when we launch hostapd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Write graph error messages to the system log, to simplify
further inspection by the user.
Add additional parameter check to prevent a possible redirect loop
if the URL format is changed in the future.
Cosmetic: Use underlining instead of background color for highlighting
Fixes#10643
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This has been broken because of other changes on the network scripts and
since we now have support for bridges there is no point in supporting
something else that has the same functionality.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This disables the theme support and makes it impossible to use any other
themes than the ipfire default theme.
The only intention of this patch is to hardcode the theme to ipfire.
To change any cgi we have is an ugly way, but the only way to do this
fast. The colour handling needs certainly to be improved as well, but
this will and should be done in other patches.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
"makegraphbox" is modified to remove the old iframe method and output
a modern div container instead.
Graph errors are now returned, to be displayed by getrrdimage.cgi.
entropy.cgi and netovpnsrv.cgi are modified to ensure compatibility.
Add cache control HTTP header to image output.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds styling for the new graph time range buttons
and loads the Javascript in the HTML head.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds two scripts which will later be used to display graphs:
-> getrrdimage.cgi: Generates PNG images for graphs.
Until now, each CGI with embedded graphs had to be able to output
images. These functions are now gathered in this new script.
The additional parameter handling can be removed and the CGIs can
be simplified. This makes it easier to use and output the graphs.
-> rrdimage.js: Interactive Javascript functions
This allows the user to select time ranges without reloading the page.
In addition, the graphs are now periodically updated, allowing users
to live monitor the data.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Ensure that a bridge always has a MAC address configured, to prevent
udev/network-hotplug-bridges assigning random addresses at each start.
Cache previously generated MAC addresses so that they are not
regenerated each time the configuration is saved by the user.
Add more comments to existing code.
Fixes: #12583
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Use the correct VLAN tag range 1-4094 and add an error message
to the range check.
The missing error message was discovered by Jonatan.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #12479
When copying a NAT rule in the firewall the existing sourceport is copied, too.
This Fix deletes the sourceport from a copied NAT rule. After Saving, the correct port is used.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This change drops the UIs that could enable ALGs for various protocols.
Those have been all forcibly disabled because "NAT Slipstream".
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Remove custom functions and use network-functions.pl instead to detect
the available zones correctly. This also removes the requirement that
a device must be assigned for a zone to become visible/configurable.
Fixes: #12568
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes & new features:
- Add CSS for STP options, add texts to language files
- Read STP settings from ethernet configuration and display inputs
- Validate and save STP settings
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- When patch 3724 was created for bug #10743 a curly bracket was placed in the wrong place
This results in the overlap of two if loops meaning that there will be no validity
check carried out on Default Lease Time if Deny Known Clients is not checked.
- This patch moves the { bracket to the right location.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Wirelessclient shows priority 0 to be most preferred and priority 4 as
least preferred. Based on forum posters experience and the wpa_supplicant
man page it is the other way round.
- This patch moves the least preferred title to priority 0 and vice versa
- Will ask bug reporter to test out the patch and confirm it works. The page
is only shown if you have a wifi connection on red.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There is no need for this being implemented and it is dangerous to allow
the user to create any shell accounts or users that belong to groups
with higher privileges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function nicely translates the ethernet/settings "CONFIG_TYPE"
into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If a provider supports authentication with a token, now
the username and password fileds will be swapped by some
Java Script code in favour of an input field for the token.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
