webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,952 Commits 2 Branches 1 Tag
1d91ea28f9dcd640c39fa68df9c400b22ae0879c
Commit Graph

315 Commits

Author SHA1 Message Date
Daniel Weismüller
a18addb946 xt_geoip_update: Always call the cleanup function when some step fails 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:45:29 +00:00
Daniel Weismüller
7b2d933055 xt_geoip_update: Do not create temporary directories again 
These already exist

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:45:27 +00:00
Daniel Weismüller
3cd8d55010 xt_geoip_update: Use /var/tmp for temporary data 
Since we have some systems that are restricted to only 2GB of
space on /, we need to move this to where we have enough space.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:45:23 +00:00
Daniel Weismüller
0df1839239 xt_geoip_update: Perform cleanup after successful operation 
The temporary files were never being cleaned up after the script
has finished compiling the database.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:45:20 +00:00
Arne Fitzenreiter
7739cbf456 sane/stage2: remove sanedloop 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 08:37:23 +02:00
Arne Fitzenreiter
9e20c024b0 xt_geoip_update: fix date and add maxmind copyright to GeoIP.dat 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-24 15:44:23 +02:00
Arne Fitzenreiter
392994dcfb geoip-generator: added to build legacy GeoIP.dat file 
program and scripts based on debian geoip packages.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-24 11:29:01 +02:00
Stefan Schantl
72ab71969f update-ids-ruleset: Run as unprivileged user. 
Check if the script has been launched as privileged user (root) and drop all
permissions by switching to the "nobody" user and group.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:33:58 +01:00
Stefan Schantl
84227f7a1c update-ids-ruleset: Release ids_page_lock when the downloader fails. 
Fixes #12085.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:09:47 +01:00
Michael Tremer
0aa21ad307 Fix version information in backupiso script 
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 19:52:27 +01:00
Stefan Schantl
50b35e0f8f update-ids-ruleset: Set correct ownership for the rulestarball. 
The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.

This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.

Fixes #12066

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-01 18:03:11 +02:00
Michael Tremer
918ee4a4cf strongswan: Manually install all routes for non-routed VPNs 
This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 16:44:57 +01:00
Michael Tremer
3b521c724f ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-18 15:25:48 +00:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Stefan Schantl
5206a3358d update-ids-ruleset: Lock and Unlock the IDS page during runtime 
Reference #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:06:49 +01:00
Michael Tremer
f9dd134645 ipsec-interfaces: Resolve any remote hostnames 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
d985ce5ae9 ipsec-interfaces: Move conditional block into the loop 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
517683eeb1 ipsec: Drop VPN_IP setting 
This is now a per-connection setting

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
6826364580 ipsec-*: Name some more configuration variables 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
1ca2f88a74 ipsec-interfaces: Uses local IP address from connection first, then default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
c94aa25475 ipsec-interfaces: Fix typo in variable name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
c821440ced ipsec: Filter better for GRE/VTI interfaces 
This tried to delete the GREEN interface before

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
6a45a1f101 ipsec: TTL only applies for GRE interfaces and not VTI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
54bac01402 ipsec: Find correct RED IP address when using %defaultroute 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
3dc21d43bf ipsec: Log a message when an interface could not be created 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
1a45f9a70a ipsec-interfaces: Don't add any interfaces when IPsec is disabled 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
a56357b8be Revert "ipsec-interfaces: Run when IPsec is disabled" 
This reverts commit 3c3a1cfdb9b473fae9b792e8c211c9940fafc658.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
4cf038dcfe ipsec-interfaces: Run when IPsec is disabled 
This needs to run even when IPsec is disable to remove
and interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
05af70c2f3 ipsec-interfaces: Use correct righthost variable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
b8c153bca5 IPsec: Add (experimental) script that creates GRE/VTI interfaces 
Signed-off-by: root <root@interim-edge-a.ec2.internal>
 2019-02-04 18:20:36 +00:00
Stefan Schantl
d6f725e185 update-ids-ruleset: Improve error reporting if the system is offline 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:57:31 +01:00
Stefan Schantl
ca8c92108a update-ids-ruleset: Set correct ownership for rulesdir and files 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 09:09:11 +01:00
Stefan Schantl
39155be805 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-26 12:40:04 +01:00
Peter Müller
d38e7e256d use HTTPS for downloading GeoIP database files 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-21 21:03:38 +00:00
Stefan Schantl
c1a3401235 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-21 13:04:13 +01:00
Arne Fitzenreiter
271bac39a0 xt_geoip_updte: fix download url 
the maxmind server delivers an old version if there are
two slashes before the database filename.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-19 15:16:43 +01:00
Stefan Schantl
b76a8a008d xt_geoip_update: Adjust script to download and use the GeoLite2 database 
Fixes #11961.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:21:01 +00:00
Stefan Schantl
a77870146f xtables-addons: Use shipped xt_geoip_build 
Use the shipped xt_geoip_build directly instead of holding a copy in our GIT.

Reference #11959

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:20:22 +00:00
Stefan Schantl
a13ddf04d9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-12 09:27:59 +01:00
Michael Tremer
492b0b7c18 backupiso: Add support for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-08 16:02:17 +00:00
Michael Tremer
8a0bc03450 backupiso: Fix order of variables 
Some values in variables were corrected but used before.

Reported-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-08 15:58:58 +00:00
Arne Fitzenreiter
6104f2e816 backupiso: fix boot on EFI 
the grub on EFI serch the config on volume "IPFire 2.21 arch"
so the custom "ipfire backup ..." volume name is not working
anymore.
This is now fixed and a backup-version.media tag will added.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-07 19:16:57 +01:00
Arne Fitzenreiter
84902aa499 backup: fix backupiso mastering 
fixes: #11916

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-04 10:16:26 +01:00
Arne Fitzenreiter
ca9c45b3f2 graphs: add NVMe disks 
Add NVMe disks to media and hardwaregraphs.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-10-28 17:56:37 +01:00
Stefan Schantl
2d475a3c6c Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2018-09-26 14:49:34 +02:00
Stefan Schantl
82979dec36 IDS: Introduce update-ids-ruleset 
This script periodly will be called by fcron
and is responsible for downloading and altering
the ruleset, if autoupdate of the configured ruleset is
enabled.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 14:11:31 +02:00
Arne Fitzenreiter
4eedf6793b rebuild-initrd: update for grub2 
this was was not used for years because we usually ship a prebuild ramdisk
so this incompatiblity was not noticed long time...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-20 20:03:26 +02:00
Michael Tremer
046ef135e6 Merge remote-tracking branch 'origin/efi' into next 2018-08-16 12:49:13 +01:00
Arne Fitzenreiter
b403b04a13 initrd: add early microcode load 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 13:32:36 +02:00
Michael Tremer
f32cbd89d9 backup: Bump release number in ISO download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-03 13:07:31 +01:00