webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 04:52:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,450 Commits 2 Branches 1 Tag
29ae57a7fe60cb345fbebb80f76e52c31b5cd163
Commit Graph

6450 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
29ae57a7fe firewall: Language updates (English and German). 2013-08-09 14:50:03 +02:00
Michael Tremer
987b75bcd4 firewall: Add TOR chains. 2013-08-09 14:49:35 +02:00
Alexander Marx
ab4fe66fc9 Forward Firewall: Network addresses are now allowed as source and the ip addressfield has now size 18. 2013-08-09 14:49:35 +02:00
Alexander Marx
43215686ce Forward Firewall: changed rule coloring. Now whole field is colored instead of just borders. Back Button in firewall groups /hostgroups showed a white site 2013-08-09 14:49:35 +02:00
Alexander Marx
93c2de1c66 Forward Firewall: Bugfix: ICMP rules where applied double 2013-08-09 14:49:35 +02:00
Alexander Marx
653a71b951 Forward FIrewall: Bugfix: When using predefined services in rulecreation, the rule was not applied. Bugfix: when in rulecreationpage and pressing "back" the site gets white. 2013-08-09 14:49:35 +02:00
Alexander Marx
6143bc300e Forward FIrewall: BUGFIX: when setting outgoing to blocked and creating a rule, the last rule changes to "accept" 2013-08-09 14:49:35 +02:00
Alexander Marx
357b3fe80d Forward Firewall: renamed IPFire to Firewall in SNAT area 2013-08-09 14:49:35 +02:00
Alexander Marx
4affc3e889 Forward Firewall: show default rule when input is empty 2013-08-09 14:16:42 +02:00
Alexander Marx
cb051c577c Forward Firewall: language fixes on last rule in ruletable 2013-08-09 14:16:42 +02:00
Alexander Marx
34f30c5f92 Forward Firewall: set default options for optionsfw and minor change on optionsfw.cgi 2013-08-09 14:16:42 +02:00
Alexander Marx
2e99ab8bf8 Forward Firewall: added some javascript to automatically select radiobuttons when dropdowns are changed 2013-08-09 14:16:42 +02:00
Alexander Marx
b88c88291b Forward Firewall: added some java Script to automatically select radiobuttons when dropdowns are changed. Some cleanup of the code 2013-08-09 14:16:40 +02:00
Alexander Marx
1ca546126e Forward Firewall: deleted configfile "nat" in ovpnmain.cgi for portfw check. File "nat" no longer exists. Now the portfw rules are in file "config" 2013-08-09 14:15:33 +02:00
Alexander Marx
6584a984a0 Forward Firewall: just increased version number 2013-08-09 14:15:33 +02:00
Alexander Marx
595a90f003 Forward Firewall: The default rule table (at the end of Forward) shows only default values depending on the network configuration 2013-08-09 14:15:33 +02:00
Alexander Marx
f8bf364f0d Forward Firewall: fixed check for already existing rules. 2013-08-09 14:15:33 +02:00
Alexander Marx
e1efb8199d Forward Firewall: deleted postrouting block in firewall (not used anywhere) 2013-08-09 14:15:33 +02:00
Michael Tremer
bb12dd7b69 iptables: Cleanup creating SNAT/DNAT chains. 2013-08-09 14:15:33 +02:00
Michael Tremer
47cd046aed iptables: Remove OPENSSL{PHYSICAL,VIRTUAL} chains which are unused. 2013-08-09 14:15:33 +02:00
Michael Tremer
d5f1422d81 iptables: Jump into the firewall rulesets after everything else has been done. 2013-08-09 14:15:33 +02:00
Michael Tremer
51ab1de143 iptables: Create OVPNNAT chain after CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
815eaff433 iptables: Create guardian's chains after the CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
1e55533052 iptables: Cleanup creating the OVPNBLOCK chain. 
This should happen after the CUSTOM* chains.
 2013-08-09 14:15:32 +02:00
Michael Tremer
3b9a23ce07 iptables: Block all loopback packets on non-loopback interfaces. 2013-08-09 14:15:32 +02:00
Michael Tremer
afc611d448 iptables: Create LOOPBACK chain. 
This chain accepts all communication on the loopback
interface without running it through the entire connection
tracking first.

Packets on lo can never be blocked and must always be
accepted. The firewall has to trust itself anyway.
 2013-08-09 14:15:32 +02:00
Michael Tremer
c0359d6dfb iptables: Only jump into BADTCP for TCP packets. 
This saves us from evaluating lots of rules for non-TCP
packets.
 2013-08-09 14:15:32 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
7326051edb Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules 2013-08-09 14:15:32 +02:00
Alexander Marx
4d2e7a35d9 Forward Firewall: some textalignment in last rule row 2013-08-09 14:15:32 +02:00
Alexander Marx
a648546338 Forward Firewall: added "default-rules-table" at the end of forward ruletable 2013-08-09 14:15:31 +02:00
Alexander Marx
7f25a65fc1 Forward Firewall: moved default rules from FORWARDFW to POLICYFWD 2013-08-09 14:15:31 +02:00
Alexander Marx
e17121fee7 Forward Firewall: removed nat part from rules.pl (file nat not existent anymore) 2013-08-09 14:15:31 +02:00
Alexander Marx
b044bb0569 Forward Firewall: Bugfixes wrong interface in ruletable,when selecting alias firewall interface 2013-08-09 14:15:31 +02:00
Alexander Marx
fc83b09d43 Forward Firewall: some bugfixes 2013-08-09 14:15:31 +02:00
Alexander Marx
72586f0ff0 Forward Firewall: colorize ip addresses when possible in firewall groups. subnetmask now in cidr format 2013-08-09 14:15:31 +02:00
Alexander Marx
f1934a05ad Forward Firewall: delted subnets from hosts in firewallgroups, colorized all ip-addresses from the firewall-groups if possible. Some minor changes in forwardfw.cgi 2013-08-09 14:15:31 +02:00
Alexander Marx
cb4439f394 Forward Firewall: Bugfix of last commit. Added "Interface" to source or target that uses "Firewall" interfaces 2013-08-09 14:15:31 +02:00
Alexander Marx
d4cb89d2d1 Forward Firewall: When using "Firewall" as source or target, the ruletable looks confusing. Theres "RED" in source and target. Now theres "INTERFACE RED". 2013-08-09 14:15:31 +02:00
root
43d8be093c Forward Firewall: some language changes de.pl and en.pl as well as forwardfw.cgi and fwhost.cgi 2013-08-09 14:15:30 +02:00
Alexander Marx
1a8fde0e84 Forward Firewall: changed some names and added subnets to dropdowns 2013-08-09 14:15:30 +02:00
Alexander Marx
a0fb1099ef Forward Firewall: Design changes 
1) source has a new option "firewall" with dropdown for interfaces
2) source default networks->deleted IPFire, all ip's now in brackets
3) deleted warning message in Target that a mac is not usable
4) changes for "apply" button
5) in ruletable the protocol is now right beneath the ruletype column
6) changed target dropdown "INTERNET" to "RED"
7) renamed OpenVPN N-2N to OpenVPN Net-to-Net
8) set missing default firewall options
9) little changes on the en and de lang files
 2013-08-09 14:15:30 +02:00
Alexander Marx
2af92cf5ac Forward Firewall: added new line at bottom of all ruletables with the "final rule" 2013-08-09 14:15:30 +02:00
Alexander Marx
ac9e77e3ba Forward Firewall: added missing fields to the converters (for dnat) 2013-08-09 14:15:30 +02:00
Alexander Marx
0ac6c61d37 UPNP: changed firewall chain from PORTFW to UPNPFW 2013-08-09 14:15:30 +02:00
Alexander Marx
f557ea1e59 Forward Firewall: removed PORTFWACCESS flushing from rules.pl 2013-08-09 14:15:30 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
4f3bd0ca20 Forward Firewall: changed layout of "apply-button" (after rules where changed. When using single hosts in rules, the prefix is no longer shown in the ruletable. Default settings for firewall-options changed 2013-08-09 14:15:29 +02:00
Alexander Marx
8442c93764 Forward Firewall: removed dmz from forwardfw.cgi 2013-08-09 14:15:29 +02:00
Alexander Marx
60607a6c75 Forward Firewall: removed DMZ from rules.pl (does no longer exist, is forward now 2013-08-09 14:15:29 +02:00