webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,472 Commits 2 Branches 1 Tag
3027c6bb963cc8f736aca51bc99391bbd00c677f
Commit Graph

6472 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
3027c6bb96 initscripts: Reset links that reload the firewall after RED connected. 2013-08-12 14:45:07 +02:00
Michael Tremer
8c60701a4f forwardctrl: Remove unused and possibly dangerous flush option. 
Also remove unused header files.
 2013-08-12 14:42:16 +02:00
Michael Tremer
f78d627af3 Firewall: Fix spelling of service names in custom services. 2013-08-12 14:39:34 +02:00
Alexander Marx
debe3af564 Merge remote-tracking branch 'ms/firewall-new' into firewall 2013-08-12 13:30:45 +02:00
Arne Fitzenreiter
9e78ce6142 Merge remote-tracking branch 'origin/next' 2013-08-11 11:51:40 +02:00
Arne Fitzenreiter
028c88f46f close core72. 2013-08-11 11:50:50 +02:00
Arne Fitzenreiter
0251dca9e8 core72: start ipsec only if enabled after update. 2013-08-11 09:46:16 +02:00
Arne Fitzenreiter
bdc9033f08 core72: allow to update "ovpn verify script". 
Don't forget to readd this exclude to next core updater to prevent overwrite
the user ca at a openvpn update.
 2013-08-11 09:40:54 +02:00
Arne Fitzenreiter
9d838dad03 core72: add ovpnmain.cgi to update. 2013-08-11 09:40:03 +02:00
Arne Fitzenreiter
93443c472f core72: stop/start squid while update. 2013-08-11 09:34:52 +02:00
Arne Fitzenreiter
b9c6c0ecd3 core72: add language files to update. 2013-08-11 09:33:25 +02:00
Arne Fitzenreiter
f2665db1ad snort: update to 2.9.5.3. 2013-08-10 20:10:00 +02:00
Arne Fitzenreiter
7bcfd0dd83 daq: update to 2.0.1. 2013-08-10 20:09:03 +02:00
Arne Fitzenreiter
ba47633494 snort: enable non-ether-decoder for ppp support. 2013-08-10 18:48:16 +02:00
Michael Tremer
919a50208b tor.cgi: Remove NoAdvertise option. 
This does not make much sense with our setup.
 2013-08-10 12:14:29 +02:00
Michael Tremer
bfcb3212dc OpenVPN verify: Fix login for RW clients with >= 2 spaces in name. 
http://forum.ipfire.org/index.php?topic=8702.0
 2013-08-10 11:10:39 +02:00
Michael Tremer
34aa915f08 Update translations. 2013-08-09 14:50:50 +02:00
Michael Tremer
776a1761d0 general-functions.pl: Fix overwritten substitutions. 2013-08-09 14:50:09 +02:00
Alexander Marx
9168da6fcc Forward Firewall: deleted unused warning message regarding mac addresses 2013-08-09 14:50:09 +02:00
Michael Tremer
29ae57a7fe firewall: Language updates (English and German). 2013-08-09 14:50:03 +02:00
Michael Tremer
987b75bcd4 firewall: Add TOR chains. 2013-08-09 14:49:35 +02:00
Alexander Marx
ab4fe66fc9 Forward Firewall: Network addresses are now allowed as source and the ip addressfield has now size 18. 2013-08-09 14:49:35 +02:00
Alexander Marx
43215686ce Forward Firewall: changed rule coloring. Now whole field is colored instead of just borders. Back Button in firewall groups /hostgroups showed a white site 2013-08-09 14:49:35 +02:00
Alexander Marx
93c2de1c66 Forward Firewall: Bugfix: ICMP rules where applied double 2013-08-09 14:49:35 +02:00
Alexander Marx
653a71b951 Forward FIrewall: Bugfix: When using predefined services in rulecreation, the rule was not applied. Bugfix: when in rulecreationpage and pressing "back" the site gets white. 2013-08-09 14:49:35 +02:00
Alexander Marx
6143bc300e Forward FIrewall: BUGFIX: when setting outgoing to blocked and creating a rule, the last rule changes to "accept" 2013-08-09 14:49:35 +02:00
Alexander Marx
357b3fe80d Forward Firewall: renamed IPFire to Firewall in SNAT area 2013-08-09 14:49:35 +02:00
Alexander Marx
4affc3e889 Forward Firewall: show default rule when input is empty 2013-08-09 14:16:42 +02:00
Alexander Marx
cb051c577c Forward Firewall: language fixes on last rule in ruletable 2013-08-09 14:16:42 +02:00
Alexander Marx
34f30c5f92 Forward Firewall: set default options for optionsfw and minor change on optionsfw.cgi 2013-08-09 14:16:42 +02:00
Alexander Marx
2e99ab8bf8 Forward Firewall: added some javascript to automatically select radiobuttons when dropdowns are changed 2013-08-09 14:16:42 +02:00
Alexander Marx
b88c88291b Forward Firewall: added some java Script to automatically select radiobuttons when dropdowns are changed. Some cleanup of the code 2013-08-09 14:16:40 +02:00
Alexander Marx
1ca546126e Forward Firewall: deleted configfile "nat" in ovpnmain.cgi for portfw check. File "nat" no longer exists. Now the portfw rules are in file "config" 2013-08-09 14:15:33 +02:00
Alexander Marx
6584a984a0 Forward Firewall: just increased version number 2013-08-09 14:15:33 +02:00
Alexander Marx
595a90f003 Forward Firewall: The default rule table (at the end of Forward) shows only default values depending on the network configuration 2013-08-09 14:15:33 +02:00
Alexander Marx
f8bf364f0d Forward Firewall: fixed check for already existing rules. 2013-08-09 14:15:33 +02:00
Alexander Marx
e1efb8199d Forward Firewall: deleted postrouting block in firewall (not used anywhere) 2013-08-09 14:15:33 +02:00
Michael Tremer
bb12dd7b69 iptables: Cleanup creating SNAT/DNAT chains. 2013-08-09 14:15:33 +02:00
Michael Tremer
47cd046aed iptables: Remove OPENSSL{PHYSICAL,VIRTUAL} chains which are unused. 2013-08-09 14:15:33 +02:00
Michael Tremer
d5f1422d81 iptables: Jump into the firewall rulesets after everything else has been done. 2013-08-09 14:15:33 +02:00
Michael Tremer
51ab1de143 iptables: Create OVPNNAT chain after CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
815eaff433 iptables: Create guardian's chains after the CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
1e55533052 iptables: Cleanup creating the OVPNBLOCK chain. 
This should happen after the CUSTOM* chains.
 2013-08-09 14:15:32 +02:00
Michael Tremer
3b9a23ce07 iptables: Block all loopback packets on non-loopback interfaces. 2013-08-09 14:15:32 +02:00
Michael Tremer
afc611d448 iptables: Create LOOPBACK chain. 
This chain accepts all communication on the loopback
interface without running it through the entire connection
tracking first.

Packets on lo can never be blocked and must always be
accepted. The firewall has to trust itself anyway.
 2013-08-09 14:15:32 +02:00
Michael Tremer
c0359d6dfb iptables: Only jump into BADTCP for TCP packets. 
This saves us from evaluating lots of rules for non-TCP
packets.
 2013-08-09 14:15:32 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
7326051edb Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules 2013-08-09 14:15:32 +02:00
Alexander Marx
4d2e7a35d9 Forward Firewall: some textalignment in last rule row 2013-08-09 14:15:32 +02:00
Alexander Marx
a648546338 Forward Firewall: added "default-rules-table" at the end of forward ruletable 2013-08-09 14:15:31 +02:00