bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 12:32:59 +02:00

Author	SHA1	Message	Date
Stefan Schantl	d8f19ebb5a	IDS: Edit german translation for "ids oinkcode required". Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-06 13:12:50 +01:00
Stefan Schantl	613f58fbfa	ids.cgi: Check if the selected ruleset requires an oinkcode Fixes #11983 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-06 12:49:01 +01:00
Stefan Schantl	f644a167ab	ids.cgi: Only perform actions when saving ruleset settings, if there are no error messages Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-06 12:48:08 +01:00
Stefan Schantl	155b3b56a8	ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers Using this feature to fetch the size of the requested tarball is not allowed by these servers, so skip this feature for their rulesets. Fixes #11987 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-06 10:58:59 +01:00
Stefan Schantl	c17a9778d6	Revert "ids-functions.pl: Use GET method to fetch Header data of a file" Using the GET method will download the file twice and does not provide the desired mechanism here. This reverts commit `81592314eb`.	2019-02-06 10:00:17 +01:00
Stefan Schantl	422dc4caf9	ids.cgi: Fix HTML formated spaces. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 14:34:44 +01:00
Stefan Schantl	9e9b477d7c	ids.cgi: Rework "Enable IPS" section Just use one language string for a maximum of flexiblity for the transloators. Fixes #11986 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 14:17:19 +01:00
Stefan Schantl	af0065691c	suricata: Do not display messages when starting up Fixes #11979. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 13:57:40 +01:00
Stefan Schantl	cc9057c014	ids.cgi: Change lang string from "Activate IPS" to "Enable IPS" Reference #11986 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 13:51:08 +01:00
Stefan Schantl	318e7137e7	IDS: Rename IDS strings to IPS Reference: #11986 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 13:25:27 +01:00
Stefan Schantl	97870bf29c	ids.cgi: Stop suricata when the rulest source has been changed If the ruleset source has been changed, it has to be configured again. This happens because of different rule categories, filenames rule ID's etc. In case suricata currently is running it has to be stopped and after the configuration has been done by the user, it can be launched again. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 12:43:49 +01:00
Stefan Schantl	5709768b0b	ids.cgi: Fix downloading rules if source changed Fix the if statement to detect wheater the ruleset has been changed and automatically download the new one. Fixes #11984. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 12:36:30 +01:00
Stefan Schantl	b7a9b4edc2	ids.cgi: Update automatic download texts Update the showed texts in the dropdown box as mentioned in the bug report. Fixes #11985 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 12:13:28 +01:00
Stefan Schantl	81592314eb	ids-functions.pl: Use GET method to fetch Header data of a file The sourcfire web servers does not support the HEAD request so we have to do this with a GET here. Fixes #11987 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 12:01:43 +01:00
Stefan Schantl	4924cfdc73	ids-functions.pl: Fix show HTTP error code and message Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 11:55:37 +01:00
Michael Tremer	8be516b3bc	strongswan: Do not create any NAT rules when using VTI/GRE Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:38:24 +00:00
Michael Tremer	41f3351320	Drop "OpenVPN" part from VPN N2N stats page Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1e2b257789	Add routed IPsec connections to traffic graphs section Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7ba652af8c	firewall: Write correct rules bound to interface for routes IPsec tunnels Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	f9dd134645	ipsec-interfaces: Resolve any remote hostnames Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	d985ce5ae9	ipsec-interfaces: Move conditional block into the loop Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	38f6bdb740	ipsec: Drop delayed restart setting This is a very bad race-condition situation and is not solved by an unintuitive setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	517683eeb1	ipsec: Drop VPN_IP setting This is now a per-connection setting Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	26c2cc580b	ipsec: Add translation strings for recent changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6826364580	ipsec-*: Name some more configuration variables Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1ca2f88a74	ipsec-interfaces: Uses local IP address from connection first, then default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c32fc72e36	ipsec-policy: Correct open ports for connections on aliases Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	ae0d069827	ipsec: Allow to select local IP address used for peer on UI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	455fdcb17a	ipsec: Re-arrange inputs for peer addresses, subnets, etc. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7e25093d42	ipsec: Don't allow to select VTI in transport mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	605c391aaf	vpnmain.cgi: Don't populate GREEN subnet when green doesn't exist Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c94aa25475	ipsec-interfaces: Fix typo in variable name Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	327d1223f3	strongswan: No longer create any routes automatically Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c821440ced	ipsec: Filter better for GRE/VTI interfaces This tried to delete the GREEN interface before Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6a45a1f101	ipsec: TTL only applies for GRE interfaces and not VTI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	54bac01402	ipsec: Find correct RED IP address when using %defaultroute Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3dc21d43bf	ipsec: Log a message when an interface could not be created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1a45f9a70a	ipsec-interfaces: Don't add any interfaces when IPsec is disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	a56357b8be	Revert "ipsec-interfaces: Run when IPsec is disabled" This reverts commit 3c3a1cfdb9b473fae9b792e8c211c9940fafc658. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	216bd9b389	vpnmain.cgi: Move advanced IPsec settings to connection page This is required to make the initial setup easier for GRE/VTI connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	4cf038dcfe	ipsec-interfaces: Run when IPsec is disabled This needs to run even when IPsec is disable to remove and interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	05af70c2f3	ipsec-interfaces: Use correct righthost variable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	f2d45a45ab	IPsec: Do not allow 0.0.0.0/0 as remote subnet This renders the whole machine inaccessible Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	68e69b676f	network: Create IPsec interfaces when network is brought up Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3446a17293	ipsecctrl: Call ipsec-interfaces script when turning up/shutting down connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b8c153bca5	IPsec: Add (experimental) script that creates GRE/VTI interfaces Signed-off-by: root <root@interim-edge-a.ec2.internal>	2019-02-04 18:20:36 +00:00
Michael Tremer	90aa4f1083	IPsec: Use left/rightprotoport in GRE mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b89ae1a4e3	ipsecctrl: Don't wait when a connection is to be started Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	5a9c9ff312	ipsec-policy: Don't install any block rules for connections with an interface Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b54cd874b9	ipsec-policy: Permit GRE traffic for GRE connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00

... 8 9 10 11 12 ...

13381 Commits