Otherwise the same provider could not be added again at a later
time if the stored etag is still valid.
In this case the server will not offer the rules and the provider
could not be added.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This fixes an HTML error that is briefly visible
on the "magic packet sent" page.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This attribute is recommended by W3C, because it is used by
screen readers to provide the correct pronunciation.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This patch adds default values and removes a missing translation
to fix "uninitialized value" and "odd number of elements" warnings.
Removes function calls from functions.pl that have already been
handled by the header before it is loaded by eval().
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
ids-functions.
This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Prevents "use of uninitialized value" warnings when the
CGI is called with broken undefined GET parameters.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
downloaded.
When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.
To avoid that, the provider needs to be removed again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
If no settings for those features can be obtained from the settings
file, set them to the following defaults.
* DROPSPOOFEDMARTIAN -> on (yes)
* DROPHOSTILE -> off (no - because only fresh installed systems should
do this)
* LOGDROPCTINVALID -> on (yes)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This was supposed to be enabled by default. Due to a copy-and-paste
error, it was, however, not selected for IKE, but only for ESP.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This should be run regularly, or ideally just before we close a Core
Update so that we can give credit to everywhere who has contributed to
it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This has not been compiled into our version of wpa_supplicant (if it has
been ever) and so there is no danger to disable this without any further
ado.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
In theory, logging of dropped packets classified by conntrack as being
INVALID should never be disabled, since one wants to have a paper trail
of what his/her firewall is doing.
However, conntrack seems to drop a lot of (at the first glance
legitimate) packets, hence bloating the logs, making spotting the
important firewall hits more difficult.
This patch therefore adds the option to disable logging of packets being
dropped by conntrack due to INVALID state.
Please note:
- This patch does not add this category to the firewall hits graph.
- The variables in this patch ("LOGDROPCTINVALID") should make it clear
that it is about toggling _logging_, not the actual _dropping_. Other
variables are still in need of being renamed to clarify this, which
will be done in a dedicated patch.
- Also, the changes made to update.sh need to take place in
config/rootfiles/core/164/update.sh for "master", since this patch has
been developed against "next". Kindly cherry-pick the necessary
changes.
Partially fixes: #12778
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This patch changes that we no longer interpret any dates put in by the
user as UTC. They used to be converted into localtime because, although
they have already been in local time.
This went unnoticed since in Europe we are close (enough) to UTC that
there is no significant discrepancy on the report. However, being in
North America is enough to generate confusing reports.
Reported-by: Paul <kairis@gmail.com>
Fixes: #12768
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
