This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
downloaded.
When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.
To avoid that, the provider needs to be removed again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
If no settings for those features can be obtained from the settings
file, set them to the following defaults.
* DROPSPOOFEDMARTIAN -> on (yes)
* DROPHOSTILE -> off (no - because only fresh installed systems should
do this)
* LOGDROPCTINVALID -> on (yes)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This was supposed to be enabled by default. Due to a copy-and-paste
error, it was, however, not selected for IKE, but only for ESP.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This should be run regularly, or ideally just before we close a Core
Update so that we can give credit to everywhere who has contributed to
it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This has not been compiled into our version of wpa_supplicant (if it has
been ever) and so there is no danger to disable this without any further
ado.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
In theory, logging of dropped packets classified by conntrack as being
INVALID should never be disabled, since one wants to have a paper trail
of what his/her firewall is doing.
However, conntrack seems to drop a lot of (at the first glance
legitimate) packets, hence bloating the logs, making spotting the
important firewall hits more difficult.
This patch therefore adds the option to disable logging of packets being
dropped by conntrack due to INVALID state.
Please note:
- This patch does not add this category to the firewall hits graph.
- The variables in this patch ("LOGDROPCTINVALID") should make it clear
that it is about toggling _logging_, not the actual _dropping_. Other
variables are still in need of being renamed to clarify this, which
will be done in a dedicated patch.
- Also, the changes made to update.sh need to take place in
config/rootfiles/core/164/update.sh for "master", since this patch has
been developed against "next". Kindly cherry-pick the necessary
changes.
Partially fixes: #12778
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This patch changes that we no longer interpret any dates put in by the
user as UTC. They used to be converted into localtime because, although
they have already been in local time.
This went unnoticed since in Europe we are close (enough) to UTC that
there is no significant discrepancy on the report. However, being in
North America is enough to generate confusing reports.
Reported-by: Paul <kairis@gmail.com>
Fixes: #12768
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The two text passages for 'pakfire install...' and 'pakfire uninstall...' under
'Available' and 'Installed Addons:' are so close together that the first line
appears as a single line.
This patch separates these two areas a bit from each other so that they are
better readable.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Fixes: #12301
When using hosts with MAC-addresses in a hostgroup,
the rule won't be generated if those hosts are selected as target.
There is a hint but due to a wrong hashparameter the hint was not shown.
With this patch the hint is shown again.
Additionally the rule is skipped when rules.pl creates rules.
There are no bootmessages with failed target "none" anymore.
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Some input fields interfere with the menu items and block their use.
A z-index ensures that the menu is always rendered in the foreground.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Add missing closing tags, indentation and CSS styling.
Add link to reboot notice, left-align info list and resize packages
lists for better readability.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Improve lockfile test: Return immediately if lockfile is present,
to prevent unnecessary and expensive "pidof" calls
- Add better explanation to the log file reading command and JS
- Change user interface: If no errors occurred, the page returns to
the main screen (after a short delay). If an error occurred, the log
output remains and a message is shown.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
The extended lockfile test seems to be sufficient to detect
a running Pakfire process and display the logs.
"Sleep" even proved to be counterproductive, as fast processes
can finish in under a second and are then again not detected.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Currently the page becomes unresponsive while Pakfire is busy.
This patch implements a AJAX/JSON driven log output, to provide
continuous information to the user while Pakfire is running.
The output is updated 1x per second, if the load should be too high,
the interval can be change by writing to "pakfire.refreshInterval".
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
This implements a function to determine if Pakfire is already running.
It tests the PID and lockfile and can be expanded easily later.
'pidof' checks the full path to avoid confusion.
Removes the unreachable function "refreshpage".
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Trying to get rid of the system backpipe check if a pakfire is running
does not work very well. It simply makes the code more complex and
only introduced some new problems.
This commit switches back to the old logic which worked well in the
past.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
downloaded.
In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
