webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,778 Commits 2 Branches 1 Tag
46269ee5fb7942efe88b58f6d29f442b437e2565
Commit Graph

14778 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
46269ee5fb Transform geoipblock into locationblock settings file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:09:29 +02:00
Stefan Schantl
5730a5bcdf firewall/rules.pl: Rework code to use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:06:01 +02:00
Stefan Schantl
69d431e41a remote.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:52:19 +02:00
Stefan Schantl
e2e270e1db ovpnmain.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:51:03 +02:00
Stefan Schantl
0893eef4cc tor.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:48:24 +02:00
Stefan Schantl
e43b7b7b2d netexternal.cgi: Remove GeoIP related code. 
The CGI only loaded geoip-functions.pl and initiated libloc but did no
further actions. So we are safe to completely remove this code.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:45:56 +02:00
Stefan Schantl
4f6d5b3ef3 logs.cgi/showrequestfromcountry.dat: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:44:29 +02:00
Stefan Schantl
43970d7cfc logs.cgi/firewalllogip.dat: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:42:23 +02:00
Stefan Schantl
1b024e999e logs.cgi/firewalllogcountry.dat: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:09:46 +02:00
Stefan Schantl
e4f1e36c9f logs.cgi/firewalllog.dat: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:07:55 +02:00
Stefan Schantl
dca3f2075b ipinfo.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 18:02:51 +02:00
Stefan Schantl
4346cb6660 dns.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:59:43 +02:00
Stefan Schantl
d1a23835db country.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:53:29 +02:00
Stefan Schantl
3d3fbe7dc4 connections.cgi: Use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:51:00 +02:00
Stefan Schantl
273618daf9 Transform geoip-block.cgi into location-block.cgi 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:44:48 +02:00
Stefan Schantl
48152fae62 Transform geoip-functions.pl into location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:42:41 +02:00
Michael Tremer
c556242efd location: Remove "GeoIP" from crontab 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-12 16:12:49 +02:00
Michael Tremer
af6aedb6d3 location: Remove "GeoIP" from the UI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-12 16:12:06 +02:00
Michael Tremer
0e6eca78b8 firewall: Rename GEOIPBLOCK table to LOCATIONBLOCK 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-12 16:00:34 +02:00
Stefan Schantl
d00923cef8 libloc: Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-11 08:19:07 +02:00
Stefan Schantl
4852f77e33 Revert "firewall/rules.pl: Add code to collect and export all required country" 
This reverts commit ad47d2ae80.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:29:04 +02:00
Stefan Schantl
38a8d40142 Revert "firewall/rules.pl: Only try to export locations if needed." 
This reverts commit 693b8513df.
 2020-06-10 21:28:16 +02:00
Stefan Schantl
e7b1b002c9 Revert "geoip-functions.pl: Add functions to export locations and to flush them." 
This reverts commit e758c76384.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:27:06 +02:00
Stefan Schantl
36331a6a9c update-location-database: Automatically export database after update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:24:58 +02:00
Stefan Schantl
2da9d3f247 libloc: Install and export database. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:24:32 +02:00
Stefan Schantl
4415b1c351 libloc: Import upstream patches. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 20:54:39 +02:00
Stefan Schantl
304abbae22 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-switch-to-libloc 2020-06-10 18:01:14 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES 
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:18:36 +00:00
Peter Müller
a5e577d083 kernel: enable CONFIG_FORTIFY_SOURCE on armv5tel 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:40 +00:00
Peter Müller
3eb393ff2e kernel: enable CONFIG_FORTIFY_SOUCRE on aarch64 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:24 +00:00
Peter Müller
4ee87ee248 kernel: enable CONFIG_SLUB_DEBUG on aarch64 and armv5tel 
Fixes: #12377

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:16:57 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 16:21:49 +02:00
Arne Fitzenreiter
2b51e4aeab Revert "kernel: enable CONFIG_RANDOMIZE_BASE on aarch64" 
with enabled CONFIG_RAMDOIZE_BASE the linking of xtables
and maybee other external kernel modules fail on aarch64

This reverts commit 8379ab44b8.
 2020-06-10 16:20:34 +02:00
Peter Müller
e694bbd17f kernel: enable CONFIG_RANDOMIZE_BASE on armv5tel 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:20:26 +00:00
Peter Müller
8379ab44b8 kernel: enable CONFIG_RANDOMIZE_BASE on aarch64 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:19:50 +00:00
Peter Müller
e4d1f96869 kernel: enable CONFIG_HARDENED_USERCOPY on aarch64 and armv5tel 
Fixes: #12365

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 15:37:33 +00:00
Peter Müller
7617da3bba kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel 
Fixes: #12366

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:44 +00:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Stefan Schantl
d2b364f032 red.up: Do not download/update location database. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-08 21:20:17 +02:00
Arne Fitzenreiter
8a86d257cf squid-accounting: remove deps that are moved to core 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-05 20:43:58 +00:00
Arne Fitzenreiter
625104ec57 Merge branch 'master' into next 2020-06-04 15:16:39 +00:00
Michael Tremer
405c7326d2 core145: Remove double-added configuration lines for OpenVPN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 15:13:33 +00:00
Arne Fitzenreiter
90c1e763b6 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-06-04 08:59:28 +02:00
Arne Fitzenreiter
7674247947 start core146 and add the kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:49:28 +02:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Stefan Schantl
51b6f07ce5 geoip-functions.pl: Provide the available locations in upper case. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-03 19:29:55 +02:00
Stefan Schantl
decef80c7e geoip-functions.pl: Remove non existing country codes. 
o1 (Other country) and yu (Yugoslavia) have been used in the past
and are not part of libloc and therefore cannot be used anymore.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-03 19:15:43 +02:00
Michael Tremer
4963d555f6 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:46:31 +00:00
Michael Tremer
495613fb35 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:45:04 +00:00