We have only one english wiki, so the link to the list of public
dns servers can point directly to the right page.
(The link was also not correct).
Fixes: #11191
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When using dnat addresses, it is possible to use big subnets and host addresses like 172.16.0.0/12.
These addresses where rejected because it was recognised as network address.
The check is now removed.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
fixes: #11177
There are providers which do not use passwords anymore.
For this reason the password field is no longer mandatory.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The options for configuring the log file location and
snort alert priority level now dynamically will be
displayed or hidden if the desired options or feature
is not used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will allow to choose between DROP and REJECT if guardian blocks an
attackers address.
Fixes #10xxx.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Add support and usage of the recently introduced feature of
including other files in the ignore file to add
the red related IP-addresses to the ignore list on IPFire
systems.
Also use reload-ignore-list feature instead of reloading the
whole configuration on ignore list modifications.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is responsible for collecting all required data,
like the green, blue, orange (if the interfaces are available),
red, gateway and used DNS server IP-addresses.
It will add als these addresses and the configured and enabled
user-defined ignored addresses/networks to the ignore file of
guardian to prevent from blocking any of them.
Note:
The IPFire and RED inteface related addresses also will be added
to the ignore file, even if there is no user-defined entry in the
list.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The CGI now uses an own ignored configuration file for
storing host addresses and/or subnets which should be
ignored by guardian.
This allows to add remarks for them and to enable or disable
each entry individally at any time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rework the GetBlockedHosts() to use the "getipstat" binary
instead of the not longer available "guardianctrl" binary.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The guardianctrl binary does not longer exists, use
the Guardian::Socket module to send various commands
by using the provided socket client.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The config file format and values have been changed, so the
code to do the generation has to be adjusted.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rename the hash key names of enabled parser modules,
(services which should be monitored by guardian) to
keep the same name sheme than in the guardian config
file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When the owncloud addon is not installed, this value was not
initialized correctly.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Guardian does not longer require the information for the red interface from
the configfile.
Guardian does not longer support a targetfile.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit allows to enable or disable the monitoring of the snort alertfile
and to switch off the blocking of SSH and HTTPD Brute-force attempts.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The correct case for "kilobit" is "kilobit", not "kiloBit".
And the same applies for Mbit, Gbit etc.
Reference is https://en.wikipedia.org/wiki/Kilobit
This commit changes the texts used in the web UI, so
that it correctly displays as "bit", "kbit", "Mbit" etc.
This fixes bugzilla item 10918.
Signed-off-by: Alf Høgemark <alf@i100.no>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
