webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 08:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,342 Commits 2 Branches 1 Tag
4ea6112ff02fe2ff3e7785e05f6671c729b64b6b
Commit Graph

7770 Commits

Author SHA1 Message Date
Peter Müller
3e19f681a1 drop SpamAssassin add-on 
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
    firewall for security purposes. (We can make do with Postfix, as it
    is known for being a very robust MTA and providess less attack
    surface than something actually inspecting transferred messages.)

Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:58:35 +00:00
Peter Müller
6483ec30b9 drop Amavis add-on 
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
    firewall for security purposes. (We can make do with Postfix, as it
    is known for being a very robust MTA and providess less attack
    surface than something actually inspecting transferred messages.)

Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:58:20 +00:00
Michael Tremer
4744e4f00a hostapd: Import default configuration from hostapd 2.9 
This change removes a couple of removed options and adds
new ones. Notable changes are:

* Enable SAE (for WPA3)
* Enable Airtime Policy
* Enable Client Taxonomy
* Enable using the new getrandom() syscall
* Enable using epoll instead of select

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:55:59 +00:00
Michael Tremer
c472a30f30 core153: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:52:48 +00:00
Stefan Schantl
aa90ed9c20 ruleset-sources: Update snort dl urls. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:51:05 +00:00
Stefan Schantl
0937bd9c01 suricata: Automatically enable JA3 fingerprinting. 
Enable JA3 fingerprinting if any rules are enabled which are using this
kind of feature.

Fixes #12507.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:51:00 +00:00
Stefan Schantl
0cdb151831 suricata: Update to 6.0.0. 
* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.

Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:50:56 +00:00
Michael Tremer
150378eae9 Start Core Update 153 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:50:10 +00:00
Michael Tremer
d4afeb5250 core152: Ship CA certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-23 15:52:18 +00:00
Peter Müller
b3d8161b88 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-23 15:51:54 +00:00
Leo-Andres Hofmann
c27b8825be Improve DHCP dynamic leases list usability. Active and expired leases are now grouped and the list is divided by a horizontal line. Sorting and creating static leases remains unchanged. 
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-23 10:07:08 +00:00
Leo-Andres Hofmann
934a376918 Improve indentation and HTML output of PrintActualLeases & leasesort 
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-23 10:07:03 +00:00
Michael Tremer
449b1aeea7 core152: Ship proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-19 09:26:17 +00:00
Michael Tremer
7ad39d931a core152: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:35:13 +00:00
Michael Tremer
488f36e446 core152: Ship libhtp 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:34:25 +00:00
Michael Tremer
43e1c88ea4 core152: Ship yaml 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:33:59 +00:00
Stefan Schantl
d95cc821e7 yaml: Update to 0.2.5 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:33:44 +00:00
Michael Tremer
cbd0df20ed Merge branch 'master' into next 2020-10-14 10:35:41 +00:00
Michael Tremer
c69c820025 firewall: Filter only on RED and exclude any private address space 
Since libloc is built as a tree we cannot simply exclude any address
space in the middle of it. Therefore we create some firewall rules
which simply avoid checking non-globally routable address space.

Fixes: #12499
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-14 11:32:05 +01:00
Michael Tremer
64c8811dee samba: Update rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-14 09:53:30 +00:00
Michael Tremer
0ccb2c1d15 samba: Drop default printer configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-14 09:51:27 +00:00
Michael Tremer
7dea42ae84 samba: Drop PDC default configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:17 +01:00
Michael Tremer
be1554336d samba: Export all printers from CUPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
97722ab69d samba: Remove printer management 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
a88ea3463c samba: Remove help popup 
This is outdated and should be put into the wiki.

It is also some very ugly JS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
5aa5f6777a samba: Remove reset options 
This only requires that we have to change multiple files with
the same settings.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
13e455aec7 samba: Log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
7a60353472 samba: Remove any options left to default value in global section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
2a4ac08fcc samba: Remove deprecated encrypt/null passwords options 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
971f93ab12 Merge remote-tracking branch 'origin/master' into next 2020-10-12 20:21:09 +00:00
Michael Tremer
a836a2787c core151: Remove multiple calls of rm 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:07:30 +00:00
Matthias Fischer
decb7e61f1 update.sh: Delete obsolete files from Net-DNS 1.25 
Fixes Bug #12491

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:06:42 +00:00
Michael Tremer
79131c6e47 firewall hits graph: Fix order of values 
The fields were mixed up and therefore graph showed incorrect
values.

Fixes: #12496
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:27:15 +00:00
Matthias Fischer
add03100a5 nano: Update to 5.3 
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:42 +00:00
Michael Tremer
63d55ec0c9 core152: Ship knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:27 +00:00
Michael Tremer
b98d3a7e10 core152: Ship unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:06:22 +00:00
Matthias Fischer
14f02911df unbound: Update to 1.12.0 
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-October/006979.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:04:28 +00:00
Michael Tremer
e0aad107b5 Merge branch 'master' into next 2020-10-10 11:49:07 +00:00
Michael Tremer
a9f69cbf01 core151: Apply local SSH configuration 
Fixes: #12494
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:48:26 +00:00
Michael Tremer
5e4f76bb71 core151: Ship /etc/os-release 
Fixes: #12495
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:43:44 +00:00
Jonatan Schlag
bd78dec95b Borgbackup: Ship testsuite also for i586 and armv5tel 
Fixes: #12438

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:42:09 +00:00
Michael Tremer
d5808f3095 core152: Fix typo in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 14:27:29 +00:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00
Michael Tremer
ffd8eafa52 libtalloc: Move to /usr and drop Python module 
We do not use the Python module and can therefore
only have one rootfile for all architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:35:26 +00:00
Michael Tremer
7bdfa67a4b python3: Rootfile update for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:21:09 +00:00
Michael Tremer
5f6f2e0b7c python3: Update rootfile for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 15:13:54 +00:00
Michael Tremer
bcbcd15f64 Revert "core152: Load changed /etc/sysctl.conf" 
This reverts commit b125988d3f.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:43 +00:00
Michael Tremer
a9d90b1b3f Revert "sysctl.conf: prevent autoloading of TTY line disciplines" 
This reverts commit 14c65ab71c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:26 +00:00
Arne Fitzenreiter
42fca29033 libtalloc: add new package because samba4 not provide this anymore 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:20:09 +00:00
Arne Fitzenreiter
1dd31d858e samba: update to 4.13.0 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:04 +00:00