webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-10 17:28:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,663 Commits 2 Branches 1 Tag
4f66bad48822e84933483ed9de2a30e358298c43
Commit Graph

13663 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
5a4617a871 core132: Ship updated firewall rules generator 
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:58:31 +01:00
Michael Tremer
249839b0ca firewall: Fix source/destination interface settings 
When a forwarding rule is being created, we sometimes create
INPUT/OUTPUT rules, too. Those were slightly invalid because
the source and destination interfaces where passed, too.

This could render some rules in certain circumstances useless.

This patch fixes this and only adds -i for INPUT and -o for
OUTPUT rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:56:05 +01:00
Michael Tremer
ae93dd3deb firewall: Add more rules to input/output when adding rules to forward 
The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:45:34 +01:00
Michael Tremer
68e0cf6714 grub: Update rootfile on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:45:02 +01:00
Michael Tremer
5085356151 glibc: Update rootfile for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-29 13:44:28 +01:00
Michael Tremer
864a5befd9 glibc: Update to 2.29 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:38 +01:00
Michael Tremer
46bbc13b91 python3: Build package in toolchain 
This will be required to build glibc 2.29

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:38 +01:00
Michael Tremer
e81233173f gcc: Update rootfile for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:38 +01:00
Michael Tremer
ecc9e5efb4 binutils: Update rootfile for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
968a17d64c make.sh: Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
525f5d2959 gcc: Update to 8.3.0 
This patch carries the rootfile for x86_64 only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
3596937440 binutils: Update to 2.32 
This patch carries the rootfile for x86_64 only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
a7e185c590 grub: Fix rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:48 +01:00
Michael Tremer
4987d0ed19 grub: Fix relocation type issue 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:37 +01:00
Michael Tremer
bab38dad60 ipfire-netboot: Fix compiling and linking with new GCC & binutils 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:24 +01:00
Michael Tremer
7f156022b5 sarg: Fix build with newer GCCs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:08 +01:00
Arne Fitzenreiter
20c7552e0d Merge branch 'master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 19:39:55 +02:00
Michael Tremer
2cecfd0fdb grub: Fix build error with GCC 8 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:51 +01:00
Michael Tremer
452d2b6eaa grub: Disable efiemu on PC builds 
This won't compile with GCC 8 and we do not need it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:42 +01:00
Michael Tremer
999e17bf9e nasm: Update to 2.14.02 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:17 +01:00
Michael Tremer
a0c9850c77 ltrace: Bump package version 
This package needs to be rebuilt because it uses elfutils
which has had an soname bump.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:16 +01:00
Michael Tremer
95028c1ce2 elfutils: Update to 0.176 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:18:46 +01:00
Erik Kapfer
948173dbb4 OpenVPN: Fixed certificate generation in French 
Fixes #12060

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:17:50 +01:00
Stefan Schantl
9cf253e150 initscripts/suricata: Rework creation of firewall rules. 
The script now will use the previously introduced seperate firewall chains called
IPS_INPUT, IPS_FORWARD and IPS_OUTPUT.

The commit also creates an AND connection between the choosen network zones in the UI and
the final firwall rules.

Fixes #12062.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 07:46:15 +02:00
Stefan Schantl
5e3067cb52 initscripts/suricata: Move functions order and always use flush_fw_chain function 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 07:46:15 +02:00
Stefan Schantl
686c4b9f25 firewall: Use seperate firewall chains for passing traffic to the IPS 
Create and use seperate iptables chain called IPS_INPUT, IPS_FORWARD and IPS_OUTPUT
to be more flexible which kind of traffic should be passed to suricata.

Reference #12062

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 07:46:15 +02:00
Arne Fitzenreiter
31568a1982 hostapd: bump package version 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 07:43:21 +02:00
Michael Tremer
1f35114d7b hostap: Fix wiring of checkboxes for client isolation 
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 07:42:48 +02:00
Michael Tremer
c721714036 hostap: Translate configuration settings 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 11:31:28 +01:00
Michael Tremer
5cf4aba470 hostap: Fix wiring of checkboxes for client isolation 
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 11:24:33 +01:00
Michael Tremer
49ef32d164 hostap: Remove deprecated directive 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 11:08:36 +01:00
Michael Tremer
dc850cb32f hostap: Enable 80MHz bandwidth by default (when using ACS) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 10:43:50 +01:00
Michael Tremer
37a83c83cd hostap: Enable option to force clients to use 802.11w 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 10:39:25 +01:00
Michael Tremer
ea10f1a0b5 hostap: Allow to use Automatic Channel Selection (ACS) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-24 10:12:29 +01:00
Stefan Schantl
d4f3156777 convert-snort: Fix ownership of the generated homenet file. 
Fixes #12059.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 22:05:43 +02:00
Stefan Schantl
e8a28edbea suricata: Use device ppp0 if PPPoE dialin is used. 
Fixes #12058.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 22:05:05 +02:00
Michael Tremer
a86bc6dfc6 suricata: EXTERNAL_NET should equal any 
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 22:04:30 +02:00
Michael Tremer
56f6d107ff suricata: Do not always convert rules to be bi-directional 
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 22:03:33 +02:00
Michael Tremer
fabe150953 core132: Ship updated suricata initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:56:07 +01:00
Michael Tremer
a1cd844f71 core132: Ship updated convert-snort script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:55:22 +01:00
Stefan Schantl
25d424387e convert-snort: Fix ownership of the generated homenet file. 
Fixes #12059.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:54:54 +01:00
Alexander Koch
6088176639 core132: Bugfix for typo in filelist 
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:53:36 +01:00
Stefan Schantl
372975ed0c suricata: Use device ppp0 if PPPoE dialin is used. 
Fixes #12058.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:51:27 +01:00
Michael Tremer
5061292091 suricata: EXTERNAL_NET should equal any 
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:45:42 +01:00
Michael Tremer
f27bac491a core132: Ship updated list of mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:20:14 +01:00
Alexander Koch
68d7ae338e apache / WPAD: Add correct MIME type for wpad.dat and proxy.pac 
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.

See: http://findproxyforurl.com/deploying-wpad/

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:19:43 +01:00
Michael Tremer
2dd5e64592 suricata: Do not always convert rules to be bi-directional 
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:18:07 +01:00
Arne Fitzenreiter
7b0c8a80af core131: add services.cgi to update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-23 19:21:30 +02:00
Arne Fitzenreiter
c33a6e7103 finish core131 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-20 18:12:21 +02:00
Arne Fitzenreiter
e7a52c52d1 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-04-20 17:35:54 +02:00