webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,475 Commits 2 Branches 1 Tag
5bee9a9df5739810da488bf5bf71da4fe82be484
Commit Graph

3440 Commits

Author SHA1 Message Date
Alexander Marx
5bee9a9df5 Forward Firewall: edited GPL-header 2013-08-13 13:47:27 +02:00
Alexander Marx
dc21519f68 Forward Firewall: added GPL header to all files 2013-08-13 12:44:01 +02:00
Alexander Marx
caca013c11 Forward Firewall: added /var/ipfire/forward/bin to backup-exclude script 2013-08-12 15:53:16 +02:00
Michael Tremer
3027c6bb96 initscripts: Reset links that reload the firewall after RED connected. 2013-08-12 14:45:07 +02:00
Michael Tremer
f78d627af3 Firewall: Fix spelling of service names in custom services. 2013-08-12 14:39:34 +02:00
Alexander Marx
debe3af564 Merge remote-tracking branch 'ms/firewall-new' into firewall 2013-08-12 13:30:45 +02:00
Arne Fitzenreiter
9e78ce6142 Merge remote-tracking branch 'origin/next' 2013-08-11 11:51:40 +02:00
Arne Fitzenreiter
0251dca9e8 core72: start ipsec only if enabled after update. 2013-08-11 09:46:16 +02:00
Arne Fitzenreiter
bdc9033f08 core72: allow to update "ovpn verify script". 
Don't forget to readd this exclude to next core updater to prevent overwrite
the user ca at a openvpn update.
 2013-08-11 09:40:54 +02:00
Arne Fitzenreiter
9d838dad03 core72: add ovpnmain.cgi to update. 2013-08-11 09:40:03 +02:00
Arne Fitzenreiter
93443c472f core72: stop/start squid while update. 2013-08-11 09:34:52 +02:00
Arne Fitzenreiter
b9c6c0ecd3 core72: add language files to update. 2013-08-11 09:33:25 +02:00
Arne Fitzenreiter
f2665db1ad snort: update to 2.9.5.3. 2013-08-10 20:10:00 +02:00
Arne Fitzenreiter
7bcfd0dd83 daq: update to 2.0.1. 2013-08-10 20:09:03 +02:00
Arne Fitzenreiter
ba47633494 snort: enable non-ether-decoder for ppp support. 2013-08-10 18:48:16 +02:00
Michael Tremer
bfcb3212dc OpenVPN verify: Fix login for RW clients with >= 2 spaces in name. 
http://forum.ipfire.org/index.php?topic=8702.0
 2013-08-10 11:10:39 +02:00
Michael Tremer
776a1761d0 general-functions.pl: Fix overwritten substitutions. 2013-08-09 14:50:09 +02:00
Alexander Marx
93c2de1c66 Forward Firewall: Bugfix: ICMP rules where applied double 2013-08-09 14:49:35 +02:00
Alexander Marx
653a71b951 Forward FIrewall: Bugfix: When using predefined services in rulecreation, the rule was not applied. Bugfix: when in rulecreationpage and pressing "back" the site gets white. 2013-08-09 14:49:35 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
7326051edb Forward Firewall: Updated outgoingfw-converter. redesign of the ruletable's defaultrules 2013-08-09 14:15:32 +02:00
Alexander Marx
a648546338 Forward Firewall: added "default-rules-table" at the end of forward ruletable 2013-08-09 14:15:31 +02:00
Alexander Marx
7f25a65fc1 Forward Firewall: moved default rules from FORWARDFW to POLICYFWD 2013-08-09 14:15:31 +02:00
Alexander Marx
e17121fee7 Forward Firewall: removed nat part from rules.pl (file nat not existent anymore) 2013-08-09 14:15:31 +02:00
Alexander Marx
1a8fde0e84 Forward Firewall: changed some names and added subnets to dropdowns 2013-08-09 14:15:30 +02:00
Alexander Marx
a0fb1099ef Forward Firewall: Design changes 
1) source has a new option "firewall" with dropdown for interfaces
2) source default networks->deleted IPFire, all ip's now in brackets
3) deleted warning message in Target that a mac is not usable
4) changes for "apply" button
5) in ruletable the protocol is now right beneath the ruletype column
6) changed target dropdown "INTERNET" to "RED"
7) renamed OpenVPN N-2N to OpenVPN Net-to-Net
8) set missing default firewall options
9) little changes on the en and de lang files
 2013-08-09 14:15:30 +02:00
Alexander Marx
ac9e77e3ba Forward Firewall: added missing fields to the converters (for dnat) 2013-08-09 14:15:30 +02:00
Alexander Marx
f557ea1e59 Forward Firewall: removed PORTFWACCESS flushing from rules.pl 2013-08-09 14:15:30 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
60607a6c75 Forward Firewall: removed DMZ from rules.pl (does no longer exist, is forward now 2013-08-09 14:15:29 +02:00
Alexander Marx
3f09f5309c Forward Firewall: convert-dmz now puts converted files into /var/ipfire/forward/config instead of /var/ipfire/forward/dmz 2013-08-09 14:15:29 +02:00
Alexander Marx
674f4e9d51 Forward Firewall: on every reload of the new firewall-rules the firewall.local is also reloaded 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
fb0ce57589 Forward Firewall: cleanup unused code 2013-08-09 14:15:28 +02:00
Alexander Marx
8762442c4e Forward Firewall: INPUT Firewall added "ALL" with ip 0.0.0.0 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Alexander Marx
05d4f131e9 Forward Firewall: Implemented INPUT Firewall (extended external access) 
Now you are able to define INPUT Rules on every interface ip
 2013-08-09 14:15:27 +02:00
Alexander Marx
4682d02723 Forward Firewall: extended the customservices list 2013-08-09 14:13:12 +02:00
Alexander Marx
cb61489891 Forward Firewall: restored old settings in graphs.pl. With new Monofont the columnsize is ok now 2013-08-09 14:13:11 +02:00
Alexander Marx
6fab5bca2a Forward Firewall: edited rules.pl so that in the rules the ip addresses from the remote ovpn N2N subnet are used instead of the openvpn subnet(because its only used as transfer net) 2013-08-09 14:13:11 +02:00
Alexander Marx
aff15defbc Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall 2013-08-09 14:13:10 +02:00
Alexander Marx
53f4c74d9b Forward Firewall: some changes in firewall script to make collectd work 2013-08-09 14:13:10 +02:00
Alexander Marx
9468a6f713 Forward Firewall: Firewall Hits graph now with stacked values 2013-08-09 14:13:10 +02:00
Alexander Marx
be9be7cb5b Forward Firewall: enabled /var/ipfire/optionsfw/settings in configroot 2013-08-09 14:13:10 +02:00
Alexander Marx
94ea1f0346 Forward Firewall: fixed firewall hits statistik and extended it to show input,output,forward,newnotsyn and portscan seperately. 2013-08-09 14:13:10 +02:00
Alexander Marx
6f348fcb9d Forward Firewall: edited include file of backup. 2013-08-09 14:13:07 +02:00
Alexander Marx
08e1c65d85 Forward Firewall: added SNAT multiport support 2013-08-09 14:12:40 +02:00
Alexander Marx
98cee89f94 Forward Firewall: Added multiport support to DNAT/Portforwarding 
Now it is possible to use multiple ports under DNAT when TARGET has no Port, one Port or one Portrange defined
 2013-08-09 14:12:39 +02:00
Alexander Marx
bc912c6e0c Forward Firewall: Version 0.9.9.2 
1) Some changes in en.pl
2) DNAT now supports REJECT/DROP rules
3) Bugfix: comma in remark customservicegroup
4) improved installer
 2013-08-09 14:12:39 +02:00
Alexander Marx
e09884e04f Forward Firewall: some fixes: 
1) Counter was not correctly decreased when deleting a network from a customgroup
2) Convert-outgoingfw improved
3) Backup didn't set filepermissions correctly
 2013-08-09 14:12:39 +02:00