webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,947 Commits 2 Branches 1 Tag
5d04cfe7d582bc58a4e4f9995fe5f67fcc456456
Commit Graph

12947 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Müller
e01e07ec8b apply default firewall policy for ORANGE, too 
If firewall default policy is set to DROP, this setting was not
applied to outgoing ORANGE traffic as well, which was misleading.

Fixes #11973

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-07 15:15:32 +00:00
Peter Müller
fd16f5d8c1 Tor: update to 0.3.5.7 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-07 15:15:26 +00:00
Stefan Schantl
5fbd7b2982 ids.cgi: Format and show date of the current ruleset again 
Fixes #11992

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 10:33:29 +01:00
Stefan Schantl
ee7fe87ea6 ids.cgi: Change name of the button to apply the ruleset changes 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:46:01 +01:00
Stefan Schantl
e8ae413a79 langs: Remove snort related and unused strings 
Fixes #11993.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:02:32 +01:00
Stefan Schantl
dd8d6f5ee8 logs.cgi/ids.dat: Do not call the IDS snort again 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:00:35 +01:00
Stefan Schantl
5bd8940d68 ids.cgi: Improve showed messages while the IDS is working 
Reference #11993

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:51:31 +01:00
Stefan Schantl
e566e977f7 Add german translation for "system is offline" 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:28:29 +01:00
Stefan Schantl
9074e3d74c ids.cgi: Lock page while autoupdate script is running 
Fixes #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:24:15 +01:00
Stefan Schantl
5206a3358d update-ids-ruleset: Lock and Unlock the IDS page during runtime 
Reference #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:06:49 +01:00
Stefan Schantl
8076deba79 ids-functions.pl: Add code to lock/unlock ids page while autoupdating the ruleset 
Reference #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 07:59:20 +01:00
Stefan Schantl
5f2145eb59 ids.cgi: Show "Update Ruleset"-Button only if automatic updates are disabled 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 07:44:11 +01:00
Stefan Schantl
f6eb1a40a0 aliases.cgi: Handle suricata related actions when dealing with aliases 
When working with aliases (adding/modifying/removing), the file which
contains the HOME_NET declarations needs to be re-generated and suricata
requires a restart afterwards.

Fixes #11990

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:59:02 +01:00
Stefan Schantl
8117fff863 IDS: Call helper script when red interface gets up 
The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:40:19 +01:00
Stefan Schantl
d8f19ebb5a IDS: Edit german translation for "ids oinkcode required". 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 13:12:50 +01:00
Stefan Schantl
613f58fbfa ids.cgi: Check if the selected ruleset requires an oinkcode 
Fixes #11983

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 12:49:01 +01:00
Stefan Schantl
f644a167ab ids.cgi: Only perform actions when saving ruleset settings, if there are no error messages 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 12:48:08 +01:00
Stefan Schantl
155b3b56a8 ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers 
Using this feature to fetch the size of the requested tarball is not allowed by these
servers, so skip this feature for their rulesets.

Fixes #11987

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 10:58:59 +01:00
Stefan Schantl
c17a9778d6 Revert "ids-functions.pl: Use GET method to fetch Header data of a file" 
Using the GET method will download the file twice and does not provide the
desired mechanism here.

This reverts commit 81592314eb.
 2019-02-06 10:00:17 +01:00
Stefan Schantl
422dc4caf9 ids.cgi: Fix HTML formated spaces. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 14:34:44 +01:00
Stefan Schantl
9e9b477d7c ids.cgi: Rework "Enable IPS" section 
Just use one language string for a maximum of flexiblity for the
transloators.

Fixes #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 14:17:19 +01:00
Stefan Schantl
af0065691c suricata: Do not display messages when starting up 
Fixes #11979.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:57:40 +01:00
Stefan Schantl
cc9057c014 ids.cgi: Change lang string from "Activate IPS" to "Enable IPS" 
Reference #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:51:08 +01:00
Stefan Schantl
318e7137e7 IDS: Rename IDS strings to IPS 
Reference: #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:25:27 +01:00
Stefan Schantl
97870bf29c ids.cgi: Stop suricata when the rulest source has been changed 
If the ruleset source has been changed, it has to be configured again.
This happens because of different rule categories, filenames rule ID's etc.

In case suricata currently is running it has to be stopped and after the configuration
has been done by the user, it can be launched again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:43:49 +01:00
Stefan Schantl
5709768b0b ids.cgi: Fix downloading rules if source changed 
Fix the if statement to detect wheater the ruleset has been
changed and automatically download the new one.

Fixes #11984.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:36:30 +01:00
Stefan Schantl
b7a9b4edc2 ids.cgi: Update automatic download texts 
Update the showed texts in the dropdown box as mentioned in the
bug report.

Fixes #11985

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:13:28 +01:00
Stefan Schantl
81592314eb ids-functions.pl: Use GET method to fetch Header data of a file 
The sourcfire web servers does not support the HEAD request so we have to do
this with a GET here.

Fixes #11987

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:01:43 +01:00
Stefan Schantl
4924cfdc73 ids-functions.pl: Fix show HTTP error code and message 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 11:55:37 +01:00
Jonatan Schlag
08d91c0f7a python3-msgpack: Fix build on i586 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 09:02:18 +00:00
Michael Tremer
e20b7de067 python3-dateutil: Update rootfiles 
Changed because of new python3-setuptools

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 07:00:13 +00:00
Michael Tremer
1cca99e3a1 core128: Ship updated dhcpcd 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:40:02 +00:00
Matthias Fischer
2378f373dd dhcpcd: Update to 7.1.0 
For some informations about this update see:
https://roy.marples.name/blog/dhcpcd-7-1-0-released

"dhcpcd-7.1.0 has been released with the following changes:

- OpenBSD: works alongside slaacd(8)
- NetBSD: sets SO_RERROR on to detect receive socket overflow
- BSD: route improvements to avoid listening for own changes
- Linux: use NETLINK_BROADCAST_ERROR
- BSD: avoid late address deletion messages by testing address existance
- IP6: implement IP6 address sharing
- BSD: catch UP/DOWN events when interfaces does support media changes
- IPv4LL: remember old address when carrier is lost

Many other minor fixes and documenation updates have been submitted by various
community members for this release..."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:39:25 +00:00
Michael Tremer
60c692e385 core128: Ship updated curl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:15:24 +00:00
Matthias Fischer
d2b7811b15 curl: Update to 7.63.0 
For details see:
https://curl.haxx.se/changes.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:14:59 +00:00
Erik Kapfer
b4285088a1 update.sh: Delete .rnd files 
Since RANDFILE has been disabled in OpenSSL configurations, .rnd files are not needed anymore.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-03 21:43:23 +00:00
Michael Tremer
06232b041a core128: Ship updated apr 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-03 21:42:43 +00:00
Wolfgang Apolinarski
33f7d610fb Updated apr, stabilized apache build 
- Updated apr to 1.6.5
- Stabilized apache build (rebuild)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-03 21:41:33 +00:00
Arne Fitzenreiter
22f7be0d4d python3-llfuse: fix rootfile for non x86_64 builds 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 15:28:52 +01:00
Arne Fitzenreiter
329788dee5 kernel: update to 4.14.97 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 12:45:52 +01:00
Michael Tremer
2a915f98cb haproxy: Bump version to support TLSv1.3 (and PCRE JIT) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:34:02 +00:00
Michael Tremer
83064ee34e core128: Restart updated apache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:12:23 +00:00
Matthias Fischer
57bc05a53d apache: Update to 2.4.38 
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.38

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:09:49 +00:00
Michael Tremer
2d8187e8e0 core128: Ship AWS scripts again 
It seems that this was missing in Core Update 125/126 so not all
bug fixes made it into the release.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:08:44 +00:00
Jonatan Schlag
46114d79d9 Add new package borgbackup 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:23 +00:00
Jonatan Schlag
def9f4a3e0 Add new package python3-msgpack 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:16 +00:00
Jonatan Schlag
3be819876b Add new package python3-llfuse 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:06 +00:00
Jonatan Schlag
662b2a812f Add new package python3-setuptools-scm 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:26:59 +00:00
Jonatan Schlag
2d17377aa0 Add new package python3-settuptools 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:26:39 +00:00
Stefan Schantl
067e1847dc suricata.yaml: Add port 222 to list of SSH Ports 
The SSH-server listened on port "222" as default on IPFire in the past.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-01 14:34:25 +01:00