webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 19:53:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,439 Commits 2 Branches 1 Tag
5e20d6cb28a87fca71abd9d4e0b811f6674fd39a
Commit Graph

369 Commits

Author SHA1 Message Date
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
194c7b16e4 rust: add i586 and aarch64 rootfile 
todo: armv5tel is still missing...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:11:32 +02:00
Stefan Schantl
59fe973584 rust: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:08:23 +00:00
Michael Tremer
d111587cc3 gcc: Build the Go compiler 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-20 17:21:08 +00:00
Arne Fitzenreiter
7c30831ad2 initskripts: move unbound down after network down 
this remove a bunch of unbound errors at shutdown because
network down try to reconfigure unbond. (e.g. disable forwarders)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-11 11:09:40 +02:00
Arne Fitzenreiter
fd7c2f3a9e initskripts: fix i586 rootfile 2019-07-17 13:12:46 +02:00
Arne Fitzenreiter
3ec3329dff unbound: rework dns-forwader handling 
add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-16 19:20:48 +02:00
Michael Tremer
acf47bfa80 cloud-init: Import experimental configuration script for Azure 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
ffb37e51d4 Rename AWS initscript to cloud-init 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
82c279a518 kernel: update to 4.14.127 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-18 18:41:19 +02:00
Michael Tremer
35f12f2998 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 09:58:15 +01:00
Michael Tremer
28093c8376 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-08 11:34:37 +01:00
Michael Tremer
09b9910696 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-07 11:14:11 +01:00
Michael Tremer
236831c0f9 Rootfile update for gcc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:41:59 +01:00
Michael Tremer
81544f8884 hyperscan: Move rootfiles to arch directories 
This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:38:42 +01:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
68e0cf6714 grub: Update rootfile on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:45:02 +01:00
Michael Tremer
5085356151 glibc: Update rootfile for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-29 13:44:28 +01:00
Michael Tremer
452d2b6eaa grub: Disable efiemu on PC builds 
This won't compile with GCC 8 and we do not need it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:42 +01:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
771c9b78ee binutils: Ship strings & readelf 
This is needed by the spectre meltdown checker script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:01:42 +00:00
Stefan Schantl
8117fff863 IDS: Call helper script when red interface gets up 
The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:40:19 +01:00
Stefan Schantl
c1a3401235 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-21 13:04:13 +01:00
Michael Tremer
7d5caee6bd Add initscript for conntrackd 
The daemon will be started by default when a configuration
file exists.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 08:59:25 +00:00
Arne Fitzenreiter
5e6f343b7d python: update to 2.7.15 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-06 15:51:53 +01:00
Stefan Schantl
a13ddf04d9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-12 09:27:59 +01:00
Michael Tremer
f354601bbe initscripts: Import pakfire keys before importing AWS configuration 
This is useful when the user-data script is installing
packages. For that it will need valid keys for course.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-07 11:38:55 +00:00
Arne Fitzenreiter
16c18024bb kernel: compress kernel modules with xz 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:30:14 +01:00
Michael Tremer
9040a476cc core125: Ship glibc for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-29 10:50:35 +00:00
Stefan Schantl
2d475a3c6c Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2018-09-26 14:49:34 +02:00
Arne Fitzenreiter
924b48c789 kernel: update to 4.14.69 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-12 21:04:07 +02:00
Stefan Schantl
cb52183c6a Fix merge conflicts during merge of next and the suricata branch 2018-08-23 10:34:17 +02:00
Michael Tremer
84cd9b9162 Drop the network-trigger script 
This is done at boot time and doesn't normally need to be done again.

On AWS or in the setup, renaming any network interfaces is being
handled automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:05:43 +01:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
914cca3d8e initscripts: Link against suricata initscript in runlevels and red.up hook 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:02:34 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Arne Fitzenreiter
948d660c10 syslinux: update i586 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-21 16:39:46 +02:00
Michael Tremer
479d82d1b8 Rootfile update 
We don't have EFI on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-16 22:31:11 +01:00
Michael Tremer
784cd5cbd7 Enhance the flash image to support EFI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:49 +01:00
Arne Fitzenreiter
1ac0d5c598 Merge branch 'aarch64' into next 
Conflicts:
	config/rootfiles/core/121/filelists/acpid
	config/rootfiles/core/121/filelists/apache2
	config/rootfiles/core/121/filelists/apr
	config/rootfiles/core/121/filelists/aprutil
	config/rootfiles/core/121/filelists/armv5tel/files
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-multi
	config/rootfiles/core/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/121/filelists/armv5tel/u-boot
	config/rootfiles/core/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/121/filelists/beep
	config/rootfiles/core/121/filelists/cmake
	config/rootfiles/core/121/filelists/crda
	config/rootfiles/core/121/filelists/dhcp
	config/rootfiles/core/121/filelists/flex
	config/rootfiles/core/121/filelists/i586/grub
	config/rootfiles/core/121/filelists/i586/intel-microcode
	config/rootfiles/core/121/filelists/i586/linux
	config/rootfiles/core/121/filelists/i586/linux-initrd
	config/rootfiles/core/121/filelists/iw
	config/rootfiles/core/121/filelists/jwhois
	config/rootfiles/core/121/filelists/libidn
	config/rootfiles/core/121/filelists/multipath-tools
	config/rootfiles/core/121/filelists/pcre
	config/rootfiles/core/121/filelists/tar
	config/rootfiles/core/121/filelists/unbound
	config/rootfiles/core/121/filelists/wget
	config/rootfiles/core/121/filelists/x86_64/grub
	config/rootfiles/core/121/filelists/x86_64/intel-microcode
	config/rootfiles/core/121/filelists/x86_64/linux
	config/rootfiles/core/121/filelists/x86_64/linux-initrd
	config/rootfiles/core/122/filelists/aarch64/files
	config/rootfiles/core/122/filelists/acpid
	config/rootfiles/core/122/filelists/apache2
	config/rootfiles/core/122/filelists/apr
	config/rootfiles/core/122/filelists/aprutil
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/122/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-multi
	config/rootfiles/core/122/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/122/filelists/armv5tel/u-boot
	config/rootfiles/core/122/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/122/filelists/beep
	config/rootfiles/core/122/filelists/cmake
	config/rootfiles/core/122/filelists/crda
	config/rootfiles/core/122/filelists/dhcp
	config/rootfiles/core/122/filelists/flex
	config/rootfiles/core/122/filelists/i586/grub
	config/rootfiles/core/122/filelists/i586/intel-microcode
	config/rootfiles/core/122/filelists/i586/linux
	config/rootfiles/core/122/filelists/i586/linux-initrd
	config/rootfiles/core/122/filelists/iw
	config/rootfiles/core/122/filelists/jwhois
	config/rootfiles/core/122/filelists/libidn
	config/rootfiles/core/122/filelists/multipath-tools
	config/rootfiles/core/122/filelists/pcre
	config/rootfiles/core/122/filelists/tar
	config/rootfiles/core/122/filelists/unbound
	config/rootfiles/core/122/filelists/wget
	config/rootfiles/core/122/filelists/x86_64/grub
	config/rootfiles/core/122/filelists/x86_64/intel-microcode
	config/rootfiles/core/122/filelists/x86_64/linux
	config/rootfiles/core/122/filelists/x86_64/linux-initrd
	config/rootfiles/core/123/filelists/unbound
	config/rootfiles/oldcore/121/filelists/acpid
	config/rootfiles/oldcore/121/filelists/apache2
	config/rootfiles/oldcore/121/filelists/apr
	config/rootfiles/oldcore/121/filelists/aprutil
	config/rootfiles/oldcore/121/filelists/armv5tel/files
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/oldcore/121/filelists/beep
	config/rootfiles/oldcore/121/filelists/cmake
	config/rootfiles/oldcore/121/filelists/crda
	config/rootfiles/oldcore/121/filelists/dhcp
	config/rootfiles/oldcore/121/filelists/flex
	config/rootfiles/oldcore/121/filelists/i586/grub
	config/rootfiles/oldcore/121/filelists/i586/intel-microcode
	config/rootfiles/oldcore/121/filelists/i586/linux
	config/rootfiles/oldcore/121/filelists/i586/linux-initrd
	config/rootfiles/oldcore/121/filelists/iw
	config/rootfiles/oldcore/121/filelists/jwhois
	config/rootfiles/oldcore/121/filelists/libidn
	config/rootfiles/oldcore/121/filelists/multipath-tools
	config/rootfiles/oldcore/121/filelists/pcre
	config/rootfiles/oldcore/121/filelists/tar
	config/rootfiles/oldcore/121/filelists/wget
	config/rootfiles/oldcore/121/filelists/x86_64/grub
	config/rootfiles/oldcore/121/filelists/x86_64/intel-microcode
	config/rootfiles/oldcore/121/filelists/x86_64/linux
	config/rootfiles/oldcore/121/filelists/x86_64/linux-initrd
	make.sh
 2018-07-03 11:52:05 +01:00
Arne Fitzenreiter
4838034131 random: update initskript for machines with low entropy 
the script wait until crng is correct initialized before restore the
random seed and make some disc io to work around low entropy at boot
on some machines. Not really a fix but it should be better than reverting
CVE-2018-1108 fixes from kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-28 20:48:58 +02:00
Michael Tremer
bd3bcb45d6 AWS: Import aws setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-25 10:55:39 +01:00
Michael Tremer
1c21ebf8d5 Add initscript that automatically configures IPFire on AWS EC2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-21 16:45:40 +01:00
Arne Fitzenreiter
d96d00e9e9 intel-microcode: use symlink for i586 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-31 07:05:37 +02:00
Jonatan Schlag
87b5f3711b Add Intel microcode updates 
Fixes: #11590
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-29 16:42:51 +01:00
Arne Fitzenreiter
a9203b4f5b kernel: i586 enable cs5535 gpio module 
this modul is needed for alix led support

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-18 06:11:15 +02:00
Arne Fitzenreiter
20406699e3 grub: update to 2.02 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-17 06:10:06 +02:00