dhcpcd 9.x adds privelege seperation by creating a chroot
and running parts of the client not as root.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Records which are from the same domain than the IPFire hostname
might not be returned by unbound. This change explicitely instructs
unbound to check local data before checking the global DNS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or
OpenVPN) destinations was emitted to the internet (ppp0 or red0
interface) directly if the IPS was enabled but crashed during operation.
This patch places the IPSECBLOCK and OVPNBLOCK chains before the
ones responsible for forwarding traffic into the IPS.
Thanks to Michael for his debugging effort.
Partially fixes#12257
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since we are running unbound locally which always runs DNSSEC
validation, we can simply trust it and pass the ad flag on to
applications which make use of it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
on some machines the i2c sensor search take very long time
which cause hang at first boot.
Now the search is started in background and waited for max one
minute before continue load of collectd.
On such machines collectd will not get all sensors at first startup.
fixes#12329
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When unbound is running multiple threads, we have observed
that queries where sent for each thread.
Since no user should have so much DNS traffic that more than
one processor core is being saturated, this is a safe change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this functions has only reloaded unbound config
which is useless at shutting down the red interface.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package is outdated and unmaintained for many many years.
I am not sure if this even works and if there are any users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is mostly aesthetic because there are no ISP nameservers
anyways that we could use here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This probably has only been used by me and we do not need
it any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We cannot reliably determine if a system is running on Hyper-V
on a private server or on the Azure Cloud.
Therefore, we will have to try to retrieve an IP address
with DHCP and try to connect to the metadata service. If either
of those things is not successful, we will just continue with
the setup process as usual.
So cloud instances should be automatically configured now and
all other systems will continue to boot and call the setup
wizard as usual.
Fixes: #12272
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Those scripts used to import settings from the meta-data services
and wrote them to the local configuration files.
For the DNS settings and Amazon, this is no longer possible because
their DNS servers do not support DNSSEC at all. Therefore we default
to recursor mode.
To be consistent across cloud providers, we are doing the same for
Azure.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This file has an unsed line for the "fusion" module which
is no longer needed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
These modules are loaded by default on all systems.
They are simply a waste of space since not many systems
have parallel ports any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This daemon needs to be launched in order to use LVM
devices in IPFire.
It will run on all installations after this patch has been
merged but only consumes very little memory.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since DNSSEC relies on time to validate its signatures,
a common problem is that some systems (usually those without
a working RTC) are not being able to reach their time server.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When the system comes online, we must update entries
in the unbound cache to point to the "safe" IP addresses.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
