webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,041 Commits 2 Branches 1 Tag
623758aa652d6b6066ea01e5f6e12378e7504ba8
Commit Graph

7041 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Marx
c0f99754df Firewall: now it is possible to connect from one ipfire to a green network of another openvpn connected ipfire 
Please take care to put this into the docu! One can create DROP rules if
the remote ipfire should NOT be able to connect to the others internal
networks. Therefor you have to take the green interface IP as SOURCE!
 2013-12-23 11:05:04 +01:00
Alexander Marx
454d47a994 Firewall: changed outgoingfw converter to reflect new counters 2013-12-23 08:08:27 +01:00
Stefan Schantl
33230038e9 Kernel: Provide a working kernel configuration for wandboard. 2013-12-21 17:15:44 +01:00
Stefan Schantl
f7075c3a37 Kernel: Add support for PCI Express on wandboard. 
When manualy a PCI Express Slot has been soldered to the board, any kind of
PCI-E hardware can be used after loading the pcie_imx kernel module.
 2013-12-21 17:15:03 +01:00
Arne Fitzenreiter
30f68903d3 Merge remote-tracking branch 'origin/next' into fifteen 2013-12-21 10:05:39 +01:00
Arne Fitzenreiter
562e14b01f kernel: update to 3.10.25. 2013-12-20 23:31:40 +01:00
Alexander Marx
3c037075d0 Firewall: when DNAT external port is given and dest port is empty, theres now an errormessage displayed 2013-12-20 13:04:56 +01:00
Alexander Marx
a8b113e73d Firewall: Now servicegroups and networkgroups can be renamed 2013-12-20 12:10:35 +01:00
Alexander Marx
5f037986b7 Firewall: added JS to automatically select radiobuttons in fwhosts 2013-12-20 12:10:03 +01:00
Alexander Marx
484269ceac FIrewall: Rewrote complete counters for firewall-groups (hosts,networks, network-groups) 2013-12-20 12:09:52 +01:00
Alexander Marx
ce2dbe92ce Firewall: Bugfix - When editing a DNAT rule and setting prot to "all" the port from previus rule was not resettet 2013-12-20 12:08:43 +01:00
Arne Fitzenreiter
dd6c9bb9c3 collectd initskript: parse new lm_sensors config. 2013-12-19 22:46:48 +01:00
Arne Fitzenreiter
724908c680 lm_sensors: update to 3.3.4. 2013-12-19 22:45:34 +01:00
Stefan Schantl
2b230b77f5 Kernel: Add SATA support on imx6 wandboard. 
The imx6q wandboard has a soldered SATA port which can be used by loading the ahci_imx kernel module.
 2013-12-19 21:42:56 +01:00
Stefan Schantl
0c41633ee1 Kernel: Add support for wifi and bluetooth on imx6 wandboards. 2013-12-19 21:36:37 +01:00
Stefan Schantl
d24c586a95 Kernel: Add terminal driver support on imx platforms. 2013-12-19 21:31:39 +01:00
Stefan Schantl
14ef7de439 Kernel: Add CK01 clock support for imx6 wandboard. 2013-12-19 21:29:11 +01:00
Stefan Schantl
0520e6a5d0 Kernel: In case of busy i2c try again to get ACK on imx platforms. 2013-12-19 21:26:15 +01:00
Stefan Schantl
83d8e3a6db Kernel: Add initial support for compulab utilite. 2013-12-19 21:15:30 +01:00
Stefan Schantl
9bfde8ed40 Kernel: Add initial support for imx6q wandboard. 
The required entries for the device tree are taken from kernel 3.12.
 2013-12-19 21:11:54 +01:00
Stefan Schantl
8a5ef45f15 Rework of flash-images. 2013-12-19 11:14:52 +01:00
Stefan Schantl
e3181add8e uboot: Update to 2013.10. 2013-12-19 11:09:00 +01:00
Arne Fitzenreiter
3fc43cd15b xen-downloader: build only on i586. 2013-12-19 10:55:57 +01:00
Arne Fitzenreiter
b2c2422191 kernel: update to 3.10.24. 2013-12-18 11:29:48 +01:00
Michael Tremer
30f08bcf80 Merge remote-tracking branch 'amarx/difflang' into fifteen 2013-12-16 12:31:19 +01:00
Alexander Marx
fac3861429 Firewall: Bugfix: in /etc/init.d/firewall the REDNAT chain was affected BEFORE NAT_SOURCE. Outgoing SNAT rules where not working though 2013-12-16 12:29:02 +01:00
Michael Tremer
39962c6e3d iptables: Update to 1.4.21. 2013-12-16 12:28:08 +01:00
Arne Fitzenreiter
5cd3a05bf0 finalize core 74. 2013-12-14 22:01:16 +01:00
Alexander Marx
33e64584dd TOOLS: new script langdiff added. With this script one can check a languagefile against another and gets a txtfile conatining the missing lines. 2013-12-13 08:03:23 +01:00
Michael Tremer
6c859e0382 core74: Add httpscert script. 2013-12-12 21:20:56 +01:00
Michael Tremer
325aa1e1f4 httpscert: Increase size of the RSA key to 4096. 
RSA keys with length of 1024 bits are considered weak.
 2013-12-12 21:18:56 +01:00
Michael Tremer
a1365ee37c httpscert: Use regular random source. 
Previous to this patch, the kernel image file and internal
configuration settings have been used as a source for random
data, which is not random at all.
 2013-12-12 21:17:53 +01:00
Michael Tremer
cfb00625b8 strongswan: Disable rdrand plugin. 
Disabled because of security concerns.
 2013-12-12 21:15:24 +01:00
Michael Tremer
7506baa2eb wirelesscrtl: Add --wait to iptables command line. 
With a huge number of access rules, inserting all rules
into the kernel took a long while in which other iptables
tried to access the kernel's ruleset as well, which then
lead to resource conflicts.

Since iptables 1.4.20, the --wait parameter is supported
that will wait for a global xtables lock and then proceed.
 2013-12-12 21:05:56 +01:00
Michael Tremer
dfb1bfaf7b Always create squid.conf. 
In some cases, /var/ipfire/proxy/squid.conf does not belong to
nobody:nobody, so we do this explicitely.
 2013-12-11 21:59:22 +01:00
Michael Tremer
7d5e022df4 Merge remote-tracking branch 'amarx/firewall-fifteen-beta9' into fifteen 2013-12-10 13:31:38 +01:00
Alexander Marx
3a162dc14f Firewall: rebuild complete counter procedure in firewall-groups. This way the counters are on the fly generated and stable. also this is a prequisite to the new option that firewall-servicegroups can be rolled out by installation 2013-12-10 12:21:48 +01:00
Arne Fitzenreiter
5d4d41b18c Merge branch 'next' into fifteen 2013-12-10 00:15:01 +01:00
Arne Fitzenreiter
9fa1849586 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2013-12-10 00:14:12 +01:00
Arne Fitzenreiter
afa7593932 Merge branch 'master' into next 2013-12-10 00:13:20 +01:00
Arne Fitzenreiter
af2dcb40f6 samba: update to 3.6.22. 
Samba 3.6.22 have been issued as security releases in order
to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked)
and CVE-2012-6150 (pam_winbind login without require_membership_of
restrictions).
 2013-12-10 00:07:36 +01:00
Arne Fitzenreiter
e39ac92dd2 Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen 2013-12-09 17:13:34 +01:00
Arne Fitzenreiter
be33adfb3d kernel: update to 3.10.23. 2013-12-09 17:10:59 +01:00
Alexander Marx
50ce309b6a Firewall: added DNS (UDP,TCP) to default services 2013-12-09 11:06:50 +01:00
Alexander Marx
fe2bae3b74 Firewall: Fix BETA8 - It was not possible to delete single services from servicegroups 2013-12-09 09:33:21 +01:00
Alexander Marx
a8ec686f17 Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into firewall-fifteen1 2013-12-09 09:29:50 +01:00
Arne Fitzenreiter
3a3759c625 mountkernfs: fix mount of /sys and /proc without initrd. 2013-12-08 16:07:35 +01:00
Arne Fitzenreiter
8a2cf24a1f kernel: enable grsecurity on rpi kernel. 2013-12-08 16:03:25 +01:00
Alexander Marx
82b837cff8 Firewall: Added new feature: Now protocols can be added to servicegroups (GRE,AH,ESP,IPIP,IPV6) 2013-12-06 08:47:11 +01:00
Arne Fitzenreiter
342a91ae25 kernel: update to 3.10.22. 2013-12-05 19:46:25 +01:00