bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00

Author	SHA1	Message	Date
Stefan Schantl	a40ee6b9bf	ids.cgi: Generate and store the DNS server configuration. This will be done by the recently added generate_dns_servers_file() function from ids-functions.pl. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-13 19:13:25 +00:00
Erik Kapfer	fa5274763c	OpenVPN: Fix max-clients option Fix: Triggered by https://forum.ipfire.org/viewtopic.php?f=16&t=23551 Since the 'DHCP_WINS' cgiparam has been set for the max-client directive, changes in the WUI has not been adapted to server.conf. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-13 18:55:15 +00:00
Michael Tremer	095bf49407	mail.cgi: Do not print content of input fields This was printed unescaped and could therefore be used for a stored XSS attack. Fixes: #12226 Reported-by: Pisher Honda <pisher24@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-13 18:41:02 +00:00
Michael Tremer	0a340fbe1e	mail.cgi: Always check content of fields These checks did not do anything but clear all fields when mailing was disabled. It makes a lot more sense to retain people's settings, even when they have been disabled. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-13 18:41:01 +00:00
Michael Tremer	76bf53db8b	QoS: Drop support for setting TOS bits per class This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:31 +00:00
Michael Tremer	afe23fbb52	QoS: Drop support for subclasses This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:12 +00:00
Arne Fitzenreiter	50e97cd55f	Revert "QoS: Drop support for subclasses" This reverts commit `bc4d4da870`.	2019-10-20 20:18:00 +00:00
Arne Fitzenreiter	6aeaa3a75e	Revert "QoS: Drop support for setting TOS bits per class" This reverts commit `3174d9c6b6`.	2019-10-20 20:17:18 +00:00
Michael Tremer	2ad1b18bdb	vpnmain.cgi+ovpnmain.cgi: Fix file upload with new versions of Perl File uploads did not work since Perl was upgraded. This patch fixes that problem by only checking if an object was returned instead of performing a string comparison. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:10:20 +00:00
Michael Tremer	3174d9c6b6	QoS: Drop support for setting TOS bits per class This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:53 +00:00
Michael Tremer	bc4d4da870	QoS: Drop support for subclasses This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:39 +00:00
peter.mueller@ipfire.org	fe9fb38682	fix link to public DNS server list in dns.cgi Fixes: #11851 Reported-by: Dani W <assgex@gmail.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:41:49 +00:00
Michael Tremer	d47b2cc28b	IPsec: Add support for Curve448 This is supported since strongswan 5.7.2 and is a good alternative to Curve25519 because Curve448 is almost equally secure but performs faster. https://en.wikipedia.org/wiki/Curve448 This is enabled by default although we do not expect many other implementations to be able to support this. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:53:23 +00:00
Erik Kapfer	b21a6319cd	ovpn: Add ta.key check to main settings Since Core 132 the 'TLS Channel Protection' is part of the global settings, the ta.key generation check should also be in the main section otherwise it won´t be created if not present. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:04:52 +00:00
Erik Kapfer	ae04d0a311	ovpn: Generate ta.key before dh-parameter Fixes: #11964 and #12157 If slow boards or/and boards with low entropy needs too long to generate the DH-parameter, ovpnmain.cgi can get into a "Script timed out before returning headers" and no further OpenSSl commands will be executed after dhparam is finished. Since the ta.key are created after the DH-parameter, it won´t be produced in that case. To prevent this, the DH-parameter will now be generated at the end. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:04:50 +00:00
Arne Fitzenreiter	c3f996979f	update contributor list Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-12 12:53:28 +02:00
Alex Koch	7f44ec0478	zoneconf: reduce the width of inputs for vlanid The inputs for the vlanids are overlapping the borders of their cells (using a recent Firefox on Linux Mint, Android or Windows 7). This patch fixes this by limiting the width to a fixed value. Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de> Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-12 10:19:14 +00:00
Alex Koch	111216416f	WUI log-section Mail: add support for postfix addon Expand the regex for the section dmi ("Mail") for /var/log/mail to include the log contents of postfix, in case the addon is installed. Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-11 16:50:57 +00:00
Alex Koch	2da785f90b	WUI log-section Mail: bugfix for dma The prefix for dmi in /var/log/mail seems to have changed from "dma[<PID>]: " to "dma: ". This results in a bug where no lines are being shown at all in the WUI. Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-11 16:49:45 +00:00
sfeddersen	4f19781d71	BUG12156: GUI cosmetic to show woi logs cleaner Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-04 14:35:22 +00:00
Arne Fitzenreiter	2de0f49f8f	dhcp.cgi: fix typo Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-08-18 17:59:49 +02:00
Arne Fitzenreiter	5653e55107	perl-scripts: suppress smartmatch experimental warning smartmatch was introduced with perl 5.10 and was marked as experimental in 5.14 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-08-16 12:21:26 +02:00
Michael Tremer	c8ee8f37d4	Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-21 01:39:42 +01:00
Peter Müller	0dd16f4047	vpnmain.cgi: Fix writing ESP settings for PFS ciphers The changes introduced due to #12091 caused IPsec ESP to be invalid if PFS ciphers were selected. Code has to read "!$pfs" instead of just "$pfs", as it should trigger for ciphers _without_ Perfect Forward Secrecy. Fixes #12099 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-17 16:14:27 +01:00
Arne Fitzenreiter	faec909e1a	vpnmain.cgi: remove wrongh "shift-space" Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-06-15 17:38:47 +02:00
Michael Tremer	171512b7a7	Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:46:37 +01:00
Stefan Schantl	81bae51f61	ids-functions.pl: Rework function write_modify_sids_file(). Directly implement the logic to determine the used ruleset and if IDS or IPS mode should be used into the function instead of pass those details as arguments. This helps to prevent from doing this stuff at several places again and again. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:41:49 +01:00
Tim FitzGeorge	a5ba473c15	suricata: correct rule actions in IPS mode In IPS mode rule actions need to be have the action 'drop' for the protection to work, however this is not appropriate for all rules. Modify the generator for oinkmaster-modify-sids.conf to leave rules with the action 'alert' here this is appropriate. Also add a script to be run on update to correct existing downloaded rules. Fixes #12086 Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:39:57 +01:00
Michael Tremer	745915d82c	vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled Fixes: #12091 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 05:07:27 +01:00
Bernhard Bitsch	e4f9ea3c16	dhcp.cgi: Save fixed leases immediately after addition of a new lease This changes the behaviour of the script to immediately save the added lease to file but still remain in edit mode to make changes. If the user does not make any changes, the lease is immediately saved and there is no second click required to write it to file. This a more natural flow that is expected by almost all users of this feature. Fixes: #12050 Signed-off-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 00:30:19 +01:00
Erik Kapfer	d2de0a00ce	ovpnmain.cgi: Fixed line break for LZO option It is better readable if everything is in one line. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-02 22:49:17 +01:00
Erik Kapfer	ac2fdbb15e	tor.cgi: Disable debugging output Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:46:45 +01:00
Arne Fitzenreiter	29abc2d07c	vulnerabilities.cgi: again change colours red - vulnerable blue - mitigated green - not affected because we not really trust the mitigations so they shound not green. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-25 07:39:38 +02:00
Arne Fitzenreiter	e896a9bd3d	vulnerabilities.cgi fix string handling remove lf at the end for correct matching and not strip "Mitigated:" if it was not full working and still vulnerable. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-25 06:54:35 +02:00
Michael Tremer	413f84e988	vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-25 06:51:53 +02:00
Michael Tremer	a96bcf413a	vulnerabilities.cgi: Simplify regexes We can do the split in one. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-25 06:51:06 +02:00
Arne Fitzenreiter	984a6cabe4	vulnerablities: change to logic colours Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-22 12:34:03 +02:00
Arne Fitzenreiter	b23db9b97b	vulnerablities.cgi: add colours for vuln,smt and unknown output. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-22 10:30:08 +02:00
Michael Tremer	1cbcd044af	SMT: Show status on vulnerabilities.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:54:05 +01:00
Michael Tremer	f238e25172	vulnerabilities.cgi: Disable debugging output Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:39:03 +01:00
Michael Tremer	6f626b9ba0	Add the new vulnerabilities CGI file to the System menu Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:38:20 +01:00
Michael Tremer	65871d1a0c	Add new CGI file to show CPU vulnerability status This is supposed to help users to have an idea about the status of the used hardware. Additionally, it allows users to enable/disable SMT. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:17:17 +01:00
Michael Tremer	23b26ce5e3	zoneconf: Reindent with tabs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:56:13 +01:00
Florian Bührle	7478903fb1	Added reboot notice Added a reboot notice and made table rows more distinguishable by alternating their background color. This improves usability. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:54:22 +01:00
Florian Bührle	0ec8e31ade	zoneconf: Switch rows/columns This change is necessary because the table can grow larger than the main container if a user has many NICs on their machine. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:53:50 +01:00
Michael Tremer	145343d56e	Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:52:42 +01:00
Erik Kapfer	1338977702	ovpn_reorganize_encryption: Integrate LZO from global to advanced section Fixes: #11819 - Since the Voracle vulnerability, LZO is better placed under advanced section cause under specific circumstances it is exploitable. - Warning/hint has been added in the option defaults description. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:51:26 +01:00
Erik Kapfer	0c4ffc6919	ovpn_reorganize_encryption: Added tls-auth into global section - Since HMAC selection is already in global section, it makes sense to keep the encryption togehter. - Given tls-auth better understandable name. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:50:21 +01:00
Erik Kapfer	86308adb25	ovpn_reorganize_encryption: Integrate HMAC selection to global section Fixes: #12009 and #11824 - Since HMACs will be used in any configuration it is better placed in the global menu. - Adapted global section to advanced and marked sections with a headline for better overview. - Deleted old headline in advanced section cause it is not needed anymore. - Added check if settings do not includes 'DAUTH', if possible SHA512 will be used and written to settings file. Old configurations with SHA1 will be untouched. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:49:30 +01:00
Oliver Fuhrer	bf2a1c524b	BUG 11696: VPN Subnets missing from wpad.dat This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:38:17 +01:00

1 2 3 4 5 ...

2271 Commits