learned from ChatGPT to print dynamic options.
add semi column ';' right after heredoc like:
print <<END;
...
...
END
following result in error
print <<END
...
...
END; #<<<< ERROR
following is correct
print <<END
...
...
END
;
so better use the first format
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
run command below when update language menu
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
write to /var/ipfire/ddos/settings file before
enable ddos to allow /etc/rc.d/init.d/ddos script
start up ddos according to the setting from
/var/ipfire/ddos/settings
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This is necessary since we now have a much shorter lifetime for the host
certificate. However, it is complicated to do this is which is why we
are copying the previous certificate and generate a new CSR. This is
then signed.
A caveat of this patch is that we do not rollover the key.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The function did not evaluate the return code which is why it used a
hack to figure out if some output is an error or not.
This is being fixed in this commit and the entire output is being
returned if the return code is non-zero.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This v3 version has split the logging choice for drop hostile to separate the logging of
incoming drop hostile and outgoing drop hostile.
- The bug originator had no port forwards so all hostile would be dropped normally anyway.
However the logs were being swamped by the logging of drop hostile making analysis
difficult. So incoming drop hostile was desired to not be logged. However logging of
outgoing drop hostile was desired to identify if clients on the internal lan were
infected with malware trying to reach home.
- Added option with drop hostile section to decide if the dropped traffic should be
logged or not.
Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka@ipfire.org
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit e0be9eab47.
This change is now producing problems on IPv6-enabled systems as it will
deny access to any website that is IPv6-enabled as well, even if the
client connected using IPv4.
I have tested if squid is now running on fine on systems where IPv6 is
disabled and can confirm that its running just fine.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- A new IPFire user on the forum saw the orange and red coloured blocks in the legend
section and believed that they were messages about problems that had been created with
the fixed leases.
- This change puts a small block with seperate explanatory text for both the orange and
red coloured blocks.
- This change will also be applied to the wiki in a much clearer way
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- When dealing with a problem on the forum I noticed that in the Fixed Leases table
Legend section there was a very large space between the empty checkbox icon and the
explanatory text. It looks like the   that I have removed worked on the text
section 'click to enable' as that was moved but not on the off.gif icon as that stayed
in its original place leaving a very large space between the icon and the explanatory
text. Removing the two commands fixes that.
- Reading up about   the problem might be related to these tags no longer being
recommended to use with the newer HTML versions and that indenting or spacing should be
done via CSS code. Will have a look in future on how to accomplish this via CSS.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- The regex code does not extract out the chain and so it is missed off from the log output
when it is exported.
- Changed code tested out on my vm testbed and confirmed to work and include the chain in
the output.
Fixes: Bug13492
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfre.org>
In web interface, on page DHCP Server, in table Current fixed leases, add column with resolved hostname by IP address
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- The Expires time heading for the Connections WUI page has seconds listed. However the
code is converting the seconds to hours:minutes:seconds.
- This patch is changing the heading to H:M:S in English and the equivalent in the other
languages. I have basewd this on the initial letter for Hours, Minutes & Seconds in
each of the languages.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This commit adds support for using LVM and mdadm based RAID devices
for the CGI page.
In case one or more drives/partitions are used by such a "grouped"
volume they still will displayed on the page, but can not be
configured/used. Instead the "master" volume of which the
drive/partition is part of is shown in the "mountpoint" input box.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- When the url filter update enable checkbox is unchecked then this patch calls
urlfilterctrl with the remove option added in the otrher patch of this series.
- Tested on my vm testbed that this change does remove the urlfilter symlink from the
fcron directories when the update is disabled.
Fixes: Bug#10649
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
This library is free software; you can redistribute it and/or modify it under the terms
of the GNU Lesser General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later version. This library
is distributed in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose. See
version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
padlock icon on top of it as a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- At long last I have re-visited the patch submission for bug #11048 and fixed the issues
that caused the problems last time I evaluated it in Testing.
- The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig
is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the
connection is a host and if the first password entry is a null. Then it adds no-pass
to ovpnconfig.
- The same block of code is also used for when he connection is edited. However at this
stage the password entry is back to null because the password value is only kept until
the connection has been saved. Therefore doing an edit results in the password value
being taken as null even for connections with a password.
- This fix enters no-pass if the connection type is host and the password is null, pass if
the connection type is host and the password has characters. If the connection type is
net then no-pass is used as net2net connections dop not have encrypted certificates.
- The code has been changed to show a different icon for unencrypted and encrypted
certificates.
- Separate patches are provided for the language file change, the provision of a new icon
and the code for the update.sh script for the Core Update to update all existing
connections, if any exist, to have either pass or no-pass in index 41.
- This patch set was a joint collaboration between Erik Kapfer and Adolf Belka
- Patch set, including the code for the Core Update 180 update.sh script has been tested
on a vm testbed
Fixes: Bug#11048
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Suggested-by: Adolf Belka <adolf.belka@ipfire.org>
Suggested-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
