bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00

Author	SHA1	Message	Date
Stefan Schantl	b7a9b4edc2	ids.cgi: Update automatic download texts Update the showed texts in the dropdown box as mentioned in the bug report. Fixes #11985 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 12:13:28 +01:00
Michael Tremer	1e2b257789	Add routed IPsec connections to traffic graphs section Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	38f6bdb740	ipsec: Drop delayed restart setting This is a very bad race-condition situation and is not solved by an unintuitive setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	517683eeb1	ipsec: Drop VPN_IP setting This is now a per-connection setting Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	ae0d069827	ipsec: Allow to select local IP address used for peer on UI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	455fdcb17a	ipsec: Re-arrange inputs for peer addresses, subnets, etc. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7e25093d42	ipsec: Don't allow to select VTI in transport mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	605c391aaf	vpnmain.cgi: Don't populate GREEN subnet when green doesn't exist Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	216bd9b389	vpnmain.cgi: Move advanced IPsec settings to connection page This is required to make the initial setup easier for GRE/VTI connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	f2d45a45ab	IPsec: Do not allow 0.0.0.0/0 as remote subnet This renders the whole machine inaccessible Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	90aa4f1083	IPsec: Use left/rightprotoport in GRE mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b01c17e9d0	IPsec: Update ipsec.conf for GRE/VTI changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	55842dda69	IPsec: Add UI for set interface MTU Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7464131706	IPsec: Add option to configure IP address for tunnel interface Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	8ebe725416	IPsec: Set default inactivity timeout to half an hour Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1e9457ac6f	IPsec: New connections should defatul to on-demand mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	cae1f4a7a8	IPsec: Add dropdown to select tunnel interface mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	5e6fa03e1e	vpnmain.cgi: Correctly carry over INACTIVITY_TIMEOUT Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	326728d53d	IPsec: Write tunnel/transport mode to strongSwan configuration Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	29f5e0e2b9	IPsec: Add selection for transport/tunnel mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Stefan Schantl	912d7472a8	ids.cgi: Automatically download ruleset if the ruleset source has been changed. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-31 08:55:05 +01:00
Stefan Schantl	e0cec9fe99	ids.cgi: Dynamically generate SHOW/HIDE for expanding or collapsing a ruleset category Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 10:53:17 +01:00
Stefan Schantl	cf02bf2f7d	ids.cgi: Show IDS setting area only if a ruleset is present. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 10:12:11 +01:00
Stefan Schantl	013274d7d8	ids.cgi: Diplay reason, why a ruleset could not be downloaded, if the system is offline. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 10:05:14 +01:00
Stefan Schantl	5fd2e9d64a	ids.cgi: Also download the ruleset when saving the ruleset settings Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:57:49 +01:00
Stefan Schantl	34a3843865	ids.cgi: Add dropdown option for Emergingthreats.net Pro rules. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:42:28 +01:00
Stefan Schantl	d618d67e01	ids.cgi: Only show "update ruleset" button if a ruleset is present Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:39:17 +01:00
Stefan Schantl	674912fc3a	ids.cgi: Draw daemon status and setting in the same box. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:33:47 +01:00
Stefan Schantl	029b8ed2b1	ids.cgi: Show/Hide subscription code area dynamically. Dynamically (Java Script) show/hide the area for entering the subscription code / oinkcode based on the choosen ruleset. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:27:37 +01:00
Stefan Schantl	bc4a2223cc	ids.cgi: Remove help text for obtaining an oinkcode This information is only valid for sourcefire (snort) rulesets, may confuse users and therefore should be handled in the wiki. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 09:25:34 +01:00
Stefan Schantl	9f9651e06a	logs.cgi/log.dat: Change search pattern from snort to suricata Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-29 09:00:26 +01:00
Stefan Schantl	39155be805	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-26 12:40:04 +01:00
Michael Tremer	7ec83993e5	proxy: Show error messages in English by default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 06:21:53 +00:00
Stefan Schantl	9283e9b9cf	ids.cgi: Move and rename GenerateIgnoreList() function to ids-functions.pl Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-22 13:25:13 +01:00
Stefan Schantl	c1a3401235	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-21 13:04:13 +01:00
Matthias Fischer	e26a5c4885	Fix typo in 'html/cgi-bin/logs.cgi/log.dat' Translation string uses capital letter: 'Captive' => 'Captive Portal', Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-06 07:02:54 +00:00
Michael Tremer	ce1f04ee40	proxy: Allow selecting throttled bandwidth in MBit/s Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 16:10:59 +01:00
Michael Tremer	c2f1b8183c	proxy: Suggest modern defaults for cache memory and disk Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 16:02:05 +01:00
Michael Tremer	cdd4cf4094	proxy: Drop support for throttling only certain mime types Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 16:00:05 +01:00
Michael Tremer	d68e150e86	proxy: Drop web browser check This is neither reliable nor up to date and is therefore removed Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:54:56 +01:00
Michael Tremer	a1018d86ae	proxy: Set authentication TTL for NTLM authentication also Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:49:18 +01:00
Michael Tremer	6df2d52887	proxy: Use correct authentication cache TTL for AD Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:48:32 +01:00
Michael Tremer	fa286b1330	proxy: Use entered setting for auth children for AD Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:46:20 +01:00
Michael Tremer	5c2a76f7b3	proxy: Use correct realm for AD authentication Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:44:19 +01:00
Michael Tremer	dc637f087f	proxy: Remove AUTH_IPCACHE_TTL This is potentially dangerous to set larger than zero. Authentication is perfomed on basis of IP addresses which is not a good idea at all. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:39:36 +01:00
Michael Tremer	ea72700a3b	proxy: Drop NTLM authentication This is the authentication againt NT 4.0 style domain controllers. squid has dropped support for this in the 4.5 release and nobody should be using these old domain controllers any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-08 15:28:46 +01:00
Michael Tremer	eedca6e36c	squid: Run as many redirectors as we have CPU cores This makes sure that we use the optimal ratio of memory and CPU usage. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Tested-by: Matthias Fischer <matthias.fischer@ipfire.org>	2019-01-08 03:33:37 +01:00
Daniel Weismüller	1a3323f2e6	BUG 11786 - squid: Remove setting for filter processes the number of Squid processes I added a function to determine the number of cores. Now the number of squid processes will be equal to the number of logical cores. Further I removed the possibility of changing the number of squid processes in the proxy.cgi Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: root <root@ipfire.test>	2019-01-08 02:02:05 +01:00
Matthias Fischer	d01b31914a	snort: Update to 2.9.12 For details see: Release notes: https://snort.org/downloads/snort/release_notes_2.9.12.txt Changelog: https://snort.org/downloads/snort/changelog_2.9.12.txt Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-05 15:42:34 +00:00
Matthias Fischer	0a12cd7039	dnsforward.cgi: fix for language string Hi, In https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1a26564e95b5694337e51860544e7775d35055f3 the language string 'dnsforward forward_server' => 'DNS-Server', was deleted and replaced by 'dnsforward forward_servers' => 'DNS-Server', IMHO this leads to an empty string in 'dnsforward.cgi', line 223: ... <td width='20%' class='base'>$Lang::tr{'dnsforward forward_server'}: <img src='/blob.gif' alt='*' /></td> ... I changed this line... Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-03 14:58:26 +00:00

... 14 15 16 17 18 ...

2798 Commits