- add help links for two new ipblocklist WebGUI pages
- update help links to proxy accounting
- add links to OpenVPN Net-to-Net Statistics,
MD Raid State, Update Accelerator,
OpenVPN Roadwarrior Connections Log
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Network (other) help link was set to go to Network (internal) wiki page
Link modified
- Running the check_manualpages.pl script requires it to be executable so the build
changed the permissions mode from 644 to 755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
given list.
The function will return the rate in seconds based on the configured
rate value in the blocklist sources file and the given blocklist.
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
not parse-able.
In case the downloaded list is empty or the parser is not able to parse
it properly, the download_and_create_blocklist() function now exits and
will return "empty_list" as new error code.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This vendor has a different list format and therefore requires an
own parser.
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is responisible for downloading and converting the
blocklist into an ipset compatible format.
The only required argument is the blocklist (in upper letter format) which should be
performed. It automatically will setup an upstream proxy (if configured)
and grab the file specified in the blocklist vendor configuration hash.
There is a maximum amount of five attempts until the script gives up and
returns a "dl_error". In case the server responses with "Not Modified"
(Code 304) a "not_modified" will be returned.
If the blocklist successfully has been grabbed, the modification date
get stored for further purposes and the list content will be converted
and stored in an ipset compatible format.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Inspired-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
This library file will contain a collection of functions, which are
required to deal with the ipblocklist feature.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This is a little patch which will extend the aliases page to offer an
interface selection if there are more than one RED interfaces.
This is a little hack to make configuration easier for users who have
manually set up more than one RED interface (e.g. for load balancing or
fail-over) and want to use the UI to configure firewall rules.
As a little benefit on the side, I had to rewrite setaliases.c to use
ip(8) instead of ifconfig(8).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Since the kernel now always reports 256 bits of entropy to be available,
this CGI does not show any useful information anymore. To avoid
confusions, it will hereby be removed entirely.
Fixes: #12893
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- The fix for bug #12428 removed spaces from the validhostname subroutine as hostnames are
not supposed to have spaces
- This resulted in spaces no longer being allowed for the Static IP Address Pools names
- New subroutine created called validccdname. This allows letters, upper and lower case,
numbers, spaces and dashes
Fixes: Bug #12865
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This allows to correctly assign an URL to a file without relying
on unique base names.
A custom read function is required because General::readhash()
doesn't allow paths as hash keys. Modifying the existing functions
could affect other CGIs and was therefore dismissed.
Fixes: #12806
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
This patch adds default values and removes a missing translation
to fix "uninitialized value" and "odd number of elements" warnings.
Removes function calls from functions.pl that have already been
handled by the header before it is loaded by eval().
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
unsupported provider.
Modify the write_used_rulefiles_file() function to skip the rulesfiles
of unsupported providers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
supported anymore.
In this case the details about the file suffix is not available in the
ruleset-sources file anymore. In this case now the function tries to
enumerate the correct filename.
This allows to display the correct stats in the WUI and to extract and
use the downloaded ruleset of the provider until it got deleted by the
user.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Etags are used to itentify if an ressource has been changed
by sending a special request and an Etag value to the server.
If the ressource has changed the server will serve the new content
otherwise it will return the 304 (Not-Modified) code.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
rulefiles.
Suricata seems to struggle when using multiple and/or nested includes in
the same config section. This results in a only partially loaded
confguration where not all rulefiles are loaded and used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
- The directory name for the hostile data was using HOSTILE while the chain was called
HOSTILE_DROP. This resulted in the files in the directory not being updated.
Fixes: bug#12838
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
This function is going to replace the part which currently the
oinkmaster.pl script does.
It will read in the extracted ruleset, remove duplicates and alter the
rules to alert or drop in case they match. Also rules will be enabled or
disabled if the used requested this.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to gather the modes of the configured providers
and return them as hash.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The download script should not directly do the logging stuff.
It simply should download the files for the requested provider and
return an error code on fail.
The logging should be done at another place.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Remove the option and required code to download the rulesets
for all configured and enabled providers by just calling the downloader
function.
This cause a lot of troubles and if required, directly should be handled
by the processing script.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When using the "If-Modified-Since" header, the server can be requested
if a modified version of the file can be served.
In case that is true, the file will be sent and stored by the downloader
function. If the file has not been touched since the last time, the
server will respond with the code "304" (Not modified).
This tells us, that the current stored file is the latest one (still up-to-date)
and we safely can skip the download attempt for this provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will help us to determine if all required perl modules and their
dependencies are avail and load-able.
It also prevents us from doubble loading modules and makes development
and maintainance more easy.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
