Michael Tremer
710afa00c6
Update IPS translation
...
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 17:18:21 +00:00
Michael Tremer
acb718b0bb
nut: Disable parallel build
...
nut just fails to build when running in parallel
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 14:01:45 +00:00
Michael Tremer
f9219b91a1
core130: Ship suricata
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:48:25 +00:00
Michael Tremer
3bc001dbf9
Update contributors
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:20:56 +00:00
Michael Tremer
cdfbdd1ada
Update translations
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:20:22 +00:00
Michael Tremer
01604708c3
Merge remote-tracking branch 'stevee/next-suricata' into next
2019-03-14 13:19:35 +00:00
Michael Tremer
c578cbd35f
core130: Ship updated firewall script
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:16:33 +00:00
Peter Müller
5fc5f70347
add IPtables chain for outgoing Tor traffic
...
If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.
Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.
Partially fixes #11779 .
Singed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:15:38 +00:00
Peter Müller
4680d554fc
run Tor under dedicated user
...
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.
Fixes #11779 .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:15:18 +00:00
Michael Tremer
b450e7e3e6
Start Core Update 130
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-14 13:15:03 +00:00
Stefan Schantl
e776d33c70
suricata: Fix amount of listened nfqueues
...
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-13 12:14:30 +01:00
Peter Müller
4fc1a0045b
amavisd: update to 2.11.1
...
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-13 09:35:07 +00:00
Peter Müller
867151a8b2
Postfix: update to 3.4.3
...
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-13 09:35:07 +00:00
Michael Tremer
5ea26096ca
installer: Set the clock correctly when installing over network
...
If a system has a not very up to date clock, downloading files
over HTTPS is impossible.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-13 09:35:07 +00:00
Arne Fitzenreiter
9deeda77b6
core129: finish update
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2019-03-13 15:18:52 +01:00
Arne Fitzenreiter
668119063c
u-boot: try to boot without ramdisk if the system cannot load it
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2019-03-13 15:17:28 +01:00
Arne Fitzenreiter
eaf004a468
knot: update to 2.8.0 and build/install only kdig
...
This fix compile errors on small arm boards. (cc1 internal error)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2019-03-13 15:06:23 +01:00
Arne Fitzenreiter
b57220aacd
groff: update to 1.22.4
...
This fix compile problems on small arm boards. (cc1 internal error)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2019-03-13 15:04:40 +01:00
Stefan Schantl
e8b1b397c1
suricata: Remove unneeded stuff during build
...
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-13 10:03:48 +01:00
Arne Fitzenreiter
c448474fc7
Revert "kernel: cleanup unused rpi patch"
...
This reverts commit a2d49659f3arne_f@ipfire.org >
2019-03-13 09:39:07 +01:00
Michael Tremer
beac548962
Update list of contributors
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-11 15:58:45 +00:00
Michael Tremer
e26e86dcaa
core129: Ship updated dnsforward.cgi
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-11 15:58:04 +00:00
Michael Tremer
56947acb12
Merge remote-tracking branch 'ms/dns-forwarding' into next
2019-03-11 15:57:15 +00:00
Michael Tremer
f1042a5d44
core129: Ship updated dhcp.cgi
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-11 09:54:19 +00:00
Michael Tremer
8288c0394b
Merge remote-tracking branch 'ms/dhcp' into next
2019-03-11 09:53:56 +00:00
Peter Müller
04f9321955
Tor WebUI: drop relay bandwith options < 1 MBit/s
...
Tor requires at least 1 MBit/s in order to participate.
Fixes #12001
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-11 09:52:54 +00:00
Michael Tremer
199db95a70
dnsdist: Limit to fewer concurrent build processes
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-11 09:38:56 +00:00
Michael Tremer
61424e9c67
core129: Ship updated less
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-10 18:23:22 +00:00
Peter Müller
9f7524c8b0
less: update to 530
...
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-10 18:22:53 +00:00
Peter Müller
e29c6d29c9
Postfix: update to 3.4.1
...
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-10 18:22:39 +00:00
Matthias Fischer
15b1a3e360
slang: revert parallelized build
...
This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=217e74c77317d4c829913f934458779fd278bf29;hb=23164efba5f57b3d8ccb07a166b613f2f951e1b6
'slang 2.3.0' doesn't like "$(MAKETUNING)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-10 18:22:21 +00:00
Stefan Schantl
f717b1dc55
IDS: Set owner of suricata logging directory to correct user
...
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-10 18:52:40 +01:00
Stefan Schantl
fd378b3b08
Rename snort user and group to suricata
...
This only affects new installations.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-10 18:50:37 +01:00
Michael Tremer
38081b8be1
suricata: Run as non-root user
...
This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-10 18:02:39 +01:00
Stefan Schantl
2bec60c347
suricata: Update to 4.1.3
...
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-10 17:34:03 +01:00
Stefan Schantl
1fbf0788bf
Move IDS/IPS menu entry to firewall section
...
Fixes #12011 .
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
2019-03-10 13:27:52 +01:00
Michael Tremer
50fcec161c
/etc/group: Order groups by ID
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 10:11:23 +00:00
Michael Tremer
3d0a190843
/etc/passwd: Order users by ID
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 10:08:02 +00:00
Michael Tremer
7996c5fee9
zabbix_agent: Create /var/run/zabbix in initscript
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 10:04:28 +00:00
Michael Tremer
661fdb02c2
zabbix_agent: Ensure that the user exists on all systems
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 09:58:56 +00:00
Alexander Koch
06fc6170a2
zabbix_agentd: New addon
...
New addon for monitoring IPFire by Zabbix Monitoring (https://www.zabbix.com/features ).
See https://forum.ipfire.org/viewtopic.php?f=52&t=22039 and https://lists.ipfire.org/pipermail/development/2019-February/005324.html for further details.
Best regards,
Alex
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 09:55:18 +00:00
Erik Kapfer
57d1564b3e
iptables: Commented legacy ip(6)tables entries from ROOTFILE
...
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-08 09:49:07 +00:00
Michael Tremer
c0ac5ae2a7
installer: Download ISO via HTTPS
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-07 11:27:19 +00:00
Michael Tremer
ea8a02c232
Revert "boost: Build with -O2 only"
...
This reverts commit 9ff5b381ebmichael.tremer@ipfire.org >
2019-03-07 10:29:31 +00:00
Michael Tremer
1ececb67a1
unbound: Mark domains as insecure from DNS forwarding
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-05 16:58:29 +00:00
Michael Tremer
025d8e6318
DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-05 16:10:17 +00:00
Michael Tremer
71a355c3a2
Merge branch 'ipsec-on-demand' into next
2019-03-05 15:25:36 +00:00
Michael Tremer
b15b70bc6b
vpnmain.cgi: Make on-demand mode default for IPsec VPNs
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-05 15:24:19 +00:00
Michael Tremer
eb09c90ef4
vpnmain.cgi: Carry over START_ACTION attribute correctly
...
This setting was not carried correctly and therefore the default was ignored.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-05 15:23:33 +00:00
Michael Tremer
297473d5f4
make.sh: Fit more processes into memory
...
Because we have a good way to limit processes now, we should
increase the default size a little bit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2019-03-04 17:21:15 +00:00
