webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,268 Commits 2 Branches 1 Tag
77ea7462bcc134b6147dd985abdd4e2311487515
Commit Graph

2324 Commits

Author SHA1 Message Date
Stefan Schantl
77ea7462bc proxy.cgi: Switch to MD5 hashed passwords for local user auth. 
The former used default Crypt algorithmus only supports passwords up to
eight signs wheater MD5 does not have any limitation here.

Fixes 12290.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-16 15:49:13 +00:00
Michael Tremer
f61be862c6 pakfire.cgi: Add UI to select repository 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-15 11:08:43 +00:00
Michael Tremer
131f163ce8 pakfire.cgi: Rename %pakfiresettings to %cgiparams 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-15 11:08:28 +00:00
Michael Tremer
e63fc18d07 pakfire.cgi: Remove some old settings 
These can no longer be modified in the GUI and are used nowhere.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-15 11:08:13 +00:00
Michael Tremer
d74d6844fd pppsetup.cgi: Drop DNS setting 
This has already been dropped and should not be added again
to the configuration file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-31 10:04:14 +00:00
Arne Fitzenreiter
f2d2c69787 dns.cgi: increase timeout to 5s 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-30 12:24:24 +00:00
Michael Tremer
e2338aa7ef make.sh: Modify update-contributors so that it will run with older version of awk 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-29 11:59:21 +01:00
Michael Tremer
38f51465c9 dns.cgi: Shorten time when checking if DNS is alive 
For localhost, one second should be plenty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-29 11:47:35 +01:00
Michael Tremer
351ad526b2 dns.cgi: Show recursor mode message even when we have some servers to show 
The message was not shown when we have received DNS servers from the
provider.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-29 11:40:59 +01:00
Stefan Schantl
4a791d2ab9 dns.cgi: Display when unbound is running in recursor mode. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-21 19:33:43 +00:00
Michael Tremer
87bee81c56 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-16 18:22:14 +00:00
Stefan Schantl
19602b681f dns.cgi: Fix ID and greater than checks. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-14 21:01:44 +00:00
Stefan Schantl
3a5866ac2b dns.cgi: Set kdig params for timeout and retry back to default. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-14 21:01:42 +00:00
Arne Fitzenreiter
61cc563558 Merge remote-tracking branch 'ms/next-dns-ng' into next 2020-01-13 21:42:49 +00:00
Michael Tremer
77c454b267 dnsforward.cgi: Reloading unbound is enough to apply changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-13 21:13:03 +01:00
Michael Tremer
d37cdb1bf8 hosts.cgi: Hosts can now be imported when reloading unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-13 21:12:02 +01:00
Michael Tremer
a25dcda295 dns.cgi: Fix check for undefined variable 
This was positive when zero was returned.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-13 20:44:55 +01:00
Stefan Schantl
39a6219fff dns.cgi: Show error when trying to use ISP nameservers and TLS at the same time. 
Because the ISP-assigned nameservers do not have any TLS-hostname
information they cannot be used, when TLS is activated.

They only can be used if they will be added as "regular" DNS servers
with a TLS-hostname.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-13 17:40:29 +01:00
Stefan Schantl
611587cf29 dns.cgi: Fix id compare when adding a new nameserver. 
I do not know why perl when using "le" which means "less-or-equal"
defines a "10" as "1".

This commit fixes the issue that it was not possible to add more than 8
nameservers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-13 10:42:56 +01:00
Stefan Schantl
4caa0efc59 ids.cgi: Do reload instead of restarting unbound 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-11 19:37:50 +01:00
Stefan Schantl
f03f34298b dns.cgi: Only perform reverse lookup if DNS is working. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-11 19:34:12 +01:00
Peter Müller
993724b4dd vpnmain.cgi: set SubjectAlternativeName default during root certificate generation 
Some IPsec implementations such as OpenIKED require SubjectAlternativeName
data on certificates and refuse to establish connections otherwise.

The StrongSwan project also recommends it (see:
https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) although
it is currently not enforced by their IPsec software.

For convenience purposes and to raise awareness, this patch adds a default
SubjectAlternativeName based on the machines hostname or IP address. Existing
certificates remain unchanged for obvious reasons.

The third version of this patch fixes a duplicate DNS query reported by Michael.

Fixes #11594

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-11 14:15:28 +00:00
Stefan Schantl
8fbb12f168 dns.cgi: Restart suricata if neccessary. 
When the DNS configuration of the system is changed,
we need to re-generate the file which contains the DNS Server
details for suricata and to restart the service.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-09 16:36:39 +01:00
Stefan Schantl
dc7466ce9a index.cgi: Do not longer display the DNS servers. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-09 16:30:10 +01:00
Stefan Schantl
9f9b2b8ebc guardian: Remove code for DNS servers. 
In the past this code was used to add the DNS servers
to the ignore list and prevent them from being blocked by
guardian.

Because of the switch to suricata as IPS, guardian now prevents
from password brute-forcing on SSH and/or the webserver, so this
code is not longer needed and safly can be removed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-09 09:15:05 +01:00
Stefan Schantl
9702252470 dns.cgi: Move grab_address_from_file function to general-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 18:44:41 +01:00
Stefan Schantl
8f4bde6574 dns.cgi: Also restart unbound if a server got enabled/disabled 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 18:19:58 +01:00
Stefan Schantl
46cc88ed22 dns.cgi: Remove accidently commited debug code 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 18:15:33 +01:00
Stefan Schantl
719db1cdb8 dns.cgi: Restart unbound 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 18:12:38 +01:00
Stefan Schantl
770ea81ee5 dns.cgi: Display DNS system status. 
For this, a test query to the local unbound instance will be
sent and if the DNS system work properly can be answerd.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 18:00:15 +01:00
Stefan Schantl
4314099302 dns.cgi: Perform server checks on user request 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 17:44:55 +01:00
Stefan Schantl
a969acc7d7 dns.cgi: Remove hard-coded box title. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 15:22:56 +01:00
Stefan Schantl
03e466de35 dns.cgi: Do not perform kdig tests when adding a server 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 12:58:50 +01:00
Stefan Schantl
038f962ea0 dns.cgi: Check for empty server address. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 12:12:29 +01:00
Stefan Schantl
70187da6a6 dns.cgi: Perform kdig tests only if the system is online. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 11:13:05 +01:00
Stefan Schantl
f36855fe73 dns.cgi: Introduce red_is_active() 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 11:12:42 +01:00
Stefan Schantl
f10fb4bf43 dns.cgi: Always display the input field for TLS_HOSTNAME 
* Mark it as required if the protocol is set to TLS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 10:35:52 +01:00
Stefan Schantl
25dda4a082 dns.cgi: Only perform reverse lookups if the system is online 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-08 10:35:24 +01:00
Michael Tremer
77c7a94cdd dns.cgi: Show ISP name servers as disabled 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 14:49:54 +00:00
Michael Tremer
984f14bdc4 dns.cgi: Fix handling of WARNINGs from kdig 
There might be multiple warnings which must all be shown
to the user.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 14:41:13 +00:00
Michael Tremer
71471d9bde dns.cgi: Remove smartmatch operator 
Perl likes to make things difficult

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:46:11 +00:00
Michael Tremer
dab1258a78 dns.cgi: Timeout after 2 seconds for DNS server checks 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:45:21 +00:00
Michael Tremer
1434fa0df5 DNS: Write name servers received from ISP to /var/run/dns{1,2} 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:35:45 +00:00
Michael Tremer
3bf804e834 dns.cgi: Set EDNS buffer size to 1232 
References: #12240
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:06:10 +00:00
Michael Tremer
e8981e3c8f netexternal.cgi: Drop DNSSEC status 
This has now been moved to the new dns.cgi.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 10:45:08 +00:00
Stefan Schantl
24d7c5ef6b dns.cgi: Rework to allow central DNS configuration. 
Fixes #12237.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-07 10:30:37 +01:00
Stefan Schantl
456f0b06f4 pppsetup.cgi: Remove support for configure DNS settings. 
Fixes #12234.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-05 12:37:57 +01:00
Stefan Schantl
51b63b4186 IDS: Allow to inspect traffic from or to OpenVPN 
This commit allows to configure suricata to monitor traffic from or to
OpenVPN tunnels. This includes the RW server and all established N2N
connections.

Because the RW server and/or each N2N connection uses it's own tun?
device, it is only possible to enable monitoring all of them or to disable
monitoring entirely.

Fixes #12111.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:12:06 +00:00
Arne Fitzenreiter
f23b944ecb core139: finish 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:48:07 +01:00
Erik Kapfer
6a9d9ff4af ovpn: Fix LZO checkbox restore 
Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-disabled/503 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 16:39:55 +00:00