webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,624 Commits 2 Branches 1 Tag
841663e7651745f5d968e278508c91391b26c91f
Commit Graph

3889 Commits

Author SHA1 Message Date
Alexander Marx
a43c9b6a64 Firewall: outgoingconverter fix for ipfire-src 2014-04-28 14:27:54 +02:00
Michael Tremer
126507e5cf watchdog: Update addon. 2014-04-27 19:37:42 +02:00
Michael Tremer
55f14706fb kernel: Enable various watchdog modules on i586. 2014-04-26 13:22:49 +02:00
Alexander Marx
7490b22e9d Firewall: BUG 10528 - allow subnets greater than /8 2014-04-23 15:08:47 +02:00
Michael Tremer
d1b0815ff7 strongswan: Enable XAUTH noauth plugin. 
See #10468.
 2014-04-22 17:46:32 +02:00
Michael Tremer
ff7cb6d60f firewall: Fix accessing port forwardings from internal networks. 
When a different "external port" was used, false rules have
been created in the mangle table.
 2014-04-20 18:13:35 +02:00
Arne Fitzenreiter
4fbf276cae strongswan: rootfile update. 2014-04-16 06:52:01 +02:00
Arne Fitzenreiter
2751238e6f move core75 files to oldcore. 2014-04-16 01:54:14 +02:00
Michael Tremer
b18b011b84 Rename IPFire 2.15 Core Update 76 -> 77. 2014-04-15 21:38:24 +02:00
Michael Tremer
cc81c43053 firewall: Fix spelling and seperate spelling issues. 2014-04-12 16:01:11 +02:00
Michael Tremer
766c2f601d rules.pl: Rewrite P2P protocol filter. 2014-04-12 15:40:14 +02:00
Michael Tremer
aa5f4b6568 firewall: Fix creation of automatic rules for the firewall. 
If the firewall is part of a local network (e.g. GREEN),
we automatically add rules that grant/forbid access for the firewall,
too.

This has been broken for various default policies other than ALLOWED.
 2014-04-12 15:16:08 +02:00
Arne Fitzenreiter
0cd7c451dd kernel: disable intel mei. 
Intel Management Engine Interface is still crashing the kernel.
 2014-04-09 18:20:46 +02:00
Michael Tremer
b8ec7b86ac firewall-policy: Remove empty line. 2014-04-09 15:14:25 +02:00
Michael Tremer
fcc68a4277 firewall: Fix rule generation for protocols without ports. 2014-04-09 14:06:32 +02:00
Arne Fitzenreiter
1e7a2feaeb glibc: rootfile update (arm). 2014-04-07 00:35:31 +02:00
Arne Fitzenreiter
b3c0ff6239 kernel-header: rootfile update. 2014-04-06 23:34:32 +02:00
Michael Tremer
888911ed57 core76: Include changed /etc/sysctl.conf in update. 2014-04-06 12:53:30 +02:00
Arne Fitzenreiter
68561214b3 glibc: fix image, updater and filecount in installer. 
switch from locale-archive to normale locales add est. 5000 files.
todo: arm-rootfile.
 2014-04-06 10:29:27 +02:00
Michael Tremer
085a20ec8b firewall: Fix using aliases. 
Fix coding errors, actually read aliases configuration
and fall back to default RED IP address if no suitable
alias was found.
 2014-04-05 17:09:56 +02:00
Michael Tremer
1d9c1c3079 convert-portfw: Fix converting aliases. 
ALL is not suitable as it is not a valid configuration value.
 2014-04-05 17:08:17 +02:00
Arne Fitzenreiter
c926c6375d firewall: fix green only mode. 
disable masquerade and green IP/NET check if internet is
connected via green.
 2014-04-05 11:04:25 +02:00
Arne Fitzenreiter
fee04791f4 apache2: update to 2.2.27. 2014-04-04 21:17:08 +02:00
Michael Tremer
025741919a firewall: Fix perl coding error. 
Example:
	my @as = (1, 2, 3);
	foreach my $a (@as) {
		$a += 1;
		print "$a\n";
	}

$a will be a reference to the number in the array and not
copied. Therefore $a += 1 will change the numbers in the
array as well, so that after the loop the content of @as
would be (2, 3, 4).
To avoid that, the number needs to be copied into a new
variable like: my $b = $a; and we are fine.

This caused that the content of the @sources and @destinations
array has been altered for the second run of the loop and
incorrect (i.e. no) rules were created.
 2014-03-31 13:16:26 +02:00
Michael Tremer
c26a9ed25c firewall-policy: Clarify policy rules. 
There are no functional changes here. Everything that
is not explicitely allowed is now forbidden when the
forward policy is "ALLOWED".
 2014-03-30 22:33:58 +02:00
Arne Fitzenreiter
8089b78d9d firewall-policy: fix drop and logging on red0; 2014-03-29 15:06:35 +01:00
Michael Tremer
70c926e75b firewall: Create mangle chain NAT_DESTINATION to silence error messages when updating. 2014-03-27 15:08:17 +01:00
Alexander Marx
a3f2459f8f Firewall: fix Update from core 75 to 76 2014-03-27 15:07:41 +01:00
Michael Tremer
38ca33d110 cups: Fix rootfile. 
Basically, include just everything.
 2014-03-27 11:36:12 +01:00
Arne Fitzenreiter
af433268e0 graphs.pl: fix links position in chrome for android. 2014-03-23 17:39:47 +01:00
Michael Tremer
51cf3f8be5 firewall: rules.pl: Honour time constraints for NAT rules as well. 2014-03-21 13:39:03 +01:00
Michael Tremer
f98bb538e5 firewall: rules.pl: Catch invalid configurations. 2014-03-21 13:33:08 +01:00
Michael Tremer
c0ce920610 firewall: rules.pl: Allow REDIRECT rules. 2014-03-21 13:28:00 +01:00
Alexander Marx
c71499d8d9 Firewall: Rename defaultNetworks to netsettings 2014-03-21 12:51:18 +01:00
Alexander Marx
fd169d0adc Firewall: DNAT - Show right DNAT interface in ruletable 
Now:
When using a hostgroup as source there are all corresponding DNAT
interfaces shown in ruletable depending on the entries in the group.

When in DNAT area "-automatic" is selected, the DNAT interfaces are
shown as IP-Addresses, else they are shown as "ORANGE","GREEN","BLUE"...

BUGFIX: When there is a MAC address used in a sourcegroup, the rules could not be set. Now MAC addresses get allways the public interface as DNAT
 2014-03-21 12:51:09 +01:00
Alexander Marx
4e54e3c6f5 Firewall: Move some functions from rules.pl to firewall-lib.pl 2014-03-21 12:51:04 +01:00
Michael Tremer
d7a14d01e1 firewall: rules.pl: Fix rules with other NAT port. 2014-03-21 12:40:55 +01:00
Arne Fitzenreiter
cec275c9df Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2014-03-19 19:07:27 +01:00
Arne Fitzenreiter
b3c0c61132 hostapd: enable CONFIG_ACS for dfs channels. 2014-03-19 19:03:22 +01:00
Arne Fitzenreiter
dea9e7193c core76: add wpa_supplicant to update. 2014-03-19 09:05:37 +01:00
Arne Fitzenreiter
ece72ab98f Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2014-03-19 07:23:40 +01:00
Arne Fitzenreiter
f89678de2f hostapd: update to 2.1. 2014-03-19 07:22:49 +01:00
Michael Tremer
b0d9fad3f9 firewall: rules.pl: Add support for auto selection of NAT addresses. 2014-03-18 23:49:23 +01:00
Arne Fitzenreiter
be0d1005fd core76: add tzdata to update. 2014-03-18 07:28:13 +01:00
Arne Fitzenreiter
4f92fd2aeb tzdata: fix rootfile. 2014-03-18 07:20:41 +01:00
Arne Fitzenreiter
607c9d3ae0 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2014-03-18 00:22:24 +01:00
Arne Fitzenreiter
e583643a25 kernel: add pcengines apu led support. 2014-03-18 00:21:38 +01:00
Michael Tremer
da7a2208d3 firewall: rules.pl: Code cleanup. 2014-03-17 18:03:00 +01:00
Michael Tremer
5cf8c8c123 firewall: Fix DNAT rules between internal zones. 2014-03-17 17:39:47 +01:00
Michael Tremer
c2a1af7545 firewall: rules.pl: Sanitise source and destination IP addresses. 
Those variables are now empty if source or destination are
unspecified.
 2014-03-17 16:24:23 +01:00