webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,545 Commits 2 Branches 1 Tag
8b7417c50b8d3de46003bd40d779bef222dc4171
Commit Graph

4829 Commits

Author SHA1 Message Date
Michael Tremer
924f5d6f1a core95: Ship changed firewalllogcountry.dat 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-18 18:54:25 +01:00
Michael Tremer
ea3eac2c50 core95: Ship changed pppsetup.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-18 18:52:07 +01:00
Michael Tremer
f439097499 core95: Ship ddns update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-17 01:27:07 +01:00
Michael Tremer
075b6e10db core95: Ship IPsec blocking changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-15 22:46:33 +01:00
Michael Tremer
80fbd89949 ipsec: Add block rules to avoid conntrack entries 
If an IPsec VPN connections is not established, there are
rare cases when packets are supposed to be sent through
that said tunnel and incorrectly handled.

Those packets are sent to the default gateway an entry
for this connection is created in the connection tracking
table (usually only happens to UDP). All following packets
are sent the same route even after the tunnel has been
brought up. That leads to SIP phones not being able to
register among other things.

This patch adds firewall rules that these packets are
rejected. That will sent a notification to the client
that the tunnel is not up and avoid the connection to
be added to the connection tracking table.

Apart from a small performance penalty there should
be no other side-effects.

Fixes: #10908

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cc: tomvend@rymes.com
Cc: daniel.weismueller@ipfire.org
Cc: morlix@morlix.de
Reviewed-by: Timo Eissler <timo.eissler@ipfire.org>
 2015-10-15 22:44:47 +01:00
Michael Tremer
4504c412af procps: Ship pgrep 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-03 19:53:57 +01:00
Michael Tremer
8235f17df5 strongswan: Update to 5.3.3 
ChaCha is disabled since our kernel does not support it yet

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-10-03 19:17:01 +01:00
Michael Tremer
26e91280ea Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 20:14:42 +01:00
Arne Fitzenreiter
16016ff2b0 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2015-09-28 18:42:57 +02:00
Arne Fitzenreiter
95b09c86d6 Merge remote-tracking branch 'origin/master' into next 2015-09-28 18:40:32 +02:00
Arne Fitzenreiter
c5a5e4abb0 core94: restart init after glibc update. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-28 16:58:58 +02:00
Michael Tremer
55eb745e65 core95: Ship changed files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 14:35:54 +01:00
Michael Tremer
dfe630f77c Merge remote-tracking branch 'ms/experimental-vlan-hotplugging' into next 2015-09-28 14:33:49 +01:00
Michael Tremer
c400bc2d7d core95: Ship changed files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 14:25:53 +01:00
Michael Tremer
b1881251d6 Merge remote-tracking branch 'ms/ipsec-subnets' into next 2015-09-28 14:21:18 +01:00
Michael Tremer
4b046d735d Start Core Update 95 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 14:08:27 +01:00
Michael Tremer
d86694ad1f Merge branch 'master' into next 2015-09-28 14:05:26 +01:00
Michael Tremer
9dd14089ce core94: Fix dead symlinks in filelist 
The rootfiles have been renamed, but not the symlinks
were not.

Fixes #10931

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-28 11:59:20 +01:00
Arne Fitzenreiter
c9f0174979 kernel: update to 3.14.53 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-27 12:58:22 +02:00
Arne Fitzenreiter
8f1fe7c531 core94: fix chrontab modification check for dma. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-27 10:56:34 +02:00
Arne Fitzenreiter
ccb8e47d0e core94: allow rootlogin only if the user has not blocked it before. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-27 10:42:38 +02:00
Arne Fitzenreiter
d82c564b23 core94: fix sed syntax. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-27 10:42:01 +02:00
Michael Tremer
7c8e022c4b firewall: Support multiple subnets per IPsec tunnel 
Fixes #10929

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-22 00:26:37 +01:00
Michael Tremer
ed5fee308f core94: Ship changed CGI files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-21 16:46:21 +01:00
Michael Tremer
b1fb211827 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-09-21 16:12:25 +01:00
Michael Tremer
34ca230867 core94: Ship changed setup package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-20 13:31:58 +01:00
Arne Fitzenreiter
01d61d1549 network_functions.pl: fix ip_address_in_network for x86_64 
calculation of last address must use only 32bit of inverted netmask.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-20 13:03:34 +02:00
Arne Fitzenreiter
4d4f36ef55 kernel: Update pcengines apu led patch for x86_64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-20 12:46:12 +02:00
Michael Tremer
83490805a4 core94: Ship updated initscripts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-19 18:51:38 +01:00
Michael Tremer
048c2ff77d core94: Ship updated iproute2 package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-19 18:50:14 +01:00
Matthias Fischer
9b3ffc7457 iproute2: Update to 4.2.0 
List of changes can be seen at
http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/log/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-19 18:49:24 +01:00
Arne Fitzenreiter
25a9df261e perl-Email-Date-Format: fix rootfile name. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-18 01:21:20 +02:00
Arne Fitzenreiter
b88a7166bc perl-MIME-Lite: fix rootfile name. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-18 01:20:01 +02:00
Arne Fitzenreiter
e07760a24b binutils: rootfile update. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-17 13:13:19 +02:00
Arne Fitzenreiter
7f16eac4a4 qemu: update to 2.4.0 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-17 12:57:31 +02:00
Arne Fitzenreiter
9890333ecb linux: rootfile update. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-17 12:56:48 +02:00
Arne Fitzenreiter
40baf26143 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-09-16 20:28:53 +02:00
Arne Fitzenreiter
c97dda34de qemu: enabled x86_64 for build and as target. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-16 20:27:52 +02:00
Michael Tremer
c97b3aa372 core94: Add changed snort initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-14 23:21:48 +01:00
Alexander Marx
6a3d7dff1f DMA: added new file mail.conf to rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-14 13:49:23 +01:00
Michael Tremer
5a9e755a2a core94: Add recently updated packages 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-12 16:47:12 +01:00
Matthias Fischer
67cafd240f libgpg-error: Update to 1.20 
* configure.ac: Set LT version to C16/A16/R0.

Add new version macros.
* src/gpg-error.h.in (GPGRT_VERSION): New.
(GPGRT_VERSION_NUMBER): New.
(GPG_ERROR_VERSION, GPG_ERROR_VERSION_NUMBER): Move to top of file.

Add macro GPGRT_INLINE and avoid -Wundef warnings.
* src/gpg-error.h.in (GPG_ERR_INLINE): Use #if defined for possible
undefined macros to avoid warning with GCC's -Wundef option.
(GPGRT_INLINE): New.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-12 15:53:18 +01:00
Matthias Fischer
09f13f8366 libgcrypt: Update to 1.6.4 
* configure.ac: Change LT version to C20/A0/R4.

w32: Avoid a few compiler warnings.
* cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
as unused.
* random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
warning.
* src/secmem.c (init_pool): Avoid unused variable warning.
* tests/random.c (writen, readn): Include on if needed.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-12 15:52:45 +01:00
Michael Tremer
27957a3f2b Merge remote-tracking branch 'ms/x86_64' into next 2015-09-11 15:06:09 +01:00
Michael Tremer
4ff2679978 x86_64: Add more architecture-dependent rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-11 15:37:20 +02:00
Michael Tremer
ba58389215 kernel: Add a preliminary kernel from the i586 PAE configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-11 00:20:08 +02:00
Michael Tremer
ebf9683b4d grub: Build for x86_64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-11 00:18:41 +02:00
Michael Tremer
7c111f7d49 acpid: Build for x86_64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-11 00:16:41 +02:00
Michael Tremer
f6529a04a3 IPsec: Add option to force using MOBIKE 
Some peers that are behind a NAT router that fails
to properly forward IKE packets on UDP port 500 cannot
establish an IPsec connection. MOBIKE tries to solve that
by sending these packets to UDP port 4500 instead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-10 13:35:24 +01:00
Michael Tremer
71940784ef fireinfo: Import upstream patch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-01 00:12:31 +01:00