bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00

Author	SHA1	Message	Date
Stefan Schantl	c1c754a121	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-02-08 09:59:31 +01:00
Peter Müller	e01e07ec8b	apply default firewall policy for ORANGE, too If firewall default policy is set to DROP, this setting was not applied to outgoing ORANGE traffic as well, which was misleading. Fixes #11973 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 15:15:32 +00:00
Stefan Schantl	5206a3358d	update-ids-ruleset: Lock and Unlock the IDS page during runtime Reference #11991 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-07 08:06:49 +01:00
Stefan Schantl	8117fff863	IDS: Call helper script when red interface gets up The helper script will be automatically called when the red interface gets up and will re-generate the HOME_NET file, to take care if the IP-address of this interface has changed. Fixes #11989 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-06 15:40:19 +01:00
Stefan Schantl	af0065691c	suricata: Do not display messages when starting up Fixes #11979. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-05 13:57:40 +01:00
Stefan Schantl	c9b07d6a0c	initscripts/suricata: Generate firewall rules on start and reload Fixes #11978 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 13:47:07 +01:00
Stefan Schantl	d6f725e185	update-ids-ruleset: Improve error reporting if the system is offline Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 10:57:31 +01:00
Michael Tremer	17c2c09bcc	suricata: Scan outgoing traffic, too Connections from the firewall and through the proxy must be filtered, too Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-29 14:08:51 +01:00
Stefan Schantl	ca8c92108a	update-ids-ruleset: Set correct ownership for rulesdir and files Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-29 09:09:11 +01:00
Stefan Schantl	39155be805	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-26 12:40:04 +01:00
Peter Müller	fee8b1c504	OpenSSH: update to 7.9p1 Update OpenSSH to 7.9p1 (release note is available at https://www.openssh.com/txt/release-7.9). Patching support for OpenSSL 1.1.0 is no longer required, thus the orphaned patchfile has been deleted. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 05:13:47 +00:00
Arne Fitzenreiter	be838808e1	Merge remote-tracking branch 'origin/master' into next	2019-01-23 21:19:01 +01:00
Peter Müller	903052ddea	use HTTPS for downloading GeoIP database files Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 04:12:49 +00:00
Michael Tremer	480e301442	xtables-addons: Fix generating GeoIP database Perl seems to have a very funny feature where you cannot rely on how it formats IP addresses into a binary string. This seems to be 16 bytes long for IPv4 addresses when we (and the kernel) only expect 4. This patch changes this so that the last 12 bytes are just being dropped. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 04:12:41 +00:00
Peter Müller	d38e7e256d	use HTTPS for downloading GeoIP database files Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-21 21:03:38 +00:00
Stefan Schantl	c1a3401235	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-21 13:04:13 +01:00
Arne Fitzenreiter	9b86a7ec28	Merge remote-tracking branch 'origin/master' into next	2019-01-19 19:58:48 +01:00
Arne Fitzenreiter	271bac39a0	xt_geoip_updte: fix download url the maxmind server delivers an old version if there are two slashes before the database filename. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-19 15:16:43 +01:00
Peter Müller	47051c2a0a	drop orphaned OpenSSL patches Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:42:37 +00:00
Erik Kapfer	32ba431458	openssl: Update to version 1.1.1a Disabled MD2 and Aria cipher. TLSv1.3 is now available with: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 TLS_AES_128_GCM_SHA256 TLSv1.3 Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:33:20 +00:00
Michael Tremer	f0092a6e3e	keepalived: Move change of conntrack sysctl option into package The setting cannot be set on the default system because the ip_vs module is not loaded by default and there is no reason to load it just because we would be able to set the setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-13 12:50:26 +01:00
Matthias Fischer	042a5fe60a	tar: Update to 1.31, including fix for bug #11958 For details see: http://savannah.gnu.org/forum/forum.php?forum_id=9344 "- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482" This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958 Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems. As always, please check and confirm. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:31:43 +00:00
Stefan Schantl	b76a8a008d	xt_geoip_update: Adjust script to download and use the GeoLite2 database Fixes #11961. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:21:01 +00:00
Stefan Schantl	a77870146f	xtables-addons: Use shipped xt_geoip_build Use the shipped xt_geoip_build directly instead of holding a copy in our GIT. Reference #11959 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:20:22 +00:00
Michael Tremer	7d5caee6bd	Add initscript for conntrackd The daemon will be started by default when a configuration file exists. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-06 08:59:25 +00:00
Arne Fitzenreiter	5e6f343b7d	python: update to 2.7.15 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-06 15:51:53 +01:00
Arne Fitzenreiter	b15309e9d1	transmission: update to 2.94 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-05 13:47:31 +01:00
Matthias Fischer	c86d893830	squid: Update to 4.5 For details see: http://www.squid-cache.org/Versions/v4/changesets/ Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-31 00:37:51 +00:00
Stefan Schantl	7b6f8596ed	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2018-12-28 07:36:59 +01:00
Michael Tremer	e978f0429f	keepalived: Fix incorrect path in initscript This path to keepalived was just incorrect and therefore the daemon could not easily be reloaded. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 23:38:48 +00:00
Michael Tremer	f33d28978d	unbound: Use correct parameter for IP addresses and hostnames Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 21:00:21 +01:00
Michael Tremer	c9ae511ecf	unbound: Allow forwarding to multiple servers at the same time Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 20:23:59 +01:00
Matthias Fischer	a2bcb4135b	squid: Update to 4.4 (stable) For details see: http://www.squid-cache.org/Versions/v4/changesets/ In July 2018, 'squid 4' was "released for production use", see: https://wiki.squid-cache.org/Squid-4 "The features have been set and large code changes are reserved for later versions." I've tested almost all 4.x-versions and patch series before with good results. Right now, 4.4 is running here with no seen problems together with 'squidclamav', 'squidguard' and 'privoxy'. I too would declare this version stable. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:30:51 +00:00
Stefan Schantl	f5ad510e3c	suricata: Use "2" as repeat-mark and repeat-mask. The previous used "1" was already used to mark source-natted packets. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2018-12-17 15:04:48 +01:00
Stefan Schantl	848ac69009	grub: xfs: Accept filesystem with sparse inodes Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-13 13:07:53 +00:00
Michael Tremer	81e1e80e38	AWS: Prefer red* or eth* when importing configuration This change is necessary to make sure that the script prefers are link with internet access. That would usually be red (after the second boot) or eth* (on the first boot). That allows (and ensures) that we can install packages in the user-data script. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-12 11:36:44 +00:00
Stefan Schantl	a13ddf04d9	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2018-12-12 09:27:59 +01:00
Michael Tremer	58e840bd96	installer: Intialize part_boot_efi_idx This variable was not initialized on systems where EFI was not in use. Therefore the generated parted command line was not valid and caused the installation to abort. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 20:43:24 +00:00
Michael Tremer	7e17de5f86	fireinfo: Add authentication for upstream proxies Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:38:21 +00:00
Arne Fitzenreiter	adde1ca8ce	Merge branch 'master' into next	2018-12-11 08:01:59 +01:00
Arne Fitzenreiter	ed4bbe44d1	kernel: fix dwc2 (usb) dma crashes on RPi1-3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-10 20:45:54 +01:00
Michael Tremer	c519be4226	haproxy: Create/restore backup when package is installed/uninstalled Fixes: #11946 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-10 00:36:04 +00:00
Arne Fitzenreiter	23a3aec100	cpufrequtils: update initskript for xz compressed modules Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-07 21:05:50 +01:00
Arne Fitzenreiter	56726ed954	rngd: update initskript and add hwrngtty support Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-06 22:33:05 +01:00
Michael Tremer	93363446e4	AWS: Add a timestamp to user-data.log This way, multiple (failed) runs of the script won't overwrite the log file. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-05 14:42:54 +00:00
Michael Tremer	1022b203ad	AWS: Write user-data.log to /var/log This should not be in /root at all. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-05 14:38:28 +00:00
Michael Tremer	e0986954d4	bird: Launch service on install and add symlinks to start at boot time Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Michael Tremer	a4e3a76af9	bird: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Michael Tremer	9fbbf3fda2	shairport-sync: Add install/uninstall scripts These scripts will install symlinks to start the service at boot time. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 18:57:55 +00:00
Michael Tremer	6dc7b04bea	shairport-sync: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 18:55:35 +00:00

1 2 3 4 5 ...

3417 Commits