We cannot reliably detect in this script any more if the
system has an actual HWRNG (/dev/hwrng always exists).
Therefore we always start the daemon now and let it
deal with what ever comes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Install initscript for NRPE addon.
The second version of this patch actually includes the
initscript, which was missing due to lack of coffee the
first time. :-)
Thanks to Michael for catching it.
Resent due to crappy linewrapping in initscript by MUA.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
DNSSEC-validating nameservers return an "ad" (Authenticated Data)
flag in the DNS response header. This can be used as a negative
indicator for DNSSEC validation: In case a nameserver does not
return the flag, but failes to look up a domain with an invalid
signature, it does not support DNSSEC validation.
This makes it easier to detect nameservers which do not fully
comply to the RFCs or try to tamper DNS queries.
See bug #11595 (https://bugzilla.ipfire.org/show_bug.cgi?id=11595) for further details.
The second version of this patch avoids unnecessary usage of
grep. Thanks to Michael Tremer for the hint.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This didn't build and run in ages and has been removed from
the repositories quite a while ago.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When loading the initscript of the firewall the neccessary chains for
the captive portalneed to be created.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
this resolves problems that negative answers from
a forwarder was still used after setting new servers.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the ntp initskript will only run at first connection try. If this fails
and the connection can established later DNS will not work if the clock
is too far away.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
new versions of agetty missinterpretes the baudrate and set it as TERM
without the parameter agetty use the previous rate that was set by the
kernel via console=XXX,Baudrate parameter.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Unbound was trying to check availability of the upstream name servers
when /var/ipfire/red/active is present. This patch removes it first
and then brings down the red device.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.
Fixes#11315
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some hosters have their gateway in a different subnet than
the RED interface is to save IPv4 address space.
This patch sets a host route to that gateway so that
IPFire can be installed in data centres that use such
technique.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
