bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00

Author	SHA1	Message	Date
Michael Tremer	b32a8aefa2	core106: Ship updated iptables.cgi file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-10 12:04:24 +01:00
Matthias Fischer	58c2333bdc	iptables.cgi: cosmetics - wider columns Hi, Since the first three columns of 'iptables.cgi' gave a nearly unreadable output with large numbers, so I made 'pkts', 'bytes' and 'target'-columns a bit wider. BEFORE - it was something like this: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytestarget proc opt in out source destination 32M38G BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 32M38G CUSTOMINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M38G P2PBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 32M38G GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0 00 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0 32M38G IPTVINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M38G ICMPINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M38G LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0 21M21G CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0 393873484KDHCPGREENINPUTall -- green0 * 0.0.0.0/0 0.0.0.0/0 645153642KGEOIPBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 386592304KIPSECINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 386592304KGUIINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 368332209KWIRELESSINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW 368332209KOVPNINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 368332209KTOR_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 368332209KINPUTFW all -- * * 0.0.0.0/0 0.0.0.0/0 309641833KREDINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 309641833KPOLICYIN all -- * * 0.0.0.0/0 0.0.0.0/0 AFTER - somehow better readable - I think: ;-) Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target proc opt in out source destination 32M 38G BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 32M 38G CUSTOMINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M 38G P2PBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 32M 38G GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0 32M 38G IPTVINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M 38G ICMPINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 32M 38G LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0 21M 21G CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0 39387 3484K DHCPGREENINPUT all -- green0 * 0.0.0.0/0 0.0.0.0/0 64515 3642K GEOIPBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 38659 2304K IPSECINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 38659 2304K GUIINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 36833 2209K WIRELESSINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW 36833 2209K OVPNINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 36833 2209K TOR_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 36833 2209K INPUTFW all -- * * 0.0.0.0/0 0.0.0.0/0 30964 1833K REDINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 30964 1833K POLICYIN all -- * * 0.0.0.0/0 0.0.0.0/0 Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-10 12:03:51 +01:00
Arne Fitzenreiter	f824cd285b	setclock: accept also empty logfile timestamp Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-09 12:10:15 +02:00
Arne Fitzenreiter	0807ce69ee	setclock: prevent time bacjump by empty rtc batteries This is a work around to prevent not working dns resolution if the time jumps before the DNSSec signing key. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-08 15:43:54 +02:00
Arne Fitzenreiter	0d7ca700bd	unbound: skip green interface if ip was set to 1.1.1.1 this is a reserved marker for unused green ip. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-07 11:27:33 +02:00
Michael Tremer	e22bcd38d6	unbound: Correctly format PTR records Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-06 10:42:49 +01:00
Michael Tremer	71cf56fe53	core106: Restart DHCP server to import leases into DNS Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-06 10:41:54 +01:00
Michael Tremer	eef9b2529c	setup: Store passwords in SHA format htpasswd doesn't protect passwords very well. MD5 was used before and now any newly created passwords will use the SHA format. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-04 22:41:48 +01:00
Michael Tremer	574ee681d2	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next	2016-10-04 22:34:23 +01:00
Arne Fitzenreiter	e3a90a5736	Revert "core106: Add DNS root key to exclude list" This reverts commit `f58002a83f`.	2016-10-04 22:05:26 +02:00
Arne Fitzenreiter	a48a2034f5	unbound: fix update forwarders if unbound was not running psgrep has no "-q" switch so i use pidof. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-04 19:24:26 +02:00
Arne Fitzenreiter	9aa7b0469d	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-10-03 17:55:42 +02:00
Arne Fitzenreiter	f75c279b97	unbound: fix reverse lockup of webif defined hosts and make the own host resolveable. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-03 17:53:13 +02:00
Michael Tremer	350e29c26f	Update translations Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-03 12:13:43 +01:00
Matthias Fischer	c5f633c917	guardian 2.0: suggested cosmetic changes I did the following: - Rearranged the fields on 'guardian.cgi' a bit - in a (hopefully) logical manner, so that they don't need so much room. - Added some translation-strings and explanations to (revised) 'guardian.cgi'. - Added missing language string(s), deleted obsolete. - Deleted all guardian entries from standard language files in '/var/ipfire/langs'-directory. - Added (upgraded) addon-specific language files to '/var/ipfire/addon-lang'-directory. I hope, I didn't forget something... Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2016-10-03 12:12:13 +01:00
Michael Tremer	52587edac4	core106: Ship updated libidn Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-03 11:45:36 +01:00
Matthias Fischer	64602fdf7d	libidn: Update to 1.33 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-03 11:40:40 +01:00
Arne Fitzenreiter	642b831b72	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-10-02 16:36:57 +02:00
Arne Fitzenreiter	e24d6112bb	index.cgi: display unbound dns servers Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 16:35:50 +02:00
Michael Tremer	5edc06b701	Remove IPAC stuff This is unused for a very very very long time and serves no purpose any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-02 15:13:55 +01:00
Arne Fitzenreiter	cc60329d88	Add search domain to /etc/resolv.conf at boot time unbound does not append the local domain to the request any more (like dnsmasq did). Therefore, the client needs to do that if desired. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 15:32:14 +02:00
Arne Fitzenreiter	b29c97b168	unbound: Test upstream name servers before using unbound has some trouble with validating DNSSEC-enabled domains when the upstream name server is stripping signatures from the authoritative responses. This script now checks that, removes any broken upstream name servers from the list and prints a warning. If all name servers fail the test, unbound falls back into recursor mode. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 15:25:23 +02:00
Arne Fitzenreiter	f58002a83f	core106: Add DNS root key to exclude list Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 13:36:07 +02:00
Arne Fitzenreiter	9f50355a8c	unbound: Update to 1.5.10 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 13:35:45 +02:00
Michael Tremer	a1de9f6fc9	core106: Ship updated /etc/login.defs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-01 18:56:42 +01:00
Michael Tremer	80bc60228b	unbound: Print nicer error message when already running Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-01 18:55:23 +01:00
Michael Tremer	46d8d50f45	unbound: Start unbound when invoked by DHCP scripts Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-01 18:52:07 +01:00
Michael Tremer	da31472505	shadow-utils: Create standard set of configuration files Previously we copied the default configuration from the upstream package and modified that. Unfortunately a patch and a sed command changed the file which resulted in unwanted changes. This patch removes the patch and sed command and adds a new set of configuration files that just need to be copied to the system. Fixes #11195 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-01 18:42:18 +01:00
Arne Fitzenreiter	60fc489b04	attr: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-01 15:17:37 +02:00
Arne Fitzenreiter	829435bea3	ntp: fix wait for red if dhcp or wpasupplicant is running. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 20:15:53 +02:00
Arne Fitzenreiter	3cf764f338	samba: default enable SMBv2. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 19:38:38 +02:00
Arne Fitzenreiter	b547554aea	core106: ship mt7601u firmware. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 19:20:14 +02:00
Arne Fitzenreiter	dee3be75f9	mpfr: fix missing eof in rootfile. this is the reason for missing mt7601u firmware. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 19:18:21 +02:00
Michael Tremer	92aebbcddd	Revert "libjpeg: update to 1.4.2" This reverts commit `feba68e4af`. Breaks building netpbm Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-27 09:44:49 +01:00
Arne Fitzenreiter	01176164b5	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-09-26 23:18:30 +02:00
Arne Fitzenreiter	de48b89ca1	Revert "Revert "tcl: update to 8.6.6"" with new krb5 also the tcl update works. This reverts commit `053c554822`. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-26 23:17:08 +02:00
Michael Tremer	e26a93322d	core106: Add recently updated packages, etc. This update removes dnsmasq and replaces it with unbound. Also many packages are updated and shipped. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 21:03:33 +01:00
Michael Tremer	59bddc7989	Start Core Update 106 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 20:25:22 +01:00
Marcel Lorenz	feba68e4af	libjpeg: update to 1.4.2 The old libjpeg is renamed to libjpeg-compat The compat makes the old libs maintainable Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 20:18:25 +01:00
Arne Fitzenreiter	b8987235d2	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-09-26 18:53:49 +02:00
Arne Fitzenreiter	724c0b8e4b	attr: rootfile update. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-26 18:51:27 +02:00
Jonatan Schlag	4141e0aad1	Update krb5 to 1.14.4 This commit updates krb5 to version 1.14.4 The patch is removed, because he is upstream since 1.12.2. The samba version is incremented, to link samba against the new krb5 version. Otherwise samba for example is linked against /usr/lib/libkdb5.so.7 but the current version is /usr/lib/libkdb5.so.8 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 14:42:08 +01:00
Michael Tremer	78c3ea61b2	openssl: Update to 1.0.2j Missing CRL sanity check (CVE-2016-7052) ======================================== Severity: Moderate This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. OpenSSL 1.0.2i users should upgrade to 1.0.2j The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development team. https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 14:37:20 +01:00
Arne Fitzenreiter	def1ad3e94	rootfile updates: attr, ed, gawk Check rootfiles before commit !!! Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-26 13:08:02 +02:00
Arne Fitzenreiter	053c554822	Revert "tcl: update to 8.6.6" breaks kerberos (krb5) build. This reverts commit `282dfe0bb9`. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-26 07:17:04 +02:00
Arne Fitzenreiter	e70d2dc27d	transmission: update to 2.92 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-24 16:44:47 +02:00
Marcel Lorenz	1031bcee20	iproute2: update to 4.7.0 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-24 13:11:30 +01:00
Marcel Lorenz	54a59fd892	usb_modeswitch_data: update to 20160803 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-24 13:08:57 +01:00
Marcel Lorenz	96f333a627	usb_modeswitch: update to 2.4.0 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-24 13:08:56 +01:00
Marcel Lorenz	2429b9210f	ipset: update to 6.29 Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-24 13:07:53 +01:00

1 2 3 4 5 ...

10328 Commits