Add the option to select the runmode for suricata, wheater it
should run in intrusion detection mode or intrusion prevention mode.
If the option has not configured yet, it defaults to IPS mode.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Changes includes:
Own crypto warning and error message in WUI (can be extended to configuration too).
Check if DH-parameter is < 2048 bit with an error message and howto fix it.
Check if md5 is still in use with an error message and suggestion how to proceed further to fix it.
Check for soon needed RFC3280 TLS rules compliants and suggestion how to proceed further to fix it.
Disabled 1024 bit DH-parameter upload.
Changed de and en language files for DH-parameter upload (deleted 1024 bit).
Added explanations to de and en language files for the above changes.
Fixed Typo in en language file.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since OpenVPN-2.4.x, a lot of changes has been introduced. This patch should help the users for better understanding of errors in the cryptography.
It includes also potential warnings for upcoming changes and needed adjustments in the system.
This can also be extended in the future for upcoming configuration changes.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This allows to create an IPsec connection that will never actively
try to reach the other peer. It helps in environments where this is
not desired or impossible because of NAT.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fix some minor cosmetic issues on remote.cgi as well as a typo in
the language files ("sesstions" -> "sessions"). The changes are
listed in "filelists" for Core Update 121.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.
This patch adds a new languagefileword "fwdfw all subnets" which is used in firewall.cgi and fwhosts.cgi
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added 'Captive' localization string in 'de/en.pl'.
After a fresh install of Core 117, the system log shows a blank line
for 'Captive Portal' entries.
Deleted translation for 'Captive menu' and changed '30-network.menu' accordingly
to avoid duplicate translation strings.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Correct some grammar errors and unify spelling of interface names (GREEN vs. GRÜN).
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add GeoIP and rDNS information to DNS nameserver list at netexternal.cgi
Use newly implemented GeoIP function in /var/ipfire/geoip-functions.pl
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Voucher was used instead of coupon in English, and Coupon
was used instead of Gutschein in German.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is the new design of the access page of the captive
portal. It is based on the Bootstrap 4 grid system and
reboot but does not use anything else from it.
It is responsive and customisable.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
To improve the user experience, the configuration part of generating new vouchers has been reworked.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Introduce new Captive-Portal.
Here we add the menu, apache configuration (vhost), IPFire configuration
website and Captive-Portal Access site. Also the languagefiles are
updated.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
