bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-17 14:33:00 +02:00

Author	SHA1	Message	Date
Stefan Schantl	b60fd7a3e2	Core 130: Remove files after convert-snort has been launched The converter requires /etc/snort/snort.conf to grab the used rule files (categories). After all settings have been converted, we are fine to delete all snort related files, because none of them is needed anymore. Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the system and at any later time a backup will get restored, the converter will be started by the backup script, because it detects that a snort settins dir exists and would be restore the old snort settings and replaces all current IPS settings. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-16 21:22:50 +00:00
Michael Tremer	08ded6035f	dnsforward.cgi: Check DISABLE_DNSSEC checkbox when editing Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-18 15:36:04 +00:00
Michael Tremer	3b521c724f	ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-18 15:25:48 +00:00
Michael Tremer	a46903cce3	core130: Ship updated unbound Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-16 12:32:10 +00:00
Matthias Fischer	6f8b156bf0	unbound: Update to 1.9.1 For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-March/011415.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-16 12:31:29 +00:00
Michael Tremer	2c703afc04	core130: Ship updated ntp Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-16 12:30:22 +00:00
Michael Tremer	e1d9148b61	Fix python3-yaml rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-16 10:00:19 +00:00
Stefan Schantl	9c4477d0f3	core130: Fix another error in rootfile Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-15 14:36:15 +00:00
Michael Tremer	03f68cbca9	core130: Fix errors in rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-15 13:20:23 +00:00
Michael Tremer	f9219b91a1	core130: Ship suricata Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-14 13:48:25 +00:00
Michael Tremer	01604708c3	Merge remote-tracking branch 'stevee/next-suricata' into next	2019-03-14 13:19:35 +00:00
Michael Tremer	c578cbd35f	core130: Ship updated firewall script Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-14 13:16:33 +00:00
Michael Tremer	b450e7e3e6	Start Core Update 130 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-14 13:15:03 +00:00
Arne Fitzenreiter	668119063c	u-boot: try to boot without ramdisk if the system cannot load it Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-13 15:17:28 +01:00
Arne Fitzenreiter	eaf004a468	knot: update to 2.8.0 and build/install only kdig This fix compile errors on small arm boards. (cc1 internal error) Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-13 15:06:23 +01:00
Arne Fitzenreiter	b57220aacd	groff: update to 1.22.4 This fix compile problems on small arm boards. (cc1 internal error) Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-13 15:04:40 +01:00
Stefan Schantl	e8b1b397c1	suricata: Remove unneeded stuff during build Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-13 10:03:48 +01:00
Michael Tremer	e26e86dcaa	core129: Ship updated dnsforward.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-11 15:58:04 +00:00
Michael Tremer	f1042a5d44	core129: Ship updated dhcp.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-11 09:54:19 +00:00
Michael Tremer	61424e9c67	core129: Ship updated less Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-10 18:23:22 +00:00
Peter Müller	e29c6d29c9	Postfix: update to 3.4.1 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-10 18:22:39 +00:00
Stefan Schantl	fd378b3b08	Rename snort user and group to suricata This only affects new installations. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-10 18:50:37 +01:00
Michael Tremer	38081b8be1	suricata: Run as non-root user This patch does not have any effect (yet) and is untested because suricata needs to be built against libcap-ng which is currently not being packaged for IPFire. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-10 18:02:39 +01:00
Stefan Schantl	2bec60c347	suricata: Update to 4.1.3 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-10 17:34:03 +01:00
Stefan Schantl	1fbf0788bf	Move IDS/IPS menu entry to firewall section Fixes #12011. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-10 13:27:52 +01:00
Michael Tremer	50fcec161c	/etc/group: Order groups by ID Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-08 10:11:23 +00:00
Michael Tremer	3d0a190843	/etc/passwd: Order users by ID Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-08 10:08:02 +00:00
Alexander Koch	06fc6170a2	zabbix_agentd: New addon New addon for monitoring IPFire by Zabbix Monitoring (https://www.zabbix.com/features). See https://forum.ipfire.org/viewtopic.php?f=52&t=22039 and https://lists.ipfire.org/pipermail/development/2019-February/005324.html for further details. Best regards, Alex Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-08 09:55:18 +00:00
Erik Kapfer	57d1564b3e	iptables: Commented legacy ip(6)tables entries from ROOTFILE Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-08 09:49:07 +00:00
Michael Tremer	ea9cb48ae7	core129: Ship wpa_supplicant Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Michael Tremer	146c837e78	netsnmp: Fix rootfile to build on other architectures Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Erik Kapfer	758a1893a1	netsnmpd: Update to version 5.8 Overview of the changes can be found in here https://sourceforge.net/p/net-snmp/mailman/message/36386084/ . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Erik Kapfer	3f2341da8d	iptables: Update to 1.8.2 netfilter-layer7 has also been updated to v2.23 . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Michael Tremer	71a355c3a2	Merge branch 'ipsec-on-demand' into next	2019-03-05 15:25:36 +00:00
Stefan Schantl	b051eb68b6	libcap-ng: New package Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-03 15:10:02 +01:00
Michael Tremer	26c758cf48	suricata: Drop parsers I have never heard of Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-03 10:55:31 +01:00
Michael Tremer	8efbd71caa	suricata: Configure HTTP decoder This will now scan all request and response bodies where possible and use up to 256MB of RAM Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-03 10:55:31 +01:00
Michael Tremer	96495c9aa2	Revert "Suricata: detect DNS events on port 853, too" This reverts commit `ad99f959e2`. It does not make any sense to try to decode the TLS connection with the DNS decoder. Therefore should 853 (TCP only) be added to the TLS decoder. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-03 10:55:30 +01:00
Michael Tremer	a079f7aaee	core129: Ship updated proxy.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:14:14 +00:00
Michael Tremer	3d01a8f1a6	core129: Ship updated ipset Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:12:18 +00:00
Erik Kapfer	46a073f1b5	ipset: Update to version 7.1 Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:11:19 +00:00
Michael Tremer	7c57cbe24b	core129: Ship updated tar Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:11:02 +00:00
Michael Tremer	15c71234ca	core129: Ship updated bind Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:10:21 +00:00
Matthias Fischer	ae45fb5193	bind: Update to 9.11.6 For details see: http://ftp.isc.org/isc/bind9/9.11.6/RELEASE-NOTES-bind-9.11.6.html Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:10:03 +00:00
Michael Tremer	ae4ca7ef13	core129: Ship updated squid Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:09:00 +00:00
Michael Tremer	e1982c695c	spectre-meltdown-checker: New package This makes it easy to install the script and check the vulnerability status of a system IPFire is running on. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 13:24:44 +00:00
Michael Tremer	771c9b78ee	binutils: Ship strings & readelf This is needed by the spectre meltdown checker script Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 13:01:42 +00:00
Michael Tremer	5d04cfe7d5	suricata: Use highest bit to mark packets We are using the netfilter MARK in IPsec & QoS and this is causing conflicts. Therefore, we use the highest bit in the IPS chain now and clear it afterwards because we do not really care about this after the packets have been passed through suricata. Then, no other application has to worry about suricata. Fixes: #12010 Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-01 17:56:48 +01:00
Michael Tremer	c9ee3592f0	suricata: Fix syntax error Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-01 17:56:47 +01:00
Michael Tremer	99d75ac72e	suricata: Start capture first and then load rules Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-03-01 17:56:47 +01:00

1 2 3 4 5 ...

6525 Commits