webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 03:25:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,634 Commits 2 Branches 1 Tag
bcd9852e2ee73b741f5996ecc05ba3758d330fb8
Commit Graph

1962 Commits

Author SHA1 Message Date
Michael Tremer
ec36876e6a wirelessctrl: Fix evaluation of configuration settings. 2013-10-01 17:45:00 +02:00
Michael Tremer
6adacba055 tor: Increase number of max. open file descriptors. 2013-09-30 12:14:09 +02:00
Michael Tremer
ec9f81be0c Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen 2013-09-26 16:12:15 +02:00
Arne Fitzenreiter
68c2cbedf0 kernel: update to 3.10.12. 2013-09-21 11:40:57 +02:00
Michael Tremer
035ace2cbb coreutils: Use PIE version of LFS uname patch. 2013-09-17 17:29:19 +02:00
Arne Fitzenreiter
5a6804a247 Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen 2013-09-15 18:42:33 +02:00
Arne Fitzenreiter
7284262a5e kernel: add arm7 multiplatform kernel. 
not booting on panda yet.
 2013-09-15 18:41:16 +02:00
Arne Fitzenreiter
1a78fe5e2d firstsetup: add missing "fi". 2013-09-14 12:38:39 +02:00
Arne Fitzenreiter
305a7b3888 xen-legacy-kernel: removed. 2013-09-12 00:55:41 +02:00
Arne Fitzenreiter
7676ceba65 firstsetup: don't overwrite meta-linux-pae if already present. 2013-09-12 00:51:50 +02:00
Arne Fitzenreiter
8d862ed59a gcc: add forgotten patch. 2013-09-08 20:50:29 +02:00
Michael Tremer
27ba58fb46 wirelessctrl: Silence error messages when no BLUE device is configured. 2013-09-07 16:10:02 +02:00
Michael Tremer
d69bf6191a wirelessctrl: Re-indent the code. 2013-09-07 15:21:40 +02:00
Arne Fitzenreiter
7419447856 kernel: updated rpi and kirkwood config. 2013-09-06 13:06:09 +02:00
Michael Tremer
a0010abd6f fireinfo: Import latest changes from upstream. 2013-09-02 22:47:34 +02:00
Michael Tremer
8e9a041324 openvpnctrl: Silence PID file error message. 2013-09-02 21:52:35 +02:00
Michael Tremer
3ad23ee1d9 openvpnctrl: Suppress silly error messages and cleanup coding style. 2013-09-02 21:05:47 +02:00
Arne Fitzenreiter
15ffeb1bdd probenic.sh: add usb support for kernel 3.10. 2013-09-02 10:55:49 +02:00
Arne Fitzenreiter
e2b79cd11e kernel: update to 3.10.10. 
enabled all DVB Devices and add some patches.
 2013-08-31 15:08:03 +02:00
Arne Fitzenreiter
2fce30e6a8 binutils: add PT_PAX_FLAGS patch. 2013-08-31 11:14:10 +02:00
Michael Tremer
2ac39db92e Merge remote-tracking branch 'amarx/firewall' into fifteen 2013-08-28 11:33:20 +02:00
Michael Tremer
c0b99a4ced bridge-utils: Fix compiling package. 2013-08-28 09:43:44 +02:00
Arne Fitzenreiter
bb5f0bf8f3 kernel: update to 3.10.9. 
use intel config from IPFire 3.x branch.
arm cfg is not present yet and some patches are missing.
 2013-08-27 20:28:07 +02:00
Michael Tremer
dea399178e tor: Fix initscript (again). 2013-08-24 17:19:36 +02:00
Arne Fitzenreiter
127b7c43d0 compat-drivers: add patch for atheros to ignore eeprom regdomain. 
patch is needed for access-point mode with channels>12 (2,4 and 5Ghz)
On cards that are set to WORLD "6A" (most new atheros cards)
these channels are set to passive scanning and this make it unuseable
for ap-mode.
 2013-08-23 14:46:27 +02:00
Michael Tremer
754f508b5b squid: Update to 3.3.8. 2013-08-22 12:57:56 +02:00
Michael Tremer
3765eb6179 tor: Only start tor when it has been enabled. 2013-08-19 13:23:51 +02:00
Timo Eissler
8ec8462ce3 xinetd: New package. 2013-08-18 16:20:59 +02:00
Michael Tremer
8c60701a4f forwardctrl: Remove unused and possibly dangerous flush option. 
Also remove unused header files.
 2013-08-12 14:42:16 +02:00
Michael Tremer
987b75bcd4 firewall: Add TOR chains. 2013-08-09 14:49:35 +02:00
Alexander Marx
e1efb8199d Forward Firewall: deleted postrouting block in firewall (not used anywhere) 2013-08-09 14:15:33 +02:00
Michael Tremer
bb12dd7b69 iptables: Cleanup creating SNAT/DNAT chains. 2013-08-09 14:15:33 +02:00
Michael Tremer
47cd046aed iptables: Remove OPENSSL{PHYSICAL,VIRTUAL} chains which are unused. 2013-08-09 14:15:33 +02:00
Michael Tremer
d5f1422d81 iptables: Jump into the firewall rulesets after everything else has been done. 2013-08-09 14:15:33 +02:00
Michael Tremer
51ab1de143 iptables: Create OVPNNAT chain after CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
815eaff433 iptables: Create guardian's chains after the CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
1e55533052 iptables: Cleanup creating the OVPNBLOCK chain. 
This should happen after the CUSTOM* chains.
 2013-08-09 14:15:32 +02:00
Michael Tremer
3b9a23ce07 iptables: Block all loopback packets on non-loopback interfaces. 2013-08-09 14:15:32 +02:00
Michael Tremer
afc611d448 iptables: Create LOOPBACK chain. 
This chain accepts all communication on the loopback
interface without running it through the entire connection
tracking first.

Packets on lo can never be blocked and must always be
accepted. The firewall has to trust itself anyway.
 2013-08-09 14:15:32 +02:00
Michael Tremer
c0359d6dfb iptables: Only jump into BADTCP for TCP packets. 
This saves us from evaluating lots of rules for non-TCP
packets.
 2013-08-09 14:15:32 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
e41b651b4a Forward Firewall: changed order of LOG and DROP rules for INPUT Chain 2013-08-09 14:15:28 +02:00
Alexander Marx
ed9ab82c61 Forward Firewall 0.9.9.7: reordered INPUT POLICY. 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Michael Tremer
d2c4a3cab9 openvpnctrl: Cleanup flushChain functions. 2013-08-09 14:15:28 +02:00
Michael Tremer
2181b55552 openvpnctl: Flush BLOCK and SNAT chain when needed. 2013-08-09 14:15:28 +02:00
Michael Tremer
c31f18b6a9 openvpnctrl: Block all transfer subnets. 2013-08-09 14:15:27 +02:00
Michael Tremer
7c50b04834 openvpnctrl: Remove unneeded code. 2013-08-09 14:15:27 +02:00