- Reiserfs was stopped in IPFire in Core Update 167. It has been announced that reiserfs
will be removed from the kernel in 2025.
- This patch gives a warning about this deprecation and removal if reiserfs is used. The
warning also requests that the user does a re-installation using either ext4 or xfs
filesystems.
- Tested out on a vm installation with reiserfs, ext4 and xfs. Messgae shown on system
with reiserfs filesystem but nopt on the other two.
- Warning message added into the English language file and ./make.sh lang run.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- v2 version that has only the removed line in the language files diffs
- Line removed from de, en, es & fr
- No translations had been done for the other languages for that line.
Fixes: Bug#12701
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This v2 patch has moved the extraHead variable into header.pl
- This patch marks all IP's that are in the Fixed list but are also in the dynamic range
that has been defined, in red.
- Additional function created to check if an ip address is in a defined range.
- Added an additional key item under the Fixed Leases table for Fixed IP in dynamic range
- Added line to English Language file for this key item.
- ./make lang run before commit.
- Tested in vm testbed and confirmed that any ip address in the Fixed Leases table that
is in the defined dynamic range is highlighted in red
- This uses the css background-color appoach from the first patch in this set.
- This patch only highlights those IP's that overlap in red but does nothing more. So a
user can still create new ones if they want but they will all show up in red.
- This patch flags up if people are doing things that they shouldn't be doing but allows
them to continue doing so without changing anything if they don't want to and so will
not break existing setups.
Fixes: Bug#10629
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
This has been removed a long time ago and we should probably spend a
little bit more time on keeping the networking code tidy :)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since the kernel now always reports 256 bits of entropy to be available,
this CGI does not show any useful information anymore. To avoid
confusions, it will hereby be removed entirely.
Fixes: #12893
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- 24 strings have been added (drop hostile and spoofed martians, fw red,
ids options and provider, pakfire update messages...)
- 3 strings have been inproved
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update of lfs
- Update of rootfile
- Addition of Spanish file provided by Roberto Peña (listed as author)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This is the IP address or FQDN which will be written into
Apple Configuration profiles as public peer address.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This change drops the UIs that could enable ALGs for various protocols.
Those have been all forcibly disabled because "NAT Slipstream".
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
WPA3 mandates MFP, but many clients do not support it at all.
Therefore this can now be set to optional and clients will
fall back to WPA2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We have dropped Reiser4 in 2013. There won't be any systems out there
any more running it. We can safely drop this warning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit dc637f087f.
Rationale: "authenticate_ip_ttl" can be safely used as it does not
introduces an authentication bypass, but saves relationships between
successfully authenticated users and their IP addresses.
"max_user_ip" depends on such an authentication cache, so credential
sharing between several IPs (on purpose or by chance) can be detected
properly. This is useful in case of crompromised machines and/or
attackers in internal networks having stolen proxy authentication
credentials.
Quoted from squid.conf.documented or man 5 squid.conf:
> acl aclname max_user_ip [-s] number
> # This will be matched when the user attempts to log in from more
> # than <number> different ip addresses. The authenticate_ip_ttl
> # parameter controls the timeout on the ip entries. [fast]
> # If -s is specified the limit is strict, denying browsing
> # from any further IP addresses until the ttl has expired. Without
> # -s Squid will just annoy the user by "randomly" denying requests.
> # (the counter is reset each time the limit is reached and a
> # request is denied)
> # NOTE: in acceleration mode or where there is mesh of child proxies,
> # clients may appear to come from multiple addresses if they are
> # going through proxy farms, so a limit of 1 may cause user problems.
Fixes: #11994
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
