webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 04:52:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,404 Commits 2 Branches 1 Tag
c12392c0ef3aa71cda43fe38cfd22e4afab5cc5e
Commit Graph

6404 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
4f3bd0ca20 Forward Firewall: changed layout of "apply-button" (after rules where changed. When using single hosts in rules, the prefix is no longer shown in the ruletable. Default settings for firewall-options changed 2013-08-09 14:15:29 +02:00
Alexander Marx
8442c93764 Forward Firewall: removed dmz from forwardfw.cgi 2013-08-09 14:15:29 +02:00
Alexander Marx
60607a6c75 Forward Firewall: removed DMZ from rules.pl (does no longer exist, is forward now 2013-08-09 14:15:29 +02:00
Alexander Marx
3f09f5309c Forward Firewall: convert-dmz now puts converted files into /var/ipfire/forward/config instead of /var/ipfire/forward/dmz 2013-08-09 14:15:29 +02:00
Alexander Marx
3b2ad4a1bd Forward Firewall: moved "firewall default behaviour" from firewall page to firewall-options page. Some changes in languagefiles de and en. 2013-08-09 14:15:29 +02:00
Alexander Marx
533a2da388 Forward Firewall: reorganised ruletable layout 2013-08-09 14:15:29 +02:00
Alexander Marx
674f4e9d51 Forward Firewall: on every reload of the new firewall-rules the firewall.local is also reloaded 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
fb0ce57589 Forward Firewall: cleanup unused code 2013-08-09 14:15:28 +02:00
Alexander Marx
e41b651b4a Forward Firewall: changed order of LOG and DROP rules for INPUT Chain 2013-08-09 14:15:28 +02:00
Alexander Marx
d9b691e18e Forward Firewall: added checks if manual ip (src/tgt) is part of a OpenVPN to colour the rules accordingly 2013-08-09 14:15:28 +02:00
Alexander Marx
8762442c4e Forward Firewall: INPUT Firewall added "ALL" with ip 0.0.0.0 2013-08-09 14:15:28 +02:00
Alexander Marx
ed9ab82c61 Forward Firewall 0.9.9.7: reordered INPUT POLICY. 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Michael Tremer
d2c4a3cab9 openvpnctrl: Cleanup flushChain functions. 2013-08-09 14:15:28 +02:00
Michael Tremer
2181b55552 openvpnctl: Flush BLOCK and SNAT chain when needed. 2013-08-09 14:15:28 +02:00
Alexander Marx
05d4f131e9 Forward Firewall: Implemented INPUT Firewall (extended external access) 
Now you are able to define INPUT Rules on every interface ip
 2013-08-09 14:15:27 +02:00
Michael Tremer
c31f18b6a9 openvpnctrl: Block all transfer subnets. 2013-08-09 14:15:27 +02:00
Michael Tremer
7c50b04834 openvpnctrl: Remove unneeded code. 2013-08-09 14:15:27 +02:00
Alexander Marx
e1eef9d53e Forward Firewall: BUGFIX: When creating DMZ Rules with MANUAL IP as source and afterwards editing the rule, the rule was copied and not just edited. 
BUGFIX: When using SNAT (outbound) the rule does not seem to work. The NAT_SOURCE chain was on wron position in POSTROUTING
 2013-08-09 14:13:12 +02:00
Alexander Marx
4682d02723 Forward Firewall: extended the customservices list 2013-08-09 14:13:12 +02:00
Alexander Marx
bac7013b21 Forward Firewall: BUGFIX - when using source Protocol and NO target protocol only the target protocol is shown in ruletable.(But rule is applied correctly) 2013-08-09 14:13:12 +02:00
Alexander Marx
c400fe4c84 Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh 2013-08-09 14:13:12 +02:00
Alexander Marx
cb61489891 Forward Firewall: restored old settings in graphs.pl. With new Monofont the columnsize is ok now 2013-08-09 14:13:11 +02:00
Alexander Marx
6fab5bca2a Forward Firewall: edited rules.pl so that in the rules the ip addresses from the remote ovpn N2N subnet are used instead of the openvpn subnet(because its only used as transfer net) 2013-08-09 14:13:11 +02:00
Alexander Marx
3e79f33fc2 Forward Firewall: reordered some rules to get rid of INPUT_DROP messages in log when connected to webinterface 2013-08-09 14:13:11 +02:00
Alexander Marx
04abd8d958 Forward Firewall: bugfix: counter failure when adding one host to more than 1 Group 2013-08-09 14:13:11 +02:00
Alexander Marx
eff2dbf833 Forward Firewall: changed sort-order to Sort::Naturally. This Perl Module will be available since core 68. 2013-08-09 14:13:11 +02:00
Alexander Marx
e3c589276a Forward Firewall: if ipsec rw net is set to green subnet, the rules are colored green instead of purple 2013-08-09 14:13:11 +02:00
Alexander Marx
139a1ab947 Forward Firewall: removed devel-tags 2013-08-09 14:13:11 +02:00
Alexander Marx
6945e46310 Forward Firewall: rewrote portcheck routine in ovpnmain so that checks for portforwardingports are made against /var/ipfire/forward/nat instead of /var/ipfire/portfw/config 2013-08-09 14:13:11 +02:00
Alexander Marx
931e1fed53 Forward Firewall: added some plausi checks. Now it is checked if someone enters an manual ip address that is a openvpn client. 
The colors are set correctly in ruletable when someone enters a manual ip which belongs to an IPsec Network, IPsec Roadwarrior (if iprange set) or openvpn n2n
 2013-08-09 14:13:10 +02:00
Alexander Marx
dc82656bf9 Forward Firewall: 0.9.9.4a - Bugfix typo in firewallscript, DMZ Link on startpage now leads to firewall instead of dmzpinholes 2013-08-09 14:13:10 +02:00
Alexander Marx
aff15defbc Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall 2013-08-09 14:13:10 +02:00
Alexander Marx
53f4c74d9b Forward Firewall: some changes in firewall script to make collectd work 2013-08-09 14:13:10 +02:00
Alexander Marx
9468a6f713 Forward Firewall: Firewall Hits graph now with stacked values 2013-08-09 14:13:10 +02:00
Alexander Marx
ed31c098f5 Forward Firewall: added drop rules to firewall's stop script so that collectd is working 2013-08-09 14:13:10 +02:00
Alexander Marx
be9be7cb5b Forward Firewall: enabled /var/ipfire/optionsfw/settings in configroot 2013-08-09 14:13:10 +02:00
Alexander Marx
94ea1f0346 Forward Firewall: fixed firewall hits statistik and extended it to show input,output,forward,newnotsyn and portscan seperately. 2013-08-09 14:13:10 +02:00
Alexander Marx
6f348fcb9d Forward Firewall: edited include file of backup. 2013-08-09 14:13:07 +02:00
Alexander Marx
08e1c65d85 Forward Firewall: added SNAT multiport support 2013-08-09 14:12:40 +02:00
Alexander Marx
98cee89f94 Forward Firewall: Added multiport support to DNAT/Portforwarding 
Now it is possible to use multiple ports under DNAT when TARGET has no Port, one Port or one Portrange defined
 2013-08-09 14:12:39 +02:00
Alexander Marx
ed618226bb Forward Firewall: little changes in ruletable layout. (Headline) 2013-08-09 14:12:39 +02:00
Alexander Marx
d526a95bf1 Forward Firewall: some changes in en.pl and de.pl. Also adapted "apply" button in fwhosts.cgi 2013-08-09 14:12:39 +02:00
Alexander Marx
bc912c6e0c Forward Firewall: Version 0.9.9.2 
1) Some changes in en.pl
2) DNAT now supports REJECT/DROP rules
3) Bugfix: comma in remark customservicegroup
4) improved installer
 2013-08-09 14:12:39 +02:00
Alexander Marx
e09884e04f Forward Firewall: some fixes: 
1) Counter was not correctly decreased when deleting a network from a customgroup
2) Convert-outgoingfw improved
3) Backup didn't set filepermissions correctly
 2013-08-09 14:12:39 +02:00
Alexander Marx
f7e649ddfb Forward Firewall: some typos in dmz-converter 2013-08-09 14:12:39 +02:00
Alexander Marx
a60dbb4b6a Forward Firewall: added dmz-converter. 
Also extended backup.pl script to support old backups. Now it is possible to restore old backups into new firewall. On restore, all config files of new firewall will be destroyed and the 4 converters will recreate them.
 2013-08-09 14:12:37 +02:00
Alexander Marx
829697d076 Forward Firewall: enabled Portranges for DNAT 2013-08-09 14:11:58 +02:00