webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,140 Commits 2 Branches 1 Tag
c31c8078cffcf3f933f567cb02a366ceedd6d5da
Commit Graph

13140 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
c31c8078cf hostapd: Always enable 80 MHz channel width for 802.11ac 
This is mandatory to support by all hardware and works well.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
70a7c454af hostapd: Automatically disassociate any clients with high error rates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
30c33cb318 kernel: Enable debugging for Atheros drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
62bf7bd2b2 kernel: Enable DFS support for ath*k drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
57521504a8 hostapd: Bump package version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:34:19 +00:00
Peter Müller
5b4464a944 hostapd: make client isolation configurable via WebUI 
hostapd supports client-isolation, but this feature could
not be configured via the WebUI so far. Since it might be
desired in public wireless networks, or even private ones,
it makes sense to provide a radio button to let the user
decide on.

Fixes #11974.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:34:06 +00:00
Peter Müller
a10b0e5b44 ensure Tor daemon files have correct permissions 
Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.

This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.

Further, a comment for new Tor user in /etc/passwd has been added.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:32:57 +00:00
Michael Tremer
a46903cce3 core130: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:32:10 +00:00
Matthias Fischer
6f8b156bf0 unbound: Update to 1.9.1 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-March/011415.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:31:29 +00:00
Michael Tremer
2c703afc04 core130: Ship updated ntp 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:30:22 +00:00
Matthias Fischer
f81c222519 ntp: Update to 4.2.8p13 
For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:58 +00:00
Stefan Schantl
728f3d2e8f suricata: Fix ownership and file permissions of files inside /var/lib/suricata. 
These files needs to have nobody.nobody as owner but requires read-acces from everyone
to allow the suricata user reading-in this files during startup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:30 +00:00
Stefan Schantl
7bf5b0f221 logs.cgi/ids.dat: Fixup processing dates from logfiles which contains a year 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:27:55 +00:00
Michael Tremer
e1d9148b61 Fix python3-yaml rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 10:00:19 +00:00
Stefan Schantl
9c4477d0f3 core130: Fix another error in rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 14:36:15 +00:00
Michael Tremer
03f68cbca9 core130: Fix errors in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 13:20:23 +00:00
Michael Tremer
710afa00c6 Update IPS translation 
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 17:18:21 +00:00
Michael Tremer
acb718b0bb nut: Disable parallel build 
nut just fails to build when running in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 14:01:45 +00:00
Michael Tremer
f9219b91a1 core130: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:48:25 +00:00
Michael Tremer
3bc001dbf9 Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:56 +00:00
Michael Tremer
cdfbdd1ada Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:22 +00:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
c578cbd35f core130: Ship updated firewall script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:16:33 +00:00
Peter Müller
5fc5f70347 add IPtables chain for outgoing Tor traffic 
If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.

Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.

Partially fixes #11779.

Singed-off-by: Peter Müller <peter.mueller@ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:38 +00:00
Peter Müller
4680d554fc run Tor under dedicated user 
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:18 +00:00
Michael Tremer
b450e7e3e6 Start Core Update 130 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:03 +00:00
Stefan Schantl
e776d33c70 suricata: Fix amount of listened nfqueues 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 12:14:30 +01:00
Peter Müller
4fc1a0045b amavisd: update to 2.11.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Peter Müller
867151a8b2 Postfix: update to 3.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Michael Tremer
5ea26096ca installer: Set the clock correctly when installing over network 
If a system has a not very up to date clock, downloading files
over HTTPS is impossible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Arne Fitzenreiter
9deeda77b6 core129: finish update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:18:52 +01:00
Arne Fitzenreiter
668119063c u-boot: try to boot without ramdisk if the system cannot load it 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:17:28 +01:00
Arne Fitzenreiter
eaf004a468 knot: update to 2.8.0 and build/install only kdig 
This fix compile errors on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:06:23 +01:00
Arne Fitzenreiter
b57220aacd groff: update to 1.22.4 
This fix compile problems on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:04:40 +01:00
Stefan Schantl
e8b1b397c1 suricata: Remove unneeded stuff during build 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 10:03:48 +01:00
Arne Fitzenreiter
c448474fc7 Revert "kernel: cleanup unused rpi patch" 
This reverts commit a2d49659f3.

The patch is still needed to prevent strange crashes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 09:39:07 +01:00
Michael Tremer
beac548962 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:45 +00:00
Michael Tremer
e26e86dcaa core129: Ship updated dnsforward.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:04 +00:00
Michael Tremer
56947acb12 Merge remote-tracking branch 'ms/dns-forwarding' into next 2019-03-11 15:57:15 +00:00
Michael Tremer
f1042a5d44 core129: Ship updated dhcp.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:54:19 +00:00
Michael Tremer
8288c0394b Merge remote-tracking branch 'ms/dhcp' into next 2019-03-11 09:53:56 +00:00
Peter Müller
04f9321955 Tor WebUI: drop relay bandwith options < 1 MBit/s 
Tor requires at least 1 MBit/s in order to participate.

Fixes #12001

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:52:54 +00:00
Michael Tremer
199db95a70 dnsdist: Limit to fewer concurrent build processes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:38:56 +00:00
Michael Tremer
61424e9c67 core129: Ship updated less 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:23:22 +00:00
Peter Müller
9f7524c8b0 less: update to 530 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:53 +00:00
Peter Müller
e29c6d29c9 Postfix: update to 3.4.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:39 +00:00
Matthias Fischer
15b1a3e360 slang: revert parallelized build 
This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=217e74c77317d4c829913f934458779fd278bf29;hb=23164efba5f57b3d8ccb07a166b613f2f951e1b6

'slang 2.3.0' doesn't like "$(MAKETUNING)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:21 +00:00
Stefan Schantl
f717b1dc55 IDS: Set owner of suricata logging directory to correct user 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:52:40 +01:00
Stefan Schantl
fd378b3b08 Rename snort user and group to suricata 
This only affects new installations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:50:37 +01:00
Michael Tremer
38081b8be1 suricata: Run as non-root user 
This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:02:39 +01:00