bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00

Author	SHA1	Message	Date
Stefan Schantl	c8dcd46537	general-functions.pl: Add get_nameservers(). This function simply return an array of all used nameservers. It also takes care if the usage of ISP assigned nameservers is enabled or not and if user-added nameservers are enabled or not. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-09 16:08:13 +01:00
Stefan Schantl	9f9b2b8ebc	guardian: Remove code for DNS servers. In the past this code was used to add the DNS servers to the ignore list and prevent them from being blocked by guardian. Because of the switch to suricata as IPS, guardian now prevents from password brute-forcing on SSH and/or the webserver, so this code is not longer needed and safly can be removed. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-09 09:15:05 +01:00
Stefan Schantl	9702252470	dns.cgi: Move grab_address_from_file function to general-functions.pl Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 18:44:41 +01:00
Stefan Schantl	8f4bde6574	dns.cgi: Also restart unbound if a server got enabled/disabled Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 18:19:58 +01:00
Stefan Schantl	46cc88ed22	dns.cgi: Remove accidently commited debug code Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 18:15:33 +01:00
Stefan Schantl	719db1cdb8	dns.cgi: Restart unbound Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 18:12:38 +01:00
Stefan Schantl	770ea81ee5	dns.cgi: Display DNS system status. For this, a test query to the local unbound instance will be sent and if the DNS system work properly can be answerd. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 18:00:15 +01:00
Stefan Schantl	4314099302	dns.cgi: Perform server checks on user request Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 17:44:55 +01:00
Stefan Schantl	a969acc7d7	dns.cgi: Remove hard-coded box title. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 15:22:56 +01:00
Stefan Schantl	03e466de35	dns.cgi: Do not perform kdig tests when adding a server Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 12:58:50 +01:00
Stefan Schantl	038f962ea0	dns.cgi: Check for empty server address. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 12:12:29 +01:00
Stefan Schantl	70187da6a6	dns.cgi: Perform kdig tests only if the system is online. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 11:13:05 +01:00
Stefan Schantl	f36855fe73	dns.cgi: Introduce red_is_active() Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 11:12:42 +01:00
Stefan Schantl	f10fb4bf43	dns.cgi: Always display the input field for TLS_HOSTNAME * Mark it as required if the protocol is set to TLS. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 10:35:52 +01:00
Stefan Schantl	25dda4a082	dns.cgi: Only perform reverse lookups if the system is online Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-08 10:35:24 +01:00
Michael Tremer	beebf925c3	unbound: Implement setting qname minimisation into strict mode Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 16:32:35 +00:00
Michael Tremer	a33489a7aa	unbound: Try to set time when DNS is not working Since DNSSEC relies on time to validate its signatures, a common problem is that some systems (usually those without a working RTC) are not being able to reach their time server. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 16:24:35 +00:00
Michael Tremer	a32fd634ce	unbound: Do not update the forwarders when we are running in TLS mode Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 16:02:14 +00:00
Michael Tremer	4b26aac625	unbound: Read configuration globally Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 15:28:21 +00:00
Michael Tremer	2654c66945	unbound: Update forwarders when system connects/disconnects Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 15:21:59 +00:00
Michael Tremer	54898bc6c1	unbound: Update setting Safe Search redirects When the system comes online, we must update entries in the unbound cache to point to the "safe" IP addresses. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 15:03:56 +00:00
Michael Tremer	77c7a94cdd	dns.cgi: Show ISP name servers as disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 14:49:54 +00:00
Michael Tremer	984f14bdc4	dns.cgi: Fix handling of WARNINGs from kdig There might be multiple warnings which must all be shown to the user. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 14:41:13 +00:00
Michael Tremer	71471d9bde	dns.cgi: Remove smartmatch operator Perl likes to make things difficult Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 13:46:11 +00:00
Michael Tremer	dab1258a78	dns.cgi: Timeout after 2 seconds for DNS server checks Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 13:45:21 +00:00
Michael Tremer	1434fa0df5	DNS: Write name servers received from ISP to /var/run/dns{1,2} Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 13:35:45 +00:00
Michael Tremer	4e2d3325af	unbound: Drop live checks Those checks have caused us a lot of trouble and are now being dropped. Users must make sure to choose servers that support DNSSEC or enable any of the tunneling mechanisms to be able to reach them. Fixes: #12239 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 13:11:38 +00:00
Michael Tremer	ffc46751f2	unbound: Add path to TLS CA bundle Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 12:59:24 +00:00
Michael Tremer	ee90aa9858	unbound: No longer read old configuration file The old configuration file in /etc/sysconfig/unbound is no longer being used and all settings should be in /var/ipfire/dns/settings. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 12:58:28 +00:00
Michael Tremer	50005ad1d4	unbound: Write upstream name servers to forward.conf Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 12:55:35 +00:00
Michael Tremer	94a51c64bb	unbound: Remove test-name-server command Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 11:18:41 +00:00
Michael Tremer	15cf79e3b8	unbound: Convert forward zones to stub zones It was incorrect to use forward zones here, because that assumes that unbound is talking a recursive resolver here. The feature is however designed to be talking to an authoritative server. Fixes: #12230 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 11:14:30 +00:00
Michael Tremer	dea5f34914	unbound: Allow forcing to speak TLS to upstream servers only Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 11:14:05 +00:00
Michael Tremer	372576e0ab	unbound: Set EDNS buffer size to 1232 bytes Fixes: #12240 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 11:12:33 +00:00
Michael Tremer	3bf804e834	dns.cgi: Set EDNS buffer size to 1232 References: #12240 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 11:06:10 +00:00
Michael Tremer	0fa6bde78a	Update English translation Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 10:53:34 +00:00
Michael Tremer	cdfc93cb7a	webif: Show menu entry for DNS all the time Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 10:48:01 +00:00
Michael Tremer	e8981e3c8f	netexternal.cgi: Drop DNSSEC status This has now been moved to the new dns.cgi. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 10:45:08 +00:00
Michael Tremer	ecbf66761f	DNS: Add converter to migrate settings Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 10:43:19 +00:00
Stefan Schantl	2946d562f1	langs/en.pl: Add new strings for modified dns.cgi. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 09:35:47 +00:00
Stefan Schantl	24d7c5ef6b	dns.cgi: Rework to allow central DNS configuration. Fixes #12237. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-07 10:30:37 +01:00
Stefan Schantl	456f0b06f4	pppsetup.cgi: Remove support for configure DNS settings. Fixes #12234. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-05 12:37:57 +01:00
Stefan Schantl	0bb159bbfc	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next	2020-01-05 12:15:00 +01:00
Arne Fitzenreiter	916859f5fa	core140: add gcc changes to updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-05 09:28:20 +00:00
Peter Müller	96ac98a568	Tor: update to 0.4.2.5 Please refer to https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359 for release notes. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:25:00 +00:00
Peter Müller	ae28d23d4d	libseccomp: update to 2.4.2 Please refer to https://github.com/seccomp/libseccomp/releases/tag/v2.4.2 for release notes. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:24:49 +00:00
Michael Tremer	ac7ada2a15	openvmtools: Update to 11.0.0 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:24:29 +00:00
Michael Tremer	321c211528	glib: Fix compiling with GCC 9 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:24:15 +00:00
Michael Tremer	d04fb4ee34	efivar: Update to 37 This also fixes some build issues with GCC 9. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:23:54 +00:00
Michael Tremer	3e8dd2d3ed	mdadm: Update to 4.1 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-04 18:23:52 +00:00

1 2 3 4 5 ...

14097 Commits