bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	cb1c8f108f	set version in backupiso and also pakfire core to 140 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-14 21:10:15 +00:00
Arne Fitzenreiter	61cc563558	Merge remote-tracking branch 'ms/next-dns-ng' into next	2020-01-13 21:42:49 +00:00
Daniel Weismüller	1475bc53a4	filesystem-cleanup: Add parameter to show changes Use --dry-run to only show files that would be deleted, but do not actually delete them. Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-13 21:36:06 +00:00
Michael Tremer	97756e2124	filesystem-cleanup: Automatically remove old libraries This script runs through /usr/lib and /lib and tries to find all libraries which are no longer being used and more and deletes them. This will help us to free space on root partitions that are limited to 2GB. However, the script does not cover 100% of the cases, so that some files still need to be deleted manually (e.g. boost with their weird versioning schema). This script should be executed after a Core Update has been installed. Fixes: #12270 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-01-13 21:35:37 +00:00
Michael Tremer	7be4822f3d	unbound: Make dhcp-leases.conf readable for everyone unbound runs as nobody and cannot reload its configuration when this file is only readable for root. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-13 21:43:27 +01:00
Stefan Schantl	c73baee1f0	convert-dns-settings: Set correct ownership after convert is done. Otherwise it may happen, that the created config files have wrong permissions and the WUI will break. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2020-01-10 09:29:47 +01:00
Michael Tremer	1434fa0df5	DNS: Write name servers received from ISP to /var/run/dns{1,2} Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 13:35:45 +00:00
Michael Tremer	ecbf66761f	DNS: Add converter to migrate settings Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-01-07 10:43:19 +00:00
Stefan Schantl	93a985cc05	Introduce update-location-database script. This script obsoletes the old xt_geoip_update script. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-12-09 14:14:34 +01:00
Daniel Weismüller	a18addb946	xt_geoip_update: Always call the cleanup function when some step fails Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:29 +00:00
Daniel Weismüller	7b2d933055	xt_geoip_update: Do not create temporary directories again These already exist Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:27 +00:00
Daniel Weismüller	3cd8d55010	xt_geoip_update: Use /var/tmp for temporary data Since we have some systems that are restricted to only 2GB of space on /, we need to move this to where we have enough space. Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:23 +00:00
Daniel Weismüller	0df1839239	xt_geoip_update: Perform cleanup after successful operation The temporary files were never being cleaned up after the script has finished compiling the database. Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:20 +00:00
Arne Fitzenreiter	7739cbf456	sane/stage2: remove sanedloop Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 08:37:23 +02:00
Arne Fitzenreiter	9e20c024b0	xt_geoip_update: fix date and add maxmind copyright to GeoIP.dat Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-08-24 15:44:23 +02:00
Arne Fitzenreiter	392994dcfb	geoip-generator: added to build legacy GeoIP.dat file program and scripts based on debian geoip packages. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-08-24 11:29:01 +02:00
Stefan Schantl	72ab71969f	update-ids-ruleset: Run as unprivileged user. Check if the script has been launched as privileged user (root) and drop all permissions by switching to the "nobody" user and group. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:33:58 +01:00
Stefan Schantl	84227f7a1c	update-ids-ruleset: Release ids_page_lock when the downloader fails. Fixes #12085. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 19:09:47 +01:00
Michael Tremer	0aa21ad307	Fix version information in backupiso script Fixes: #12083 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-17 19:52:27 +01:00
Stefan Schantl	50b35e0f8f	update-ids-ruleset: Set correct ownership for the rulestarball. The script usualy will be executed by cron which will start it with root permissions, so the downloaded tarball is owned by this user. This has to be changed to the user which runs the WUI (nobody:nobody) to allow, changing the ruleset to an other one and to display the ruleset area. Fixes #12066 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-01 18:03:11 +02:00
Michael Tremer	918ee4a4cf	strongswan: Manually install all routes for non-routed VPNs This is a regression from disabling charon.install_routes. VPNs are routing fine as long as traffic is passing through the firewall. Traps are not propertly used as long as these routes are not present and therefore we won't trigger any tunnels when traffic originates from the firewall. Fixes: #12045 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-08 16:44:57 +01:00
Michael Tremer	3b521c724f	ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-18 15:25:48 +00:00
Michael Tremer	01604708c3	Merge remote-tracking branch 'stevee/next-suricata' into next	2019-03-14 13:19:35 +00:00
Stefan Schantl	5206a3358d	update-ids-ruleset: Lock and Unlock the IDS page during runtime Reference #11991 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-02-07 08:06:49 +01:00
Michael Tremer	f9dd134645	ipsec-interfaces: Resolve any remote hostnames Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	d985ce5ae9	ipsec-interfaces: Move conditional block into the loop Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	517683eeb1	ipsec: Drop VPN_IP setting This is now a per-connection setting Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6826364580	ipsec-*: Name some more configuration variables Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1ca2f88a74	ipsec-interfaces: Uses local IP address from connection first, then default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c94aa25475	ipsec-interfaces: Fix typo in variable name Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c821440ced	ipsec: Filter better for GRE/VTI interfaces This tried to delete the GREEN interface before Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6a45a1f101	ipsec: TTL only applies for GRE interfaces and not VTI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	54bac01402	ipsec: Find correct RED IP address when using %defaultroute Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3dc21d43bf	ipsec: Log a message when an interface could not be created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1a45f9a70a	ipsec-interfaces: Don't add any interfaces when IPsec is disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	a56357b8be	Revert "ipsec-interfaces: Run when IPsec is disabled" This reverts commit 3c3a1cfdb9b473fae9b792e8c211c9940fafc658. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	4cf038dcfe	ipsec-interfaces: Run when IPsec is disabled This needs to run even when IPsec is disable to remove and interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	05af70c2f3	ipsec-interfaces: Use correct righthost variable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b8c153bca5	IPsec: Add (experimental) script that creates GRE/VTI interfaces Signed-off-by: root <root@interim-edge-a.ec2.internal>	2019-02-04 18:20:36 +00:00
Stefan Schantl	d6f725e185	update-ids-ruleset: Improve error reporting if the system is offline Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-30 10:57:31 +01:00
Stefan Schantl	ca8c92108a	update-ids-ruleset: Set correct ownership for rulesdir and files Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2019-01-29 09:09:11 +01:00
Stefan Schantl	39155be805	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-26 12:40:04 +01:00
Peter Müller	d38e7e256d	use HTTPS for downloading GeoIP database files Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-21 21:03:38 +00:00
Stefan Schantl	c1a3401235	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata	2019-01-21 13:04:13 +01:00
Arne Fitzenreiter	271bac39a0	xt_geoip_updte: fix download url the maxmind server delivers an old version if there are two slashes before the database filename. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-19 15:16:43 +01:00
Stefan Schantl	b76a8a008d	xt_geoip_update: Adjust script to download and use the GeoLite2 database Fixes #11961. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:21:01 +00:00
Stefan Schantl	a77870146f	xtables-addons: Use shipped xt_geoip_build Use the shipped xt_geoip_build directly instead of holding a copy in our GIT. Reference #11959 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:20:22 +00:00
Stefan Schantl	a13ddf04d9	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2018-12-12 09:27:59 +01:00
Michael Tremer	492b0b7c18	backupiso: Add support for aarch64 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-08 16:02:17 +00:00
Michael Tremer	8a0bc03450	backupiso: Fix order of variables Some values in variables were corrected but used before. Reported-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-08 15:58:58 +00:00

1 2 3 4 5 ...

324 Commits