The enabled or disabled sids now will be written to an own
provider exclusive configuration file which dynamically will
be included by oinkmaster if needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
one.
This commit locks the dropdown menu for selecting a provider, in case
an existing one should be edited.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This entirely has been replaced by the providers section and the code to
handle the actions of this section.
Therefore this code is not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The selected rulesfiles of a provider now will be written to an own
provider exclusive yaml file, which will be included dynamically when
the provider is enabled or not.
This allows very easy handling to enable or disable a provider, in this
case the file which keeps the enabled providers rulesets only needs to
be included in the main file or even not.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* The page and section now supports multiple ruleset providers at once.
* Adding / Editing a ruleset provider has been moved to a own sub-page.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This patch adds a little "help" icon to the page header.
If a manual entry exists for a configuration page, the icon
appears and offers a quick way to access the wiki.
Wiki pages can be configured in the "manualpages" file.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
iptables multiport only supports up to 15 elements for each protocol (TCP or UDP).
That can be single ports or portranges (they count doubble).
This commit extends the check to calculate the amount of used TCP and/or
UDP ports of all existing entries in a group, by increasing the amount
for the service which should be added.
If the amount of ports for TCP or UDP ports become greater than the
limit of 15 the error message will be displayed.
Fixes#11323.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- Option "--secret" was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
It was replaced by "secret". If "--secret" is used with genkey then a user warning is
printed and this is what gives the Internal server error.
- Patch was defined by Erik Kapfer but currently he does not have a build environment
so I have submitted the patch on his behalf.
- Patch tested on a vm testbed running Core Update 160. Confirmed that without patch the
error still occurs and with patch everything runs smoothly.
Fixes: Bug #12574
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by : Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
latest ipfroute2 update change the output so this repkace it by reading /sys/class/net/*/statistics
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
include general-functions.pl load and initialize many subfunctions that are not
needed by speed.cgi which was executed very often.
So this reduce the system load significant if webif was open in browser
and ajax-speed display enabled.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We currently don't have IPv6 in vanilla IPFire 2.x installations, hence
there is no sense in letting Tor finding out IPv6 connectivity.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This makes post-exploitation activities harder, in case the local Tor
instance has been compromised. It is worth noticing that Tor won't
respond to a "GETINFO address" command on the control port if sandboxed,
but our CGI does not make use of it, and neither is any legitimate
service on IPFire doing so.
Tested on a small middle relay running on an IPFire machine.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
