This has been removed a long time ago and we should probably spend a
little bit more time on keeping the networking code tidy :)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- On CU172 Testing Build: master/eb9e29f9 when selecting the OpenVPN menu it showed the
Diffie-Hellman info and pressing back took you to the same DH page.
- Tested patch suggestion from Erik on vm testbed and confirmed that it worked.
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
* Translate string "Addon" in services.cgi
* Added EN/NL translations
* Correct existing plural DE translation for singular "Add-on"
* Fix usage of the incorrect strings "addon(s)" to correct
hyphenated "add-on(s)" also in other translation strings for
EN/NL/DE
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Some users assume that "check filesystem" does more than
just trigger a simple "fsck" run. This patch changes the
button label to avoid confusion.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
* addonctrl's new functionality to control explicit addon services was
implemented.
* Change 'Addon' column header to 'Addon Service' to be clear that
it's not addons but services listed here.
* Services not matching the name of the addon now display the addon
name between parentheses, so the user knows where the service comes
from.
* When no valid runlevel symlink is found by addonctrl for a service,
the 'enable on boot' checkbox is replaced by a small exclamation point
with alt-text "No valid runlevel symlink was found for the initscript of
this service." to inform user why a service can't be enabled.
* Added German and Dutch translation for above message.
Fixes: Bug#12935
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
The email recipient was not correctly validated which allowed for some
stored cross-site scripting vulnerability.
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Removed UI code from dblist function and refactor it making it return
a hash representing the pak db for easier handling of this data.
- Moved core update check in dblist to new seperate dbcoreinfo function
making it return a hash with current and possibly available core
version info.
- Update existing calls to dblist
- Bring UI parts previously in dblist to pakfire program itself,
pakfire.cgi and index.cgi with a few small enhancements:
- Translations for 'Core-Update', 'Release', 'Update' and 'Version'
- Add currently installed version numbers to installed paks list in
pakfire.cgi
- Add 'Installed: yes/no' to pakfire list output so people not using
colors have this information too. (Partly fixes Bug #12868)
- Add update available details to pakfire list output if package has
updates available.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
This is a little patch which will extend the aliases page to offer an
interface selection if there are more than one RED interfaces.
This is a little hack to make configuration easier for users who have
manually set up more than one RED interface (e.g. for load balancing or
fail-over) and want to use the UI to configure firewall rules.
As a little benefit on the side, I had to rewrite setaliases.c to use
ip(8) instead of ifconfig(8).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Since the kernel now always reports 256 bits of entropy to be available,
this CGI does not show any useful information anymore. To avoid
confusions, it will hereby be removed entirely.
Fixes: #12893
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.
The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.
When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.
This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.
Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
Since we dropped support for blocking P2P protocols, the corresponding translation strings
are no longer needed.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This has not been compiled into our version of wpa_supplicant (if it has
been ever) and so there is no danger to disable this without any further
ado.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In theory, logging of dropped packets classified by conntrack as being
INVALID should never be disabled, since one wants to have a paper trail
of what his/her firewall is doing.
However, conntrack seems to drop a lot of (at the first glance
legitimate) packets, hence bloating the logs, making spotting the
important firewall hits more difficult.
This patch therefore adds the option to disable logging of packets being
dropped by conntrack due to INVALID state.
Please note:
- This patch does not add this category to the firewall hits graph.
- The variables in this patch ("LOGDROPCTINVALID") should make it clear
that it is about toggling _logging_, not the actual _dropping_. Other
variables are still in need of being renamed to clarify this, which
will be done in a dedicated patch.
- Also, the changes made to update.sh need to take place in
config/rootfiles/core/164/update.sh for "master", since this patch has
been developed against "next". Kindly cherry-pick the necessary
changes.
Partially fixes: #12778
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update of lfs
- Update of rootfile
- Addition of Spanish file provided by Roberto Peña (listed as author)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Improve lockfile test: Return immediately if lockfile is present,
to prevent unnecessary and expensive "pidof" calls
- Add better explanation to the log file reading command and JS
- Change user interface: If no errors occurred, the page returns to
the main screen (after a short delay). If an error occurred, the log
output remains and a message is shown.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update en.pl, it.pl and ru.pl to replace "an core-update" with "a core-update"
Fixes: Bug#12747
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
downloaded.
In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This section only will be displayed when an existing provider will be
edited and allows to reset a provider back to it's defaults or to force
a ruleset update.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
