webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,806 Commits 2 Branches 1 Tag
e9a056234592750a42ff82c12e858069b32ab82e
Commit Graph

599 Commits

Author SHA1 Message Date
Alexander Marx
8039a71099 Firewall: renamed forwardfwctrl to firewallctrl 2013-10-24 09:42:42 +02:00
Michael Tremer
568438067c Merge branch 'next' into fifteen 2013-10-14 14:12:04 +02:00
Michael Tremer
0f6b606785 squid: Implement intercept mode. 2013-10-14 13:54:24 +02:00
Michael Tremer
ba25f014b2 network-vlans: Use ip link command instead of vconfig. 
This patch gets rid of using vconfig for configuring VLAN
devices. ip link is much more suitable for that and creates
the interface with the right name and MAC address in just
one step.
 2013-10-04 13:36:48 +02:00
Michael Tremer
0203401cf5 Merge remote-tracking branch 'origin/next' into fifteen 
Conflicts:
	doc/language_issues.es
	doc/language_issues.fr
	doc/language_issues.nl
	doc/language_issues.pl
	doc/language_issues.tr
	doc/language_missings
 2013-10-03 14:26:33 +02:00
Michael Tremer
6adacba055 tor: Increase number of max. open file descriptors. 2013-09-30 12:14:09 +02:00
Michael Tremer
d9949d4dd1 Merge remote-tracking branch 'earl/tor' into next 
Conflicts:
	lfs/tor
 2013-09-14 14:37:18 +02:00
Arne Fitzenreiter
1a78fe5e2d firstsetup: add missing "fi". 2013-09-14 12:38:39 +02:00
Arne Fitzenreiter
7676ceba65 firstsetup: don't overwrite meta-linux-pae if already present. 2013-09-12 00:51:50 +02:00
Jan Paul Tuecking
e122dd6366 tor: changed init script due to directory port option 2013-09-07 14:52:02 +02:00
Michael Tremer
2b1ff41196 dnsmasq: Fix appending arguments to the argument list. 2013-09-02 19:11:40 +02:00
Michael Tremer
2340d265b1 dnsmasq: Put custom arguments first. 2013-09-02 19:01:44 +02:00
Michael Tremer
2ac39db92e Merge remote-tracking branch 'amarx/firewall' into fifteen 2013-08-28 11:33:20 +02:00
Michael Tremer
ae650f9518 tor: Fix initscript (again). 2013-08-24 17:21:21 +02:00
Michael Tremer
dea399178e tor: Fix initscript (again). 2013-08-24 17:19:36 +02:00
Michael Tremer
754f508b5b squid: Update to 3.3.8. 2013-08-22 12:57:56 +02:00
Michael Tremer
529ac19c46 tor: Only start tor when it has been enabled. 2013-08-21 17:22:54 +02:00
Michael Tremer
3765eb6179 tor: Only start tor when it has been enabled. 2013-08-19 13:23:51 +02:00
Michael Tremer
987b75bcd4 firewall: Add TOR chains. 2013-08-09 14:49:35 +02:00
Alexander Marx
e1efb8199d Forward Firewall: deleted postrouting block in firewall (not used anywhere) 2013-08-09 14:15:33 +02:00
Michael Tremer
bb12dd7b69 iptables: Cleanup creating SNAT/DNAT chains. 2013-08-09 14:15:33 +02:00
Michael Tremer
47cd046aed iptables: Remove OPENSSL{PHYSICAL,VIRTUAL} chains which are unused. 2013-08-09 14:15:33 +02:00
Michael Tremer
d5f1422d81 iptables: Jump into the firewall rulesets after everything else has been done. 2013-08-09 14:15:33 +02:00
Michael Tremer
51ab1de143 iptables: Create OVPNNAT chain after CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
815eaff433 iptables: Create guardian's chains after the CUSTOM* chains. 2013-08-09 14:15:32 +02:00
Michael Tremer
1e55533052 iptables: Cleanup creating the OVPNBLOCK chain. 
This should happen after the CUSTOM* chains.
 2013-08-09 14:15:32 +02:00
Michael Tremer
3b9a23ce07 iptables: Block all loopback packets on non-loopback interfaces. 2013-08-09 14:15:32 +02:00
Michael Tremer
afc611d448 iptables: Create LOOPBACK chain. 
This chain accepts all communication on the loopback
interface without running it through the entire connection
tracking first.

Packets on lo can never be blocked and must always be
accepted. The firewall has to trust itself anyway.
 2013-08-09 14:15:32 +02:00
Michael Tremer
c0359d6dfb iptables: Only jump into BADTCP for TCP packets. 
This saves us from evaluating lots of rules for non-TCP
packets.
 2013-08-09 14:15:32 +02:00
Michael Tremer
b85d2a9819 iptables: Replace state module by conntrack module. 
The state module is deprecated in recent releases of iptables
and should not be used any more.

Additionally, this patch adds an extra chain for all
connection tracking rules, so we can keep the entire ruleset
more small and clean.
 2013-08-09 14:15:32 +02:00
Alexander Marx
c12392c0ef Forward Firewall: removed NAT table and txt file. 2013-08-09 14:15:29 +02:00
Alexander Marx
ff4770c79b Forward Firewall: changed /etc/init.d/firewall. deleted stop routine and rearranged iptables_init and restart routine 
Now it should be possible to use /etc/init.d/firewall restart without errors
 2013-08-09 14:15:29 +02:00
Alexander Marx
e41b651b4a Forward Firewall: changed order of LOG and DROP rules for INPUT Chain 2013-08-09 14:15:28 +02:00
Alexander Marx
ed9ab82c61 Forward Firewall 0.9.9.7: reordered INPUT POLICY. 2013-08-09 14:15:28 +02:00
Alexander Marx
690b0bd761 Forward Firewall: added OVPNBLOCK and fixed rules.pl to correctly get ip address of red iface 2013-08-09 14:15:28 +02:00
Alexander Marx
e1eef9d53e Forward Firewall: BUGFIX: When creating DMZ Rules with MANUAL IP as source and afterwards editing the rule, the rule was copied and not just edited. 
BUGFIX: When using SNAT (outbound) the rule does not seem to work. The NAT_SOURCE chain was on wron position in POSTROUTING
 2013-08-09 14:13:12 +02:00
Alexander Marx
c400fe4c84 Forward Firewall: fixed wrong log Entries INPUT_DROP when connected via Web or ssh 2013-08-09 14:13:12 +02:00
Alexander Marx
3e79f33fc2 Forward Firewall: reordered some rules to get rid of INPUT_DROP messages in log when connected to webinterface 2013-08-09 14:13:11 +02:00
Alexander Marx
dc82656bf9 Forward Firewall: 0.9.9.4a - Bugfix typo in firewallscript, DMZ Link on startpage now leads to firewall instead of dmzpinholes 2013-08-09 14:13:10 +02:00
Alexander Marx
aff15defbc Forward Firewall: rules for collectd now in firewall-policy instead of /etc/init.d/firewall 2013-08-09 14:13:10 +02:00
Alexander Marx
53f4c74d9b Forward Firewall: some changes in firewall script to make collectd work 2013-08-09 14:13:10 +02:00
Alexander Marx
ed31c098f5 Forward Firewall: added drop rules to firewall's stop script so that collectd is working 2013-08-09 14:13:10 +02:00
Alexander Marx
94ea1f0346 Forward Firewall: fixed firewall hits statistik and extended it to show input,output,forward,newnotsyn and portscan seperately. 2013-08-09 14:13:10 +02:00
Alexander Marx
218b3341b6 Forward Firewall: cleanup of initscript. Fixes double log entries when INPUT is set to REJECT 2013-08-09 14:11:57 +02:00
Alexander Marx
93b75f31ad Forward Firewall: clean up some files 
Fix iptables loop wirelessctrl
Fix firewall chain order
Fix policies (added comment for statistic)
 2013-08-09 14:11:56 +02:00
Alexander Marx
9efd8d1c7e Forward Firewall: delete old portforwarding from system and fix for wlan-firewall part 1 (loop) 2013-08-09 14:11:56 +02:00
Alexander Marx
ef6f983b17 Forward Firewall: put rule OUTGOING ACCEPT Related, established into /etc/init.d/firewall 
deleted ACCEPT OUTGOINGFW related,established from POLICYOUT
 2013-08-09 14:11:55 +02:00
Alexander Marx
a9b3ae26a3 Forward Firewall: /etc/init.d/firewall now creates POLICYIN 2013-08-09 14:11:09 +02:00
Alexander Marx
fd4d137dbe Forward Firewall: deleted outgoingfwmac, is now useless 2013-08-09 14:10:16 +02:00
Alexander Marx
b324de14db Forward Firewall: fix wlan clients now working with forwardfw 2013-08-09 14:08:23 +02:00