webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,181 Commits 2 Branches 1 Tag
ef1cb80375ca736b2aca12f2bbba2b5ffe7216de
Commit Graph

546 Commits

Author SHA1 Message Date
Stefan Schantl
d38f3eed08 IDS: Rename sourcefire VRT rulesets to Talos VRT rulesets 
Fixes #12019

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 16:53:26 +01:00
Michael Tremer
3657df4ea3 DHCP: Remove double colon 
In some languages, there were double colons in the DNS Update section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-22 03:29:01 +00:00
Michael Tremer
ceaf0ef008 dnsforward.cgi: Add DNSSEC option to legend 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-18 17:26:16 +00:00
Michael Tremer
710afa00c6 Update IPS translation 
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 17:18:21 +00:00
Michael Tremer
cdfbdd1ada Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:22 +00:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
025d8e6318 DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-05 16:10:17 +00:00
Stefan Schantl
d0f9526beb ids.cgi: Add language string for ignored hosts section. 
Fixes #12002.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-18 13:29:47 +01:00
Stefan Schantl
ee7fe87ea6 ids.cgi: Change name of the button to apply the ruleset changes 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:46:01 +01:00
Stefan Schantl
e8ae413a79 langs: Remove snort related and unused strings 
Fixes #11993.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:02:32 +01:00
Stefan Schantl
dd8d6f5ee8 logs.cgi/ids.dat: Do not call the IDS snort again 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 09:00:35 +01:00
Stefan Schantl
5bd8940d68 ids.cgi: Improve showed messages while the IDS is working 
Reference #11993

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:51:31 +01:00
Stefan Schantl
9074e3d74c ids.cgi: Lock page while autoupdate script is running 
Fixes #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 08:24:15 +01:00
Stefan Schantl
613f58fbfa ids.cgi: Check if the selected ruleset requires an oinkcode 
Fixes #11983

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 12:49:01 +01:00
Stefan Schantl
9e9b477d7c ids.cgi: Rework "Enable IPS" section 
Just use one language string for a maximum of flexiblity for the
transloators.

Fixes #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 14:17:19 +01:00
Stefan Schantl
cc9057c014 ids.cgi: Change lang string from "Activate IPS" to "Enable IPS" 
Reference #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:51:08 +01:00
Stefan Schantl
318e7137e7 IDS: Rename IDS strings to IPS 
Reference: #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:25:27 +01:00
Stefan Schantl
b7a9b4edc2 ids.cgi: Update automatic download texts 
Update the showed texts in the dropdown box as mentioned in the
bug report.

Fixes #11985

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:13:28 +01:00
Michael Tremer
41f3351320 Drop "OpenVPN" part from VPN N2N stats page 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
1e2b257789 Add routed IPsec connections to traffic graphs section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
26c2cc580b ipsec: Add translation strings for recent changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7e25093d42 ipsec: Don't allow to select VTI in transport mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
216bd9b389 vpnmain.cgi: Move advanced IPsec settings to connection page 
This is required to make the initial setup easier for GRE/VTI connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
55842dda69 IPsec: Add UI for set interface MTU 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
7464131706 IPsec: Add option to configure IP address for tunnel interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
cae1f4a7a8 IPsec: Add dropdown to select tunnel interface mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
29f5e0e2b9 IPsec: Add selection for transport/tunnel mode 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Stefan Schantl
e0cec9fe99 ids.cgi: Dynamically generate SHOW/HIDE for expanding or collapsing a ruleset category 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:53:17 +01:00
Stefan Schantl
013274d7d8 ids.cgi: Diplay reason, why a ruleset could not be downloaded, if the system is offline. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:05:14 +01:00
Stefan Schantl
34a3843865 ids.cgi: Add dropdown option for Emergingthreats.net Pro rules. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:42:28 +01:00
Stefan Schantl
c1a3401235 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-21 13:04:13 +01:00
Peter Müller
1183d50b73 fix SSH port description in WebUI again 
Fixes #11881.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 16:27:37 +00:00
Stefan Schantl
7b6f8596ed Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2018-12-28 07:36:59 +01:00
Stefan Schantl
01d02eb63b ids.cgi: Change RUN_MODE to MONITOR_TRAFFIC_ONLY 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-24 10:04:55 +01:00
Stefan Schantl
ea5c8eeb83 ids.cgi: Seperate IPS and ruleset settings 
Now each of both have their own corresponding configuration areas.
The taken settings will be saved in "/var/ipfire/suricata/settings" for
all IDS/IPS related settings and in "/var/ipfire/suricata/rules-settings" for
ruleset related settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-24 08:26:39 +01:00
Stefan Schantl
aac8e30831 langs/en.pl: Fix typo 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-23 21:05:37 +01:00
Stefan Schantl
ebdd0f9a90 ids.cgi: Prevent from starting suricata without ruleset or selected network zone 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-20 13:18:48 +01:00
Michael Tremer
cb8a25e5ec DNS Forwarding: Let UI accept hostnames, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 20:47:41 +01:00
Michael Tremer
1a26564e95 DNS Forwarding: Allow passing multiple name servers (separated by comma) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 20:42:46 +01:00
Stefan Schantl
a13ddf04d9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-12 09:27:59 +01:00
Arne Fitzenreiter
d823d5f072 hostapd: add switch to disable neigborhood scan 
this may violate regulatory rules because 40Mhz channels should disabled
if there are other networks but nearly every commercial router ignore this.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-10-27 16:47:12 +02:00
Peter Müller
7d5c5d11ea update OpenSSH default port in language files 
Fixes #11881

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-18 14:40:54 +01:00
Stefan Schantl
6c9458342b IDS: Update language files 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 14:42:47 +02:00
Stefan Schantl
a4ccfcbbc6 ids.cgi: Allow to switch between IDS/IPS mode 
Add the option to select the runmode for suricata, wheater it
should run in intrusion detection mode or intrusion prevention mode.

If the option has not configured yet, it defaults to IPS mode.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-18 10:16:12 +02:00
Stefan Schantl
1286e0d41e ids.cgi: Rework section to configure the IDS 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-05 12:57:44 +02:00
Erik Kapfer
400c8afd98 OpenVPN: x509 and DH-parameter check with Warnings and error messages in WUI 
Changes includes:
Own crypto warning and error message in WUI (can be extended to configuration too).
Check if DH-parameter is < 2048 bit with an error message and howto fix it.
Check if md5 is still in use with an error message and suggestion how to proceed further to fix it.
Check for soon needed RFC3280 TLS rules compliants and suggestion how to proceed further to fix it.
Disabled 1024 bit DH-parameter upload.
Changed de and en language files for DH-parameter upload (deleted 1024 bit).
Added explanations to de and en language files for the above changes.
Fixed Typo in en language file.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-03 15:32:48 +01:00
Michael Tremer
55d590518d Revert "OpenVPN: Clarify fundamental crypto errors but also warnings in WUI" 
This reverts commit 15a3aa45cf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-03 15:32:42 +01:00
Erik Kapfer
15a3aa45cf OpenVPN: Clarify fundamental crypto errors but also warnings in WUI 
Since OpenVPN-2.4.x, a lot of changes has been introduced. This patch should help the users for better understanding of errors in the cryptography.
It includes also potential warnings for upcoming changes and needed adjustments in the system.
This can also be extended in the future for upcoming configuration changes.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-03 10:34:41 +01:00
Michael Tremer
237f3ab7d3 IPsec: Allow to configure a connection in waiting state 
This allows to create an IPsec connection that will never actively
try to reach the other peer. It helps in environments where this is
not desired or impossible because of NAT.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-13 15:47:57 +01:00
Peter Müller
ea566f8485 fix aesthetic issues in remote.cgi and ship them 
Fix some minor cosmetic issues on remote.cgi as well as a typo in
the language files ("sesstions" -> "sessions"). The changes are
listed in "filelists" for Core Update 121.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-09 14:49:48 +01:00