webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,253 Commits 2 Branches 1 Tag
fad7d1c4c606ffcc1e86d94ea5ec2ab2cf4e2831
Commit Graph

9577 Commits

Author SHA1 Message Date
Michael Tremer
7b82d83d7e core165: Ship optionsfw.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:45:58 +00:00
Stefan Schantl
cad8657532 ids-functions.pl: Do not create an empty ignored settings file. 
The file will be created by the WUI, when adding the first host.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-05 19:28:24 +00:00
Stefan Schantl
2b12a010d7 ids-functions.pl: Merge same named rulefiles during extract. 
In case a rulestarball contains several same-named rulefiles
they have been overwritten each time and so only contained the content
from the last extracted one.

Now the content of those files will be merged by appending the content
to the first extracted one for each time.

Fixes #12792.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-05 19:28:08 +00:00
Peter Müller
ade2424f6b Revert "Core Update 165: Ship update-ids-ruleset" 
update-ids-rulesets is relevant for Core Update 164, not Core Update 165.

This reverts commit 9713023546.
 2022-03-05 14:35:09 +00:00
Peter Müller
4003479449 Core Update 164: Ship update-ids-rulesets 
@Michael: Please cherry-pick this one into "master" as well.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-05 14:34:39 +00:00
Stefan Schantl
96e2e870aa firewall-lib.pl: Remove prefix when dealing with ipset sets. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-05 14:32:58 +00:00
Stefan Schantl
5841800969 rules.pl: Autodetect ipset db file to restore. 
This commit allows the ipset_restore() function to auto-detect
which set file needs to be restored.

Currently it is limitated to country codes only, because we currently
does not support anything else.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-05 14:32:44 +00:00
Stefan Schantl
7b529f5417 firewall: Move dropping hostile networks to rules.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-05 14:31:55 +00:00
Stefan Schantl
2801213dcc rules.pl: Allow dynamic destory of loaded but unused ipset sets. 
Instead of stupidly destroying all ipsets, we now grab the already loaded sets
and compare them with the loaded sets during runtime of the script.

So we are now able to determine which sets are not longer required and
safely can destroy (unload) at a later time.

This saves us from taking care about dropping/flushing rules which are
based on ipset before we can destroy them - because only unused sets are
affected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Inspired-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-05 14:31:51 +00:00
Peter Müller
65808f8478 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Please note that the certdata.txt file only appears to drop MD5
checksums in favour of SHA256, so there is no need in shipping
ca-certificates with the next Core Update.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-05 14:31:02 +00:00
Peter Müller
9713023546 Core Update 165: Ship update-ids-ruleset 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-05 14:30:10 +00:00
Stefan Schantl
8353e28ad2 ids-functions.pl: Do not try to chown files while extracting them. 
We are almost running as an unprivileged user and therfore have not
the permissions to do this.

This will save us a lot of confusion error messages.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-05 14:28:36 +00:00
Michael Tremer
419153571b backup: Make include/exclude files relative 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-04 10:41:30 +00:00
Michael Tremer
e5ad6e2ab1 backup: Don't restore excluded files 
Sometimes, we restore a backup that has been created earlier before
exclude files have been changed. To avoid overwriting those files, we
will consider the exlude list upon restore.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-04 10:37:00 +00:00
Michael Tremer
026935a137 backup: Exclude oinkmaster.conf 
This file is a system configuration file and does not contain any
configruation from the user.

Since it can be overwritten in a backup and restored to an older state,
this can cause problems such as #12788.

Fixes: #12788
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-04 10:27:01 +00:00
Michael Tremer
270d572504 backup: Abort when the backup could not be extracted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-04 10:19:14 +00:00
Michael Tremer
a735dad621 python3-cffi: Fix armv6l rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-02 13:37:28 +00:00
Peter Müller
d739da6f47 python3-cffi: Add 32 bit ARM rootfile again due to "gnueabi" != "gnu" 
My fault, again. :-/

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-01 15:25:01 +00:00
Peter Müller
70e23c18a4 python3-yaml: Drop unnecessary armv6l rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-28 20:18:58 +00:00
Peter Müller
67a38b30b0 Merge branch 'master' into next 2022-02-28 20:16:38 +00:00
Arne Fitzenreiter
6e2c8f4818 suricata: drop unsupported JA3 rule provider 
our current suricata version not support JA3 based rules so
this drop the providers from the list.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-26 14:19:45 +00:00
Peter Müller
f6ec32737f borgbackup: Fix rootfile on 32 bit ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-26 12:16:39 +00:00
Peter Müller
d03ee3218f Python3: Fix rootfile for 32 bit ARM again 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-25 14:04:06 +00:00
Peter Müller
82674728e3 Core Update 165: Ship vpnmain.cgi 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-23 15:54:13 +00:00
Peter Müller
2598706f23 Core Update 165: Ship dhcpcd-related changes 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-23 15:51:33 +00:00
Michael Tremer
9c68992498 dhcpcd: Remove old MTU setting script 
This is being replaced by adding the MTU option to any routes that
dhcpcd installs.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-23 15:46:45 +00:00
Peter Müller
5de5bec3f4 Python3: Attempt to fix rootfile on 32 bit ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-22 20:18:27 +00:00
Peter Müller
61d2d36f6c python3-cffi: Fix rootfile more elegant on ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-22 20:13:44 +00:00
Peter Müller
286098fdfd Revert "python3-cffi: Fix rootfiles on ARM" 
This reverts commit 410758e03f.
 2022-02-22 20:13:19 +00:00
Peter Müller
410758e03f python3-cffi: Fix rootfiles on ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-22 19:46:53 +00:00
Michael Tremer
5c1a1094ed kernel: Add a basic configuration for riscv64 
This kernel configuration is a copy of our kernel configuration for
x86_64 on which I ran "make olddefconfig" which will set any unknown
values to their defaults.

This exists so that we have some kernel (which I did not try to boot) to
complete the build process.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-22 19:41:39 +00:00
Michael Tremer
d1283a8047 rust: Package for riscv64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-22 19:41:39 +00:00
Arne Fitzenreiter
72718c896c Merge branch 'master' into next 2022-02-22 11:40:44 +00:00
Arne Fitzenreiter
ad9d6bf585 core164: exclude boot/uEnv.txt 
uEnv.txt was destroyed on aarch64 because here a new u-boot was shipped.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-22 11:38:15 +00:00
Peter Müller
f1180ec2dc Core Update 165: Ship oci-setup initscript 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-21 21:36:18 +00:00
Peter Müller
efb999548a samba: Fix rootfiles on ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-21 21:28:03 +00:00
Michael Tremer
ebd2d75952 oci-cli: Ship egg metadata 
This package tries to identify if it is actually installed and does that
in a rather unorthodox way. So, thoses files are needed to run the "oci"
command. Only god knows why.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
439e713e78 python3-terminaltables: New package 
Required by oci-cli.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
91f907df8e python3-arrow: New package 
Required by oci-cli.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
d92b81e9df python3-click: New package 
Required by oci-python-sdk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
cb0c310e47 python3-pytz: New package 
Required by oci-python-sdk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
03d1f485a2 python3-circuitbreaker: New package 
Required by oci-python-sdk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
0762a36be2 python3-pycparser: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
5868a78eb5 python3-install: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
8debeb1da0 python3-pep517: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
396cbbae0b python3-build: New package 
This can build packages.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
15293beded python3-flit: New package 
Yet another build system for Python

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
a7e60957a3 python3-idna: New package 
Adds support for international domain names to python3-requests.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
3992da532d python3-certifi: New package 
This package provides the Mozilla CA list for python3-requests.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00
Michael Tremer
1acceaadb2 python3-requests: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-21 21:13:50 +00:00