webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 00:42:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,443 Commits 2 Branches 1 Tag
fb5132aa57e40e52aa0571020d26c12236f48310
Commit Graph

40 Commits

Author SHA1 Message Date
Michael Tremer
824dc93601 firewall: Add a trailing space to all log prefixes for better readability. 2014-03-02 22:50:29 +01:00
Michael Tremer
9f80e81072 firewall: rules.pl: Remove unused variable $time_constraints. 2014-03-02 22:46:17 +01:00
Michael Tremer
d98aa95a55 firewall: rules.pl: Replace some hardcoded chain names. 2014-03-02 22:44:26 +01:00
Michael Tremer
1c3044d72c firewall: Resurrect port forwardings with different external ports. 2014-03-02 22:35:27 +01:00
Michael Tremer
0e53d8a991 firewall: Make OpenVPN access also possible when INPUT policy is REJECT. 2014-03-02 20:40:00 +01:00
Michael Tremer
6e87f0aa53 firewall: Allow accessing port forwardings from internal networks. 2014-03-02 20:37:44 +01:00
Michael Tremer
8f4f4634df firewall: rules.pl: Refactored entire script. 2014-03-02 18:23:28 +01:00
Michael Tremer
b05ec50ac9 firewall: rules.pl: Cleanup time constraints generation. 2014-03-01 20:20:56 +01:00
Michael Tremer
6178953be5 firewall: rules.pl: Cleanup rule generation. 
Various perl coding errors that have been suppressed by "no warnings uninitialized"
have been fixed and lots of helper variables have been introduced to make
it much more clearer what the code is actually doing.
 2014-03-01 19:54:14 +01:00
Michael Tremer
1f9e7b53b7 firewall: rules.pl: Remove $command and introduce $IPTABLES. 2014-03-01 18:19:09 +01:00
Michael Tremer
8531b94ae0 firewall: rules.pl: Remove command line args parsing and rest from old debugging mode. 2014-03-01 18:07:39 +01:00
Michael Tremer
68d1eb1017 firewall: rules.pl: Introduce a more slink debugging mode. 2014-03-01 18:04:40 +01:00
Michael Tremer
97ab0569bd firewall: rules.pl: Fix some coding style. 2014-03-01 17:54:22 +01:00
Michael Tremer
b57edbd8ec firewall: rules.pl: Remove totally bloated debug mode. 2014-03-01 17:49:22 +01:00
Michael Tremer
2513ae737d firewall: Allow access to the entire GREEN/BLUE/ORANGE subnets. 
This includes the firewall itself as well.
 2014-03-01 16:04:01 +01:00
Michael Tremer
60fb533157 firewall: rules.pl: Don't reload custom firewall rules here. 2014-03-01 15:01:58 +01:00
Alexander Marx
800077a689 Firewall: Skip rules on boot when red has no ip 2014-02-27 19:42:47 +01:00
Michael Tremer
a8d1d049c6 Revert "Firewall: Fix errormessages on rulecreation when red has no IP" 
This reverts commit f942937c29.

This completely destroys external access rules and is therefore
reverted.
 2014-02-26 20:02:24 +01:00
Alexander Marx
f942937c29 Firewall: Fix errormessages on rulecreation when red has no IP 2014-02-24 19:39:39 +01:00
Alexander Marx
97bf45e516 Firewall: delete -i red0 from DNAT rules 2014-02-24 19:38:57 +01:00
Alexander Marx
525204e00f Firewall: modified DNAT and SNAT rulecreation 2014-02-24 11:54:27 +01:00
Michael Tremer
cc21b588df firewall: Remove rule that allows access to everything. 2014-02-20 13:03:28 +01:00
Michael Tremer
bcf1a62476 firewall: Fix proper check for BLUE and ORANGE devices. 2014-02-20 13:01:48 +01:00
Michael Tremer
a211fee393 firewall: Use --wait for all iptables commands. 2014-02-14 13:04:18 +01:00
Michael Tremer
73372ed4e6 firewall: Move scripts from /var/ipfire/firewall/bin to /usr/lib/firewall. 2014-01-28 20:48:24 +01:00
Alexander Marx
d334d7cb47 Firewall: Bugfix - when using addressgroups with mac addresses in source, the mac rule was not correctly created. 
Further MAC issues: in target area, the manual ip field was target
ip/mac address - changed to IP-Address
Also implemented a plausicheck, if an addressgroup with mac addresses is
used in target area, theres a hint saying that the rule will not be
applied for mac hosts
 2014-01-21 11:55:56 +01:00
Stefan Schantl
37c84696a2 Make firewall convert scripts more robust. 
The converter scripts procude a lot of error, when they get executed on a system with
a previously installed version of the New Firewall or they get run twice.

In this case the scripts will detect that their input files are missing and will exit with
an error message. The scripts now also check if the input files are empty (no corresponding
rules created) and will exit with an nothing to do message.
 2014-01-18 18:28:07 +01:00
Michael Tremer
7514fe47f6 convert-outgoingfw: Fix permissions of p2protocols configuration file. 
World access can not be granted to this file. It must
be writable by nobody and can be read by all users.
 2014-01-10 15:59:33 +01:00
Alexander Marx
454d47a994 Firewall: changed outgoingfw converter to reflect new counters 2013-12-23 08:08:27 +01:00
Alexander Marx
82b837cff8 Firewall: Added new feature: Now protocols can be added to servicegroups (GRE,AH,ESP,IPIP,IPV6) 2013-12-06 08:47:11 +01:00
Alexander Marx
784098e4db Firewall: forgot to delete a development test string 2013-12-05 15:51:15 +01:00
Alexander Marx
02cb636c8b Firewall: Fixes commit http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commitdiff;h=e19a36c4a09ea417ce9d577c262f17242eec4a31 
Now all "active" Strings from all languagefiles are checked against the old rule to find out if logging is enabled

Conflicts:
	config/firewall/convert-outgoingfw
 2013-12-05 15:15:37 +01:00
Alexander Marx
cdb3536bc8 Firewall: BUGFIX: RUles.pl did not create LOGGING rules properly. 2013-12-05 14:48:59 +01:00
Alexander Marx
27d4d4817e Firewall: refined dmz-converter. RUles are now converted with defined protocol instead of "all" protocol 2013-11-21 21:08:36 +01:00
Alexander Marx
a8ccb45cb7 Firewall: Fixed xtaccess converter. The protocol in the old rules are now converted correctly 2013-11-21 21:08:24 +01:00
Alexander Marx
6ee9053548 Firewall: Fixed portfw-converter (rules where not converted correctly) And Standard network "IPsec RW" now has brackets around the Ip (when set) 2013-11-14 11:44:11 +01:00
Alexander Marx
14bcb9a23d Firewall: New feature: Now it is possible to define a custom service with a portrange. When using this service in a rule or in a servciegroup, the rule is applied correctly. 2013-11-13 00:30:06 +01:00
Alexander Marx
8039a71099 Firewall: renamed forwardfwctrl to firewallctrl 2013-10-24 09:42:42 +02:00
Alexander Marx
6d8eb5dec7 Firewall: Renamed directory /var/ipfire/forward to /var/ipfire/firewall 2013-10-24 09:24:12 +02:00
Alexander Marx
6921f0ea0a Firewall: renamed /config/forwardfw to config/firewall 2013-10-24 08:15:48 +02:00