This change drops the UIs that could enable ALGs for various protocols.
Those have been all forcibly disabled because "NAT Slipstream".
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
WPA3 mandates MFP, but many clients do not support it at all.
Therefore this can now be set to optional and clients will
fall back to WPA2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We have dropped Reiser4 in 2013. There won't be any systems out there
any more running it. We can safely drop this warning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit dc637f087f.
Rationale: "authenticate_ip_ttl" can be safely used as it does not
introduces an authentication bypass, but saves relationships between
successfully authenticated users and their IP addresses.
"max_user_ip" depends on such an authentication cache, so credential
sharing between several IPs (on purpose or by chance) can be detected
properly. This is useful in case of crompromised machines and/or
attackers in internal networks having stolen proxy authentication
credentials.
Quoted from squid.conf.documented or man 5 squid.conf:
> acl aclname max_user_ip [-s] number
> # This will be matched when the user attempts to log in from more
> # than <number> different ip addresses. The authenticate_ip_ttl
> # parameter controls the timeout on the ip entries. [fast]
> # If -s is specified the limit is strict, denying browsing
> # from any further IP addresses until the ttl has expired. Without
> # -s Squid will just annoy the user by "randomly" denying requests.
> # (the counter is reset each time the limit is reached and a
> # request is denied)
> # NOTE: in acceleration mode or where there is mesh of child proxies,
> # clients may appear to come from multiple addresses if they are
> # going through proxy farms, so a limit of 1 may cause user problems.
Fixes: #11994
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This patch adds German translations for the new DNS CGI, some parts of
the hardware vulnerability mitigation CGI, improves some existing
translations and corrects some Deppenleerzeichen and Bildzeitungsbindestriche.
The third version of this patch is correctly based against upstream 'next',
honours Michaels opinion and contains updated language_issues.de and
language_missings files.
Since "./make lang" complains about missing translations marked as unused
in first place, no changes have been made to them in order to avoid
collateral damage.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This feature was never properly implemented and the UI was dead
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is supposed to help users to have an idea about
the status of the used hardware.
Additionally, it allows users to enable/disable SMT.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is not working for quite some time now because all search
engines have moved over to HTTPS. Therefore we no longer can
manipulate the URL query string.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a bit shouty and there are various places where we do not
warn about this problem, so this patch makes it more consistent.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch mainly changes "Macvtap" to the branded spelling and removes
short forms as well as hyphenation in German compound nouns.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds a new CGI file which allows users to edit the
VLAN configuration as well as configuring zones as bridges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
