webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-16 14:03:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7a981d94cb2c3e48ecaf07c506c8353a2c839d79
bpfire/config
History
Peter Müller 7a981d94cb SSH: do not send spoofable TCP keep alive messages 
By default, both SSH server and client rely on TCP-based keep alive
messages to detect broken sessions, which can be spoofed rather easily
in order to keep a broken session opened (and vice versa).

Since we rely on SSH-based keep alive messages, which are not vulnerable
to this kind of tampering, there is no need to double-check connections
via TCP keep alive as well.

This patch thereof disables using TCP keep alive for both SSH client and
server scenario. For usability reasons, a timeout of 5 minutes (10
seconds * 30 keep alive messages = 300 seconds) will be used for both
client and server configuration, as 60 seconds were found to be too
short for unstable connectivity scenarios.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2022-04-23 14:27:56 +00:00
..
acpid
avahi
backup
Merge branch 'master' into next
2022-03-30 15:53:27 +00:00
bash
bind
ca-certificates
update ca-certificates CA bundle
2022-04-04 19:58:13 +00:00
calamaris
cdrom
README: Update installation URL
2021-07-19 18:27:26 +00:00
cfgroot
header.pl: Add translation to DHCP leases table
2022-04-06 17:15:50 +00:00
clamav
clamav: Allow downloads to take up to 10 minutes
2019-11-30 10:53:59 +00:00
client175
collectd
collectd.conf: Change chain from HOSTILE to HOSTILE_DROP - fixes bug#12838
2022-04-06 17:04:23 +00:00
cron
crontab: dont run makegraphs and hddshutdown to the same time
2021-07-14 08:14:21 +02:00
cups
cyrus-sasl
dehydrated
dhcpc
dhcpcd: Remove old MTU setting script
2022-02-23 15:46:45 +00:00
dma
dracut
dracut: Install an IPFire system configuration file
2022-03-14 15:18:21 +00:00
elinks
config/elinks/elinks.conf does not have to be executable
2021-05-20 10:01:50 +00:00
etc
Kernel: Block non-UID-0 profiling completely
2022-04-04 19:58:49 +00:00
etc-aarch64
Install sysctl.conf only on those architectures where needed
2021-04-11 12:12:56 +00:00
etc-armv6l
switch arm 32 bit arch from armv5tel to armv6l
2021-07-05 07:42:39 +02:00
etc-x86_64
Install sysctl.conf only on those architectures where needed
2021-04-11 12:12:56 +00:00
extrahd
findutils
firewall
rules.pl: Fix creating rules for location based groups.
2022-03-23 17:15:18 +00:00
flash-images/grub
flash-images: Label serial console option as "serial"
2021-08-01 13:24:01 +00:00
freeradius
freeradius: Add a logrotate configuration file
2019-08-28 08:16:41 +00:00
fstrim
fwhosts
icmp-types file does not have to be executable
2021-05-04 15:51:15 +00:00
gnump3d
gnump3d: Update plugin path
2021-04-02 16:24:09 +00:00
grub2
OCI: Enable serial console by default
2021-10-19 11:21:57 +00:00
guardian
Bought a 'd' - fixed an old typo
2021-10-13 12:22:49 +00:00
haproxy
haproxy: update config file
2020-04-14 15:30:51 +00:00
hostapd
hostapd: Re-add accidentially removed CONFIG_SAE
2021-01-27 18:56:07 +00:00
httpd
httpd: delete comment blocks and unused directives from our configuration
2021-04-14 17:20:34 +00:00
icinga
include
initrd/dhcpc
iptraf-ng
iptraf-ng: Update to version 1.2.1
2020-09-30 09:58:51 +00:00
kernel
kernel: update to 5.15.35
2022-04-22 12:48:32 +00:00
lcdproc
lib/firmware/brcm
libid3tag
libid3tag: Addition of pkgconfig file
2021-04-12 09:35:29 +00:00
libvirt
libvirt: use a custom config file
2019-11-13 19:38:59 +00:00
logwatch
logwatch: mdadm status missing - Fix for Bug 12080
2021-10-22 10:43:11 +00:00
lua
lua: Update to version 5.4.4
2022-02-06 10:50:43 +00:00
menu
firewall.menu: Drop entry for P2P-Block.
2022-02-15 18:13:20 +00:00
minidlna
monit
monit: Some fixes for 'monitrc'
2019-06-05 05:04:17 +01:00
mpfire
netpbm
netpbm: remove WANT_SSE = Y from config.mk
2020-04-25 16:03:04 +02:00
netsnmpd
nginx
ntp
ntp: Allow CLI tools to talk to ntpd
2020-10-30 15:09:50 +00:00
oinkmaster
IDS: Redesign backend for enabled/disabled sids in rulefiles.
2021-12-19 13:23:43 +01:00
ovpn
pmacct
pmacct: New addon
2021-05-11 16:44:46 +00:00
profile.d
proxy
qemu
Drop support for i586
2021-12-04 23:27:26 +01:00
qos
QoS: Add CAKE profile to commmand line
2022-01-16 15:17:50 +00:00
rootfiles
Core Update 168: Ship bind
2022-04-23 14:27:01 +00:00
rpi-firmware
rpi-firmware: update to 20211127
2021-11-27 14:21:31 +00:00
samba
samba: Add helper script to pipe password
2021-01-27 21:06:57 +00:00
sarg
shadow
shadow: Update to version 4.11.1 and fix bug 12762
2022-01-18 21:23:42 +00:00
squidclamav
ssh
SSH: do not send spoofable TCP keep alive messages
2022-04-23 14:27:56 +00:00
ssl
strongswan
stunnel
suricata
ids: Fixed typo in ruleset-sources
2022-03-14 15:15:57 +00:00
syslinux
cdrom: Fix unattended mode on serial console
2021-03-09 15:58:57 +00:00
sysstat
time
tor
Tor: specify correct user for default configuration
2019-05-20 10:08:58 +01:00
transmission
u-boot
u-boot: bootscript try to use also devnum instead of dev_num
2021-10-04 06:13:18 +00:00
udev
networking: Correctly set MTU on all bridges
2022-03-30 13:58:02 +00:00
unbound
unbound-dhcp-leases-bridge: Don't open stderr on daemonization
2022-04-04 20:07:15 +00:00
updxlrator
urlfilter
URL Filter: Remove Shalla Secure Services and MESD
2022-01-14 13:48:09 +00:00
vdr
vdradmin
vim
w_scan
w_scan: fix country and satalite selection menu
2020-02-21 22:33:23 +01:00
wpa_supplicant
wpa_supplicant: Import fresh default configuration
2021-01-12 10:39:14 +00:00
xinetd
xtables-addons
xtables-addons: update to 3.13
2021-07-05 07:42:36 +02:00
zabbix_agentd
zabbix_agentd: Update to 4.2.6
2019-09-02 20:19:02 +00:00