]>
git.ipfire.org Git - people/ms/ipfire-2.x.git/log
Michael Tremer [Tue, 4 Mar 2014 13:26:55 +0000 (14:26 +0100)]
firewall: Don't colourise MAC addresses.
Fixes #10491.
Michael Tremer [Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)]
firewall: Extend rate limiting for ICMP error messages.
Fixes #10489.
Michael Tremer [Tue, 4 Mar 2014 11:38:13 +0000 (12:38 +0100)]
firewall: Add chain name to logged rules.
This helps us to debug faster where a packet has been dropped.
Michael Tremer [Tue, 4 Mar 2014 11:36:52 +0000 (12:36 +0100)]
firewall: Add rate limiting for LOG messages.
Fixes #10488.
Alexander Marx [Tue, 4 Mar 2014 15:11:35 +0000 (16:11 +0100)]
Firewall: When no manual ip is given, standard networks "all" is selected
Alexander Marx [Tue, 4 Mar 2014 15:00:14 +0000 (16:00 +0100)]
Firewall: Now it is possible to just change the remark in input and outgoing
Alexander Marx [Tue, 4 Mar 2014 14:44:02 +0000 (15:44 +0100)]
Firewall: FIX allowed chars in remark
Alexander Marx [Tue, 4 Mar 2014 13:51:20 +0000 (14:51 +0100)]
Firewall: get rid of /32 subnetz when using manual ip addresses
Alexander Marx [Tue, 4 Mar 2014 13:40:59 +0000 (14:40 +0100)]
Firewall: Bugfix - when creating a new hostgroup, the system checked for existing name in servicegroups instead of hostgroups
Alexander Marx [Tue, 4 Mar 2014 13:07:04 +0000 (14:07 +0100)]
Firewall: Fix oversized Textfields
Alexander Marx [Tue, 4 Mar 2014 10:37:58 +0000 (11:37 +0100)]
Firewall: Fix Bug 10490 and broken colorization of tables in firewall groups
Arne Fitzenreiter [Tue, 4 Mar 2014 06:07:31 +0000 (07:07 +0100)]
kernel: arm-multi: add marvel and allwinner support.
Michael Tremer [Mon, 3 Mar 2014 15:41:13 +0000 (16:41 +0100)]
vdr: Add eepg plugin.
Michael Tremer [Mon, 3 Mar 2014 15:31:27 +0000 (16:31 +0100)]
vdr: Add DVBAPI plugin.
Michael Tremer [Mon, 3 Mar 2014 15:28:51 +0000 (16:28 +0100)]
vdr: Update to 2.0.5.
Stupid outdated websites...
Michael Tremer [Mon, 3 Mar 2014 12:50:37 +0000 (13:50 +0100)]
vdr: Update to 2.0.4.
Michael Tremer [Mon, 3 Mar 2014 11:27:09 +0000 (12:27 +0100)]
strongswan: Update to 5.1.2.
http://www.strongswan.org/blog/2014/03/03/strongswan-5.1.2-released.html
Michael Tremer [Sun, 2 Mar 2014 21:50:29 +0000 (22:50 +0100)]
firewall: Add a trailing space to all log prefixes for better readability.
Michael Tremer [Sun, 2 Mar 2014 21:46:17 +0000 (22:46 +0100)]
firewall: rules.pl: Remove unused variable $time_constraints.
Michael Tremer [Sun, 2 Mar 2014 21:44:26 +0000 (22:44 +0100)]
firewall: rules.pl: Replace some hardcoded chain names.
Michael Tremer [Sun, 2 Mar 2014 21:38:09 +0000 (22:38 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Sun, 2 Mar 2014 21:35:27 +0000 (22:35 +0100)]
firewall: Resurrect port forwardings with different external ports.
Michael Tremer [Sun, 2 Mar 2014 19:48:58 +0000 (20:48 +0100)]
firewall: Telnet uses TCP
Michael Tremer [Sun, 2 Mar 2014 19:40:00 +0000 (20:40 +0100)]
firewall: Make OpenVPN access also possible when INPUT policy is REJECT.
Michael Tremer [Sun, 2 Mar 2014 19:37:44 +0000 (20:37 +0100)]
firewall: Allow accessing port forwardings from internal networks.
Arne Fitzenreiter [Sun, 2 Mar 2014 18:44:26 +0000 (19:44 +0100)]
apache2: update to 2.2.26.
Arne Fitzenreiter [Sun, 2 Mar 2014 18:39:42 +0000 (19:39 +0100)]
rootfile updates.
Michael Tremer [Sun, 2 Mar 2014 17:23:28 +0000 (18:23 +0100)]
firewall: rules.pl: Refactored entire script.
Michael Tremer [Sat, 1 Mar 2014 19:20:56 +0000 (20:20 +0100)]
firewall: rules.pl: Cleanup time constraints generation.
Michael Tremer [Sat, 1 Mar 2014 18:54:14 +0000 (19:54 +0100)]
firewall: rules.pl: Cleanup rule generation.
Various perl coding errors that have been suppressed by "no warnings uninitialized"
have been fixed and lots of helper variables have been introduced to make
it much more clearer what the code is actually doing.
Michael Tremer [Sat, 1 Mar 2014 17:23:52 +0000 (18:23 +0100)]
general-functions.pl: Fix wrong perl syntax.
Michael Tremer [Sat, 1 Mar 2014 17:18:40 +0000 (18:18 +0100)]
firewall: rules.pl: Remove $command and introduce $IPTABLES.
Michael Tremer [Sat, 1 Mar 2014 17:07:39 +0000 (18:07 +0100)]
firewall: rules.pl: Remove command line args parsing and rest from old debugging mode.
Michael Tremer [Sat, 1 Mar 2014 17:03:58 +0000 (18:03 +0100)]
firewall: rules.pl: Introduce a more slink debugging mode.
Michael Tremer [Sat, 1 Mar 2014 16:54:22 +0000 (17:54 +0100)]
firewall: rules.pl: Fix some coding style.
Michael Tremer [Sat, 1 Mar 2014 16:49:22 +0000 (17:49 +0100)]
firewall: rules.pl: Remove totally bloated debug mode.
Michael Tremer [Sat, 1 Mar 2014 15:59:32 +0000 (16:59 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Sat, 1 Mar 2014 15:51:03 +0000 (16:51 +0100)]
openvpnctrl: Allow ICMP error messages to pass the transfer net.
Michael Tremer [Sat, 1 Mar 2014 15:44:05 +0000 (16:44 +0100)]
firewall: Make sure that only packets that go through the tunnel are passing OVPNBLOCK.
Michael Tremer [Sat, 1 Mar 2014 15:04:01 +0000 (16:04 +0100)]
firewall: Allow access to the entire GREEN/BLUE/ORANGE subnets.
This includes the firewall itself as well.
Arne Fitzenreiter [Sat, 1 Mar 2014 15:01:11 +0000 (16:01 +0100)]
red: change mac address of nas0 device.
Traverse Technology has reported that ppp over atm-bridge is not working
because there is a bogus mac address at the virtual nas0 device.
Michael Tremer [Sat, 1 Mar 2014 14:02:42 +0000 (15:02 +0100)]
firewall: Sort order in which chains are initialized.
This has been some real trouble because multiple rules could
not be properly inserted into the rule chains in the kernel
because the chains did not exist, yet.
Michael Tremer [Sat, 1 Mar 2014 14:01:58 +0000 (15:01 +0100)]
firewall: rules.pl: Don't reload custom firewall rules here.
Michael Tremer [Sat, 1 Mar 2014 13:19:26 +0000 (14:19 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Fri, 28 Feb 2014 15:09:45 +0000 (16:09 +0100)]
ffmpeg: prevent executable stack.
Arne Fitzenreiter [Fri, 28 Feb 2014 15:09:04 +0000 (16:09 +0100)]
libmad: prevent executable stack.
Arne Fitzenreiter [Fri, 28 Feb 2014 06:04:45 +0000 (07:04 +0100)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Fri, 28 Feb 2014 06:02:14 +0000 (07:02 +0100)]
kernel: enable rts5139 driver.
Michael Tremer [Thu, 27 Feb 2014 19:53:25 +0000 (20:53 +0100)]
firewall: Fix firewall policy table if only RED, GREEN + BLUE are present.
Alexander Marx [Thu, 27 Feb 2014 12:38:40 +0000 (13:38 +0100)]
Firewall: Skip rules on boot when red has no ip
Michael Tremer [Thu, 27 Feb 2014 18:39:18 +0000 (19:39 +0100)]
QoS: Actually accept subnets everywhere.
Alexander Marx [Wed, 26 Feb 2014 15:07:02 +0000 (16:07 +0100)]
QOS: IP-Addresses can now be simple IP-Address or IP-Address and subnet
Michael Tremer [Thu, 27 Feb 2014 12:37:53 +0000 (13:37 +0100)]
Merge remote-tracking branch 'alfh/feature_graph_constant_color' into next
Michael Tremer [Thu, 27 Feb 2014 12:36:38 +0000 (13:36 +0100)]
Merge remote-tracking branch 'alfh/bugfix_openbox_center' into next
Michael Tremer [Thu, 27 Feb 2014 12:32:13 +0000 (13:32 +0100)]
openvpn: Provide a basic set of configuration settings.
These are the defaults as in the CGI script, but when you don't
set up the roadwarrior server, the configuration file remains
empty and the openvpnctrl binary will end itself because it cannot
read a proper configuration.
Michael Tremer [Thu, 27 Feb 2014 12:14:02 +0000 (13:14 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 27 Feb 2014 11:46:14 +0000 (12:46 +0100)]
flash-images: work around a pandaboard uboot bug.
uboot does not find the kernel if it was copied to late to the
fat partition.
Arne Fitzenreiter [Thu, 27 Feb 2014 07:22:11 +0000 (08:22 +0100)]
ntp: wait only if wpa_supplicant is running.
Michael Tremer [Wed, 26 Feb 2014 19:03:32 +0000 (20:03 +0100)]
firewall: Call firewallctrl with full path.
Michael Tremer [Wed, 26 Feb 2014 19:02:24 +0000 (20:02 +0100)]
Revert "Firewall: Fix errormessages on rulecreation when red has no IP"
This reverts commit
f942937c29ca76a7f153fc16ea13157eb4cf05cc .
This completely destroys external access rules and is therefore
reverted.
Alf Høgemark [Sat, 22 Feb 2014 17:05:26 +0000 (18:05 +0100)]
qos and process graphs: avoid random colors
For the graphs for qos classes, and for process
count and memory usage, the colors change on
each page reload, since the colors are currently
totally random.
This change uses defined color indexes, 15 different
ones, that should be enough for qos at least, and is
enough for processes on my setup. This makes
the colors consistent between page loads, so it makes
it easier to monitor changes.
Perhaps one should define 30 different colors meant
to be used for graphing, then one could avoid random
colors also for the sensor graphs, and make it less
likely to get color collision for the process graphs
as well. Defining 30 such colors is not part of this
change.
Alf Høgemark [Wed, 26 Feb 2014 17:37:57 +0000 (18:37 +0100)]
ipfire theme: Use div align for center
Revert change to make openbox produce validating html,
when center alignment for box is wanted.
I have not been able to find css solution for
properly aligning the div horisontally.
Arne Fitzenreiter [Wed, 26 Feb 2014 17:06:49 +0000 (18:06 +0100)]
kernel: enable cgroups and fix some accounting settings.
Arne Fitzenreiter [Wed, 26 Feb 2014 17:00:44 +0000 (18:00 +0100)]
kernel: enable pci modules in arm multiarch kernel.
Arne Fitzenreiter [Wed, 26 Feb 2014 16:59:53 +0000 (17:59 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 26 Feb 2014 14:01:29 +0000 (15:01 +0100)]
apache: Update cipher suite that is used for the web user interface.
Taken from here with exception of RC4.
https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
Arne Fitzenreiter [Wed, 26 Feb 2014 08:37:12 +0000 (09:37 +0100)]
strongswan: no padlock on arm.
Alf Høgemark [Sat, 22 Feb 2014 16:47:12 +0000 (17:47 +0100)]
firewalllogs*.dat: Reduce amount of code to set row bgcolor
Replace 10 if statements with duplicated code for print
and setting background color by using a variable and
one if statement.
Michael Tremer [Tue, 25 Feb 2014 21:02:34 +0000 (22:02 +0100)]
Merge remote-tracking branch 'alfh/feature_html_validating' into next
Michael Tremer [Tue, 25 Feb 2014 21:01:34 +0000 (22:01 +0100)]
Merge remote-tracking branch 'alfh/feature_qos_description' into next
Michael Tremer [Tue, 25 Feb 2014 21:01:14 +0000 (22:01 +0100)]
Merge remote-tracking branch 'alfh/feature_htmlclean_removefont' into next
Erik Kapfer [Sat, 22 Feb 2014 07:04:24 +0000 (08:04 +0100)]
index.cgi: Add /red/local-ipaddress query.
Fixes# 10480. Added if loop for local-ipaddress query.
Michael Tremer [Tue, 25 Feb 2014 11:23:33 +0000 (12:23 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Tue, 25 Feb 2014 11:23:09 +0000 (12:23 +0100)]
Reload all firewall rules when /etc/init.d/firewall reload is executed.
Arne Fitzenreiter [Mon, 24 Feb 2014 21:25:15 +0000 (22:25 +0100)]
kernel: update to 3.10.32.
Michael Tremer [Mon, 24 Feb 2014 20:36:15 +0000 (21:36 +0100)]
sshd: Fix warning that oom_adj is deprecated.
Also make startup faster.
Alexander Marx [Mon, 24 Feb 2014 13:11:02 +0000 (14:11 +0100)]
Firewall: Fix errormessages on rulecreation when red has no IP
Alexander Marx [Mon, 24 Feb 2014 14:00:40 +0000 (15:00 +0100)]
Firewall: fix error when editing a rule and changing remark with invalid chars the rule was destroyed
Alexander Marx [Mon, 24 Feb 2014 15:03:10 +0000 (16:03 +0100)]
Firewall: delete -i red0 from DNAT rules
Alexander Marx [Mon, 24 Feb 2014 15:20:21 +0000 (16:20 +0100)]
Firewall: fixed padding-right of lastrule table in ruleoverview
Michael Tremer [Mon, 24 Feb 2014 18:37:20 +0000 (19:37 +0100)]
Fix relocating NTP binaries.
Alexander Marx [Mon, 24 Feb 2014 10:48:41 +0000 (11:48 +0100)]
Firewall: modified DNAT and SNAT rulecreation
Stefan Schantl [Sun, 23 Feb 2014 21:05:57 +0000 (22:05 +0100)]
Add missing default values for firewall options of the new firewall.
The new firewall uses some new options which can be configured on the optionsfw page in the WUI.
In the past these settings where missing on updated systems.
Arne Fitzenreiter [Sun, 23 Feb 2014 17:28:34 +0000 (18:28 +0100)]
ntp: check/wait for onlineconnection.
Alf Høgemark [Sat, 22 Feb 2014 14:23:39 +0000 (15:23 +0100)]
index.cgi: Make html valid, and improve dialup and vpn display
Make the html validate. One part of the changes is to
move style from using deprecated attributes to using
style attribute on tag.
The other part is to make sure that tables, rows and cells
are properly closed and nested.
Use a table for showing output from the dialctrl script.
Alf Høgemark [Sat, 22 Feb 2014 11:38:41 +0000 (12:38 +0100)]
connections.cgi: Make the html pass html validation
Alf Høgemark [Sat, 22 Feb 2014 11:03:35 +0000 (12:03 +0100)]
aliases.cgi: Make the html pass html validation
Alf Høgemark [Sat, 22 Feb 2014 11:14:41 +0000 (12:14 +0100)]
ipfire theme: Fix align on div, and fix javascript tag
Remove align attribute on div for openbox, rather use
style attribute with text-align, since align attribute
causes html validation warnings, since it is deprecated.
Remove deprecated and useless attribute on javascript tag.
Alf Høgemark [Sat, 22 Feb 2014 10:59:55 +0000 (11:59 +0100)]
cgi-bin: Remove font tags with no effect, and style tags
The font tag is deprecated, so clean up html by removing
font tags that have no effect.
For font tags that have an effect, move the styling to
the tag controlling the text output.
The aim is to get one step further towards validating html.
Alf Høgemark [Sat, 22 Feb 2014 06:07:57 +0000 (07:07 +0100)]
qos.cgi: Show class description in listing, and graph description
When listing the defined qos classes when qos.cgi is initially
displayed, include the description of the class.
Add upload heading for red graph and download graph for imq graph,
since it is not obvious what the graphs means.
Michael Tremer [Fri, 21 Feb 2014 10:56:52 +0000 (11:56 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Fri, 21 Feb 2014 10:54:14 +0000 (11:54 +0100)]
ntp: Update to 4.2.6p5.
Michael Tremer [Fri, 21 Feb 2014 10:35:05 +0000 (11:35 +0100)]
firewall: Remove even more redundant rules.
Arne Fitzenreiter [Fri, 21 Feb 2014 08:48:33 +0000 (09:48 +0100)]
Intel-lan: updated e1000 and igb vendor driver.
igb v5.0.6 and e1000e v2.5.4
Arne Fitzenreiter [Thu, 20 Feb 2014 22:37:22 +0000 (23:37 +0100)]
kernel: update to 3.10.31.
Michael Tremer [Thu, 20 Feb 2014 12:03:28 +0000 (13:03 +0100)]
firewall: Remove rule that allows access to everything.
Michael Tremer [Thu, 20 Feb 2014 12:01:48 +0000 (13:01 +0100)]
firewall: Fix proper check for BLUE and ORANGE devices.
Michael Tremer [Thu, 20 Feb 2014 12:01:36 +0000 (13:01 +0100)]
firewall: Remove redundant rule.
Michael Tremer [Thu, 20 Feb 2014 09:55:08 +0000 (10:55 +0100)]
index.cgi: Change display of DNS servers.
Add missing colon and put them into one column in the
table.
Michael Tremer [Wed, 19 Feb 2014 19:49:38 +0000 (20:49 +0100)]
Merge remote-tracking branch 'alfh/bugfix_htmlclean' into next