vpnmain.cgi: Add option to regenerate the host certificate This is necessary since we now have a much shorter lifetime for the host certificate. However, it is complicated to do this is which is why we are copying the previous certificate and generate a new CSR. This is then signed. A caveat of this patch is that we do not rollover the key. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
vpnmain.cgi: Return the entire error message if OpenSSL fails The function did not evaluate the return code which is why it used a hack to figure out if some output is an error or not. This is being fixed in this commit and the entire output is being returned if the return code is non-zero. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
optionsfw.cgi: Move Firewall Options Drop commands to before the logging section - Moved the Firewall Options Drop commands to before the logging section, as discussed at January 2024 Video Call. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic - This v3 version has split the logging choice for drop hostile to separate the logging of incoming drop hostile and outgoing drop hostile. - The bug originator had no port forwards so all hostile would be dropped normally anyway. However the logs were being swamped by the logging of drop hostile making analysis difficult. So incoming drop hostile was desired to not be logged. However logging of outgoing drop hostile was desired to identify if clients on the internal lan were infected with malware trying to reach home. - Added option with drop hostile section to decide if the dropped traffic should be logged or not. Fixes: bug12981 Tested-by: Adolf Belka <adolf.belka@ipfire.org Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
web-user-interface: Update interface design Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Revert "proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'" This reverts commit e0be9eab47d621545e5498c32c0fef39f7ef84a9. This change is now producing problems on IPv6-enabled systems as it will deny access to any website that is IPv6-enabled as well, even if the client connected using IPv4. I have tested if squid is now running on fine on systems where IPv6 is disabled and can confirm that its running just fine. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
dhcp.cgi: Adjust legend entries to make clear they are legends and not messages - A new IPFire user on the forum saw the orange and red coloured blocks in the legend section and believed that they were messages about problems that had been created with the fixed leases. - This change puts a small block with seperate explanatory text for both the orange and red coloured blocks. - This change will also be applied to the wiki in a much clearer way Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
dhcp.cgi: Adjust spacing between an icon and explanatory text - When dealing with a problem on the forum I noticed that in the Fixed Leases table Legend section there was a very large space between the empty checkbox icon and the explanatory text. It looks like the   that I have removed worked on the text section 'click to enable' as that was moved but not on the off.gif icon as that stayed in its original place leaving a very large space between the icon and the explanatory text. Removing the two commands fixes that. - Reading up about   the problem might be related to these tags no longer being recommended to use with the newer HTML versions and that indenting or spacing should be done via CSS code. Will have a look in future on how to accomplish this via CSS. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
firewalllog.dat: Fix for bug#13492 - include chain in the exported output - The regex code does not extract out the chain and so it is missed off from the log output when it is exported. - Changed code tested out on my vm testbed and confirmed to work and include the chain in the output. Fixes: Bug13492 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfre.org>
tor.cgi: Fixes deprecated tor option 'ExitNode' to 'ExitNodes' If fingerprints in the Exit Node section are in usage, tor.cgi prints the deprecated option 'ExitNode' into torrc which leads to the following warning "The abbreviation ‘ExitNode’ is deprecated. Please use ‘ExitNodes’ instead". Fix has been found and tested in the community for reference please see --> https://community.ipfire.org/t/the-abbreviation-exitnode-is-deprecated-please-use-exitnodes-instead/10582/10 Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>