people/teissler/ipfire-2.x.git
7 years agofirewall: Fix rule generation for protocols without ports.
Michael Tremer [Wed, 9 Apr 2014 12:06:32 +0000 (14:06 +0200)] 
firewall: Fix rule generation for protocols without ports.

7 years agoopenssl: update to 1.0.1g.
Arne Fitzenreiter [Mon, 7 Apr 2014 19:33:34 +0000 (21:33 +0200)] 
openssl: update to 1.0.1g.

Fix for CVE-2014-0160
Add TLS padding extension workaround for broken servers.
Fix for CVE-2014-0076

7 years agoFirewall: fix coloring of internet hosts
Alexander Marx [Mon, 7 Apr 2014 14:14:20 +0000 (16:14 +0200)] 
Firewall: fix coloring of internet hosts

7 years agoFirewall: Fix source preselection of alias when Firewall is selected
Alexander Marx [Mon, 7 Apr 2014 10:09:16 +0000 (12:09 +0200)] 
Firewall: Fix source preselection of alias when Firewall is selected

7 years agoFirewall: BUGFIX 10505
Alexander Marx [Mon, 7 Apr 2014 10:04:50 +0000 (12:04 +0200)] 
Firewall: BUGFIX 10505

7 years agoFirewall: BUGFIX 10507
Alexander Marx [Mon, 7 Apr 2014 06:24:54 +0000 (08:24 +0200)] 
Firewall: BUGFIX 10507

7 years agoMerge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
Michael Tremer [Mon, 7 Apr 2014 14:49:33 +0000 (16:49 +0200)] 
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x

7 years agoglibc: rootfile update (arm).
Arne Fitzenreiter [Sun, 6 Apr 2014 22:35:31 +0000 (00:35 +0200)] 
glibc: rootfile update (arm).

7 years agokernel-header: rootfile update.
Arne Fitzenreiter [Sun, 6 Apr 2014 21:33:51 +0000 (23:33 +0200)] 
kernel-header: rootfile update.

7 years agomedia.cgi: Fix typo once again.
Michael Tremer [Sun, 6 Apr 2014 15:24:13 +0000 (17:24 +0200)] 
media.cgi: Fix typo once again.

7 years agoUpdate Turkish translation.
Ersan Yildirim [Sun, 6 Apr 2014 15:22:31 +0000 (17:22 +0200)] 
Update Turkish translation.

7 years agocore76: Include changed /etc/sysctl.conf in update.
Michael Tremer [Sun, 6 Apr 2014 10:53:30 +0000 (12:53 +0200)] 
core76: Include changed /etc/sysctl.conf in update.

7 years agoglibc: fix image, updater and filecount in installer.
Arne Fitzenreiter [Sun, 6 Apr 2014 08:29:27 +0000 (10:29 +0200)] 
glibc: fix image, updater and filecount in installer.

switch from locale-archive to normale locales add est. 5000 files.
todo: arm-rootfile.

7 years agofirewall: Fix using aliases.
Michael Tremer [Sat, 5 Apr 2014 15:09:56 +0000 (17:09 +0200)] 
firewall: Fix using aliases.

Fix coding errors, actually read aliases configuration
and fall back to default RED IP address if no suitable
alias was found.

7 years agoconvert-portfw: Fix converting aliases.
Michael Tremer [Sat, 5 Apr 2014 15:08:17 +0000 (17:08 +0200)] 
convert-portfw: Fix converting aliases.

ALL is not suitable as it is not a valid configuration value.

7 years agoMerge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
Michael Tremer [Sat, 5 Apr 2014 15:02:33 +0000 (17:02 +0200)] 
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x

7 years agofirewall: fix green only mode.
Arne Fitzenreiter [Sat, 5 Apr 2014 09:04:25 +0000 (11:04 +0200)] 
firewall: fix green only mode.

disable masquerade and green IP/NET check if internet is
connected via green.

7 years agoapache2: update to 2.2.27.
Arne Fitzenreiter [Fri, 4 Apr 2014 19:17:08 +0000 (21:17 +0200)] 
apache2: update to 2.2.27.

7 years agokernel: update to 3.10.36.
Arne Fitzenreiter [Fri, 4 Apr 2014 11:53:41 +0000 (13:53 +0200)] 
kernel: update to 3.10.36.

7 years agokernel: update to 3.10.35.
Arne Fitzenreiter [Thu, 3 Apr 2014 08:06:47 +0000 (10:06 +0200)] 
kernel: update to 3.10.35.

7 years agoglibc: Install all known locales.
Michael Tremer [Tue, 1 Apr 2014 14:24:50 +0000 (16:24 +0200)] 
glibc: Install all known locales.

7 years agofirewall: Fix perl coding error.
Michael Tremer [Mon, 31 Mar 2014 11:16:26 +0000 (13:16 +0200)] 
firewall: Fix perl coding error.

Example:
my @as = (1, 2, 3);
foreach my $a (@as) {
$a += 1;
print "$a\n";
}

$a will be a reference to the number in the array and not
copied. Therefore $a += 1 will change the numbers in the
array as well, so that after the loop the content of @as
would be (2, 3, 4).
To avoid that, the number needs to be copied into a new
variable like: my $b = $a; and we are fine.

This caused that the content of the @sources and @destinations
array has been altered for the second run of the loop and
incorrect (i.e. no) rules were created.

7 years agoMerge branch 'kernel-layer7-oom'
Michael Tremer [Sun, 30 Mar 2014 21:28:35 +0000 (23:28 +0200)] 
Merge branch 'kernel-layer7-oom'

7 years agokernel: Update layer7 patch.
Michael Tremer [Sun, 30 Mar 2014 21:26:29 +0000 (23:26 +0200)] 
kernel: Update layer7 patch.

Brings back the /proc interface and is supposed to
fix a memory leak.

7 years agofirewall-policy: Clarify policy rules.
Michael Tremer [Sun, 30 Mar 2014 20:33:58 +0000 (22:33 +0200)] 
firewall-policy: Clarify policy rules.

There are no functional changes here. Everything that
is not explicitely allowed is now forbidden when the
forward policy is "ALLOWED".

7 years agofirewall-policy: fix drop and logging on red0;
Arne Fitzenreiter [Sat, 29 Mar 2014 14:06:35 +0000 (15:06 +0100)] 
firewall-policy: fix drop and logging on red0;

7 years agoset version to IPFire 2.15 rc1.
Arne Fitzenreiter [Fri, 28 Mar 2014 17:16:31 +0000 (18:16 +0100)] 
set version to IPFire 2.15 rc1.

7 years agofirewall: Create mangle chain NAT_DESTINATION to silence error messages when updating.
Michael Tremer [Thu, 27 Mar 2014 14:08:17 +0000 (15:08 +0100)] 
firewall: Create mangle chain NAT_DESTINATION to silence error messages when updating.

7 years agoFirewall: fix Update from core 75 to 76
Alexander Marx [Thu, 27 Mar 2014 10:58:48 +0000 (11:58 +0100)] 
Firewall: fix Update from core 75 to 76

7 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Thu, 27 Mar 2014 14:07:26 +0000 (15:07 +0100)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

7 years agocups: Fix rootfile.
Michael Tremer [Thu, 27 Mar 2014 10:36:12 +0000 (11:36 +0100)] 
cups: Fix rootfile.

Basically, include just everything.

7 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 27 Mar 2014 06:30:56 +0000 (07:30 +0100)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

7 years agorpi-firmware: update to 18a7921.
Arne Fitzenreiter [Thu, 27 Mar 2014 06:29:19 +0000 (07:29 +0100)] 
rpi-firmware: update to 18a7921.

7 years agokernel: update RPi patchset to dea8280.
Arne Fitzenreiter [Thu, 27 Mar 2014 06:25:24 +0000 (07:25 +0100)] 
kernel: update RPi patchset to dea8280.

7 years agoipsecctrl: Fix compiler warning.
Michael Tremer [Wed, 26 Mar 2014 22:47:14 +0000 (23:47 +0100)] 
ipsecctrl: Fix compiler warning.

7 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 26 Mar 2014 22:35:18 +0000 (23:35 +0100)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

7 years agomedia.cgi: Fix typo 'writen'.
Michael Tremer [Wed, 26 Mar 2014 22:34:58 +0000 (23:34 +0100)] 
media.cgi: Fix typo 'writen'.

7 years agowlanap.cgi: fix missing line from wlan info.
Arne Fitzenreiter [Wed, 26 Mar 2014 07:35:00 +0000 (08:35 +0100)] 
wlanap.cgi: fix missing line from wlan info.

7 years agohostapd: change setting of the regdomain.
Arne Fitzenreiter [Tue, 25 Mar 2014 18:11:03 +0000 (19:11 +0100)] 
hostapd: change setting of the regdomain.

the regdomain is only updated if it was really changed but after boot
the system believe it is "00" World but it is not correctly set at
some cards. So we set a region and set it back to "00" before the
real region was set.

7 years agowlanap: fix typo.
Arne Fitzenreiter [Tue, 25 Mar 2014 12:15:43 +0000 (13:15 +0100)] 
wlanap: fix typo.

7 years agowlanap.cgi: fix detection of not useable channels.
Arne Fitzenreiter [Tue, 25 Mar 2014 12:03:56 +0000 (13:03 +0100)] 
wlanap.cgi: fix detection of not useable channels.

7 years agoiwlwifi: use noibss flags only on radar detection channels.
Arne Fitzenreiter [Tue, 25 Mar 2014 11:59:37 +0000 (12:59 +0100)] 
iwlwifi: use noibss flags only on radar detection channels.

7 years agokernel: update to 3.10.34.
Arne Fitzenreiter [Mon, 24 Mar 2014 12:28:29 +0000 (13:28 +0100)] 
kernel: update to 3.10.34.

7 years agographs.pl: fix links position in chrome for android.
Arne Fitzenreiter [Sun, 23 Mar 2014 16:39:47 +0000 (17:39 +0100)] 
graphs.pl: fix links position in chrome for android.

7 years agofirewall: rules.pl: Honour time constraints for NAT rules as well.
Michael Tremer [Fri, 21 Mar 2014 12:39:03 +0000 (13:39 +0100)] 
firewall: rules.pl: Honour time constraints for NAT rules as well.

7 years agofirewall: rules.pl: Catch invalid configurations.
Michael Tremer [Fri, 21 Mar 2014 12:33:08 +0000 (13:33 +0100)] 
firewall: rules.pl: Catch invalid configurations.

7 years agofirewall: rules.pl: Allow REDIRECT rules.
Michael Tremer [Fri, 21 Mar 2014 12:28:00 +0000 (13:28 +0100)] 
firewall: rules.pl: Allow REDIRECT rules.

7 years agoFirewall: Allow DNAT with target firewall
Alexander Marx [Fri, 21 Mar 2014 11:54:12 +0000 (12:54 +0100)] 
Firewall: Allow DNAT with target firewall

7 years agoFirewall: Rename defaultNetworks to netsettings
Alexander Marx [Fri, 21 Mar 2014 11:20:50 +0000 (12:20 +0100)] 
Firewall: Rename defaultNetworks to netsettings

7 years agoFirewall: DNAT - Show right DNAT interface in ruletable
Alexander Marx [Fri, 21 Mar 2014 07:28:24 +0000 (08:28 +0100)] 
Firewall: DNAT - Show right DNAT interface in ruletable

Now:
When using a hostgroup as source there are all corresponding DNAT
interfaces shown in ruletable depending on the entries in the group.

When in DNAT area "-automatic" is selected, the DNAT interfaces are
shown as IP-Addresses, else they are shown as "ORANGE","GREEN","BLUE"...

BUGFIX: When there is a MAC address used in a sourcegroup, the rules could not be set. Now MAC addresses get allways the public interface as DNAT

7 years agoFirewall: Move some functions from rules.pl to firewall-lib.pl
Alexander Marx [Thu, 20 Mar 2014 16:27:53 +0000 (17:27 +0100)] 
Firewall: Move some functions from rules.pl to firewall-lib.pl

7 years agofirewall: rules.pl: Fix rules with other NAT port.
Michael Tremer [Fri, 21 Mar 2014 11:40:55 +0000 (12:40 +0100)] 
firewall: rules.pl: Fix rules with other NAT port.

7 years agoUpdate translations.
Michael Tremer [Thu, 20 Mar 2014 22:07:26 +0000 (23:07 +0100)] 
Update translations.

7 years agoFirewall: DNAT - always show right red address in dropdown.
Alexander Marx [Thu, 20 Mar 2014 15:23:47 +0000 (16:23 +0100)] 
Firewall: DNAT - always show right red address in dropdown.

Edited language String in DNAT area: external ip address is now Firewall
Interface

7 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Wed, 19 Mar 2014 18:07:27 +0000 (19:07 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

7 years agohostapd: enable CONFIG_ACS for dfs channels.
Arne Fitzenreiter [Wed, 19 Mar 2014 18:03:22 +0000 (19:03 +0100)] 
hostapd: enable CONFIG_ACS for dfs channels.

7 years agohostapd: change channellist and status for dfs channels.
Arne Fitzenreiter [Wed, 19 Mar 2014 18:00:47 +0000 (19:00 +0100)] 
hostapd: change channellist and status for dfs channels.

7 years agocore76: add wpa_supplicant to update.
Arne Fitzenreiter [Wed, 19 Mar 2014 08:05:37 +0000 (09:05 +0100)] 
core76: add wpa_supplicant to update.

7 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Wed, 19 Mar 2014 06:23:40 +0000 (07:23 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

7 years agohostapd: update to 2.1.
Arne Fitzenreiter [Wed, 19 Mar 2014 06:22:49 +0000 (07:22 +0100)] 
hostapd: update to 2.1.

7 years agofirewall: rules.pl: Add support for auto selection of NAT addresses.
Michael Tremer [Tue, 18 Mar 2014 22:49:23 +0000 (23:49 +0100)] 
firewall: rules.pl: Add support for auto selection of NAT addresses.

7 years agoFirewall: select right value in DNAT Dropdown
Alexander Marx [Tue, 18 Mar 2014 14:13:02 +0000 (15:13 +0100)] 
Firewall: select right value in DNAT Dropdown

7 years agoFirewall: extend DNAT dropdown with auto,BLUE,ORANGE,GREEN
Alexander Marx [Tue, 18 Mar 2014 14:02:55 +0000 (15:02 +0100)] 
Firewall: extend DNAT dropdown with auto,BLUE,ORANGE,GREEN

7 years agoopenssh: Update to 6.6p1.
Michael Tremer [Tue, 18 Mar 2014 17:03:14 +0000 (18:03 +0100)] 
openssh: Update to 6.6p1.

7 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Tue, 18 Mar 2014 17:00:42 +0000 (18:00 +0100)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

7 years agocore76: add tzdata to update.
Arne Fitzenreiter [Tue, 18 Mar 2014 06:28:13 +0000 (07:28 +0100)] 
core76: add tzdata to update.

7 years agotzdata: fix rootfile.
Arne Fitzenreiter [Tue, 18 Mar 2014 06:20:41 +0000 (07:20 +0100)] 
tzdata: fix rootfile.

7 years agoinitskripts: add pcengines apu support to leds.
Arne Fitzenreiter [Mon, 17 Mar 2014 23:25:08 +0000 (00:25 +0100)] 
initskripts: add pcengines apu support to leds.

7 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Mon, 17 Mar 2014 23:22:24 +0000 (00:22 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

7 years agokernel: add pcengines apu led support.
Arne Fitzenreiter [Mon, 17 Mar 2014 23:21:38 +0000 (00:21 +0100)] 
kernel: add pcengines apu led support.

7 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Mon, 17 Mar 2014 21:04:48 +0000 (22:04 +0100)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

7 years agoMerge remote-tracking branch 'alfh/feature_firewalllog_centergraph' into next
Michael Tremer [Mon, 17 Mar 2014 21:04:44 +0000 (22:04 +0100)] 
Merge remote-tracking branch 'alfh/feature_firewalllog_centergraph' into next

7 years agofirewall: rules.pl: Code cleanup.
Michael Tremer [Mon, 17 Mar 2014 17:03:00 +0000 (18:03 +0100)] 
firewall: rules.pl: Code cleanup.

7 years agofirewall: Fix DNAT rules between internal zones.
Michael Tremer [Mon, 17 Mar 2014 16:39:47 +0000 (17:39 +0100)] 
firewall: Fix DNAT rules between internal zones.

7 years agofirewall: rules.pl: Sanitise source and destination IP addresses.
Michael Tremer [Mon, 17 Mar 2014 14:47:28 +0000 (15:47 +0100)] 
firewall: rules.pl: Sanitise source and destination IP addresses.

Those variables are now empty if source or destination are
unspecified.

7 years agodialctrl: Remove defunct script.
Michael Tremer [Mon, 17 Mar 2014 13:17:44 +0000 (14:17 +0100)] 
dialctrl: Remove defunct script.

7 years agoFirewall: Bugfix: Remark in hostgroups and servicegroups was not changeable
Alexander Marx [Mon, 17 Mar 2014 06:22:24 +0000 (07:22 +0100)] 
Firewall: Bugfix: Remark in hostgroups and servicegroups was not changeable

Another Bugfix: Layout of hostgroups was broken when more than 1 vpn
connection is defined. There where dropdownboxes for every vpn
connection instead of only one

7 years agoUpdate Turkish translation.
Ersan Yildirim [Mon, 17 Mar 2014 11:38:22 +0000 (12:38 +0100)] 
Update Turkish translation.

7 years agotzdata: Update to 2014a.
Michael Tremer [Sun, 16 Mar 2014 15:02:18 +0000 (16:02 +0100)] 
tzdata: Update to 2014a.

7 years agosudo: Update to 1.8.10p1.
Michael Tremer [Sat, 15 Mar 2014 14:08:37 +0000 (15:08 +0100)] 
sudo: Update to 1.8.10p1.

7 years agoMerge branch 'next' of https://github.com/ipfire/ipfire-2.x into feature_firewalllog_...
Alf H√łgemark [Sat, 15 Mar 2014 07:47:56 +0000 (08:47 +0100)] 
Merge branch 'next' of https://github.com/ipfire/ipfire-2.x into feature_firewalllog_centergraph

7 years agoipfire theme: Fix default setting for hostname in title.
Michael Tremer [Thu, 13 Mar 2014 14:43:52 +0000 (15:43 +0100)] 
ipfire theme: Fix default setting for hostname in title.

7 years agofwhost.cgi: disable "use warnings"
Alexander Marx [Thu, 13 Mar 2014 14:35:14 +0000 (15:35 +0100)] 
fwhost.cgi: disable "use warnings"

7 years agoUpdate translations.
Michael Tremer [Thu, 13 Mar 2014 14:37:05 +0000 (15:37 +0100)] 
Update translations.

7 years agoMerge remote-tracking branch 'amarx/BETA3' into next
Michael Tremer [Thu, 13 Mar 2014 14:32:00 +0000 (15:32 +0100)] 
Merge remote-tracking branch 'amarx/BETA3' into next

7 years agoentropy graph: Remove trend line.
Michael Tremer [Thu, 13 Mar 2014 14:29:53 +0000 (15:29 +0100)] 
entropy graph: Remove trend line.

7 years agoAdd link to entropy page and show if there is hardware support available.
Michael Tremer [Thu, 13 Mar 2014 14:27:14 +0000 (15:27 +0100)] 
Add link to entropy page and show if there is hardware support available.

7 years agoVPN Checksubnets: Buttons are now Language Strings
Alexander Marx [Thu, 13 Mar 2014 14:27:01 +0000 (15:27 +0100)] 
VPN Checksubnets: Buttons are now Language Strings

7 years agoVPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are...
Alexander Marx [Thu, 13 Mar 2014 14:09:01 +0000 (15:09 +0100)] 
VPN Checksubnets: Now the remote subnets (OpenVPN/IPSec) are checked. If they are defined elsewhere, there's a warningmessage displayed

7 years agoFirewall: When delting an OpenVPN or IPSec connection, the rules are only colored...
Alexander Marx [Thu, 13 Mar 2014 12:53:39 +0000 (13:53 +0100)] 
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically

7 years agoFirewall: When delting an OpenVPN or IPSec connection, the rules are only colored...
Alexander Marx [Thu, 13 Mar 2014 12:53:39 +0000 (13:53 +0100)] 
Firewall: When delting an OpenVPN or IPSec connection, the rules are only colored yellow and the firewallrules are reloaded automatically

7 years agosamba: update to 3.6.23.
Arne Fitzenreiter [Thu, 13 Mar 2014 11:45:56 +0000 (12:45 +0100)] 
samba: update to 3.6.23.

7 years agolinux: Remove disabling of loading the pcspkr module.
Michael Tremer [Tue, 11 Mar 2014 20:47:16 +0000 (21:47 +0100)] 
linux: Remove disabling of loading the pcspkr module.

7 years agobeep: Update to 1.3.
Michael Tremer [Tue, 11 Mar 2014 17:03:59 +0000 (18:03 +0100)] 
beep: Update to 1.3.

7 years agoMerge remote-tracking branch 'amarx/INDEX' into next
Michael Tremer [Mon, 10 Mar 2014 20:35:15 +0000 (21:35 +0100)] 
Merge remote-tracking branch 'amarx/INDEX' into next

7 years agofirewall: Add auxiliary rules for firewall access.
Michael Tremer [Mon, 10 Mar 2014 18:40:20 +0000 (19:40 +0100)] 
firewall: Add auxiliary rules for firewall access.

Rules for accessing the firewall are added when access
to networks (GREEN, BLUE, ...) the firewall resides in is allowed.

7 years agovpnmain.cgi: Remove left-over </td> tag.
Michael Tremer [Mon, 10 Mar 2014 15:11:50 +0000 (16:11 +0100)] 
vpnmain.cgi: Remove left-over </td> tag.

7 years agographs.pl : fixed layout on Nexus 7 devices "hour-Day-week-month-year" now on top...
Alexander Marx [Mon, 10 Mar 2014 11:54:06 +0000 (12:54 +0100)] 
graphs.pl : fixed layout on Nexus 7 devices "hour-Day-week-month-year" now on top of graph

7 years agoindex.cgi: fix colors and tables for vpn connections
Alexander Marx [Mon, 10 Mar 2014 11:22:32 +0000 (12:22 +0100)] 
index.cgi: fix colors and tables for vpn connections

7 years agoipsec: Allow to create firewall rules for IPsec input as well.
Michael Tremer [Sat, 8 Mar 2014 16:29:47 +0000 (17:29 +0100)] 
ipsec: Allow to create firewall rules for IPsec input as well.