sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,228 Commits 5 Branches 37 Tags 5.2 MiB
f2cc8ead49
Commit Graph

355 Commits

Author SHA1 Message Date
Costa Tsaousis (ktsaou)
f2cc8ead49 fixes after the external command management to make it operational again 2015-11-04 01:32:44 +02:00
Costa Tsaousis (ktsaou)
4ce16f3319 added errors in *-next parameters when no file is given before the *-next parameter 2015-11-04 01:32:14 +02:00
Phil Whineray
dfa1664df0 Merge branch 'master' into update-ipsets-commands 
Conflicts:
	sbin/update-ipsets.in
 2015-11-02 07:52:12 +00:00
Costa Tsaousis (ktsaou)
83ee676c91 fixed various issues and improved significantly the download manager and the logging 2015-11-02 08:46:46 +02:00
Costa Tsaousis (ktsaou)
3aea86defa increased the timeouts a bit to prevent download errors 2015-11-02 00:54:15 +02:00
Costa Tsaousis (ktsaou)
81462ae4b9 fixed a bug that did not update the geolocation maps for ipsets that have not been updated, in --rebuild mode 2015-11-02 00:35:49 +02:00
Costa Tsaousis (ktsaou)
44acb44d97 it now exposes start time and consecutive errors to json files 2015-11-01 23:10:11 +02:00
Costa Tsaousis (ktsaou)
6dd27e1863 fixed the merge() function to support other maintainers too; made cleantalk use the new merge() function. 2015-11-01 22:48:28 +02:00
Phil Whineray
e27d0e205b Replace explicit commands with detected variables 2015-11-01 17:53:23 +00:00
Phil Whineray
b1aa3cd788 Merge branch 'master' into update-ipsets-commands 
Conflicts:
	sbin/update-ipsets.in
 2015-11-01 17:52:02 +00:00
Costa Tsaousis (ktsaou)
deedc579b0 added cleantalk lists 2015-10-31 23:52:50 +02:00
Phil Whineray
1e5fa7befa Merge branch 'master' into update-ipsets-commands 2015-10-31 14:54:47 +00:00
Costa Tsaousis (ktsaou)
677be3c307 updated firehol lists 2015-10-31 16:28:24 +02:00
Phil Whineray
1ea9a58bd4 Convert update-ipsets to new command system 2015-10-31 12:29:25 +00:00
Costa Tsaousis (ktsaou)
1f70cb606f added asynchronous hostname resolver based on adnshost, added hphosts lists (resolved from hostnames) 2015-10-31 13:02:40 +02:00
Costa Tsaousis (ktsaou)
e9f137cd94 fixed a bug that resulted in duplicate routing table entries (added -u to a sort) 2015-10-31 11:45:48 +02:00
Costa Tsaousis (ktsaou)
31723d0dc4 fixed a bug where a request to print single IPs containing the IP 255.255.255.255 resulted in printing all 4 billion IPv4 IPs possible 2015-10-31 11:44:14 +02:00
Costa Tsaousis (ktsaou)
94ffc784ec added Cyber Threat Alliance Cryptowall 2015-10-31 04:11:55 +02:00
Costa Tsaousis (ktsaou)
ff46d12ac0 added ipblacklistcloud, graphiclineweb, chaosreigns, nullsecure 2015-10-31 01:29:51 +02:00
Phil Whineray
0de62875fc Check for missing $ on commands in pre-commit 
Tidied up common behaviour into a function
Updated TPUT_CMD where it was missing the $
 2015-10-30 22:18:57 +00:00
Phil Whineray
0ff50524b9 Update link-balancer to use detected commands 2015-10-30 20:39:58 +00:00
Phil Whineray
1ad836d854 Remove root requirement for unittests 
Significant workaround added for 0440 permissions on /proc/net/ip_tables_names
 2015-10-30 20:38:12 +00:00
Phil Whineray
11b112498f Add RMMOD_CMD and SLEEP_CMD for FireQOS 2015-10-30 07:53:18 +00:00
Phil Whineray
f27eec2e91 Do not call version routine until we have SED_CMD 
Fix typo in case for version extraction
Extend kcov usage
 2015-10-28 20:34:01 +00:00
Phil Whineray
73d531d340 Use require_cmd as expected now 2015-10-27 22:06:34 +00:00
Phil Whineray
881dc95ff4 Force full detection of AWK path 2015-10-27 21:55:27 +00:00
Phil Whineray
e723f3ba19 fireqos now has same command detection as firehol 
Update pre-commit script to detect entries missing from configure script
Update unittest to run fireqos without a PATH set
Update unittest with a view to running code coverage check
 2015-10-27 21:35:21 +00:00
Phil Whineray
9449e984d6 Added WC_CMD to command table 
Also, updated pre-commit script to ensure all used commands are
present in the table.
 2015-10-27 13:03:05 +00:00
Phil Whineray
070430762d Fixup commands not using _CMD variables 
Also fix remaining problems around autodetection
Both were exposed by the new unittest strategy
 2015-10-26 22:36:00 +00:00
Phil Whineray
4e1bf97891 Only update PATH whilst detecting commands 
Update the unit tests so that an empty path is given. Highlight any
command failures (i.e. not using the special variables) that are
emitted.
 2015-10-26 22:35:17 +00:00
Phil Whineray
f652298849 Resolve uname discrepancy 2015-10-26 07:11:44 +00:00
Phil Whineray
8ef0c9a984 Include options for commands, where required 
Put back uname - it is currently used before the variable is set up
 2015-10-25 08:51:24 +00:00
Phil Whineray
ab2259f49b Fix possible quoting problem and introduce test 2015-10-25 08:10:32 +00:00
Phil Whineray
c76f7626a2 Use UNAME_CMD when finding kernel version 2015-10-25 07:34:16 +00:00
Phil Whineray
41e3065cdc Always return TTY to sane defaults 2015-10-25 07:33:42 +00:00
Phil Whineray
e6c887acf5 Use efficient alternative to extract command path 2015-10-25 07:31:31 +00:00
Phil Whineray
d63e61c3c3 Validate that all commands exist and can execute 
We will output a message indicating what can be done if this occurs
 2015-10-23 13:56:05 +01:00
Costa Tsaousis (ktsaou)
f0c2da8736 fix to remove a space that was appended on all commands detected; added a check to make sure the autoconf configured commands still exist; #82 2015-10-22 22:19:17 +03:00
Phil Whineray
1de06a4dbf Allow configure script to set default AUTOSAVE 2015-10-21 20:44:17 +01:00
Phil Whineray
08425eaac0 Rework command detection routines 
Process is now table-driven and has the following features:
- Honours the value set in /etc/firehol/firehol-defaults.conf, if any
- Uses the value set by autoconf, if any
- Autodetects in preferred order, allowing optional parameters as needed

This takes out all the special cases. Commands that are only sometimes
required are detected up front but still only checked when needed.

Also:
- allow detection/preinstall of iprange
- only emit iprange command warnings when it would be used
- restore tty settings when Ctrl-C hit (echo is disabled otherwise)
 2015-10-21 20:44:17 +01:00
Sander Ruitenbeek
1f2c8fadee Fixed interface oneliner to snip out NONE after interface name (ex. sit0NONE). 2015-10-20 22:32:52 +02:00
Phil Whineray
a28a459c8f Install update-ipsets script as with others 2015-10-18 12:05:23 +01:00
Phil Whineray
5b40aec1ad Compile and install iprange to /sbin 
Added option --disable-iprange to avoid it
 2015-10-18 11:17:39 +01:00
Costa Tsaousis (ktsaou)
297811db63 max/ceil % is now relative to parent's ceiling rate (it was by mistake to parent's base rate); added warning if a class takes priority outside the valid ranges of HTB (0-7); switched default colors from blue to green 2015-10-03 01:40:16 +03:00
Costa Tsaousis (ktsaou)
49b5ff3664 when a table was already up to date but other depend on it, it was failing. fix for issue #78 2015-08-02 17:38:55 +03:00
Costa Tsaousis (ktsaou)
d95a06a922 fix for issue #77 2015-08-02 17:03:53 +03:00
Phil Whineray
0cb697d218 Add IPv6 support to vnetbuild and update example 2015-07-29 20:13:44 +01:00
Costa Tsaousis (ktsaou)
0b751c5db6 fixed bug in action sockets_suspects_trap and ipset_apply 2015-07-05 02:48:13 +03:00
Costa Tsaousis (ktsaou)
c7468eeeb9 rewrote the ipsets functionality so that: a) it optimizes netsets with iprange if present, b) it adapts the maxelem parameter for the updated ipset so that updating ipsets with big incremental updates does not fail, c) maintains compatibility with older ipset versions; side-effect: calling an ipset update without restarting the firewall now only support ipsets that are used in firehol.conf; if iprange is present, processing of ipsets is a lot faster 2015-06-15 02:33:08 +03:00
Costa Tsaousis
64bc7e62be added support for adapting ipsets maxelem when updating an ipset 2015-06-13 06:52:14 +03:00