| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
* made the fetch utility function/autodetection more bullet proof
* no longer add suspicious IPs to the local blocklist when the nft set timeout has been set
* restructure internal functions & small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\
| |
| | |
ocserv: updated to 1.1.7
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd
This change fixes scenario like:
/etc/init.d/ksmbd stop
/etc/init.d/wsdd2 reload
(previously above wasn't stopping wsdd2)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |\ \
| | |
| | | |
python: Add proper support for pyproject.toml-based builds, update Python packages for new build process
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This package requires poetry to build using the new Python build process
but poetry is not available, so force the old build process for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This package isn't compatible with the new Python build process yet, so
force the old build process for now.
This also adds a call to Py3Build/Install, for when the new build
process can be used.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows changes to the Python build system apply more easily to the
package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \ \
| | | |
| | | | |
https-dns-proxy: fixes/improvements
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* use shared memory to store output data
* add family option to firewall json objects, due to reports that IPv6 hijacking
doesn't work without explicit family declaration
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: add family to firewall json objects
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| |_|_|/
|/| | | |
pbr: ipv6 & migration bugfixes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.
Suggested-by: Anna Tikhomirova <vamp@vampik.ru>
Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* fixed a log parser regression introduced in latest 0.8.4 update
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.26
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Upstream bump
Removed upstreamed patch: 900-fix_build_for_archs_contain_plus.patch[1]
1. https://github.com/snort3/snort3/commit/4de62ca9b9bfea4049ebe373a07076284b121bfe
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.6.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |/ /
|/| |
| | |
| | | |
Signed-off-by: Nick Peng <pymumu@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix compilation error for stream module not converted to use the PACKAGE
config flag and a missing required dependency for the DAV ext module.
Drop additional config for STREAM module since they are now included and
built by default.
Fixes: 65a676ed56fb ("nginx: introduce support for dynamic modules")
Fixes: #20906
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |/ /
| |
| |
| |
| |
| | |
LuCI is no longer powered by lua, but ucode
Signed-off-by: Glen Huang <me@glenhuang.com>
|
| |\ \
| | |
| | | |
pbr: update to 1.1.1-1
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix remaining small issues
* standardize log wording
* polished up for branch 23.x
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add housekeeping to the autoallow function, only the current uplink will be held
* fix small issues
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
* Quoting function arguments
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* add the option 'ban_autoallowuplink' to limit the uplink autoallow function: 'subnet' (default), 'ip' or 'disable'
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \
| | | |
| | | | |
simple-adblock: implement curl_additional_param compressed_cache_dir
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* curl_additional_param: to pass additional parameters (like proxy) to curl
* compressed_cache_dir: where to store compressed cache in non-volitile memory
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Configure the openssh server to respawn. Reload by sending SIGHUP
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
|
| | |/ /
|/| |
| | |
| | | |
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix domain lookup function (parse banIP config vars)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Release Notes:
https://github.com/libreswan/libreswan/releases/tag/v4.10
Fixes: CVE-2023-23009
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rename nginx-all-module to nginx-full to follow pattern used by other
package and other projects.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update nginx to 1.24.0 and update headers-more module to fix compilation
error.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update lua module to latest openrestry version. Additional config are
required to correctly use it.
Switch it to luajit from liblua as this is what is currently supported
for the module since plain lua support was dropped from the module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Start building sub package that provide dynamic modules.
Each module needs to be loaded using load_modules.
Refer to nginx documentation on how to use this.
This should result in lower memory usage as only used module are loaded.
Also fix the uci-default scripts to add the required ubus module for
luci module.
-fvisibility=hidden is needed to be dropped to correctly support loading
dynamic modules.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|