rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
40 commits 1 branch 0 tags 160 KiB
Commit graph

40 commits

Author SHA1 Message Date
Timotej Lazar ea6aa37131 Fix OIDC id_token parsing 
Unbreak it, actually.
 2023-09-11 15:10:19 +02:00
Timotej Lazar 719bcf7c55 Improve LDAP lookup of user groups 2023-09-07 15:02:08 +02:00
Timotej Lazar 9dc0fbb4fe Switch to OIDC authentication 2023-09-07 11:46:57 +02:00
Timotej Lazar 5add39a8a7 Add form for editing ipsets 2023-07-24 16:43:57 +02:00
Timotej Lazar a5df435931 Consolidate error handling 
Do or do not; there is no try. With some exceptions.
 2023-07-12 14:19:18 +02:00
Timotej Lazar 8c824fe9e6 Improve admin settings page 
The improvements are mostly cosmetic^Wquestionable.
 2023-07-07 13:23:51 +02:00
Timotej Lazar dd607dbddd Add a nicer response for TimeoutError 2023-07-07 10:15:02 +02:00
Timotej Lazar 6b72316076 Add node status page 2023-07-07 10:13:55 +02:00
Timotej Lazar 4ef3efbc68 Handle exceptions when sending mail 2023-07-07 09:04:17 +02:00
Timotej Lazar 5262c64244 Add form for editing NAT addresses 2023-07-07 08:20:35 +02:00
Timotej Lazar 8b8c675759 Rename networks.json to ipsets.json 
Getting ready for some changes.
 2023-07-06 16:28:15 +02:00
Timotej Lazar 1ff6c9d0d3 Tweak templates for editing and managing rules 2023-07-04 12:18:01 +02:00
Timotej Lazar 5e65755ec0 Add error reporting over email and improve logging 2023-07-03 16:01:14 +02:00
Timotej Lazar b55ae4d305 Use a script on firewall nodes to update config 
So we can get some feedback to firewall master.
 2023-06-28 14:17:39 +02:00
Timotej Lazar 4fb2d2c732 Add version number to config tarballs 
Preparing to rework the updater script.
 2023-06-26 18:26:35 +02:00
Timotej Lazar fb1c328893 Normalize line endings from textareas 
Every day for us something new.
 2023-06-26 11:49:26 +02:00
Timotej Lazar 5ba9c03e23 Don’t print empty element lists in nftables 
Because nft chokes on them.
 2023-06-26 10:15:03 +02:00
Timotej Lazar e84cb26dc7 Fix up Flask settings 
DEBUG is apparently strongly discouraged. Use --debug instead.
 2023-05-29 13:37:16 +02:00
Timotej Lazar 6780f074c7 Support IPv6 sets 
Also some unrelated cleanups in system.save_config.
 2023-05-29 13:00:39 +02:00
Timotej Lazar 765d4a3ce7 Add support for managing forwarding rules 2023-05-29 12:24:21 +02:00
Timotej Lazar 52a5b7cd11 Use iif/oif instead of iifname/oifname in nftables rules 
Following the change in ansible scripts.
 2023-05-23 11:31:13 +02:00
Timotej Lazar 22cec64bef Simplify database locking 
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
 2023-05-19 09:30:28 +02:00
Timotej Lazar 93458c4782 Allow custom timeout for db locking 2023-05-19 09:03:15 +02:00
Timotej Lazar 9272b3f8e3 Improve landing page slightly 2023-05-19 09:00:01 +02:00
Timotej Lazar aeae0f8a29 Rework NAT settings again 2023-05-19 08:31:49 +02:00
Timotej Lazar 968a2736d2 Rework NAT settings 
Support static NAT for L2 server networks. Also some other minor
tweaks.
 2023-05-11 10:37:54 +02:00
Timotej Lazar 9476a28674 Rename “comment”→“name” in wg key config 2023-04-24 09:54:23 +02:00
Timotej Lazar 2793385693 Rename some bound variables 2023-04-07 22:51:38 +02:00
Timotej Lazar 771389bbdf Create new config on change 2023-04-07 14:20:59 +02:00
Timotej Lazar 931cd3f8c1 Store generated configs in $HOME 
And move app to ~/app.
 2023-04-07 14:20:54 +02:00
Timotej Lazar 0afcd33a99 Store settings in $HOME 2023-04-07 13:32:26 +02:00
Timotej Lazar f8c9341315 wg-fri.conf: keep standard AllowedIPs even when allowing all traffic 
So it is easier to change later if needed.
 2023-04-06 10:19:35 +02:00
Timotej Lazar bba8193e14 Fix locking 
Or maybe break it further.
 2023-04-06 10:04:30 +02:00
Timotej Lazar a791e2bcdd Do not allocate wireguard server IP to clients 
It’s possible to avoid assigning any IP to the server but let’s not.
 2023-02-06 17:02:07 +01:00
Timotej Lazar 42b16c8ac5 Fix whitespace in wireguard config template 2023-02-06 16:58:59 +01:00
Timotej Lazar 539c6ef739 Clean up imports 2023-01-26 16:28:36 +01:00
Timotej Lazar 3cf207047e Remove unimplemented DNAT settings 
For now.
 2023-01-26 16:28:32 +01:00
Timotej Lazar 388061130e Decrease SSH timeout when pushing config to nodes 2023-01-26 16:15:08 +01:00
Timotej Lazar 0ded9d3823 Initialize settings 2023-01-26 16:11:32 +01:00
Timotej Lazar 113992f95b Make a squash 2023-01-26 10:51:51 +01:00