Respostas no Fórum
-
Posts
-
olha esse topico: http://endian.eth0.com.br/topic/como-customizar-as-mensagens-do-endian
Wireguard_webadmin
Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.
Principais funcionalidades:
- Sistema de Firewall completo e flexível.
- Encaminhamento de portas
- Suporte a multi usuário com níveis diferentes de acesso
- Múltiplas instâncias do Wireguard
- Crypto key routing para configuração de VPN site-to-site
O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin
Atualizações implementadas:
Release Notes – Version 2.5.2
** New Features
* [UTM-250] – PhishTank as anti-phishing protection
* [CORE-82] – Show signatures update time in the dashboard
* [CORE-477] – Intel drivers for the newest Intel network
interface cards
* [CORE-222] – Support for USB Huawei E173 USB UMTS modem
** Improvements
* [UTM-68] – ClamAV engine update to version 0.97.8
* [CORE-184] – The collectd netlink plugin stores information
that is never used
* [CORE-89] – EMI does not load sqlite anymore
* [CORE-259] – EMI storage is not read/write-safe
* [CORE-63] – In Port forwarding / DNAT the default mode
should be simple instead of advanced
* [UTM-250] – PhishTank lists replace lists from
malwaredomains
* [CORE-285] – Packaged signatures tarball with new PhishTank
signatures instead of those from
malwaredomains
* [CORE-105] – Monit method needs an additional attribute
monitor=False which prevents monitor/unmonitor
command from getting sent to monit
* [CORE-189] – Store collectd RRD files in /tmp and
periodically synchronize to /var
* [CORE-164] – Delete archived log files when free space is
needed
* [CORE-231] – Use collectd graphs instead of squid-graph
* [CORE-206] – Replace makegraphs.pl with collectd graphs
* [UTM-110] – Remove collectd’s ntp RRD files
* [UTM-80] – New version of ntop
* [CORE-240] – Ethernet bonding support
* [UTM-40] – DansGuardian custom *regexp file is not handled
correctly
** Bugs
* [UTM-115] – ClamAV blocks .exe files due to issues in its
DetectBrokenExecutables check
* [UTM-86] – HAVP does not run after an upgrade to 2.5
* [UTM-65] – “Block encrypted archives†flag was doing
exactly the opposite of what had been
configured
* [UTM-63] – Wrong status message in ClamAV page before the
first signature update
* [CORE-132] – The Authentication layer does not start due to
an UTF-8 problem
* [CORE-125] – Authentication job is not started after
finishing the initial wizard
* [CORE-367] – Old backups cannot be downloaded after
migrating to 2.5
* [CORE-288] – USB stick not detected correctly by
efw-backupusb
* [CORE-278] – When cleaning the system USB backups are not
considered
* [CORE-148] – Instead of keeping 3 USB backups when rotating
only 2 are kept
* [CORE-113] – Error creating the cron link for scheduled
automatic backups
* [CORE-220] – More backups than configured are stored
* [CORE-427] – Deadlock during the reading/writing of
SettingFiles
* [CORE-264] – Logout button does not work for all browsers
* [CORE-236] – After an update efw-shell does not display
correctly the new/updated commands”
* [CORE-122] – In policy routing rules only CS0 Type of
Service can be selected
* [CORE-107] – Dnsmasq sometimes fails to restart which causes
monit to use a huge amount of resources
* [CORE-88] – Backup uplinks do not work if they are Ethernet
uplinks
* [CORE-497] – Collectd does not start on boot with new
version of monit
* [CORE-211] – Dependency to efw-httpd is missing
* [COMMUNITY-15] – RPM triggers interrupt update process
* [CORE-451] – GUI port is hardcoded for redirection
* [CORE-268] – Reboot required not shown after kernel upgrade
* [CORE-482] – emicommand hangs because of curl blocking
* [CORE-137] – YAML storage raises an exception when trying to
load a valid YAML file that contains a list
instead of a dictionary
* [CORE-369] – Interzone firewall rules are not created after
migration to 2.5
* [CORE-119] – When switching from advanced to simple mode
editing destination NAT rules the filter policy
is changed to ALLOW
* [CORE-118] – Target port of Destination NAT is not disabled
when the incoming protocol is “Any”
* [CORE-115] – Incoming Service/Port field of Port forwarding/
Destination NAT is editable, even if Service
and Protocol are both set to “Any”
* [CORE-106] – The bridges job status is wrong, “restart”
instead of “start”
* [CORE-335] – jobcontrol hangs when sync restarting jobs
* [CORE-326] – Jobengine exception during update
* [CORE-257] – Jobs are unnecessarily restarted multiple times
* [CORE-248] – Jobsengine memory leak when OpenVPN client
connects
* [CORE-131] – The efw-shell command “job” does not work due
to a syntax error
* [CORE-124] – AnaCronJob uses Job.start which sets force=True
even if not needed
* [CORE-123] – DownloadJob uses Job.start which sets
force=True even if not needed
* [CORE-120] – Timestamping signatures are recreated although
force is not set to true in CrawlerJob
* [CORE-321] – After migration from 2.4 to 2.5 RAID controller
mptsas is not working anymore
* [CORE-303] – Intel Network driver igb not supported for Quad
Intel 82580 Gigabit Network
* [CORE-190] – Enable FUSION_SAS driver
* [CORE-332] – twistd.log are not compressed and rotated in /
* [CORE-247] – Logrotate not run under various circumstances
* [CORE-87] – ntop UI is not accessible
* [CORE-251] – Logrotate configuration file is removed when
logrotate package is upgraded after efw-syslog
* [CORE-203] – purge-log-archives script fails under special
circumstances
* [UTM-414] – ntop segfault in libc-2.3.4.so/libntop-4.1.0.so
* [UTM-244] – ntop crashes if it is asked to monitor a
interface that is down
* [CORE-343] – VLAN configuration problem
* [CORE-174] – Local routes are missing in ip rule so user
defined rules always overrule local routes
* [CORE-86] – Policy Routing rules are not applied
* [CORE-80] – Upgrade of stripped RPM packages destroys
configuration files
* [UTM-378] – Double efw-dnsmasq packages after upgrade
* [UTM-338] – When updating efw-dnsmasq the httpd
configuration file is removed
* [UTM-322] – Anti-spyware signatures last update date is
inconsistent
* [UTM-320] – DNS black- and whitelists are ignored until the
cron job runs
* [UTM-317] – DNS anti-spyware blacklist is not working
* [UTM-316] – Black- and whitelisted domains are not erased
after saving settings
* [UTM-88] – Unable to download malwaredomains information
* [UTM-181] – Proxy PAC is not applied
* [UTM-93] – Denial of service triggered by access to the
proxy port
* [UTM-90] – DansGuardian blacklists and phraselists are
missing after an upgrade to 2.5
* [UTM-87] – DansGuardian blacklists and phraselists cannot
be downloaded
* [UTM-55] – Clamd is not started before HAVP
* [UTM-194] – HTTP proxy configuration ignores rules under
certain circumstances
* [UTM-81] – IMAP authentication fails if username contains
a @domain part.
* [CORE-219] – TOS/DSCP option breaks Quality of Service
* [UTM-119] – Snort is restarted twice during boot time
* [CORE-138] – System uptime is shown incorrectly
* [CORE-396] – Migration not called after upgrade to 2.5 due
to collectd
* [CORE-159] – Certain migration scripts are not executed
* [CORE-129] – Migration framework causes tracebacks if an RPM
package has an epoch set and a migration script
for it exists
* [UTM-108] – OpenVPN client calls missing “remove_rules”
method which is not controlled by jobengine and
uses a deprecated function
* [UTM-95] – Selecting GREEN in IPsec GUI corrupts IPsec
configuration file
* [UTM-230] – OpenVPN job fails to create user configuration
files if the push orange or push blue options
are enabled
* [UTM-97] – OpenVPN process cannot remove temporary files
because of wrong file owner
* [CORE-221] – OpenVPN client TUN device configuration is
broken
* [UTM-200] – Route to subnet behind OpenVPN gateway-to-
gateway user is set with wrong gateway IP
address if the user has a static IP assigned
Eu acho que o Bacula pode ser a sua solução http://pt.wikipedia.org/wiki/Bacula
desse jeito vc torna seu firewall inseguro.
Tenta cadastrar um host no endian com o nome “meusite” e o dominio como “dyndns.org” e endereço “192.168.0.2” dessa forma o endian via traduzir o o nome do site para o IP 192.168.0.2 e ai nem precisa passar pelo iptables ou pelo proxy.
Entendeu?
Quanto fui tentar fazer pensei em não reinventar a roda e pesquisar e achei a resposta:
http://www.vivaolinux.com.br/dica/Endian-24-Adicionando-usuario-para-visualizar-relatorios-do-Sarg?
http://endian.eth0.com.br/topic/relatorio-sarg?replies=14#post-14006
Posso ajudar sim. Qual é a dificuldade que esta tendo em fazer? Gostaria que eu criasse essa rota para você?
Pode o Endian atende a todos esses requisitos.
Não sei qual é a sua necessidade mais eu não gosto de restringir acesso por MAC porque acho inseguro, pois da para alterar o MAC facilmente.
darksom olhe esse meu post http://endian.eth0.com.br/topic/regras-prevencao-a-intrusao-bloqueadas
