ddns-confgen is a useful tool for generating partial zones for
transfer/update in dynamic DNS (ddns) scenarios.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* OPUS and Pulse can be configured nicely by default now, no longer
need a local patch for that
* mysql version checks fail when cross-compiling, add patch to remove
them and always assume MySQL >8.0.
* Package new services, communicators, ...
This is a new major release. It breaks protocol compatibility with the
0.15.x versions. Please be aware that Git master is thus henceforth
(and has been for a while) INCOMPATIBLE with the 0.15.x GNUnet network,
and interactions between old and new peers will result in issues.
0.15.x peers will be able to communicate with Git master or 0.16.x
peers, but some services - in particular GNS - will not be compatible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no reason for the kmod to depend on the binary package
itself, neither for building nor for installing.
That dependency prevents phase1 from building the kmod even though
support is enabled in the binary.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
It was leftover from the previous rewrite of ss-rules. The built
package has no ref to it so no need to update PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
I believe these packages should be removed (and imported into the
abandoned packages repo[1]) as Seafile Server and Seahub have been
marked as broken for some time, and I do not believe I will have time to
fix or update these packages in the foreseeable future.
[1]: https://github.com/openwrt/packages-abandoned/pull/22
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Both packages provide the same packages and should conflict to each
other.
Fixes:
```
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /usr/sbin/haproxy
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /etc/haproxy.cfg
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /etc/init.d/haproxy
```
They should not be installed side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- There should be shorter TITLE in Package/haproxy/Default
otherwise it is not shown
- No need to call Build/Prepare/Default
- Remove twice TITLE in non-SSL variant
- Make conffiles more clear
- Remove empty menu for halog
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Both packages provide the same files:
/usr/bin/chronyc
/usr/sbin/chronyd
/etc/chrony/chrony.conf
/etc/hotplug.d/iface/20-chrony
/etc/init.d/chronyd
They should not be installed side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Both packages provides the same files:
- /usr/bin/u2boat
- /usr/bin/u2spewfoo
- /usr/bin/snort
- /etc/init.d/snort
- /etc/config/snort
So they should be in conflict.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Fix the following build failures by adding the missing dependencies:
Package strongswan-mod-connmark is missing dependencies for the following libraries:
libip4tc.so.2
Package strongswan-mod-forecast is missing dependencies for the following libraries:
libip4tc.so.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Following recent dependency rework, we can switch
between iptables-legacy and iptables-nft, and they both
PROVIDES iptables. Make it easier for user that want/need to
stick to firewall3/iptables-legacy to do so.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
It will be mostly implemented with ucode templates installed at
/usr/share/ss-rules and called from init script. The generated nftables
rules will be stored at /etc/nftables.d/
Incompatible changes were introduced as described in the README.md file
- Netfilter ipset was replaced with nftables sets
- UCI options ipt_args and dst_forward_recentrst of section ss_rules
are now deprecated. The former does not apply to nftables. The
later not yet implemented with nftables.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ss-rules with iptables needs presence of netfilter nat table to work.
ss-rules works before without explicitly requesting it as a dependency
because it's present by default on a pre-firewall4/nftables OpenWrt
install. We request it explicitly now to make life easier in case
people would like to try ss-rules/iptables on firewall4/nftables enabled
OpenWrt system
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
shorewall-core macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall-core requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall6-lite macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall6-lite requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
3. fakeuname does not work in install.sh because install.sh
redefines PATH.
This patch removes PATH=... from install.sh on macos
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall6 macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall6 requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall-lite macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall-lite requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
3. fakeuname does not work in install.sh because install.sh
redefines PATH.
This patch removes PATH=... from install.sh on macos
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.
Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* include gnunet-service-zonemaster-monitor in gnunet-gns package
* rename namestore-heap back to namestore-flat
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The "build" script was replacing a ~DATE~ with current date.
Now it uses $(SOURCE_DATE_EPOCH).
Fixes#17848
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ipvsadm build fails on macos due to libipvs Makefiles uses system
`ar` that is not compatible with the objectes generated by OpenWrt
GCC Toolchain.
This commit adds patch to allow ar redefining
This commit modifes an old patch (removing CC=gcc is not required
due to it is redefinable)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
In the build environment the autotools finds the `passwd` binary in
/usr/bin. But in the target image it is available under /bin instead.
Manually set the path to `passwd` binary to `/bin/passwd`
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
There is no need to remove root password from /etc/shadow as the
password in the file is blank anyway in the failsafe mode.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
DoH is enabled by default, but disabling it removes the need to link
against libnghttp2, which may be desirable more constrained
environments.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* consolidate dnsmasq config manipulation into one function
* more elegant code for PROCD data processing (Thanks @jow-!)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Manually added new env variable `XDG_DATA_HOME` which won't be passed
by procd by default.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
There's only one of the shaper scripts (simple.qos) that uses iptables, and
it should be fine with iptables-nft for compatibility with the new default
nft-based firewall. Confusingly, we still need the iptables-mod-ipopt
package to get the DSCP match module; we never used CONNMARK, though, so
drop the iptables-mod-conntrack-extra dependency while we're at it.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
With commit 385200443554 ("babeld: add add_interface function") babeld
has a new ubus function allowing to dynamically add an interface.
Before the add_interface function, we were required to reload babeld.
The reload influenced the babeld routing. However, the remove part is
still missing and will be added at a later stage.
Signed-off-by: Nick Hainke <vincent@systemli.org>
chaosvpn Makefile detects Darwin (macos) and changes compilation
flags for macos target, but OpenWrt is always Linux so build fails.
This patch redefines OS=Linux to use Linux compilation flags.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
nut build fails on macos due to:
1. configure script can not use AR env var due to OpenWrt build
system provides only executable name (e.g. aarch64-openwrt-linux-musl-gcc-ar)
but configure script checks if AR has '/'. As a result, configure
script ignores AR env var and uses system `ar` but macos `ar` is
not compatible with the objects generated by OpenWrt GCC toolchain.
This commit explicitly sets ac_cv_path_AR=$(TARGET_AR) to use
OpenWrt toolchain AR.
2. configure script detects if build host is macos and adds
macosx_ups driver as a build target, but this driver can not be
build with OpenWrt toolchain because OpenWrt is Linux.
This commit explicitly disables macosx_ups driver using configure
flag --without-macosx_ups
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
host-compile fails on macos due to several reasons:
1. host-compile Makefile always selected for linux
2. macos host cc (clang) fails due to implicit-function-declaration
3. ar and ranlib tools are hardcoded in softethervpn Makefiles
All three issues are fixed by this patch
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
knxd compilation fails on macos due to clang does not support
exit() builtin function that is used to detect build cc
This commit adds a patch to fix this issue (replaces `exit 0` by
`return 0` in conftest.c)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This intends to replace the hotplug script. It still hardcodes "wan"
interface name (as several other packages do) for lack of a deterministic
way to detect the actual wan iface before it is brought up, but at least
it is fully integrated with procd and will not start a disabled service.
The interface trigger forcefully restarts chilli as a simple reload may
not be sufficient to recover from wan changes.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This hotplug trigger unconditionaly restarts coova-chilli when the "wan"
interface sees action "ifup", without checking whether or not the
service is disabled or the upstream interface is actually called "wan".
This hotplug could be replaced by a suitable service trigger instead.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Coova Chilli creates "undo" firewall scripts that are intended to be run
when the daemon is shut down. Failure to do so results in leftover
entries in firewall and duplicated ones if chilli is subsequently
restarted.
Execute these scripts when the service stops.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Coova Chilli will fail to start if e.g. it cannot resolve names in its
configuration (like uamserver, radiusserver, etc) which is typically the
case when wan is unavailable. Prevent this situation by delaying startup
if wan is not available.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
isc-dhcp uses system ar tool so build fails on Darwin build host.
Embedded bind lib uses system ar and ranlib tools and fails on Darwin
This patch explicitly specifies ar and ranlib tools for target build
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Backported upstream pending pull request to fix following error:
CMake Error at /foo/staging_dir/host/share/cmake-3.19/Modules/FindPackageHandleStandardArgs.cmake:218 (message):
Could NOT find CURSES (missing: CURSES_LIBRARY)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Declare the nftables variant as the DEFAULT_VARIANT
as nftables firewall4 is the now default in OpenWrt.
Additionally,
* toggle CONFLICTS placement to avoid circular dependency warning
* use AUTORELEASE
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Maintainer: me
Build system: Arch Linux x86_64
Build tested: ipq806x/R7800
Run tested : ipq806x/R7800
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
Add flag "--lookup-default-namespace" to signal that wg-installer should
look already established wireguard sessions in the default namespace.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit removes iptables backend support and leaves only the
netfilter backend support. This means that:
- iptables and nftables firewall based systems (firewall3 and firewall
4) are supported trough the netfilter instance mode
- the iptables/xtables mode support is disabled
For more information on the modes and how to use the new netfilter
instance checkout https://www.jool.mx/en/intro-jool.html
This move is made out of the commit upstream that sets firewall4 as the
default for new default buils and based on the conversation in #16818
and was decided that the netfilter interface is the priority since
iptables support will be dropped in the foreseeable future.
While at it update the templates provided.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom
This patch specifies Linux as a target platfrom
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer
the initd need the correct binary name to start the process
the link for github source need also to be fixed (only the information one)
fix the BuildDate
updated copyright
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Check if a peer is already existing with a given public key. Introduce a
response code for signaling why the server rejected the request.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Use shellcheck to rework the code. Use "export" to return variables from
a function call. Further, fix typos.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* bump to 4.7.0
* enable DNS over TLS (uses libssl which was already a dependency)
* add libcurl dependency for new zone-to-cache feature.
Co-Authored-By: wout@wbnet.eu
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Latest Apple clang (v13) defines __cplusplus=199711 by default, but
protobuf requires at least 201103 (c++11)
Backported patch to fix c++ detection:
30fe936a88
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Version 1.0.1 brought the following changes:
[v1.0.1] - 2021-11-26
Primarily fixes a few issues in the kernel module that were found
during a quick review from Russell King:
https://lore.kernel.org/netdev/YYPThd7aX+TBWslz@shell.armlinux.org.uk/https://lore.kernel.org/netdev/YYPU1gOvUPa00JWg@shell.armlinux.org.uk/
- mdio: The mvls subcommand now supports flushing the ATU
- mdio-netlink: Plug some glaring holes around integer overflows of
the PC.
- mdio-netlink: Release reference to MDIO bus after a transaction
completes.
So, update to the latest version and switch the kernel module back
to fetching tarballs like the userspace tool does.
Signed-off-by: Robert Marko <robimarko@gmail.com>
* Updating i2pd package to 2.40.0
* Rewrite Makefile
* Remove usage of PKG_INSTALL (package's make install)
* Rewrite init.rc configuration and script
* Remove '--service' option from init, which only sets datadir to /var/lib/i2pd
* Use '--datadir' option in init, otherwise datadir changing via uci is not works
* Update patch for i2pd.conf
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
When ModemManager is started on boot we may end up with hotplug events
reported directly to the daemon, plus some others already cached in
the cache file before the daemon was started.
If the cached events correspond to the same device that is still
notifying ports directly, we may end up with a modem object created
before the cached events have been emitted, so the modem may not
handle all control/data ports it should.
E.g.:
- modem detected
- hotplug event for wwan0 port, cached as MM not running
- hotplug event for cdc-wdm0 port, cached as MM not running
- hotplug event for ttyUSB0, cached as MM not running
- MM starts
- hotplug event for ttyUSB1, directly processed as MM is running
- hotplug event for ttyUSB2, directly processed as MM is running
- modem object created with ttyUSB1 and ttyUSB2
- 2s after MM starts, cached events for wwan0, cdc-wdm0 and ttyUSB0
happen, but are ignored because the modem object has already been
created
MM expects that ports of the same device are reported with less than
1500ms in between ports. In other words, if ports are reported more
than 1500ms after the last reported port, they may get ignored.
If we remove the 2s timeout, the report of the cached events will
happen as soon as MM starts, which makes it much more likely to happen
in the timeslot that MM expects for ports of the same device reported.
The logic is still not perfect, and we may also need to increase that
1500ms timeout inside MM, but removing the 2s timeout right away here
makes sense.
This 2s timeout was introduced along with the new wrapper launcher for
the daemon, it didn't exist before.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
This commit adds support for starting and running jool through init
scripts, with default config files as examples.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Add checks not to overwrite defaultnotify options in the nut-sendmail-notify fashion.
Use lists for defaultnotify instead of option.
Add check not to overwrite notifycmd if already defined.
upssched-cmd script must not be called directly, it is called by the upssched binary with needed arguments.
Signed-off-by: Pascal Coudurier <coudu@wanadoo.fr>
Convert notifyflags options to lists as supported by the init script, so multiple options can be chosen.
Add SYSLOG default option to individuals notifyflags instead of deprecated flag 1|0.
Add comment for defaultnotify and individuals notifyflags about possible values.
Signed-off-by: Pascal Coudurier <coudu@wanadoo.fr>
lynx uses host C-compiler to build internal utility that is used to
generate files required for target build. On MacOS it uses internal
clang with MacOS system headers so host build fails due to MacOS is
not Linux
Forced to use OpenWrt host C compiler using --with-build-*
./configure flags
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This backports a patch from upstream radsecproxy to fix compilation with glibc 2.34.
It fixes the following build problem:
radsecproxy.h:35:5: error: missing binary operator before token "("
35 | #if PTHREAD_STACK_MIN > PTHREAD_STACK_SIZE
| ^~~~~~~~~~~~~~~~~
make[5]: *** [Makefile:623: dtls.o] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
davfs2 username and password information is typically stored in
/etc/davfs2/secrets. This information should be kept across sysupgrades.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Although undocumented, there's a way to explicitly disable static linking in
Stubby, setting the CMake build option ENABLE_GETDNS_STATIC_LINK to OFF (ON by
default). Make it so.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Drop the tftpd binary, which is no longer provided upstream. Users
should switch to the atftp server as a replacement.
Avoid executing runtime tests, which are not supported in cross-build
environments.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
When zone id is explicitly provided, there is no need for the API token to have read permission. Inspired by acme.sh's cloudflare logic.
Signed-off-by: Glen Huang <heyhgl@gmail.com>
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.21
Makefile rework
- use tagged version for download
Fixes
- set API_KEY in firewall bouncer config file
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
backport of upstream commit
3c66c1fec7
Original author: Nikhil Benesch <nikhil.benesch@gmail.com>
Remove unnecessary flag in macOS build
The configuration logic for adding the `-search_paths_first` linker
flag on Darwin does not correctly handle cross compilation. It should
check the value of $krb5_cv_host rather than `uname -s` to detect when
the compilation target is Darwin, rather than the build machine.
It turns out `-search_paths_first` has been the default behavior of ld
on macOS since XCode 4. So just remove that bit of logic entirely.
(The flag was added in commit acd27af0e845f8b93de2e226cc2ec9ac8af52077
in 2004; XCode 4 was released in 2010.)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
With procd-ujail enabled, it is not possible to use HTTPS URLs, for
example when either for downloading torrent files or blocklists. The
followig example occurs when downloading a URL from the "Upload Torrent
Files" dialogue box:
Error adding
"https://releases.ubuntu.com/21.10/ubuntu-21.10-desktop-amd64.iso.torrent":
gotMetadataFromURL: http error 0: No Response
syslog will also hint that no CA_BUNDLE is being used:
transmission-daemon[6683]: [2021-12-30 20:01:30.990] web will verify
tracker certs using envvar CURL_CA_BUNDLE: none (web.c:455)
This patch rectifies this issue by adding a ca_bundle configurable,
enabled by default. This explicitly fixes the ca_bundle file location
to /etc/ssl/certs/ca-certificates.crt and adds this file to the procd
jail. On subsequent testing, HTTPS URL download functionality is
restored.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
The delete variable was misspelled leading to devices always being
removed although they had connected neighbors.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update crowdsec to latest upstream release version 1.2.2
Makefile rework
- use tagged version for download
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Issue: 2to3 support has been removed in setuptools since version 58.0.0.
Fix: openwrt/packages#17311
Requirements: 2to3/host openwrt/packages#17429
Add upstream patch: 196c55e931
To install/build for python3 from source, it is necessary to convert to py3
codebase before setup (invoke 2to3 or ./fail2ban-2to3 firstly).
> ./fail2ban-2to3
> python3 setup.py build
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
The next OpenWrt stable release aims to use firewall4 by default. As
this uses nftables as backend, miniupnpd will no longer work. Create an
iptables and nftables variant of the miniupnpd package so that miniupnpd
can be used with either firewall variant.
See #16818 for more info.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since version 2.2.3, miniupnpd will detect MS clients and force IGDv1.
This reverts commit 7f5534ac7a.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Removed patches:
001-fix-stime-glibc-remove.patch - it is included in upstream
003-Fix-compilation-with-gcc11.patch - no longer necessary
Updated patches:
002-Avoid-problems-with-64-bit-time_t.patch
Refreshed patches:
004-Comment-out-librt-testing.patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
These cmake modules are actually never referenced. Stubby itself doesn't link to
libidn or libunbound, only getdns does. They're most likely leftovers from when
stubby was split from getdns to its own repository.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Full changelog available at: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.0
packr has been removed from build dependencies, per
c6888326b0 (diff-2873f79a86c0d8b3335cd7731b0ecf7dd4301eb19a82ef7a1cba7589b5252261L2)
Also added the ability to configure working directory location and moved
the directory to /var. On most setups this should not change anything,
as /var is symlinked to /tmp. The move mostly benefits setups where /var
is configured to be persistent.
The working directory is used by AdGuard to store persistent data like
query logs, filter lists, etc.
Data stored in this directory can get really huge, as such allowing
this directory to be moved elsewhere (ie. an USB drive) is very
beneficial.
Co-authored-by: Dobroslaw Kijowski <dobo90@gmail.com>
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Hiếu Lê <leorize+oss@disroot.org>
Add MaxMind's geoipupdate utility. mmdb files are downloaded to /var/GeoIP
by default. The user should update /etc/GeoIP.conf with their API key and
DB choice, currently set to country only. So as not to exceed MaxMind's
download limitations, the user should manually run the utility or set up a
cron job.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Remove un-necessary crowdsec package dependency, to be able to use
crowdsec-firewall-bouncer independently from crowdsec local installation.
(with remote API)
Fix issue: https://github.com/openwrt/packages/issues/17406
Description:
using crowdsec-firewall-bouncer on many OpenWRT devices connected
with my domain LAPI server (which collect many crowdsec machines,
mostly nginx), it works great. Actually, crowdsec package is not
mandatory for that usage, it would be great if it was not a dependency.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
