← Back to branch summary

~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to config/cfgroot/manualpages

  • Committer: Peter Müller
  • Date: 2022-04-23 14:27:56 UTC
  • mto: This revision was merged to the branch mainline in revision 9750.
  • Revision ID: git-v1:7a981d94cb2c3e48ecaf07c506c8353a2c839d79
SSH: do not send spoofable TCP keep alive messages

By default, both SSH server and client rely on TCP-based keep alive
messages to detect broken sessions, which can be spoofed rather easily
in order to keep a broken session opened (and vice versa).

Since we rely on SSH-based keep alive messages, which are not vulnerable
to this kind of tampering, there is no need to double-check connections
via TCP keep alive as well.

This patch thereof disables using TCP keep alive for both SSH client and
server scenario. For usability reasons, a timeout of 5 minutes (10
seconds * 30 keep alive messages = 300 seconds) will be used for both
client and server configuration, as 60 seconds were found to be too
short for unstable connectivity scenarios.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

Show diffs side-by-side

added added

removed removed

Lines of Context:
config/cfgroot/manualpages
1
 
# Assign manual page URL path to CGI file ([cgi file]=[path/to/page])
2
 
# The CGI files are referenced relative to the "/cgi-bin/" path
 
1
# Assign manual page URL path to CGI file ([cgi basename]=[path/to/page]) 
3
2
 
4
 
# Fixed base URL (without trailing slash)
 
3
# Base URL (without trailing slash)
5
4
BASE_URL=https://wiki.ipfire.org
 
5
index=configuration/system/startpage
6
6
 
7
7
#       System menu
8
 
index.cgi=configuration/system/startpage
9
 
mail.cgi=configuration/system/mail_service
10
 
remote.cgi=configuration/system/ssh
11
 
backup.cgi=configuration/system/backup
12
 
gui.cgi=configuration/system/userinterface
13
 
fireinfo.cgi=fireinfo
14
 
vulnerabilities.cgi=configuration/system/vulnerabilities
15
 
shutdown.cgi=configuration/system/shutdown
16
 
credits.cgi=configuration/system/credits
 
8
index=configuration/system/startpage
 
9
mail=configuration/system/mail_service
 
10
remote=configuration/system/ssh
 
11
backup=configuration/system/backup
 
12
gui=configuration/system/userinterface
 
13
fireinfo=fireinfo
 
14
vulnerabilities=configuration/system/vulnerabilities
 
15
shutdown=configuration/system/shutdown
 
16
credits=configuration/system/credits
17
17
 
18
18
#       Status menu
19
 
system.cgi=configuration/status/system
20
 
memory.cgi=configuration/status/memory
21
 
services.cgi=configuration/status/services
22
 
media.cgi=configuration/status/drives
23
 
netexternal.cgi=configuration/status/network_ext
24
 
netinternal.cgi=configuration/status/network_int
25
 
netother.cgi=configuration/status/network_other
26
 
netovpnrw.cgi=configuration/status/network_ovpnrw
27
 
netovpnsrv.cgi=configuration/status/network_ovpnn2n
28
 
wio.cgi=addons/wio
29
 
hardwaregraphs.cgi=configuration/status/hardware_diagrams
30
 
connections.cgi=configuration/status/connections
31
 
traffic.cgi=configuration/status/nettraffic
32
 
mdstat.cgi=configuration/status/mdstat
 
19
system=configuration/status/system
 
20
memory=configuration/status/memory
 
21
services=configuration/status/services
 
22
media=configuration/status/drives
 
23
netexternal=configuration/status/network_ext
 
24
netinternal=configuration/status/network_int
 
25
netother=configuration/status/network_int
 
26
netovpnrw=configuration/status/network_ovpnrw
 
27
#netovpnsrv=
 
28
wio=addons/wio
 
29
hardwaregraphs=configuration/status/hardware_diagrams
 
30
entropy=configuration/status/entropy
 
31
connections=configuration/status/connections
 
32
traffic=configuration/status/nettraffic
 
33
#mdstat=
33
34
 
34
35
#       Network menu
35
 
zoneconf.cgi=configuration/network/zoneconf
36
 
dns.cgi=configuration/network/dns-server
37
 
proxy.cgi=configuration/network/proxy
38
 
urlfilter.cgi=configuration/network/proxy/url-filter
39
 
updatexlrator.cgi=configuration/network/proxy/update_accelerator
40
 
dhcp.cgi=configuration/network/dhcp
41
 
captive.cgi=configuration/network/captive
42
 
connscheduler.cgi=configuration/network/connectionscheduler
43
 
hosts.cgi=configuration/network/hosts
44
 
dnsforward.cgi=configuration/network/dnsforward
45
 
routing.cgi=configuration/network/static
46
 
mac.cgi=configuration/network/mac-address
47
 
wakeonlan.cgi=configuration/network/wake-on-lan
 
36
zoneconf=configuration/network/zoneconf
 
37
dns=dns
 
38
proxy=configuration/network/proxy
 
39
urlfilter=configuration/network/proxy/url-filter
 
40
#updatexlrator=configuration/network/proxy/update_accelerator
 
41
dhcp=configuration/network/dhcp
 
42
captive=configuration/network/captive
 
43
connscheduler=configuration/network/connectionscheduler
 
44
hosts=configuration/network/hosts
 
45
dnsforward=configuration/network/dnsforward
 
46
routing=configuration/network/static
 
47
mac=configuration/network/mac-address
 
48
wakeonlan=configuration/network/wake-on-lan
48
49
 
49
50
#       Services menu
50
 
vpnmain.cgi=configuration/services/ipsec
51
 
ovpnmain.cgi=configuration/services/openvpn
52
 
ddns.cgi=configuration/services/dyndns
53
 
time.cgi=configuration/services/ntp
54
 
qos.cgi=configuration/services/qos
55
 
guardian.cgi=addons/guardian
56
 
extrahd.cgi=configuration/services/extrahd
 
51
vpnmain=configuration/services/ipsec
 
52
ovpnmain=configuration/services/openvpn
 
53
ddns=configuration/services/dyndns
 
54
time=configuration/services/ntp
 
55
qos=configuration/services/qos
 
56
guardian=addons/guardian
 
57
extrahd=configuration/services/extrahd
57
58
 
58
59
#       Firewall menu
59
 
firewall.cgi=configuration/firewall
60
 
fwhosts.cgi=configuration/firewall/fwgroups
61
 
optionsfw.cgi=configuration/firewall/options
62
 
ids.cgi=configuration/firewall/ips
63
 
ipblocklist.cgi=configuration/firewall/ipblocklist
64
 
location-block.cgi=configuration/firewall/geoip-block
65
 
wireless.cgi=configuration/firewall/accesstoblue
66
 
iptables.cgi=configuration/firewall/iptables
 
60
firewall=configuration/firewall
 
61
fwhosts=configuration/firewall/fwgroups
 
62
optionsfw=configuration/firewall/options
 
63
ids=configuration/firewall/ips
 
64
location-block=configuration/firewall/geoip-block
 
65
wireless=configuration/firewall/accesstoblue
 
66
iptables=configuration/firewall/iptables
67
67
 
68
68
#       IPfire menu
69
 
pakfire.cgi=configuration/ipfire/pakfire
70
 
wlanap.cgi=addons/wireless
71
 
tor.cgi=addons/tor
72
 
mpfire.cgi=addons/mpfire
73
 
samba.cgi=addons/samba
 
69
pakfire=configuration/ipfire/pakfire
 
70
wlanap=addons/wireless
 
71
tor=addons/tor
 
72
mpfire=addons/mpfire
 
73
samba=addons/samba
74
74
 
75
75
#       Logs menu
76
 
logs.cgi/summary.dat=configuration/logs/summary
77
 
logs.cgi/config.dat=configuration/logs/logsettings
78
 
logs.cgi/proxylog.dat=configuration/logs/proxy
79
 
logs.cgi/calamaris.dat=configuration/logs/proxyreports
80
 
accounting.cgi=addons/accounting
81
 
logs.cgi/firewalllog.dat=configuration/logs/firewall
82
 
logs.cgi/firewalllogip.dat=configuration/logs/firewall-ip
83
 
logs.cgi/firewalllogport.dat=configuration/logs/firewall-port
84
 
logs.cgi/firewalllogcountry.dat=configuration/logs/firewall-country
85
 
logs.cgi/ids.dat=configuration/logs/ips
86
 
logs.cgi/ipblocklists.dat=configuration/firewall/ipblocklist
87
 
logs.cgi/ovpnclients.dat=configuration/logs/ovpnrw
88
 
logs.cgi/urlfilter.dat=configuration/logs/url-filter
89
 
logs.cgi/log.dat=configuration/logs/system
 
76
summary=configuration/logs/summary
 
77
config=configuration/logs/logsettings
 
78
proxylog=configuration/logs/proxy
 
79
calamaris=configuration/logs/proxyreports
 
80
accounting=addons/squid-accounting
 
81
firewalllog=configuration/logs/firewall
 
82
firewalllogip=configuration/logs/firewall-ip
 
83
firewalllogport=configuration/logs/firewall-port
 
84
firewalllogcountry=configuration/logs/firewall-country
 
85
ids=configuration/logs/ips
 
86
#ovpnclients=
 
87
urlfilter=configuration/logs/url-filter
 
88
log=configuration/logs/system