3c817b7080
Foundation für Live-Log + Firewall-History (Logsystem Phase 1): - nft-Renderer: `log prefix "edgeguard:<rule-id>" group 0` für Rules mit log=true. Ohne `group` schrieb nft in kernel-log (dmesg), nie in netlink → ulogd2 sah nichts. - ulogd2 + ulogd2-json als Depends, postinst legt /etc/ulogd.conf (NFLOG group 0 → /var/log/edgeguard/firewall.jsonl) + logrotate- Profil (14d, daily, copytruncate) + enable/restart ulogd2.service. - /var/log/edgeguard/ ist root:edgeguard 0640 — ulogd2 schreibt (root), edgeguard-api liest (UI-Endpoints kommen in Phase 2). End-to-End smoke-test bestätigt: ICMP echo → JSON-Line mit allen Feldern (src_ip, dest_ip, oob.prefix, oob.in, icmp.*) in ~30ms. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
20 lines
974 B
Plaintext
20 lines
974 B
Plaintext
Package: edgeguard-api
|
|
Version: __VERSION__
|
|
Architecture: __ARCH__
|
|
Maintainer: NetCell IT <support@netcell-it.de>
|
|
Homepage: https://edgeguard.netcell-it.de
|
|
Description: EdgeGuard — native Reverse-Proxy / LB / Forward-Proxy / VPN / Firewall
|
|
EdgeGuard is a native Debian/Ubuntu edge gateway combining HAProxy
|
|
(TLS termination + L7 routing + LB), Squid, WireGuard, Unbound and
|
|
nftables, configured from a PostgreSQL single-source-of-truth via
|
|
a Go management API.
|
|
Deployable as a cluster of symmetric peers (KeyDB Active-Active +
|
|
PG Streaming Replication + provider Floating-IP for HTTP ingress).
|
|
.
|
|
This package ships the management API, scheduler and CLI.
|
|
Depends: postgresql-16 | postgresql-17, haproxy (>= 2.8), squid, wireguard-tools, unbound, chrony, nftables, certbot, openssl, sudo, adduser, systemd, ca-certificates, ulogd2, ulogd2-json
|
|
Recommends: edgeguard-keydb (>= 6.3.4-edgeguard1), apparmor, fail2ban
|
|
Section: admin
|
|
Priority: optional
|
|
Installed-Size: 0
|