Type "s" for security audit, or "h" for health audit.
We don't add it to the option prompt to not clutter the menu flow.
This is mostly for debug and development purposes.
We need the matching mirror version for the plugins to install so
simply block the update and let the user update first (instead of
only checking for updates and then installing later versions of
plugins).
This was a larger problem in past years but it is good practice to
require an up-to-date system anyway.
I see no easy way to untangle this for now. At least make sure
the user is asked for the defaults to be restored making this
a little better than before.
some people seem to miss the numbers, since the top host graph uses the same information over time, it wouldn't hurt to add a tab containting the raw numbers for the selected interfaces.
The current version doesn't limit the number of results, we might need to add a limit at some point in time, depending on how many results iftop samples.
general remarks:
o total amount of traffic is not being displayed, although we could count the "cumulative" from iftop, the numbers would always be flawed (since sampled with an interval)
o no reverse lookups, maybe for a future version, let's first see if this helps.
o hosts not seen for 120 seconds will automatically be removed from the list (fixed ttl)
o feedback matched policy so we can easily find affective choice in the rule tab
o remove installed_action, installed_status since these values aren't valid anymore
o while here, set <pre/> tag width to a maximum to avoid overflow in alert page
Since values need to be persisted in order to return on query requests, single rule edits can lead to a bit odd behaviour (not toggling until after apply), since modifications are advised to be performed using policies, we will keep this for now.
(the alternative is to hook apply after these changes, which also isn't a great solution)
When investigating log files it's often practical to see the context of a message after searching for it. This feature offers the ability to go to the page in question by clicking on a filtered result.
With this commit policies functionally work, but there's still some refactoring todo.
o migrate download filters to a policy
o remove download filter option
o point to policies in the download section
o (maybe) move single rule overwrites to policies as well.
o in order for this to work properly we need to change when a config backup is made, previously we performed a backup before the fact, now we backup afterwards. which means the top level always represents the current change (and can thus be signaled to an event handler). After upgrade one might lose a single backup file due to this change, but that should be a small price to pay for progress.
o config backup count was defined incorrect (60 instead of 100 according to the gui)
o the syslog-ng event structure is using the existing configd handler and filters relevant events within a small time frame (which prevents flooding configd)
Since the event is loosely coupled, the risk for releasing this into an existing environment should be rather low.
For https://github.com/opnsense/core/issues/4388
sponsored by : Modirum (https://www.modirum.com/)
o move all templates into one standard ini file containing all required info for the blacklists
o add syslog output (in unbound log view) about processing and error handling
o validate "whitelist" regexp entries before usage
o lock process while performing download task
o don't try to download in parallel, the gain is relatively small and adds complexity.
o remove last unboundplus action, migrate cron jobs if they exist
o refactor data collection action, use interface unique names (lan, wan, opt1, ...)
o reduce data fetch calls, update both graphs in the same poll
o hook in color labels from chartjs-plugin-colorschemes.js
