lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,863 Commits 1 Branch 0 Tags
Commit Graph

8863 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ad Schellevis
26ee607a31 Traffic shaper, add enabled flag to rules, closes https://github.com/opnsense/core/issues/2426 2018-05-27 11:43:46 +02:00
Robin Schneider
3c73da4d46 Help debugging of Traffic Shaping by generating ipfw comments in rules (#2425) 
`ipfw show`:

```
60004  50573  69792852 queue 10000 ip from not 192.168.23.0/24 to any xmit lagg0_vlan2342 recv em0 // wan -> lan: down,75 weight
60005  29657   3088201 queue 10003 ip from any to not 192.168.23.0/24 recv lagg0_vlan2342 xmit em0 // lan -> wan: up,75 weight
```
 2018-05-27 11:12:46 +02:00
Franco Fichtner
ac50d3e203 rc: modify the shell even more 2018-05-26 22:28:09 +02:00
Franco Fichtner
15ec336b0f rc: parse '-c', it's passed to the shell by sudo 
The funny thing is su -m foobar -c "sh -c '$cmd'" could be as
short as su -m foobar -s /bin/sh -c "$cmd" but why bother selecting
a shell when you need to rely on a proper root shell to be set?
 2018-05-26 08:51:05 +00:00
Ad Schellevis
435859a418 missed a small spot for https://github.com/opnsense/core/issues/2348 , it doesn't make sense to remove a non existing file 2018-05-25 17:20:33 +02:00
Ad Schellevis
9d35f17198 openvpn, client specific overrides on --client-connect, it seems that OpenVPN passes the filename for the csc on client-connect in stead of using the default location, should fix https://github.com/opnsense/core/issues/2348 2018-05-25 17:17:16 +02:00
Ad Schellevis
66fb7d64b7 NetworkField add AddressFamily option (ipv4, ipv6 or empty) 2018-05-25 15:34:30 +02:00
Franco Fichtner
e35ba6aad8 auth: deconstruct password to pass it to checks; closes #2390 2018-05-25 12:52:00 +00:00
Franco Fichtner
fcd4ed3883 auth: typo and doc 2018-05-25 10:02:27 +02:00
Franco Fichtner
ecc15a7680 src: undo change to edge case in Local TOTP #2390 
TOTP modifies password, we can't use verbatim length checks.

Spotted by: @adschellevis
 2018-05-25 09:49:31 +02:00
Franco Fichtner
77ed8e6906 interfaces: yes, we need this for now 2018-05-25 09:48:54 +02:00
Ad Schellevis
961875d7cd lighttpd / harden ciphers, align to https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=lighttpd-1.4.37&openssl=1.0.1e&hsts=yes&profile=modern closes https://github.com/opnsense/core/issues/1722 2018-05-25 09:40:39 +02:00
Franco Fichtner
de7e37aa17 interfaces: trust the GUI to do its job 
There is still a weird interaction between this code and
get_real_interface as they both react to dhcp6usev4iface,
but now this is more obvious and could help with refactors
later on.

The upside is that we do not have to adjust this for another
IPv6 type that will gain IPv4 latch capability in the future.
 2018-05-25 07:58:36 +02:00
Franco Fichtner
62631e9bf5 src: whitespace sweep 2018-05-25 07:19:48 +02:00
Franco Fichtner
64e2c610cc system: local security policy tweaks; closes #2390 2018-05-24 20:10:36 +00:00
Franco Fichtner
aa4da63f95 interfaces: add remote-safe reload; closes #1642 
Demote the current actions to non-primary actions as they
are local and selective.
 2018-05-24 19:50:21 +00:00
Franco Fichtner
af38260b84 interfaces: put these back for now 2018-05-24 21:29:59 +02:00
Franco Fichtner
727f521940 interfaces: since a while dhcp6usev4iface works on stativ6 and slaac 2018-05-24 19:03:37 +00:00
Max Orelus
d1f2ca8649 dynamic urls regardless if you have a trailing slash or not (#2420) 2018-05-24 07:59:44 +02:00
Franco Fichtner
076eb9ffe9 wizard: add element IDs for javascript; closes #2186 2018-05-23 20:16:46 +00:00
Max Orelus
7ec0841294 feature: Top level menu item link pivots + security improvements (#2417) 
* feature: Top level menu item link pivots + improved security posture for external links
* updated legacy code security posture for external links
* Added parent level menu item pivot feature enhancement to legacy code
 2018-05-22 17:49:43 +02:00
Franco Fichtner
e4370ef46a interfaces: partially revert rework, looking for regression 2018-05-22 09:57:36 +00:00
Franco Fichtner
b77b3a5782 interfaces: flip arguments of interface_configure() 2018-05-22 08:42:52 +02:00
Franco Fichtner
eb1e3966e5 interfaces: never reload from batch reconfigure; remove side effect form track6 2018-05-22 08:32:02 +02:00
Franco Fichtner
fe85777541 interfaces: meant to do this then 2018-05-22 08:13:11 +02:00
Franco Fichtner
6c64a0f53a interfaces: back to where it was, glitch fixed elsewhere 2018-05-22 08:09:20 +02:00
Franco Fichtner
f3caafbe04 interfaces: clean up reload structure for single interfaces 2018-05-22 08:03:18 +02:00
Franco Fichtner
0abc31dcad services: for full consistency 2018-05-22 07:47:08 +02:00
Franco Fichtner
32aad857a8 interfaces: unwind inverted call stack, interfaces_configure() can do less 2018-05-22 07:37:02 +02:00
Franco Fichtner
66bd3db022 rc: fix syntax 2018-05-22 07:23:02 +02:00
Franco Fichtner
145ff37678 rc: remove unused script 2018-05-22 07:16:41 +02:00
Franco Fichtner
3c38c26440 rc: reload filter as well in previous 2018-05-22 07:12:27 +02:00
Franco Fichtner
046eaa80d1 rc: missing local reload spot 2018-05-21 18:45:52 +02:00
Franco Fichtner
b3f8477d27 interfaces: consolidate reload behaviour 
PR: https://github.com/opnsense/core/pull/2337
 2018-05-21 18:19:47 +02:00
Franco Fichtner
8b0f702cd5 interfaces: pass reload flag instead of guessing 
PR: https://github.com/opnsense/core/pull/2337
 2018-05-21 18:02:41 +02:00
Franco Fichtner
d15d3b9080 interfaces: zap unused gobal $config invokes 
Incremental cleanups over the years seem to pay off.  :)
 2018-05-21 17:54:08 +02:00
Franco Fichtner
904b0598a4 openssh: do not mask stop return value 2018-05-21 13:06:44 +02:00
Franco Fichtner
9a23b66065 system: fixup previous 2018-05-21 10:57:01 +00:00
Franco Fichtner
c2160d727e intrusion detection: remote syslog and associated cleanups; closes #2349 2018-05-21 10:54:48 +00:00
Franco Fichtner
062ad3f82c intrusion detection: optional fast log to syslog 
Change syslog to be always on but use the syslog checkbox
to decide whether alert logging is forwarded or not.

Discussed with: @adschellevis
 2018-05-21 10:18:50 +00:00
Franco Fichtner
9f9e54e815 interfaces: tracking again, naming and check for track6 marker 2018-05-21 11:28:48 +02:00
Ad Schellevis
4cbc8e1dd1 python, improve performance of reverse_log_reader() by avoiding string copies while parsing. Tried the new method using a 50MB suricata log file, which was parsed about 30% quicker then using the previous version. 2018-05-20 18:45:13 +02:00
Franco Fichtner
901551fe5c interfaces: in track6, wancfg is lancfg; cleanups 
Make it easier to read the code and remove unused bits
and doubled validation.  The track6 functions are internal
and could potentially be inlined as well, but some of them
are a bit heavy.
 2018-05-20 12:52:31 +02:00
Franco Fichtner
0c1c48bf8b interfaces: reconfigure interfaces tracking SLAAC WAN #2394 2018-05-20 12:37:39 +02:00
Franco Fichtner
1cde6c33b4 interfaces: fix typo in comment 2018-05-20 12:22:47 +02:00
Franco Fichtner
456fb9ab75 interfaces: style update 2018-05-20 12:21:36 +02:00
Franco Fichtner
fd94b3affd interfaces: simplify semantics of link_interface_to_track6() 2018-05-20 12:16:37 +02:00
Franco Fichtner
b357788c1a man: annotate arguemnt `disk' 2018-05-20 11:42:14 +02:00
Franco Fichtner
57148f483a rc: remove unused variable 2018-05-20 09:11:24 +00:00
Franco Fichtner
9572345477 firewall: reset states on IPv4 change; closes #2414 2018-05-20 09:08:36 +00:00