lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,240 Commits 1 Branch 0 Tags
Commit Graph

11240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ad Schellevis
2d7f9cae2d Syslog, use fqdn when sending messages. closes https://github.com/opnsense/core/issues/3622 2019-08-02 15:43:14 +02:00
Franco Fichtner
de2b965304 firmware: small tweaks 2019-08-02 12:29:46 +02:00
Ad Schellevis
a91babfcba Gateways, for automatic outbound nat rules exclude gateways which are not configured on the interface and are not dynamic. mimic pre 19.7 behaviour 2019-08-02 11:59:11 +02:00
Ad Schellevis
a6264e5062 Gateways, since we return empty gateways for dynamic ipv6 entries, we should also permit those as default gateway. could be https://github.com/opnsense/core/issues/3604 2019-08-02 10:25:25 +02:00
Franco Fichtner
3b865f337f src: style and whitespace sweep 2019-08-02 09:58:37 +02:00
Ad Schellevis
eb4975e297 Gateways, fix footer in previous 2019-08-02 09:13:30 +02:00
Ad Schellevis
704dc96cf2 Gateway overview, show Protocol, priority and upstream setting to ease debugging. 2019-08-02 09:08:55 +02:00
johnaheadley
2b2ae7a310 To fix: OpenVPN server wizard always asks to create a new CA (#3614) 2019-08-02 08:52:53 +02:00
Ad Schellevis
732b5ff4c8 Gateways, IPv6. dynamic gateways without a valid address should have been added to the list, empty($thisconf['dynamic']) doesn't exist in this scope, hence we replace this with the proper ipv6 check. 
This unhides ipv6 gateways which didn't receive an address via rtsold
 2019-08-01 20:46:50 +02:00
Ad Schellevis
6836a9caf0 Revert "Gateways, IPv6. dynamic gateways without a valid address should have been added to the list, empty($thisconf['dynamic']) doesn't exist in this scope." 
This reverts commit f8bd7102c4ae8db03b2732365e2f987a98490e8f.
 2019-08-01 20:19:37 +02:00
Ad Schellevis
f8bd7102c4 Gateways, IPv6. dynamic gateways without a valid address should have been added to the list, empty($thisconf['dynamic']) doesn't exist in this scope. 
This unhides ipv6 gateways which didn't receive an address via rtsold
 2019-08-01 20:10:59 +02:00
Ad Schellevis
7edd851e20 Firewall overview, minor alignment fix. closes https://github.com/opnsense/core/issues/3619 2019-08-01 11:09:14 +02:00
Ad Schellevis
01c16b0a86
Firewall, allow quick and direction on interface rules, closes https://github.com/opnsense/core/issues/3594 
Currently the direction of the traffic can only be chosen in floating rules, but in some scenario's it's much easier to create outbound rules (only inbound is supported now).

When using a lot of interfaces, which should all be allowed to access devices on one specific interface, this would save quite some rules and is easier to track for the administrator.

This feature adds direction as on option and while already changing these pages, also allow to create "non quick" rules on interfaces.
Functionally the "regular" rules would be more aligned with the "floating" rules as we have now, with the exception that you can't add multiple interfaces in a normal rule due to the inability to reorder a single rule in multiple rulesets (rules are positional).

Policy based routing on outbound rules is not supported on the interface rules for now, since it would probably lead to confusion.
The old configuration defaults still apply, when writing an entry, both quick and direction are saved as well (default quick + in).
 2019-08-01 09:37:24 +02:00
Ad Schellevis
3869848760 add mirror (Cloudfence, Brazil) 2019-08-01 08:54:16 +02:00
Ad Schellevis
387d41d768 Syslog, missing <PRI> in legacy output, leading to extensive logging. closes https://github.com/opnsense/core/issues/3616 2019-07-31 11:11:00 +02:00
Ad Schellevis
cb786592df Firewall, in some cases DHCPv6 server rules are generated without an active server or relay configured. closes https://github.com/opnsense/core/issues/3591 2019-07-30 18:33:35 +02:00
Ad Schellevis
e4b5133cdd Captive portal, python 3 issue, trying to read script as binary. for https://github.com/opnsense/core/issues/3612 2019-07-30 17:00:37 +02:00
Ad Schellevis
534f3c870e Filter, rule overview, show automatic rules targetting all interfaces in Floating section (slightly related to https://github.com/opnsense/core/issues/3594) 2019-07-30 14:04:19 +02:00
Ad Schellevis
f8d5c01a6f Filter, automatic rules. "let out anything from firewall host itself (force gw)" not visible, since its not bound to the interface. Although we might want to show all rules without interface as well, the gateway rule belongs to the interface as the interface address is used as from address 2019-07-30 11:57:47 +02:00
Ad Schellevis
521b740338 mvc, opnsense_ui.js fix initFormAdvancedUI() on initial load (duplicating <tr data-advanced='hidden_row'></tr> tags) 2019-07-30 10:46:03 +02:00
jayantsahtoe
5866de72c9 Update dhcpd.inc (#3610) 
DHCP-relay service will fail with the following error if DHCP server IP is know in static route:

dhcrelay: Can't attach interface {ifname} to bpf device /dev/bpf0: Device not configured

This is the only place where get_real_interface( ) isn't used
 2019-07-29 16:11:04 +02:00
Ad Schellevis
440f957e5c
Captive portal: optimise ipfw rule parsing. for https://github.com/opnsense/core/issues/3559 (#3608) 
Our current generated ruleset creates two count rules to match incoming and outgoing traffic to and from the client for accounting purposes. Since ipfw doesn't support table stats, the options are limited to know the amount of traffic processed and last accessed times.

This patch basically replaces the accounting section with seperate blocks, which are jumped to using the exising table (which contains address + rulenumber now), logically this would lower the time needed to parse the accounting section (since only the count rules for the specif ip's are evaulated now).

In terms of ruleset, this will generate 3 rules per address (count from, count to and jump to end of ruleset), like:

```
30001   342    27744 count ip from xxx.xxx.xxx.xxx to any
30001  1194   225783 count ip from any to xxx.xxx.xxx.xxx
30001  1536   253527 skipto 60000 ip from any to any       [ <--- NEW ]
```

Since we need the address to collect rules, we can't simply this count to one rule (IPFW.list_accounting_info() parses the address from the ruleset).

Our per zone "skipto" section, uses a tablearg in stead of static rule number now:

```
03001  2362   386004 skipto tablearg ip from table(1) to any via em2
03001  5701  4761746 skipto tablearg ip from any to table(1) via em2
```
 2019-07-29 09:10:01 +02:00
Ad Schellevis
7a5a573288 IDS/IPS: rule-updater. When there's nothing to download, required (extra) files where removed on update, while here, also make sure that required files are also downloaded when not on disk yet. 
ETPro Telemetry uses this to collect its own sids, so we only communicate communicate about alerts actually in this specific set.
 2019-07-26 21:36:42 +02:00
Ad Schellevis
43c591c0a9 mirror (Aivian) not active anymore 2019-07-26 21:14:58 +02:00
Ad Schellevis
f5c2f7760b list_arp.py oops, forgot the hostname clause. for https://github.com/opnsense/core/issues/3595 2019-07-26 21:08:46 +02:00
Ad Schellevis
35849fdc30 Filter, although it shouldn't be possible to write newlines in a description, we better make sure they can't be flushed to disk. 2019-07-26 15:02:52 +02:00
Ad Schellevis
8d22e9f0af firewall, nat. no need to substr() filter descriptions. closes https://github.com/opnsense/core/pull/3600 2019-07-26 14:52:17 +02:00
Ad Schellevis
c94c09e92c System->Settings->General:DNS gateway, remove disfunctional fuzzy logic and just save the correct gateway content. Since we always redirect after POST, there's absolutely no need to prepare $pconfig. closes https://github.com/opnsense/core/issues/3599 2019-07-26 12:06:08 +02:00
Ad Schellevis
eb0e73607e use shared dhcpd lease reader in list_arp.py, closes https://github.com/opnsense/core/issues/3595 2019-07-26 11:34:02 +02:00
Ad Schellevis
d81d6a7a31 Firewall, source nat, should only show usable addresses in outbound rules. closes https://github.com/opnsense/core/issues/3596 2019-07-25 12:51:06 +02:00
Ad Schellevis
3a0b9e1620 arp list, first dhcp lease missing in list_arp.py, closes https://github.com/opnsense/core/issues/3595 2019-07-25 08:30:16 +02:00
Ad Schellevis
9a4be6f2e3 python3: replace subprocess.call in src/opnsense/scripts/system/* for https://github.com/opnsense/core/issues/3574 2019-07-23 18:43:35 +02:00
Ad Schellevis
cf3b447275 python3: replace subprocess.call in src/opnsense/scripts/netflow/* for https://github.com/opnsense/core/issues/3574 2019-07-23 18:40:14 +02:00
Ad Schellevis
3ef43db376 python3: replace subprocess.call in src/opnsense/scripts/routes/show_routes.py for https://github.com/opnsense/core/issues/3574 2019-07-23 18:30:54 +02:00
Ad Schellevis
117e64bd2f python3: replace subprocess.call in src/opnsense/scripts/unbound/wrapper.py for https://github.com/opnsense/core/issues/3574 2019-07-23 18:24:25 +02:00
Ad Schellevis
c0a2f87471 python3: replace subprocess.call in src/opnsense/scripts/ipsec/* for https://github.com/opnsense/core/issues/3574 2019-07-23 18:18:29 +02:00
Ad Schellevis
83cfd4d13c python3: replace subprocess.call in src/opnsense/scripts/systemhealth/* for https://github.com/opnsense/core/issues/3574 2019-07-23 18:14:17 +02:00
Ad Schellevis
e8bc2cf7e3 python3: replace subprocess.* in src/opnsense/scripts/OPNsense/CaptivePortal/* for https://github.com/opnsense/core/issues/3574 2019-07-23 18:08:39 +02:00
Ad Schellevis
867856733b python3: replace subprocess.call in src/opnsense/scripts/filter/* for https://github.com/opnsense/core/issues/3574 2019-07-23 16:32:17 +02:00
Ad Schellevis
2f69282b28 python3: replace subprocess.call in src/opnsense/scripts/interfaces/* for https://github.com/opnsense/core/issues/3574 2019-07-23 16:29:51 +02:00
Ad Schellevis
d241a64138 status_interfaces.php align output more to actual ifconfig results: 
* add additional virtual addresses
* add netmask on link-local
* remove seperate netmask row, add to address where it belongs
* add mtu value when set
* add carp attributes (status, vhid, advbase, advskew)
 2019-07-23 12:06:16 +02:00
Ad Schellevis
25728c5daa interfaces.lib.inc, fix and extend carp output in legacy_interfaces_details(), so we can use the proper values in status_interfaces.php 2019-07-23 11:48:17 +02:00
Ad Schellevis
32268f0530 Syslog-NG, fix search stats 2019-07-22 16:52:49 +02:00
Franco Fichtner
d6f3c1a7a8 src: style sweep 2019-07-22 16:28:20 +02:00
Ad Schellevis
398e00c0bc Syslog, fix some typos preventing proper stop/start/restart. 2019-07-22 16:25:55 +02:00
Ad Schellevis
f56cc1b92f Filter: livelog, skip illegal log lines 2019-07-22 14:05:25 +02:00
Ad Schellevis
64858b5c58 IPsec, ditch globals from legacy include causes strange behaviour on bootup, closes https://github.com/opnsense/core/issues/3582 2019-07-22 13:27:34 +02:00
Ad Schellevis
d48cfed48c RADVD, reallocate advanced option to the correct config section. for https://github.com/opnsense/core/issues/3589 2019-07-22 09:36:55 +02:00
Ad Schellevis
9287b5588e Insight, missed a line in fabaef0a43 for https://github.com/opnsense/core/issues/3587 2019-07-22 09:14:54 +02:00
Ad Schellevis
6b1f3e60b9 Insight, increase wait time between parses. ref https://github.com/opnsense/core/issues/3587 
previously we always waited 15 seconds between cycles, now we calculcate the time to wait with the time spend for the previous cycle.
 2019-07-19 18:18:11 +02:00