- Increase the reporting interval for 12 & 24 hours to 10 minutes.
- Always display a list for the top (blocked) domains
- Remove block/whitelist buttons when blocklists are disabled
This include the ability to whitelist it from the same page as well. Relevant to both
the top passed/blocked domains, as well as the detailed query grid.
blocklists.py has been modified in such a way that it will detect whether it needs to
start the download process or simply administrate locally. The latter currently only happens
when custom domains for blocking have been added/removed by a user. The reasoning is
that we can easily extend/shrink the current blocklist when it comes to blocking exact
domains as this is handled on the incoming side. However, while we can modify the current
list to accomodate a new whitelist entry (which can be regex), we (currently) cannot know which domains
were skipped in the process of retrieving them in the first place if a user explicitly removes
a whitelist entry. Therefore we decide to re-run the download on a whitelist action.
furthermore, the updateBlocklistAction in the controller administrates how the model is updated
(e.g. when a blocked item is whitelisted, it should be removed from the blocklist model entry and
added to the whitelist)
In the future we could optimize the whole process by checking if a remote file has changed in
date or size.
o add grid and form for manual spd items, showing legacy items as well
o extend spd/sad controllers to show MVC descriptions when known
Todo:
o add configd template to write manual spd items to
o add script for ipsec which acts as an up/down event handler to register spd's when defined
o extend swanctl.conf to feed updown script
Although the page does correctly validate the existence of the target field (when nordr is not set) and it's not possible to change the <nat><rule> section from an API call,
it doesn't hurt to revalidate in a similar way as we do for invalid targets.
In case one does screw up the config (most likely due to manual config modifications or a missing validation), pf luckily always reverts to the existing states leaving the firewall as it was before applying the change.
closes https://github.com/opnsense/core/issues/6208
The OS fingerprints are no longer maintained so reduce user
exposure and keep the feature active for the time being.
It might make sense to remove it at a later point in time if
it continues to be abandoned.
