lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,803 Commits 1 Branch 0 Tags
Commit Graph

13552 Commits

Author SHA1 Message Date
Stephan de Wit
329d94de23 Unbound: Logger: remove unused argument 2023-01-10 10:02:37 +01:00
Franco Fichtner
36c6b35314 plugins: avoid spurious updates due to OpenVPN group setup 2023-01-10 09:46:21 +01:00
Stephan de Wit
8a1215aeee Reporting: Unbound DNS: include resolved hostnames in detailed grid as well 2023-01-09 12:42:21 +01:00
Franco Fichtner
a6c4113508 system: syslog.LOG_DEAMON is a facility 
Might have unintentional side effecs but bitmask use with wrong
numeric value is dangerous as well.

See: https://docs.python.org/3/library/syslog.html
 2023-01-09 12:22:45 +01:00
Stephan de Wit
0c0380295a Unbound: redirect logger errors to syslog 2023-01-09 12:17:05 +01:00
Stephan de Wit
0d9c4fa625 Unbound: use daemon -f instead of nohup 2023-01-09 11:57:02 +01:00
Stephan de Wit
78e575b53f Unbound: catch socket.herror as well, make sure to catch bidirectional changes 
in reverse DNS results
 2023-01-09 11:44:07 +01:00
Stephan de Wit
5a3765a0c1 Reporting: Unbound DNS: resolve hostnames for clients 2023-01-09 11:12:13 +01:00
Stephan de Wit
0474d2558f unbound: nohup and background logger instead of daemonizing it 2023-01-09 11:08:26 +01:00
Franco Fichtner
49c74024a7 system: repair regex for FreeBSD 13 #6234 2023-01-09 09:41:44 +01:00
Franco Fichtner
7a6a102913 ipsec: fix permission 2023-01-06 15:04:01 +01:00
Stephan de Wit
6ca0e5b58f Reporting: Settings: restructure to keep each setting category in a single table 2023-01-04 10:42:58 +01:00
Ad Schellevis
14f3a741dd Lobby/Dashboard - show size of ZFS ARC (Adaptive Replacement Cache) in memory usage at system information widget. 
Although arc should keep enough memory free for normal operation, people can always tune the defaults as explained in https://docs.freebsd.org/en/books/handbook/zfs/#zfs-advanced , knowing the current amount helps tuning decisions.
 2023-01-03 16:23:03 +01:00
Stephan de Wit
4a5406424f Reporting: Unbound DNS: Tweak UI and usability improvements 
- Increase the reporting interval for 12 & 24 hours to 10 minutes.
- Always display a list for the top (blocked) domains
- Remove block/whitelist buttons when blocklists are disabled
 2023-01-03 13:47:37 +01:00
Ad Schellevis
c3f4183171 Reporting: Unbound DNS - minor adjustments [2] 2023-01-03 10:36:13 +01:00
Ad Schellevis
4c89da2fa5 Reporting: Unbound DNS - minor adjustments 
o select "Overview" tab by default
o start with empty graphs and load next, smoothens page load a bit.
 2023-01-02 21:49:12 +01:00
Ad Schellevis
720ffdc561 Interfaces: Diagnostics: Packet Capture - support mac addresses in "Host Address" field. closes https://github.com/opnsense/core/issues/6159 2023-01-02 17:46:38 +01:00
Stephan de Wit
e5d6acd2eb
Unbound / Blocklists: add exact domain blocking and integrate into overview page (#6205) 
This include the ability to whitelist it from the same page as well. Relevant to both
the top passed/blocked domains, as well as the detailed query grid.

blocklists.py has been modified in such a way that it will detect whether it needs to
start the download process or simply administrate locally. The latter currently only happens
when custom domains for blocking have been added/removed by a user. The reasoning is
that we can easily extend/shrink the current blocklist when it comes to blocking exact
domains as this is handled on the incoming side. However, while we can modify the current
list to accomodate a new whitelist entry (which can be regex), we (currently) cannot know which domains
were skipped in the process of retrieving them in the first place if a user explicitly removes
a whitelist entry. Therefore we decide to re-run the download on a whitelist action.

furthermore, the updateBlocklistAction in the controller administrates how the model is updated
(e.g. when a blocked item is whitelisted, it should be removed from the blocklist model entry and
added to the whitelist)

In the future we could optimize the whole process by checking if a remote file has changed in
date or size.
 2023-01-02 14:06:53 +01:00
Ad Schellevis
7723ccaf86 VPN/IPsec - send up/down events to charon syslog 2022-12-29 10:10:29 +01:00
Ad Schellevis
67f220c4d0 VPN/IPsec - regression in previous commit (event handler, detection of automatic rules) 2022-12-29 08:55:06 +01:00
Ad Schellevis
759dd48aed VPN/IPsec - add event handler for manual spd entries if reqid is set. 2022-12-28 22:09:46 +01:00
spoutin
ed7afdb77d
Monit starttimeout (#6213) 2022-12-27 17:28:21 +01:00
Ad Schellevis
a9f4b4b520 Firewall: Rules: Floating - show automated "port 0" rule as port "0". closes https://github.com/opnsense/core/issues/6215 2022-12-27 09:11:41 +01:00
Ad Schellevis
bdab4f6970 VPN/IPsec - work in progress manual SPD items needed for NAT before IPsec. 
o add grid and form for manual spd items, showing legacy items as well
o extend spd/sad controllers to show MVC descriptions when known

Todo:

o add configd template to write manual spd items to
o add script for ipsec which acts as an up/down event handler to register spd's when defined
o extend swanctl.conf to feed updown script
 2022-12-26 15:03:50 +01:00
Ad Schellevis
58759bd1ab shaper - minor coverity fixes: 
1527330 Bad use of null-like value in __init__.py
1527326 Bad use of null-like value in __init__.py
1527315 Bad use of null-like value in __init__.py
 2022-12-23 14:29:55 +01:00
Ad Schellevis
5cab5ca695 configd - minor coverity fixes: 
1527332 Bad use of null like value in processhandler.py
1527329 Bad use of null-like value in template.py
 2022-12-23 14:11:53 +01:00
Stephan de Wit
d7be43f913 unbound / dnsbl_module.py: safeguard retrieval of blocklist shortcode 2022-12-23 09:16:03 +01:00
Ad Schellevis
5e92018580 VPN/IPsec - connections, add missing service control update after apply 2022-12-22 17:41:54 +01:00
Ad Schellevis
fe65dded8d VPN/IPsec - add enable toggle to connection page 2022-12-22 17:38:19 +01:00
Ad Schellevis
ec06c3cc49 VPN/IPsec - reload configd action missing 2022-12-22 17:18:28 +01:00
Ad Schellevis
a7f36c72d8 VPN/IPsec/Connections - make sure to only flush parent items (connections, pools) to swanctl. If a connection is disabled, it might leave children around otherwise 2022-12-22 15:47:34 +01:00
Ad Schellevis
0e91b58bd3 Firewall: Diagnostics: Sessions - minor cleanip, state id doesn't exist on pftop 2022-12-22 11:30:00 +01:00
Ad Schellevis
f95ddbc695 Firewall: NAT: Port Forward - invalidate rdr entry when no target is specified. 
Although the page does correctly validate the existence of the target field (when nordr is not set) and it's not possible to change the <nat><rule> section from an API call,
 it doesn't hurt to revalidate in a similar way as we do for invalid targets.

In case one does screw up the config (most likely due to manual config modifications or a missing validation), pf luckily always reverts to the existing states leaving the firewall as it was before applying the change.

closes https://github.com/opnsense/core/issues/6208
 2022-12-22 09:24:54 +01:00
Ad Schellevis
2177d3e93b Unbound / dnsbl_module.py - fix logic issue (missing query_reply property leading to an AttributeError) ref https://forum.opnsense.org/index.php?topic=31555.0 2022-12-21 20:37:34 +01:00
Franco Fichtner
990e973135 src: style sweep 2022-12-21 20:28:55 +01:00
kulikov-a
360d4a45e5
unbound: catch exception on blocklist reading (#6035) 2022-12-21 14:15:18 +01:00
agh1467
f907002435
mvc: TextField tests (#5860) 
* Verify/validate existing functionality
 2022-12-21 14:07:53 +01:00
Nicola
96bf45070c
FieldTypes/IntegerField - fix IntegerField minimum value (#5838) 2022-12-21 14:06:16 +01:00
Ad Schellevis
f636f0c7b5 Services: Web Proxy - Fix binding to VIPs after removal of the type attribute. closes https://github.com/opnsense/core/issues/6181 2022-12-21 13:28:46 +01:00
Franco Fichtner
1469471017 interfaces: meh, missing default switch cases are silly 2022-12-21 11:02:11 +01:00
Franco Fichtner
3413a5c67a interfaces: PPPoE IPv6 mode; closes #6204 2022-12-21 10:03:56 +01:00
Ad Schellevis
3f39ff8442 VPN: IPsec: Advanced Settings - default log should be set to "basic", should fix weird behaviour and missing logs after save 2022-12-20 21:51:21 +01:00
Ad Schellevis
12363f5f3c VPN/IPsec - refactor volt templates that are used for both mvc and legacy to use updated service controller and plugin invokeInterfaceRegistration() to register VTI's when needed. While here also change local/remote col-xs to 12 2022-12-20 20:50:50 +01:00
Franco Fichtner
40bfb4423f mvc: minor changes on previous 2022-12-20 20:46:14 +01:00
Ad Schellevis
7c16c3b74f interfaces: call plugins_interfaces() optionally on service reconfigure when invokeInterfaceRegistration() returns true. closes https://github.com/opnsense/core/issues/5768 2022-12-20 20:43:22 +01:00
Franco Fichtner
c760383ca4 firewall: hide source os under advanced #6081 
The OS fingerprints are no longer maintained so reduce user
exposure and keep the feature active for the time being.
It might make sense to remove it at a later point in time if
it continues to be abandoned.
 2022-12-20 16:46:08 +01:00
Ad Schellevis
c13f8dd987 VPN/IPsec - disable charon.install_routes at all in case anyone upstream would implement it for FreeBSD at some point int time, the feature itself only seems to be relevant for linux: 
* e09bc70d12/configure.ac (L63)
* https://github.com/strongswan/strongswan/search?q=routing_table
 2022-12-20 10:07:46 +01:00
Ad Schellevis
de85da9956 VPN/IPsec new MVC module - missing selectpicker class in local/remote pubkeys selection 2022-12-19 17:51:04 +01:00
Ad Schellevis
6f46fe3080 System/Log Files - add "Service Log (this boot)" including parser as an option to provide access to entries collected in https://github.com/opnsense/core/issues/6099 (proposal for 23.1) 2022-12-19 10:08:44 +01:00
Franco Fichtner
20b25258ff ipsec: style issues 2022-12-19 09:56:46 +01:00