lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 02:25:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,109 Commits 1 Branch 0 Tags
Commit Graph

1020 Commits

Author SHA1 Message Date
Ad Schellevis
41b311ecc2 Revert "Firewall / Aliases - append most likely cause for pfctl error (Invalid argument isn't very explanatory by itself). closes https://github.com/opnsense/core/issues/5127" 
This reverts commit 2ea90801290856f453126b1e6d63e66c79a5ca6f.
 2021-07-30 18:45:40 +02:00
Ad Schellevis
2ea9080129 Firewall / Aliases - append most likely cause for pfctl error (Invalid argument isn't very explanatory by itself). closes https://github.com/opnsense/core/issues/5127 2021-07-30 17:47:18 +02:00
Franco Fichtner
4ae1555e07 firewall: change "proto" to "protonum" to avoid ambiguity 2021-07-23 09:02:22 +02:00
Franco Fichtner
538e2f04c2 firewall: update filterlog reader slightly 
CARP in IPv4 and IPv6 uses the IP header's "ttl" or "hoplimit" so
that we use the same name for reading it to avoid duplication.
The values are the same in any case.

Change "flowlabel" to "flow" to avoid confusion with "label".

Change IP "version" to "ipversion" and consolidate CARP "version(2)"
into "version".
 2021-07-23 08:14:36 +02:00
Franco Fichtner
1aeb520631 firewall: parse ridentifier as rid if != '0' #5016 2021-07-22 17:34:02 +02:00
Franco Fichtner
5e860053e1 firmware: mask subscription in GUI output 2021-07-22 10:16:04 +02:00
Ad Schellevis
be90cf00a6 Firewall / Diagnostics / States, Sessions - fix some minor glitches. 
o mark unsortable columns
o fix type validations (avg=* isn't an int).
o better to return an empty structure than [], avoid JS errors in the frontend
 2021-07-21 18:49:10 +02:00
Ad Schellevis
e4aa3e4f5e Firewall / Diagnostics - time to kill legacy diag_system_pftop.php and replace it with "Sessions", which offers insights into the top sessions on the firewall related to rules and network segments. 2021-07-20 21:53:33 +02:00
Franco Fichtner
72e6ca2fee unbound: more refactoring, less pages, blacklist -> blocklist 
PR: https://github.com/opnsense/core/issues/4327
 2021-07-20 11:00:00 +02:00
Franco Fichtner
dac9a74479 interfaces: if it looks like SLAAC get rid of it 
PR: http://forum.opnsense.org/index.php?topic=8985.0
 2021-07-20 09:27:54 +02:00
Franco Fichtner
83cd07eda4 firmware: add version/date header here as well 2021-07-14 09:22:46 +02:00
Franco Fichtner
b1241aeb74 shell: fix IPv4 /31 assignment 
PR: https://forum.opnsense.org/index.php?topic=23878.0
 2021-07-13 13:56:44 +02:00
Franco Fichtner
11b5fe6e9c interfaces: deprecate SLAAC addresses on linkdown; closes #4929 2021-07-13 12:45:05 +02:00
Franco Fichtner
e8d7876d21 unbound: add 'unbound check' target for advanced options #4327 2021-07-13 12:27:14 +02:00
Franco Fichtner
4a1bc9f8b5 unbound: allow to retain cache; closes #2750 2021-07-13 11:21:01 +02:00
Franco Fichtner
09f510fba2 unbound: fix /var MFS dilemma for DNSBL after boot; closes #4938 
o Create a persistent directory to feed the unbound includes
o Move runtime data to /tmp directory

After reboot we use the old persistent list still available.

I am not sure if it's clear enough that the blacklists cannot
auto-update and therefore require a cron job or manual update
from the respective GUI page ("apply" essentially is "download
and apply").
 2021-07-09 13:57:07 +02:00
Franco Fichtner
28fa452a47 firmware: fix comment on previous 2021-06-29 14:42:43 +02:00
Franco Fichtner
38578176e4 firmware: comment on compexity avoidance in shell menu 
Fix plist while here.
 2021-06-29 14:39:14 +02:00
kulikov-a
97643a3edb
read_log.py: set label for obsolete rule in log (#5075) 2021-06-27 13:34:32 +02:00
Franco Fichtner
35aa9bf568 interfaces: back out this change until we have feedback #4929 2021-06-23 11:41:51 +02:00
Ad Schellevis
caed6e2504 Firewall: Diagnostics: States Dump - refactor to MVC. 
o a rudimentary column sort
 2021-06-22 11:19:39 +02:00
Ad Schellevis
43b7f1eb7f Firewall: Diagnostics: States Dump - refactor to MVC. 
o fix minor regression duplicating records (only flush on last content line)
o add link to firewall / rules page
 2021-06-21 19:37:27 +02:00
Ad Schellevis
63bdff8cf3 Firewall: Diagnostics: States Dump - refactor to MVC. 
o add api endpoint and ui to kill states using filter (kill by host or network as well)
o show ruleids in service control spot to filter states for a specific (auto-generated) rule
o support passing a ruleid to the ui page to limit selection, e.g. /ui/diagnostics/firewall/states#d0953c4424f27d5249027086b4599999
 2021-06-21 18:27:21 +02:00
Franco Fichtner
512b83463b pkg: fix plist and lint 2021-06-21 15:22:36 +02:00
Ad Schellevis
d9aa894fdb Firewall: Diagnostics: States Dump - refactor to MVC. 
o move state manipulation functions into separate lib, so we can reuse the same logic to kill all in selection (pfctl -k [ipv6_address] doesn't seem to be functional)
 2021-06-21 14:53:47 +02:00
Ad Schellevis
2e5bafbfa9 Firewall: Diagnostics: States Dump - refactor to MVC. 
o improve filter, when an address or network is offered, match using ipaddress.ip_network().overlaps()
 2021-06-21 14:38:15 +02:00
Franco Fichtner
74633f4cd2 interfaces: fix lint pass 2021-06-21 05:15:02 +02:00
Ad Schellevis
36f4b24869 Firewall: Diagnostics: States Dump - refactor to MVC. 
o push query commands to backend process (list_states.py)
o add configd action to kill by state id and assign delete action to it.
o query rule descriptions to ease browsing

some small todo's left:

o the old page supported dropping states for a network, which might be practical to have in s separate tab sheet in the new layout
o support filtering by explicit rule_id and use it as an optional entry point so the firewall edit page can link to the states.
 2021-06-18 19:05:00 +02:00
Franco Fichtner
f7d7fd6362 interfaces: flush IPv6 addresses on PPP interfaces #4929 2021-06-18 10:08:05 +02:00
Franco Fichtner
9dc9c4e864 firmware: add backend glue to support install probing of plugins #5037 
Allows to list dependencies as well.  Remove the JSON return, best to
use something as follows now:

    # configctl firmware probe && configctl firmware product
 2021-06-17 10:32:53 +02:00
Franco Fichtner
17dff05294 firewall: close gap in diff between stable and master 2021-06-15 07:14:58 +02:00
Ad Schellevis
aea1cbd15a Firewall / Diagnostics / States Dump : extend filter options for future rewrite of states view. (refactor limit, add offset and query on label/rule_id) 2021-06-02 06:14:18 +02:00
Ad Schellevis
4c845540ac Firewall / Diagnostics / States Dump : add verbose fields to states output, first step in refactoring the states dump. 2021-06-01 12:18:03 +02:00
Franco Fichtner
a759338381 firmware: push automatic flags to firmware for #5025 2021-05-31 14:49:27 +02:00
Ad Schellevis
5eacbb06f1 firewall: let live log use the provided rule label instead of guessing it, closes https://github.com/opnsense/core/issues/5014 2021-05-27 15:47:37 +02:00
Ad Schellevis
4f126c758c Firewall - aliases: move dynamic ipv6 handling (https://github.com/opnsense/core/issues/4923) to a separate branch. 2021-05-26 18:18:26 +02:00
Franco Fichtner
f845a4286a shell: fix restore copy; closes #5011 2021-05-26 10:16:54 +02:00
rawtaz
408ef03b6a
shell: Clarify revert to HTTP for web GUI question (#4992) 2021-05-17 18:42:36 +02:00
Ad Schellevis
714ad52b3a Firewall / alias - proper wildcard validation for https://github.com/opnsense/core/issues/4952 and make sure to obey ! when being provided. 2021-05-07 22:29:00 +02:00
Ad Schellevis
05d3224e70 Firewall / alias - calculate wildcard netmasks for https://github.com/opnsense/core/issues/4952 in alias backed code. 2021-05-03 18:33:14 +02:00
Franco Fichtner
3b2b03f380 src: whitespace and lint sweep 2021-05-02 17:36:38 +02:00
Ad Schellevis
2b976a491d System / Settings / Logging - targets: TLS trasnport, fix previous for https://github.com/opnsense/core/issues/4937 
(use generic system ca file)
 2021-04-30 18:52:47 +02:00
Ad Schellevis
64c2e02b0b System / Settings / Logging - targets: add TLS transport option 
closes https://github.com/opnsense/core/issues/4937
 2021-04-30 17:54:29 +02:00
Ad Schellevis
89a2a8d51b Firewall / Aliases - Dynamic Ipv6 fw rules handling 
for https://github.com/opnsense/core/issues/4923 , https://github.com/opnsense/core/pull/4941

o add validations for new type
o rename dyninterface to interface to make the attribute more generic (in case of future use)
o move address logic to interface class
 2021-04-29 15:56:14 +02:00
Martin Wasley
7311b413f6 Dynamic Ipv6 fw rules handling 
IPv6 Prefix changes by the ISP  cause any fw rules created for specific clients on the LAN interface(s) to become invalid.

Update AliasNameField.php

Remove fieldtype
 2021-04-29 15:56:14 +02:00
Franco Fichtner
0dbfddd864 firmware: exclude /etc/csh.cshrc for #4936 2021-04-22 17:16:10 +02:00
kulikov-a
f6c0fa88d1
download_blacklists.py: match whole entry (#4915) 
-match the entire string to prevent url entries
-add to skip stat if not match
 2021-04-11 20:15:39 +02:00
Franco Fichtner
35217ba0d1 firmware: if upstream package is missing complain; closes #4906 
This points to a configuration error that should be resolved one
way or another.
 2021-04-09 14:18:26 +02:00
Franco Fichtner
7d7aaa633d firmware: separate error for "forbidden" #4906 2021-04-09 14:06:27 +02:00
Franco Fichtner
2fe4de6819 firmwre: make this clearer 
Ideally, opnsense-update -M should replace this except
that -M is used to gain mirror access from other scripts
as well.  Need to think about it.
 2021-04-07 12:07:32 +02:00