lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 18:14:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,228 Commits 1 Branch 0 Tags
Commit Graph

14930 Commits

Author SHA1 Message Date
Franco Fichtner
490efb1e97 firewall: merge pfplugin.inc into pf.inc 2024-01-07 20:51:27 +01:00
Ad Schellevis
8591377778 Firewall: NAT: NPTv6 - add MVC migration and cleanup old legacy pages. 2024-01-07 18:29:00 +01:00
Ad Schellevis
8e299d3efe import net/os-firewall from plugins (https://github.com/opnsense/core/issues/6390) 2024-01-07 16:56:35 +01:00
Ad Schellevis
3daff54655 Services: Intrusion Detection: Policy - show rule origin in rule adjustments grid. As we need to fetch all rule labels in order to link them and the number of installed rules may be quite large (>100k) we need a small work-around here to prevent other model callers from always having to wait for [msg, source] being populated. 
closes https://github.com/opnsense/core/issues/7121
 2024-01-07 16:22:17 +01:00
Ad Schellevis
e385b1cd3e VPN: WireGuard: Settings - ad unique constrain on pubkey fields in model. closes https://github.com/opnsense/core/issues/7110 2024-01-07 11:46:27 +01:00
Ad Schellevis
b5008a9cbf VPN: WireGuard: Settings - API cleanup for 24.1 [2] 2024-01-07 11:43:20 +01:00
Ad Schellevis
4dacd81ab0 VPN: WireGuard: Settings - API cleanup for 24.1 2024-01-07 11:32:41 +01:00
Ad Schellevis
7b599680bc VPN: WireGuard: Settings - add button to generate a pre-shared key (wg genpsk). closes https://github.com/opnsense/plugins/issues/3164 2024-01-07 11:27:28 +01:00
Stephan de Wit
a40e6ae0a6
MVC: remove Phalcon migration glue (#7117) 
* MVC: remove phalcon migration glue

* fix plist

* remove commented out autoloader code
 2024-01-05 18:29:05 +01:00
Franco Fichtner
001f5e2a9a firmware: add upgrade hint for first RC 2024-01-05 14:00:54 +01:00
Franco Fichtner
a933d2b0a8 firmware: add fingerprint for 24.1 2024-01-05 13:59:44 +01:00
Ad Schellevis
43a1743749 VPN: OpenVPN: Instances - (optional) ocsp check, fix "pass" criteria, result should be good and verified. (https://github.com/opnsense/core/pull/7082, https://github.com/opnsense/core/issues/7114) 2024-01-04 21:11:51 +01:00
Ad Schellevis
57f0175a94 System: Trust: Revocation - add ocsp index.txt file download, needed for demonstration purposes (https://github.com/opnsense/core/issues/7114), minor bugfix in previous 2024-01-04 20:19:01 +01:00
Ad Schellevis
043a3dd756 VPN: OpenVPN: Instances - (optional) ocsp check, make sure to flush our CA when ocsp is enabled and improve logging (https://github.com/opnsense/core/pull/7082, https://github.com/opnsense/core/issues/7114) 2024-01-04 19:30:25 +01:00
Ad Schellevis
da5b772ba1 System: Trust: Revocation - add ocsp index.txt file download, needed for demonstration purposes (https://github.com/opnsense/core/issues/7114) 2024-01-04 17:22:25 +01:00
Ad Schellevis
d0e43f829d System: Trust: Revocation - show CA and CRL name and hide new CRL option when one or more CRL's are found. for https://github.com/opnsense/core/issues/7015 2024-01-04 16:15:39 +01:00
Ad Schellevis
92f282b295 mvc/bootgrid - show tooltip when grid td content doesn't fit and remove similar functionality from Reporting: Unbound DNS to avoid duplication. 2024-01-04 16:01:31 +01:00
Ad Schellevis
eed630092c configctl - regression in 42fd27df77 , ignoring -q 2024-01-04 11:39:31 +01:00
Franco Fichtner
763d2fd4dd ui: fix the missing dialog padding in some modals 
It appears that dialogRef.getModalBody() is one of our
ancient modal implementations and a simple 'message' does
the trick.
 2024-01-04 10:47:25 +01:00
Franco Fichtner
f1ae49b803 unbound: update root hints; closes #7115 2024-01-04 08:56:25 +01:00
Franco Fichtner
a345bb14fe system: prep trad. Chinese for upcoming release 2024-01-04 08:49:51 +01:00
Franco Fichtner
fac978204d mvc: more minor copyright style 
One of these days I'll write that automated style tool...
 2024-01-04 08:13:05 +01:00
Franco Fichtner
aab1e8be68 mvc: copyright header style 2024-01-04 08:00:14 +01:00
Ad Schellevis
318a1ae322 VPN: OpenVPN: Instances - add (optional) ocsp check (https://github.com/opnsense/core/pull/7082, https://github.com/opnsense/core/issues/7114) 
* initial implementation, needs some testing.
 2024-01-03 21:54:49 +01:00
Franco Fichtner
fed77572a6 dhcp: clean up dpulicated domain-name-servers option; closes #6751 2024-01-03 12:59:15 +01:00
Franco Fichtner
29db6b9ff4 ui: patch all the other spots 2024-01-03 12:06:50 +01:00
Shane Lord
27dcad8403
ui: include meta tags for standalone/full-screen on Android & iOS (#6696) 
Add meta tags for Android and iOS to allow the WebUI to run in fullscreen/standalone mode on mobile browsers.
 2024-01-03 12:03:24 +01:00
doktornotor
44d9a11bb8
Add word break in interface_statistics.widget.php (#7106) 
* Add word break in interface_statistics.widget.php

* Add word break to interface descriptions as well
 2024-01-03 11:04:01 +01:00
Franco Fichtner
cd3fa5a268 firewall: redirect interface seelctor for #6158 2024-01-03 10:55:59 +01:00
Franco Fichtner
600b5bf84e firewall: binat never supported redirect target alias #6158 
There were error(s) loading the rules: /tmp/rules.debug:109: invalid use
of table <__lan_network> as the redirect address of a binat rule - The line
in question reads [109]: binat on igb1 inet6 from ff00:: -> $__lan_network

That also means aliases are useless here and we need to have an interface
selector anyway.

Also pconfig_to_addr() doesn't store /128 which may cause an error in the
prefix translation at the moment.
 2024-01-02 23:23:56 +01:00
Ad Schellevis
2ab6a8f188 mvc/bootgrid - increase standard search delay from 250ms to 1sec to prevent excessive command executions. closes https://github.com/opnsense/core/issues/7109 2024-01-02 15:07:30 +01:00
Franco Fichtner
d820d74a45 openvpn: style sweep 2024-01-02 08:09:27 +01:00
Ad Schellevis
2ef916de0c Services: ISC DHCPv6: Leases - regression in 5b0b4139b6 (off by 1). https://github.com/opnsense/core/issues/7107 2024-01-01 19:01:00 +01:00
Ad Schellevis
1fe104dce6 Wireguard / OpenVPN [client] - handle disabled carp vhid's by initialising to 'DISABLED' (same as 9ff64a3e41) 2023-12-31 13:34:55 +01:00
Ad Schellevis
5b0b4139b6 Services: ISC DHCPv6: Leases - cleanup get_lease6 script and fix parsing issue, closes https://github.com/opnsense/core/issues/7107 2023-12-30 22:54:50 +01:00
Ad Schellevis
c321f15e0f VPN: OpenVPN: Instances - add validation for >29 netmasks as specified in https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/helper.c , excluding the p2p/net30 with tun introduced in 2758f9f649 2023-12-30 11:32:22 +01:00
Ad Schellevis
4c097be8ea Firewall: Aliases - BGP ASN + Geoip validate if target contains at least some bytes (1k) before assuming timestamp is correct. closes https://github.com/opnsense/core/issues/7075 2023-12-30 10:47:20 +01:00
Ad Schellevis
2758f9f649 VPN: OpenVPN: Instances - add workaround for net30/p2p smaller than /29 networks, this was being used in the legacy code but left out in the mvc version. At a first glance it looks like it still possible to support /30 and /31 networks although this wasn't tested yet. We should likely also add a validation to prevent > /29 tunnels from being added. 
Currently when specifying a /30 network the server refuses to start anyway, but before enforcing using a validation, let's try if there are still options possible for these networks to be used given the options in the new instances intreface.
 2023-12-29 16:01:08 +01:00
Ad Schellevis
d7a858de34 Auth/vouchers - fix integer validation, closes https://github.com/opnsense/core/issues/7105 2023-12-28 13:39:53 +01:00
Ad Schellevis
14f843bb2f System: Trust: Revocation - exclude ocsp signing certs. 2023-12-28 13:20:17 +01:00
Amy Nagle
f314a95a3b
Unbound / Blocklists: Replace JustDomains with Firebog (#7103) 2023-12-28 10:05:05 +01:00
Ad Schellevis
481859b412 System: Trust : Authorities - hide ocsp signing certificates from (mvc) ca selectors to avoid confusion. 2023-12-26 12:49:32 +01:00
Ad Schellevis
7a466c79c9 mvc - set a default data-size for increased readability (live-search is sometimes hidden) 
.
 2023-12-26 12:43:42 +01:00
Ad Schellevis
044b0d9ad9 Gateways: Single - change data length default from 0 to 1 to limit the chances of zero lentgh packets being dropped by intermediate devices. although the actual dpinger is 0, adding one byte shouldn't hurt and might prevent some issues. 2023-12-26 11:30:19 +01:00
Ad Schellevis
495d036d8d Interfaces: Overview - miinor cleanups for https://github.com/opnsense/core/issues/6832 
o export full overview instead of ifconfig output, for debugging purposes its better to have the full picture
o remove json_encode() from getInterfaceAction() and let the framework do its usual thing...
 2023-12-25 14:26:43 +01:00
Ad Schellevis
4d495ea6cc Interfaces: Overview - remove legacy version and its related functions and scripts. closes https://github.com/opnsense/core/issues/6832 2023-12-25 14:03:22 +01:00
Ad Schellevis
28b0ba4812 Interfaces: Overview - minor regression, array_filter() preserves keys which may cause returned values to become dictionaries in stead of lists. 2023-12-24 18:41:20 +01:00
Ad Schellevis
c9d191f10d Firewall: Shaper - missing physical_interface(), looks like a regression in a99f2600a5 , closes https://github.com/opnsense/core/issues/7096 2023-12-22 08:22:12 +01:00
Ad Schellevis
ff75146f73 System: Trust - add uniform ocsp_validate() function to check the validity of a certificate by serial for a given CA file. 
This function returns an array containing an attribute "pass" explaining if we're passed the test and the corresponing ocsp result ("result"), optionally if returns the first element of the ocsp command which appears to be the cert verify output (e.g. "Response verify OK")

A certificate can be passed when :

A] no OCSP - URI is configured for the offered CA
B] when /usr/bin/openssl ocsp returns a non 0 exit code
 2023-12-21 16:56:56 +01:00
Ad Schellevis
2e5f3ba214 System: Trust - cleanup and refactor authorities and certificates part 2. remove ca_inter_create() and integrate in ca_create() as both are quite similar one just has a parent and the other hasn't. Also fix the ocsp certificate type as this one depends on a parent as well (equal to an intermediate). 2023-12-21 16:44:06 +01:00