- Increase the reporting interval for 12 & 24 hours to 10 minutes.
- Always display a list for the top (blocked) domains
- Remove block/whitelist buttons when blocklists are disabled
This include the ability to whitelist it from the same page as well. Relevant to both
the top passed/blocked domains, as well as the detailed query grid.
blocklists.py has been modified in such a way that it will detect whether it needs to
start the download process or simply administrate locally. The latter currently only happens
when custom domains for blocking have been added/removed by a user. The reasoning is
that we can easily extend/shrink the current blocklist when it comes to blocking exact
domains as this is handled on the incoming side. However, while we can modify the current
list to accomodate a new whitelist entry (which can be regex), we (currently) cannot know which domains
were skipped in the process of retrieving them in the first place if a user explicitly removes
a whitelist entry. Therefore we decide to re-run the download on a whitelist action.
furthermore, the updateBlocklistAction in the controller administrates how the model is updated
(e.g. when a blocked item is whitelisted, it should be removed from the blocklist model entry and
added to the whitelist)
In the future we could optimize the whole process by checking if a remote file has changed in
date or size.
o add grid and form for manual spd items, showing legacy items as well
o extend spd/sad controllers to show MVC descriptions when known
Todo:
o add configd template to write manual spd items to
o add script for ipsec which acts as an up/down event handler to register spd's when defined
o extend swanctl.conf to feed updown script
Although the page does correctly validate the existence of the target field (when nordr is not set) and it's not possible to change the <nat><rule> section from an API call,
it doesn't hurt to revalidate in a similar way as we do for invalid targets.
In case one does screw up the config (most likely due to manual config modifications or a missing validation), pf luckily always reverts to the existing states leaving the firewall as it was before applying the change.
closes https://github.com/opnsense/core/issues/6208
The OS fingerprints are no longer maintained so reduce user
exposure and keep the feature active for the time being.
It might make sense to remove it at a later point in time if
it continues to be abandoned.
* unbound / overview: migrate to duckdb
* unbound: make ajax calls concurrent, no need to wait on each other
* unbound / overview: adjust to DataFrame optimization
While previous insert statements with SQLite had to be rate limited to prevent blocking on the
side of the logger, this limitation can be ditched entirely with the approach of appending DataFrames.
Also, the client chart expects timestamps for the entirety of the dataset, so make use of
the NaN value.
* unbound / overview: connection can be none
* unbound / overview: include DNSSEC and timing information and refactor logger
The logger was lacking some error handling due to it being daemonized. On a restart the process
will still produce a core dump likely associated with daemonization, but this will be addressed in a separate issue
To accomodate future additions, DNSSEC and RTT information is now also included in the data set.
* remove leftover syslog message
* unbound / overview: add UUID as well
* unbound / overview: account for null return_msg objects
* unbound / overview: Move DNS statistics to reporting->dns, add detailed grid
This also introduces the option to clear the DNS data. Also restructure the data to a more sensible flow representation.
