* remove race conditions in interface_bring_down() so when an old configuration is provided we will actually use the contents of that configuration.
* Next make sure we only save the first occurrence of a changed interface until an apply is hit, to prevent lossing the running configuration.
* Do some additional cleanups for removing virtual ip's when an interface is requested to go down.
For https://github.com/opnsense/core/issues/2221
If enabled, now consistenly log into a clog suricata.log. Since
the last rework suricata syslog output landed in system.log because
the suricata.syslog.log file was removed, but this one was never
read because syslog.log was not a real log file.
* Add all documented types
* Do not translate types, difficult to express in a label
* Move validation to config-save time
* Modify help text, default is in the manual
* Simplify naming
* Use empty as "transparent" for backwards compat
* Properly escape option value
CC: @NOYB
This was a bit forgotten, since the new alias update handles all types of aliases using different expiry intervals, we need to make sure we actually probe our changes in time, otherwise it's impossible to expire dns entries within a reasonable timeframe.
"- 50" would will eventually underflow. According to the official
docs in the libevent case we set double num-queries-per-thread, so
that's what we'll do and kick the other code.
While here, seems like the GUI options for the default value are
missing which causes the num-queries-per-thread value to decrease
to 512, reducing the outbound-range with it arbitrarily.
See: https://www.unbound.net/documentation/howto_optimise.html
Eventually, the two remaining user privileges should be killed
as well in favour of similar approaches. The ACL should be for
page access, not more, not less.
If we don't have default gateways and no connectivity, we cannot
rely on the idea that "WAN" will save us. It could be an OPT interface
instead...
PR: https://github.com/opnsense/core/issues/2164
unless explicity configured. We set "admins" in the default
config with also adds "wheel" underneath, but some systems may
not use "admins" so that doesn't work then.
PR: https://forum.opnsense.org/index.php?topic=6994.15
Also suggested by @fabianfrz. Not perfect yet as we seem
to mix wheel with access and either need to lock down shell
access along with it or somehow tag along the shell privilege.
Small race in the group setting on the user page.
PR: https://forum.opnsense.org/index.php?topic=6994.0
Error: A meta element with an http-equiv attribute whose value is X-UA-Compatible must have a content attribute with the value IE=edge.
The "Chrome=1" value was used to spawn Chrome Frame in IE 6,7,8,9. However, "Google Chrome Frame was discontinued in January 2014", and think all IE<11 is beyond EOL.
So is this even needed/useful?
If needed/useful it would probably be better to support deployment by HTTP headers method instead.
Google Chrome Frame
https://en.wikipedia.org/wiki/Google_Chrome_Frame
If users want read-only media they need to put their own
/etc/fstab entries into the system as the MFS options from
the config should not work under unknown conditions.
