o Batch the backend call calling from GUI once and
only if needed from configuration.
o Turn the configuration into a generic loop.
o Move advanced options to the back of the configuration.
o Warning level for both log messages.
As OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm
by default some older SSH clients might not be able to connect to
OPNsense anymore. Therefore, it might be needed to manually modify the
PubkeyAcceptedAlgorithms sshd config option.
Prevent generating of invalid configuration values for dynamic
crypto parameters (KexAlgorithms, Ciphers, MACs, HostKeyAlgorithms and
PubkeyAcceptedAlgorithms).
Use original element (<div>/<small>) with "data-for" attribute.
The old jquery "for" attribute selectors can be removed once conversion to "data-for" attribute is complete (including plugins).
The old jquery selectors to remove once conversion is complete.
opnsense_ui.js & head.inc
$("*[for='" + $(this).attr('id') + "']")....
$('[for*="help_for"]')....
unless explicity configured. We set "admins" in the default
config with also adds "wheel" underneath, but some systems may
not use "admins" so that doesn't work then.
PR: https://forum.opnsense.org/index.php?topic=6994.15
width, align, valign, cellpadding, cellspacing, border, summary
Error: The width attribute on the table element is obsolete. Use CSS instead.
Error: The align attribute on the table element is obsolete. Use CSS instead.
Error: The valign attribute on the table element is obsolete. Use CSS instead.
Error: The cellpadding attribute on the table element is obsolete. Use CSS instead.
Error: The cellspacing attribute on the table element is obsolete. Use CSS instead.
Error: The border attribute on the table element is obsolete. Use CSS instead.
Error: The summary attribute on the table element is obsolete. Consider describing the structure of the table in a caption element or in a figure element containing the table; or, simplify the structure of the table so that no description is needed.
The initial timeout of 20 seconds is long, but it's safer to wait so
that we're not bouncing back to the old web GUI before it goes down.
PR: https://github.com/opnsense/core/issues/1347
Reload the client side. If we can't connect back, the second
part of this rework will make sure that the system reverts to
its former state and this reload will be able to pick it up.
While here kill the questionable login autocomplete toggle.
Anti-lockout really has both SSH and web GUI as its targets,
which is a bit weird here. Maybe we ought to split the options,
but for now move it a bit close to SSH. A separate option makes
no sense at this point. Maybe this is more of an advanced firewall
option?
