lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,168 Commits 1 Branch 0 Tags
Commit Graph

392 Commits

Author SHA1 Message Date
Franco Fichtner
588fbfbbc9 firmware: simplify repo file flush 2021-08-17 09:37:39 +02:00
Franco Fichtner
0e7097cfb1 system: isvalidpid() is not required for a single killbypid() 2021-07-06 12:31:59 +02:00
Franco Fichtner
8e56216b87 system: add new translation file 2021-06-07 15:38:58 +02:00
Ad Schellevis
64c2e02b0b System / Settings / Logging - targets: add TLS transport option 
closes https://github.com/opnsense/core/issues/4937
 2021-04-30 17:54:29 +02:00
Franco Fichtner
cf8d1d045f system: sort system_sysctl_get() output; closes #4907 2021-04-08 12:24:01 +02:00
Franco Fichtner
c0a1fd321d system: reorder settings to let tunables override all 2021-04-07 12:06:34 +02:00
Franco Fichtner
6c96038ced system: remove /dev/crypto GUI support #4896 2021-04-06 07:08:58 +02:00
Franco Fichtner
cd2c3b08ca system: USB serial may not work with onifconsole #4849 2021-03-21 15:31:23 +01:00
Franco Fichtner
fb4ee845c9 system: better logic for -h and -D #4231 2021-03-01 19:41:42 +01:00
Franco Fichtner
9121ee88ce rc: refactor, add missing copyright header, rename 
Scott committed this in 2005 so it is safe to assume the BSD
license fits...

See also: https://github.com/pfsense/pfsense/commit/fa94531eaba
 2021-02-01 09:46:45 +01:00
Franco Fichtner
e6ced08e3d system: make a note that comconsole_port probably works just as well 2021-01-26 19:19:52 +01:00
Franco Fichtner
372e1cf5e5 system: omit console hint in existing setups 2021-01-26 10:19:43 +01:00
Franco Fichtner
d8711af025 system: set hw.uart.console appropriately 
PR: https://github.com/opnsense/tools/issues/209
 2021-01-26 10:13:51 +01:00
Franco Fichtner
4e9a8abf98 firmware: add async reconfigure hook to syslog 
rc.configure_plugins is likely fixed, but rc.configure_firmware
has the same issue so make this more maintanable by moving the
async request to the system function and put the former call back
with the async flag set.

Should fix syslog-ng related package configure hangs with regard
to pkg-based bug in recent versions.
 2020-10-29 09:08:28 +01:00
Franco Fichtner
00a4848004 system: remove syslog-ng workaround, all better now 2020-08-19 14:38:32 +02:00
Franco Fichtner
1fb4d808d6 system: use /etc/ssl/cert.pem consistently 2020-08-19 08:59:46 +02:00
Ad Schellevis
ae36505873 python/env make sure requests library uses system certificate store when being called from cron or configd (set REQUESTS_CA_BUNDLE) 2020-08-18 20:27:22 +02:00
Ad Schellevis
f226eecc87 syslog: cleanup unused legacy function 2020-08-14 16:44:46 +02:00
Ad Schellevis
2784956853 syslog-ng: initial startup issues. try to sleep for 0.5 seconds before using syslogs socket. 2020-08-10 22:36:40 +02:00
Ad Schellevis
78c81babfd syslog: disable legacy syslogd when disable_clog is set 2020-07-18 03:50:41 +02:00
Ad Schellevis
5c4c6faccb fix previous, missed $config import 2020-07-17 19:36:51 +02:00
Ad Schellevis
b1ec4aa9b0 syslog: don't generate clog files when disable_clog is set. 
eventually we should also prevent the legacy syslog from starting, but first make sure we don't polute the filesystem in these cases
 2020-07-17 19:32:22 +02:00
Ad Schellevis
e2f6272957 IPS-netmap related fixes, closes https://github.com/opnsense/core/issues/4171 
o config: set disablevlanhwfilter by default, previous versions had issues with this, with FreeBSD 12.x it looks stable and is required for proper operation
o interface: move disablevlanhwfilter support to configure_interface_hardware(), in order for netmap to function properly all hardware support should be disabled (previous code location wasn't the right one)
o interface: exit configure_interface_hardware() when the caller is a vlan, there's no need to call legacy_interface_details() in that case (performance fix)
o tunables: set our default for hw.ixl.enable_head_writeback to 0, also hardware support and thus not compatible with netmap.
 2020-06-16 11:05:41 +02:00
Franco Fichtner
08a3fd2233 system: finally use 3wire now that we have autologin support 
PR: https://github.com/opnsense/core/issues/3921
 2020-05-29 13:24:26 +02:00
Franco Fichtner
354b44690f system: keep comma in previous 2020-05-18 15:05:17 +02:00
Ad Schellevis
a95f943965 tunables: default net.inet.icmp.reply_from_interface to 1. 
The helpt text (man icmp) suggests this is a better default in our usecase:
-----------
(boolean) Use the IP address of the interface the
packet came through in for responses to packets which
are not directly addressed to us.  If enabled, this
rule is processed before all others.  By default,
continue with normal source selection.  Enabling this
option is particularly useful on routers because it
makes external traceroutes show the actual path a
packet has taken instead of the possibly different
return path.
-----------

ref https://github.com/opnsense/core/issues/4094
 2020-05-17 11:22:02 +02:00
Franco Fichtner
9effd6afda system: small refactor in default route code 2020-05-14 15:27:19 +02:00
Ad Schellevis
faf650e7ca
Syslog: optionally disable legacy (clog) logging (#4101) 
* Syslog-NG replacement for legacy syslog local logs:

Part of this commit:

- support both formats in query log, which is used by our log api
- sample local syslog-ng target for configd

for https://github.com/opnsense/core/issues/4068

* syslog: add disable clog toggle + preserve number of log (days) setting when only using syslog-ng. for https://github.com/opnsense/core/issues/4068

* syslog: include local syslog-ng files when clog is disabled. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: change local handling, add relayd file to test the concept.

The local directory contains filters for local targets, which should replace the <plugin>_syslog() construction eventually, everything relevant and not matched is send to system

for https://github.com/opnsense/core/issues/4068

* Syslog-NG: minor update to local template to support module/file format as the query log handler supports it (e.g. /var/log/squid/access/) and add local templates

* Syslog-NG: change flush log actions to support new format, while here make sure "flush all" actuallly flushes all logs (including plugins). for https://github.com/opnsense/core/issues/4068

* Syslog-NG: missing level in system log, for https://github.com/opnsense/core/issues/4068

* fix typo for https://github.com/opnsense/core/issues/4068

* syslog-ng: filter live log support for https://github.com/opnsense/core/issues/4068

* Syslog-NG: replace diag_logs_filter_summary.php for mvc enabled version, using the same log output as live log, for https://github.com/opnsense/core/issues/4068

* Syslog-NG: add log cleanup script to enforce preservelogs setting. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: webuser auth message should use LOG_AUTH facility. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: ditch sshlockout_pf in favour for a small script that locks out ssh/web gui failed attempts for both IPv4 and IPv6. for https://github.com/opnsense/core/issues/4068

* ditch sshlockout_pf dependancy, for https://github.com/opnsense/core/issues/4068

* fix indent in ACL, for https://github.com/opnsense/core/issues/4068

* fix plist
 2020-05-10 10:59:14 +02:00
Franco Fichtner
00c07864f6 filter: change approach, increase automatic limit 2020-04-29 21:15:55 +02:00
Franco Fichtner
8933e787f5 system: set value on the fly, remove nonexistent tunable 2020-04-29 10:03:31 +02:00
Franco Fichtner
4f82e4efa5 system: this new feature is wonky... 2020-04-29 08:18:24 +02:00
Franco Fichtner
40ed63239d rc: sync ttys file, slightly overdue as onifexists is supported by 11.2 2020-04-13 13:10:29 +02:00
Franco Fichtner
e35692fe66 system: Dutch out, Norwegian in 2020-04-03 10:53:23 +02:00
Ad Schellevis
1219969e83 fix previous 2020-03-17 14:03:25 +01:00
Ad Schellevis
0ea36d1a21 syslog: fix cda4e3561f 
- sleep() expects an int, use usleep instead to wait 0.1 seconds
- bail if waiting longer than 5 seconds
 2020-03-17 13:04:42 +01:00
Ad Schellevis
cda4e3561f syslog: if /var/run/legacy_log is being created while syslog-ng is booting, it sometimes leads to crashes/dumps of the latter. make sure the socket exists before asking syslog-ng to start 2020-03-13 15:24:00 +01:00
Franco Fichtner
f09aceecb3 system: set net.pf.request_maxcount default value 
While here also migrate the enc filter rules to our new style.
Useful for testing so tunables can be overwritten by users.

PR: https://github.com/opnsense/core/issues/3969
 2020-03-13 14:28:53 +01:00
Franco Fichtner
b20f6fa400 inc: partial PSR12 style sweep 2019-12-09 06:36:17 +01:00
Ad Schellevis
38b613614b opt-out on "Allow DNS server list to be overridden by DHCP/PPP on WAN" for selected interfaces. for https://github.com/opnsense/core/issues/3701 2019-11-21 18:08:06 +01:00
Franco Fichtner
548932a71a system: honour defaults for non-config sysctls as well #3806 2019-11-14 09:38:13 +01:00
Franco Fichtner
4a4d72afd8 system: bootstrap a default value and always apply #3806 
So that users are not seeing issues because they haven't done a
config reset yet.  It also allows us to bump the default again
if needed.
 2019-11-14 09:24:23 +01:00
Franco Fichtner
9299386602 system: fix PHP loop fail in tunable 
Maybe 7.2.23 is broken, never seen this before.  oO

PR: https://forum.opnsense.org/index.php?topic=14652.0
 2019-10-14 09:23:29 +02:00
Franco Fichtner
afe3c3a6cb system: break out system_trust_configure() 2019-07-18 22:24:50 +02:00
Ad Schellevis
7770075f09 Syslog-NG, service reload not funcitonal, use syslog-ng-ctl instead (or restart when valid pid not found) 2019-06-17 14:06:36 +02:00
Ad Schellevis
dd01423e91 Syslog-NG, restart both syslog daemons on service restarts to avoid communication issues. Since both services (syslog-ng, syslog) have their own status its good to show them separately, for proper functionality they should however be treated as one. 
Add a stop action to prevent service stop from only stopping the service named "syslog".
 2019-06-17 13:36:17 +02:00
Ad Schellevis
274ec3556e syslog, move core syslog facilities (applications in our case) to core plugin 2019-06-10 20:26:04 +02:00
Ad Schellevis
41fcaf2436
move to syslog-ng (#3524) 
Integrate syslog-ng into core system without removing current circular log functionality, the basic idea here is to keep syslogd to write circular log files which will turn into a consumer of syslog-ng messages. 

New sources, which will register automatically in s_all, are defined in /usr/local/opnsense/service/templates/OPNsense/Syslog/sources/. Plugins can write additional sources here (such as log sockets).

Legacy remote log targets are collected in syslog-ng-legacy-remote.conf, which should mimic the previous syslogd targets.
 2019-06-09 16:28:50 +01:00
Franco Fichtner
5f4315c40c system: stop using a lock around resolv.conf handling #2267 
This might kill a bit of delay in function use by doing an atomic
move to update resolv.conf.  Even if several instances are running
at the same time the contents of the file will be the same now.

I don't expect issues with the DNS route updates either: even if
they are removed or added twice, they will always end up being there.
 2019-05-06 08:36:30 +02:00
Franco Fichtner
426061a17b src: time to extend style sweep to src/etc/inc 2019-05-06 07:43:07 +02:00
Franco Fichtner
998aa1097d system: /etc/hosts generation without interface_has_gateway() 
It only marginally matters and lan or opt1 is mostly there with
a safe assumption of no gateway unless that is for a different
purpose than simply going to the internet.
 2019-04-26 08:51:39 +02:00