lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,250 Commits 1 Branch 0 Tags
Commit Graph

7250 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ad Schellevis
594bfeeea4 firewall, plugin. start moving user generated rules into the same logic as the plugins. step by step. 
First enable our gateways and gatewaygroups on our plugin system and setup reply-to attributes in interface metadata (could be temporary, but good enough for now)
 2017-06-12 13:01:32 +02:00
Ad Schellevis
316ce1e05a firewall / plugin, add getInterfaceGateways() and additional metadata to fetch all related gateways. Needed for some of the current internal rules. 2017-06-11 17:11:34 +02:00
Franco Fichtner
3226dce27d interfaces: fix py-netaddr mac listing for new version 2017-06-11 09:36:16 +02:00
Franco Fichtner
f2f3b0c0c0 intrusion detection: wow, jinja is hard 2017-06-10 20:42:31 +02:00
Franco Fichtner
da313a94d9 intrusion detection: further reworked suricata rc script 2017-06-10 20:38:49 +02:00
Franco Fichtner
ca10d0a2f9 interfaces: remove renaming of interfaces 2017-06-10 20:06:50 +02:00
Franco Fichtner
a57d0e88c2 intrusion detection: undo previous, switch to --pcap=intX 2017-06-09 19:53:40 +02:00
Franco Fichtner
6223e0b558 intrusion detection: not my day ;) #1233 2017-06-09 19:40:35 +02:00
Franco Fichtner
f826593e2f intrusion detection: two times if #1233 2017-06-09 19:34:05 +02:00
Franco Fichtner
a298341db6 intrusion detection: or maybe this... #1233 2017-06-09 19:31:54 +02:00
Franco Fichtner
c9b7cdfe1f intrusion detection: fudge --pcap arg, maybe it helps with #1233 2017-06-09 19:15:29 +02:00
Ad Schellevis
983ae690cb rework prev 2017-06-09 11:30:38 +02:00
Ad Schellevis
df3e42b2d8 vlan, rename interface on create 2017-06-09 11:26:38 +02:00
Ad Schellevis
cf3dbedfa9 interfaces.lib.inc, legacy_interface_create, add optional name parameter 2017-06-09 11:25:54 +02:00
Ad Schellevis
c2a45931dd fix errors in interface_vlan_configure(), leading to : 
OPNsense opnsense: /interfaces_vlan_edit.php: The command `/sbin/ifconfig 'em2_vlan1' vlandev 'em2' vlan '1' vlanpcp '0'' failed to execute
OPNsense opnsense: /interfaces_vlan_edit.php: The command '/usr/sbin/ngctl name 'vlan1': 'em2_vlan2'' returned exit code '71', the output was 'ngctl: send msg: No such file or directory'

interface_bring_down() doesn't use a real interface name as call argument, mwexecf('/usr/sbin/ngctl name %s: %s', array($tmpvlanif, $vlanif)) isn't used by my knowledge.
 2017-06-09 10:57:29 +02:00
Ad Schellevis
dcbbcf8987 netflow, when Destinations are provided, skip config. 2017-06-09 09:35:30 +02:00
Franco Fichtner
5f1f9caebe wizard: similar cleanups for system wizard 2017-06-09 08:23:36 +02:00
Franco Fichtner
965b6eba53 wizard: improve previous 2017-06-09 08:21:29 +02:00
Franco Fichtner
8a0e3bc702 wizard: remove html from description strings 2017-06-09 08:10:51 +02:00
Franco Fichtner
440e6b5bff yslog remote dns for #1491 2017-06-08 15:48:34 +02:00
Franco Fichtner
7e8c095776 dnsmasq: use canned --bogus-priv for no_private_reverse #1573 2017-06-07 17:08:04 +02:00
Franco Fichtner
6669109023 dns: fix previous #1491 2017-06-07 16:53:36 +02:00
Franco Fichtner
62bb0ae8cc dns: rework log files, split ACLs #1491 2017-06-07 16:49:21 +02:00
Franco Fichtner
a7825a608e menu: fix spurious search hit for "workAround" 2017-06-07 16:31:43 +02:00
Davide `rainbow` Gerhard
51b6f4dfc0 add local-zone typetransparent for ptr zone; closes #1673 2017-06-07 16:09:25 +02:00
Franco Fichtner
9398670ad2 unbound: use resolver w/ dnssec as default for 17.7 2017-06-07 16:04:47 +02:00
Ad Schellevis
d5ceec2a4d firewall_rules, keep category selection when changing tabs. closes https://github.com/opnsense/core/issues/1592 2017-06-06 21:02:05 +02:00
Ad Schellevis
e660269e00 guiconfig.inc, add class to top_tab so we can find them easier, for https://github.com/opnsense/core/issues/1592 2017-06-06 20:59:30 +02:00
Ad Schellevis
09d2dea78c filter, keep reply-to selection the same as it was 2017-05-31 18:35:41 +02:00
Ad Schellevis
b296b95614 rework reply-to tag, disablereplyto at wrong location + missing in bogons 2017-05-31 18:34:30 +02:00
Ad Schellevis
9f31b9d523 filter.inc, ignore scrub rule if none of the interfaces is found. 2017-05-31 18:19:21 +02:00
Franco Fichtner
9b957e31d6 gateways: several changes 
* Plug gateway fixup "feature" into filter_configure_sync(), the
  only point where it should matter as everything else is GUI
  trigger-happy disruption.

* Discourage the use of the "feature" by moving it into the firewall
  advanced settings, adding a deprecated note.

* Use the new system_default_route() call to avoid code drift.
 2017-05-31 09:33:21 +02:00
Franco Fichtner
67c9c5d62b gateways: rework fixup logic some more 
As a side-note, IPv6 gateway switching is really discouraged,
especially with auto-address configuration techniques...

Discussed with: @adschellevis
 2017-05-31 09:03:36 +02:00
Franco Fichtner
95dd6ca9e1 system: avoid far gateway usage in IPv6 #1665 2017-05-31 09:02:49 +02:00
Franco Fichtner
59e2e5270c system: fix typos in previous #1665 2017-05-31 08:43:33 +02:00
Franco Fichtner
ed3fb99710 system: add system_default_route() #1665 2017-05-31 08:30:22 +02:00
Franco Fichtner
a21ca5429b system: configure all host routes through system_host_route() 2017-05-31 08:07:07 +02:00
Franco Fichtner
611d9722d4 system: add system_host_route(), later we also want system_default_route() 2017-05-31 07:47:09 +02:00
Franco Fichtner
2a2bca919b system: mute resetting routes, they can error if not there 2017-05-31 07:23:56 +02:00
Ad Schellevis
b27abd7d74 filter, add "reply-to" to plugin model, disabled by default for bootstrapped rules. needs gateway/gatewayv6 registered in filter.inc before it can actually function. 2017-05-30 21:50:57 +02:00
Ad Schellevis
e3d6b13981 filter plugin, work in progress. add systemDefaults to plugin and add disablereplyto tag in there, so we can set this tag globally without having to link the config in the filter parsing logic. 
This shouldn't hurt our current deployment, it's needed to add "reply-to" parsing in the rule class.
 2017-05-30 21:21:05 +02:00
Ad Schellevis
a206e8f6de missed the pfctl counters in www/widgets/api/plugins/interfaces.inc, for https://github.com/opnsense/core/issues/1662 2017-05-29 10:37:16 +02:00
Ad Schellevis
89a81f3ea6 regression, missing ipv4 address in get_interfaces_info(), for https://github.com/opnsense/core/issues/1662 2017-05-29 10:32:14 +02:00
Franco Fichtner
9bb3dd61a6 interfaces: proper tunnel status for GIF #1662 2017-05-29 09:57:05 +02:00
Ad Schellevis
932a086ea7 vmstat, better handling of irq counters, for https://github.com/opnsense/core/issues/1662 2017-05-29 09:45:49 +02:00
Ad Schellevis
f15eb3b203 get_interfaces_info() only overwrite status code when reported status in 'active','running' for https://github.com/opnsense/core/issues/1662 2017-05-29 08:55:40 +02:00
Franco Fichtner
f7cf3c90ed src: whitespace sweep 2017-05-29 08:35:50 +02:00
Franco Fichtner
a7134a01d3 rc: spacing in previous 2017-05-29 08:16:20 +02:00
Franco Fichtner
335b591dae rc: advertise live mode just above the login prompt 2017-05-29 08:04:14 +02:00
Franco Fichtner
be35490de1 pkg: fix plist 2017-05-28 19:36:17 +02:00