o cleanup default (English) error templates, rename to .html for easier editting. move css to include, which should be imported inline using our scripts.
o add frontend code
o extend model with template option.
o config: set disablevlanhwfilter by default, previous versions had issues with this, with FreeBSD 12.x it looks stable and is required for proper operation
o interface: move disablevlanhwfilter support to configure_interface_hardware(), in order for netmap to function properly all hardware support should be disabled (previous code location wasn't the right one)
o interface: exit configure_interface_hardware() when the caller is a vlan, there's no need to call legacy_interface_details() in that case (performance fix)
o tunables: set our default for hw.ixl.enable_head_writeback to 0, also hardware support and thus not compatible with netmap.
When gcm encryption is selected a hashing algorithm is not required.
The PHP warning raised by supplying in_array() with an empty string results in warning on the dashboard that links to:
[12-Jun-2020 17:08:01 Pacific/Auckland] PHP Warning: in_array() expects parameter 2 to be array, string given in /usr/local/www/vpn_ipsec_phase2.php on line 713
* Hardening: Disable PCRE JIT in PHP config
PCRE's JIT is incompatible with PaX NOEXEC. In order for PaX NOEXEC to
work well with PHP, disable PCRE's JIT.
pdinfo could get deleted by a renewal or event other than release or exit. These changes make the creation of the pdinfo file only on a REQUEST reply flag and only delete on a RELEASE or EXIT flag
This fixes an omission when groups are updated via ldap, the local system doesn't know about it.
Eventually we might consider moving some functionality from auth.inc and the system user management pages into the same event hooks, in which case the workflow would be more like the following:
[page updates config.xml data] --> [fires event] --> [event handler diffs current state agains the desired one and updates the system]
While 'forward-ssl-upstream' is indeed an alias/alternative syntax for the '*tls*' option, therefore it's more a cosmetic thing - specially because it's called DNS over TLS. Just to be consistent with terms used.
from dc7980a3e0
Although this isn't a great fix, we can prevent forking https://github.com/bassjobsen/Bootstrap-3-Typeahead for now and hope someone fixes the relative issue some day.
When Typeahead inputs aren't in relative containers, postition() returns the correct values, which is why our quick menu search likely still works.
* Adding Profile Detection
Made profile detection configurable.
Best practices by suricata is "high", keeping medium as default.
* use form style attribute to mark all advanced detection fields
* remove extra "hidden" style
* $("#ids\\.general\\.detect\\.Profile").change() is automatically being called after receiving data
* move settings to OPNsense.IDS.general.detect, to clarify where these properties belong to. Since suricata has a lot of options, chances are that toclient/toServer overlap by some future addition.
Co-authored-by: Xeroxxx <1109954+Xeroxxx@users.noreply.github.com>
