This reverts commit 38efe9d9d69c837498240a4f696aa60751a4627b.
Back out this code not released so far. We can solve this in a better
way now with the device-based plugin approach added in 22.1.3.
Firewall / Aliases - various usability and visibility improvements
o change /api/firewall/alias/listNetworkAliases endpoint to return name and address
o add alias description as subtext in network group dropdown
o exclude row buttons for internal aliases
o support nesting of external aliases
o attach statistics to external aliases (like bogons and new interface network types)
o add preprocess in alias to handle non gui defined types
o network aliases will flush :network into the table
o aliases which aren't managed via configured settings will be fetched for nesting
o gather pf tables which aren't generated into filter_tables.conf as being external so the new imported static_aliases are usable without the need to import the settings in the template language
o initial work to support interface networks, register internal types and flush to alias template
o support imported static aliases using json definitions and move core aliases in there
Clarify the logic: custom first (cannot enable tracking extension
due to unknown contents -- could be scanned but not for today),
advaned settings with NA request unset, or basic with prefixonly
mode set.
We can set gateway to null as it is ignored when setting host
route. Also adhere to logic for interface selection in both
DNS modes, but only exclude from configuration list for dynamic
ones.
For the time being we don't need static/dymanic annotation
as the system doesn't care by design and we don't filter it
anywhere else. Might be something for the status page, but
that's a larger change to level expectations vs. dyamic
connectivity properties.
A couple of style issues here and there as well.
This is strange, but no the strangest thing to happen. Partially
restore the old functionality but this time make sure we only
flip IPv4 on IPv4 and IPv6 on IPv6 changes instead of everything
all the time.
To limit the impact, make sure to only alter vlans now, eventually we should fix the other models as well as they are using // too (but are less likely to overlap)
(take 2)
To limit the impact, make sure to only alter vlans now, eventually we should fix the other models as well as they are using // too (but are less likely to overlap)
Although the prepended 0 might look less intuitive it prevents overlaps when creating new vlans using "ifconfig vlan create" (2637e6ebca/src/etc/inc/interfaces.lib.inc (L77)), to keep qinq and vlan's consistent prepend on both types.
ref 2637e6ebca
Since we also change the vlan names here for new devices to eventually
avoid overlong vlan interface names (#3222) we need to make sure the
rest of the system knows the new prefixes.
Some related style changes in code and text.
This PR pulls query forwarding over the current dot setup, so visually nothing changes.
All API calls are redirected to new Forward functions, which slightly modifies what is returned based on whether "Query Forwarding" or "DNS over TLS" is selected from the menu. This way backwards compatibility is preserved.
As an addition, a user is now able to specify a specific domain for a forward zone as well. Meaning that queries for this specific domain will skip a catch-all (".") domain (if specified), and instead use the server specified for this domain.
Entering a forward zone with a catch-all domain (".") in both Query Forwading and DNS over TLS is considered a duplicate by Unbound, so a static warning for this has been attached in the grid - however, it might be possible for a user to be warned dynamically over this.
