lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,891 Commits 1 Branch 0 Tags
Commit Graph

10970 Commits

Author SHA1 Message Date
Ad Schellevis
be2cf16dc1 crash_reporter.php: change wording, some people don't seem to understand "bug" is a general concept, which could be related to all sorts of things. 2020-05-19 20:10:00 +02:00
Franco Fichtner
491a010ed7 interfaces: style sweep for Loopback register 2020-05-22 08:23:01 +02:00
Ad Schellevis
2ac50779f2
IDPS: Adding Profile Detection (#4124) 
* Adding Profile Detection

Made profile detection configurable.

Best practices by suricata is "high", keeping medium as default.

* use form style attribute to mark all advanced detection fields
* remove extra "hidden" style
* $("#ids\\.general\\.detect\\.Profile").change() is automatically being called after receiving data
* move settings to OPNsense.IDS.general.detect, to clarify where these properties belong to. Since suricata has a lot of options, chances are that toclient/toServer overlap by some future addition.

Co-authored-by: Xeroxxx <1109954+Xeroxxx@users.noreply.github.com>
 2020-05-21 10:36:24 +02:00
Ad Schellevis
3a20e5a614 firewall:alias, show partial alias content in tooltip, emphasis description and remove legacy "descr" support (non mvc model). closes https://github.com/opnsense/core/pull/4120 2020-05-19 09:51:31 +02:00
Ad Schellevis
c2123d5404 systemhealth: log viewer, fix typo 2020-05-19 02:10:20 +02:00
Franco Fichtner
354b44690f system: keep comma in previous 2020-05-18 15:05:17 +02:00
Ad Schellevis
59db45c6e8 syslog: remove unused keyword 2020-05-18 11:57:38 +02:00
Ad Schellevis
a95f943965 tunables: default net.inet.icmp.reply_from_interface to 1. 
The helpt text (man icmp) suggests this is a better default in our usecase:
-----------
(boolean) Use the IP address of the interface the
packet came through in for responses to packets which
are not directly addressed to us.  If enabled, this
rule is processed before all others.  By default,
continue with normal source selection.  Enabling this
option is particularly useful on routers because it
makes external traceroutes show the actual path a
packet has taken instead of the possibly different
return path.
-----------

ref https://github.com/opnsense/core/issues/4094
 2020-05-17 11:22:02 +02:00
Ad Schellevis
2d052a9bde IDPS: simplify download parser a bit further as suggested by @Tra5is (38ea28d0ad) 2020-05-15 18:53:16 +02:00
Ad Schellevis
38ea28d0ad IDPS: rule download, less sensitive rule parsing. for https://github.com/opnsense/core/pull/4115 2020-05-15 11:36:42 +02:00
Franco Fichtner
7b6e7af079 importer: misaligned password reset 2020-05-15 10:19:08 +02:00
Franco Fichtner
dd9be2e497 src: style sweep 2020-05-15 08:30:04 +02:00
Fabian Franz BSc
ef1bd41789
nextcloud: add support for upstream LDAP accounts (#4103) 2020-05-14 19:59:07 +02:00
Franco Fichtner
9effd6afda system: small refactor in default route code 2020-05-14 15:27:19 +02:00
Ad Schellevis
cfa0b713cd Firewall/alias: keep help_block_alias for https://github.com/opnsense/core/pull/4111 2020-05-14 14:14:34 +02:00
Ad Schellevis
d3e89eeb09 Merge branch 'Modify-Alias-GUI-text-to-be-more-intuitive' of https://github.com/marjohn56/core into marjohn56-Modify-Alias-GUI-text-to-be-more-intuitive 2020-05-14 14:11:18 +02:00
Martin Wasley
bb7c101d3a Update text in Aliases to be more intuitive 
Change text and add help.
 2020-05-14 09:42:20 +01:00
Michael
4ea15d6698
Proxy: add connect_timeout (#4112) 2020-05-14 08:30:52 +02:00
Ad Schellevis
52999e357a ssl_ciphers.py: add option to return a key value list, needed for https://github.com/opnsense/plugins/issues/1829 2020-05-13 15:30:25 +02:00
Ad Schellevis
bf30d129ce Proxy/MVC: add "S" option for AllowDynamic in InterfaceField type to select only static dynamic ip's, so we can select lo0 in proxy. 
Although it's not perfect, this seems like the least destructive option at the moment. Eventually we might need to refactor some of the proxy/interface selection, since it doesn't support ipv6 either.
 2020-05-13 14:34:09 +02:00
Ad Schellevis
c3d2dcfa21 iplugins/interfaces: register lo0, add ::1/128 as well 2020-05-13 14:04:03 +02:00
Ad Schellevis
57bd1f2b05 plugins/interfaces: register lo0 2020-05-13 13:40:58 +02:00
Franco Fichtner
42e9d86d68 radvd: use default value "0" on unknown mtu 2020-05-13 09:36:15 +02:00
Ad Schellevis
2eb1ee5f53 MVC: reference constraint pointing validation results to the wrong field (shows validation message on field where the option is set, should be the one it's pointing to). 
ref https://github.com/opnsense/plugins/pull/1733
 2020-05-12 12:43:07 +02:00
Franco Fichtner
02428bf5dd interfaces: remove this, new dhcp6c seems to work fine 2020-05-12 09:14:44 +02:00
Franco Fichtner
11017fa4ab system: fix static gatway wizard handing; closes #3873 
Mismatched our automatic gateway naming, assumed IPv6 on IPv4 and
did not disable monitor by default as we recommend.
 2020-05-11 05:10:55 +02:00
Franco Fichtner
6529ef77ef interfaces: match IPv6 equivalent 
find_interface_ip() is more prone to side effects and
get_interface_ip() is the fallback anyway.
 2020-05-11 04:26:50 +02:00
Franco Fichtner
8cfcbbe891 unbound: improve wording slightly 2020-05-11 04:19:49 +02:00
Franco Fichtner
feba63b664 interfaes: move magic /tmp/devX_pdinfo handling away from GUI page 
While here separate between IPv4 and IPv6 reload (again?) and
rename the PINFO variable to PDINFO for consistency.
 2020-05-11 04:12:16 +02:00
Franco Fichtner
b62ba73968 src: style sweep 2020-05-10 20:29:39 +02:00
070521cfcb
Updated Pattern Options for IDS/IPS (#4104) 
Adding:
Aho-Corasick, reduced memory implementation
Aho-Corasick, "Ken Steele" variant
 2020-05-10 18:14:59 +02:00
Ad Schellevis
7669c6c56e logging / reverse setting not used anymore in core, lets drop it now. for https://github.com/opnsense/core/issues/4068 
There might be a couple of plugins still using the old log viewer, but since the default setting is usually left intact, it should be safe to remove it now.
 2020-05-10 00:57:18 +02:00
Ad Schellevis
4196622d53 ditch dump_clog() in system_log.widget.php widget, compatibility for https://github.com/opnsense/core/issues/4068 2020-05-10 00:54:06 +02:00
Ad Schellevis
faf650e7ca
Syslog: optionally disable legacy (clog) logging (#4101) 
* Syslog-NG replacement for legacy syslog local logs:

Part of this commit:

- support both formats in query log, which is used by our log api
- sample local syslog-ng target for configd

for https://github.com/opnsense/core/issues/4068

* syslog: add disable clog toggle + preserve number of log (days) setting when only using syslog-ng. for https://github.com/opnsense/core/issues/4068

* syslog: include local syslog-ng files when clog is disabled. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: change local handling, add relayd file to test the concept.

The local directory contains filters for local targets, which should replace the <plugin>_syslog() construction eventually, everything relevant and not matched is send to system

for https://github.com/opnsense/core/issues/4068

* Syslog-NG: minor update to local template to support module/file format as the query log handler supports it (e.g. /var/log/squid/access/) and add local templates

* Syslog-NG: change flush log actions to support new format, while here make sure "flush all" actuallly flushes all logs (including plugins). for https://github.com/opnsense/core/issues/4068

* Syslog-NG: missing level in system log, for https://github.com/opnsense/core/issues/4068

* fix typo for https://github.com/opnsense/core/issues/4068

* syslog-ng: filter live log support for https://github.com/opnsense/core/issues/4068

* Syslog-NG: replace diag_logs_filter_summary.php for mvc enabled version, using the same log output as live log, for https://github.com/opnsense/core/issues/4068

* Syslog-NG: add log cleanup script to enforce preservelogs setting. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: webuser auth message should use LOG_AUTH facility. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: ditch sshlockout_pf in favour for a small script that locks out ssh/web gui failed attempts for both IPv4 and IPv6. for https://github.com/opnsense/core/issues/4068

* ditch sshlockout_pf dependancy, for https://github.com/opnsense/core/issues/4068

* fix indent in ACL, for https://github.com/opnsense/core/issues/4068

* fix plist
 2020-05-10 10:59:14 +02:00
Franco Fichtner
f274499c8b interfaces: let's get dangerous (again) 2020-05-10 09:12:41 +02:00
Franco Fichtner
bc5405bd54 interfaces: small adjustments, fix debug read 2020-05-10 08:47:32 +02:00
Martin Wasley
798bd7ec1d
Add multiple interfaces to rtsold call (#4100) 
* Add multiple interfaces to rtsold call
fix inccorect pid

* Update interfaces.inc

Change RTSOLD to use -a option and drop interface append

Co-authored-by: Martin Wasley <martin@queens-park.com>
 2020-05-10 08:40:00 +02:00
Martin Wasley
39a3a91283 interfaces: Show ISP Assigned PD in status interfaces 
Uses the new feature within dhcp6c to display the ISPs allocated prefix.
We may be able to use this rather than asking the user to enter the prefix
size in interfaces.

PR: https://github.com/opnsense/core/pull/4099
 2020-05-10 08:37:29 +02:00
Martin Wasley
5ed15ca47c interafces: move settings for dhcp6c to system_advanced_network 
PR: https://github.com/opnsense/core/pull/4096
 2020-05-10 08:25:59 +02:00
Franco Fichtner
d8c8129889 interfaces: refuse to run dhcp6c on unconfigured interfaces 
LAN trackers use SIGHUP only so this is safe.
 2020-05-10 08:08:23 +02:00
Martin Wasley
47f40e1782 interfaces: additions for multiwan dhcp6c part 2 2020-05-09 09:39:36 +02:00
Franco Fichtner
6420b41d8e interafces: make rtsold_script easier to work on 
This will be refactored into a script or template
soon enough, but for now we need to allow easier
edits to bring it to the next level.
 2020-05-08 15:57:14 +02:00
Franco Fichtner
3d365027ae captiveportal: safety belts, we require ipfw #4093 2020-05-08 09:44:06 +02:00
Franco Fichtner
2ba1e4ec7f rc: implement inline variables for skip and defer #4093 
Future use cases are dhcp6c and unbound...
 2020-05-08 09:36:09 +02:00
Franco Fichtner
da620c4ec1 rc: if we use dhcp6c rc script, we don't want it operated here 
PR: https://github.com/opnsense/core/issues/4093
 2020-05-08 08:30:16 +02:00
Ad Schellevis
fe32660338 menu: unescape url, to avoid redirecting to &amp; 2020-05-07 15:58:24 +02:00
Ad Schellevis
adbb91289f filter: outbound nat, allow src/dst port range. closes https://github.com/opnsense/core/issues/4090 2020-05-07 14:54:46 +02:00
Franco Fichtner
d87ce014d9 interfaces: bring back special IPv6 vars 2020-05-06 16:54:58 +02:00
Franco Fichtner
732e4b3388 interfaces: one rtsold script to rule them all 2020-05-06 16:06:15 +02:00
Franco Fichtner
fbe5a1909e interfaces: small changes, remove soon to be reinvented flags from GUI 2020-05-06 10:17:52 +02:00