lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,567 Commits 1 Branch 0 Tags
Commit Graph

5985 Commits

Author SHA1 Message Date
Franco Fichtner
c687c9bb36 system: fix crash report in previous 2016-12-28 13:39:16 +01:00
Franco Fichtner
deda19dc61 system: tweak wording on previous 2016-12-28 13:32:09 +01:00
Franco Fichtner
384b751515 scripts: fix line breaks in csv 2016-12-28 10:26:32 +01:00
Ad Schellevis
c726dc39cf (proxy) fix subnet computation using netaddr.IPNetwork, closes https://github.com/opnsense/core/issues/1309 2016-12-27 18:13:19 +01:00
Ad Schellevis
15657d8749 (configd) add netaddr.IPNetwork to template helpers, for https://github.com/opnsense/core/issues/1309 2016-12-27 18:10:57 +01:00
Ad Schellevis
99dac4ab7e (webconfigurator) optionally limit ciphers. closes https://github.com/opnsense/core/issues/1301 2016-12-27 17:23:01 +01:00
Ad Schellevis
5f7fa5900d (IDS) fix previous 2016-12-27 12:21:50 +01:00
Ad Schellevis
565fd72bba (ids) add support for inline configuration settings (subscription based url's for example), add basic auth support. 
Example supported format:

<?xml version="1.0"?>
<ruleset>
    <location url="https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=%%snort.oinkcode%%" prefix="Snort"/>
    <files>
        <file description="blacklist" url="inline::rules/blacklist.rules">snort.blacklist.rules</file>
    </files>
    <properties>
        <property name="snort.oinkcode" default=""/>
    </properties>
</ruleset>

---
Registers the setting "snort.oinkcode" which is used to construct the download url.
This commit doesn't include definitions for new content, in case someone wants to create a definition file, it should be easy now :)
 2016-12-27 12:08:54 +01:00
Franco Fichtner
12882429d1 system: split up Portuguese for upcoming translations 2016-12-21 07:15:49 +01:00
Franco Fichtner
041681bae2 system: extend sudo usage for no password mode 2016-12-21 00:17:50 +01:00
Franco Fichtner
17117f5b9b configd: fix wildcard_pos usage 2016-12-21 00:13:45 +01:00
Franco Fichtner
e33a4ed298 firewall: remove comment that is now false 2016-12-20 22:42:04 +01:00
Franco Fichtner
31e16746fe firewall: how many times is this hardcoded? :) 2016-12-20 22:39:24 +01:00
Ad Schellevis
78af555666 (IDS) hook loading of general settings on tab events 2016-12-20 21:19:42 +01:00
Ad Schellevis
646f9838d0 (ids) move installable rules to separate tab, make room for additional settings 2016-12-20 20:08:27 +01:00
Franco Fichtner
ddca91c131 firewall: fix previous again 2016-12-20 15:17:40 +01:00
Franco Fichtner
d70e4b2652 firewall: glitch in previous 2016-12-20 15:06:46 +01:00
Franco Fichtner
7097b1d016 firewall: consolidate anti-lockout behaviour; closes #1304 
Assume LAN unless we only have one interface and that is WAN.
If LAN is not there, no problem: the text will either show
WAN if it works or show LAN and do nothing.

We could argue that 1 interface that is not WAN or LAN is
possible and should receive anti-lockout too, but this would
change the previous behaviour too much and is not generally
possible from the GUI or console.
 2016-12-20 14:23:51 +01:00
Ad Schellevis
6e260ef580 (mvc) fix mangled dropdown boxes on some inputs, reset all form_input_tr items to avoid further strangeness.. 2016-12-20 12:56:13 +01:00
Franco Fichtner
f8959e1a40 rc: oddities with vt(4), keep sc(4) for now 2016-12-20 08:21:38 +01:00
Franco Fichtner
6d46060214 Revert "system: strict serial mode, need to test this" 
Don't need this, it was a comaptibility test.  The gained
flexibility from -D is far more important.

This reverts commit dfb094112e3297911ddbdfa478d3bdc129d22d22.
 2016-12-20 08:00:11 +01:00
Franco Fichtner
7792d8ad7f auth: one more locking vs. no-password issue 2016-12-20 07:02:45 +01:00
Franco Fichtner
23cf4fe10f auth: when auth is integrated, don't write passwords 
This finally repairs ssh key login.  :)
 2016-12-19 23:14:23 +01:00
Ad Schellevis
da024c5dfe (ids) work in progress, extend metadata templates with user input (subscription codes, etc) 2016-12-19 21:49:30 +01:00
Ad Schellevis
7294202195 (ids) change download buffering 2016-12-19 21:48:04 +01:00
Ad Schellevis
d938708963 (resolver+forwarder) enhance port check, for https://github.com/opnsense/core/issues/1213 2016-12-19 19:55:22 +01:00
Ad Schellevis
4ebccaa233 (config) enable aesni in default config, closes https://github.com/opnsense/core/issues/1259 2016-12-19 19:41:36 +01:00
Franco Fichtner
4ac59b3485 auth: one bug down, but I think there's another 2016-12-19 18:59:21 +01:00
Ad Schellevis
74b0ed0002 (UIModelGrid) return all selected items for list types 2016-12-19 17:45:54 +01:00
Franco Fichtner
7f91fe62b1 src: back out previous, we're further securing PAM 2016-12-19 11:08:08 +01:00
Ad Schellevis
b5eda23e80 (volt, macro usage) revert macro change, it looks like this really was a bug in PHP7/Phalcon, looks solved now. closes https://github.com/opnsense/core/issues/1245 2016-12-19 11:05:41 +01:00
Franco Fichtner
c48cf61f4a rc: remove translations from console 2016-12-19 07:41:47 +01:00
Franco Fichtner
af1928de6e inc: remove unused translations in obsolete migration 2016-12-19 07:20:35 +01:00
Franco Fichtner
d3376f7f10 src: webConfigurator -> web GUI 2016-12-19 07:16:08 +01:00
Franco Fichtner
dfb094112e system: strict serial mode, need to test this 2016-12-18 23:24:17 +01:00
Franco Fichtner
a7f01e99d7 system: "web GUI" is less ambiguous 2016-12-18 23:15:30 +01:00
Franco Fichtner
8837b322a4 rc: reload GUI first to make sure it's executed 2016-12-18 23:12:45 +01:00
Franco Fichtner
24b73afc79 rc: missing require for previous 2016-12-18 23:01:52 +01:00
Franco Fichtner
b542ddf754 rc: switch web GUI reload for reload all, some cleanups 2016-12-18 22:58:07 +01:00
Franco Fichtner
81e205f75e rc: move restore to "initial" section 2016-12-18 22:52:58 +01:00
Franco Fichtner
ce36ff28c4 rc: missing requires for previous 2016-12-18 22:48:01 +01:00
Franco Fichtner
d147e4b8df rc: reload_all like a christmas tree 2016-12-18 22:44:45 +01:00
Franco Fichtner
61567c81c0 rc: light up configure_firmware output 2016-12-18 22:44:13 +01:00
Franco Fichtner
762837685a rc: chain local_sync_accounts() into system_login_configure() 2016-12-18 22:43:26 +01:00
Ad Schellevis
68de8c0225 (pam) switch normal console to pam, because we lock accounts locally now, console login should be switched at the same time 2016-12-18 18:10:42 +01:00
Ad Schellevis
643d2eef83 (auth/installer) force unlocked account, so pam can use standard pam_unix.so 2016-12-18 17:57:22 +01:00
Ad Schellevis
cc05a97726 (pam) for non local users trigger different exit code (user doesn't exist) 2016-12-18 17:47:01 +01:00
Ad Schellevis
ff8632c2c8 (pam) work in progress: pam helper skip for non local users, for non existing users pam should proceed to the next option. 
When our pam modules is used, we set local auth to disabled (locked) for our users, non local users should automatically use normal unix auth.
For this to work, we should pass PAM_USER_UNKNOWN as return value in our pam module when the user is not local to us and unauthenticated.
 2016-12-18 13:51:23 +01:00
Ad Schellevis
92d7bce2f0 (openvpn export) make sure we remove the top level temp dir for Viscosity exports 2016-12-18 12:22:34 +01:00
Fabian Franz
41b9d3feac fix proxy strings 'X-Forwarded-For' 2016-12-18 10:57:49 +01:00