lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 00:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,260 Commits 1 Branch 0 Tags
Commit Graph

6655 Commits

Author SHA1 Message Date
Ad Schellevis
d0ef517669 firewall, plugin. Add schedules back again, move state kill to end of processing and out of the rule registration. 2017-06-12 13:01:32 +02:00
Ad Schellevis
d18c97e731 ditch filter_generate_gateways() 2017-06-12 13:01:32 +02:00
Ad Schellevis
1a3cd61dee move skip_rules_gw_down feature to rule processing 2017-06-12 13:01:32 +02:00
Ad Schellevis
b4553f0454 kill global $GatewaysList in plugins.inc.d/pf.inc 2017-06-12 13:01:32 +02:00
Ad Schellevis
ce66450b4d kill global $GatewaysList; from firewall_nat_out.php 2017-06-12 13:01:32 +02:00
Ad Schellevis
64d362d5e3 firewall, plugin. missing tcpflags1, tcpflags2, tcpflags_any handling 2017-06-12 13:01:32 +02:00
Ad Schellevis
59a6705a28 firewall, cleanup old code 2017-06-12 13:01:32 +02:00
Ad Schellevis
ddc623ccd6 firewall, plugin. register user rules into framework. 2017-06-12 13:01:32 +02:00
Ad Schellevis
063a883bb0 firewall, plugin. move filter_generate_ipsec_rules() out of the way, move to plugin type rules later. 2017-06-12 13:01:32 +02:00
Ad Schellevis
522eec818a move allow outbound rules to filter_core_rules_system(). non functional change. 2017-06-12 13:01:32 +02:00
Ad Schellevis
594bfeeea4 firewall, plugin. start moving user generated rules into the same logic as the plugins. step by step. 
First enable our gateways and gatewaygroups on our plugin system and setup reply-to attributes in interface metadata (could be temporary, but good enough for now)
 2017-06-12 13:01:32 +02:00
Ad Schellevis
316ce1e05a firewall / plugin, add getInterfaceGateways() and additional metadata to fetch all related gateways. Needed for some of the current internal rules. 2017-06-11 17:11:34 +02:00
Franco Fichtner
3226dce27d interfaces: fix py-netaddr mac listing for new version 2017-06-11 09:36:16 +02:00
Franco Fichtner
f2f3b0c0c0 intrusion detection: wow, jinja is hard 2017-06-10 20:42:31 +02:00
Franco Fichtner
da313a94d9 intrusion detection: further reworked suricata rc script 2017-06-10 20:38:49 +02:00
Franco Fichtner
ca10d0a2f9 interfaces: remove renaming of interfaces 2017-06-10 20:06:50 +02:00
Franco Fichtner
a57d0e88c2 intrusion detection: undo previous, switch to --pcap=intX 2017-06-09 19:53:40 +02:00
Franco Fichtner
6223e0b558 intrusion detection: not my day ;) #1233 2017-06-09 19:40:35 +02:00
Franco Fichtner
f826593e2f intrusion detection: two times if #1233 2017-06-09 19:34:05 +02:00
Franco Fichtner
a298341db6 intrusion detection: or maybe this... #1233 2017-06-09 19:31:54 +02:00
Franco Fichtner
c9b7cdfe1f intrusion detection: fudge --pcap arg, maybe it helps with #1233 2017-06-09 19:15:29 +02:00
Ad Schellevis
983ae690cb rework prev 2017-06-09 11:30:38 +02:00
Ad Schellevis
df3e42b2d8 vlan, rename interface on create 2017-06-09 11:26:38 +02:00
Ad Schellevis
cf3dbedfa9 interfaces.lib.inc, legacy_interface_create, add optional name parameter 2017-06-09 11:25:54 +02:00
Ad Schellevis
c2a45931dd fix errors in interface_vlan_configure(), leading to : 
OPNsense opnsense: /interfaces_vlan_edit.php: The command `/sbin/ifconfig 'em2_vlan1' vlandev 'em2' vlan '1' vlanpcp '0'' failed to execute
OPNsense opnsense: /interfaces_vlan_edit.php: The command '/usr/sbin/ngctl name 'vlan1': 'em2_vlan2'' returned exit code '71', the output was 'ngctl: send msg: No such file or directory'

interface_bring_down() doesn't use a real interface name as call argument, mwexecf('/usr/sbin/ngctl name %s: %s', array($tmpvlanif, $vlanif)) isn't used by my knowledge.
 2017-06-09 10:57:29 +02:00
Ad Schellevis
dcbbcf8987 netflow, when Destinations are provided, skip config. 2017-06-09 09:35:30 +02:00
Franco Fichtner
5f1f9caebe wizard: similar cleanups for system wizard 2017-06-09 08:23:36 +02:00
Franco Fichtner
965b6eba53 wizard: improve previous 2017-06-09 08:21:29 +02:00
Franco Fichtner
8a0e3bc702 wizard: remove html from description strings 2017-06-09 08:10:51 +02:00
Franco Fichtner
440e6b5bff yslog remote dns for #1491 2017-06-08 15:48:34 +02:00
Franco Fichtner
7e8c095776 dnsmasq: use canned --bogus-priv for no_private_reverse #1573 2017-06-07 17:08:04 +02:00
Franco Fichtner
6669109023 dns: fix previous #1491 2017-06-07 16:53:36 +02:00
Franco Fichtner
62bb0ae8cc dns: rework log files, split ACLs #1491 2017-06-07 16:49:21 +02:00
Franco Fichtner
a7825a608e menu: fix spurious search hit for "workAround" 2017-06-07 16:31:43 +02:00
Davide `rainbow` Gerhard
51b6f4dfc0 add local-zone typetransparent for ptr zone; closes #1673 2017-06-07 16:09:25 +02:00
Franco Fichtner
9398670ad2 unbound: use resolver w/ dnssec as default for 17.7 2017-06-07 16:04:47 +02:00
Ad Schellevis
d5ceec2a4d firewall_rules, keep category selection when changing tabs. closes https://github.com/opnsense/core/issues/1592 2017-06-06 21:02:05 +02:00
Ad Schellevis
e660269e00 guiconfig.inc, add class to top_tab so we can find them easier, for https://github.com/opnsense/core/issues/1592 2017-06-06 20:59:30 +02:00
Ad Schellevis
09d2dea78c filter, keep reply-to selection the same as it was 2017-05-31 18:35:41 +02:00
Ad Schellevis
b296b95614 rework reply-to tag, disablereplyto at wrong location + missing in bogons 2017-05-31 18:34:30 +02:00
Ad Schellevis
9f31b9d523 filter.inc, ignore scrub rule if none of the interfaces is found. 2017-05-31 18:19:21 +02:00
Franco Fichtner
9b957e31d6 gateways: several changes 
* Plug gateway fixup "feature" into filter_configure_sync(), the
  only point where it should matter as everything else is GUI
  trigger-happy disruption.

* Discourage the use of the "feature" by moving it into the firewall
  advanced settings, adding a deprecated note.

* Use the new system_default_route() call to avoid code drift.
 2017-05-31 09:33:21 +02:00
Franco Fichtner
67c9c5d62b gateways: rework fixup logic some more 
As a side-note, IPv6 gateway switching is really discouraged,
especially with auto-address configuration techniques...

Discussed with: @adschellevis
 2017-05-31 09:03:36 +02:00
Franco Fichtner
95dd6ca9e1 system: avoid far gateway usage in IPv6 #1665 2017-05-31 09:02:49 +02:00
Franco Fichtner
59e2e5270c system: fix typos in previous #1665 2017-05-31 08:43:33 +02:00
Franco Fichtner
ed3fb99710 system: add system_default_route() #1665 2017-05-31 08:30:22 +02:00
Franco Fichtner
a21ca5429b system: configure all host routes through system_host_route() 2017-05-31 08:07:07 +02:00
Franco Fichtner
611d9722d4 system: add system_host_route(), later we also want system_default_route() 2017-05-31 07:47:09 +02:00
Franco Fichtner
2a2bca919b system: mute resetting routes, they can error if not there 2017-05-31 07:23:56 +02:00
Ad Schellevis
b27abd7d74 filter, add "reply-to" to plugin model, disabled by default for bootstrapped rules. needs gateway/gatewayv6 registered in filter.inc before it can actually function. 2017-05-30 21:50:57 +02:00